Restrict Application Access

Use Case: An application uses OAuth 2.0 to connect and send mail as a user. This requires that you Grant Admin Consent, but that allows the application to send as any user. To prevent abuse, you want to restrict which users the app can send-as.

First, Connect to Microsoft 365 Exchange Online

Restrict Application Access

New-ApplicationAccessPolicy -AccessRight RestrictAccess -AppId "e7e4dbfc-046f-4074-9b3b-2ae8f144f59b" -PolicyScopeGroupId EvenUsers@AppPolicyTest2.com -Description "Restrict this app's access to members of security group EvenUsers."

Microsoft Learn: New-ApplicationAccessPolicy

Search Content in Microsoft Purview

Restrict Application Access

Show Mailbox Rules for a Mailbox

Connect to Exchange Powershell

Grant Purview Export Permission

Connect to Security and Compliance Powershell

Exchange Mailbox Statistics

Connect to Sharepoint

Get Intune Managed Device Information

Manually Sync macOS Device with Intune

Change Intune macOS Personal Ownership to Company

Prevent Spoofing of Executives

Azure Dynamic Groups

Add user to Azure AD Application

Reset a Windows Device

Share content with external users

Manage OneDrive Profiles

Change filter settings in Outlook on the Web

Send as a Group in Outlook

Setup Microsoft 365 Account

Restrict Application Access