Rescuing Important Emails from the Junk Folder with Microsoft Graph API
Introduction: Because, Of Course, It Had to Be the CEO
Let me paint you a picture: we were managing the Microsoft 365 environment for one of our long-time customers, let’s call them Company A. We had everything running smoothly—mailboxes organized, Teams working like a charm, and security policies in place. You know, the usual IT perfection (or at least close enough!). Then, out of nowhere, Company A gets bought by Company B—another company that was also using Microsoft 365 but on a completely different tenant. I mean, what’s better than managing one tenant? Managing two, of course! 🙄
The plan was simple: assess the current environment, plan the migration, and move over a few hundred—okay, maybe a few thousand—users from Tenant A to Tenant B. Easy, right? Well, it would have been if the CEO of Company B (now CEO of both companies) hadn’t decided to send a heartfelt, company-wide welcome email to all employees from Company A. You know, one of those, “Welcome to the family, let’s make magic happen together” emails.
Sounds nice, right? Except that for some reason, this email didn’t land in everyone’s inbox. Oh no, it decided to take a detour straight into the junk folder of several employees in Tenant A. And of course, it couldn’t be just anyone. Nope—it’s always the CEO, CFO, or some other high-level executive who faces this kind of issue. Why is it always the top brass? I’m convinced it’s the universe’s way of keeping us humble
So there we were, tasked with quietly and efficiently moving the CEO’s email out of the junk folder and into the inbox—without raising any eyebrows, of course. No one needs to know that the new CEO’s warm welcome was rejected by the company’s spam filter
That’s where the Microsoft Graph API comes in to save the day (and our sanity). In this blog, I’m going to walk you through how we used the Graph API to find those misplaced emails and move them to the inbox, all without anyone even noticing. You’ll get code samples, tips, and maybe a few laughs along the way—because, let’s be honest, if we can’t laugh at our IT woes, what else can we do?
Stick around, and I’ll show you how to become the email-moving ninja your CEO desperately needs. Ready? Let’s dive in!
What You’ll Need to Become an Email-Rescuing Ninja
Alright, let’s get into the nitty-gritty of how we’re going to rescue those poor, misplaced emails from the junk folder using the Microsoft Graph API. Before we start flipping bits and bytes, here’s what we’ll be doing (and don’t worry, I’ll walk you through it step by step—funny analogies included).
Step 1: Authenticating with the Graph API (Because We Need the Keys to the Castle Before We Can Move Anything Around)
Before we can start shuffling emails from the junk folder to the inbox, we need permission. Think of it like trying to get into a fancy club—you need to show your VIP pass at the door. In our case, that VIP pass is the OAuth2 access token, which lets us call the Microsoft Graph API to interact with users’ mailboxes.
In this step, we’ll be:
- Setting up app registration in Azure AD (because no API wants to talk to just anyone).
- Getting the appropriate permissions to read and write emails using the Mail. ReadWrite scope.
- Generating our access token, which is like getting the master key to every user’s mailbox. (Don’t worry, we’ll be responsible with this power. It’s not like we’re looking for juicy gossip or anything.)
Step 2: Searching for Those Sneaky Emails in the Junk Folder
Once we’ve got our access token (a.k.a. the keys to the castle), it’s time to go email hunting. The good news is, the Graph API is like a professional detective—it’ll help us track down those misplaced CEO emails that thought they could hide in the junk folder.
We’ll use the API to:
- Search through the JunkEmail folder for emails with specific subjects, senders, or time frames (in this case, our poor CEO’s welcome message).
- Get the email IDs of the junked messages so we know exactly which ones to move.
Think of it like finding that one sock that always goes missing after laundry day. You know it’s there somewhere, hiding in plain sight.
Step 3: Moving Emails to the Inbox—Where They Belong (Like Putting Socks in the SockDrawer After Laundry Day)
Now that we’ve found the elusive CEO email in the junk folder, it’s time to move it where it rightfully belongs—the inbox. This is the digital equivalent of putting socks back in the sock drawer after laundry day. It’s a simple act, but one that makes all the difference in avoiding chaos. 😅
In this step, we’ll:
- Use the Graph API’s move endpoint to relocate the emails from the junk folder to the inbox.
- Make sure everything is neatly organized in its proper place—no more important
emails getting flagged as junk
Step 4: Doing All This Without Tipping Off the Users (Stealth Mode: Activated!)
Finally, we’ve got to make sure all this happens without anyone noticing. No one needs to know that their brand-new CEO’s heartfelt welcome email was considered digital garbage by the spam filter. We’ll move the emails in stealth mode—silent, efficient, and completely under the radar
In this step, we’ll:
- Ensure the users aren’t alerted by unnecessary notifications.
- Keep everything quiet, like a ninja slipping into the shadows after a job well done.
Because the last thing you want is for someone to ask, “Hey, why did the CEO’s email land in junk?”
Step 1: Authenticating with the Graph API (Because No Ninja Gets into the Castle Without the Right Keys)
Alright, warriors, the first step of our mission is to secure access to the Graph API—this is your golden ticket to all the inbox-saving power. But, like any good ninja, we don’t just barge in through the front door. We need to sneak in the right way by grabbing an OAuth2 token that’ll let us call the Graph API like pros. Ready to get your key to the castle? Let’s break it down:
Step 1.1: Registering Your App in Azure AD (The Secret Entrance)
To get started, you need to register your app in Azure Active Directory. This is where we create a stealthy identity for our app, which we’ll use to request the magical token that gives us access.
- Head over to the Azure Portal and sign in.
- In the left-hand menu, click Azure Active Directory.
- Go to App Registrations and hit New Registration.
- Give your app a name (something cool like “NinjaEmailMover”).
- Under Supported account types, select Accounts in this organizational directory only (if you’re only working within your organization).
- For the Redirect URI, choose Public client/native and enter https://login.microsoftonline.com/common/oauth2/nativeclient.
- Click Register, and boom—you’ve just created the app that will let you perform your ninja magic
Step 1.2: Granting Permissions to the App (Power Up)
Now that we’ve registered the app, we need to give it the right
permissions
to read and move emails. Because without the right permissions, our ninja tools are pretty much useless.
- In your newly created app, go to API Permissions.
- Click Add a permission, then choose Microsoft Graph.
- Select Delegated Permissions and check the following:
- Mail.ReadWrite (Allows your app to read and move emails)
- User.Read (This one’s default, and it’s just to read basic user profile info)
- Once you’ve added the permissions, click Grant admin consent to give your app the green light to actually use them.
Now your app has the power it needs to read and move emails. Pretty cool, right? 🔥
No Comments