Limit Email2Ticket Enterprise Application access to Email2Ticket mailbox only

 

Email2Ticket now supports using an O365 Enterprise Application to connect to mailboxes. Before following the steps in this article you must configure an Enterprise Application for Email2Ticket. If you have not done so please refer to the following KB article. 

Configure Microsoft 365 Access for Email2Ticket

In order to access the Email2Ticket mailbox(s), you must grant the Enterprise Application the Mail.Read API permission. Granting this permission allows Email2Ticket to read ALL the mailboxes in O365 Exchange. For this reason, this article has been put together to help customers limit the Enterprise Application access to the Email2ticket mailbox only.

 

The following instructions provide detailed steps on how to limit access to the enterprise application along with references to the Microsoft Articles used to build this KB article.  

The main article used can be found using the link below, but there are references to other articles all of which are included with each step in the process.

https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access

 

  1. Launch an administrative PowerShell and install the ExhangeOnlineManagement V3 Module using the following command:

    Install-Module -Name ExchangeOnlineManagement

    When the following prompt comes up type A (Yes to all) and hit enter.

    mceclip1.png

    MS Reference article: https://www.powershellgallery.com/packages/ExchangeOnlineManagement/3.0.0

  2. Import the Exchange Online Management PowerShell module by running the following command:

    Import-Module -Name ExchangeOnlineManagement

    MS Reference Article:
    https://learn.microsoft.com/en-us/powershell/exchange/exchange-online-powershell-v2?view=exchange-ps#install-and-maintain-the-exchange-online-powershell-module


  3. Connect to O365 Exchange using the following PowerShell Command:
    Note: Replace navin@contoso.com with your O365 Global Admin user.

    Connect-ExchangeOnline -UserPrincipalName navin@contoso.com

    MS Reference Article: https://learn.microsoft.com/en-us/powershell/exchange/connect-to-exchange-online-powershell?view=exchange-ps&preserve-view=true

  4. In the sign-in window that opens, enter your password, and then click Sign in.

    mceclip2.png

  5. MFA only: A verification code is generated and delivered based on the response option that's configured for your account (for example, a text message or the Microsoft Authenticator app on your device).
    In the verification window that opens, enter the verification code, and then click Verify.

    mceclip3.png

  6. Once connected to Exchange Online run the following command to create a new Application Access Policy which will limit the Email2Ticket Enterprise Application you created to the Email2Ticket Mailbox only.
    Be sure replace the arguments for AppId, PolicyScopeGroupId and use your Email2Ticket Enterprise App ID and the Email2Ticket Mailbox.

    New-ApplicationAccessPolicy -AppId d812ebf4-b2d6-4180-9102-94ff395c4hgb -PolicyScopeGroupId elawson@nd-healthcare.com -AccessRight RestrictAccess -Description "Restrict this app to the Email2ticket mailbox only."

    Note: This policy can take some time to propagate in O365, therefore you should wait at least 2-3 hours before testing the policy.

    To verify the application has set up correctly you can run the following command replacing the arguments for -Identity and -AppId

    Test-ApplicationAccessPolicy -Identity elawson@nd-healthcare.com -AppId d812ebf4-b2d6-4180-9102-94ff395c4dfa

    mceclip4.png

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us
Provide feedback for the Documentation team!