Skip to main content

Modifying your Exchange Online PowerShell Managed Code to use oAuth and MSAL

While not as popular these days many .net developers may have in the past used Managed code to run Exchange Online PowerShell cmdlets to do things like assign Mailbox Permissions or run other EXO PowerShell Cmdlets to get reporting information where no other alternatives where available (or are still available). The majority of these code bases are most likely using basic authentication using something like


In this post I'm going to cover how to change your existing code, you might want to consider however making use of some of the new ExchangeV2 Powershell module functionality to improve performance and security . But to migrate existing code to use oAuth from Basic Authentication is relatively straight forward
  1. You will need some code to do the Authentication, for this I'm going to use the MSAL library because its both the recommended library from Microsoft and its easy to use. 
  2. You should create your own Azure App registration and consent to it that has the Exchange.Manage Permissions eg


(If you can't create your own app registration you can use the well-known ClientId from the V2 PowerShell Module which I've used in the below samples).

Once you have your authentication code generating a Token you then use that as the Password in the PSCrednetial object you pass in the WSManConnectionInfo object. The one thing you need to change is the WSManConnection URI to include the parameters DelegatedOrg which should be set to your domain and add  BasicAuthToOAuthConversion=true eg so your connection string should look like
https://outlook.office365.com/powershell-liveid?DelegatedOrg=youdomain.onmicrosoft.com&BasicAuthToOAuthConversion=true
eg an Interactive Auth sample to run Get-Mailbox would look like 

If you need your code to run non-interactively with a set of credentials you can use the ROPC grant like

 



Popular posts from this blog

Export calendar Items to a CSV file using EWS and Powershell

Somebody asked about this last week and while I have a lot of EWS scripts that do access the Calendar I didn't have a simple example that just exported a list of the Calendar events with relevant information to a CSV file so here it is.

I've talked on this one before in this howto  but when you query the calendar folder using EWS you need to use a CalendarView which will expand any recurring appointments in a calendar. There are some limits when you use a calendarview in that you can only return a maximum of 2 years of appointments at a time and paging will limit the max number of items to 1000 per call. So if you have a calendar with a very large number of appointments you need to break your query into small date time blocks. In this example script I'm just grabbing the next 7 days of appointments if you want to query a longer period you need to adjust the following lines (keeping in mind what I just mentioned)

#Define Date to Query
$StartDate = (Get-Date)
$EndDate = (Ge…

EWS Managed API and Powershell How-To series Part 1

I thought I'd start the year with a series of posts that goes back over the basics of using the EWS Managed API from Powershell and provides a modular remarked example that you can easily cut and paste to build your own scripts. Along the way in this series I'll show a whole bunch of examples around specific things.

As a starting point for versions this will be Powershell Version 2.0  and the EWS Managed API 1.1 (which will soon change to 1.2 once released) http://www.microsoft.com/download/en/details.aspx?id=13480.

The starting point for any EWS script your going to write is connecting to Exchange for which there are three important pieces of information you will need. Firstly you need to know the version of Exchange your running in this script its going to be held in the following variable

$ExchangeVersion = [Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2010_SP1

Other valid values for Exchange 2007 would be

$ExchangeVersion = [Microsoft.Exchange.WebServices.…

Microsoft Teams Private Chat History Addin for Outlook

Being somebody who is transitioning across from Skype for Business to Teams one of things I missed the most (and found the most frustrating) is the lack of the ability in Outlook and OWA to view the conversation history from Online meetings and private chats in Microsoft Teams. This is especially frustrating when you have an external meeting and your sent an IM that contains some vital information for what you need to do. This information is tracked in your mailbox for compliance reasons in the Teams Chat folder but this folder is hidden so it not accessible to the clients and must be extracted by other means eg. Most people seem to point to doing a compliance search if you need this data https://docs.microsoft.com/en-us/microsoftteams/security-compliance-overview .

Given that the information is in my mailbox and there shouldn't be any privacy concern around accessing it I looked at a few ways of getting access to these TeamsChat messages in OWA and Outlook the first way was using …
All sample scripts and source code is provided by for illustrative purposes only. All examples are untested in different environments and therefore, I cannot guarantee or imply reliability, serviceability, or function of these programs.

All code contained herein is provided to you "AS IS" without any warranties of any kind. The implied warranties of non-infringement, merchantability and fitness for a particular purpose are expressly disclaimed.