I have application which uses EWS with basic authentication. As mentioned here. I'm trying to get away from basic authentication and use OAuth.
I want to know if it is mandatory to have full_access_as_app or I would be able to send emails if only Mail.Send permission is granted in azure?
Note : My application just wants to send email. Right now I'm getting 401 error and azure have only Mail.Send permission
Yes it is, EWS is a legacy API so doesn't support the more constrained permission that the Graph supports. If your app only sends email why not just migrate it to the Graph the Auth will be same and its really just one API call to send an email and you app will be a lot more secure.