ESC
Type to search...
Navigate Open ESC Close

Mail.ReadWrite.Shared

Export JSON
Export CSV
Copy URL
Print
Delegated Read/Write Shared Resources

Allows the app to create, read, update, and delete mail a user has permission to access, including their own and shared mail. Does not include permission to send mail.

Permission data: April 6, 2026 at 4:06 AM UTC
Delegated Access App-Only Access

Permission Details

Delegated Permission User consent allowed

Read and write user and shared mail

Allows the app to create, read, update, and delete mail a user has permission to access, including their own and shared mail. Does not include permission to send mail.

User sees: Allows the app to read, update, create, and delete mail you have permission to access, including your own and shared mail. Does not allow the app to send mail on your behalf.
Permission ID: 5df07973-7d5d-46ed-9847-1271055cbd51

Properties

Microsoft Graph v1.0 mapped-docs

Properties is shown from stable Microsoft Graph v1.0 metadata.

Property Type Description
bccRecipients recipient collection The Bcc: recipients for the message.
body itemBody The body of the message. It can be in HTML or text format. Find out about safe HTML in a message body.
bodyPreview StringNullable The first 255 characters of the message body. It is in text format.
ccRecipients recipient collection The Cc: recipients for the message.
changeKey StringNullable The version of the message.
conversationId StringNullable The ID of the conversation the email belongs to.
conversationIndex Edm.BinaryNullable Indicates the position of the message within the conversation.
createdDateTime DateTimeOffsetNullable The date and time the message was created. , , The date and time information uses ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
flag followupFlag Indicates the status, start date, due date, or completion date for the message.
from recipient The owner of the mailbox from which the message is sent. In most cases, this value is the same as the sender property, except for sharing or delegation scenarios. The value must correspond to the actual mailbox used. Find out more about setting the from and sender properties of a message.
hasAttachments BooleanNullable Indicates whether the message has attachments. This property doesn't include inline attachments, so if a message contains only inline attachments, this property is false. To verify the existence of inline attachments, parse the body property to look for a src attribute, such as <IMG src="cid:[email protected]".
id String Unique identifier for the message.
attachments attachment collection The fileAttachment and itemAttachment attachments for the message.
categories string collection The categories associated with the item
extensions extension collection The collection of open extensions defined for the message. Nullable.

Showing 15 of 35 properties.

JSON Representation

Microsoft Graph v1.0 mapped-docs

JSON representation is shown from stable Microsoft Graph v1.0 metadata.

JSON representation 
{
  "bccRecipients": [
    {
      "@odata.type": "microsoft.graph.recipient"
    }
  ],
  "body": {
    "@odata.type": "microsoft.graph.itemBody"
  },
  "bodyPreview": "string",
  "categories": [
    "string"
  ],
  "ccRecipients": [
    {
      "@odata.type": "microsoft.graph.recipient"
    }
  ],
  "changeKey": "string",
  "conversationId": "string",
  "conversationIndex": "String (binary)",
  "createdDateTime": "String (timestamp)",
  "flag": {
    "@odata.type": "microsoft.graph.followupFlag"
  },
  "from": {
    "@odata.type": "microsoft.graph.recipient"
  },
  "hasAttachments": true,
  "id": "string (identifier)",
  "importance": "String",
  "inferenceClassification": "String",
  "internetMessageHeaders": [
    {
      "@odata.type": "microsoft.graph.internetMessageHeader"
    }
  ],
  "internetMessageId": "String",
  "isDeliveryReceiptRequested": true,
  "isDraft": true,
  "isRead": true,
  "isReadReceiptRequested": true,
  "lastModifiedDateTime": "String (timestamp)",
  "parentFolderId": "string",
  "receivedDateTime": "String (timestamp)",
  "replyTo": [
    {
      "@odata.type": "microsoft.graph.recipient"
    }
  ],
  "sender": {
    "@odata.type": "microsoft.graph.recipient"
  },
  "sentDateTime": "String (timestamp)",
  "subject": "string",
  "toRecipients": [
    {
      "@odata.type": "microsoft.graph.recipient"
    }
  ],
  "uniqueBody": {
    "@odata.type": "microsoft.graph.itemBody"
  },
  "webLink": "string",
  "attachments": [
    {
      "@odata.type": "microsoft.graph.attachment"
    }
  ],
  "extensions": [
    {
      "@odata.type": "microsoft.graph.extension"
    }
  ],
  "multiValueExtendedProperties": [
    {
      "@odata.type": "microsoft.graph.multiValueLegacyExtendedProperty"
    }
  ],
  "singleValueExtendedProperties": [
    {
      "@odata.type": "microsoft.graph.singleValueLegacyExtendedProperty"
    }
  ]
}

Relationships

Microsoft Graph v1.0 mapped-docs

Relationships is shown from stable Microsoft Graph v1.0 metadata.

