Forum Discussion
Exchange Online Delegated Access vs Application Impersonation
Hi All! Our customer has many applications which use EWS communication with Exchange Online objects like for room mailboxes and user mailboxes. So far these application are used delegated access ...
Hello RobertFormodi,
I think you are fine either way, and the application impersonation would not interfere with existing permissions or access (after all its just another type of access).
Just assign application impersonation either using the default admin roles, or creating your own with just that role in Exchange Online. That should have no baring on anything else you are doing, and you should be good to go.
If you wanted to be extra safe, create a new account to serve as the application impersonation account, independent from the other accounts which use delegate access, and setup the new service using the new user that you have granted application impersonation too. You would 100% be in the clear that way.
Adam
Hello,
I agree with Adam. In my opinion application impersonation would be the easiest way to connect a third party system to Exchange.
You should use a new user for the system, so the other systems should remain unaffected.
I'm generally mor a friend of application impersonation instead of delegated access.
Kind regards,
Matthias
I agree with Adam. In my opinion application impersonation would be the easiest way to connect a third party system to Exchange.
You should use a new user for the system, so the other systems should remain unaffected.
I'm generally mor a friend of application impersonation instead of delegated access.
Kind regards,
Matthias
