Is it possible to get all email from all mailboxes in MS Exchange?
I have full rights in Azure console for Office365 exchange online.
http://i.stack.imgur.com/DF5n5.png
But when I'm trying make an request to
https://outlook.office365.com/EWS/OData/Users('user#company.onmicrosoft.com')/Inbox/Messages
getting an error "The specified object was not found in the store."
But for logged in admin
https://outlook.office365.com/EWS/OData/Me/Inbox/Messages
https://outlook.office365.com/EWS/OData/Users('admin#company.onmicrosoft.com')/Inbox/Messages
works well.
What should I do, to get access for read mail for all my users in office 365?
The current authorization model for Office 365 Mail, Calendar and Contacts services does not currently expose a permission that would allow your app to query other users' mailboxes.
The REST API consent flow allows you to register a web app that requires Admin consent. Once your web app has been given the global admin consent, it should be able to access information for all users under that tenant.
See the following post for more information:
http://msdn.microsoft.com/EN-US/library/office/dn605895(v=office.15).aspx#ConNavExample_config
Related
I want to send emails using Microsoft Graphs API from a backend service developed in node.js, that has no interactions with the user.
If I understand it correctly from this paragraph, if I use the Get access without user procedure, the administrator will have to give me some rights and then I will have those rights on every user account in the organization. This is not my goal, I only want to have those rights for one specific account, for which I have the login and password.
Is there a way to log in with an office365 account without user interaction?
Thanks :)
No. You need to have the user authenticate in order to obtain the initial access token and refresh token (to refresh your permission to access the account).
I have authenticated with Azure & OAuth to receive an access token. Now I want to read their Outlook emails through a Microsoft Graph endpoint from a native WPF desktop app using c#. However my request to get the emails, of the currently signed in user, fails with a 501 error. The delegated permissions my app has are:
View users' email address
Access user's data anytime
Sign users in
Read user mail
Sign in and read user profile
Here is my network trace.
Now I'm getting a 404 too
Based on the quest, were you authenticate the app with external user for the Azure AD?
If I understood correctly, the Microsoft Graph API only support for the users in the tenant.
In my third-party web application of Office 365, I want to have access to the contacts, events and emails of all the users from the organizations who installed my app.
The thing is I don't want that all these users have to grant me access, I just want one admin of the org to grant access for my app and then be able to retrieve the data I need for all the users.
To test for one organization, I logged in as the admin and proceed to the Oauth2 authentication to retrieve the access token and in the first request (the GET one to retrieve an authorization code) i add the parameter prompt=admin_consent.
With this access token, I can access the data (emails, contact, event) of the admin
for instance for the contacts
uri: https://outlook.office365.com/ews/odata/Users(adminemail)/Contacts
but not the data of the other users of this org with this uri
uri: https://outlook.office365.com/ews/odata/Users(useremail)/Contacts
The only thing I can do is retrieve an access token for each user but it supposed that each user has to authorize the access to the app but it's very cumbersome.
So, i don't see what enables the parameter prompt=admin_consent and how to use it. Does anybody know what it does?
And my question is: how can I do to access the data of all the users of one organization when the access has been granted by one admin?
Thank you!
Thanks for your question! The scenario you are interested in (an app accessing data of all users of an organization once an admin grants access to the list) is not yet supported but is prioritized high on our list of features to add.
[UPDATE] Support for app accessing data of all users in a tenant is supported for Office 365 Mail, Calendar and Contact REST APIs. Please see Building Daemon or Service Apps with Office 365 Mail, Calendar, and Contacts APIs (OAuth2 client credential flow) for more info.
The scenario prompt=admin_consent is intended for, is different from your scenario. Admin consent simply means that the admin allows this app in the organization without the individual user to see the consent screen after signing on to the app. This special "I as the admin provide consent for this app on behalf of all my users" is triggered by the "prompt=admin_consent" parameter that is passed in during the authorize request. However, this doesn't allow the app to get AccessTokens for any user. Each user still has to get the app, sign in, and the app will hit the authorize endpoint and get a Refresh/AccessToken for the signed in user.
Please let me know if you have any questions or need more info.
Thanks,
Venkat
Similar to the question here Accessing Office 365 user mail data with admin authorisation only
Currently i am implementing an application that will access a set of mailboxes on Office365 using a service account.
There is an MSDN blog post announcing oauth support for Office 365 http://blogs.msdn.com/b/exchangedev/archive/2014/03/25/using-oauth2-to-access-calendar-contact-and-mail-api-in-exchange-online-in-office-365.aspx
Can our app use the technique in that link and get authorization from the administrator for the set of mailboxes using the service account for this "group" of mailboxes ?
If you're using OAuth with the new REST APIs, an administrator can consent on behalf of their entire Office 365 organization. They cannot consent only on behalf of a subset of users.
I am currently building a simple web app the flow of which is:
1. Admin user for Office 365 provides auth and signs in
2. App retrieves all mail for all users in the domain
It is possible to do this with Google Apps for business, i.e. retrieve mail for all users with only the admin auth.
How would you go about doing this for Office 365? I am currently encountering this problem using the REST API - Get MS Exchange mail for all group members
Is there another way? EWS? I have to believe it's possible to access mail with an admin auth.
You can do it with impersonation. However, MSDN means how to do it with EWS managed API and SOAP request, but no REST API. If you can use EWS manged API, you should use this. Please refer the MSDN articles for details:
Working with impersonation by using the EWS Managed API.
Using Exchange Impersonation