Add the possibility to specify authorizations on email fields more precisely
Currently, you can specify Read.all. That gives you access to everything in the email. For a company admin, it opens all the content you might not need. For B2B apps, companies have sensitive content and security policies, : it would be great to be able to specify sub-parameters for Read.all, listing fields you ask for access and those you won't.
Clear example : Read.all / everything BUT body --> the company admin is sure that with this scope, the app can't access sensitive data .
We have just started this in this months sprint. The new permission will be Mail.ReadBasic and will allow you to access mail messages without access to the body or their attachments.
There is further investigation into whether we can provide more granular permission scopes where developers can request specific properties they want access to.