Microsoft365DSC icon indicating copy to clipboard operation
Microsoft365DSC copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Documentation not clear for required permissions of using service principal authentication for EXO workload

Open KuotingChiu opened this issue 2 years ago • 4 comments

May I suggest to add the required permissions below of using service principal authentication for EXO workload? Likewise, some other workload may have similar issues as Get-M365DSCCompiledPermissionList is more for credential authentication.

Exchange.ManageAsApp plus EXO admin role assigned to the service principal

Reference: https://docs.microsoft.com/en-us/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps

KuotingChiu avatar Jul 07 '22 12:07 KuotingChiu

@KuotingChiu for the past few releases, we have been including the exchange > requiredRoles property as part of the resources settings. Is this similar to what you had in mind?

image

NikCharlebois avatar Jul 22 '22 21:07 NikCharlebois

@KuotingChiu Any updates on this one?

andikrueger avatar Aug 01 '22 11:08 andikrueger

For the certificate authentication or application secret authentication, the EXO Exchange.ManageAsApp permission is needed in the Azure app registration.

For all authentication method, the proposed Exchange admin roles should be adequate to be assigned to either the user ID or app principal.

KuotingChiu avatar Aug 01 '22 18:08 KuotingChiu

@ykuijs Could you add this one to your authentication improvement PR?

andikrueger avatar Aug 25 '22 18:08 andikrueger

@KuotingChiu Is this still an issue with the latest Version of M365DSC?

andikrueger avatar Oct 17 '22 17:10 andikrueger

Closing due to inactivity

andikrueger avatar Oct 25 '22 17:10 andikrueger