Microsoft shutting down Azure AD Graph

mguessan / davmail

DavMail POP/IMAP/SMTP/Caldav/Carddav/LDAP Exchange and Office 365 Gateway - Synced with main subversion repository at

http://davmail.sourceforge.net

GNU General Public License v2.0

573 stars 84 forks source link

Microsoft shutting down Azure AD Graph #264

Open dgrillo-github opened 1 year ago

dgrillo-github commented 1 year ago

Per https://learn.microsoft.com/en-us/graph/migrate-azure-ad-graph-overview Microsoft is shutting down Azure AD Graph this year, and for internal employees, it's getting shut down on March 31, 2023.

Does the Graph API have the calls needed to get the raw MIME message? That's listed as a blocker in bug https://github.com/mguessan/davmail/issues/186

Are their any possible work arounds? I might be able to get contacts with some of the Graph API developers, would that help? (Is there a Microsoft bug open for the missing api calls required?)

--Dan

dgrillo-github commented 1 year ago

I did a search on the Graph API change log and found relatively recent additions to get and create MIME messages: https://developer.microsoft.com/en-us/graph/changelog/?search=message%20in%20MIME

dgrillo-github commented 1 year ago

The Graph examples have this for getting a raw email message: https://learn.microsoft.com/en-us/graph/api/message-get?view=graph-rest-1.0&tabs=http#example-4-get-mime-content

stappersg commented 1 year ago

Partial quote from Davmail mailinglist:

W is Azure AD Graph? Can't you test anything yourself? Why should anyone working on davmail be knowledgable about a azure? I have local exchange and davmail works fine on it without azure.

mguessan commented 1 year ago

Hello all, As usual namings are misleading DavMail does not rely on Azure AD Graph and does not use Azure graph either.

However we used to be able to register applications with; EWS.AccessAsUser.All (access to EWS API calls) User.Read (assigned by default)

It seems Microsoft blocked new application registration since september 2022 so it's no longer possible to register a new application to access EWS inside Azure AD.

Alternatives:

use the old DavMail clientid and allow it on tenant
use a Microsoft application clientId that still has access to EWS, e.g. Outlook desktop

dgrillo-github commented 1 year ago

I checked with a coworker with access to the tenant configuration at work -- here's what he said:

"The permission being deprecated for all Microsoft customers is
User.Read, which is provided by Azure AD Graph, so if Davmail needs
that still, it needs to move to the new implementation which is
provided by Microsoft Graph APIs.  Davmail been using Azure AD Graph
all this time whether the author is aware of it or not.  I double
checked and yes, davmail in our tenant is currently configured to
use User.Read"

It sounds like still a problem here...

Attached is a screenshot that shows User.Read permission rolls up into Azure Active Graph api. permissions

esabol commented 1 year ago

Are these links relevant and useful?

https://lesterhightower.com/blog/posts/msgraph_ropc_auth_flows/

https://gist.github.com/hightowe/081d4a8c8e8034a11fe4bc2b9e3ad435