3

I'm building an application for collecting statistical information from emails inside organizations. Let's assume that those organizations use Outlook 365. I want to be able to do the following in the easiest way:

  • Get permissions to read all the mails in an organization
  • Get the emails + attachments and run my statistics

It seems that there is no easy way to do it with Outlook 365. I found this: any-office-365-rest-api-to-get-messages-from-all-mailboxes-in-an-organization , but I don't understand if it can work for any organization using Outlook 365. Am I wrong? How can I install such an app on a random organization and receive all the permissions?

I thought of another solution which has it's drawbacks but is quite easy: The organization creates an email address for me, e.g mails@org.com, and define in the Exchange 365 to forward all emails to this address. Then I can get use the Outlook 365 REST API to get all emails and delete those that I went over. The main drawback is that I'm afraid that this email box will get full to quickly and I'll miss many emails. According to this , the email box should have 50 GB which is a big enough buffer.

Is there a normal way to do this? Did anyone come across such a problem?

Thanks a lot.

Community
  • 1
  • 1
Alex
  • 737
  • 1
  • 9
  • 19

1 Answers1

1

You need to create a mutlitenant application on Azure AD.

If you want your app to be able to read all emails in the organization (not the emails of the user that have already logged and grant your app). You need to add the following permission to the application: Read Mail in All mailboxes (see image)

Remark that this scope is admin_consent only. Then your app needs to be validated by an administrator of the Office 365 tenant. You can read more about this here.

Azure AD application configuration

Benoit Patra
  • 4,355
  • 5
  • 30
  • 53
  • Thanks for the reply! Last question, what is the flow after creating the app? I mean, let's say that I now have an app with those permissions. How does a user log in to it? How do I get the needed token after he does that? Given this token I can then use the REST API to get all the info I want? – Alex Jul 28 '16 at 13:30
  • I can really speak about delegated scopes where you have a token that allows you to request the API on behalf of the connected user. You have 2 flows possible: full "client" (not adapted to your case) or a code authorization flow where the requests are made by the server. There is good doc here https://dev.office.com/blogs/oauth-and-openid-connect-for-office-365-developer. If you want to have a look on how I implemented (delegated scopes and user_consent only) see [my app Keluro](https://app.keluro.com). However in your case you'll need admin_consent to authorize app and access all mailboxes. – Benoit Patra Jul 28 '16 at 13:48