Disabling online sign-in for Exchange disables access via MS Graph

Ivan Kirinčić 20 Reputation points

When we disable online sign-in for Exchange our application with application-level permission loses access to the user/messages endpoint. We start getting the following error:

"code": "AuthenticationError",

"message": "Error authenticating with resource"

  • Why is disabling online sign-in impacting access via MS Graph?
    Why is disabling user sign-in imacting application level access?
  • Are there other Exchange settings that can impact MS Graph?
  • Can you point me to documentation where I can find how Exchange settings impact MS Graph access?
Microsoft Exchange Online
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
9,107 questions
{count} votes

Accepted answer
  1. Jarvis Sun-MSFT 8,076 Reputation points Microsoft Vendor

    @Ivan Kirinčić ,

    Welcome MS Q&A forum!

    Regarding your question, when you disable online sign-in, it means that users can no longer sign in to Exchange Online using their credentials, which in turn means that third-party applications can no longer use OAuth 2.0 to authenticate and authorize access to resources.

    Disabling user sign-in can impact application-level access because some applications use OAuth 2.0 client credentials grant flow to authenticate and are configured with application permissions, which by default enable such apps to access all mailboxes in an organization on Exchange Online.

    You can find more information about how Exchange settings impact MS Graph access in the following documentation: https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful