So I'm testing this with a customer I've moved to GDAP.

I was able to create the grant as you documented. Creating the token and also connecting works fine. Example:

$ExchangeToken = New-PartnerAccessToken -ApplicationId $AppID -Credential $App_Cred -RefreshToken $RefreshToken -Scopes 'https://outlook.office365.com/.default' -ServicePrincipal -Tenant $TenantID
Connect-ExchangeOnline -DelegatedOrganization $TenantID -AccessToken $ExchangeToken.AccessToken

I'm able to run commands like get-mailbox fine, but trying to make a change, I get an 'Cmdlet needs proxy' error. Example: Add-MailboxPermission -Identity $User1 -User $User2 -AccessRights FullAccess

Write-ErrorMessage : {"error":{"code":"BadRequest","message":"Cmdlet needs proxy. Current Server FQDN : KL1PR03MB5650.apcprd03.prod.outlook.com, Required Server FQDN : ME2PR01MB2644.ausprd01.prod.outlook.com","innererror":{"message":"Cmdlet needs proxy.
Current Server FQDN : KL1PR03MB5650.apcprd03.prod.outlook.com, Required Server FQDN : ME2PR01MB2644.ausprd01.prod.outlook.com","type":"Microsoft.Exchange.Admin.OData.Core.ODataServiceException","stacktrace":" at
Microsoft.Exchange.AdminApi.CommandInvocation.CommandInvocation.InvokeCommand(QueryContext queryContext, CmdletInvokeInputType cmdletInvokeInputType)\r\n at
Microsoft.Exchange.Admin.OData.Core.PathSegmentToExpressionTranslator.Translate(OperationImportSegment segment)\r\n at Microsoft.Exchange.Admin.OData.Core.QueryContext.ResolveQuery(ODataContext context, Int32 level)\r\n at
Microsoft.Exchange.Admin.OData.Core.Handlers.OperationHandler.Process(IODataRequestMessage requestMessage, IODataResponseMessage responseMessage)\r\n at Microsoft.Exchange.Admin.OData.Core.Handlers.RequestHandler.Process(Stream requestStream)"}}}


This used to work fine when connecting the old way, e.g. 
$credential = New-Object System.Management.Automation.PSCredential($User, $tokenValue)
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://ps.outlook.com/powershell-liveid?DelegatedOrg=$($TenantDomain)&BasicAuthToOAuthConversion=true" -Credential $credential -Authentication Basic -AllowRedirection
Import-PSSession $session -AllowClobber

Am I missing something?

I did my test with a preview version of the module, what version are you on?

3.1.0 the one updated a month ago https://www.powershellgallery.com/packages/ExchangeOnlineManagement/3.1.0

I logged an issue on GitHub https://github.com/MicrosoftDocs/office-docs-powershell/issues/10446 where I was told to log a ticket with MS Support

Ticket has been with Premier Support for a week. No solution yet from them.

Still no solution yet, but MS Support did mention delaying the deadline for the bulk migration tool until July so that makes this less urgent for me now. Official comms for GDAP related stuff is meant to come out March 15th.

@aconn21 : For connecting using the old way you generate the Exchange token using "New-PartnerAccessToken -Module ExchangeOnline"?

Because this is using the depreacted AppId, which will be removed by March 31 already, so moving back timelines for GDAP won't help here. 

He's not using the -module param. But I don't see any other obvious problems with his code either.

Edit: this thread is also the only location on Google that lists the specific "Cmdlet needs proxy" error.

Perhaps its a regional issue? All my customers are Australia South East. Still no solution from MS yet. I've asked Premier Support if they also plan on delaying the date for retiring the legacy public client. I'll see what they reply with. Otherwise their deadline for solving my issue is the 31st.

I can confirm there are no plans on delaying the exchange legacy client. Still no solution from Microsoft. In fact, my MS account manager has asked me to re-log the ticket under the Partner Center instead of via Premier Support, the exchange team wouldn't accept the escalation apparently. So I've been bounced from Git Hub to Premier Support to Partner Support. Microsoft bureaucracy at its finest.

Hi @aconn21 ,

this has already been officially documented:
https://learn.microsoft.com/en-us/powershell/partnercenter/exchange-online-gdap-app?view=partnercenterps-3.0

And also the "Exchange Online Automation to be deprecated on March 31, 2023" was announcement:

February 2023 announcements - Partner Center | Microsoft Learn

It seems you haven't read my previous posts. I have followed this https://learn.microsoft.com/en-us/powershell/partnercenter/exchange-online-gdap-app?view=partnercenterps-3.0

I am able to connect, I am able to run commands like get mailbox. But I get the error detailed here when I try to make changes: https://github.com/MicrosoftDocs/office-docs-powershell/issues/10446

Hence the deadline of the 31st is the deadline for Microsoft to solve this issue.

@JanoschUlmer my support ticket keeps getting hand balled back and forth between Premier and Partner support, both don't seem to want to help. I'm trying to get my account manager to do something. I know this technically isn't your problem, but what do you suggest Partner's do in a situation like this?

Microsoft Cloud Partner Program benefits - Technical Pre-sales and Deployment (TPD) - Partner Center | Microsoft Learn

TPD puts you in contact with the team Janosch is on, but you get limited hours on that and it really shouldn't be needed.

FYI I have received word that Microsoft will be delaying the retirement of the Legacy Exchange Online Public Client ID, new dates still TBA. Seems they've taken notice of the multiple issues partners are having with the new connection method.

I guess we shouldn't be surprised - MS has a habit of making announcements of changes without thinking through the consequences, or seeking advice from those affected, etc - but they are leaving it to the 11th hour! I checked all the usual sources yesterday and saw nothing.

Just now I received a message from Microsoft Partner Center <msftpc@microsoft.com>entitled "Extension to previously communicated timeline: Legacy Exchange Online public client (app ID) to be retired" that starts out:

Summary

We’re extending the timeline for the retirement of the Legacy Exchange Online public client ID (app ID a0c73c16-a7e3-4564-9a95-2bdf47383716).

Details

What is the change?

We previously shared that the Legacy Exchange Online public client ID (app ID a0c73c16-a7e3-4564-9a95-2bdf47383716) would be retired on March 31, 2023. We’re now extending this timeline to provide partners more time to take action. The new retirement date will be communicated over the coming weeks.

(Emphasis mine) So I guess we've been given a reprieve! Until... who knows when?... I've already switched over, and started on converting all my AAD/Msol calls to MSGrapg/Mg/Graph so I'll just continue but I do find the whole process (this, Azure AD Graph retirement, GDAP migration, etc) more than a little frustrating, and not something that instills a lot of confidence that someone has the big picture in mind.

  --Saul

What I'm mostly missing is an authoritative voice speaking directly to the community and to internal stakeholders. It is hard at times to get through the noise of Microsoft Support. Especially when we're talking about highly niche topics (compared to the wider ecosystem) like the ExchangeOnlineManagement module combined with the Secure Application Model.

I second that. Dealing with MS support is often a painful experience for me.