1. Implementing Service Center with the Redwood User Experience
  2. Limit Access of Mailboxes Using REST API

Limit Access of Mailboxes Using REST API

To provide access to a selected list of outlook mailboxes using the MS Graph API, you now must configure a connection to connect to Microsoft Exchange online PowerShell.

Use the following steps to connect to the PowerShell using docker, then perform the steps to limit the mailbox access.

  1. Execute the following commands to install the dependencies to connect to exchange online:
    • --Install-Module -Name PSWSMan (If prompted, accept PSGallery as the source for the cmdlets.)
    • --Install-WSMan (If prompted, accept PSGallery as the source for the cmdlets).
    • --Install-Module -Name ExchangeOnlineManagement
    • --Import-Module ExchangeOnlineManagement
    • Note: If you don’t have access to the PowerShell tool, run the following PowerShell docker image: 
      docker run -it mcr.microsoft.com/powershell
  2. Execute the following command to connect to Exchange Online: Connect-ExchangeOnline -Device

    The output will have a URL with an authentication code, which must be opened in a browser.

  3. From the browser, authenticate by logging in to the account.
  4. Create a new mail-enabled security group consisting of the mailboxes that should be allowed to access: https://docs.microsoft.com/en-us/exchange/recipients-in-exchange-online/manage-mail-enabled-security-groups
  5. Execute the following command with the required tenantId and the security group email address:
    New-ApplicationAccessPolicy -AppId <client_Id> -PolicyScopeGroupId <security_group_email_id> -AccessRight RestrictAccess -Description "<description"

    For example: New-ApplicationAccessPolicy -AppId d2abe981-a2f3-44f7-af10-acd1c30e61d4 -PolicyScopeGroupId testdistributionlist@4development11395.onmicrosoft.com -AccessRight RestrictAccess -Description "Restrict this app to members of distribution group Test group."

  6. Use following command to verify that the app has permission to access the given mailbox:Test-ApplicationAccessPolicy -Identity <email_address> -AppId <client_Id>

    For example: Test-ApplicationAccessPolicy -Identity service_test11@4development11395.onmicrosoft.com-AppId d2abe981-a2f3-44f7-af10-acd1c30e61d4

    The process can take up to an hour to reflect in the REST APIs. Once the change is reflected, an error message similar to the following will be shown, when trying to access a mailbox that is not permitted:
    "body": {
    "error": {
        "code": "ErrorAccessDenied",
        "message": "Access to OData is disabled."
    }
}

    Now you add these configurations to your Fusion application.