I want to create custom folders for all users automatically. "New-MailboxFolder" cmdlet, unfortunately, according to documentation is limited to be used “in your own mailbox” only. So, I use "Create MailFolder" Graph API.
I get "Access denied"
Permissions have been granted.
What else should I do to make this work?
BTW, "/me/mailFolders" works perfectly well, but I need create for other users.
As I mentioned in comments, you can only perform actions on signed-in user's mailbox as Graph Explorer works on Delegated type permissions.
Initially, I too got same error when I tried to create custom mail folder in user other than signed-in user via Graph Explorer like this:
POST https://graph.microsoft.com/v1.0/users/username@xxxxxxx.onmicrosoft.com/mailFolders
"displayName": "Clutter",
"isHidden": true
When I tried to do the same in signed-in user's mailbox with /me
endpoint, it worked and created custom mail folder successfully:
POST https://graph.microsoft.com/v1.0/me/mailFolders
"displayName": "Clutter",
"isHidden": true
If your requirement is to create custom folders for all users' mailboxes, generate token in application context using client credentials flow by granting permissions of Application type.
Initially, register an application and add Mail.ReadWrite
permission of Application type with admin consent like this:
Now, generate access token using client credentials flow with below parameters:
POST https://login.microsoftonline.com/tenantID/oauth2/v2.0/token
client_id: appID
client_secret: secretValue
scope: https://graph.microsoft.com/.default
You can now use this token to make below Microsoft Graph API call for creating custom mail folder in any user's mailbox:
POST https://graph.microsoft.com/v1.0/users/username@xxxxxxx.onmicrosoft.com/mailFolders
"displayName": "Clutter",
"isHidden": true
Alternatively, you can refer below Microsoft Graph PowerShell script to create custom mail folders for all user's mailboxes in batch:
#Install-Module -Name Microsoft.Graph -Scope CurrentUser
#Import-Module Microsoft.Graph.Mail
$tenantID = "your-tenant-id"
$appID = "your-app-id"
$secretValue = "your-client-secret"
$ClientSecretPass = ConvertTo-SecureString -String $secretValue -AsPlainText -Force
$ClientSecretCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $appID, $ClientSecretPass
Connect-MgGraph -TenantId $tenantID -ClientId $appID -ClientSecret $secretValue
$folderParams = @{
displayName = "Clutter"
isHidden = $true
$users = Get-MgUser -All
foreach ($user in $users) {
$userId = $user.Id
Write-Output "Creating folder for user: $($user.UserPrincipalName)"
try {
New-MgUserMailFolder -UserId $userId -BodyParameter $folderParams
Write-Output "Folder created successfully for $($user.UserPrincipalName)"
} catch {
Write-Output "Failed to create folder for $($user.UserPrincipalName): $_"