Email2Ticket now supports using an O365 Enterprise Application to connect to mailboxes. Before following the steps in this article you must configure an Enterprise Application for Email2Ticket. If you have not done so please refer to the following KB article.
Configure Microsoft 365 Access for Email2Ticket
In order to access the Email2Ticket mailbox(s), you must grant the Enterprise Application the Mail.Read API permission. Granting this permission allows Email2Ticket to read ALL the mailboxes in O365 Exchange. For this reason, this article has been put together to help customers limit the Enterprise Application access to the Email2ticket mailbox only.
The following instructions provide detailed steps on how to limit access to the enterprise application along with references to the Microsoft Articles used to build this KB article.
The main article used can be found using the link below, but there are references to other articles all of which are included with each step in the process.
- Launch an administrative PowerShell and install the ExhangeOnlineManagement V3 Module using the following command:
Install-Module -Name ExchangeOnlineManagement
When the following prompt comes up type A (Yes to all) and hit enter.
MS Reference article: https://www.powershellgallery.com/packages/ExchangeOnlineManagement/3.0.0
- Import the Exchange Online Management PowerShell module by running the following command:
Import-Module -Name ExchangeOnlineManagement
MS Reference Article:
- Connect to O365 Exchange using the following PowerShell Command:
Note: Replace email@example.com with your O365 Global Admin user.
Connect-ExchangeOnline -UserPrincipalName firstname.lastname@example.org
MS Reference Article: https://learn.microsoft.com/en-us/powershell/exchange/connect-to-exchange-online-powershell?view=exchange-ps&preserve-view=true
- In the sign-in window that opens, enter your password, and then click Sign in.
- MFA only: A verification code is generated and delivered based on the response option that's configured for your account (for example, a text message or the Microsoft Authenticator app on your device).
In the verification window that opens, enter the verification code, and then click Verify.
- Once connected to Exchange Online run the following command to create a new Application Access Policy which will limit the Email2Ticket Enterprise Application you created to the Email2Ticket Mailbox only.
Be sure replace the arguments for AppId, PolicyScopeGroupId and use your Email2Ticket Enterprise App ID and the Email2Ticket Mailbox.
New-ApplicationAccessPolicy -AppId d812ebf4-b2d6-4180-9102-94ff395c4hgb -PolicyScopeGroupId email@example.com -AccessRight RestrictAccess -Description "Restrict this app to the Email2ticket mailbox only."
Note: This policy can take some time to propagate in O365, therefore you should wait at least 2-3 hours before testing the policy.
To verify the application has set up correctly you can run the following command replacing the arguments for -Identity and -AppId
Test-ApplicationAccessPolicy -Identity firstname.lastname@example.org -AppId d812ebf4-b2d6-4180-9102-94ff395c4dfa