Share via

graph api: Application - Email limited permissions.

David Harrison 36 Reputation points
2022-09-01T20:30:08.81+00:00

Hi all,

A little background.
I've created a console app that gets called via task scheduler.
using graph api sdk, It reads all emails in the inbox for a given mail account and downloads the attachments for further processing. then moves the email to an archive folder.
All works great..

problem
When I setup the azure app registration permissions for mail.readwrite its for application because there is no user intervention.
I found this level of permission allows access to any mail box in the organisation, which is not what we want.

How do I lock this down to a single mail account?

tia
Dave

Microsoft Security | Microsoft Graph

Answer accepted by question author

  1. Shivam Dhiman 6,086 Reputation points
    2022-09-01T20:54:44.497+00:00

    Hi @David Harrison

    Application access policy will help you in this scenario. Please refer to this documentation for more details https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access .

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.

    Was this answer helpful?

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. David Harrison 36 Reputation points
    2022-09-05T14:22:54.59+00:00

    thank you, I'll try to get this implemented and see if it resolves..

    thanks

    Was this answer helpful?

    1 person found this answer helpful.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.