This seems like it should be incredibly easy. But here I am on day 3 of reading blogs and watching youtube videos from India. Is this just not possible?
I have a LogicApp that has a system assigned identity. I used Powershell to create an identity in Exchange online based off of this identity and give the "Send As" permission to a shared mailbox. That part is done and I didn’t get any errors and we’ve done the same thing for "actual code" projects that use "App Registrations" and the Microsoft.Graph library to send emails so I’m fairly confident it works.
I can’t use an O365 connector in the LogicApp because that needs a user to login and create the connection. Then I’d have to give myself rights to "Send As" this mailbox which I don’t want to do and seems like a terrible practice because one day I might leave the company, probably by stroke, but still my account might one day be gone.
Using the Microsoft Graph explorer and some documentation I can see that mail can be sent using the graph in what seems like a pretty straight forward way. I’ve verified, using the graph explorer that I can send mail as myself using that API.
Can I send email as a shared mailbox via the Microsoft Graph API using an Azure LogicApp? Even if I need to create an App Registration to do it, that’s fine. I don’t know how to tell the API to send send an email using a system assigned identity.
2
Answers
I agree with @Skin, you can use service account for authentication instead of user login.
I would suggest you to follow below steps, it may helps in achieving your requirement.
There is no need to specify the system-assigned identity in the API call. When you use a system-assigned managed identity as authenticate with the Microsoft Graph API in your Logic App Http action, the identity is automatically passed to the API as part of the authentication process.
Then in Http action take Post as method and mention Graph Api’s URL and take managed identity as Authentication.
For me it is no more possible (by default) to send email with a shared email box, you have to use the same email than the one used to authenticate the account.