How to set an MSIP label in email generated with Net.Mail

THEOBALD K 20 Reputation points
I have a PowerShell script that uses Net.Mail to send email, something like

    $mailMessage = New-Object System.Net.Mail.MailMessage
    $mailMessage.Subject = $Subject
    $smtpClient  = New-Object Net.Mail.SmtpClient
    $smtpClient.Credentials = $myCredentials

I'd like to know how to add one of our MSIP labels to the message.  I already have a list of GUIDs, so assuming I already have picked one, e.g.,

    $msip = "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"
then how do I set the label in the outgoing email?  For instance, is there a field to set in $mailMessage?

Microsoft Technologies based on the .NET software framework.
2,303 questions
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
1,551 questions
0 comments No comments
{count} votes

Accepted answer
  1. Rich Matheisen 42,906 Reputation points

    You can add the headers to the message before you send it.

    Here's an example:

    $mailmessage.Headers.Add("msip_labels", "MSIP_Label_aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee_Enabled=True; MSIP_Label_aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee_SiteId=00000000-1111-2222-3333-444444444444; MSIP_Label_aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee_Owner=user2@domain.tld; MSIP_Label_aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee_SetDate=$((Get-Date).ToUniversalTime().ToString(\"yyyy-MM-ddTHH:mm:ss.fffffffZ\")); MSIP_Label_aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee_Name=Internal; MSIP_Label_aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee_Application Microsoft Azure Information Protection; MSIP_Label_aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee_ActionId ffffffff-5555-6666-7777-888888888888; MSIP_Label_aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee_Extended_MSFT_Method Manual")

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. THEOBALD K 20 Reputation points

    The answer here (and in the Stackoverflow article) uses some fields I don't know, so I wanted to see the minumum set required to do what I wanted. It appears that only the Enabled and SiteId fields are actually required -- for me, anyway; YMMV.

    I started with something like:

    $prefix = 'MSIP_Label_' + $msip    # The GUID in my question
    $mailmessage.Headers.Add("msip_labels", "$($prefix)_Enabled=True")

    This SORT OF worked. In the Outlook viewer, I wouldn't see the MSIP on the screen in the preview mode (list of emails). But if I opened that particular email, I could see the MSIP. And then returning to the previewer, I could see the MSIP.

    But when I changed the second arg of Add() to


    where I extracted $sid from other internal emails, then the MSIP was visible from the beginning. Presumably, Outlook uses the SiteId to figure out how to map the MSIP label to a display value.

    The value of $sid (a GUID) seems to correspond to the value of x-ms-exchange-crosstenant-id, which one can view by saving an email from internal sources, and looking through the .eml file that this generates.

    0 comments No comments