I’ve configured the out of the box Entra SAAS Connector and faced an issue managing Security Mail-Enabled exchange groups while using Client Based Authentication. As per the documentation in order to manage Security Mail-Enabled groups, you have to set the account configured in the Exchange Online Configuration as owner of these groups which is not possible because this is not a user but Entra Application which cannot be owner of a Security Mail-Enabled group. The only way to do this is to use Basic Authentication option which really not an option for us as it is way less secure.
Do anyone faced similar issue and made it work? All other group types including Distribution groups provisioning is working fine with this setup.
We are running into this same issue. I found this on the VA-Based Entra connector documentation:
”When the Exchange Online Authentication Type is set to certificate-based authentication, BypassSecurityGroupManagerCheck entry gets added by default. If you don’t want to use BypassSecurityGroupManagerCheck, add enableByPassSecurityManagerCheck entry to the source XML with its value set to false.”
Wonder if the SAAS connector isn’t setup the same way.
I own you a beer, this has worked. I used the API to add enableByPassSecurityManagerCheck as false and the Security Mail-Enabled group got provisioned. Thanks a bunch! It seems that this parameter also works for the SaaS based connector.
