Reputation: 63
Microsoft Graph Service/Daemon Access Specific Shared Mailbox
I have an app that queries Microsoft Graph, and it must run as a service/daemon. This app needs to access one specific shared mailbox. The app must not have access to the entire tenant (which I believe is the behavior with 'Grant Admin Consent'). How would I go about granting permission to a service/daemon to one specific shared mailbox?
I have seen this documentation:
https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access
I have tried the cmdlet "New-ApplicationAccessPolicy" but the target of the -PolicyGroupId is the shared mailbox, which returns an error because it's not a security principal.
Upvotes: 4
Views: 1583
Answers (1)
Reputation: 526
Shared mailboxes are not security principals. This limitation for PolicyGroupId is called out in the documentation @ New-ApplicationAccessPolicy
To limit access to a shared mailbox, you should create a new SG, include the shared mailbox as a member and then use the SG to create the AppAccessPolicy.
Upvotes: 2
Related Questions
- What is the Correct Microsoft Graph API Permission for Reading Mailbox to specific user only
- Give mailbox permissions from graph api
- MsGraph WebAPI access a shared mailbox
- MS Graph API - access shared mailbox (application permission)
- How to access shared mailbox using Microsoft Graph in .net core
- Access shared mailbox via Microsoft Graph - "Access denied"
- How to create Pragmatically Shared Mail Box on Office 365
- how to Get access to shared mailbox using Microsoft Graphs
- Access shared mailbox via microsoft graph
- Retrieving Shared Mailbox Access from Microsoft Graph/Office 365 API