Why do I need Exchange Online API Authentication?
The Exchange Online API is used in place of the Microsoft Graph API for actions not yet exposed by M365 such as:
Converting a mailbox to shared
Giving a user access to another's OneDrive
Retrieving and removing email alias's
Removing delegate permissions from a user
DLP Policy audit
Self-service password reset
Password Reset Notification
teams default external/guest access
Default / settings
Azure MFA per-user
The Exchange Online API is authenticated by a Global Admin and fully supports MFA. A secure token is then generated by the endpoint to provide a permanent safe integration.
Running the script
1. In the portal navigate to Configuration>Integrations
2. Select the customer account you wish to set up the integration for.
3. In the Microsoft 365 box, click on “Connect Exchange Online”
4. In the pop-up window, download the script
5. The script must be run in a window as Administrator privilege.
6. The script will verify if is installed. If not, it will installation. This is required in order to perform the authentication.
7. Once the script has run, you will be prompted to the PnP Management Shell. Use the same global administrator credentials used previously to set up the initial integration with Microsoft 365. After filling in your global admin credentials, click the box to consent on behalf of your organization, and click accept.
8. In your window you will receive a script output. Copy the entire text including the brackets
9. Paste the script output into the pop-up window in .
If there were no errors, you should get a green check and see the Exchange Online connection in .
Depending on your security configuration, you may receive an error regarding the file not being digitally signed.
Run "Get- -List"
If is set to , temporarily this session by running the following
"Set- - Unrestricted"
In the same window, you may now execute the downloaded script.
Error when retrieving Exchange Online Tokens "Something is up on our end"
When submitting the Exchange Online Tokens, is utilizing functions of the Microsoft Azure Management services, which does the token retrieval for your tenant. As such, policies blocking this service will cause this operation to fail.
Update any conditional access policies for your tenant which are restricting access to, or blocking access, to Exclude the "Microsoft Azure Management from the "Cloud Apps" category.