Using OAuth 2.0 Client Credentials token able to read all oranization emails. Need to restrict to specific email.

Question

Hi Team,

I registered the App for my outlook email and provided the permission to read the email by using the OAuth 2.0 Client Credentials.

But the issue is i can able to read all the emails of the organization people using that token.

Is there any way to restrict only the token should work for specific email .

Thanks,

Omsai M.

Answer 1

Hello,

Please see the following documentation:

Get access on behalf of a user

https://learn.microsoft.com/en-us/graph/auth-v2-user

My guess is you are using Read.All permissions. This kind of permissions will allow you to read all user's information in your tenant.

---

If this is helpful please accept answer.

Answer 2

Hi @Om Sai Eswar, Mulakaluri

You can restrict application permissions to specific Exchange Online mailboxes by configuring application access policies.

Hope this helps.

If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

Answer 3

From the Graph API like read all messages is not showing any result , after removed the "Read.All" permissions.

But with the help of Inboxmessages we can abel to read those.

https://graph.microsoft.com/v1.0/users/<Email>/messages is not working

but https://graph.microsoft.com/v1.0/users/<Email>/mailFolders/Inbox/messages

this is one is working.

We need to restricted to the single email but i can able to read all other email messages also.