Skip to main content

oAuth for Display, or how to set up Exchange integration for Office 365 / Exchange online, also known as oAuth or modern authentification


1 comment

  • R&D

    Scoping/limited the permission

    Microsoft has released a new access policy, to restrict or deny access to a specific set of mailboxes by an application that uses APIs (Outlook REST, Microsoft Graph, or Exchange Web Services (EWS))

    With this new policy – you can limit the permission type on the scope of users/resources you dictate.


    For details on how to set “New-applicationaccesspolicy” please see


    Example of use:

    The security group should ONLY contain the rooms used in Pronestor Display.



    • In - Create a “mail enabled security group” ex. (IMPORTANT not allowed :distribution groups, shared mailboxes, discovery mailboxes, dynamic distribution list)
    • Add the rooms to this new group
    • Using powershell run ex:

    New-ApplicationAccessPolicy -AccessRight RestrictAccess -AppId "xx-yy-zz" -PolicyScopeGroupId -Description "Restrict this app to specific rooms only"




    • When setting permissions in o365 – please be aware that it can take o365 some time to push these changes in to play.
    • Use the “Test-ApplicationAccessPolicy” to validate the access/permissions – to ensure that it covers the intended permission set.

Please sign in to leave a comment.

Powered by Zendesk