Search code examples
microsoft-graph-apiazure-ad-b2b

Why are Invitation emails sent via MS Graph to external (b2b/guest) users not sent to TO+CC addresses (any more)?

I have an application configured within a AzureAD B2B tenancy that has the appropriate permissions (user.readwrite.all, user.invite.all) to send Invitations out to external (guest) users.

Those invitations are configured to send an email including a custom message AND an internal mailbox as a cc recipient eg:

{
  "invitedUserDisplayName": "Display Name",
  "invitedUserEmailAddress": "username@externalemailaddress.com",
  "invitedUserMessageInfo": {
    "ccRecipients": [{ 
      "emailAddress": {
        "address": "internal.mailbox@companydomain.com",
        "name": "mailbox name"
      }
    }],
    "customizedMessageBody": "a custom message"
  },
  "sendInvitationMessage": true,
  "inviteRedirectUrl": "https://myapplications portal/"
}

This used to produce a single email that goes out To: the invited user's email address AND Cc: the internal mailbox with BOTH addresses visible on the same email. This is done to verify that the email was sent to the external user, verify which email it was sent to, and also give invited users a contact address they can reply to if they have any issues signing up.

However, as of the last couple of days, a change appears to have occurred. Now, it appears as if two separate emails are being sent where both recipients are receiving their own copy with only their own email address visible in the To: field.

So now, we cannot confirm the external user email was received or which address it was sent to without using Azure's logs. It also makes cc'ing the invitation to the mailbox pointless since there is no way of determining which user each invitation was sent to. (Without having to scrape Azure user object id's out of the invitation link and looking them up one-by-one.)

Has there been some sort of change recently with Microsoft Graph that would cause this? Is there some sort of configuration option within the Azure Admin Portal that would allow an admin to (perhaps inadvertently) change this behavior within the Tenancy? (Our admin has denied making any such change.)

Solution

  • Answering because the issue appears to have been resolved.

    Invitations being sent out by Azure have reverted to previous behaviour with a single email to both recipients. Going back through our mailbox, the issue only existed from 16th-18th September. Perhaps some change was made in error on Microsoft's side and has been reversed.