LogicApps: MSGraph API Read Shared Mailbox Only
My goal is to use the msgraph api via logic apps to query a shared mailbox and return the result for a keyword in the subject line.
Above is what i currently have written.
I would like to know if this query is correct.
What is the least privileged role i can give to an auth app registration or managed identity to achieve this task. ideally i dont want to give this app reg / identity permission to read anything other than the mailbox specified.
verify query:
https://graph.microsoft.com/v1.0/users/@{items('For_each_5')}/messages?$filter=from/emailAddress/address eq 'sharedmailbox@example.com.au' and toRecipients/any(r:r/emailAddress/address eq '@{items('For_each_5')}') and contains(subject, 'keyword')&$select=subject,from,toRecipients,receivedDateTime,bodyPreview
I think that toRecipients is not supported when using $filter. I would prefer to use $search. The query will be more readable
https://graph.microsoft.com/v1.0/users/@{items('For_each_5')}/messages?$search="from:sharedmailbox@example.com.au and to:@{items('For_each_5')} and subject:keyword"&$select=subject,from,toRecipients,receivedDateTime,bodyPreview
The managed identity needs Mail.Read application permission, but you can limit access to specific mailboxes.
https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access?view=graph-rest-1.0
- How to embed Image inline in Email Body using Microsoft Graph
- C# Graph api SDK V5 - Add User to multiple Groups
- How to create chart in power apps which shows number of post done by team member in teams channel?
- Why must "force_change_password_next_sign_in" be set to false for MS External ID Local Accounts?
- Ordering Microsoft Graph API Messages by hasAttachments with External Email Filters Causes "InefficientFilter" Error
- MS Graph Subscription for Event Grid is failing with 400 Invalid Request
- Implementing SSO for Azure AD B2C
- Implementing Microsoft SSO with passport-azure-ad and without msal
- S/MIME Email Sent via Python and Microsoft Graph Works in Gmail but Not in Outlook
- File upload to SharePoint is not working and is not throwing any errors
- Is it possible to manually construct a skiptoken to paginate search results in Microsoft Graph API?
- How to setup Microsoft authentication in a django based project
- Graph JSON response seldom contains raw HTML
- Microsoft Graph API: How to get url for Task in Planner?
- How to Use MS Graph Beta API for Recalling Sent Emails?
- Java - ODataError "The mailbox is either inactive, soft-deleted, or is hosted on-premise."
- How to subscribe to updates to the root drive of a SharePoint Site using Microsoft Graph
- How to assign Entra user User.Read.All and Group.Read.All from Graph Explorer
- How to create event by MS Graph with room as location?
- GraphServiceClient filter issue
- Read 'Attribute & Claims' from SAML Entra application configuration using PowerShell
- Upload drive files via MS Graph API
- how to list ExternalItems from a graph-connector
- Retrieve all Users from all Groups?
- Microsoft Graph SDK v5.61 : Ordering Mail List by Size
- How to access response header in Graph v5.0 SDK?
- Attempting to set DisableCustomAppAuthentication to false for Azure not working from Powershell
- Unable to call Graph API using an on-behalf-of flow from ASP.NET Core Web API
- Access Microsoft Todo List via Rest API
- SharePoint REST API returns invalidRequest apiNotFound when registering Container Type