Mailbox errors: The HTTP request was forbidden with client authentication scheme 'Anonymous'.

[Polina]

Hi Karsten,

Yes, if you edit your existing organization and select to 'Grant permissions automatically' or add a new organization in an automated manner, they will be added to the app.

[mkevenaar]

Hi Polina,

I have updated to 8.5.0.1014, and the permissions have not been updated when updating the existing Microsoft Entra ID application or when registering a new application. The checkbox "Grant the required permissions to this application and register its certificate in Microsoft Entra ID" has been checked.

This has been tested on two (2) different installations, both on 8.5.

Am I doing something wrong?

[Polina]

Hi Maurice,

No, you're not doing anything wrong — this is a product behavior, not a configuration mistake on your end. And I need to correct what I said earlier: automatic permission granting does not currently update permissions. My earlier statement was inaccurate, and I apologize for the confusion.
Until the next patch, the reliable path is still to manually update the application's permissions in Microsoft Entra ID.

Thanks for your patience and for the detailed repro.