MacroView Mail requires consent to a number of delegated permissions.
These permissions are requested by two separate app registrations (MacroView Mail and MacroView Office) and are presented in a bundled consent screen the first time a user signs into the app.
Administrators can approve the app for all users in the directory so that individuals do not see the consent prompt.
MacroView Mail (these permissions are required by the client-side app that runs in the task pane):
MacroView Office (these permissions are required by the cloud service running in Azure):
Delegated permissions are those a normal user can consent to without Administrator approval.
These permissions allow MacroView Mail to perform actions on the user’s behalf via both the Microsoft Graph and SharePoint APIs.
The MacroView Mail cloud service is made up of a number of components. These include:
- An Azure Function app
- Storage queues
- Storage tables
- Key Vault
- SQL Azure database
Access tokens are acquired via the service and made available to the client app via an HTTPS endpoint in the function app. These tokens are encrypted and persisted to a storage table in order to avoid prompting the user to sign in each time they use MacroView Mail. The encryption keys are held in Azure Key Vault.
MacroView Mail has been approved by Microsoft after going through the certification process outlined here: Make your solutions available in Microsoft AppSource and within Office
Microsoft has validated MacroView Mail to confirm that it complies with the following policies: Commercial marketplace certification policies
With the MacroView Mail app, no client data – documents, emails or associated metadata - is retained in MacroView servers or Azure instances.
Shared mailboxes
MacroView mail has added support for shared boxes, and in doing so, permissions may be required to be reconsented.
If at any stage there is confusion on whether permissions require to be resubmitted, the Re-authorize application button in Settings can re-establish them.