How to set an MSIP label in email generated with Net.Mail

THEOBALD K 20 Reputation points
2023-11-14T01:48:12.57+00:00
I have a PowerShell script that uses Net.Mail to send email, something like

    $mailMessage = New-Object System.Net.Mail.MailMessage
    $mailMessage.Subject = $Subject
    ...
    $smtpClient  = New-Object Net.Mail.SmtpClient
    $smtpClient.Credentials = $myCredentials
    ...
    $smtpClient.Send($mailMessage)

I'd like to know how to add one of our MSIP labels to the message.  I already have a list of GUIDs, so assuming I already have picked one, e.g.,

    $msip = "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"
    
then how do I set the label in the outgoing email?  For instance, is there a field to set in $mailMessage?

.NET
.NET
Microsoft Technologies based on the .NET software framework.
3,834 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,499 questions
0 comments No comments
{count} votes

Accepted answer
  1. Rich Matheisen 46,636 Reputation points
    2023-11-14T02:55:54.83+00:00

    You can add the headers to the message before you send it.

    Here's an example:

    $mailmessage.Headers.Add("msip_labels", "MSIP_Label_aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee_Enabled=True; MSIP_Label_aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee_SiteId=00000000-1111-2222-3333-444444444444; MSIP_Label_aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee_Owner=user2@domain.tld; MSIP_Label_aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee_SetDate=$((Get-Date).ToUniversalTime().ToString(\"yyyy-MM-ddTHH:mm:ss.fffffffZ\")); MSIP_Label_aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee_Name=Internal; MSIP_Label_aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee_Application Microsoft Azure Information Protection; MSIP_Label_aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee_ActionId ffffffff-5555-6666-7777-888888888888; MSIP_Label_aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee_Extended_MSFT_Method Manual")
    

    https://stackoverflow.com/questions/58210905/adding-azure-information-protection-to-email-in-powershell-script

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. THEOBALD K 20 Reputation points
    2023-11-22T00:59:47.84+00:00

    The answer here (and in the Stackoverflow article) uses some fields I don't know, so I wanted to see the minumum set required to do what I wanted. It appears that only the Enabled and SiteId fields are actually required -- for me, anyway; YMMV.

    I started with something like:

    $prefix = 'MSIP_Label_' + $msip    # The GUID in my question
    
    $mailmessage.Headers.Add("msip_labels", "$($prefix)_Enabled=True")
    

    This SORT OF worked. In the Outlook viewer, I wouldn't see the MSIP on the screen in the preview mode (list of emails). But if I opened that particular email, I could see the MSIP. And then returning to the previewer, I could see the MSIP.

    But when I changed the second arg of Add() to

    "$($guid)_Enabled=True;$($guid)_SiteId=$sid"
    

    where I extracted $sid from other internal emails, then the MSIP was visible from the beginning. Presumably, Outlook uses the SiteId to figure out how to map the MSIP label to a display value.

    The value of $sid (a GUID) seems to correspond to the value of x-ms-exchange-crosstenant-id, which one can view by saving an email from internal sources, and looking through the .eml file that this generates.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.