Batch create mailbox folders with GRAPH API (from Graph Explorer)

Question

I want to create custom folders for all users automatically. "New-MailboxFolder" cmdlet, unfortunately, according to documentation is limited to be used “in your own mailbox” only. So, I use "Create MailFolder" Graph API.

I get "Access denied"

///////////////////////////////////////////////////////

Permissions have been granted.

///////////////////////////////////////////////////////

//////////////////////////////////////////////////////

What else should I do to make this work?

BTW, "/me/mailFolders" works perfectly well, but I need create for other users.

Answer 1

As I mentioned in comments, you can only perform actions on signed-in user's mailbox as Graph Explorer works on Delegated type permissions.

Initially, I too got same error when I tried to create custom mail folder in user other than signed-in user via Graph Explorer like this:

POST https://graph.microsoft.com/v1.0/users/[email protected]/mailFolders
{
  "displayName": "Clutter",
  "isHidden": true
}

When I tried to do the same in signed-in user's mailbox with /me endpoint, it worked and created custom mail folder successfully:

POST https://graph.microsoft.com/v1.0/me/mailFolders
{
  "displayName": "Clutter",
  "isHidden": true
}

If your requirement is to create custom folders for all users' mailboxes, generate token in application context using client credentials flow by granting permissions of Application type.

Initially, register an application and add Mail.ReadWrite permission of Application type with admin consent like this:

Now, generate access token using client credentials flow with below parameters:

POST https://login.microsoftonline.com/tenantID/oauth2/v2.0/token

grant_type:client_credentials
client_id: appID
client_secret: secretValue
scope: https://graph.microsoft.com/.default

You can now use this token to make below Microsoft Graph API call for creating custom mail folder in any user's mailbox:

POST https://graph.microsoft.com/v1.0/users/[email protected]/mailFolders
{
  "displayName": "Clutter",
  "isHidden": true
}

Alternatively, you can refer below Microsoft Graph PowerShell script to create custom mail folders for all user's mailboxes in batch:

#Install-Module -Name Microsoft.Graph -Scope CurrentUser
#Import-Module Microsoft.Graph.Mail

$tenantID = "your-tenant-id"
$appID = "your-app-id"
$secretValue = "your-client-secret"

$ClientSecretPass = ConvertTo-SecureString -String $secretValue -AsPlainText -Force
$ClientSecretCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $appID, $ClientSecretPass

Connect-MgGraph -TenantId $tenantID -ClientId $appID -ClientSecret $secretValue

$folderParams = @{
    displayName = "Clutter"
    isHidden = $true
}

$users = Get-MgUser -All

foreach ($user in $users) {
    $userId = $user.Id
    Write-Output "Creating folder for user: $($user.UserPrincipalName)"
    try {
        New-MgUserMailFolder -UserId $userId -BodyParameter $folderParams
        Write-Output "Folder created successfully for $($user.UserPrincipalName)"
    } catch {
        Write-Output "Failed to create folder for $($user.UserPrincipalName): $_"
    }
}