This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 14.000000000000002%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJT%3C/text%3E%3C/svg%3E)
A distribution group email address is a virtual email address used for delivering emails to the entire group of specific users. I'd like to use it for the "From" field, so the recipient could simply reply and all group members would receive the response. We do this regularly in Outlook and I'd like to automate this via API.
While Copilot insists it is possible, our IT admins deny this claim (To send emails using Microsoft Graph, the mailbox needs to be licensed. Unlicensed mailboxes, such as those without an Office 365 or Exchange Online subscription, cannot use the sendMail functionality). My idea was to create a client App with client_credentials authentication and Mail.Send permissions.
Can anybody confirm there is really no way to achieve this using MS Graph API?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 9%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETC%3C/text%3E%3C/svg%3E)
Hi @Jan Tošovský,
Welcome to the Microsoft Q&A platform!
I think your idea works. Microsoft Graph permissions and Mailbox permissions are enough, Mail.Send.Shared permission ensures the permission to send the message, on behalf of the sender and the proxy sender determines the result of the sender.
https://learn.microsoft.com/en-us/graph/outlook-send-mail-from-other-user#permissions
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
If you need further help, please feel free to reply this post directly so we will be notified to follow it up. Just checking in to see if above information was helpful. Please let us know if you would like further assistance.
Hi @Anonymous
I can confirm my client App can send emails on behalf of shared mailboxes or regular users (specified as direct members of the app).
But I am unable to send emails on behalf of the distribution group:
{"error":{"code":"ErrorInvalidUser","message":"The requested user '******@server.com' is invalid."}}
Our admins tried to assign special permissions to this group address using App ID as Trustee:
Get-RecipientPermission -Identity "******@server.com" -Trustee "d45b628c-67c8-4df7-9ef4-e2f2cf8453cf" -AccessRights SendAs
but this fails: "User or group "d45b628c-67c8-4df7-9ef4-e2f2cf8453cf" wasn't found.
Btw, Mail.Send.Shared permission is only available for delegated authentication whereas I need application permission because the app will run as a daemon.
Try using the service Object ID, if it still doesn't work. Consider configuring a communication group as the forwarding address for this mailbox.