How to read User's email message from Extermal Azure AD using Graph SDK in C#

Tavi Truman 1 Reputation point

In the context of B2B, our native apps are sourced and registered as Azure AD apps running in Single Tenant mode as we don't use external email domains (B2C) to access our applications. We import email messages from the user's sourced email account from external Azure AD M365 accounts as well as Google and Facebook email accounts. How do we configure the provider on the Graph Client SDK?

Do we need the following on each external Azure AD tenant?

  • Tenant ID
  • User's Object ID
  • User's email account (user@[domain]

Do we need to use Azure AD External Identities?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,347 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,493 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. James Hamil 22,986 Reputation points Microsoft Employee

    Hi @Tavi Truman , thanks for the question. So I can understand correctly, you have access to your users emails within B2B, taken from their M365 accounts? When you say "Do we need the following on each external Azure AD Tenant" do you mean you need them for the Graph to access? Have you tried using the Graph Explorer? You can use it to test your queries on your own data to see if it works. Please let me know and I can help you further.

    Thank you,

  2. Tavi Truman 1 Reputation point

    Hello, James, and thanks for responding to my query. During the onboarding phase of our application, we allow the user to synchronize with existing external email accounts; in the case where the user needs to import contacts and email messages from an existing M365 email account. Here using the Microsoft Graph SDK, we need to connect to the user account. Our services via the Confidential Client flow gain access to our Azure AD Tenant but we need to connect to the user M365 account in an external Azure AD Tenant. In reading the docs it is not clear to me, specifically what data, and information I need to give to supply the Graph API given this use-case.

    Given this code snippet, do I need to connect to the user's tenant? If so, that would seem problematic; however, I've been reading about Azure AD External Identities and wonder if that is the path forward.

    GraphServiceClient graphClient = new GraphServiceClient( authProvider );

    var user = await graphClient.Me

    Regarding Graph Explorer, I am not even sure how to configure the query to test.

    I am testing with this code

        private static async Task<Message> ReadUserEmail(string emailAccount)
            IUserMessagesCollectionPage msgs = await graphClient.Users[emailAccount].Messages.Request()
                //.Filter("put your filter here")
            List<Message> messages = new List<Message>();
            while (msgs.NextPageRequest != null)
                await msgs.NextPageRequest.GetAsync();
            return null;

    and it does not work, reporting that the user does exist in the target Azure AD tenant - that makes sense. So, what is the method and technique required to cross-connect to an external Azure AD Tenant?


    0 comments No comments

  3. alvisingalvez 0 Reputation points

    To read a user's email message from External Azure AD using Graph SDK in C#, you can follow these steps:

    1. First, authenticate your application with Azure AD and obtain an access token.
    2. Use the GraphServiceClient class to create a new instance of the GraphServiceClient and pass in the access token.
    3. Use the client to query the Graph API for the user's email messages by using the /users/{user-id}/messages endpoint.
    4. Once you have retrieved the message, you can extract the contents of the message using the Body property.
    5. As an example, you could search the message body for the phrase "tennis geek" and use that information to provide a relevant response to the user.