What does it mean to "Read mail in all mailboxes"? - permissions

I'd like to know what it means when a Microsoft Graph application has the Mail.Read permission that says Read mail in all mailboxes.
Does this mean that such an application can read all mailboxes of every user in the entire company or what all mailboxes are they?
The admins won't grant me this permission as they justifiably think it might be a god-mode. Is it?

First, let's see the description here:
Microsoft Graph lets your app get authorized access to a user's
Outlook mail data in a personal or organization account. With the
appropriate delegated or application mail permissions, your app can
access the mail data of the signed-in user or any user in a tenant.
Let's see the graph api which requiring this api permission:
Get the messages in the signed-in user's mailbox (including the
Deleted Items and Clutter folders).
But if the Mail.Read you mentioned is Application Mail.ReadBasic.All, Mail.Read, Mail.ReadWrite, then
can get messages in another user's mail folder
I'm afraid it is really the god-mode you said. But please note, it doesn't mean , you invite my outlook email address into your company's tenant then you can use this api to read the emails in my outlook email address.

It means that the application has the ability to read email messages in all mailboxes of all users within the organization that has granted the application access to their mailbox. This includes access to the contents of the messages, including subject, body, sender, recipient, and other properties

Related

How to differentiate between login with google service account and email login (having same google account)?

I have an account on Gmail. I have implemented login with google service on a project.
Now the Question is, What method is the optimal or the best practice which is followed regarding the account?
There are two ways:
I make an account with normal email and password sign up.
Login with Google
What if I use the same email and get registered with two different accounts on the project or there should be error saying "the account is already exists with this email"??
So lets see if i follow you.
You have a system which has two login options.
Create new user register with your email
Login with your googel account.
In the event a user uses their gmail email address and trys to login with the ir google account your getting an error that the email already exists.
The issue being that both system are trying to create a new user. This is where the issue is. Your system should be checking if the email exits if it does then link the accounts sources rather then creating a new user. SO the user would have to login sources one for normal login and password and the other as an external source being google.
How you achieve this depends upon your system.

Sending a mail using 365 instance

I am developing an app on Microsoft Teams, and I would like to send a mail with an instance of a logged in user.
This means that a user logs into my Microsoft Teams app, wants to send a custom mail that the app generated, now I want to send a request to my REST API to send this mail as the user.
I could not find any relevant information regarding sending an email like this, I only found methods to send emails with supplying username/password or using the current logged user on the machine (which I can't use since I want to do that using my REST API).
Example of what I found but is irrelevant:
https://www.add-in-express.com/creating-addins-blog/2011/09/02/outlook-create-send-message/
You don't mention if your app is a Tab or a Bot app (or something else), but I'm presuming a Tab. In any case, both Bots and Tab's offer the ability to do SSO sign-in of the user, in which case you can easily get a token for the user. In your backend API, you can exchange this for an "on behalf of" (OBO) token, which lets you access the Microsoft Graph API on the user's behalf. Once that's done, you can call the "send mail" operation on Graph.
To find out more about the above, see:
here for an excellent video overview on SSO with Tabs
here for a blog post on how to exchange the tokens and make the graph call securely
here for the specific operation in Graph (sending email)

microsoft graph api, how to access mails from a mailbox in which shared mailboxes are attached

microsoft graph api, how to access mails from a mailbox in which shared mailboxes are attached
New Regular Mailbox created
shared mailboxes are associated
using graph API want to fetch emails from the associated shared mailbox.
please advise.
You'll have to access each shared mailbox separately. Mailboxes are treated just like user accounts, so you can access them using their email address at the user endpoint: https://graph.microsoft.com/v1.0/users/sharedmailbox#contoso.com/messages.

Fetching mails to openerp inbox for every user in openerp7

I know that there is a way to define incoming mail gateway. If we configure it and click on fetch now we will get all mails in the Administrators inbox. Is there a way to configure this for every user and so when every user logs in he/she will get their mails in their openerp inbox itself. Kindly help me to do that with openerp7. Thanks for your time.
You need to create incoming mail servers for every users via Settings->Techincal->Incoming Mail Server providing Username and Password of every users in the Login Information table!

Email Synching into Custom App

How have people intergrated custom CRM type applications with email?
I have a Access 2003 front-end application with a SQL Server 2005 backend. One CRM
part of the application tracks the activity with the customer in a traffic
log table. Sometimes the salesstaff has communication with their customer
using email instead. What do people do to synch this up with an application?
I was thinking about creating a form to enter the initial message, so I
could save it into a table and then have the system generate a email, of
course, this doesn't handle the email communication after the initial email.
Thanks
What you need to do is setup your domain name with a free google apps account. Your sales staff can still use the clients of their choice, but since they are essentially using custom gmail accounts, every single email that they send and receive will be recorded in a nice and neat transactional format in the gmail interface. Since your sales staff is always online, they will always have access to every message they ever sent. If you want to have access to the emails, you can set it up that every single message that gets sent are automatically blind forwarded to your account. Filters can be set up to automatically tag and archive them, so you will not be overwhelmed, but you will still be able to search them. Google Apps will also give you a central contact directory similar to outlook/exchange.
Here are a few options for you:
Use web forms for all communications. When a message is sent out, the only thing it includes is a link back to the site. Responses are sent the same way.
Setup an email alias that your sales staff Cc's when they want their correspondence to be tracked. Your app would periodically read a POP mailbox, and record the traffic. Customers would have to remember to Cc the same email box for the traffic to be remembered.
Establish a single common email box, such as sales#domain.com. All outgoing mail is marked as being from that account, so all replies will go through it. To send mail, sales staff uses a web form. Messages are tagged with a key that associates them with a particular customer. Putting the key in the subject header usually works OK (that's how many support ticket management systems work, for example). Replies from customers keep the tag. Your app then reads an associated POP mailbox, parses out the keys, and stores the email accordingly.