Hello Microsoft Graph API Team,
I'd like to suggest a refinement in your permissions model, particularly around mailbox settings. Currently, the MailboxSettings.ReadWrite permission grants broad access, including automatic replies, email signatures, and more. This broad scope can sometimes be more than what's necessary, especially when an application's sole purpose is to manage automatic replies.
Would it be possible to introduce a more granular permission that specifically targets the management of automatic replies? This narrower scope could significantly enhance privacy and security by adhering to the principle of least privilege.
Such a change would not only improve security but also provide organizations and developers with more precise control over what their applications can access, aligning better with privacy standards.
Thank you for considering this suggestion. Looking forward to any feedback you might have.
Best.