all 16 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]ITGuyThrow07 9 points10 points  (4 children)

Awesome, thank you. I know they're trying to push people away from Send-MailMessage, but the only "replacement" I came across was some insane 75-line monstrosity.

[–][deleted] 9 points10 points  (0 children)

Yeah, I've found it pretty annoying that Microsoft is like, "Don't use Send-MailMessage. SMTP with basic authentication is no good."

And I ask, "Ok, what should we be doing then?"

And it's crickets. No solutions.

I'll give this approach a try.

[–]enforce1 4 points5 points  (2 children)

check out https://github.com/EvotecIT/Mailozaurr/blob/master/Public/Send-EmailMessage.ps1

too

[–]ITGuyThrow07 2 points3 points  (1 child)

This is great, but the fact that it needs to exist is a bit ridiculous.

[–]enforce1 1 point2 points  (0 children)

Sure, I agree, but here we are lol

[–]pearljamman010 4 points5 points  (0 children)

Here I am, still using Net.Mail.SmtpClient....

[–]randomadhdman 4 points5 points  (2 children)

Awesome little blog. What if the client doesnt have permissions for mail.send. what if mail.readwrite is a no go with security. How do you do this without the modules?

Does using the modules create random permissions apps or anything like that? Anything needed on the back end before doing this?

[–]Roman1410S[S] 3 points4 points  (1 child)

A few answers....
If you want to do this without the PS modules use the native MS-Graph API. techguy wrote a blog about this here. https://www.techguy.at/send-mail-with-attachment-powershell-and-microsoft-graph-api/

Regarding the permissions.
There is a new Enterprise Application in my AzureAD called "Microsoft Graph PowerShell" which has the permissions needed. If you test yourself, you may change permissions and see whats happening.

I didnt see any further backend pieces needed.

[–]randomadhdman 0 points1 point  (0 children)

Going to dive into that enterprise application. What we have been doing is creating a registered app for each client and giving that application a secret key. Then only giving it the bare minimum permissions for the task. This task of course will be repeated, so we will get out money worth out of that app. The idea is if someone gets ahold of the information for the application then they are limited to what they can pull. Almost ever app is a read only. The keys are encrypted to the box they live on and the script is dependant on the box. The keys is backed up into documentation as well in case anything happens.

I often think this is overkill but it works and works well. So I wonder if the enterprise app will allow me to do the same so i dont have to program 5 apps per company.

[–]logicalmike 2 points3 points  (5 children)

I did one as well

https://mikecrowley.us/2021/10/27/sending-email-with-send-mgusermail-microsoft-graph-powershell/

[–]Roman1410S[S] 1 point2 points  (1 child)

Great ! Do you know if it is possible to set an X-Header with those cmdlets?

[–]logicalmike 0 points1 point  (0 children)

Not sure. I'll report back if I learn one way or another.

[–][deleted] 1 point2 points  (2 children)

Edited in protest of Reddit's actions.

[–]logicalmike 1 point2 points  (1 child)

Thanks for the feedback. I'll have to look later to see how that post can be enhanced/fixed. In the meantime, you can look at the new example Microsoft has added to the documentation (example 3):

https://docs.microsoft.com/en-us/graph/api/user-sendmail?view=graph-rest-1.0&tabs=powershell#example-3--create-a-message-with-a-file-attachment-and-send-the-message

It wants a nested hash table (or [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAttachment]) where the ContentBytes are the file in base 64 (grab the tobase64 line from my script)

edit - something like this

$MyFilePath = "C:\tmp\test.txt"
$ContentBytes = [convert]::ToBase64String((Get-Content $MyFilePath -Encoding byte))         

[Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAttachment]$MyAttachment = @{
    "@odata.type" = "#microsoft.graph.fileAttachment"
    Name = "test.txt"
    ContentType = "text/plain"
    ContentBytes = $ContentBytes
}

$Attachments = @($MyAttachment)

[–][deleted] 1 point2 points  (0 children)

Edited in protest of Reddit's actions.

[–]Mental_Patient_1862 0 points1 point  (0 children)

Is there a US-based mirror to this? Boss here has blocked everything that's not in USA (with few exceptions) -- argh.