This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 75%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Hey
We want to get mailbox of some users in our tenant using Graph API. But as per my understanding with Application permission, one can access everyone's mailbox in tenant.
Is there is anything we can do to make sure we do not get everyone's mailbox.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 35%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Hi @MKary
Application access policy will help you in this scenario. Please refer to this documentation for more details https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access .
Hope this helps.
If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.
You can actually restrict access via the built-in RBAC controls even in application scenarios, as detailed here: https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-public-preview-of-role-based-access-control-for/ba-p/3688228
While you can still use Application access policies as suggested above, those will be deprecated in the future, so you might as well start using the new method.