Sending Mail through Graph API if local disk is full by leveraging Azure Arc Managed Identity and Keyvault

This is a request coming from Discord: how to send an email through Graph API if the local disk is full?

Preparing requirements

Create the application and apply the Mail.Send Graph API permissions: https://blog.raindrops.dev/2022/09/22/script-add-graph-api-permissions-to-application-through-graph-api/
Prepare the Hybrid Join and Key Vault: https://blog.raindrops.dev/2022/09/24/accessing-keyvault-from-windows-11-on-premise-machines/

Architecture

Here is the architecture we’re looking at:

The flow is going to be:

The script connects to Azure Powershell using the Managed Identity available through Azure Arc
The script uses Get-AzKeyVaultSecret to pull the Application secret from the key vault
The script sends an API call to request a bearer token to impersonate the Application
The script checks if any of the local disks are full
The script uses the previously-obtained bearer token to send mail through Graph API if a disk is full

Usage

First things first, pull the repository locally: Raindrops-dev/RAIN-BlogPostsCode: Companion repo to blog posts (github.com)

In my case it’s been done to C:\Temp through Github Desktop:

Open the folder in VsCode and duplicate EmailConfig.json.example to EmailConfig.json:

Fill in the empty brackets with the correct values from the previously created resources:

AppID: Application ID of the Mail Sender Application
KeyVaultSecretName: The name of the Secret in Key Vault that contains the Application Secret
KeyVaultName: The name of the Key Vault
EmailSender: The email address from which the email will be sent
EmailReceiver: The email address to which the email will be sent
TenantID: The ID of your Azure AD tenant

Save the file and exit

Open a Powershell window as admin and go to where the repository has been cloned and run Send-MessageIfDiskFull.ps1:

Et voilà! The script sends the email with the disk whose free disk capacity is less than 10%!

This concludes the 3 part series concerning email sending through Graph API if disk is full.

Links:

https://www.pdq.com/blog/how-to-manage-powershell-secrets-with-secretsmanagement/

Share the Post:

Windows Troubleshooting Series – Part 4 – WinDBG

Debugging with WinDBG

Windows Troubleshooting Series – Part 3 – Autoruns & ProcDump & LoadOrder & TCPView

And here we are on the 3rd post: Introduction to Autoruns and ProcDump The Sysinternals suite of tools is a

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics

Others

Sending Mail through Graph API if local disk is full by leveraging Azure Arc Managed Identity and Keyvault

Related Posts

Windows Troubleshooting Series – Part 4 – WinDBG

Windows Troubleshooting Series – Part 3 – Autoruns & ProcDump & LoadOrder & TCPView