Many Exchange Online customers are in the final phase of migrating to OAuth (or what we call Modern authentication) and finally disabling Basic authentication for their clients. The latest summary wi...
Published Dec 05, 2022
Version 1.0
Blog Post
5 MIN READ
Notes from the field: Using app-only authentication with customized RBAC roles in Exchange Online
This is fantastic.
Few questions:
1. Does this mean the RBAC scoping will also apply and we don't have to rely on Application Access Policies
2. Role Based Access Control for Applications in Exchange Online - Microsoft Community Hub this one appears to be almost nearby, but slightly different. Coincidently getting launched around the same timeline.
3. Add an example for this cmdlet, it helps to perceive it better. Do you mean Identity or 'service id' here?
Add-RoleGroupMember -Identity "ViewOnlyRecipients4CBA-Stripped" -Member Identity/ServiceId of the Service principal.
4. Isn't EXO-CBA-CUstomRBAC App already a Service Principal, why we need to create another one, can't we just use the existing app itself.
Looks like not, its a proxy of the AzAD object, I thought it already synced\available to Exchange or this is why Exchange RBACs have some strange looks accounts\groups\objects getting added into the org admin role group in EXO (Eg. ExchangeServiceAdmins_-092**9xx11).
New-ServicePrincipal (ExchangePowerShell) | Microsoft Learn
"In Exchange Online, service principals are references to the service principals in Azure AD."
5. Does it apply for Connect-IPPSession for Compliance Center too, or anything in pipeline to improve upon them.