Use this file to discover all available pages before exploring further.
Setup
Reference
When to Use This
By default, Microsoft Graph application permissions grant access to all users in your tenant. Use Application Access Policies to restrict Parable’s access to a specific group of users.
This guide walks you through restricting your existing Microsoft 365 integration to only access data from a defined subset of users — such as a specific team or department.
Prerequisite: Complete the standard App Registration setup first. This guide adds restrictions to an existing app registration.
A regular security group won’t work — it must be mail-enabled.
Add the users you want Parable to access as members
2
Connect to Exchange Online PowerShell
Open PowerShell as administrator and run:
# Install the module (first time only)Install-Module -Name ExchangeOnlineManagement# Import and connectImport-Module ExchangeOnlineManagementConnect-ExchangeOnline -UserPrincipalName your-admin@yourdomain.com
3
Create the Application Access Policy
Run this command, replacing the placeholder values:
New-ApplicationAccessPolicy ` -AppId "YOUR_CLIENT_ID" ` -PolicyScopeGroupId "parable-access@yourdomain.com" ` -AccessRight RestrictAccess ` -Description "Restricts Parable to specified user group"
Parameter
Value
-AppId
Your app’s Client ID from Azure
-PolicyScopeGroupId
Email address of your security group
-AccessRight
RestrictAccess (enforces the limitation)
The policy can take up to 30 minutes to become fully active.
4
Verify the Policy
Test access for users inside and outside the group:
# Should return "Granted"Test-ApplicationAccessPolicy ` -Identity included.user@yourdomain.com ` -AppId "YOUR_CLIENT_ID"# Should return "Denied"Test-ApplicationAccessPolicy ` -Identity excluded.user@yourdomain.com ` -AppId "YOUR_CLIENT_ID"
Application Access Policies only affect Application permissions. They tell Microsoft: “Even though this app could access all mailboxes, only allow access to members of this group.”
