This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Changes to Exchange Online from Microsoft

Posted a month ago
TonyH
Staff
Reply posted on --/--/---- --:-- AM

Hello Everyone,

Quick note if you are currently using the Exchange Integration for SOAR.

Per Microsoft

"Today we are announcing that we will begin blocking the assignment of the ApplicationImpersonation role in Exchange Online to accounts starting in May 2024, and that in February 2025, we will completely remove this role and its feature set from Exchange Online."

So starting in May of 2024, you will be unable to assign the ApplicationImpersonation role in Microsoft Exchange Online. For details of the changes that Microsoft is making to the ApplicationImpersonation role, see Retirement of RBAC Application Impersonation in Exchange Online. We recommend that you use Microsoft Graph Mail to work with Exchange Online.

Documentation has been updated to warn of this change here

2 2 94
Topic Labels
2 REPLIES 2

Posted on --/--/---- --:-- AM
citreno
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Good to know, thanks!

Just as a heads up there's a permission issue MicrosoftGraphMail integration in that it requires application level permissions for mail.read in the common case(for most actions/connector to work). Most customer's won't accept a full grant to reading all email. We've forked the integration for ourselves to use delegated permissions using some of the GetToken action methods that the Exchange integrations used, but would prefer not to rely on this fork as it creates maintainability issues as the upgrade path gets challenging for customers. 

With this being the new standard is there a plan for delegated permissions to be allowed? Happy to assist if a community contribution is welcome within the main google supported integration. 

Posted on --/--/---- --:-- AM
Dmitry_Sarakeev
Staff
Reply posted on --/--/---- --:-- AM

Hi @citreno thank you for reaching out!

We are not planning to add delegated access to the MS Graph Mail integration at the moment, but we are working on extending the integration and updating the docs.

Can you please elaborate why you opted for delegated access in Graph Mail integration? Is it permissions only question? Did you considered using existing integration with app-level permissions and limiting app's access with Microsoft's RBAC for Apps

Top Solution Authors
View all