Overview
In cases where backups are failing for certain folders and/or objects within an Exchange Online mailbox, the logs available from SPortal generally do not include specific details associated with objects which failed to be backed up.
Some examples of the missing data that can be helpful for troubleshooting issues is the subject line of an email and the name(s) of attachments.
The purpose of this article is to provide the steps on how to utilize PostMan to get information related to Exchange Online mailboxes and/or Exchange Online mailbox objects and attachments.
The use of PostMan requires an enterprise application to be utilized. The requirement of the enterprise application can also help to validate that the API call(s) are successfully executed with an enterprise application from a customer's instance of Microsoft Entra ID/Azure Active Directory since inSync utilizes enterprise applications.
Reference Link: https://learn.microsoft.com/en-us/graph/use-postman/
Requirements:
The PostMan application needs to be installed.
Download Link: https://www.postman.com/downloads/
2. Access to a Microsoft Entra ID/Azure Active Directory portal with an account that has the “Global Administrator” role.
Resolution
Section 1 - Obtain the inSync client ID and secret(API Credentials):
To start the process, we first need to generate API credentials from the inSync console. The steps to create the API credentials can be found at the link below.
Reference Link: Create and Manage API Credentials | Druva | Documentation.
Section 2 - Create The Enterprise Application
From the “Overview” page of the Microsoft Entra ID/Azure Active Directory portal, expand the “Manage” menu on the left hand side of the page and click on the “Enterprise Applications” link.
2. On the following page, please click on the “Create your own application” link as displayed below.
3. Enter the name of the application in the “Input Name” field. Select the “Register an application to integrate with Microsoft Entra ID (App you’re developing)” option within the “Create your own application” window.
4. Click on the “Create” button at the bottom of the “Create your own application” window. After the application is created you will be redirected to the “Register an application” page.
On the “Register an application” page, please select the option as displayed in the image below and then click on the “Register” button at the bottom of the page.
NOTE: This option selected below is generally already selected by default.
5. The enterprise application requires certain permissions to be able to read users data utilizing the Graph API as well as mailbox data from Exchange Online.
Under the “Manage” menu of the Microsoft Entra ID overview page, please click on the “App registrations” link under the “Manage” menu.
Locate the app registration for the relevant application and click on the applications name to open the app registrations page.
On the app registration page for the application, please click on the “API Permissions” link under the “Manage” menu as displayed below.
On the “API Permissions” page, use the “Add Permission” button to add each of the following permissions.
The following window will open after clicking on the “Add Permission” button. Click on “Microsoft Graph” in the section highlighted in the image below.
After clicking on the “Microsoft Graph” link above in the previous step, click on the “Application permissions” button that appears on the next window. Below is a screenshot of what this window will look like.
After clicking on the “Application permissions” button, a search bar will appear that will provide the ability to search for each permission sent required.
After selecting all of the permissions displayed in the image below, please click on the “Add permissions” button.
Required Permissions:
After the required permissions have been added, please click on the “Grant admin consent for <Microsoft Entra ID/Azure Instance Name Goes Here>” button. Below is a screenshot for reference.
If the admin consent has been granted successfully, the “Status” column for each permission will display “Granted for <Microsoft Entra ID/Azure Instance Name Goes Here>”.
Section 3 - Create the client secret ID and value
Open the main menu within the Microsoft Entra ID portal by clicking on the menu icon on the top, left hand corner of the page and click on the “Microsoft Entra ID” link.
2. While on the “Overview” page for your Microsoft Entra ID instance, please click on the “App registrations” link within the “Manage” menu on the left hand side of the page.
3. Locate the enterprise application that was created and click on its name to load the applications registration page.
4. On the left hand side of your applications registration page will be a link labeled “Certificates & secret” within the “Manage” drop down menu. Please click on this link.
5. On the “Certificates & secrets” page, please click on the “New client secret” link, define the name of the client secret and duration for the expiration time frame.
The “Add a client secret” window will contain the following fields. Once the fields are filled in and configured, please click on the “Add” button at the bottom of this window.
Once the client secret has been created, copy the values in the “Value” and “Secret ID” columns and store them in a secure and easily accessible location. The client secret ID and value will be required later on in this process.
Section 4 - Generate the “Bearer” token:
To generate the “Bearer” token, we will need to know the tenant ID of the Microsoft Entra ID instance. The tenant ID is displayed on the “Overview” page when clicking on “Microsoft Entra ID” from the home page.
After obtaining the tenant ID it will need to be entered into the following URL: https://login.microsoftonline.com/<Microsoft Entra ID Tenant ID Goes Here>/oauth2/v2.0/token.
Enter the URL from step B into the address bar.
Use the drop down menu to the immediate left of the address bar to set the request type to “POST”.
4. Click on the “Send” button to the immediate right of the address bar to generate the token. The token details will be displayed under the “Body” tab of PostMan.
Section 5 - Execute the Graph API Call Through PostMan
Open PostMan and create a new request tab.
The default request type is a “GET” request. The request type can be left as-is.
Click on the “Body” tab and select the option “x-www-form-urlencoded” as displayed below.
4. Create the following keys under the “Body” tab.
Client_id - Application (Client) ID from the “App registrations page for the newly created enterprise application.
Grant_type - Enter the value “client_credentials” without the double quotation marks.
Scope - Enter the value of “https://graph.microsoft.com/.default” without the double quotation marks.
Client_secret - Enter the secret key created for the app registration of the enterprise application.
5. Enter the URL “https://login.microsoftonline.com/<Microsoft Entra ID Tenant ID Goes Here>/oauth2/v2.0/token” in the address bar.
6. After entering the required values as described above, please click on the “Send” button. If the execution is successful, the output in the “Body” section will look similar to the output in the screenshot below.
7. Copy the value of the access token without the double quotation marks or the entire output and store it somewhere for use in the next section.
Section 6 - Simulate The Graph API Execution Through The Enterprise Application Created.
Open a new request tab within PostMan.
Ensure that the request type is set to “GET”.
The URL being utilized for the API call will vary depending on what information is required. When you are ready to execute the Graph API, click on the “Send” button to the right of the address bar.
Below are some URL examples with an explanation of their purpose.
Example 1 - Retrieve User Information For The Mailbox:
Example 2 - Retrieve Folder Details Such As Folder Name, Parent Folder ID,a Child Folder Count, Unread Item Count, Total Item Count, Size In Bytes and whether the folder is hidden:
Example 3 - List All Mailbox Folders:
Example 4 - List Folder Messages And Corresponding Information For A Particular Mailbox Folder:
URL: https://graph.microsoft.com/v1.0/users/<user email>/mailFolders('AAMkADVkZDYyMDABm0_PIGJ89TbZHQa7l9qtHAQA18ytEvZIES7A1c4Urlm7jAAAAAAEMAAA=')/messages