Modern Authentication

introduction microsoft have indicated they are starting to implement changes to the way that authentication works for exchange online, this includes exchange web services for polling exchange online mailboxes and powershell to connect to exchange online to perform actions that are not available within microsoft graph activate 7 5 4+ has been updated to allow modern authentication for exchange online powershell certain mailbox management actions are still only available in exchange online powershell and have not been implemented into the microsoft graph api for example setting mailbox permissions on shared and user mailboxes this article outlines the required steps to configure activate to use modern authentication for exchange online powershell this article describes how to configure activate for modern username/password authentication to exchange online powershell we'd also recommend reviewing the tls version on your activate servers, please see the microsoft article below https //docs microsoft com/en gb/troubleshoot/azure/active directory/enable support tls environment prerequisites 1\ activate is on version 7 5 4+ 2 exchange online permissions have been granted to an account configured in an activate network credential parameter under //resources/configuration/office365/credentials this credential must have mfa turned off in the azure tenant https //learn microsoft com/en us/exchange/permissions exo/permissions exo generally, the account in azure that activate connects to azure as under the credentials parameter will need the following permissions within exchange online recipient management organization management each organisation may require different permissions within exchange online/azure depending on what functions you are wanting to perform from activate and if a function is done using ms graph or powershell 3 server, network, firewall/proxy access needs to allow the activate job service account to connect to exchange online 4 install https //docs microsoft com/en us/powershell/exchange/exchange online powershell v2?view=exchange ps#prerequisites for the exo v2 module and any prerequisites onto the activate job server guide 1 \[ optional ] verify connectivity to exchange online using powershell/powershell ise with a test script if activate can already connect to exchange online you can skip this step 2 open activate administrator, check that “ //resources//exchange servers/office365/oauthenabled ” value is not set or set to “ true ” the default value for activate 7 5 2+ is enabled 3 restart the activate job service, this will clear any cached activate exchange online powershell sessions any new sessions created by the activate job service will use modern authentication/oauth via microsoft’s ‘exchange powershell module v3' optional disable basic authentication in azure once all applications (not just activate) are migrated to modern authentication, then basic authentication can be disabled in azure by your administrator or wait for microsoft to do it in the future 1 in the office 365/azure tenant, turn off basic authentication for the activate service account using powershell commands as a global administrator https //docs microsoft com/en us/exchange/clients and mobile in exchange online/disable basic authentication in exchange online 2 \[ recommended ] check exchange online connectivity with exchange powershell v3 module via powershell/powershell ise perform this step with the credentials noted in prerequisite 2 3\ \[ recommended ] a negative test is suggested by the microsoft guide linked in step 4 to make sure basic authentication to exchange online has been turned off note in our testing, it has taken some 2+ hours for tenants to honour certain authentication policies as per step 5, perform this step with the credentials noted in prerequisite 2 note depending on the way in which the aforementioned authentication change is implemented, it may affect other accounts in the group targeted by the authentication policy we would advise you speak to your azure administrator or microsoft azure rep for further help how do i know the configuration change worked? 1 import the attached 'test office365 connectivity task' into a test area of activate this task executes a get mailbox command to verify it can connect to exchange online/office365 2 open the activate web portal, submit a test office365 connectivity task against a well known user who has a mailbox in exchange online 3 review the log for the test task, below is a successful test activate was able to connect to exchange online using modern authentication and find a user’s mailbox