Outlook interview scheduling - M365 Mail.ReadWrite...

delacourt_l · ‎2024 Aug 14

Hi, we are currently implementing the Outlook interview scheduling integration from SAP SuccessFactors Recruiting. This requires our Azure/M365 to give the following permissions to the application

- Mail.ReadWrite

- Mail.Send

We can find the following information from SuccessFactors on why these permissions are needed:

Mail.ReadWrite	To create an upload session to attach documents to calendar events if the size of the document is greater than 3 MB	POST https://graph.microsoft.com/v1.0/users/{id \| userPrincipalName}/events/{id}/attachments/createUploadSession	Attachments of the application and email templates	Meeting ID User principle name
Mail.Send	To forward an event message using JSON format or MIME content	POST https://graph.microsoft.com/v1.0/users/{id \| userPrincipalName}/messages/{id}/forward	Content of the event message	User principle name

However, our security team wants to know if this permission is only applicable for our service account user, or for all users in our organization. If the second, how can we limit this?

JonasBrtschi · ‎2024 Aug 19

HI @delacourt_l

I'm not a Recriuting Expert but we have an integration between SF LMS and MS Teams.

Find more information here: Microsoft Graph permissions reference - Microsoft Graph | Microsoft Learn

You'll need to involve the responsible Microsoft Administrators of your organization.

In my understanding only the Recruiting administrators, who schedule candidate interviews, will trigger the two mentioned API to send out the e-mails and interview meeting requests to the candidates. No user without permissions for Recruiting will have the possibility to trigger these API (because the API integration is "protected" by the Client Secret).

I hope this helps.

Good Luck and KR Jonas

Outlook interview scheduling - M365 Mail.ReadWrite & Mail.Send permission

Know the answer?

Need more details?

Accepted Solutions (0)

Answers (1)

Answers (1)