Skip to main content
Version: 1.0.0

How to restrict EasyLife 365 Identity App permissions to a shared mailbox

The EasyLife 365 Identity has permissions to send mails from any mailbox in your tenant. We recommend you follow the steps outlined below to limit the EasyLife Entra ID's access to one shared mailbox.

warning

After implementing this policy, the EasyLife 365 Identity will no longer be able to access any mailbox that is not a member of the distribution group. This means EasyLife 365 Identity will not be able to get the user's PreferredLanguage settings and the corresponding option in the notifications section will have no effect."

Prerequisites

As a prerequisite we will need the application Id of the EasyLife 365 Identity Entra ID app, and a distribution group.

Application IdDescription
3875caf5-a910-45b4-91d0-f3058221c8b1EasyLife 365 Identity

Create a new mail-enabled security group in Exchange Online. Add the shared mailbox as a member to the group.

Make a note of the primary email address of the group.

Create an application access policy

Connect to Exchange Online PowerShell using an administrative account. You can use the ExchangeOnlineManagement PowerShell module for that:

Connect-ExchangeOnline

Create one application access policy using the following command. Replace the PolicyScopeGroupId, and Description parameters. PolicyScopeGroupId must contain the primary email address of the distribution group created before. Also replace the AppId with the Application Id Listed above:

New-ApplicationAccessPolicy -AppId EasyLifeApplicationId `
-PolicyScopeGroupId "EasyLifeIdentityAPI@easylife365.cloud" `
-AccessRight RestrictAccess `
-Description "Restrict EasyLife 365 Identity to members of distribution group EasyLife Identity API."

Test the newly created application access policies using the following commands. Replace the Identity parameter accordingly:

Test-ApplicationAccessPolicy -Identity "EasyLifeIdentityAPI@easylife365.cloud" -AppId EasyLifeApplicationId

The output of the above commands indicates whether or not the application Id has access to the specified mailbox.

How do you know this worked?

  • In the EasyLife 365 Admin go to Settings and select Notifications on the left side.
  • In the text box below Sender Email, enter the email address of the desired mailbox.
  • Click Test
  • We will send you a test email to your account
  • Click Save changes