Bug in MS Graph? Access Denied via Microsoft Graph: /users/{userID}/mailfolders/inbox/messagerules despite permissions, consent and delegation.

Question

I'm wondering if we just found a bug in the MS Graph API. I'm trying to access a different user's inbox mail rules via MS Graph. Here's what I did:

1.) Registered an application on the V1 Azure AD Endpoint, with ALL delegated permissions (including MailBoxSettings.Read and MailBoxSettings.ReadWrite) 2.) Granted access to the application using a global admin account 3.) Got a Graph Bearer Token for the tenant & proper permissions: 4.) Delegated mailbox access (full access) to my Global Admin account in Exchange Online settings: 5.) Verified that I have access to the users inbox via Graph: 6.) Attempting to list messagerules for this user fails:

Note that retrieving the current (global admin) user's mail rules works without an issue: GET /https://graph.microsoft.com/v1.0/me/mailfolders/inbox/messageRules

This tells me that there is probably a bug in MS Graph - or am I maybe missing something?

Thanks in advance

Ben

Answer 1

To read other users emaill inbox you need Application Type permission set rather than Delegated access. Follow this link https://learn.microsoft.com/en-us/graph/auth-v2-service

Answer 2

I have tried this, and I have get the same error. As my understand, we can not get the other's email rules. If you want to use this case, we can submit this issue on the github Issue