This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 55.00000000000001%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Hi,
I am writing a powershell script using Microsoft graph to get the count of unread emails from the mailbox. I have given the applications permissions for my script to retrieve the count of unread email from the mailbox.
As I have given mail.ReadAll application permission to my script, it can access all the users mailboxes in my organization, however I want to restrict microsoft graph to one specific mailbox only, so it can access the mailbox of that user, but can't access any other users mailbox.
How can I achieve this restriction using Microsoft graph with powershell script?
Any pointers or help is appreaciated.
Use Application access policies: https://practical365.com/application-access-policies-in-exchange-online/
Hi @Vasil Michev ,
I have one more query regarding Microsoft graph.
Can we use serviceaccount to retrieve the Microsoft O365 resources using Microsoft graph, instead of using any specific user's mailbox account ?
Could you please share if this is possible and how to achieve this?
Thank you.
That's what application permissions are for, your code will run in the context of a service principal, not user.
@Vasil Michev One more query popped up in my mind.
"Mail.ReadAll" application permission, as the name suggests it reads mails from all the mailboxes in the tenant.
So it covers individual user mailboxes as well as shared mailbox, is this correct?
Please confirm
Thank you.
Yes, it covers shared mailboxes as well.