![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 56.00000000000001%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,454 questions
Sure, it's possible, but how do you plan to authenticate? Unless you want to use the insecure ROPC flow, authentication will need to be interactive, i.e. someone will have to type the credentials, or approve a request.
For this reason, the usual approach is to authenticate as an app, or leverage an Azure managed identity. If you are worried about the permissions needed for such approach and their scope, you can configure additional controls on Exchange Online side to restrict access to just a given account/mailbox. Here's a sample article that details the process: https://janbakker.tech/a-love-story-about-role-based-access-control-for-applications-in-exchange-online-managed-identities-entra-id-admin-units-and-graph-api/