Give the Azure service accounts access to the Exchange Online mailboxes, in a modern authentication environment.
Before You Begin
-
The Exchange Online service account must meet the following requirements:
- Multi-factor authentication must be disabled for the service account.
Procedure
-
Log on to the Azure portal using your global administrator account.
-
Go to Azure Active Directory.
-
Create a user
-
Disable multi-factor authentication for the user.
-
Ensure that the conditional access policy does not block powershell access of the service account.
-
Assign the user to the Exchange administrator role.
-
Go to the Office 365 Exchange Admin Center.
-
Create a custom role with the View-Only Recipients permission.
-
Add the user to the custom role.
Related Topics
For more information about creating a user, see Add or delete users using Azure Active Directory in the Microsoft documentation.