Forum Discussion
Solved
What does "all mailboxes" really mean in Teams app permissions?
An end user requested that I grant admin consent to a Team app's permissions. When I looked at the app, here's what I found: This app says it wants full access to ALL mailboxes without a signe...
- Those are excessive permissions indeed, you're right to doubt them. What does the app claim to do? If it's anything related to Calendaring, EWS is a valid scenario still. The problem with this permission scope is that it gives you unrestricted access across all mailboxes, not limiting it to Calendar items/operations though. You can restrict which mailboxes will be under its scope (https://practical365.com/new-application-access-policies-extend-support-for-more-scenarios/), but no way to restrict the operations themselves.
How do you expect it to see and put things on people calendars? Service account access to all mailboxes is a pretty common thing. Just about every Exchange Server has a Blackberry account.
This isn't a service account. It's a Teams app.