Access EWS as an application

Access your M365 mailboxes via EWS as an application.

Now that the Microsoft Exchange team has decided to retire the "ApplicationImpersonation" role under M365 by 2025, the question arises as to how you can now access multiple mailboxes without having to log in to each one with the user data.  

If Microsoft deactivates the role, the following message appears in the log: Testing Impersonation: The request failed. The remote server has returned an error: 403) Invalid.

To be able to access all mailboxes again, you must now do the following configuration:

In the current versions of ExMixedFolders and EEAttachments, it is possible to authorize EWS on M365 mailboxes as an application, so that you can access the individual mailboxes in a similar way to before.

Establishment of a corresponding service connection:

• Create a service connection and select "Microsoft 365" as the version.
• Select the "Access as application" checkbox
• Enter any mailbox under Email. (This is only for testing the connection)
• Enter your TenantID. ( You can find this in the Azure portal. Navigate to Properties > Microsoft Entra ID, scroll down to the Client ID section. 
• Create a certificate by right-clicking on the service connection => Create certificate and copy the fingerprint into the thumbprint field.
• Now you need to create a new app registration in the Azure Portal. => New registration => "Only accounts in this organization directory (single client)", redirect URI "Public client/native (mobile and desktop)" e.g. https://www.somebytes.com/exmi...
• Copy the now generated client ID into the corresponding field.
• Upload the certificate in the app registration under Certificates and secrets.
• Authorize the app with full_access_as_app under Api permissions => Office 365 Exchange Online