This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 72%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERR%3C/text%3E%3C/svg%3E)
Hi All,
I have received an email from Microsoft stating that the Application Impersonation RBAC role in Exchange Online will be retired in February. I want to identify which applications in my tenant are using this role. Will the script below fetch all the applications utilizing the Application Impersonation RBAC role in my tenant, or is there another script I can use to achieve this? Please guide me.
https://github.com/cparker-msft/appImpersonationUsersReport/
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 60%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
To find apps having application impersonation role in your tenant, run the below cmdlet.
Connect-ExchangeOnline
Get-ManagementRoleAssignment -Role ApplicationImpersonation –GetEffectiveUsers
After identifying those apps, consider migrating applications to Microsoft Graph to access Exchange Online data.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 90%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAZ%3C/text%3E%3C/svg%3E)
Hello, @Roger Roger,
Welcome to the Microsoft Q&A platform!
To identify which applications in your tenant are using the Application Impersonation RBAC role in Exchange Online, you can use the script provided in the GitHub repository you mentioned. The script is specifically designed to help identify users and applications with the Application Impersonation role assigned.
Here’s a more detailed example of the steps using PowerShell:
# Connect to Exchange Online
Connect-ExchangeOnline -UserPrincipalName your_admin_account@domain.com
# Get all users with the ApplicationImpersonation role assigned
$impersonationRoleAssignments = Get-ManagementRoleAssignment -Role ApplicationImpersonation
# Output or save the relevant information
$impersonationRoleAssignments | Select-Object RoleAssigneeName, RoleAssigneeType | Export-Csv -Path "C:\Path\ImpersonationRoleAssignments.csv" -NoTypeInformation
Test results:
Make sure you have the necessary permissions and prerequisites before running these scripts, and test in a safe environment if possible.
Should you need more help on this, you can feel free to post back.
If the answer is helpful, please click on “Accept answer” as it could help other members of the Microsoft Q&A community who have similar questions and are looking for solutions.
Thank you for your support and understanding.
Best Wishes,
Alex Zhang