Troubleshooting
Azure
The role assigned to application <guid> isn't supported in this scenario.
4 min
error the role assigned to application \<app id> isn't supported in this scenario please check online documentation for assigning correct directory roles to azure ad application for exo app only authentication \[connect exchangeonline skiploadingformatdata 'true' appid '\<app id>' organization 'tenant onmicrosoft com' certificatethumbprint '\<cert thumbprint>' ] the role assigned to application \<app id> isn't supported in this scenario please check online documentation for assigning correct directory roles to azure ad application for exo app only authentication \[connect exchangeonline skiploadingformatdata 'true' appid '\<appid>' organization 'tenant onmicrosoft com' certificatethumbprint '\<certthumbprint>' ] microsoft exchange management exopowershellsnapin newexomodule processrecord() at system management automation cmdlet doprocessrecord() at system management automation commandprocessor processrecord() \ end of inner exception stack trace at system management automation runspaces pipelinebase invoke(ienumerable input) at system management automation runspaces pipeline invoke() at innovation activate utilities localpowershell exec(command cmd) in c \projects\activatev8\activate library\utilities\remotepowershell cs\ line 190 \ end of inner exception stack trace at innovation activate utilities localpowershell exec(command cmd) in c \projects\activatev8\activate library\utilities\remotepowershell cs\ line 194 at innovation activate utilities localpowershell exec(string command, dictionary`2 values) in c \projects\activatev8\activate library\utilities\remotepowershell cs\ line 157 at innovation activate utilities exchangeonline connectexchangeonline(localpowershell ps) in c \projects\activatev8\activate library\utilities\remotepowershell cs\ line 1442 at innovation activate utilities exchangeonline getpowershell() in c \projects\activatev8\activate library\utilities\remotepowershell cs\ line 1343 at innovation activate utilities exchangeonline exec(command cmd) in c \projects\activatev8\activate library\utilities\remotepowershell cs\ line 1599 at innovation activate resources exchangeresourceonline exec(command cmd) in c \projects\activatev8\activate resources\exchangeresourceonline cs\ line 389 at innovation activate resources exchangeresource2010 exec(string command, object\[] args) in c \projects\activatev8\activate resources\exchangeresource2010 cs\ line 502 at innovation activate resources exchangeresource2010 execnoresults(string command, object\[] args) in c \projects\activatev8\activate resources\exchangeresource2010 cs\ line 486 at innovation activate resources exchangeresourceonline addmailboxpermissions(userdirectoryentry mailbox, provisioningdirectoryentry user, string rights) in c \projects\activatev8\activate resources\exchangeresourceonline cs\ line 416 at innovation activate resources exchangeresource2007 updatemailboxacl(userdirectoryentry mailbox, provisioningdirectoryentry user, string rights) in c \projects\activatev8\activate resources\exchangeresource2007 cs\ line 730 at innovation activate resources exchangeresource2007 setpermissions(userdirectoryentry mailbox, provisioningdirectoryentry user, mailboxrights rights) in c \projects\activatev8\activate resources\exchangeresource2007 cs\ line 606 at innovation activate mailboxpermissioncollection add(provisioningdirectoryentry user, mailboxrights rights) in c \projects\activatev8\activate library\mailboxresource cs\ line 397 at script main() in \ line 16 at system runtimemethodhandle invokemethod(object target, void arguments, signature sig, boolean isconstructor) at system reflection methodbaseinvoker invokewithnoargs(object obj, bindingflags invokeattr) \ end of inner exception stack trace script line 194 at innovation activate provisioningscript executescript(object context, provisioningobject parent, string script, boolean bdebug) in c \projects\activatev8\activate library\provisioningscript cs\ line 2267 at innovation activate evaluator executescript(object context, provisioningobject current, string script, boolean bdebug) in c \projects\activatev8\activate library\evaluator cs\ line 1599 solution when using app only authentication to perform exchange online powershell or graph api operations , you must 1\ assign the correct azure ad directory role for access to mailboxes , shared mailboxes , or exo powershell, you must assign one of the following azure ad roles to the application scenario required azure ad role read only mailbox access (graph) exchange administrator or global reader full access to mailboxes (graph or powershell) exchange administrator exo powershell app only exchange administrator (with appid granted applicationaccesspolicy if scoping is used) assign this via azure portal > entra id > roles and administrators find exchange administrator click add assignments select your app’s service principal 2\ ensure exchange online application permissions are granted go to azure portal > app registrations > your app > api permissions ensure you have exchange manageasapp permission added under apis my organization uses > office 365 exchange online > application permissions also, click grant admin consent for \<tenant> after adding this permission