Forum Discussion
403 error sending email in Exchange online using Graph API
I am implementing an Azure Function App to notify logged in users before their Azure virtual machine is shut down. (Github repository is here https://github.com/fortytwoservices/AVD-Shutdown) I have the function app partially working up to the point of sending the e-mail. It gets the list of host pools and logged in users in the host pool. It obtains the Graph API access token as well. When the ttps://graph.microsoft.com/v1.0/users/$([mailsender])/sendMail executes it returns a 403 (Forbidden). I am using the application id security and not delegated security.
Here are the setup specifics:
The app has User.ReadBasic.All
The service principal is set up in Exchange
I set up a management scope to restrict sending to this one mailbox
And assigned the role to the service principal
I am obviously missing something here. Any pointers would be appreciated.
Eric
4 Replies
Thanks. I used Add-RecipientPermission to add SendAs permissions to the mailbox for the App service principal and am still getting the 403. Is there something else I should be doing?
I also verified the permissions in the EAC.
Thanks.
I suppose I wasn't clear with my previous reply. I mean you need to add the Mail.Send permissions on the Graph API side of things.
The permission needs to be stamped on the service principal as well, you are using the Graph's sendMail method so Exchange permissions on their own are not sufficient.
Sorry for the delay. I didn't see the notification for your reply. I added Mail.Send permissions to the function app and I am still receiving a 403 Forbidden. I set the mail.send permissions in Entra in the AppRegistrations screen:
Was this correct?
Thank you.
