How to use the Azure AD Graph API and Microsoft Graph API to update MailboxSettings RRS feed

  • Question

  • Hi all,

    Lets start with my 'end goal'

    #End goal

    My goal is to use the Azure Active Directory app to read and write SMIME certificates to Azure Active Directory so that all users withing the company can use the certificate in Outlook or Exchange Online.

    I don't know for sure if that is possible so that is why I started with 'Getting access to MailboxSettings'. Even that seem to be a bridge to far with the current documentation.

    #8 mile road

    The documentation is absolute crap. Not really Microsoft standards. I am writing a piece of code to update MailboxSettings by using the Microsoft Graph API. At least that was the plan.

    I created an App in Azure, added all the "application permissions" that I could possible think off. Granted permission by Administrator within the Azure Active Directory dashboard.

    Step 1) Getting the access_token by following the client_credentials flow. So far so good. I can access my profile and from other users within the Azure Active Directory.

    Step 2)..............#fatal_error. I found 3 references to MailboxSettings. In Office365 API, ExchangeOnline API and Microsoft Graph API............Okeeeeeeeeeeeee. That makes things a whole lot clearer......#nope

    A) There is no explanation at all that you actually need an Office365 subscription to even use the API.

    B) There is no explanation when and how MailboxSettings are accessible. I discovered that You need to add Office365 subscription to a user to enable Mail.Office365.com access. Then it takes a while before you can even access the account through the API. No explanation whatsoever!

    C) So, now finally I can access the account through the Office365 API. After discovering that you need to request an access_token by changing the scope to "https://outlook.office365.com/.default" or "https://outlook.office.com/.default".

    The image below tells me 'Mail is not part of'

    At this moment I am out of options. Can someone point me in the right direction? To be specific:

    1) What endpoint do I need

    2) What scope is used for what endpoint and/or settings

    3) Where can I find specifics about which direction Microsoft is actually heading? At some pages I read 'Microsoft Graph API' will be the main entry point but then I want access specific data and you get a message "Sorry not supported yet, go to <other api>'.

    4) What resources are accessible with what subscriptions? There is absolutely NOTHING documented about this.

    5) https://docs.microsoft.com/en-us/graph/api/message-get?view=graph-rest-1.0&tabs=http The only actual usefull way of documenting API's. However, its limited to "ME" and there is no endpoint for 'MailboxSettings'. The 'beta' API does have this option. https://docs.microsoft.com/en-us/graph/api/user-get-mailboxsettings?view=graph-rest-beta&tabs=http Hoever, there is no explanation in requirement, subscriptions, whether or not Outlook.com users, Live.com user or only Office365.com users are able to be updated. How can I access this?

    6) Eventhough my app has: 

    Read all users' full profiles

    And I request an access_token by using the "client_credentials" flow with scope set to https://graph.microsoft.com/.default. I can not list the users. I get the message:


      "error": {
        "message""Insufficient privileges to complete the operation.",
        "innerError": {


    #The End

    Hopefully you can help me with these issues! I am writing code in C++ and I use Postman to validate my calls before implementation.

    Tuesday, November 19, 2019 10:47 AM

All replies

  • I'm also very interested.

    Tuesday, November 19, 2019 2:22 PM
  • seems to be a hard question :)
    Wednesday, November 20, 2019 6:18 PM
  • Still no answer to any of my questions. That is just great!

    API endpoint Azure

    Wednesday, November 27, 2019 9:13 AM