Samna Documentation

Samna Documentation

General Documentation

Limiting Application Access to Specific Exchange Online Meeting Room Calendars

This guide outlines the steps to configure an application access policy and limit the scope of application permissions in Exchange Online.

Prerequisites

Access to Exchange Online PowerShell

Samna - Exchange Online Meetingroom Connector Enterprise App added to Enterprise Apps

Appropriate permissions to manage application access policies

Steps

1. Connect to Exchange Online PowerShell

Before configuring the application access policy, you need to connect to Exchange Online PowerShell. For detailed instructions, refer to the official documentation on

how to connect to Exchange Online PowerShell⁠

2. Identify Required Information

Before creating the policy, gather the following information:

a. Application (Client) ID:

Navigate to the Microsoft Entra admin center > Enterprise Applications page

Locate and note the application (client) ID for Samna - Exchange Online Meetingroom Connector

b. Mail-Enabled Security Group:

Create a new mail-enabled security group or use an existing one

Add mailboxes you wish for Samna to be able to book and see, typically all room mailboxes in your tenant.d

Note the email address for this group

3. Create an Application Access Policy

Use the following PowerShell command to create a new application access policy:

New-ApplicationAccessPolicy -AppId <ClientID> -PolicyScopeGroupId <GroupEmail> -AccessRight RestrictAccess -Description "<PolicyDescription>"

Replace the placeholders with your specific information:

<ClientID>: The application (client) ID you noted earlier

<GroupEmail>: The email address of the mail-enabled security group

<PolicyDescription>: A description of the policy

4. Test the Application Access Policy

After creating the policy, it's important to test it to ensure it's working as expected. Use the following PowerShell command:

Test-ApplicationAccessPolicy -Identity <UserEmail> -AppId <ClientID>

Replace the placeholders:

<UserEmail>: The email address of a user you want to test the policy against

<ClientID>: The same application (client) ID used when creating the policy

Example:

Test-ApplicationAccessPolicy -Identity user1@contoso.com -AppId e7e4dbfc-046f-4074-9b3b-2ae8f144f59b

The output of this command will indicate whether the app has access to the specified user's mailbox.

Troubleshooting

If the policy isn't working as expected, double-check the application ID and group email address for accuracy.

Ensure that the user you're testing is a member of the specified mail-enabled security group.

Allow some time for the policy to propagate across the Exchange Online environment.

Additional Resources

⁠

Limiting App Permissions in Exchange to specific mailboxes⁠

⁠

Exchange Online PowerShell Documentation⁠

⁠

For further assistance, contact your organization's IT support or Microsoft Support.

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.