使用Azure Ad中的服务应用程序限制对组或单个邮箱的访问 [英] Limit access to groups or individual mailboxes using a service application in Azure Ad

问题描述

我有一个具有Microsoft graph api权限的Azure集成服务应用程序(守护程序应用程序)，我现在可以读取整个公司的所有邮箱，这虽然很棒，但可能会引起业务管理方面的一些担忧.我们在Office 365中使用Outlook.是否可以指定应用可以访问的邮箱，而不是访问所有邮箱/用户的邮箱.

I have an Azure integrated service application (daemon app) with permissions to the Microsoft graph api, I can now read all the mailboxes for the entire company, which is awesome but might raise some concerns with the business management. We use Outlook in Office 365.Is there a way to specify mailboxes that the app can have access to instead of having access to all mailboxes/users.

推荐答案

使用客户端凭据获取访问令牌的守护程序.

The daemon app which use the client credential to acquire the access token.

通常，当客户端代表自己行事时，客户端凭证流将用作授权授予.而且它无法指定该应用可以访问的邮箱.

The client credential flow is used to as an authorization grant typically when the client is acting on its own behalf. And it is not able to specify mailboxes that the app can have access.

您可以通过在守护程序应用程序中实现业务逻辑来实现此目的.

You can achieve this by implement the business logic in the daemon app.

这篇关于使用Azure Ad中的服务应用程序限制对组或单个邮箱的访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！