Update: please see our updated blog post on this subject.
Today we are announcing that we will begin blocking the assignment of the ApplicationImpersonation role in Exchange Online to accounts star...
Updated Nov 22, 2024
Version 12.0
Blog Post
Application Impersonation Role Retirement: Below are the latest recommendation from Microsoft.
EWS impersonation provides a mechanism for EWS applications that run as a service account to act as a user, whereas With Microsoft Graph there are no service accounts.Instead, permissions are granted to applications directly, the way to achieve Impersonation in Microsoft Graph is by making use of app-access policy and application permissions.You can learn more about this from the Microsoft Document here:
https://learn.microsoft.com/en-us/graph/migrate-exchange-web-services-authentication#impersonation
- consider using the Microsoft identity platform / application model for building apps that integrate with Microsoft cloud data.
- Register your app in Microsoft Azure, utilize OAuth for secure access, and follow best practices for permissions and visibility.
- If you have EWS applications requiring access to multiple mailboxes, ensure they are configured properly with OAuth for App-only access.
Exchange Web Service Mapping with MS Graph APIs: You can find the Graph API's mapping in the Microsoft article below.
Exchange Web Services (EWS) to Microsoft Graph API mappings - Microsoft Graph | Microsoft Learn