How to config Azure AD app for email automation

Question

I am using the below script for sending email using azure AD portal app but getting 403 response error. could someone please help to config azure AD app registered in the portal or any changes in below code to send email automatically.

I have added the below API Permissions at Azure AD App and Redirect URI also to my account. https://login.microsoftonline.com/common/oauth2/nativeclient

IMAP.AccessAsUser.All, Mail.Read, Mail.Read, Mail.Read.Shared, Mail.ReadBasic, Mail.ReadBasic, Mail.ReadBasic.All, Mail.ReadWrite,
Mail.ReadWrite, Mail.ReadWrite.Shared, Mail.Send, Mail.Send, Mail.Send.Shared, MailboxSettings.Read, MailboxSettings.ReadWrite, Offline_access, POP.AccessAsUser.All, SMTP.Send
User.Read

Is the app with the admin consent able to access all the mailboxes in the organization or we can restrict the access to a particular mailbox (if we can do so, could you please explain how).

import requests
def ebiw_check() -> None:
    """
    Checks EBIW Application access.
    Returns: None
    """
    try:
        data = {
            'tenant': 'tenant_id',
            'client_id': 'client_id',
            'client_secret': 'secret_id',
            'grant_type': 'client_credentials',
            'scope': 'https://graph.microsoft.com/.default'}
        # url to fetch the microsoft token
        #url = 'https://login.microsoftonline.com/tenant_id/oauth2/v2.0/authorize'
        url = "https://login.microsoftonline.com/tenant_id/oauth2/v2.0/token"
        response = requests.post(url, headers=data, data=data, timeout=60).json()
        print("Token fetched Successfully")
        url = 'https://graph.microsoft.com/v1.0/users/sender_mail_id/sendmail'
        body = {
            "message": {
                "subject": "Meet for meeting?",
                "body": {
                    "contentType": "Text",
                    "content": "The new cafeteria is open."
                },
                "toRecipients": [
                    {
                        "emailAddress": {
                            "address": "reciver_email_id"
                        }
                    }
                ],
            },
            "saveToSentItems": "true"
        }
        header = {
            "Authorization": "Bearer " + response["access_token"],
            'Content-Type':"application/json"
        }
        import json
        # read mail
        #res = requests.get('https://graph.microsoft.com/v1.0/users/email_id/messages', headers=header)
        # send mail
        import urllib3



       urllib3.disable_warnings()
        response = requests.post(url, data=json.dumps(body), timeout=20, headers=header, verify=False)
        print(response)
    except Exception as e:
        print(e)



ebiw_check()```

Answer 1

I tried to reproduce the same in my environment and got the same error as below:

Please Note: while using client credentials grant type you need to grant Application permissions and make sure to grant admin consent for the added permissions.

And I have added application permission and granted admin consent.

After granting the Application permissions I got result successfully, and returns 202 Accepted as response code.

Reference: user: sendMail - Microsoft Graph v1.0 | Microsoft Docs