Microsoft 365 mail output plugin W2023.1

Hi All,

I receive
“ErrorAccessDenied”,“message”:“Access is denied. Check credentials and try again.”}}}

on the URL
https://graph.microsoft.com/v1.0/users/$From/messages/

Azure developer checked with Microsoft and is stating
(https://graph.microsoft.com/v1.0/users/$From/microsoft.graph.sendMail)
should be used also accoding to
user: sendMail - Microsoft Graph v1.0 | Microsoft Learn

the messages is used for getting all the messages not for sending them?

No I am confused, is the plugin wrong?

Either is the set up wrong ?

Any directionis helpfull
Kind regards

we changed the Mail.Read/Write settings, and for now we can send mail, Azure developer is not happy with this because documentation says

This task uses the Microsoft Graph API.
For this task to function correctly, Workflow needs to be granted application permissions for Microsoft Graph in the organization’s Azure instance.
It needs read access to the Users category ( User.Read.All ) so that the task can identify the users in the organization.
In addition, to send emails on any user’s behalf, the Mail.Send permission is required.
For more information on setting application permissions for Microsoft Graph, see Get access without a user - Microsoft Graph | Microsoft Learn.

As explained in the Microsoft documentation, the scope of the permissions depends on whether you are using delegated permissions or app permissions.

So for instance, with delegated permissions, the User.Read.All permission allows the application to “see” only the same users that the impersonated user can see. With app permissions, that same setting allows the application to see all users. The same principle applies to all Graph objects.

So if you want to restrict the scope of the permissions granted to Workflow, use delegated permissions.

thanks Phil,

Just wondering why OL documentation

“In addition, to send emails on any user’s behalf, the Mail.Send permission is required”
and the error comes on " https://graph.microsoft.com/v1.0/users/$From/messages/". I understand it has something to do with delegated permissions , the User.Read.All permission,

Need to work on my understanding of this.

Cheers