Comments on: Application access policies in Exchange Online

By: Microsoft Launches RBAC for Applications for Exchange Online

Microsoft Launches RBAC for Applications for Exchange Online — Wed, 07 Dec 2022 11:06:59 +0000

[…] Application access policies seemed like a good idea when Microsoft introduced them in 2019. An application access policy is a protocol-agnostic mechanism to allow or deny an app access to a set of mail-enabled objects with security principals (usually defined as mailboxes in a security group). The mechanism is effective but has two significant limits. First, Exchange Online supports 300 application access policies per tenant. Second, access is all or nothing. Once a policy grants an app access to mailboxes, the app can use all available Exchange Web Services (EWS) and Microsoft Graph APIs to interact with mailbox data. […]

By: How to Report Meeting Statistics for Room Mailboxes

How to Report Meeting Statistics for Room Mailboxes — Mon, 05 Dec 2022 11:07:14 +0000

[…] Exchange Online application access policies can control apps that access mailbox contents by limiting access to specific mailboxes. In this case, an application access could define that the app can only access the room mailboxes. […]

By: Moving on from Send-MailMessage: Sending Email from PowerShell using the Graph API

Tue, 15 Nov 2022 14:07:39 +0000

[…] solution is to use an application access policy to allow the app to access only certain mailboxes. An application access policy combines three […]

By: Using Azure Automation to Detect and Report Microsoft 365 Audit Events

Using Azure Automation to Detect and Report Microsoft 365 Audit Events — Mon, 17 Oct 2022 10:08:30 +0000

[…] send email makes it easy for developers, but it can be a security nightmare. And that’s where Application Access Policies come […]

By: Roopa

Roopa — Wed, 14 Sep 2022 10:40:07 +0000

Hello Vasil ,
I have an important Question, Our company has been using the Application access policy for a while now ,and i get an error : “The total size of App Access Policies exceeded the limit of: 87040. Size 87062.” Can you provide a resolution for this.

By: pavan

pavan — Mon, 21 Feb 2022 13:46:28 +0000

Can I apply application access policy on a mail enabled security group synced from onprem?

By: harish tej

harish tej — Thu, 28 Oct 2021 06:37:13 +0000

In reply to Vasil Michev. any other way to restrict owner from adding users rather than group managed by IT team?

By: Vasil Michev

Vasil Michev — Fri, 17 Sep 2021 14:41:51 +0000

In reply to Maheswari. Create a group with closed membership, one that is managed by the IT support team and not end users.

By: Maheswari

Maheswari — Thu, 16 Sep 2021 07:19:22 +0000

If we scope the Application access Policy to specific mail enabled group and grant access only to the member of the group there are chances for any user id can be added to the group and leverge full access to the mailbox. What level of Security controls can be added to prevent this.

By: Reevanshi

Reevanshi — Tue, 15 Jun 2021 11:43:26 +0000

We are using Exchange online api with Application permission full acess .

Our objective is to restrict api permission to specific set users only .

Do you think there can be any way for that ?