mirontoli · February 8, 2024 10:25
diff --git a/send-email.ps1 b/send-email.ps1
 # Configuration
 #$clientId = "80af6542-67be-49fe-8b06-d574e318fe78"          # Replace with your client ID from Azure Portal
 $clientId = "7c98abdd-386f-4aa8-881d-608edf021971" # tolle-aap_2024-02-05_unrestricted
 # $clientSecret = "7lD8Q~TST16s1aZcC84O5hchtuO5AhzQSjl9gcqp"  # Replace with your client secret from Azure Portal
 $clientSecret = ".Cu8Q~T89P6JlSEye63FNsoLspLTPWSb0B3MJcQ"
 $tenantId = "12f488e2-8612-483f-ac92-10d86b99f9e3"          # Replace with your tenant ID
 $recipientEmail = "[email protected]"  # Replace with the recipient's email address
 # $fromEmail = "[email protected]" 
 $userId = "3cf384a6-a354-44e1-9f96-01e843c50945" # tolle-aap- user
 $fromEmail = "[email protected]"
 $fromEmail = "[email protected]" # M365 Group Mailbox
 $userId = "13d1ab7d-45f4-4712-9476-b0c8bd7bc0c3" #Adelev
 # $userPrincipalName = $fromEmail

 $tokenEndpoint = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
 $body = @{
    grant_type    = "client_credentials"
    client_id     = $clientId
    client_secret = $clientSecret
    scope         = "https://graph.microsoft.com/.default"
 }

 $response = Invoke-RestMethod -Uri $tokenEndpoint -Method Post -Body $body
 $accessToken = $response.access_token

 # Compose the email subject and body
 $subject = "Test Email from PowerShell" + $(get-date).Ticks
 $body = "This is a test email sent from PowerShell using Microsoft Graph API."
 #$sender = $fromEmail
 $graphApiEndpoint = "https://graph.microsoft.com/v1.0/users/$userId/sendMail"
 $headers = @{
    Authorization  = "Bearer $accessToken"
    "Content-Type" = "application/json"
 }

 $emailData = @{
    message = @{
        subject      = $subject
        body         = @{
            contentType = "Text"
            content     = $body
        }
        toRecipients = @(
            @{
                emailAddress = @{
                    address = $recipientEmail
                }
            }
        )
        
        from         = @{
            emailAddress = @{
                address = $fromEmail
            }
        }
        
    }
 }


 $emailJson = $emailData | ConvertTo-Json -Depth 100

 Invoke-RestMethod -Uri $graphApiEndpoint -Method Post -Headers $headers -Body $emailJson -ContentType "application/json"


diff --git a/steps.ps1 b/steps.ps1
 # create a licensed user in admin.microsoft.com
 # create a mail enabled security group in exchange admin
 # add the licensed user as member of the group
 # create a new app reg with Mail.Send perms

 New-ApplicationAccessPolicy -AppId 80af6542-67be-49fe-8b06-d574e318fe78 -PolicyScopeGroupId tolle-aap_2024-02-05-group@takana17.onmicrosoft.com -AccessRight RestrictAccess -Description "Restrict this app to members of distribution group Tolle AAP."

 # outputs "granted"
 Test-ApplicationAccessPolicy -Identity tolle-aap_2024-02-05_user@takana17.onmicrosoft.com -AppId 80af6542-67be-49fe-8b06-d574e318fe78
	# Configuration
	#$clientId = "80af6542-67be-49fe-8b06-d574e318fe78" # Replace with your client ID from Azure Portal
	$clientId = "7c98abdd-386f-4aa8-881d-608edf021971" # tolle-aap_2024-02-05_unrestricted
	# $clientSecret = "7lD8Q~TST16s1aZcC84O5hchtuO5AhzQSjl9gcqp" # Replace with your client secret from Azure Portal
	$clientSecret = ".Cu8Q~T89P6JlSEye63FNsoLspLTPWSb0B3MJcQ"
	$tenantId = "12f488e2-8612-483f-ac92-10d86b99f9e3" # Replace with your tenant ID
	$recipientEmail = "[email protected]" # Replace with the recipient's email address
	# $fromEmail = "[email protected]"
	$userId = "3cf384a6-a354-44e1-9f96-01e843c50945" # tolle-aap- user
	$fromEmail = "[email protected]"
	$fromEmail = "[email protected]" # M365 Group Mailbox
	$userId = "13d1ab7d-45f4-4712-9476-b0c8bd7bc0c3" #Adelev
	# $userPrincipalName = $fromEmail

	$tokenEndpoint = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
	$body = @{
	grant_type = "client_credentials"
	client_id = $clientId
	client_secret = $clientSecret
	scope = "https://graph.microsoft.com/.default"
	}

	$response = Invoke-RestMethod -Uri $tokenEndpoint -Method Post -Body $body
	$accessToken = $response.access_token

	# Compose the email subject and body
	$subject = "Test Email from PowerShell" + $(get-date).Ticks
	$body = "This is a test email sent from PowerShell using Microsoft Graph API."
	#$sender = $fromEmail
	$graphApiEndpoint = "https://graph.microsoft.com/v1.0/users/$userId/sendMail"
	$headers = @{
	Authorization = "Bearer $accessToken"
	"Content-Type" = "application/json"
	}

	$emailData = @{
	message = @{
	subject = $subject
	body = @{
	contentType = "Text"
	content = $body
	}
	toRecipients = @(
	@{
	emailAddress = @{
	address = $recipientEmail
	}
	}
	)

	from = @{
	emailAddress = @{
	address = $fromEmail
	}
	}

	}
	}


	$emailJson = $emailData \| ConvertTo-Json -Depth 100

	Invoke-RestMethod -Uri $graphApiEndpoint -Method Post -Headers $headers -Body $emailJson -ContentType "application/json"
	# create a licensed user in admin.microsoft.com
	# create a mail enabled security group in exchange admin
	# add the licensed user as member of the group
	# create a new app reg with Mail.Send perms

	New-ApplicationAccessPolicy -AppId 80af6542-67be-49fe-8b06-d574e318fe78 -PolicyScopeGroupId tolle-aap_2024-02-05-group@takana17.onmicrosoft.com -AccessRight RestrictAccess -Description "Restrict this app to members of distribution group Tolle AAP."

	# outputs "granted"
	Test-ApplicationAccessPolicy -Identity tolle-aap_2024-02-05_user@takana17.onmicrosoft.com -AppId 80af6542-67be-49fe-8b06-d574e318fe78