Forum Discussion
Scoping application Crestron to access only room mailboxes of resourcetype Workspace
We got a requirement for to enable application Crestron to be able to access Workspace resourcetype Room mailboxes only. So, we thought of directly tieing the application to these mailboxes over the ...
Did you remove the corresponding permissions (Calendars.ReadWrite, Mailboxsettings.Read) on Graph side? Here's the relevant quote from the documentation: https://learn.microsoft.com/en-us/exchange/permissions-exo/application-rbac#why-does-my-application-still-have-access-to-mailboxes-that-arent-granted-using-rbac
Why does my application still have access to mailboxes that aren't granted using RBAC?
You need to ensure that you've removed the tenant-wide unscoped permissions you assigned in Microsoft Entra ID. The permissions assigned using RBAC act in addition to grants you make in Microsoft Entra ID. Microsoft Entra permissions can only be constrained using Application Access Policies.
So, I did not migrate from Application access policy, this was a new request and hence went ahead with Application RBAC