Retirement of RBAC Application Impersonation in Exchange Online
Moving ahead, Microsoft has announced the retirement of the ApplicationImpersonation Role Based Access Control (RBAC) role in Exchange Online. The company has decided to retire the feature set starting from May 2024 and plans to remove the role from Exchange Online in February 2025. This RBAC role is commonly used with Exchange Web Services (EWS) to enable one-to-many mailbox access.
This change will require all apps to have an App Registration using Application permissions (not Delegated), and secure credential for access, rather than simply assigning the ApplicationImpersonation (RBAC) role to accounts. However, apps granted full_access_as_app Application permission will provide an equivalent level of mailbox access as the ApplicationImpersonation RBAC role.
Microsoft suggests reviewing current configurations and making the necessary changes to minimize impact. For more information, refer to the Retirement of RBAC Application Impersonation in Exchange Online document.
This announcement was made in a message to inform users who are receiving this message about the change.
The post Retirement of RBAC Application Impersonation in Exchange Online originally appeared on M365 Admin.
Published on:
Learn more
Related posts
Retirement of Exchange Web Services in Exchange Online
Today, we are announcing that on October 1, 2026, we will start blocking EWS requests from non-Microsoft apps to Exchange Online. The post Ret...
ExO RBAC improvements #1: Limiting application access
This post sheds light on the first of many upcoming improvements related to role-based access control (RBAC) in ExO (Exchange Online). ExO (Ex...
ExO RBAC improvements #3: Limiting access in CBA scenarios
If you are using Certificate-based authentication (CBA) for Exchange Online PowerShell, then this post highlights some RBAC improvements to li...
Restricted access to Microsoft Teams data via Exchange Web Services
If your organization leverages Exchange Web Services (EWS) to access Teams message data, you'll want to pay attention to this update from Micr...
Updated version of the mailbox folder permissions inventory script
Here is an update on the mailbox folder permissions inventory script, which has been enhanced to utilize the "V2" Exchange Online PowerShell m...
Send as alias for a Shared mailbox in Exchange Online
If you're managing a shared mailbox in Exchange Online and are looking to send emails from a particular alias, you're in luck! In this post, w...
More on service principal permissions in Exchange Online
In this article, the author delves deeper into the topic of service principal object permissions in Exchange Online. While a previous article ...
Updated version of the mailbox permissions inventory script
Stay up-to-date with the latest version of the mailbox permissions inventory script by reading this informative post. The script has undergone...
Improved handling of Mailbox permissions in Exchange Online
Get ready for some improvements when it comes to handling mailbox permissions in Exchange Online. Some new parameters have been made available...