Forum Discussion
Solved
What does "all mailboxes" really mean in Teams app permissions?
An end user requested that I grant admin consent to a Team app's permissions. When I looked at the app, here's what I found: This app says it wants full access to ALL mailboxes without a signe...
- Those are excessive permissions indeed, you're right to doubt them. What does the app claim to do? If it's anything related to Calendaring, EWS is a valid scenario still. The problem with this permission scope is that it gives you unrestricted access across all mailboxes, not limiting it to Calendar items/operations though. You can restrict which mailboxes will be under its scope (https://practical365.com/new-application-access-policies-extend-support-for-more-scenarios/), but no way to restrict the operations themselves.
Those are excessive permissions indeed, you're right to doubt them. What does the app claim to do? If it's anything related to Calendaring, EWS is a valid scenario still. The problem with this permission scope is that it gives you unrestricted access across all mailboxes, not limiting it to Calendar items/operations though. You can restrict which mailboxes will be under its scope (https://practical365.com/new-application-access-policies-extend-support-for-more-scenarios/), but no way to restrict the operations themselves.