26 February, 2019

Downloading .eml message content from the Microsoft Graph API

In order to report spam to Cert NZ and our upstream filter provider, I need to get copies of the mail messages with their original headers.

I used to do this with PowerShell, but the Exchange with Office 365 glue seems to be tearing apart with each change Microsoft make to their authentication systems. So here's a python script to pull it out via the Graph API instead:

https://gist.github.com/jlaundry/237032730c8549a6a73058e290a9407f

The API endpoint that allows us to do this is currently in Beta, and thanks to the Microsoft team for implementing this!

To get started:

  1. Go to https://apps.dev.microsoft.com/#/appList (with a Global Admin account) and register a new Converged application. Converged apps are so hot right now.
  2. Grant it the Mail.ReadWrite.All and User.Read.All Application Permissions, and don't forget to grant consent for your whole org.
  3. Create a new secret. Keep it safe.
  4. Replace the <tenant> and <app ID> with your tenant name and the Application Id from the registration
  5. Run it: python download_eml.py "[email protected]" "totally not spam"