First post on the community (yay!) so hopefully I don't mangle this and apologies if I'm missing key info.

I'm in the process of setting up Integration Hub on our development instance and I am encountering an issue specifically with the mailbox management actions, namely "Create/Delete/Enable/Lookup Mailbox". These actions are the ones which run via PowerShell on the MID server and hence my understanding is, don't rely on API permissions and the OAuth authentication via the client secret.

The current standpoint is:

- We're on Washington - moving to Xanadu in the coming month

- Exchange setup is hybrid

- MFA is enforced on our admin accounts and the account I'm using currently to test the setup in DEV is my own Exchange Admin role assigned account

- App registration is created in Azure and setup - we can run other non-mailbox actions without issue

- MID server has Exchange Online PowerShell module installed and is working

- I can log into the PowerShell module successfully if I RDP to the MID server and log in using my Exchange Online admin credentials (exactly the same as what we have in ServiceNow credential records)

The issue we face is that when attempting to run "Lookup Mailbox" for example, the below failure occurs.

I really want to get this working so I can look at writing custom actions for distribution list management - if anyone has any pointers of that one too that would be appreciated.

I'm currently working with our Microsoft admins to create a new cloud-only (we're hybrid on-prem AD/Entra) Exchange Admin account which is excluded from MFA, just in case ServiceNow cannot handle the MFA request when authenticating to the PowerShell module.

In the mean time, if anyone has any suggestions on what might be preventing successful execution of actions, that would be appreciated. If the standalone service account works, I'll reply here and people will benefit from my head-banging.