Apr 12 2023 06:34 AM
Granting access to App for Exchange Mail Trace - Least restrictive
===================
We need to grant access via Oauth for an App to reach Email trace on Exchange Online
The management role for this is "message tracking" /Messagehygiene
The app doesn't have a service principal so we are not able to add it via Exchange Powershell New-ManagementRoleAssignment
Note - We do not want to grant Global reader access as this is a 3rd party managed App.
Reference Article - Role Based Access Control for Applications in Exchange Online (Preview) | Microsoft Learn
Any help is appreciated.
Apr 12 2023 09:50 AM
Apr 12 2023 02:37 PM
Hi @habeebbm
I've written a Blog Articles about something similar. I know - it's not quite the same but it should help you to get on track
Exchange Online custom RBAC Role with App Authentication (OAuth2)
Exchange RBAC Role for Set-Userphoto
https://blog.icewolf.ch/archive/2020/07/24/exchange-rbac-role-for-set-userphoto.aspx
Regards
Andres Bohren