Crow Canyon Email Sync: Use Graph API to read emails

Applies to: SharePoint Online

Description

Email Sync app is used to sync emails from a Microsoft Exchange mailbox to a list in SharePoint Online. SharePoint online doesn’t have built-in functionality similar to Announcements Lists in on-premises where emails sent to a particular address are automatically added to the list in SharePoint. You can read more about Email sync here and here.

To access the mailbox to read emails, there are two options:

  1. Specify the username and password to access the mailbox
  2. Enable Microsoft Graph API access so that Crow Canyon App can access the mailbox using OAuth

This article describes the steps to configure Graph API access for Email Sync.

Steps

1. Navigate to Email Sync app

2. Create a new configuration or edit an existing one for which API access is to be configured

3. Select “Microsoft Graph API Access” in “Connection Settings for Microsoft Exchange Server” in Email Sync as shown below:

4. Click ‘Grant Access’ in “Connection Settings for Microsoft Exchange Server” section to allow API access to mailboxes.

5. “Grant permissions” link will open a pop-up. Please use an account with admin privileges to grant the required permissions. Click “Accept” button to grant permissions.

Note: Above step will initially grant permissions on all mailboxes. These permissions can be scoped to specific mailboxes as per instructions in this Microsoft article. AppId to be used for this is “1c4f8870-3aab-4882-a733-f05081a17655”. Steps are also given below:

  • Create a mail enabled group in your O365 admin center . Note that this steps requires administrator privileges on your O365 subscription. E.g. “CrowCanyonEmailAPIAccess
  • Add the required mailboxes (one or more) to this group
  • Connect to Exchange Online PowerShell. For details, see Connect to Exchange Online PowerShell
  • Run below command, note that changes to application access policies can take up to 30 minutes. Replace CrowCanyonEmailAPIAccess@yourdomain.com below with the email Id of the group created above:
    • New-ApplicationAccessPolicy -AppId 1c4f8870-3aab-4882-a733-f05081a17655 -PolicyScopeGroupId CrowCanyonEmailAPIAccess@yourdomain.com -AccessRight RestrictAccess -Description "Restrict Crow Canyon Email API app access to members of distribution group CrowCanyonEmailAPIAccess."
  • Verify that mailbox accounts added to the group can be accessed by Graph API. Replace <mailbox email> below with email Id of the mailbox:
    • Test-ApplicationAccessPolicy -Identity <mailbox email> -AppId 1c4f8870-3aab-4882-a733-f05081a17655
  • Verify that any other mailbox account that is not in “CrowCanyonEmailAPIAccess” group cannot be accessed by Graph API.  Replace <mailbox email> below with email of mailbox that is not in the group:
    • Test-ApplicationAccessPolicy -Identity <mailbox email> -AppId 1c4f8870-3aab-4882-a733-f05081a17655

6. Click ‘Test Connection’ to verify the access. Please wait for few minutes and try again if it doesn’t work immediately after granting the permissions:

Note: If permissions are not granted, test connection will result in following error:

7. Save the configuration and wait for about 15 minutes. Send a mail to verify that Email Sync is working. Note that only new emails will be moved to SharePoint, existing emails prior to the configurations are not moved

8. Existing configurations that are using mailbox credentials can be moved to new Graph API based access by editing the configuration