Share via

SMTP permissions

Glenn Maxwell 11,496 Reputation points
2024-09-09T05:01:08.95+00:00

Hi All,

I am using an Exchange 2016 Hybrid environment. One of my users wants to send emails to DLs using a Python script. I don't want the user to use Office365 SMTP relay due to basic authentication concerns, so I have recommended using an Azure Service Principal(Azure App Registration) instead.

I have created a client id(Azure App Registration) for the user. Will the following Microsoft Graph permissions be sufficient: SMTP.Send and User.Read? Also, are the offline_access and IMAP.AccessAsUser.All permissions required?

Please guide me if any other permissions are necessary..

graphpermissions

Microsoft Exchange Online
Azure Managed Applications
Azure Managed Applications
An Azure service that enables managed service providers, independent software vendors, and enterprise IT teams to deliver turnkey solutions through the Azure Marketplace or service catalog.
148 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,273 questions
Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,578 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,669 questions
0 comments
Accepted answer
  1. CarlZhao-MSFT 42,526 Reputation points
    2024-09-09T07:34:10.78+00:00

    Hi @Glenn Maxwell

    If you are using a service principal instead of a logged-in user to send emails, delegated permissions will not apply. Delegated permissions are for delegated contexts, not app-only contexts.

    When sending emails using the Microsoft Graph Mail API, you only need to grant the Mail.Send application permission to the calling app (service principal). Don't forget to grant admin consent for this permission.

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Hitesh Pachipulusu - MSFT 3,000 Reputation points Microsoft Vendor
    2024-09-09T08:52:58.44+00:00

    Hello Glenn Maxwell,

    Thank you for reaching out to Microsoft Support!

    To send an email using the Microsoft Graph API, you can follow these steps:

    1. Create the Request:
      • Endpoint: POST https://graph.microsoft.com/v1.0/users/user-id/sendMail
      • Headers: Authorization: Bearer {token} Content-Type: application/json
      • Required Scopes - Please use Application permissions ("Mail.Send").
      • Body: Construct the email message in JSON format. Here’s an example: 
             {
       "message": {
         "subject": "Meet for lunch?",
         "body": {
           "contentType": "Text",
           "content": "The new cafeteria is open."
         },
         "toRecipients": [
           {
             "emailAddress": {
               "address": "example@example.com"
             }
           }
         ]
       },
       "saveToSentItems": "true"
     }
    2. Check the Response: A successful request will return a 202 Accepted status code.

    Please check documentation.

    image (21)

    By following above steps, you can send mail using Microsoft Graph API.

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.