Simple wrapper module that calls into EXO REST API without the need for full heavy-weight ExchangeOnlineManagent module.
Usage of module is pretty simple:
- create authentication factory with clientId that has proper permissions granted (for app-only, Exchange.ManageAsApp permission)
- call Initialize-ExoAuthentication command to create a connection to EXO
- call Invoke-ExoCommand, passing name of command, and hashtable with command parameters
Note: Module relies on AadAuthenticationFactory module that implements necessary authentication flows for AAD.
Sample below:
#create authentication factory
$appId = 'xxx' #app id of app registration that has appropriate permissions granted for EXO app-only management
$clientSecret = 'yyy' #client secret for app registration
$tenantId = 'mydomain.onmicrosoft.com'
$factory = New-AadAuthenticationFactory -TenantId $tenantId -ClientId $clientId -ClientSecret $clientSecret
#initialize the Exo connection. Tenant ID is taken from instance of AAD AuthenticationFactory when not specified explicitly
$Connection = New-ExoConnection -Authenticationfactory $factory
#call EXO command
$params = @{
Identity = "[email protected]"
}
#Specification of connection is optional here
#Module automatically uses last connection created when explicit connection not provided
Invoke-ExoCommand -Name 'Get-Mailbox' -Parameters $params -Connection $Connection
Note: To protect sensitive data (e.g. passwords to be set on newly created mailboxes), Exchange Online uses RSA Key pair with public key embedded into temporary module that dynamically downloads when running Connect-ExchangeOnline:
Key pair is occassionally rotated. To allow usage of commands that work with sentitive information in ExoHelper module, public key that comes with Exchange Online module is also stored and regularly refreshed in this repo, and ExoHelper module loads it from here when imported, and caches on it on machine where it is executed. When not able to download the public key, or cached key gets outdated, module still works, but commands that work with sensitive data will fail.
I wish Microsoft would allow retrieval of publis key directly from their REST API!