Share via

Risk and Caveats when Sending an Email from Azure using Microsoft Graph API Mail.Send?

EnterpriseArchitect 6,041 Reputation points
2024-07-31T07:44:40.51+00:00

I need suggestions on whether using Mail.Send to send emails to thousands of my customers from an Azure app is according to the security best practice or not?

 

Because from the steps that I must approve for the developers is:

The app will need to be secured on server side to protect the credentials, hence using the App ID and Client Secret (pasted into the app).

An admin will need to consent to the permissions on Azure AD application permission Mail.Send

The app will be required to send emails as any user in my Azure tenant.

 

I would greatly appreciate any suggestions.

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,459 questions
Microsoft Security | Microsoft Graph
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Abiola Akinbade 29,490 Reputation points Volunteer Moderator
    2024-07-31T08:29:00.37+00:00

    Hello EnterpriseArchitect,

    For me:

    For large scale email sending maybe consider ACS? https://learn.microsoft.com/en-us/azure/communication-services/overview

    "The app will need to be secured on server side to protect the credentials, hence using the App ID and Client Secret (pasted into the app)" Securing the app on the server side and protecting credentials is a best practice. consider AKV to retrieve the these rather than pasting

    Also, with Graph API use granular permissions if possible for admin sending mails

    See: https://learn.microsoft.com/en-us/graph/outlook-things-to-know-about-send-mail

    You can mark it 'Accept Answer' and 'Upvote' if this helped you

    Regards,

    Abiola

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.