I'm currently using Certificate Based Authentication to connect to Exchange Online. I've set up an enterprise app and registered the application, granting it the necessary API permissions. Additionally, I've created a custom role that includes read permissions for Application Mail.Read and Application MailboxSettings.Read.
The problem I'm facing is that while I can connect to Exchange Online and retrieve connection info, commands like Get-MailboxStatistics aren't working. I'm looking for guidance on which role I should assign to resolve this issue. Just a heads up: I'm restricted to using only read roles due to security policies.
2 Answers
It sounds like you might be missing some permissions that are crucial for those cmdlets. While you've set up read permissions, you might also need to consider adding 'Mail.ReadWrite' if possible, but since you mentioned only having read access, try checking your Enterprise application settings for any additional roles that might not be assigned. Also, ensure that the Azure AD app has the correct tenant ID and has been given consent for all required permissions.
Have you checked for any specific roles tied directly to those cmdlets? Users typically need the 'Mail.ReadBasic' permission along with the mailbox-related permissions. Even though you're limited to read roles, double-check with your security framework if there might be a leaner role that can still accommodate your needs.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures