Get Mail function with Graph API and No O365 Mail License

Hello all,
I’m working for a client to do a workflow that pulls mail from a shared mailbox in O365.
The catches…

  1. The client won’t give the bot an email license in O365
  2. The client won’t use App based permissions for an Enterprise App (this was tested and works)

In my initial testing, I confirmed the App registration and permissions necessary to do this but they only worked as App based.

I created a new test account in Azure with no license and couldn’t figure out how to to be add it as a delegate to the shared mailbox object (no Email license).

I read about mail-enabled security groups as a means of giving specific permissions to the registered app but it requires a user to have a basic e1 license or higher to be able to be added.

I created a new app with delegated permissions and was able to access mail in the shared mailbox from my own account but when I shifted to the bot account it wouldn’t authenticate and kicked up a “bad credential” error in Studio.

Does anyone have a thought to a possible workaround in this situation? It’s frustrating because of how EASY this would be if they would just give a basic mail license to the bot account but here we are…

Thank you in advance and any help would be greatly appreciated.

Sincerely,

David White

@davidmwhtie

Please note that deppending on the type of bot we need to choose the authetication. And delegated needs a signed in user and fits for attended automation…for unattended ideally we need application permissions to access

Please check below further

Uploading: 2A5A59E5-84C1-4273-92AC-16204AC4DC0B.jpeg…

Cheers

Hey @davidmwhtie - does the account have MFA attached to it? I have seen with the M365 activities that organisational policies also get in the way - they don’t allow access to providers like UiPath to use their services but if that were true, you wouldn’t be able to auth from the organisation at all.

@Anil_G, Thank you for the article. I’ve gone through it and I believe that we’ve checked all the boxes. At this point it looks like it might not be doable without getting them to bend on the application permissions OR the license for the bot account.

@Jacqui_M, Thank you for the suggestion. I did doublecheck to make sure that O365 hadn’t enabled it automatically on the new account, but MFA was still turned off.

1 Like

Hi @davidmwhtie

Why do you use the API to send Office 365 mail? Direct action is available in UiPath, so you can make use of it in your automations.

image

If you only want the API method, you must have mail permission enabled in the O365 admin center. While creating an API, provide Nessarcy permission.

Regards,
Kaviyarasu N

Thank you for the suggestions. The “Use O365” activity requires an account with a license associated to it and the bots executing the actions don’t have licenses.

I am investigating a straight custom API option now but I’m still a little worried about the delegated / app-based permissions becoming an issue.

dw

Check with you azure portal admin to get required access.

Regards,
Kaviyarasu N