The below configuration is only applicable when configuring ResourceXpress for a Microsoft Graph integration.
The permissions configured during the Azure App Registration for ResourceXpress will grant Read & Write permissions to all Resource Mailboxes in the tenant.
To further restrict access to a specific sub-set of mailboxes the below steps will be required.
Create a Mail-Enabled Security Group
Using this link, configure a mail-enabled security group in the Exchange Admin Center.
Add all resource mailboxes that will be used in ResourceXpress as members of the security group
Create an ApplicationAccessPolicy (PowerShell)
The following step requires the Azure App Registration Client ID created here.
Connect to Exchange Online in PowerShell. This guide covers the initial connection process.
Copy and paste the below command. Replace <app-id> with the App Registration Client ID and replace <security group email> with the SMTP address of the mail-enabled security group created in the first step.
New-ApplicationAccessPolicy -AppId <app-id> -PolicyScopeGroupId <security group email> -AccessRight RestrictAccess -Description "Restrict this app to members of distribution group <security group name>."
For further information and for details on testing this policy please see this link.