Sometimes it’s useful to send emails using PowerShell.
Maybe you want your scheduled PowerShell script to send status notifications to admins.
Maybe you want to use it as proof of concept to verify settings for sending mail.
In my scenario, I wanted to verify that I could successfully use an application mailbox to send from a shared mailbox.
This would allow my customer to move their custom application mail flow to Office 365 securely. Which again would let them to GET RID OF EXCHANGE ON-PREMISES.
(Hint: if you too are interested in getting rid of your on-premises Exchange Server, have a look at Easy365Manager)
Prerequisites to Automate Sending Emails With PowerShell
To send emails using PowerShell, you can use the Send-MailMessage CmdLet. Although Microsoft state it as “obsolete”, this is the only tool readily available on your standard Windows client or server.
Some prerequisites need to be taken care of, though:
- The application mailbox must be allowed to access Office 365 with Authenticated SMTP.
- If you want to automate your script, you must disable MFA on your mailbox account (or use an application password).
- If you’re going to automate your script you should store the password securely on disk (read this).
- If you want to use your application mailbox to send from various shared mailboxes, you must delegate “SendAs” on the shared mailbox.
PowerShell Script Supporting SendAs
After you’ve configured the pre-requisites, allow some time for them to seep through the Office 365 infrastructure (may take a few minutes).
Finally, the following script shows you how to use PowerShell to authenticate with TLS to Office 365 and send an email as a shared mailbox:
# PoC - send email from shared mailbox using application mailbox. # Pre-req's: # - Application mailbox must be disabled for MFA (or have application password) # - Application mailbox must be enabled for SMTP authentication # - Application mailbox must have "Send As" permissions on shared mailbox [System.Net.ServicePointManager]::SecurityProtocol = 'Tls,TLS11,TLS12' $From = "Customer Feedback <Customer.Feedback@azure.skrubbeltrang.com>" $To = "Tycho Brahe <firstname.lastname@example.org>" $Subject = "Awesome!" $Body = "Your website is excellent, thank you!" $UserName = "email@example.com" $Password = ConvertTo-SecureString "$ecretPassw0rd" -AsPlainText -Force $Creds = new-object -typename System.Management.Automation.PSCredential -argumentlist $UserName, $Password Send-MailMessage -From $From -To $To -Subject $Subject -Body $Body -Credential $Creds -SmtpServer 'smtp.office365.com' -Port 587 -UseSsl
As seen in the mail header of the received mail, the delegation works like a charm. The email was sent from the Customer Feedback shared mailbox using the application mailbox credentials:
Message Sent With SendAs Not Appearing in Sent Items
By default, any message sent using the SendAs permissions will only appear in the sent items of the mailbox that was delegated access.
If you want the message to also be available in the sent items folder of the shared mailbox you need to configure the shared mailbox with the following setting:
set-mailbox 'customer.feedback' -MessageCopyForSentAsEnabled $True
When this command is executed, you’ll find the sent email in the sent items folder of the application mailbox and the shared mailbox (as seen in the sample code above).