Recently, I had a requirement to enhance some of the source code the the mailbox attachment processor, to demonstrate how attachments from Exchange Online could be extracted from a mailbox, instead of using a app registration in Microsoft Entra Id with application policies and explicitly setting MIcrosoft Graph permissions, which of course are now deprecated, I’m now using a managed identity for an Azure VM specifically, to process mail attachments and place these onto file system instead of Azure blob storage. Whilst this was only for demonstration purposes, to explain the concept, I have added some coded artifacts to my GitHub repo here.
That said, Managed Identities do still create an application registration in MIcrosoft Entra Id, but you don’t have top manage the credentials by using a system assigned managed identity and by using Microsoft 365 Exchange RBAC, you essentially do not need to provide the application service principal Microsoft Graph permissions due to the permissions model.
The additional methods to utilise a managed identity are below.
In addition a new PowerShell script to register the application service principal and configure RBAC permissions for the managed identity service principal to access the associated mailbox. This requires enabling Exchange organisation customisation which is also included in the script below.
You will need to update the applicationsettings.json to add a new property called LocalAttachmentDowloadPath and enter the value of the local path you would like to download the attachments into, a local file system folder.
Welcome to Tejinder Rai's blog, Cloud Solutions Architect 