Good Morning, Evening Everyone,
Been reading the latest documentation on authenticating an EWS application using OAuth (https://docs.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-authenticate-an-ews-application-by-using-oauth) ... which is all good.
But one thing that has thrown me is, in the article it references using
{
"resourceAppId": "00000002-0000-0ff1-ce00-000000000000",
"resourceAccess": [
{
"id": "3b5f3d61-589b-4a3c-a359-5dd4b5ee5bd5",
"type": "Scope"
}
]
}
As the requiredResourceAccess (API Permission) which goes ahead and adds:

Which again, is all good ... But I also noticed that the EWS.AccessAsUser.All permissions was available for the Microsoft.Graph API also.

Does it really make a difference which one you use? I've used the same code sample from that article and it works just fine against the Microsoft.Graph API version (I know were requesting scope as part of that sample: var ewsScopes = new string[] { "https://outlook.office365.com/EWS.AccessAsUser.All" }; but it seems to be accepted ok when I granted admin consent against the Microsoft.Graph version of EWS.AccessAsUser.All (Note we dont allow any user consent so did approval via Azure AD portal as part of registration, failed if i didnt do this suggesting it is accepting the Microsoft.Graph API version)
Anyone able to clarify either the difference or concerns of using one over the other? As i had assumed the Office 365 Exchange Online API was due for retiring next year hence having to add via the manifest directly. Where as when searching under the Microsoft.Graph API i can find EWS.AccessAsUser.All anyway.