rykoma
commented
3 years ago You can find it in the roadmap.
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=68901
Closed cjklouda closed 3 years ago
rykoma
commented
3 years ago You can find it in the roadmap.
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=68901
cjklouda
commented
3 years ago @rykoma Thank you. Exactly what I needed.
Currently, daemon applications that use a service account with Basic authentication can be restricted to specific mailboxes through mailbox delegation or custom roles in exchange online. When basic auth deprecates for EWS, the changeover to Oauth is fairly trivial, but the problem is that a daemon application that can accept no interaction (app delegation) will have access to every mailbox in the org (full_access_as_app).
For graph, application access policies remedy this, but I am not finding any way to scope EWS managed API applications using Oauth with app delegation to only be able to access specific mailboxes.
Is there planned activity to remedy this? (or am I just unaware of how to achieve this with currently available methods)