cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Support for Unattended scripting in delegation scenarios for Exchange Online Powershell EXOV2 module

mmahadikar
Copper Contributor

‎Sep 12 2022 12:21 AM

‎Sep 12 2022 12:21 AM

Support for Unattended scripting in delegation scenarios for Exchange Online Powershell EXOV2 module

Currently we use EXO V1 module for unattended scripting in delegation scenarios.

We use refresh tokens to create a session via the following commands -

 

 

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid?BasicAuthToOAuthConversion=true" -Credential $credential -Authentication Basic -AllowRedirection

 

 

The refresh token is obtained by making a POST call to https://login.microsoftonline.com/[azure_tenant_id]/oauth2/v2.0/token with clientID and clientSecret.

Since the support for EXO V1 with basic Authentication will be deprecated starting October 2022, we want to move to EXO V2 module. We went through the documentation of EXO V2 module and did not find anyway how unattended scripting in delegation scenarios are supported.

Could you help us how we could use unattended scripting in delegation scenarios for Exchange Online Powershell EXO V2 module?

Labels:
1,565 Views
0 Likes
5 Replies
Reply
5 Replies
Vasil Michev

‎Sep 12 2022 08:50 AM

‎Sep 12 2022 08:50 AM

Re: Support for Unattended scripting in delegation scenarios for Exchange Online Powershell EXOV2 mo

If you are using client secret, that's not a delegated access scenario. The V2 module natively supports certificate-based auth for unattended app scenarios: https://docs.microsoft.com/en-us/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps
Connecting via client secret is not officially supported, but works just fine by using the exact same method you're leveraging already. That's not considered basic authentication, and will not be deprecated coming October (note the BasicAuthToOAuthConversion query parameter!).
If you want to get rid of that part too (WinRM dependence), you can use the latest preview version: https://www.michev.info/Blog/Post/3883/exchange-online-powershell-module-gets-rid-of-the-winrm-depen...
0 Likes
Reply
mmahadikar

‎Sep 13 2022 01:59 AM - edited ‎Sep 13 2022 03:21 AM

‎Sep 13 2022 01:59 AM - edited ‎Sep 13 2022 03:21 AM

Re: Support for Unattended scripting in delegation scenarios for Exchange Online Powershell EXOV2 mo

Thanks @Vasil Michev

We use Secure app model as documented in https://docs.microsoft.com/en-us/powershell/partnercenter/multi-factor-auth?view=partnercenterps-3.0...
However the refresh token is fetched via the API
https://login.microsoftonline.com/[azure_tenant_id]/oauth2/v2.0/token 
Here clientID and clientSecrets are the azure application secretId and value. This is the application which is in a different account and has the delegated access

We will checks and evaluate the latest preview version which gets rid of WinRm if that works for us.

Thank you.

Regards,
Megaraj

0 Likes
Reply
Vasil Michev

‎Sep 13 2022 08:48 AM

‎Sep 13 2022 08:48 AM

Re: Support for Unattended scripting in delegation scenarios for Exchange Online Powershell EXOV2 mo

Oh, you mean partner scenarios, gotcha. In any case the latest version has all the goodies, try it. They might even announce GA today at MEC, or maybe at Ignite :)
0 Likes
Reply
mmahadikar

‎Sep 14 2022 03:57 AM

‎Sep 14 2022 03:57 AM

Re: Support for Unattended scripting in delegation scenarios for Exchange Online Powershell EXOV2 mo

Thanks @Vasil Michev 

I was trying to use the preview version of EXO v2 servlet. I was not able to use it with unattended scripting for partner/delegation scenarios. Is there a document that describes this use-case?

I tried with the parameter -DelegatedOrganization parameter, however this opens up a web page for sign-in. I tried by suppling the -Credential parameter where the credential is the refresh OAuth token and this also errors out. 
Could you please help us out here?

0 Likes
Reply
Vasil Michev

‎Sep 14 2022 08:13 AM

‎Sep 14 2022 08:13 AM

Re: Support for Unattended scripting in delegation scenarios for Exchange Online Powershell EXOV2 mo

Sorry, I don't have a partner account to play with, so I haven't tested this scenario.
0 Likes
Reply