ApplicationAccessPolicy vs Azure Automation Account
Hi all. I have an Azure Automation Account (AAA) with enabled system managed identity. I added Graph API permission Mail.Send (application) to this identity and in script I'm able to send behalf of any email mailboxes. It works correctly. I want to restrict this AAA to specific mailboxes. So, I followed the https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access. I created Service Principal for AAA by "New-ServicePrincipal" command and created new Application Access Policy. When I test it via Test-ApplicationAccessPolicy command I see correct result. But AAA is still able to send an email behalf of an email mailbox. Do you have the same experience?
