Share via

EWS.AccessAsUser.All Via Graph or Exchange Online

Jamie Brandwood 131 Reputation points
2021-03-18T01:04:13.14+00:00

Good Morning, Evening Everyone,

Been reading the latest documentation on authenticating an EWS application using OAuth (https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-authenticate-an-ews-application-by-using-oauth) ... which is all good.

But one thing that has thrown me is, in the article it references using

{
"resourceAppId": "00000002-0000-0ff1-ce00-000000000000",
"resourceAccess": [
{
"id": "3b5f3d61-589b-4a3c-a359-5dd4b5ee5bd5",
"type": "Scope"
}
]
}

As the requiredResourceAccess (API Permission) which goes ahead and adds:

78943-image.png

Which again, is all good ... But I also noticed that the EWS.AccessAsUser.All permissions was available for the Microsoft.Graph API also.

78944-image.png

Does it really make a difference which one you use? I've used the same code sample from that article and it works just fine against the Microsoft.Graph API version (I know were requesting scope as part of that sample: var ewsScopes = new string[] { "https://outlook.office365.com/EWS.AccessAsUser.All" }; but it seems to be accepted ok when I granted admin consent against the Microsoft.Graph version of EWS.AccessAsUser.All (Note we dont allow any user consent so did approval via Azure AD portal as part of registration, failed if i didnt do this suggesting it is accepting the Microsoft.Graph API version)

Anyone able to clarify either the difference or concerns of using one over the other? As i had assumed the Office 365 Exchange Online API was due for retiring next year hence having to add via the manifest directly. Where as when searching under the Microsoft.Graph API i can find EWS.AccessAsUser.All anyway.

CC: @Jackson Woods (MSFT) , @JamesTran-MSFT

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,302 questions
0 comments
Accepted answer
  1. Vasil Michev 108.2K Reputation points MVP
    2021-03-18T08:23:45.677+00:00

    The Graph one is currently a Delegate level permission only, the Exchange one can also be granted at the application level. For automated tasks, you'd generally want the app-level one, but that depends on your usage scenario.

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rahul Metangale 106 Reputation points
    2021-03-18T06:44:45.437+00:00

    Hi @jabran-corp

    EWS and Graph have mostly overlapping functionality, there are some differences. If you rely on an EWS API that does not have a Graph counterpart, you can let Microsoft know via UserVoice of features needed for your app scenarios.

    Microsoft is recommending migrating to Microsoft Graph to access Exchange Online data and gain access to the latest features and functionality.

    You can read more about this here

    I hope this helps.

    Thanks.
    Rahul

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.