Announcing OAuth 2.0 support for IMAP and SMTP AUTH protocols in Exchange Online

https://stackoverflow.com/users/7084642/sivaprakash-msft stated: “IMAP, SMTP scopes are targeted for Exchange resource and not Graph. Whereas User.Read, Mail.ReadWrite are meant for Graph resource” and developers on StackOverflow have noted that IMAP and SMTP AUTH scopes appear only to work when the scope URI in the client is either https://outlook.office.com or https://outlook.office365.com but with the corresponding resource permissions in AAD set in Graph and not  in ‘legacy’ Exchange because, unlike Graph, the Exchange API does not have (e.g.) an SMTP.Send permission.

Example:

Client:  scope ‘https://outlook.office.com/SMTP.Send’

AAD: permission from Microsoft Graph (https://graph.microsoft.com) API’s list: SMTP.Send

It would be much appreciated by other posters and myself if @The_Exchange_Team  could explain how - if we specify an SMTP AUTH scope using https://outlook.office.com/SMTP.Send - we should specify this permission to AAD when (e.g.) SMTP.Send is only selectable for Graph and not the Exchange API?

Or is there a subtle difference between a ‘scope’ URI used in the client and the corresponding permission URI specified for that API in AAD? 

Surely scopes requested by a client (including the resource API’s  URI - which for the V2 endpoints defaults to graph.microsoft.com if no URI is specified) for an access token MUST be a subset of the permissions for that API set by admin in AAD for that client or the entire granular permissions model falls apart