When trying to use MS Graph to fetch messages of an on-prem delegate mailbox (permissions granted with either full mailbox permissions or folder-level permissions) Graph returns a 403. This works fine with an Exchange Online mailbox. The application has all necessary permissions (delegated): Mail.Read, Mail.Read.Shared, Mail.ReadWrite, Mail.ReadWrite.Shared, Contacts.Read, Contacts.Read.Shared, Calendars.Read, Calendars.Read.Shared. Doing the same with the contacts or calendar APIs work fine. Fetching messages from the logged on user's mailbox works fine also. This is just when accessing an auxiliary mailbox.
API called: https://graph.microsoft.com/v1.0/users/mailbox[@](/users/na/?userId=19d591f5-0000-0003-0000-000000000000).com/mailfolders('Inbox')/messages
Error body:
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again. REST APIs for this mailbox are currently in preview. You can find more information about the preview REST APIs at https://dev.outlook.com/.",
"innerError": {
"date": "2020-11-16T18:04:14",
"request-id": "e6987a54-c546-45ba-9a8d-xxxxxxxxxxxxxxxx",
"client-request-id": "87b3bc0f-791f-b132-ffc5-xxxxxxxxxxxxxx"
}
}
}