Gallery
samna
Samna Documentation
Share
Explore
samna
Samna Documentation
General Documentation

icon picker
Limiting Application Access to Specific Exchange Online Meeting Room Calendars

This guide outlines the steps to configure an application access policy and limit the scope of application permissions in Exchange Online.

Prerequisites

Access to Exchange Online PowerShell
Samna - Exchange Online Meetingroom Connector Enterprise App added to Enterprise Apps
Appropriate permissions to manage application access policies

Steps

1. Connect to Exchange Online PowerShell

Before configuring the application access policy, you need to connect to Exchange Online PowerShell. For detailed instructions, refer to the official documentation on .

2. Identify Required Information

Before creating the policy, gather the following information:
a. Application (Client) ID:
Navigate to the Microsoft Entra admin center > Enterprise Applications page
Locate and note the application (client) ID for Samna - Exchange Online Meetingroom Connector
b. Mail-Enabled Security Group:
Create a new mail-enabled security group or use an existing one
Add mailboxes you wish for Samna to be able to book and see, typically all room mailboxes in your tenant.d
Note the email address for this group

3. Create an Application Access Policy

Use the following PowerShell command to create a new application access policy:
New-ApplicationAccessPolicy -AppId <ClientID> -PolicyScopeGroupId <GroupEmail> -AccessRight RestrictAccess -Description "<PolicyDescription>"
Replace the placeholders with your specific information:
<ClientID>: The application (client) ID you noted earlier
<GroupEmail>: The email address of the mail-enabled security group
<PolicyDescription>: A description of the policy

4. Test the Application Access Policy

After creating the policy, it's important to test it to ensure it's working as expected. Use the following PowerShell command:
Test-ApplicationAccessPolicy -Identity <UserEmail> -AppId <ClientID>
Replace the placeholders:
<UserEmail>: The email address of a user you want to test the policy against
<ClientID>: The same application (client) ID used when creating the policy
Example:
Test-ApplicationAccessPolicy -Identity user1@contoso.com -AppId e7e4dbfc-046f-4074-9b3b-2ae8f144f59b
The output of this command will indicate whether the app has access to the specified user's mailbox.

Troubleshooting

If the policy isn't working as expected, double-check the application ID and group email address for accuracy.
Ensure that the user you're testing is a member of the specified mail-enabled security group.
Allow some time for the policy to propagate across the Exchange Online environment.

Additional Resources

For further assistance, contact your organization's IT support or Microsoft Support.
Share
 
Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.