question

PatrickTurner-7656 avatar image
0 Votes"
PatrickTurner-7656 asked GlenScales-6756 answered

Exchange server 0Auth authorization for single mailbox from backend service

Background:
I'm upgrading a backend service that currently uses basic authentication to read and delete emails from a single mailbox on an exchange server to authenticate using OAuth2.0. I'm having difficulty finding conclusive documentation about the best authorization flow for this.

Question:
What is the best authorization flow that achieves the following?
1. Authorizes a connection from backend service to an Exchange 2013 server, an Exchange 2016 server, an Exchange 2019 server, or Office365.
2. Authorizes access to a specific mailbox and does not allow acess to other mailboxes within the organization.
3. Allows read/write access.

microsoft-graph-mailoffice-exchange-server-dev
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

GlenScales-6756 avatar image
0 Votes"
GlenScales-6756 answered
  1. For Exchange Online the Client Credentials flow https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow would be the best option for what you doing. Exchange OnPrem needs to handle differently and would require that the Organization have Hybrid modern Authentication configured to be able to use OAuth

  2. For Exchange Online use application access polices that allow you to scope Application permissions to one mailbox https://techcommunity.microsoft.com/t5/exchange-team-blog/application-access-policy-support-in-ews/ba-p/2110361

  3. If your using EWS then the only scopes its support allow Full Access, if you need Read access only you need to use the Microsoft Graph

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.