graph api: Application - Email limited permissions.

David Harrison 36 Reputation points
2022-09-01T20:30:08.81+00:00

Hi all,

A little background.
I've created a console app that gets called via task scheduler.
using graph api sdk, It reads all emails in the inbox for a given mail account and downloads the attachments for further processing. then moves the email to an archive folder.
All works great..

problem
When I setup the azure app registration permissions for mail.readwrite its for application because there is no user intervention.
I found this level of permission allows access to any mail box in the organisation, which is not what we want.

How do I lock this down to a single mail account?

tia
Dave

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,483 questions
{count} votes

Accepted answer
  1. Shivam Dhiman 5,946 Reputation points
    2022-09-01T20:54:44.497+00:00

    Hi @David Harrison

    Application access policy will help you in this scenario. Please refer to this documentation for more details https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access .

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. David Harrison 36 Reputation points
    2022-09-05T14:22:54.59+00:00

    thank you, I'll try to get this implemented and see if it resolves..

    thanks

    1 person found this answer helpful.