This post is a part of our EWS (Exchange Web Services) to Microsoft Graph Migration Guide Series.
Earlier this month the Exchange Team announced two major changes that impact the API’s available to...
Published Oct 17, 2023
Version 1.0
Blog Post
9 MIN READ
Identify applications using Exchange Online OutlookRESTv2 or Exchange Web Services (EWS) APIs
Hi,
In regard to this article and script.
It states:
Depending on the API used, there are two locations where the API permissions to connect to Exchange Online can be granted:
- Azure AD using App Registrations: used for all Exchange Online APIs including OutlookRESTv2, Exchange Web Services (EWS), Microsoft Graph, IMAP, POP, SMTP
- Exchange Online using RBAC for Applications: used only for Microsoft Graph and EWS applications.
And talks further about reviewing App Registrations.
In our environment we use Thunderbird and Apple mail as email clients, these use IMAP/POP/SMTP and EWS respectively.
These applications are represented by an Enterprise Application only, there is no associated App Registration.
So when I run this script with the "All" switch to export everything, these are not picked up even though they are using the protocols that the script is suppose to find and as stated above.
These are the Thunderbird Enterprise Application permissions, as set by default:
These are the Apple mail (Apple Internet Accounts) Enterprise Application permissions, as set by default:
My concern is that as the referenced article and associated script is only talking about and checking App registrations, then Enterprise Apps with permissions in scope of deprecation will be missed if they do not have an associated Application Registration, as for the example given above for Thunderbird and Apple mail.
Best regards
Owain