Nov 02 2023 12:18 PM
I'm successfully doing queries with Start-MgSecurityHuntingQuery to find messages which are from a particular sender domain, and which have failed DMARC. I would like to get these messages' Subject and InternetMessageHeaders. I can't seem to find a Delegated permission way to get this done other than Mail.ReadBasic.Shared with FullAccess permission also granted. Same could be done with Mail.Read and FullAccess, but I'm trying to avoid FullAccess, and I would like to do this with Delegated permissions.
Seems like some kind of Mail.ReadBasic.All but for delegated would be perfect, but don't see anything available. Is anyone aware of a delegated permissions approach to getting the message subject and message headers?
If EmailEvents table would just get Subject and InternetMessageHeaders added, that would be fantastic. Barring that, Mail.ReadBasic.Shared and some new AccessRight that I can add via Add-MailboxPermission could be another option. Or just a flavor of Mail.ReadBasic.All that magically works with delegated.
When I use Defender's Threat Explorer, it seems like all this stuff is possible (minus message headers, which can be retrieved from the email's entity page.
Nov 24 2023 07:35 AM