Sending Mail through Graph API if local disk is full by leveraging Azure Arc Managed Identity and Keyvault

This is a request coming from Discord: how to send an email through Graph API if the local disk is full?

Preparing requirements

  1. Create the application and apply the Mail.Send Graph API permissions: https://blog.raindrops.dev/2022/09/22/script-add-graph-api-permissions-to-application-through-graph-api/
  2. Prepare the Hybrid Join and Key Vault: https://blog.raindrops.dev/2022/09/24/accessing-keyvault-from-windows-11-on-premise-machines/

Architecture

Here is the architecture we’re looking at:

The flow is going to be:

  1. The script connects to Azure Powershell using the Managed Identity available through Azure Arc
  2. The script uses Get-AzKeyVaultSecret to pull the Application secret from the key vault
  3. The script sends an API call to request a bearer token to impersonate the Application
  4. The script checks if any of the local disks are full
  5. The script uses the previously-obtained bearer token to send mail through Graph API if a disk is full

Usage

First things first, pull the repository locally: Raindrops-dev/RAIN-BlogPostsCode: Companion repo to blog posts (github.com)

In my case it’s been done to C:\Temp through Github Desktop:

Open the folder in VsCode and duplicate EmailConfig.json.example to EmailConfig.json:

Fill in the empty brackets with the correct values from the previously created resources:

  • AppID: Application ID of the Mail Sender Application
  • KeyVaultSecretName: The name of the Secret in Key Vault that contains the Application Secret
  • KeyVaultName: The name of the Key Vault
  • EmailSender: The email address from which the email will be sent
  • EmailReceiver: The email address to which the email will be sent
  • TenantID: The ID of your Azure AD tenant

Save the file and exit

Open a Powershell window as admin and go to where the repository has been cloned and run Send-MessageIfDiskFull.ps1:

Et voilà! The script sends the email with the disk whose free disk capacity is less than 10%!

This concludes the 3 part series concerning email sending through Graph API if disk is full.

Links:

https://www.pdq.com/blog/how-to-manage-powershell-secrets-with-secretsmanagement/

Share the Post:

Related Posts