13,721 questions
Have you tried granting Mail.Send Application permission and grant Admin consent
--please don't forget to upvote and Accept as answer if the reply is helpful--
Mail.Send 'ErrorAccessDenied' when sending email, Delegated permissions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 64%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESF%3C/text%3E%3C/svg%3E)
Saadia Fatima
0
Reputation points Microsoft Employee
Hi
I am trying to send email, using Graph API, without any user interaction. I have obtained Admin consent for the Mail.Send for my application, with delegated permissions. I am getting this error:
What are the steps to send email using Graph API and delegated permissions in a non-interactive way.
Thanks
Welcome to Microsoft Graph!
Connected via apponly access using ***********************************
Readme: https://aka.ms/graph/sdk/powershell
SDK Docs: https://aka.ms/graph/sdk/powershell/docs
API Docs: https://aka.ms/graph/docs
NOTE: You can use the -NoWelcome parameter to suppress this message.
Send-MgUserMail : Access is denied. Check credentials and try again.
Status: 403 (Forbidden)
ErrorCode: ErrorAccessDenied
Microsoft Security Microsoft Graph
{count} votes
-
CarlZhao-MSFT 46,371 Reputation points2023-09-14T01:50:23.5966667+00:00 Hi @Saadia Fatima
Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept Answer" which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Sign in to comment
4 answers
Sort by: Most helpful
-
Manu Philip 20,206 Reputation points MVP Volunteer Moderator2023-09-09T04:26:26.4366667+00:00
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 59%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Mohamed Abderrahmane 0 Reputation points2023-09-09T18:24:05.0966667+00:00 It's crucial for non-interactive scenarios to use Application permissions, So use Application permission instead of Delegated permission.
-
CarlZhao-MSFT 46,371 Reputation points
2023-09-11T03:14:07.9666667+00:00 Hi @Saadia Fatima
Sending messages without user involvement is only supported in the application context. You need to grant
Mail.Sendapplication permissions to the calling app and obtain an access token using the daemon-based client credentials flow.The picture below is a quick test:
Hope this helps.
If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.
-
CarlZhao-MSFT 46,371 Reputation points
2023-09-12T01:47:48.2+00:00 Hi @Saadia Fatima
Hope things are going well. I am writing to see if the above suggestions help. If there's anything else we can help, feel free to let us know.
-
Saadia Fatima 0 Reputation points Microsoft Employee
2023-09-12T17:31:22.49+00:00 Hi.
Thank you everyone for the suggestions.
I want to attempt method #2 listed here: https://www.techguy.at/use-microsoft-graph-api-with-powershell-part-2/ . This method is suggested for: Delegated Permission with full Automation. It says that it uses ROPC authorization (https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc).
Before starting the process to get Application Permissions, I'd like to exhaust the possibility of using Delegated Permissions with automation.
Thanks
-
CarlZhao-MSFT 46,371 Reputation points
2023-09-13T03:27:48.28+00:00 Hi @Saadia Fatima
Please refer to the latest answer I posted :)
Sign in to comment -
-
CarlZhao-MSFT 46,371 Reputation points
2023-09-13T03:14:29.89+00:00 Hi @Saadia Fatima
Of course, if you want to use delegated permissions to send emails and avoid interacting with the user in the browser, then using the ROPC flow is the only option, which allows the application to log in the user by directly handling the user's password.
Note that with delegated permissions you can only send mail on behalf of the logged-in user and not on behalf of other users.
POST https://graph.microsoft.com/v1.0/me/sendMail Content-type: application/json { "message": { "subject": "Meet for lunch?", "body": { "contentType": "Text", "content": "The new cafeteria is open." }, "toRecipients": [ { "emailAddress": { "address": "******@contoso.onmicrosoft.com" } } ], "ccRecipients": [ { "emailAddress": { "address": "******@contoso.onmicrosoft.com" } } ] }, "saveToSentItems": "false" }Hope this helps.
If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.
-
CarlZhao-MSFT 46,371 Reputation points
2023-09-15T08:49:18.32+00:00 Hi @Saadia Fatima
I am checking to see if this issue is resolved or not. If you have any concerns, please feel free to reply.
Sign in to comment -