Relationship Type Description
attachments attachment collection The fileAttachment and itemAttachment attachments for the message.
extensions extension collection The collection of open extensions defined for the message. Nullable.
multiValueExtendedProperties multiValueLegacyExtendedProperty collection The collection of multi-value extended properties defined for the message. Nullable.
singleValueExtendedProperties singleValueLegacyExtendedProperty collection The collection of single-value extended properties defined for the message. Nullable.
bccRecipients recipient collection The Bcc: recipients for the message.
categories string collection The categories associated with the item
ccRecipients recipient collection The Cc: recipients for the message.
internetMessageHeaders internetMessageHeader collection A collection of message headers defined by RFC5322. The set includes message headers indicating the network path taken by a message from the sender to the recipient. It can also contain custom message headers that hold app data for the message. Returned only on applying a $select query option. Read-only.
replyTo recipient collection The email addresses to use when replying.
toRecipients recipient collection The To: recipients for the message.
mentions mention collection A collection of mentions in the message, ordered by the createdDateTime from the newest to the oldest. By default, a GET /messages does not return this property unless you apply $expand on the property.
unsubscribeData string collection The valid entries parsed from the List-Unsubscribe header. This is the data for the mail command in the List-Unsubscribe header if UnsubscribeEnabled property is true.

Graph Methods

Delegated access App-only access
No Learn or OpenAPI mapping available

Microsoft Graph v1.0 endpoints are not available from refreshed Microsoft Learn or Microsoft Graph OpenAPI metadata for this permission.

No API methods available for this version.

No Learn or OpenAPI mapping available

Microsoft Graph beta endpoints are not available from refreshed Microsoft Learn or Microsoft Graph OpenAPI metadata for this permission.

No API methods available for this version.

No Microsoft Learn PowerShell mapping available

Microsoft Graph PowerShell v1.0 commands are not available from refreshed Microsoft Learn PowerShell snippets for this permission.

No deterministic PowerShell command map is available for this permission.

Browse PowerShell docs
No Microsoft Learn PowerShell mapping available

Microsoft Graph PowerShell beta commands are not available from refreshed Microsoft Learn PowerShell snippets for this permission.

No deterministic PowerShell command map is available for this permission.

Browse PowerShell docs

Code Examples

C# / .NET SDK 
using Azure.Identity;
using Microsoft.Graph;

var scopes = new[] { "Mail.ReadWrite.Shared" };
var credential = new InteractiveBrowserCredential(
    new InteractiveBrowserCredentialOptions
    {
        ClientId = "YOUR_CLIENT_ID",
        TenantId = "YOUR_TENANT_ID",
        RedirectUri = new Uri("http://localhost")
    });

var graphClient = new GraphServiceClient(credential, scopes);
var response = await graphClient
    .WithUrl("https://graph.microsoft.com/v1.0/message")
    .GetAsync();
JavaScript 
import { Client } from "@microsoft/microsoft-graph-client";
import { InteractiveBrowserCredential } from "@azure/identity";

const credential = new InteractiveBrowserCredential({
  clientId: "YOUR_CLIENT_ID",
  tenantId: "YOUR_TENANT_ID",
  redirectUri: "http://localhost"
});

const token = await credential.getToken(["Mail.ReadWrite.Shared"]);
const client = Client.init({
  authProvider: (done) => done(null, token.token)
});

const response = await client.api("/message").get();
PowerShell 
Connect-MgGraph -Scopes "Mail.ReadWrite.Shared"
Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/message"
Python 
from azure.identity import InteractiveBrowserCredential
import requests

credential = InteractiveBrowserCredential(
    client_id="YOUR_CLIENT_ID",
    tenant_id="YOUR_TENANT_ID"
)

token = credential.get_token("Mail.ReadWrite.Shared")
response = requests.get(
    "https://graph.microsoft.com/v1.0/message",
    headers={"Authorization": f"Bearer {token.token}"}
)

print(response.json())

App Registration

1

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

2

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

3

Select Permission Type

Choose Delegated permissions and search for Mail.ReadWrite.Shared

4

Grant Admin Consent

Users can consent to this permission during sign-in.