MS365 Outlook VBO - limit the authority to access mailbox

HongJooChoi · ‎09-08-23

Hi, Community

While testing the MS365 Outlook VBO, I found that the VBO can fetch emails from anyone's inbox, which means, the bot can fetch emails from anyone's account depending on the setting of "Mailbox ID" parameter in "List Mail in Folder" action. In principle, it seems the VBO enables unlimited access to mailbox of any account.

Would it be fine from security perspective? or

Is there any way that the bot can have the limited authority to fetch emails only from designated account's inbox, e.g., bot@blueprism.com ?

Best regards

------------------------------
HongJoo Choi
------------------------------

ewilson · ‎17-08-23

@HongJooChoi

Are you using an Application token or a Delegated token for your authentication. If you are using an Application level token, you will have access to multiple mailboxes as it's essentially a backend machine-level permission. If you want to limit the DW, they'll need to use a Delegated access token which will limit them to that specific user email box.

Cheers,

------------------------------
Eric Wilson
Director, Integrations and Enablement
Blue Prism Digital Exchange
------------------------------

SS&C Blue Prism Community

MS365 Outlook VBO - limit the authority to access mailbox