After you have registered the app in Azure, created a client secret, and granted API permissions, your next step is to connect to Microsoft Exchange Online and install the module that enables Exchange to apply the mail-enabled security group membership to the iManage Work for Outlook application. This will limit the app access to only the mailboxes that have been added to the security group.

This section provides the details for applying mail-enabled security group membership through role-based access control for applications.

Using role-based access control for applications

Historically, the application access policy setup process has had significant performance limitations. Whether you're creating a new setup or changing members in mail-enabled security groups, there are significant delays from a few hours to a few days before a change takes affect.

Per Microsoft, the solution is to set up application access policies using role-based application access control (RBAC). For more information, refer to https://learn.microsoft.com/en-us/exchange/permissions-exo/application-rbac#why-does-my-application-still-have-access-to-mailboxes-that-arent-granted-using-rbac.

Follow these steps to apply the mail-enabled security group membership using Microsoft PowerShell.

1. Open PowerShell as an administrator.

2. At the PowerShell prompt, enter Install-Module -Name ExchangeOnlineManagement.

3. At the PowerShell prompt, enter Connect-ExchangeOnline -UserPrincipalName <admin-user>, where:

   admin-user: This is the email address the administrator used to sign in to Microsoft Azure.

   1. At the Microsoft password prompt, enter the password the administrator used to sign in to Microsoft Azure.

   2. In the Automatically sign in dialog, select Yes, all apps.

   3. In the Account access confirmation dialog, select Done.

The next step is to create the service principal for the iManage Work for Outlook app.