We use Zammad in combination with Microsoft Graph API to read a mailbox (as documented on Accounts — Zammad Admin Documentation documentation ).
Our security people are not very happy about the way Zammad works. Today it works with delegated permissions and an account is needed to connect to a mailbox to Zammad. In case of a shared mailbox the Zammad also asks the permissions to read the mailbox of the original owner (not just the shared mailbox).
Our security people ask if it would be possible to use application permissions instead. This means only a client id and client secret need to be set up. The application would be assigned RBAC in Exchange online ( Role Based Access Control for Applications in Exchange Online | Microsoft Learn ). This means the application itself doesn’t need to have any interactive usually permissions anymore.
It would also drop the requirement that a user needs an interactive login to set up the application in Zammad. This would be a major improvement in security and make it easy to set up from the administrative side of view.