This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 67%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
We have a background daemon service application that needs to access a single O365 mailbox. It had been developed using EWS to support both Exchange on-prem and online. Recently it has been enhanced to support OAuth2 for Office 365 through Client Credential Flow and, in this case, it needs to be granted full_access_as_app application privilege, which is quite heavy and some customers don't allow it.
So, we're searching for any configuration on Exchange that can restrict access to a selected mailbox.
We've tried the procedure described in https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-control-access-to-ews-in-exchange , but it seems working only when application connects EWS through Basic Authentication (it seems not having any effect when app connects using OAuth2).
Does anybody know whether is possible to restrict access for an EWS OAuth2 app to a selected mailbox?
Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 84%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGS%3C/text%3E%3C/svg%3E)
Yes you should be able to control which Mailboxes you App has access to via using https://techcommunity.microsoft.com/t5/exchange-team-blog/application-access-policy-support-in-ews/ba-p/2110361
Thank you very much @Glen Scales , it worked!