Send Mail via Exchange Online
Requirements: Authentication header is needed to use this script and API.
Basic API information
This API can either be used to send a mail out of the mailbox of a user (application permission needed):
POST https://graph.microsoft.com/v1.0/users/<userprinciplename>/sendMail
Or to send mails out of the own mailbox (delegated permission needed):
POST https://graph.microsoft.com/v1.0/me/sendMail
JSON Body
{
"message": {
"subject": "<subjectofemail>",
"body": {
"contentType": "Text",
"content": "<contentofemail>"
},
"toRecipients": [
{
"emailAddress": {
"address": "<recipientemail1>"
}
},
{
"emailAddress": {
"address": "<recipientemail2>"
}
}
],
"ccRecipients": [
{
"emailAddress": {
"address": "<ccrecipientemail1>"
}
},
{
"emailAddress": {
"address": "<ccrecipientemail2>"
}
}
]
},
"saveToSentItems": "true"
}
HTTP Response
The HTTP Response in a successful submission is:
202 Accepted
Permissions
This script uses Graph API and authenticates with an App Registration, so it can be used in application permission mode to send mails out of automated powershell scripts. The App Registration needs the following Microsoft Graph permission:
Mail.Send
This permission can be set either as application permission or as delegated permission.
PowerShell script
This PowerShell script sends an email to specified people in Recipients and CCRecipients variables. The subject, senderupn and content of the mail can be provided on the function "Send-Mail".
function Send-Mail {
param (
[String]$SenderUPN,
[String]Array]$Recipients,
[String]Array]$CCRecipients,
[String]$Subject,
[String]$Content
)
$MailBodyJSON = @"
{
"message": {
"subject": "$Subject",
"body": {
"contentType": "Text",
"content": "$Content"
},
"toRecipients": [],
"ccRecipients": []
},
"saveToSentItems": "true"
}
"@
$MailbodyObject = ConvertFrom-JSON $MailBodyJSON
Foreach($Recipient in $Recipients){
$RecipientBodyJson = @"
{
"emailAddress": {
"address": "$Recipient"
}
}
"@
$RecipientBodyObject = ConvertFrom-JSON $RecipientBodyJson
$MailbodyObject.message.toRecipients += $RecipientBodyObject
}
Foreach($CCRecipient in $CCRecipients){
$CCRecipientBodyJson = @"
{
"emailAddress": {
"address": "$CCRecipient"
}
}
"@
$CCRecipientBodyObject = ConvertFrom-JSON $CCRecipientBodyJson
$MailbodyObject.message.ccRecipients += $CCRecipientBodyObject
}
$MailoutputbodyJson = ConvertTo-JSON $MailbodyObject -Depth 10
Write-Host "Sending Mail to $Recipient and $CCRecipient (CC)."
Invoke-RestMethod -Method Post -Uri "https://graph.microsoft.com/v1.0/users/$SenderUPN/sendMail" -Headers $Header -ContentType "application/json" -Body $MailoutputbodyJson
}
$Recipients = @("<recipient1>","<recipient2>")
$CCRecipients = @("<ccrecipient1>","<ccrecipient2>")
Send-Mail -SenderUPN "<senderupn>" -Recipients $Recipients -CCRecipients $CCRecipients -Subject "<subject>" -Content "<content>"
Use Case
This Script can be used in any automation script to send mails securely over the Microsoft Graph API. This is an easy to use mechanism to modernize a script with modern authentication.
Example:
In a Runbook you can get all App Registrations and check for each one if the secret is soon to be expire. If the secret expires in X days, it sends a reminder mail to the owner(s) of the App Registration.