Sure, it's possible, but how do you plan to authenticate? Unless you want to use the insecure ROPC flow, authentication will need to be interactive, i.e. someone will have to type the credentials, or approve a request.
For this reason, the usual approach is to authenticate as an app, or leverage an Azure managed identity. If you are worried about the permissions needed for such approach and their scope, you can configure additional controls on Exchange Online side to restrict access to just a given account/mailbox. Here's a sample article that details the process: https://janbakker.tech/a-love-story-about-role-based-access-control-for-applications-in-exchange-online-managed-identities-entra-id-admin-units-and-graph-api/