Skip to main content

Posts

Recent posts

Creating a Mailbox Search Folder based on a Message Category using the Microsoft Graph and Powershell

Searching on the Categories property of an Email can pose a challenge because this property is a Multi-valued String property (which aren't that common in email) eg in a Message the property may look like the followingSo this needs to be queried in a different way then a normal String or single valued property in an Email would, where you could use a number of filter options (eg equal, contains,startswith). In EWS it was only possible to query this property using AQS because of the way SearchFilters translated to the underlying ROP based restrictions used by the Exchange Mailbox Store. In the Microsoft Graph the Linq format in Filters does translate more favourably so can be used eg the following simple query can find Messages in a folder based on a specific categoryhttps://graph.microsoft.com/v1.0/me/messages?filter=Categories/any(a:a+eq+'Green+Category') you can create a SearchFolder based on this query which would search all folder in a Mailbox which would produce a Se…

The MailboxConcurrency limit and using Batching in the Microsoft Graph API

If your getting an error such as Application is over its MailboxConcurrency limit while using the Microsoft Graph API this post may help you understand why.Background  The Mailbox  concurrency limit when your using the Graph API is 4 as per https://docs.microsoft.com/en-us/graph/throttling#outlook-service-limits . This is evaluated for each app ID and mailbox combination so this means you can have different apps running under the same credentials and the poor behavior of one won't cause the other to be throttled. If you compared that to EWS you could have up to 27 concurrent connections but they are shared across all apps on a first come first served basis.BatchingBatching in the Graph API is a way of combining multiple requests into a single HTTP request. Batching in the Exchange Mail API's EWS and MAPI has been around for a long time and its common, for email Apps to process large numbers of smaller items for a variety of reasons.  Batching in the Graph is limited to a maxim…

How to Approve and Reject Moderation Emails in Exchange Online with the Microsoft Graph API and Powershell

A while ago I published this blog post about doing this using EWS and a few people have recently asked if it is also possible to do this with the Graph API(which it is) so I've decided to include this one in my Graph Basics series.ModerationModeration is an Exchange feature that was introduced in Exchange 2010 that allows the Human control of mail flow to a distribution group or mailbox see https://docs.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/manage-message-approval for more detail.
Moderation Approve/Reject Messages
When a Message is requiring moderation an email is sent to one (or more) moderators requesting approval. In the Graph you can get these moderation messages by filtering on the MessageClass property. Because this isn't a first-class property like it was in EWS you need to use the singleValueExtendedProperties representation of the property. eg in the Graph a Request like this
https://graph.microsoft.com/v1.0/me/mailFolders('Inbox')…

Testing and Sending email via SMTP using Opportunistic TLS and oAuth in Office365 with PowerShell

As well as EWS and Remote PowerShell (RPS) other mail protocols POP3, IMAP and SMTP have had OAuth authentication enabled in Exchange Online (Official announcement here). A while ago I created this script that used Opportunistic TLS to perform a Telnet style test against a SMTP server using SMTP AUTH. Now that oAuth authentication has been enabled in office365 I've updated this script to be able to use oAuth instead of SMTP Auth to test against Office365. I've also included a function to actually send a Message.
Token Acquisition 
To Send a Mail using oAuth you first need to get an Access token from Azure AD there are plenty of ways of doing this in PowerShell. You could use a library like MSAL or ADAL (just google your favoured method) or use a library less approach which I've included with this script . Whatever way you do this you need to make sure that your application registration https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app h…

Graph Basics Get the User Photo and save it to a file (and resize it) with PowerShell

This is part 2 of my Graph Basic's series and this post is born out of an actual need that I had over the last week which was to get a user photo from the Microsoft Graph and save it as a custom size and different image type. Like many things there are multiple ways of doing this but the Microsoft Graph GetPhoto endpoint is pretty straight forward and delivers the image in one of the following formats 48x48, 64x64, 96x96, 120x120, 240x240, 360x360, 432x432, 504x504, and 648x648. Because I wanted to use the photo on a Elgato stream deck this required the size be 72x72 so I needed some extra code to do the resize of the photo and change the format from a jpeg to png.
Getting the user-photo from the Microsoft Graph 
Before you can get the user's photo from Microsoft Graph you need to make sure the application registration you are using has one of the following permissions
User.Read, User.ReadBasic.All, User.Read.All, User.ReadWrite, User.ReadWrite.All

Then after you have obtain the T…

Modifying your Exchange Online PowerShell Managed Code to use oAuth and MSAL

While not as popular these days many .net developers may have in the past used Managed code to run Exchange Online PowerShell cmdlets to do things like assign Mailbox Permissions or run other EXO PowerShell Cmdlets to get reporting information where no other alternatives where available (or are still available). The majority of these code bases are most likely using basic authentication using something like
Or maybe some of the examples in https://docs.microsoft.com/en-us/exchange/client-developer/management/how-to-get-a-list-of-mail-users-by-using-the-exchange-management-shell
In this post I'm going to cover how to change your existing code, you might want to consider however making use of some of the new ExchangeV2 Powershell module functionality to improve performance and security . But to migrate existing code to use oAuth from Basic Authentication is relatively straight forward You will need some code to do the Authentication, for this I'm going to use the MSAL library beca…
All sample scripts and source code is provided by for illustrative purposes only. All examples are untested in different environments and therefore, I cannot guarantee or imply reliability, serviceability, or function of these programs.

All code contained herein is provided to you "AS IS" without any warranties of any kind. The implied warranties of non-infringement, merchantability and fitness for a particular purpose are expressly disclaimed.