This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 60%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
I am creating an azure app that needs to read and send email using the Exchange Web Services API (EWS). Under the link API permissions , I select "Add Permission" and select "Exchange" as the api. There I select "App permissions" and then the permissions "Mail.Read" and "Mail.Send" in the API . When using my custom app to send and read email, I am able to obtain the token from this azure app fine but making the EWS call to actually the send the email fails with a 401 or "not authorized" error. The same works fine when I add the permission "full_access_as_app" under exchange api in azure.
Are the more granular permissions "Mail.Read" and "Mail.send" supposed to work with EWS?
This is expected. Those are Graph perms, not EWS.
See:
https://github.com/microsoftgraph/microsoft-graph-docs/issues/5659
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 22%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELL%3C/text%3E%3C/svg%3E)
Hi anonymous user ,
I agree with what Andy said.
According to my research, Microsoft do not support ApplicationAccessPolicy based access control for EWS API's. These policies can only be used for access control when using Microsoft Graph or Outlook REST API's, and Microsoft has set EWS to maintenance mode and will not receive any new features.
For more information you could refer to: Scoping application permissions to specific Exchange Online mailboxes
----------
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.