Microsoft has identified that one of the Reply-URL used by Exchange Online for authentication and authorization is unsafe.
As result, the Reply-URL list is going to be updated by end of March 2021.
The Reply-URL being removed from the list is ietf:wg:oauth:2.0:oob.
This will impact Exchange Online PowerShell modules earlier than 1.0.1, automation with ModernAuth invoking New-PSSession and Exchange Hybrid Configuration Wizard (HCW) earlier than 17.0.5785.0.
It is recommended to upgrade Exchange PowerShell modules or/and Exchange HCW (from https://aka.ms/hybridwizard) as they have been already updated.
The new Reply-URL list will be as follow:
Environment | Reply-URL |
WW/PROD | https://login.microsoftonline.com/organizations/oauth2/nativeclient |
GCC High | https://login.microsoftonline.us/organizations |
US Gov DoD | https://login.microsoftonline.us/organizations |
Office 365 China | https://login.chinacloudapi.cn/organizations |
Office 365 Germany | https://login.microsoftonline.de/organizations |
If you faced any of the below errors just update the corresponding components:
- Exchange Hybrid Configuration Wizard
ADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: ‘a0c73c16-a7e3-4564-9a95-2bdf47383716’
- Exchange PowerShell
Sorry, but we’re having trouble signing you in.
ADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: ‘fb78d390-0c51-40cd-8e17-fdbfab77341b’