cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Granting access to App for Exchange Mail Trace - Least restrictive

habeebbm
Copper Contributor

‎Apr 12 2023 06:34 AM

‎Apr 12 2023 06:34 AM

Granting access to App for Exchange Mail Trace - Least restrictive

Granting access to App for Exchange Mail Trace - Least restrictive

 

===================

We need to grant access via Oauth for an App to reach Email trace on Exchange Online

The management role for this is "message tracking" /Messagehygiene

 

The app doesn't have a service principal so we are not able to add it via Exchange Powershell New-ManagementRoleAssignment

 

Note - We do not want to grant Global reader access as this is a 3rd party managed App.

 

Reference Article - Role Based Access Control for Applications in Exchange Online (Preview) | Microsoft Learn

 

Any help is appreciated.

 

Labels:
372 Views
0 Likes
2 Replies
Reply
2 Replies
Vasil Michev

‎Apr 12 2023 09:50 AM

‎Apr 12 2023 09:50 AM

Re: Granting access to App for Exchange Mail Trace - Least restrictive

There is no OAuth scope that grants access to this functionality, so you have to stick to the Exchange roles, or Azure AD role that maps to them.
0 Likes
Reply
Andres Bohren

‎Apr 12 2023 02:37 PM

‎Apr 12 2023 02:37 PM

Re: Granting access to App for Exchange Mail Trace - Least restrictive

Hi @habeebbm 

 

I've written a Blog Articles about something similar. I know - it's not quite the same but it should help you to get on track

 

Exchange Online custom RBAC Role with App Authentication (OAuth2)

https://blog.icewolf.ch/archive/2023/01/19/exchange-online-custom-rbac-role-with-app-authentication-...

 

Exchange RBAC Role for Set-Userphoto

https://blog.icewolf.ch/archive/2020/07/24/exchange-rbac-role-for-set-userphoto.aspx

 

Regards

Andres Bohren

 

 

0 Likes
Reply