Add the Exchange Online API permission to an existing AAD connection
This article applies if you have an existing Azure Active Directory connection in Settings -> Active Directory and you wish to be able to identify shared mailboxes. By default, shared mailboxes synchronised from Azure Active Directory (AAD) are identified as standard users (
objectClass=user) which means they are subject to billing. To exclude shared mailboxes from billing, you must grant the existing USS AzureAD application access to the Office 365 Exchange Online API.
To grant the permission:
- Sign in to Azure Active Directory
- Click All Services and then Enterprise applications. Use the search box to quickly find the section.
- Locate or search for USS in the list of applications and locate USS AzureAD. Click the entry.
- Under the Security side menu, click Permissions.
- Click the Grant admin consent for Censornet Ltd button underneath the paragraph of text.
- Follow the prompts to approve access to the Office 365 Exchange Online API (Manage Exchange As Application) permission
- Click Accept
- The Office 365 Exchange Online permission should now appear in the Admin Consent tab
- Follow this article to add the necessary Security Reader permission to complete the process.