Search

MachPanel Knowledgebase

ERRDOC:Exchange Online connection fails with error: Access is Denied using Basic Authentication

Zohaib Shaikh
MachPanel

Summary

This article provides a summary of  "Access is denied" error encountered in connecting to Exchange Online while trying to perform any exchange related operation. Below error is contained in detailed error message: Connecting to remote server outlook.office365.com failed with the following error message : Access is denied.

Applies To

This article applies to:

  • MachPanel v6 and Later.
  • MachPanel's Exchange Online extension for its CSP Module.
  • Exchange Online
Overview

With the introduction of OAuth 2.0 in the year 2020 from Microsoft as an enhanced, more secure and modern authentication system, Microsoft had informed its users that the older Basic Authentication via PowerShell EXO V1 will be discontinued. It is confirmed that by October 2022 the Modern Authentication via OAuth v2.0 (PowerShell EXO v2) will fully replace the older mechanism.

To further speed up the process, Microsoft started identifying the tenants under its O365 cloud which were not using Basic Authentication and have stopped / blocked them from using it. If you have a new tenant for which Security Defaults are enabled, Basic Authentication will seize to work. For existing tenants as well, their Basic Authentication will stop working if detected by Microsoft and you will start facing the above highlighted error if this is done by Microsoft.

The changes affect all operations via Basic Authentication for Exchange Online whether being performed directly via PowerShell EXO v1, or via any 3rd Party App using PowerShell EXO v1.

More about this on links below:

MachPanel and Exchange Online

MachPanel currently uses PwerShell EXO v1 to communicate with Exchange Online and hence the recent changes by Microsoft as mentioned above will affect control panel's ability to perform operations on a tenant.

While we are working on making changes to our panel to upgrade to PowerShell EXO v2, the current workaround is to allow basic authentication. Please follow steps highlighted in solution section below:

Solution

In the Tenant you can run this Command  Get-OrganizationConfig | Format-List basic*

(You will see the entry/value: 255 which stand for All Basic Authentications Blocked i.e. BasicAuthBlockedApps=255)

To change this, you need to login with the Global Admin, then go to the Help section and run this command     Diag: Enable Basic Auth in EXO

After That you can activate the basic Authentication.

More details and pictorial illustration given on links below:

  • https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-june-2021-update/ba-p/2454827
  • https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-september-2021-update/ba-p/2772210

Some Images:

After activating the Basic Authentication for Exchange Online Remote PowerShell and running this Command  Get-OrganizationConfig | Format-List basic*

(You will see the entry/value: 239 which stand for All Basic Authentications Allowed i.e. BasicAuthBlockedApps = 239)

Finally you can now connect via Exchnge Online OAuth v1.0

Details
Type: ERRDOC
Level: Aadvanced
Last Modified: 4 days ago @ 7:22 AM
Last Modified By: zohaib.shaikh
Article not rated yet.
Article has been viewed 87 times.
Options
Also In This Category
Tags