Does Office 365 allow to restrict access for an EWS application using OAuth2?

Marco Rullo 21 Reputation points
2021-02-15T17:37:58.52+00:00

We have a background daemon service application that needs to access a single O365 mailbox. It had been developed using EWS to support both Exchange on-prem and online. Recently it has been enhanced to support OAuth2 for Office 365 through Client Credential Flow and, in this case, it needs to be granted full_access_as_app application privilege, which is quite heavy and some customers don't allow it.

So, we're searching for any configuration on Exchange that can restrict access to a selected mailbox.
We've tried the procedure described in https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-control-access-to-ews-in-exchange , but it seems working only when application connects EWS through Basic Authentication (it seems not having any effect when app connects using OAuth2).

Does anybody know whether is possible to restrict access for an EWS OAuth2 app to a selected mailbox?

Thanks.

Exchange Server Development
Exchange Server Development
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Development: The process of researching, productizing, and refining new or existing technologies.
551 questions
0 comments No comments
{count} votes

Accepted answer
  1. Glen Scales 4,441 Reputation points
    2021-02-15T22:54:56.793+00:00

    Yes you should be able to control which Mailboxes you App has access to via using https://techcommunity.microsoft.com/t5/exchange-team-blog/application-access-policy-support-in-ews/ba-p/2110361


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.