Hero Banner

Secure Application Model

Learn and ask questions on how to implement secure application model

Level 3 Contributor

SAM security center issue: Unknown Error

I have just submitted a ticket for this but I'll also check if anyone here has seen this before, plus if anyone else has the same issue they will at least be able to search for it as I found nothing in my searches. 


I am unable to connect to our customer tenant's security center via Powershell as I keep getting the error 'Unknown Error". (Very helpful MS)


I am attempting to connect via the Secure Application Model/Exchange refresh token as recommended by Microsoft here https://docs.microsoft.com/en-us/partner-center/develop/enable-secure-app-model#powershell.


This was previously working, although I have not used this module in the past 6 months.

I have generated a new exchange refresh token for the purpose of testing.

I am able to connect to a client's exchange, but not their security center.

This is happening in both Powershell 5.1 and 7. This is happening on both windows 10 and 11. This is happening on multiple computer and multiple network connections.


I am using the following code to connect:

$ExchangeRefreshToken = My long refresh token 
$customerId = $customer.DefaultDomainName
$upn = "svc_365monitoring@partneraccount.com.au"
write-host "Connecting to the Security Center for client $($customer.name)"
$SCCToken = New-PartnerAccessToken -ApplicationId 'a0c73c16-a7e3-4564-9a95-2bdf47383716'-RefreshToken $ExchangeRefreshToken -Scopes 'https://outlook.office365.com/.default'
$SCCTokenValue = ConvertTo-SecureString "Bearer $($SCCToken.AccessToken)" -AsPlainText -Force
$SCCcredential = New-Object System.Management.Automation.PSCredential($upn, $SCCTokenValue)
$SccSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://ps.compliance.protection.outlook.com/powershell-liveid?BasicAuthToOAuthConversion=true&DelegatedOrg=$customerId" -Credential $SCCcredential -AllowRedirection -Authentication Basic


This code is from the blog: https://www.cyberdrain.com/monitoring-with-powershell-monitoring-o365-alerts/

I have already asked the blog author about this issue and he had no idea what the issue was.


This is the error I get for all tenants:

New-PSSession : [aus01b.ps.compliance.protection.outlook.com] Processing data from remote server 
aus01b.ps.compliance.protection.outlook.com failed with the following error message: Unknown error.
For more information, see the about_Remote_Troubleshooting Help topic.


Level 3 Contributor

Opened a ticket with MS, received the answer:

"Security and compliance" section of the customer Microsoft 365 admin center is accessible only by the customer's 
Global administrator. It cannot be accessed by another tenant/AD including a CSP partner. This is by-design.

Apparently others who have it working just doesn't exist.


@CobXTech : Might change with the introduction of GDAP: October 2021 announcements - Partner Center | Microsoft Docs Not directly because of this, but because in line with this option there is more effort to really support all workloads for delegated admin scenarios.

Kind regards, Janosch (Note: Leaving role as of March 2023, don't expect further answers. Connect with me via LinkedIn: https://linkedin.com/in/janoschulmer)