To get messages for all users in the organization you can use either a delegated flow or a client credential flow.
With the delegated flow you request access for all users in the organization using the admin consent endpoint, and administrator consents to the app on-behalf of all the users in the organization and when the users interact with the app they get no consent UI and the app can get an access token for the user that has delegated permissions to the app and the resource it requested. Here is the article that describes how to do it: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-v2-scopes#admin-restricted-scopes
The second option is more suitable if you are building a non-interactive application, like a service daemon, in this case you use can access the data only with the identity of the application. Here is the article that describes how to do the client credentials flow: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-v2-protocols-oauth-client-creds
With either approach to access mailboxes you request the Mail.Read permission and then make the request to the https://graph.microsoft.com/v1.0/users(userId|UPN)/messages endpoint.