ApplicationImpersonation Role

This management role enables applications to impersonate users in order to perform tasks on behalf of the user. Cloud App Security uses ApplicationImpersonation to perform message scanning on individual mailboxes. ApplicationImpersonation is one of several built-in roles in the Role Based Access Control (RBAC) permissions model in Microsoft Exchange Online.