Hey everyone! I'm new to my current role and trying to navigate our environment. We have an existing runbook that sends out emails using a third-party app, which is being replaced soon, but for now, we need it to work. Currently, the runbook runs scripts and logs into a specific account to authenticate with SMTP to send the emails. I'm diving into it as I want to understand it better, but the person maintaining it is hesitant to make changes since it sends out important reports frequently. I'm curious about the best practices and secure options for allowing an Azure runbook to send emails. Is authenticating with an EntraID account that has an Exchange Online license the best way, or are there better options out there, like app registrations?
4 Answers
You could also connect your runbook to a log analytics workspace and set up an action group or alert rule for notifications. There's also SendGrid, which might be worth looking into for sending emails, although I haven't personally used it, so I can't provide much advice on it. Curious to see what others suggest!
Using the Microsoft.Graph module is a great approach. You can use the cmdlet `Send-MgUserMail`, and it's advisable to assign the Mail.Send permission to a managed identity. Additionally, implementing an application access policy in Exchange Online can limit which mailboxes can be accessed for sending emails.
Totally agree! Managed Identities are the way to go nowadays.
While not ideal for best practices, you could set up a hybrid worker with access to an SMTP gateway and use `Send-MailMessage` to send emails. It's a bit of a workaround, but it works if set up properly.
Another method is to create an Azure Logic App that acts as an HTTP webhook trigger. You can set it up to send an email directly through the Logic App with different connectors available in its library. This way is quite flexible and user-friendly!
I've actually used SendGrid before. It’s pretty straightforward for sending emails from runbooks, and I believe there's a PowerShell module for it.