Is it possible to allow access to EWS such that a service account user, setup with the ApplicationImpersonation role, is able to retrieve metadata for emails but not the actual email body?
I know you can set up the API request such that email body is not included in the property set, but wondered if there is a way to explicitly restrict access to email bodies, either through configurations of EWS or access controls for the impersonating user.
No, there is no per message property security in Exchange server.