...
The permissions configured during the Azure App Registration for ResourceXpress will grant Read & Write permissions to all Resource Mailboxes in the tenant.
To further restrict access to a specific sub-set subset of mailboxes the below steps will be required.
Create a Mail-Enabled Security Group
Configure a mail-enabled security group in the Exchange Admin Center.
Use
...
Microsoft's guide for “Manage mail-enabled security groups”.
Add all resource mailboxes that will be used in ResourceXpress as members of this security group.
Create an ApplicationAccessPolicy (PowerShell)
The following step requires the Azure App Registration Client ID, see our guide on how to create this here,https://resourcexpress.atlassian.net/wiki/spaces/RSG/pages/1349091544/Graph+API+OAuth+2.0+Configuration+for+Office+365#Getting-the-Client-%26-Tenant-ID%E2%80%99s.
Connect to Exchange Online in PowerShell. See our guide which covers the initial connection process here, https://resourcexpress.atlassian.net/wiki/pages/resumedraft.action?draftId=106233906.
Copy and paste the below command. Replace <app-id> with the App Registration Client ID and replace <security group email> with the SMTP address of the mail-enabled security group created in the first step.
| Code Block | ||||
|---|---|---|---|---|
| ||||
New-ApplicationAccessPolicy -AppId <app-id> -PolicyScopeGroupId <security group email> -AccessRight RestrictAccess -Description "Restrict this app to members of distribution group <security group name>." |
...