I tried automating exchange functions using runbook, using powershell 5.1 runtime but ended up getting unauthorized error

Hi @Sakthivel Ganesan

Thank you for posting your question in the Q&A Forum. 

Receiving an “Unauthorized” error while using the Exchange Online Management module even after switching to PowerShell 5.1 is a common scenario in Azure Automation. In many cases, this points to an authentication or permissions issue rather than a problem with the runtime itself. 

Here are some areas you might consider reviewing: 

1. Check Permissions of the Runbook Identity 

The identity used by your Runbook (whether a Managed Identity or a Service Principal) must have the appropriate administrative rights in Exchange Online. 

It may be helpful to verify that the Runbook identity is assigned to an Exchange Online role group that allows shared mailbox creation. Commonly required roles include: 

• Recipient Management 
• Exchange Administrator 
• Organization Management 

Without these permissions, Exchange Online may return an Unauthorized error even if the connection appears to succeed. 

2. Non-Interactive Authentication 

Standard username/password login is generally not supported in Azure Automation, particularly if Multi-Factor Authentication (MFA) is enabled, as this can prevent the connection from succeeding. 

For automated scripts, it is usually recommended to use one of the following secure, non-interactive methods: 

• Managed Identity: You can connect using a System‑Assigned Managed Identity with the following command: 

Connect-ExchangeOnline –ManagedIdentity 

For detailed guidance on using Managed Identity with Exchange Online PowerShell, refer to the official Microsoft documentation: Use Azure managed identities to connect to Exchange Online PowerShell | Microsoft Learn 

• App-Only Authentication: Alternatively, you can authenticate using an App Registration (Service Principal) together with a certificate or client secret. This method is also fully supported for automation and avoids MFA‑related issues. Microsoft’s official guidance is available here: App-only authentication for unattended scripts in Exchange Online PowerShell and Security & Compliance PowerShell 

App Access Policies 
Even when the Runbook identity has the correct permissions and uses a supported authentication method, App Access Policies may still restrict the connection. 

If your organization has App Access Policies configured, ensure that the identity used by the Runbook is explicitly allowed. Otherwise, the connection may be blocked without a clear error message. 

Focusing on these checks may help the error: 

• Verify the Runbook identity has the required Exchange Online permissions. 
• Confirm the Runbook is using a supported non-interactive authentication method. 
• Check if App Access Policies are restricting the identity. 

These steps typically resolve Unauthorized errors in automation scenarios. Updating permissions or switching to a supported authentication method often resolves the issue. 

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".  

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.