0 votes
by (150 points)

I'm currently accessing Exchange API through OAuth access token.

However I had to select 'fullaccessas_app by using Exchange Web Services with full access to all mailboxes'

Is it possible to restrict the scope of mailboxes in this scenario?

1 Answer

0 votes
by (15.2k points)
edited by
 
Best answer

Hello,

Looking to the Azure configuration for an application, if your application runs as a service (or a daemon) without a user, it seems to be the only option. However, if your application should grant access to a user you can switch to 'Delegateds permission' tab, toggle 'EWS' and check 'EWS.AccessAsUser.All' option. Then the user should access mailboxes as configured on Exchange server.


Update: We published a blog post that describes how to login with OAuth 2.0 to Office365 with Rebex Secure Mail, and another one that describes how to register application for with appropriate permissions in Azure.

by (150 points)
Although, 'ApplicationAccessPolicy' for Graph API comes in handy.

However, Is there any workaround whatsoever like this for Exchange API ?
by (15.2k points)
Hello, it seems you are asking about how to set up your Azure account, which is out of Rebex scope. We did not found any workaround for Exchange API.  You can read a documentation about Azure and how to set it up on Microsoft pages.

Since you are asking about user permissions and authorization, you can start here in a section called Application access: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-faq

This document might be helpful as well: https://docs.microsoft.com/en-us/office/office-365-management-api/get-started-with-office-365-management-apis
by (150 points)
Thanks, appreciated.
...