I have a need to create email aliases for exchange accounts. I am attempting to do this with an Azure Automation Runbook.
Connect-ExchangeOnline -ManagedIdentity -Organization "myorg.onmicrosoft.com"
# Interact with query parameters or the body of the request.
$name = $Request.Query.Name
if (-not $name) {
$name = $Request.Body.Name
}
$user = $Request.Query.User
if (-not $user) {
$user = $Request.Body.User
}
Get-Mailbox -Identity $name | Format-List
#Set-Mailbox $user -EmailAddresses @{add="{"+$name+"@myorg.com"}
Get-Mailbox is working but set-mailbox is failing with Failed (Unauthorized).
I have a managed service account with Exchange online permissions. Which I know is working because Get-Mailbox is working.
Does anyone know what permissions need to be set on this to allow this from set-mailbox Azure powershell in this scenario?
I got this figured out.
For reference: Go to https://portal.azure.com/#view/Microsoft_AAD_IAM/AllRolesBlade
Search for "Exchange Receipt Administrator"
Assign it to your managed identity
This allows the managed identity to create the alias.