Update 7/31/2023: This feature has been fully released (is not in preview anymore).
If, as an administrator, you’ve ever consented to app-only permissions like Mail.Read in Azure Active Directory (...
Updated Jul 31, 2023
Version 2.0
Blog Post
4 MIN READ
Announcing Public Preview of Role Based Access Control for Applications in Exchange Online
Hi All
Nice new feature! From the exchange online point of view, I understand the differences between the new RBAC for App solution and the Application Access Policy.
But one thing I'm not sure. How to properly configure the API-Permission of the App on the Azure AD side.
For example I want to allow an Application have EWS.AccessAsApp permission only for a limited group of mailboxes. Do I have to grant this permission already on the App Registration side, and the RBAC for App Policy in Exchange Online restricts the access to the limited group of Mailboxes? Or does the App whit this configuration have EWS access for all mailboxes in Exchange Online eventough of the RBAC App policy?
If it's not needed to give full Access on the Azure AD side. What is the leased privilege option I have to give to the app in the Azure AD App registration context.
Thanx and a Happy New Year!
Andreas