Quicklaunch reads and updates a variety of calendar and profile information.  The list below itemizes the information accessed and if it can be disabled in Quicklaunch settings.  This applies to all access mechanisms: Exchange Web Services (EWS), Graph API or Google API.


Type of InformationCan be disabled in Quicklaunch?Type of Access
Name, email and photo of meeting organizershow organizer image can be disabledread
Calendar items for the room account or change user (details, attendees, organizer, start time), attachmentsdetails & subject can be disabledread
Add the room account to the calendar item (in change user, add the room to the meeting)
add
Send email using the room account or change user accountSend emails can be disabledcall
Update organizer's calendar with add participantsAdd participant can be disabledupdate
Update organizer's calendar when meeting is extendedImpersonation can disabled update
Create a new calendar item in room account/user account with book roomBook room can be disabledadd
Remove room account calendar item for meeting check inMeeting Check in can be disableddelete



Graph API Specific Permissions


PermissionSpecific UseType of AccessCan be restricted
Read and write calendar in all mailboxes (application)In order to access the room account calendar in Graph API we need this permission. read and update It can be restricted through policies to a limited group of accounts.
Send mail as a user (delegated)During change user to send email on behalf of the logged in user or to send email as the room accountcallCan be removed by using a Graph Customer Secret/Certificate and does not use change user
Read all users basic profiles (delegated)Get meeting organizer information for change userreadCan be removed by using a Graph Customer Secret/Certificate and does not use change user
Full Access to Users Calendars (delegated)

Gain access to the signed in user calendar with change userread and updateCan be removed by using a Graph Customer Secret/Certificate and does not use change user
Sign in and read user profile (delgated)Read profile of signed in changed userreadCan be removed by using a Graph Customer Secret/Certificate and does not use change user
Read all user's profiles (application)Get meeting organizer information. read It can be restricted through policies to a limited group of accounts.
Send mail as any user (application)Send email on behalf of the room account. call It can be restricted through policies to a limited group of accounts.



So setup polices or your own customer secret/certificate see the following page: Setting up Graph API