403 Access Denied when accessing other users' mailboxes

[luckman212]

I've been trying to use this script and other various flavors of Get-MgUserMailboxSetting and GET /users/{user_id}?$select=mailboxSettings... Just keep hitting a wall with a 403 permission error. Anyone else having any luck?

Access is denied. Check credentials and try again.  Status: 403 (Forbidden) ErrorCode: ErrorAccessDenied

It works when I query my own mailboxSettings, but I can't retreive the settings for any other users in the Org. I am global admin and have connected to MgGraph with the MailboxSettings.Read and MailboxSettings.ReadWrite scopes, among others.

[luckman212]

Maybe related: https://martin-machacek.com/blogPost/77d247ca-4c08-4782-b62d-57634a0c66de seems like a custom Azure App may be required...

[luckman212]

related: microsoftgraph/msgraph-sdk-powershell#2120

[luckman212]

[MartinM85]

What I remember from my testing, with delegated permission MailboxSettings.Read or MailboxSettings.ReadWrite, you can't read mailbox settings of other users.

I have never found any note about this in the Graph doc, only in the description of the permission MailboxSettings.Read, similar to your screenshot.

It works with application permission MailboxSettings.Read.

[luckman212]

I am not sure I know how to set up and authenticate as the custom application (yet). Will have to research that, thank you