April 8th, 2019

New basic read access to a users mailbox

Today we are releasing a new Mail.ReadBasic permission scope which allows you to call the Microsoft Graph on behalf of a user and get their Mail messages without the body or attachments. There was huge demand for this more granular permission scope, over the broader Mail.Read, by both our customers and ecosystem partners.

There are many application scenarios that only require the basic details of the messages in a users mailbox. As an example, a partner sets up notifications for changes to the users inbox. As mail arrives in the users mailbox, their web service is notified of this and they take the message-id and call /me/messages/{message-id} to get the mail resource object. They use the sent datetime, sender email address, subject of the mail, and web link to update their external CRM record tied to the sender. The user can go to the CRM record and click on the link and it will launch the mail in Outlook web interface. In this instance, there was no need to consent access to the application to have access to the body of the email, only a reference to the email was required.

This permission scope is available today on the beta endpoint for both /me/messages and /me/messages/{message-id}. You can try this today with Microsoft Graph Explorer or our newly announced Postman Collection.

It is worth pointing out that this is only available on the delegated permission type (on behalf of a user) in this initial release and not application permission type (app-only). Before we release this to the v1.0 endpoint, we wanted to make sure we get feedback from Microsoft Graph developers. In the coming months will we release this on v1.0 and also roll out application permissions support.

Author