2

I've written a Powershell script that sends out an email, but I'm trying figure out a way to add an AIP classification to it. My organization uses general classifications of:

Public
Internal
Secret

Since in this case the classification is Internal I just need a way to set that in my script. My current script (using Office 365) is:

$message = New-Object Net.Mail.MailMessage
$emailTo = 'user1@domain.tld'
$emailFrom = 'user2@domain.tld'
$emailCc = 'user3@domain.tld'
$smtpServer = 'smtp.domain.tld'
$subject = "Report"
$body = @"
<p><font face = "Calibri" size = "3">Hello,</p>

<p>Please see report.</p>


<br/><br/><font face = "Tempus Sans ITC" size = "3">User 2
<br/>123 Maple Road
<br/>(555) 555-5555 Office
<br/>user2@domain.tld</font>

<br/><br/><img src="cid:attlogo">
"@

$smtp = New-Object Net.Mail.SmtpClient
$smtp.Host = $smtpServer
$smtp.EnableSsl = $true

$logo = "C:\logo.png"
$attlogo = New-Object System.Net.Mail.Attachment($logo)
$attlogo.ContentDisposition.Inline = $True 
$attlogo.ContentDisposition.DispositionType = "Inline" 
$attlogo.ContentType.MediaType = "image/png" 
$attlogo.contentID = "attlogo"

$message.From = $emailFrom
$message.To.Add($emailTo)
$message.Cc.Add($emailCc)
$message.Subject = $subject
$message.Body = $body
$message.IsBodyHtml = $true
$message.Attachments.Add($attlogo)

$smtp.Send($message)

$attlogo.Dispose()

Some may wonder why I didn't use Send-MailMessage cmdlet, but in this case the inline image didn't play well with it, so I ended up using .Net.

And for bonus points if anyone knows how to send a copy to your Sent folder in your Outlook mailbox that would be great.

hamim
  • 21
  • 3
  • That uses SMTP. SMTP is the original API for email and I doubt that it supports AIP at all. Skimming through to doco it looks very much like an Azure / Office specific thing – Nick.Mc Oct 04 '19 at 03:12

1 Answers1

0

We don't have a way to apply this directly to your message because there's not really a message to apply it to until you send the message to the SMTP service.

Does this label apply protection? If not, you can accomplish your goal by adding the AIP label metadata to the SMTP header directly.

We add AIP label metadata in an SMTP header called msip_labels. If you had the metadata that should be applied, you'd be able to insert this data in to the header for each message. Unfortunately, we don't have a way in the AIP PowerShell modules to get this data today. However, I do have some samples published on GitHub that show how to get the policy information.

https://github.com/Azure-Samples/Mipsdk-Dotnet-Policy-Quickstart

That sample will allow you to enter a label (although it'll require modification in its current state as it needs two labels for the simulation), and get the action details out. You could modify that application to take in just a single label, then output the metadata action only to know which metadata would apply. Then you'd stick that in the SMTP header and send your message.

If you have to apply protection to the document, we don't have a function quite yet to help out. That's a bit more complicated as we have to generate a message.rpmsg file from your plaintext message, then you'd need to attach and set additional headers. We don't have the function to generate message.rpmsg in our SDK, yet.

Hope that helps! Please let me know if I can answer more questions for you.

Tom Moser
  • 748
  • 3
  • 5