Hi there
We have developed a daemon service in Azure Functions that has no GUI or user interaction. Currently the app uses client credential flow and has application permissions Mail.ReadWrite.All for graph.microsoft.com (read/write all users mailboxes). The permission has been granted by a global admin and everything works as expected.
However, we don't really want the app to have full access to all mailboxes since it is only supposed to monitor a single (shared) mailbox.
Is it, in some way, possible to restrict the access without requiring someone to login as the shared mailbox user?