This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi all,
I am setting up an Exchange EWS integration with a 3rd party application and attempting to use OAuth with Client Secret as authentication mechanism as an alternative to Basic Auth/ App Password. AAD Application has been registered with the relevant Mail API's exposed and Client Secret set as per the Exchange documentation. All API's have been "Granted Admin Consent On Behalf Of The Organisation". The target mailbox has been added as the Owner of the Application.
When we come authorise the EWS connection, we are prompted for Admin consent and in doing so the EWS Connection then uses that Admin account instead of the target mailbox and ingests all of its mail items. When using the target mailbox account for the authorisation, due to Organisation settings, an request for Admin consent is sent to the Admins, the request is authorised via "Admin Consent Requests" page but the Authorisation process in the 3rd Party app fails and subsequent retries just loops through the same process.
So my question(s) are: What if anything have I missed? What is best practice/ best method to allow the Target mailbox account to by-pass the "Only allow Admins to Grant Access to App"?
Thanks in Advance.
Fraser
Hi @Fraser MacFarlane ,
Welcome to Microsoft Q&A!
Considering your issue is more related to AAD and Exchange Dev, in order to better help solve your issue, I removed the "office-exchange-server-connectivity" tag in your post and added the "office-exchange-server-dev" tag. Thanks for your understanding and hope your issue could be resolved soon.