Issue Description
When configuring an email import job or another item related to connecting to an Application Registration in Azure Active Directory (Entra), you recieve the following error in your logs are unable to connect:
"Access to OData is disabled: [RAOP] : Blocked by tenant configured AppOnly AccessPolicy settings."
Issue Resolution
This error may appear whe configuring Email Import Jobs due to App-Only Access Policies in Exchange Online.
To get the needed information to resolve this issue:
- Install the Exchange Online PowerShell Module (if not already installed) using the following powershell script.
Install-Module -Name ExchangeOnlineManagement
- Connect to your Exchange Online environment using the following powershell script.
Connect-ExchangeOnline -UserPrincipalName your_admin@yourdomain.com
- Run the following command to list any App-Only Access Policies applied to your organization.
Get-OrganizationConfig | Select-Object AppOnlyAccessPolicy
- Review the list of returned values to determine if there are any related to your KnowledgeLake Application Registration. Names can vary based on how it was created.
The list of values returned for each instance found will include the following:
- ScopeName (Important)
- ScopeIdentity
- Identity
- AppId (Important)
- ScopeIdentityRaw
- Description
- AccessRight
- ShardType
- IsValid
- ObjectState - Confirm the AppId returned in step 4 matches the Client Id you are using for your import job configuration.
To resolve the issue:
- Log in to https://admin.microsoft.com.
- Select Identity in the left-hand navigation.
- Select All Groups under Groups in the left-hand navigation.
- In the Search area, enter the ScopeName from Step 4 in the previous instructions to locate the impacted group.
- Once in your group, select Members.
- Ensure that the mailbox being used for your Email Import Job is a member of the group by clicking Add Members and adding the appropriate mailbox.
Comments
0 comments
Please sign in to leave a comment.