Using the client credentials flow, which requires that you assign Application Permission and you only have Delegate permission, with EWS, the only Application permission that will work is full_access_as_app; see https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-authenticate-an-ews-application-by-using-oauth (app-only section)
EWS with OAuth and 401 Error
I am trying to use OAuth to authenticate EWS API. The Azure app is setup for "Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)". I was able to get a valid token by using the client and tenant IDs. The scope I am using is "https://outlook.office365.com/EWS.AccessAsUser.All". However, when trying the retrieve the root folder, I got the 401 error. I believe it's an permission issue. Can you tell me what did I do wrong?
Second part of the question. Our app currently has an Exchange 365 integration using EWS and basic auth. I understand basic auth is going away and I need to implement OAuth. Our app is still using .NET framework 4.5.1. Can I change my app to use OAuth without a major rewrite? Can you recommend documentation and/or code sample? Thank you