ApplicationAccessPolicy vs Azure Automation Account

Hi all. I have an Azure Automation Account (AAA) with enabled system managed identity. I added Graph API permission Mail.Send (application) to this identity and in script I'm able to send behalf of ...

azure automation

exchange online

Graph API

VasilMichev
May 21, 2025
You should be using the AppId value when creating the policy, not the objectId. Also, keep in mind that Application access policies are going away in the future, consider using the RBAC for applications method instead: https://learn.microsoft.com/en-us/exchange/permissions-exo/application-rbac

VasilMichev

MVP

May 21, 2025

You should be using the AppId value when creating the policy, not the objectId. Also, keep in mind that Application access policies are going away in the future, consider using the RBAC for applications method instead: https://learn.microsoft.com/en-us/exchange/permissions-exo/application-rbac

JanRezab

Brass Contributor

May 22, 2025

Yeah... it works correctly. A bit confusing is that I don't have to assign the Mail.Send right like the other Graph API rights, but just assign RBAC roles.

Forum Discussion

ApplicationAccessPolicy vs Azure Automation Account

Resources