Skip to main content

Posts

Featured Post

Using Out of Office / automaticRepliesSetting with the Microsoft Graph with Service Principal Authentication

Out of Office (or automaticRepliesSetting) can be used for a vast number of different applications. For example in this Teams In/Out board   With the Microsoft Graph API there are two ways that can be used to get the automaticRepliesSetting either via the Mailbox setting Endpoint eg https://docs.microsoft.com/en-us/graph/api/resources/automaticrepliessetting?view=graph-rest-1.0 Or you can use MailTips which was the method i used in the Teams Apps eg https://docs.microsoft.com/en-us/graph/api/user-getmailtips?view=graph-rest-1.0&tabs=http eg When it comes to setting the OOF you must use the Mailboxsettings endpoint What is better ? for getting the OOF settings on a large number of users getmailtips because you can request up to 100 users in one request while if your batching Mailboxsetting you can only have a max of 20 user in a single batch. Permission and Authentication  One consideration for the Mailboxsettings endpoint is there is no ability to use Delegate permissions to access
Recent posts

Microsoft Teams Call History Outlook/OWA Addin

One of the Microsoft Teams features that I like the least is call history, for a number of reasons firstly its quite limited only 30 days worth of data and only includes direct calls and not meetings (which are often just scheduled calls). So when it comes to actually answering a question (like the one I found myself asking last week) when did I last have a call or meeting with person X it can't be used to answer this question.  The other thing is having that information available in the context of Outlook/OWA is a lot more useful for me (anyway) then digging through anther client to find its doesn't answer the question anyway. However while the call history in Teams only goes back 30 days the Teams CDR (Call Data Records) which I covered in https://dev.to/gscales/accessing-microsoft-teams-summary-records-cdr-s-for-calls-and-meetings-using-exchange-web-services-3581 do go back as far as your mailbox folder retention period. So with a little work I can use Exchange Web Services

Using the Tag for external email messages received feature in the Microsoft Graph and Exchange Web Services

The "Tag for external email messages received" feature was introduced into Office365 recently to help people better to identify mail that comes from external sender vs internal sender see this for more info on this feature . What happens when you enable this feature is that for messages with External sender a new Mapi property is set on those messages eg For messages from internal senders the property doesn't appear to get set and if the feature isn't enabled in your tenant then you won't see this property either. You can negate the boolean value of the property which will turn off the external tag. Using it in the Microsoft Graph API If you want to use it in the Microsoft Graph API when you retrieve messages you can include this as a SingleValueExtendedProperties eg for Retrieving and filtering message you can use I've included this in my Get LastEmail 101 graph sample  if you want to try this in a real mailbox eg you can do  Get-LastEmail -InternalSender -M

Auditing Inbox rules (and looking for hidden rules) with EWS in OnPrem Exchange

 After the events of the last weeks around the latest zero day vulnerabilities in Exchange   and once you've finished cleaning up any back doors that may have been left on servers its a good idea to review some other less known but established ways bad actors may hide persistent access within Mailboxes. One of these are Inbox Rules (but Mail Flow rules could also be used) and a more advanced method is the hidden Inbox rule exploit that was first talked about  https://blog.compass-security.com/2018/09/hidden-inbox-rules-in-microsoft-exchange/  and I covered it in  https://gsexdev.blogspot.com/2019/05/audting-inbox-rules-with-ews-and-graph.html  and somebody else  https://mgreen27.github.io/posts/2019/06/09/O365HiddenRules.html  there are a number of tools and techniques around detecting these types of rule but are all focused more toward Office365 as that was where at the time this exploit was being mostly employed. In my post at the time I modified the Microsoft script https://gith

Using Shared Mailboxes in the Microsoft Graph API from PowerShell

I've created a few new Binder entries in GitHub for using Shared Mailboxes in the Graph API using PowerShell The Binder index is  https://gscales.github.io/Graph-Powershell-101-Binder/   The topics covered are Accessing a Shared Mailbox folder and its Items Sending an Email from a Shared Mailbox The script for these entries can be found  https://github.com/gscales/Powershell-Scripts/blob/master/Graph101/SharedMailboxOps.ps1

Getting Teams Chat History Messages (Compliance Records) From a Mailbox using EWS and/or in Outlook Add-in

 Microsoft made a recent change to where the compliance messages get stored in a Mailbox for private Teams Chats from the \Conversation History\Teams Chat Folder to a non_ipm_subtree folder called TeamsMessagesData (see  https://office365itpros.com/2020/10/14/microsoft-changes-location-teams-compliance-records/ for some good commentary on this change). In terms of programmatic access to these messages this change affects the ability of the Graph (and Outlook REST) Endpoints to access them. While you could never access the Folder directly with the Graph API (because of the FolderClass) the messages themselves would appear in the \Messages endpoint (this is because they where captured by the underlying AllItems Search folder that backs this endpoint). Now the messages are in the Non_IPM_Subtree you loose the ability of that Search Folder to access those messages. This first up broke my OWA add-in from  https://gsexdev.blogspot.com/2019/03/microsoft-teams-private-chat-history.html that

Finding Emails in a Mail Folder older then a specific date using the Microsoft Graph and Powershell

  If you are doing any archiving, clean-up or just searching for Messages that are older then a specific date you will need to make use of a filter on the receivedDateTime. The receivedDateTime property This property represents when the Message was received expressed and stored in UTC time, this means when you query it you should also make sure your query value is in UTC. So for instance if I where looking for all the Email in the JunkEmail folder older then 30 days I could use /v1.0/users('gscales@datarumble.com')/MailFolders('JunkEmail')/messages?$Top=10&$filter=receivedDateTime lt 2020-10-21T00:00:00Z If the mailboxes are in a TimeZone other then UTC then first convert the actual date to the local date you want to include to UTC eg in Powershell something like (Get-Date).adddays(-30).Date.ToUniversalTime().ToString("o") This means if my timezone is +11 UTC my actual query time would look like 2020-10-20T13:00:00.0000000Z based on an Actual day value of
All sample scripts and source code is provided by for illustrative purposes only. All examples are untested in different environments and therefore, I cannot guarantee or imply reliability, serviceability, or function of these programs.

All code contained herein is provided to you "AS IS" without any warranties of any kind. The implied warranties of non-infringement, merchantability and fitness for a particular purpose are expressly disclaimed.