Skip to main content Skip to footer

Restrict Promodag application access to the content of specific mailboxes

If you use the certificate-based authentication to Office 365, the full_access_as_app authorization grants by default the Promodag Reports application published in Microsoft Intra ID access to all mailboxes in the Office 365 tenant. You can restrict the scope to a group of mailboxes by following this procedure.

Create a mail-enabled security group

The first step is to create a mail-enabled security group in the Microsoft 365 administration center.
All mailboxes to be analyzed by content reports in Promodag Reports will be added as members.

Create a new Application Access Policy

Next, create an access policy for the Promodag Reports application using this command, which uses the application ID and the group’s email address:

New-ApplicationAccessPolicy -AppId <application ID> -PolicyScopeGroupId <email address of the group> -AccessRight RestrictAccess -Description "Restrict this app to members of distribution group xxx."

The application ID can be found in Promodag Reports in the Office 365 configuration tab of Tools > Options.

Finally, we will test that the policy has been correctly applied with this command, which will be applied to a mailbox that is not a member of the security group:

Test-ApplicationAccessPolicy -Identity <mailbox email address> -AppId <application ID>

Note: Changes to application access policies may take more than an hour to take effect, even if the test results are positive.

Related article: Configure certificate-based authentication to Office 365


Try Promodag Reports Free for 45 Days

Cookie Notice

Find out more about how this website uses cookies to enhance your browsing experience.