Setup Exchange Online for the Outlook banner
Prerequisites
- An app registration for Exchange Online access (you will need its Application (Client) ID and your tenant's Organization domain, e.g.
contoso.onmicrosoft.com)- This can be created after following Registering with Microsoft Entra ID
- Azure CLI (ensure the CLI is logged in with
az login) - OpenSSL (
openssl) - (Optional) PowerShell Core (
pwsh)- To skip the requirement for
pwshandConnect-ExchangeOnlinevalidation, use the--skip-verifyoption
- To skip the requirement for
(Automated) Setting up the app registration to connect to Exchange Online
The StorageMonitor connects to Exchange Online using app-only (certificate-based) authentication via the Connect-ExchangeOnline cmdlet. This requires a .pfx certificate registered against an Azure AD (Entra ID) app registration.
You’ll need access to a Microsoft Entra tenant and an account with at least the Privileged Role Administrator role.
You can use setup-exchange-online-certificate.sh to automate the process of setting up the app registration and generating the certificate.
Usage:
./setup-exchange-online-certificate.sh --app-id <app-registration-client-id> --organization <tenant>.onmicrosoft.com
The organization should be your tenant name, suffixed with .onmicrosoft.com, but may be your primary custom domain instead. You can find the primary domain using the following commands:
Connect-ExchangeOnline # If not already connected
Get-AcceptedDomain | Where-Object { $_.Default -eq $true }
The script is configurable with some options, to view them run with --help.
./setup-exchange-online-certificate.sh --help
The following are configurable:
- Certificate name prefix (
StorageMonitorExchangeOnlineby default) - Certificate validity period (1 year by default)
- Output directory for the
.cerand.pfxfiles (./ by default) - Option to skip PowerShell stages, removing
pwshas a requirement