0

I'm working on a (powershell) script which creates a Service Principal using MS Graph and then wants to grant that principal permissions in MS Exchange. Both the Graph and Exchange are in the same Azure tenant (domain).

I would like the script to ask the user for credentials only once to do this, but both the Connect-MgGraph and Connect-ExchangeOnline commands prompt for credentials.

Is there some way to have just a single prompt for credentials here?

Is it just a case of adding the right scope(s) to the Connect-MgGraph command? Perhaps this also involves replacing the ExchangeOnline commands with ones that use the Graph interface to do the work directly?

Version 3.1.0-Preview1 of the Exchange Online tools (I'm currently on 3.0.0) has a -AccessToken option for Connect-ExchangeOnline which might be what I need, though I still need to know what scopes are required, how to extract the access token from wherever Connect-MgGraph stashed it, and possibly get around the inability to get a token for scopes in multiple domains (or perhaps that is outdated) though this now appears fixed.

Kevin Martin
  • 11
  • 1

1 Answers1

0

To use app-only access, the certificate is loaded from Cert:\CurrentUser\My\ when or is specified. Make sure that the certificate you're using is present in the store before calling . For more info, seeenter link description here

falaisi
  • 41
  • 2
  • This doesn't really answer the question at all. The script is not trying for app-only access (although that is ultimately what the script is trying to set up for some other purpose). This is a script to be run by a person, and currently when they run it they are challenged for credentials twice, once by Connect-MgGraph and once by connect-ExchangeOnline. I would like to (somehow) use the credentials or access token or something from the connect-MgGraph authorization in order to have connect-ExchangeOnline not issue a second challenge for credentials. – Kevin Martin Apr 10 '23 at 22:08
  • It maybe depends on the authentication format. – falaisi Apr 11 '23 at 06:11