Since Microsoft released “Roaming Signatures” it has been expected that there will come support for this in the Graph API, so that external applications, for instance IAM systems, can update signatures on behalf of all users in a company.
https://web.archive.org/web/20231208072313/https:/github.com/MicrosoftDocs/office-docs-powershell/issues/8537#:~:text=Greetings.%20A%20new,API%20is%20available regarding this.
https://feedbackportal.microsoft.com/feedback/idea/eba07341-ac9a-ee11-a81c-000d3a02ba69 from the feedback portal.
From the discussion where it says that the support for this is on the roadmap, however no one can say when it will be released.
We are in desperate need for this API-support as the application we use now for managing signatures has EOL later this year, and it does not support Exchange Online due to this lack of API-support. Our organization (approx. 8000+ users) will then loose the managed signatures. This is particularly bad since we are facing a transition to the New Outlook.
We hope sincerely that Microsoft will prioritize this and release support for Roaming Signatures within the Graph API very soon.
15 Comments
Microsoft have been removing control and ease of management from IT departments for years now with all their cloud products, and I don't understand why. Perhaps they're trying to reduce the breadth of features they need to maintain? I've got no idea, but it's frustrating as all hell.
I've been working on a solution that uses the same API that Outlook Online uses. The main problem is it requires interactively logging in as a user that has "full access" to all mailboxes; there's no way to assign the necessary permissions via an Entra app registration. Otherwise the API is pretty straight forward, which again makes me wonder why Microsoft don't provide a proper solution. (https://outlook.office.com/owa/$upn/service.svc?action=SetMailboxMessageConfiguration&app=Mail&n=64)
If you use your browser Developer Tools while authenticating with Outlook Online and then while setting a signature, you can get all the information you need. I then use the `PSAuthClient` powershell module to handle the OAuth authentication and go from there. I'm now up to finding the best way to give a single user account access to all mailboxes so it has permission to actually set signatures on everyone's mailbox. Ideally these permissions would be added and removed on-the-fly.Does anyone know if there's been an update on this? How am I supposed to set HTML email signatures provided by the designer?
This is so vital, please get it sorted!
Switching from On Prem to 365 has been a non stop fight with Microsoft regarding implementing controls for admins. This is just another "Update" that causes the same thing. I feel like every ticket I've had with Microsoft regarding Intune, Exchange, Sentinel. Literally every single time it comes back saying "That functionality is not available please put in a request".
Then I come here to see there's already requests that are months (ifnot years) old. Then I go to find alternative ways to accomplish my goal to stumble across undocumented solutions from reddit.
Seems the public knows more about Microsoft's services than their "engineers" do and it needs to be remedied!
For this particular issue however, the answer is to just manually set it.. Which doesn't quite work because the OWA doesn't allow you to copy and paste pictures, or import an html signature, or anything else for that matter. You have to manually re-import the pictures and write the links yourself.
What annoying news but good that they are at least giving a response now, rather than hoping people would just give up waiting and slowly vanish.
So why now the extra hurdle that this is possible for people to do, but you must package what you're doing in the new 'add-in' format so it can be installed that way........ we already packaged ours as an Intune app because apparently that was the new future way for things and then that was subsequently rendered scrap because commands were removed by Microsoft?
Why does it have to be a new app type and why can't they release any visibility or management of it via Graph or Powershell. It's great when 'things just work' and you never need to look under the hood, but when they don't work silently and smoothly and you don't have any access to see or change what's going on at the Exchange end secret folders etc etc, then it's incredibly frustrating not to have any tools that can work on this?
We know it's not a consideration of time because: there has been so much time. Why behave like this, who is it benefiting?
CFinch please note that there is no anymore term "new Outlook", there is the "Outlook for Windows", and "Outlook classic" 😛 , anyhow it does not have nothing with signatures.
Regarding Microsoft saying there are no plans to support roaming signature management in Microsoft Graph API, while having most of other settings is very strange.Thanks for sharing that update Tore.
This is a huge pain, but solidifies that we won't be able to move to the new Outlook.
Next up, finding a way to reliably uninstall the new Outlook through Intune.
https://learn.microsoft.com/en-us/powershell/module/exchange/set-organizationconfig?view=exchange-ps#-postponeroamingsignaturesuntillaterhttps://learn.microsoft.com/en-us/powershell/module/exchange/set-organizationconfig?view=exchange-ps#-postponeroamingsignaturesuntillater has changed to this:
We recommend that independent software vendors (ISVs) onboard to the https://learn.microsoft.com/en-us/javascript/api/outlook/office.body#outlook-office-body-setsignatureasync-member(1)based on https://learn.microsoft.com/en-us/office/dev/add-ins/outlook/autolaunch.
We have no plans to support roaming signature management in the Microsoft Graph API.
So it looks like this is not going to happen. We at IdentityStream have consequently developed an Outlook add-in using the signature API and event-based hooks to fetch and insert the proper signature per user from a centrally managed signature store. We are rolling out to the first customers this month.
This is very much needed!
Hear, hear! Give us Graph API ability to set the HTML of our users' Roaming Signatures! It is crazy how long this hasn't been an option! Once you do release the API functionality, You better give us AMPLE time to adjust our signature deployment scripts before sunsetting old Outlook
