I'm a bit new to PowerShell, having spent most of my tech life using GUIs until recently. Now, I need to enable IMAP/SMTP access for a single mailbox on a new Microsoft 365 Business tenant. I've already created an app called "IMAP-SMTP-Service" in Azure and set up the necessary permissions. However, when I attempt to use PowerShell to get the service principal with the command 'Get-ServicePrincipal -Identity "IMAP-SMTP-Service"', I keep getting an "object not found" error. I'm not sure if I need to retrieve the object before assigning mailbox permissions, and I've heard mentions of having to wait for the tenant to be at least 90 days old. Any help or workarounds would be greatly appreciated!
3 Answers
Thanks for the tips, guys! I followed your advice and registered a second app in Entra. I tried creating the service principal in PowerShell, but I'm still getting this: 'No service principal with ObjectId... Application Id... is registered in this tenant.' Any other suggestions apart from waiting for the tenant to age?
Just to add, make sure you're not creating a second app unnecessarily. Focus on retrieving the Object ID from the Enterprise application screen in Azure. The details in the Microsoft guide can be a bit tricky. Let me know how it goes!
Make sure you check the service Object-ID in the non-admin Azure portal. That's likely where the confusion is coming from. The guide can definitely be misleading at that point.
It sounds like you need to actually create the service principal in Exchange Online in addition to registering the app. You can do this with the following command: `New-ServicePrincipal -AppId -ObjectId -DisplayName `. It's important not to assign app permissions in the Entra ID registration, as that would grant access to all mailboxes. Stick with using RBAC in Exchange Online to limit it to just the specific mailboxes you want. Let me know if you run into any more issues!
You should be using an admin account for these tasks. Go to the Enterprise applications section in the Azure portal as an admin and ensure you use the Object ID from there, not the one from App Registrations. Mixing them up will lead to errors like the one you're seeing.