LogicApps: MSGraph API Read Shared Mailbox Only
My goal is to use the msgraph api via logic apps to query a shared mailbox and return the result for a keyword in the subject line.
Above is what i currently have written.
I would like to know if this query is correct.
What is the least privileged role i can give to an auth app registration or managed identity to achieve this task. ideally i dont want to give this app reg / identity permission to read anything other than the mailbox specified.
verify query:
https://graph.microsoft.com/v1.0/users/@{items('For_each_5')}/messages?$filter=from/emailAddress/address eq 'sharedmailbox@example.com.au' and toRecipients/any(r:r/emailAddress/address eq '@{items('For_each_5')}') and contains(subject, 'keyword')&$select=subject,from,toRecipients,receivedDateTime,bodyPreview
I think that toRecipients is not supported when using $filter. I would prefer to use $search. The query will be more readable
https://graph.microsoft.com/v1.0/users/@{items('For_each_5')}/messages?$search="from:sharedmailbox@example.com.au and to:@{items('For_each_5')} and subject:keyword"&$select=subject,from,toRecipients,receivedDateTime,bodyPreview
The managed identity needs Mail.Read application permission, but you can limit access to specific mailboxes.
https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access?view=graph-rest-1.0
- How to access response header in Graph v5.0 SDK?
- Unable to call Graph API using an on-behalf-of flow from ASP.NET Core Web API
- Access Microsoft Todo List via Rest API
- SharePoint REST API returns invalidRequest apiNotFound when registering Container Type
- Microsoft Graph User last modified field
- How can I call the /servicePrincipals(appId='{appId}') endpoint using the Microsoft Graph .NET SDK?
- Getting two acces tokens using single login prompt for sharpoint api and graph api
- Change the content of a powerpoint using MS add-ins
- InefficientFilter error on Microsoft Graph requests which were previously working
- Download raw content of email attachment using Microsoft Graph SDK
- How to retrieve sensitivity labels associated with user using API or .NET?
- Using MS Graph Api to create Group matching suffix requirements
- Getting OrganizationFromTenantGuidNotFound error microsoft graph api for sendEmail
- Read 'Attribute & Claims' from SAML Entra application configuration using PowerShell
- How to format Graph API call to update Excel cell?
- How does Delegated OnlineMeetingRecording.Read.All work?
- How to use the exachangeId in the meetingReference attachment of chatMessageAttachment
- Get domain\username from microsoft graph
- Executing POST request for Microsoft Graph API to add members to an AD group
- I want to download the content of a DriveItem , how do I get the driveItem's Id?
- obtain item-id for microsoft graph api
- MS Graph API - Get PIM group request approval details
- Can we create a meeting with automated recording set to true in multi tenant azure app. It should be recorded even if the organizer in not present
- Microsoft Graph API 5.x Upgrade Results in Insufficient Access Privilege Error
- How to format characters in Excel using Graph? (not all characters in cell)
- The navigation bind for the user was missing when creating Team using micorsoft graph api
- Microsoft Graph - Getting data from a SharePoint List
- .net GraphServiceClient send email - code sample doesn't work anymore
- Migrating code from MSGraph V5.6 to MSGraph V6 in java
- MSAL.NET OBO refresh token problems