Hi Cured, I'm sorry that I'm afraid it's not feasible to achieve your goal as the emails are from 3rd party individual user. The application you registered in Azure AD and granted Mail read permission could help you read the mails of a user who is in your tenant and the user's assigned mail license.
Let's see a common scenario. Assuming I have an email account TinyTest@outlook.com
, then you invite me to join your tenant, so you use the invite-user feature in Azure AD. Next I will receive an invitation email in my mail account. After I accept the invitation, you will see a new user created in your tenant which account should in format TinyTest_outlook.com#EXT#@yourtenantname.onmicrosoft.com
. I can still use the outlook account to sign in Azure portal, but the account I used is the @tenantname.onmicrosoft.com
account indeed. My account in your tenant doesn't have email ability until you purchase an M365 license and assign it to my account, then the @tenantname.onmicrosoft.com
account can be used to send and receive emails, and the emails the Azure AD application could query are those from the @tenantname.onmicrosoft.com
account. Microsoft can't query out the emails for my outlook account all the time. Let's raise another example, assuming you establish an SMPT server with your custom email service, and one day you used your custom mail account to register in Azure, and I trust Microsoft is not able to get the data stored in your SMPT server without your permission, right? But what you have done now is only granting Azure AD to have email read permission, but not related to your own server.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Best regards,
Tiny