Exchange Online – Changes on Reply-URL are coming

Microsoft has identified that one of the Reply-URL used by Exchange Online for authentication and authorization is unsafe.

As result, the Reply-URL list is going to be updated by end of March 2021.

The Reply-URL being removed from the list is ietf:wg:oauth:2.0:oob.

This will impact Exchange Online PowerShell modules earlier than 1.0.1, automation with ModernAuth invoking New-PSSession and Exchange Hybrid Configuration Wizard (HCW) earlier than 17.0.5785.0.

It is recommended to upgrade Exchange PowerShell modules or/and Exchange HCW (from https://aka.ms/hybridwizard) as they have been already updated.

The new Reply-URL list will be as follow:

Environment Reply-URL
WW/PROD https://login.microsoftonline.com/organizations/oauth2/nativeclient
GCC High https://login.microsoftonline.us/organizations
US Gov DoD https://login.microsoftonline.us/organizations
Office 365 China https://login.chinacloudapi.cn/organizations
Office 365 Germany https://login.microsoftonline.de/organizations

If you faced any of the below errors just update the corresponding components:

  • Exchange Hybrid Configuration Wizard

ADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: ‘a0c73c16-a7e3-4564-9a95-2bdf47383716’

  • Exchange PowerShell

Sorry, but we’re having trouble signing you in.
ADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: ‘fb78d390-0c51-40cd-8e17-fdbfab77341b’

image_thumb_thumb-304-8687302