graph api: Application - Email limited permissions.

David Harrison 36 Reputation points

Hi all,

A little background.
I've created a console app that gets called via task scheduler.
using graph api sdk, It reads all emails in the inbox for a given mail account and downloads the attachments for further processing. then moves the email to an archive folder.
All works great..

When I setup the azure app registration permissions for mail.readwrite its for application because there is no user intervention.
I found this level of permission allows access to any mail box in the organisation, which is not what we want.

How do I lock this down to a single mail account?


Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,483 questions
{count} votes

Accepted answer
  1. Shivam Dhiman 5,946 Reputation points

    Hi @David Harrison

    Application access policy will help you in this scenario. Please refer to this documentation for more details .

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. David Harrison 36 Reputation points

    thank you, I'll try to get this implemented and see if it resolves..


    1 person found this answer helpful.