SOLVED

New-ApplicationAccessPolicy

Copper Contributor

Any idea if this cmdlet has been retired or replaced by RBAC, I'm trying to execute this command but I'm getting the not recognized error in Powershell. Please suggest if I'm missing any modules which needs to be installed prior to execution. thanks in advance

4 Replies

@aruncherian95 

 

It still exists. If you're not seeing it then I'd wager it's because the account your authenticating with does not have access to it.

 

Have a read of this other thread that is effectively the same question about a different commandlet and see how you go:

 

 

Cheers,

Lain

@LainRobertson thanks for the quick response, as you suggested I ran the following commands. Now how would I know which role I require to execute the New-ApplicationAccessPolicy cmdlet. Sorry I'm new to powershell and thankyou very much for the help.

aruncherian95_1-1691559075764.png

 

 

best response confirmed by aruncherian95 (Copper Contributor)
Solution

@aruncherian95 

 

The command to check is:

 

(Get-ManagementRole -Cmdlet New-ApplicationAccessPolicy).Name |
    ForEach-Object {
        Get-ManagementRoleAssignment -Role $_ -Delegating:$false | Format-Table -AutoSize Role, RoleAssigneeType, RoleAssigneeName;
    }

 

The output of which is:

 

LainRobertson_0-1691559370295.png

 

So, to answer your question: to be able to run New-ApplicationAccessPolicy in a default environment, the account you're signing in with needs to be a member of Exchange's "Organization Management" role.

 

Cheers,

Lain

@LainRobertson  Awesome thanks a lot. Really Appreciate your assistance. 

1 best response

Accepted Solutions
best response confirmed by aruncherian95 (Copper Contributor)
Solution

@aruncherian95 

 

The command to check is:

 

(Get-ManagementRole -Cmdlet New-ApplicationAccessPolicy).Name |
    ForEach-Object {
        Get-ManagementRoleAssignment -Role $_ -Delegating:$false | Format-Table -AutoSize Role, RoleAssigneeType, RoleAssigneeName;
    }

 

The output of which is:

 

LainRobertson_0-1691559370295.png

 

So, to answer your question: to be able to run New-ApplicationAccessPolicy in a default environment, the account you're signing in with needs to be a member of Exchange's "Organization Management" role.

 

Cheers,

Lain

View solution in original post