Reputation: 2048
Azure AD application permission with scopping
As per the below article, we can scope AzureAD Graph API permission from Exchange online.
https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access
We've assigned the following permission in AzureAD. However Calendars.ReadWrite "Application permission" is scoped for only a room mailbox account. So that application will only able to read/write room mailbox calendar.
Could someone please answer the below question?
I am not a member of the Scoping group and if I use the application token, will I be able to access my Calendar (Please note that calendars.ReadWrite.Shared delegated permission already granted in AzureAD)
Upvotes: 0
Views: 104
Answers (1)
Reputation: 16438
No, in the case that you use application token, and you are not in the scoping group, the application won't be able to access your Calendar.
calendars.ReadWrite.Shared delegated permission doesn't take effect on client credential flow. It only takes effect when you use user token (auth code flow) rather than application token (client credential flow).
Upvotes: 1
Related Questions
- Azure API permissions for Graph API
- API Permissions - Microsoft Graph API
- Azure Active Directory appRoleAssignments "Permission being assigned was not found on application"
- Microsoft graph API: permission grant for application (app roles) (NOT delegate via Oauth2PermissionGrants)
- Add permissions to an Azure application by using the .net SDK
- How to programmatically assign permissions to Azure AD app
- Azure Active directory API permissions
- Proper apps permissions from azure AD to grant access on Microsoft Graph
- Microsoft Graph API - new delegated permission removing application permissions
- Azure Active Directory Object Permissions