使用 Azure Ad 中的服务应用程序限制对组或个人邮箱的访问 [英] Limit access to groups or individual mailboxes using a service application in Azure Ad

问题描述

我有一个 Azure 集成服务应用程序(守护程序应用程序)，它具有 Microsoft 图形 api 的权限，我现在可以读取整个公司的所有邮箱，这很棒，但可能会引起业务管理的一些担忧.我们在 Office 365 中使用 Outlook.有没有办法指定应用程序可以访问的邮箱，而不是访问所有邮箱/用户.

I have an Azure integrated service application (daemon app) with permissions to the Microsoft graph api, I can now read all the mailboxes for the entire company, which is awesome but might raise some concerns with the business management. We use Outlook in Office 365.Is there a way to specify mailboxes that the app can have access to instead of having access to all mailboxes/users.

推荐答案

使用客户端凭据获取访问令牌的守护程序应用程序.

The daemon app which use the client credential to acquire the access token.

客户端凭据流通常在客户端代表自己行事时用作授权授予.并且无法指定应用可以访问的邮箱.

The client credential flow is used to as an authorization grant typically when the client is acting on its own behalf. And it is not able to specify mailboxes that the app can have access.

您可以通过在守护程序应用程序中实现业务逻辑来实现这一点.

You can achieve this by implement the business logic in the daemon app.

这篇关于使用 Azure Ad 中的服务应用程序限制对组或个人邮箱的访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！