When using MailStore to archive Microsoft Office365 and using basic authentication one important step is to create a Service Principle account using the Microsoft Azure PowerShell interface.
By default, this Service Principle account id is only valid for 365 days from the point of creation.
Once it expires any further MailStore Directory Service user synchronisations will fail with an error relating to expired API tokens like this:.
“MailStore Server was unable to retrieve a list of users from Directory Services. Requesting Microsoft Graph API token failed: AADSTS7000215: Invalid client secret is provided.”
To resolve this, the existing Service Principle (typically named MailStoreSP) will need to be removed and a new one created.