Title: Allow for the use of Application Permissions in the Microsoft365 Graph Email Channel
- What is your original issue/pain point you want to solve?
→ The current configuration only allows for Delegated App Permissions (Authorization Code Flow), which involve a real User account with username and password. The usage of real user accounts as service accounts is considered unclean / a security risk nowadays, and not recommended as Microsoft states themselves in Governing Microsoft Entra service accounts - Microsoft Entra | Microsoft Learn. I thus want to be able to attach an Exchange Online Mailbox via the Graph API without having to use Delegated Permissions and a real user account.
- Which are one or two concrete situations where this problem hurts the most?
→ When configuring / setting up email integration
- Why is it not solvable with the Zammad standard?
→ The current Zammad standard does not allow for the use of app permissions and insists on delegated permissions
- What is your expectation/what do you want to achieve?
→ My expectation is that I can configure an email integration to Exchange Online via the Graph API purely with App Permissions (Client Credentials oAuth Flow)
If there is any more useful information, feel free to share it all (e.g.: mockup screenshots, if something is UI related, or the API URL/documentation URL for a service you need a connection to).
Access Limitation via App Access Policies in Exchange Online is documented here:
Limiting application permissions to specific Exchange Online mailboxes - Microsoft Graph | Microsoft Learn
Your Zammad environment:
- Average concurrent agent count: 3
- Average tickets a day: 15
- What roles/people are involved: Solution Designer, Project Manager, Key Account Manager, Solution Engineer, CISO
Anything else which you think is useful to understand your use case:
Thank you and have fun.