Update: please see our updated blog post on this subject.
Today we are announcing that we will begin blocking the assignment of the ApplicationImpersonation role in Exchange Online to accounts star...
Updated Nov 22, 2024
Version 12.0
Blog Post
Thanks _cparker for the replies.
I have few more clarifications:
1) In the App I removed full_Access_as_App permission and had permissions like User.Read.All, Reports.Read.All.
Still, on running this command:
Get-ManagementRoleAssignment -Role ApplicationImpersonation -GetEffectiveUsers
the user with which the App was granted permissions is obtained in the output of the above command. Is this expected?
2)The files FilteredResults.csv and impersonationUserMapping.csv are empty. Does this confirm that this account is not affected?
Although in auditLogRecords.csv this entry was found:
{
"CreationTime": "2024-04-05T10:56:05",
"Id": ",
"Operation": "MailItemsAccessed",
"OrganizationId": "6222",
"RecordType": 50,
"ResultStatus": "Succeeded",
"UserKey": "1222",
"UserType": 0,
"Version": 1,
"Workload": "Exchange",
"UserId": "user@xxx",
"AppId": "9999",
"ClientAppId": "ee",
"ClientIPAddress": "2212,
"ClientInfoString": "Client=WebServices;EWSProxy/MailApp/9999",
"ExternalAccess": false,
"InternalLogonType": 0,
"LogonType": 0,
"LogonUserSid": "SSS",
"MailboxGuid": "fFF",
"MailboxOwnerSid": "SSS",
"MailboxOwnerUPN": "user@xxx",
"OperationProperties": [
{
"Name": "MailAccessType",
"Value": "Bind"
},
{
"Name": "IsThrottled",
"Value": "False"
}
],
"OrganizationName": "sss",
"OriginatingServer": "sss",
"Folders": [
{
"FolderItems": [
{
"Id": "Rg",
"InternetMessageId": "<sdas>",
"SizeInBytes": 6820
}
],
"Id": "Lg",
"Path": "\\Sent Items"
}
],
"OperationCount": 1
}
This seems to correspond to the EWS API Request for copyItem which we performed in the same time window.
Does this confirm that this account is not affected?