I'm working on migrating my EWS app from basic auth to OAuth (app-only authentication).
I created my app in Azure AD and everything works fine.
My only issue is that i don't want my app to have access to e-mails, contacts, etc... I only want to read calendar.
I tried removing "full_access_as_app" and adding "Calendar.Read" permission but i get "401 Unauthorized".
Do you have any solution ?
Thanks
You can't do that with EWS it only supports Full mailbox access via App or Delegate permissions. You can scope the permission so it only has access to certain mailbox using Application polices https://techcommunity.microsoft.com/t5/exchange-team-blog/application-access-policy-support-in-ews/ba-p/2110361. If you want to limit access to just the calendar only then you need to migrate your app to using the Microsoft Graph that supports more constrained authentication.
