question

PatrickvanderRijst-9337 avatar image
0 Votes"
PatrickvanderRijst-9337 asked Danstan-MSFT edited

GET request on /users/{id|userPrincipalName}/mailboxSettings should not require MailboxSettings.ReadWrite

I'm using the following API to fetch if someone is out of office; https://docs.microsoft.com/en-us/graph/api/user-get-mailboxsettings?view=graph-rest-1.0&tabs=http&source=docs

While testing this API on https://developer.microsoft.com/en-us/graph/graph-explorer being logged in with my own user, it won't return the proper result because it mentions MailboxSettings.ReadWrite is required. A GET request that does not modify any user data should not have the ReadWrite permission consented.

microsoft-graph-mail
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I am unable to reproduce your case. I am able to call this endpoint with only MailboxSettings.Read when used as delegated or application permission.
You can also share the the improper results without PII or full error you get on Graph explorer including the request id and timestamp.






0 Votes 0 ·

0 Answers