What access rights need for generating the Access Token?

Release : 17.3 and higher
CA Service Desk Manager

Before preparing to generate an access token, please have your Azure admin on standby to assist.

You need to generate an Access Token from the mailbox manually by using Azure Admin account.  The Azure admin needs to login first to generate the access token.

After logging into Azure by using Azure Admin account, to generate the token, you will then be prompted to login a second time.  This second login is intended for the mailbox user account. This is the only way to generate Access Token. 

If you applied RU19 or higher and provide 2 certificates stated on the following documents, the access token will be refreshed (regenerated) automatically based on the specified certificates after it is expired. If correct certificates are not specified, you need to generate the Access Token manually from the mailbox setting, i.e. you need to log into Azure Admin account first, then log into it by using the mailbox user account to generate the token again.

From "Use the Default Mailbox or Create a Mailbox"
--->
Note:
Microsoft Exchange OAuth 2.0 requires 2 certificates. Provide with a space separated value (for example: outlook.cer login_microsoft.cer)
Office 365 certificate
login_microsoft certificate
To generate login_microsoft.cer, open https://login.microsoftonline.com/ in a browser. Click the padlock symbol and export the certificate in Base64 cer format.

216187: Oauth Setup for Maileater