Tenant mailbox

MKary 40 Reputation points


We want to get mailbox of some users in our tenant using Graph API. But as per my understanding with Application permission, one can access everyone's mailbox in tenant.
Is there is anything we can do to make sure we do not get everyone's mailbox.

Microsoft Exchange Online
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,834 questions
0 comments No comments
{count} votes

Accepted answer
  1. Shivam Dhiman 5,946 Reputation points

    Hi @MKary

    Application access policy will help you in this scenario. Please refer to this documentation for more details https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access .

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Vasil Michev 96,916 Reputation points MVP

    You can actually restrict access via the built-in RBAC controls even in application scenarios, as detailed here: https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-public-preview-of-role-based-access-control-for/ba-p/3688228

    While you can still use Application access policies as suggested above, those will be deprecated in the future, so you might as well start using the new method.

    1 person found this answer helpful.
    0 comments No comments