Skip to main content

Send Mail via Exchange Online

Requirements: Authentication header is needed to use this script and API.

Basic API information

This API can either be used to send a mail out of the mailbox of a user (application permission needed):

POST https://graph.microsoft.com/v1.0/users/<userprinciplename>/sendMail

Or to send mails out of the own mailbox (delegated permission needed):

POST https://graph.microsoft.com/v1.0/me/sendMail

JSON Body

{
    "message": {
        "subject": "<subjectofemail>",
        "body": {
            "contentType": "Text",
            "content": "<contentofemail>"
        },
        "toRecipients": [
            {
                "emailAddress": {
                    "address": "<recipientemail1>"
                }
            },
            {
                "emailAddress": {
                    "address": "<recipientemail2>"
                }
            }
        ],
        "ccRecipients": [
            {
                "emailAddress": {
                    "address": "<ccrecipientemail1>"
                }
            },
            {
                "emailAddress": {
                    "address": "<ccrecipientemail2>"
                }
            }
        ]
    },
    "saveToSentItems": "true"
}

HTTP Response

The HTTP Response in a successful submission is:
202 Accepted

Permissions

This script uses Graph API and authenticates with an App Registration, so it can be used in application permission mode to send mails out of automated powershell scripts. The App Registration needs the following Microsoft Graph permission:

Mail.Send

This permission can be set either as application permission or as delegated permission.

PowerShell script

This PowerShell script sends an email to specified people in Recipients and CCRecipients variables.  The subject, senderupn and content of the mail can be provided on the function "Send-Mail".

function Send-Mail {

  param (
      [String]$SenderUPN,
      [String]$Recipients,
      [String]$CCRecipients,
      [String]$Subject,
      [String]$Content
  )

  $MailBodyJSON = @"
{
  "message": {
    "subject": "$Subject",
    "body": {
      "contentType": "Text",
      "content": "$Content"
    },
    "toRecipients": [],
    "ccRecipients": []
  },
  "saveToSentItems": "true"
}
"@

  $MailbodyObject = ConvertFrom-JSON $MailBodyJSON
  Foreach($Recipient in $Recipients){
      $RecipientBodyJson = @"
{
  "emailAddress": {
      "address": "$Recipient"
  }
}
"@
      $RecipientBodyObject = ConvertFrom-JSON $RecipientBodyJson
      $MailbodyObject.message.toRecipients += $RecipientBodyObject
  }

  Foreach($CCRecipient in $CCRecipients){
      $CCRecipientBodyJson = @"
{
  "emailAddress": {
      "address": "$CCRecipient"
  }
}
"@
      $CCRecipientBodyObject = ConvertFrom-JSON $CCRecipientBodyJson
      $MailbodyObject.message.ccRecipients += $RecipientBodyObjectCCRecipientBodyObject
  }

  $MailoutputbodyJson = ConvertTo-JSON $MailbodyObject -Depth 10



  Write-Host "Sending Mail to $Recipient and $CCRecipient (CC)."
  Invoke-RestMethod -Method Post -Uri "https://graph.microsoft.com/v1.0/users/$SenderUPN/sendMail" -Headers $Header -ContentType "application/json" -Body $MailBody
}

$Recipients = @("<recipient1>","<recipient2>")
$CCRecipients = @("<ccrecipient1>","<ccrecipient2>")

Send-Mail -SenderUPN "<senderupn>" -Recipients $Recipients -CCRecipients $CCRecipients -Subject "<subject>" -Content "<content>"

Use Case

This Script can be used in any automation script to send mails securely over the Microsoft Graph API. This is an easy to use mechanism to modernize a script with modern authentication.

Example: 

In a Runbook you can get all App Registrations and check for each one if the secret is soon to be expire. If the secret expires in X days, it sends a reminder mail to the owner(s) of the App Registration.