Send mail using Azure Automation, PowerShell and a managed identity

In this post I will explain how to send a mail through Azure Automation using PowerShell and a managed identity.

The solution

1. Use Azure Automation account 

2. Configure it with system managed identity

3. Add send mail permission

4. Add a Runbook (script)

5. Send mail through the runbook

Sources to download

Click on the below GitHub picture to get following files:

- Assign_permissions.ps1

- Runbook.ps1

Adding permissions

In this step we need to add permission on the managed identity to send a mail.

For that we need to add the Send.Mail permission with Microsoft Graph.

Given that it's a managed identity we can not add permission through the Azure portal.

We need to use PowerShell for that.

The PowerShell script for that is this one.

The next step is to identity on on which SharePoint site the MI should have access.

Creating Automation the account

1. Go to Azure portal

2. Go to Automation accounts

3. Click on Create

4. Type a name

5. Choose a Subscription, Resource group, region

6. Click on Create

Setting Managed Identity

1. Go to your automation account

2. Go to Identity

3. Go to System assigned

4. Select On

5. Click on Save

6. Click on Yes

Authenticating to Microsoft Graph

The first step is to authenticate to Graph through the managed identity.

For that we will use the following cmdlet:

Connect-MgGraph -Identity 

Sending mail 

To send a mail we will use the Send-MgUserMail cmdlet.

Here is the code to send a basic mail:            

Here is the code to send mail with attachment: