{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Bombasti 的问题《Any Office 365 REST API to get messages from all m》','https://www.manongdao.com/q-817199.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am exploring an option to see if it's possible to get messages from all mailboxes in an organization (i.e within a domain) using Office 365 Mail REST APIs or if there is any other way to easily get these messages.
These are the options I have explored: 1) bcc all emails to a particular account and then get messages from bcc account. 2) Explored the connector option to send all mails to another email server. 3) I also saw in other posts which advises to create an Admin account/security group and give that account the full access to all mailboxes in an org using power shell but this option seems very inconvenient as new mailbox could get added so the power shell would need to be run again and also even if the Admin user is given full access still when REST API is used to get message then it will only get message form Admin account's mailbox and not from all mailboxes in an org.
So I was wondering is if it's possible to get all emails of an organization using Office 365 REST API or some other feasible and cleaner way?
Yes, it is possible. We can also use the Microsoft Graph (previously called Office 365 unified API) exposes multiple APIs from Microsoft cloud services through a single REST API endpoint (https://graph.microsoft.com). And use the client credential authentication flow to get the token for read all emails under an organization.
Here are the steps to achieve the goal.
Grant the sufficient permission to the app
a. Select the Microsoft Graph resource
b. grant the app “Mail.Read” on the list of application permission list like below
Here is REST to get email for a particular user you wanted
GET /users/<id | userPrincipalName>/messages
GET https://graph.microsoft.com/users/user1@teant.onmicrosoft.com/messages
Authorization: bearer {token}
I don't think there is currently a way to do this in real time.
The suggestion has been made to loop through all the users, but undocumented throttling thresholds (https://social.msdn.microsoft.com/Forums/en-US/358c5468-f887-4517-a2f0-245197dc6e0d/graph-api-rate-limiting-throttling?forum=WindowsAzureAD) make that path uncertain. For instance, what if an organization has 1000 users, perhaps firing 5 emails a second on average? What if we want an up-to-date picture?
Using subscriptions (https://graph.microsoft.io/en-us/docs/api-reference/v1.0/resources/subscription) we can identify which users are affected (without much detail in the payload) but when we go to look up the detailed information we risk being throttled. Without any production batch capabilities, we are forced to look up one user at a time.
A slim hope exists (as of yet undocumented and untested) that the thresholds allow for requests for different URIs and that an application may manage many subscriptions with many users (perhaps the entire organization).