The CRM Connector SE typically requires full access permissions to function correctly. However, there might be scenarios where organizations would want to limit these permissions for various reasons. This article explains how you can restrict these permissions while still allowing some functionality of the connector.
Restricting App Permissions
By default, the Azure App requires the "full_access_as_app" permission as outlined in the official documentation.
While this permission is required for full functionality, it can be restricted further using the Application Access Policy in ExchangePowerShell. More details can be found in the ExchangePowerShell documentation.
It's crucial to understand that while you can restrict the access, doing so might limit the functionality of the connector. It is advisable to test thoroughly after making any changes.
Before restricting any permissions, consult the Configuration of users documentation.
Always perform tests in a non-production setting first to ensure the restrictions don't adversely affect the connector's performance.