< class="prominent-subhead ">

Exchange Online Permission Removal Implications

This article has been archived, and/or refers to legacy products, components or features. The content in this article is offered "as is" and will no longer be updated. Archived content is provided for reference purposes only. This content does not infer that the product, component or feature is supported, or that the product, component or feature will continue to function as described herein.


With the update of the K2 for Office 365 app corresponding to the Appit 1.5 Update 3 release, existing K2 blackpearl customers may be affected by the removal of Exchange Online permissions.

Scenario and Workaround

The scenario is as follows:

  • You have a K2 blackpearl server
  • You use K2 integration with one or more SharePoint Online tenancies
  • You use the Microsoft Online OAuth resource to interact with Exchange Online

If one or more of these facts do not apply to you, you do not need to be concerned about this change. However, if you use the Microsoft Online OAuth resource to interact with Exchange Online, those permissions have been removed as of February 2017 from the K2 for Office 365 app.

To workaround this change, you must create a new OAuth resource based on your own Azure AD app, and use that OAuth resource when interacting with Exchange Online. The following two permissions were requested in previous releases of this app but have been removed as they are not necessary for K2 out-of-the-box functionality.

  • Access mailboxes as the signed-in user via Exchange Web Services
  • Use Exchange Web Services with full access to all mailboxes

For some guidance on creating your own app and OAuth resource, see How To: Restrict K2 for SharePoint to Minimum Permissions