0

I want to create custom folders for all users automatically. "New-MailboxFolder" cmdlet, unfortunately, according to documentation is limited to be used “in your own mailbox” only. So, I use "Create MailFolder" Graph API.

I get "Access denied"

enter image description here

///////////////////////////////////////////////////////

Permissions have been granted.

/////////////////////////////////////////////////////// enter image description here

////////////////////////////////////////////////////// enter image description here

What else should I do to make this work?

BTW, "/me/mailFolders" works perfectly well, but I need create for other users.

Improve this question
3
  • Note that, graph explorer works based on delegated permissions of signed-in user. You cannot access other user mailboxes and can only perform actions on signed-in user /me endpoint. Commented Jan 8 at 11:53
  • If your requirement is to create custom folders for all users' mailboxes, generate token in application context using client credentials flow by granting permissions of Application type and use it to call MS Graph REST API. Commented Jan 8 at 11:56
  • Alternatively, you can also make use of Microsoft Graph PowerShell commands connecting with service principal authentication. Commented Jan 8 at 12:00

1 Answer 1

Reset to default
1

As I mentioned in comments, you can only perform actions on signed-in user's mailbox as Graph Explorer works on Delegated type permissions.

Initially, I too got same error when I tried to create custom mail folder in user other than signed-in user via Graph Explorer like this:

POST https://graph.microsoft.com/v1.0/users/[email protected]/mailFolders
{
  "displayName": "Clutter",
  "isHidden": true
}

enter image description here

When I tried to do the same in signed-in user's mailbox with /me endpoint, it worked and created custom mail folder successfully:

POST https://graph.microsoft.com/v1.0/me/mailFolders
{
  "displayName": "Clutter",
  "isHidden": true
}

enter image description here

If your requirement is to create custom folders for all users' mailboxes, generate token in application context using client credentials flow by granting permissions of Application type.

Initially, register an application and add Mail.ReadWrite permission of Application type with admin consent like this:

enter image description here

Now, generate access token using client credentials flow with below parameters:

POST https://login.microsoftonline.com/tenantID/oauth2/v2.0/token

grant_type:client_credentials
client_id: appID
client_secret: secretValue
scope: https://graph.microsoft.com/.default

enter image description here

You can now use this token to make below Microsoft Graph API call for creating custom mail folder in any user's mailbox:

POST https://graph.microsoft.com/v1.0/users/[email protected]/mailFolders
{
  "displayName": "Clutter",
  "isHidden": true
}

enter image description here

Alternatively, you can refer below Microsoft Graph PowerShell script to create custom mail folders for all user's mailboxes in batch:

#Install-Module -Name Microsoft.Graph -Scope CurrentUser
#Import-Module Microsoft.Graph.Mail

$tenantID = "your-tenant-id"
$appID = "your-app-id"
$secretValue = "your-client-secret"

$ClientSecretPass = ConvertTo-SecureString -String $secretValue -AsPlainText -Force
$ClientSecretCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $appID, $ClientSecretPass

Connect-MgGraph -TenantId $tenantID -ClientId $appID -ClientSecret $secretValue

$folderParams = @{
    displayName = "Clutter"
    isHidden = $true
}

$users = Get-MgUser -All

foreach ($user in $users) {
    $userId = $user.Id
    Write-Output "Creating folder for user: $($user.UserPrincipalName)"
    try {
        New-MgUserMailFolder -UserId $userId -BodyParameter $folderParams
        Write-Output "Folder created successfully for $($user.UserPrincipalName)"
    } catch {
        Write-Output "Failed to create folder for $($user.UserPrincipalName): $_"
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.