O365 mail Graph API Integration - Best Practices

Showing results for 
Show  only  | Search instead for 
Did you mean: 

O365 mail Graph API Integration - Best Practices

L1 Bithead

Hey all,


I was exploring O365 graph API and wondering what are some of the best practices for this integration.


One thing we came up was to IP restriction (Palo alto IP) in Microsoft side.


Are there any other condition access policies that can be added to make sure we follow best practices, other than securing the Palo alto tenant and Microsoft tenant as a whole? 


L0 Member

You need to make sure below required permissions are enabled to run the O365 Outlook Mail (Using Graph API) integration commands successfully;

  • Mail.ReadWrite - Application
  • Mail.Send - Application
  • MailboxSettings.ReadWrite - Application

Yes. It depends on the usecase that we need to enable these permissions.


If its only for searching and deleting emails and sending emails, we wouldnt need access to Mailbox settings right?

Im looking to explore the best practices for the integration overall as this gives high privileges.

You can start with minimal permissions and see if the use case you trying works. As per our documentation, the above three permissions are required for all the commands to run. Also as stated in this doc use the client credentials flow instead of device code flow as a best practice.

  • 3 replies
  • 31 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!