Share via

[SPFx + Microsoft Graph] Cannot send email when guest user is logged in — "mailbox is inactive or hosted on-premise" — Is there an official solution?

Haritha Errolla 0 Reputation points
2026-05-24T12:00:19.5533333+00:00

Hi Community,

I am building an SPFx web part that sends a test email to the currently logged-in user using Microsoft Graph. The web part works perfectly for internal users, but fails when a guest user is logged in.

Web Part Behavior

  • From field → Internal user email address, configured in the web part property pane (e.g. <PII removed>``@xyz.onmicrosoft.com)
  • To field → Auto-populated by calling GET /me on Microsoft Graph to fetch the logged-in user's email address
  • Send button → Calls POST /me/sendMail via MSGraphClientV3 with Mail.Send delegated permission

Code Used (Microsoft Graph — Delegated)

import { MSGraphClientV3 } from '@microsoft/sp-http';

const graphClient: MSGraphClientV3 =
  await this.props.context.msGraphClientFactory.getClient('3') as MSGraphClientV3;

await graphClient.api('/me/sendMail').post({
  message: {
    subject: 'Test Email from SPFx Web Part',
    body: { contentType: 'HTML', content: '<p>This is a test email.</p>' },
    toRecipients: [
      { emailAddress: { address: toEmail, name: displayName } }
    ]
  },
  saveToSentItems: true
});

Permission requested in package-solution.json:

"webApiPermissionRequests": [
  { "resource": "Microsoft Graph", "scope": "User.Read" },
  { "resource": "Microsoft Graph", "scope": "Mail.Send" }
]

Result

User TypeResultInternal user (has Exchange Online mailbox)Email sent successfully----------------Internal user (has Exchange Online mailbox)Email sent successfullyGuest user (no Exchange mailbox in tenant)Error: "The mailbox is either inactive, soft-deleted, or is hosted on-premise"
Root Cause I identified
POST /me/sendMail with delegated Mail.Send uses the signed-in user's Exchange mailbox as the sender. Guest users invited into Azure AD do not get an Exchange Online mailbox in the tenant. So Graph cannot find a mailbox to send from when the guest's access token is used, regardless of what email address is written in the From field of the message body.

What I Already Tried

  1. POST /me/sendMail — fails for guests (no mailbox)
  2. SP.Utilities.Utility.SendEmailretired by Microsoft (ref: https://support.microsoft.com/en-us/office/retirement-of-the-sharepoint-sendemail-api-b35bbab1-7d09-455f-8737-c2de63fe0821)
  3. POST /users/{internalUser}/sendMail with guest token, fails, guest token has no Send As rights on the internal mailbox

My Questions

  1. Is there an official supported approach within SPFx to send email when a guest user is the one triggering the action?
  2. Can Mail.Send Application permission be used in SPFx without a backend service?

Would really appreciate any guidance or official documentation pointers from the community.

Thank you!

Microsoft 365 and Office | SharePoint | Development
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Teddie-D 16,370 Reputation points Microsoft External Staff Moderator
    2026-05-25T00:30:18.1933333+00:00

    Hi @Haritha Errolla

    Thanks for documenting your findings so clearly. Your observation is correct. 

    According to Microsoft documentation, delegated Mail.Send allows an app to send mail as the signed-in user and save a copy to that user’s Sent Items. Because /me/sendMail executes in the context of the signed-in user, that user must have a mailbox in Exchange Online. Guest users typically do not have a mailbox in the host tenant, so the mailbox-not-found error you’re seeing is expected.  

    To answer your two questions: 

    1.Is there an official supported approach within SPFx to send email when a guest user triggers the action? 

    There is no supported client-side SPFx-only method to send mail through Microsoft Graph on behalf of a guest user when that guest does not have a mailbox in the tenant. 

    The supported approaches are to move the actual mail sending outside the guest user context, for example: 

    Option 1: SPFx + backend service 

    Use the SPFx web part only to trigger the action, then call a backend service such as Azure Functions or Azure App Service API 

    The backend authenticates with application permissions (Mail.Send) and sends mail using POST /users/{mailbox-user-id}/sendMail 

    This ensures mail is sent from a valid mailbox, independent of the guest user’s context.

    For detailed implementation of the Azure Function approach, you can create a separate thread in this community using the Azure Functions/Microsoft Graph tags to get more focused guidance. 

    Option 2: SPFx + Power Automate 

    A very common pattern is Guest clicks button in SPFx > SPFx calls flow > Power Automate sends email  

    -The email can be sent from a shared mailbox or service account.  

    -This approach avoids custom backend code and works for both internal and guest users.  

    Because this forum doesn’t currently have a dedicated tag for Power Platform, you may find more targeted help by posting in the Microsoft Power Platform Community. It’s an active space with knowledgeable members who can walk you through troubleshooting steps and share their experiences. 

    2.Can Mail.Send application permission be used directly in SPFx without a backend service? 

    No. Mail.Send application permission cannot be used directly from SPFx client-side code, because SPFx runs in the browser and only acquires delegated user tokens. App-only permissions require a confidential client using a client secret or certificate), which must be handled by a backend service. 

    For scenarios where guest users need to trigger email sending, the supported approach is usually to have SPFx call a backend service or workflow. 

    I hope this information is helpful.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".   

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.  

    Was this answer helpful?

    2 people found this answer helpful.

  2. AI answer

    2026-05-24T12:00:40.1866667+00:00

    There is no supported way in SPFx to make a guest user send mail via Microsoft Graph using delegated Mail.Send when that guest does not have an Exchange Online mailbox in the tenant. The behavior seen is expected: /me/sendMail always uses the signed-in user’s mailbox, and guest accounts do not have one.

    Key points from the Graph mail model:

    • The Send mail API sends from the mailbox associated with the identity in the access token.
    • For sending “as another user” (for example, a shared mailbox or group), Graph still requires that the signed-in identity has the appropriate mailbox permissions and that the mailbox exists in Exchange Online.
    • Setting the from property on the message only works when the signed-in user already has mailbox permissions to that mailbox; it does not bypass the requirement for the caller to have a mailbox.

    From the documented pattern for sending as another user:

    • To send from another user or group, the app sets the from property on the message to that address, and Graph “sets [the sender] appropriately, based on the mailbox permissions granted to the user who has signed in.”
    • This still assumes the signed-in user is a mailbox-enabled identity in Exchange Online.

    Given that, the answers to the specific questions are:

    1. Official supported approach in SPFx when a guest triggers the action
      • SPFx uses delegated permissions via the current user’s token. For guests without a mailbox, /me/sendMail cannot succeed because there is no mailbox to send from.
      • The documented and supported Graph pattern for sending mail (including “send as another user”) requires a mailbox-enabled identity. There is no documented workaround in SPFx that allows a non–mailbox-enabled guest account to send mail directly via Graph.
    2. Using Mail.Send application permissions in SPFx without a backend
      • SPFx’s built-in Graph integration (via MSGraphClientV3) is designed for delegated permissions and user-context calls.
      • Application permissions (Mail.Send app-only) are not exposed directly through MSGraphClientV3 in SPFx; they require an app identity and typically a secure backend or Azure AD–registered application that can safely hold secrets and use app-only tokens.
      • The provided SPFx guidance focuses on delegated scopes (for example, Mail.Read in the sample) and does not describe using app-only Mail.Send directly from SPFx.

    Therefore, with the information available, there is no officially documented SPFx-only pattern that allows a guest user (without an Exchange Online mailbox) to trigger sending email via Graph using either delegated Mail.Send or app-only Mail.Send without involving a separate backend or service.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.