How to Fix PowerShell Script from Basic Auth to Modern Auth

Question

I have a PowerShell script that, after pinging a server address, uses Basic Auth to send an automated email via Task Scheduler. Microsoft has deprecated Basic Auth in Exchange Online in favor of Modern Auth, but I do not see clear directions for updating a PowerShell script to use Modern Auth.

This is an example of the Basic Auth that I need to convert.

$secpasswd = ConvertTo-SecureString “password” -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential (“user@place.com”, $secpasswd)
Send-MailMessage -SmtpServer smtp.office365.com -Port 587 -From user@place.com -To otheruser@place.com -Subject test -Body test -Credential $mycreds -UseSsl"

Can someone point me to an example of Modern Auth being used in a similar script or share what I need to do to update and run the above script?

Many Thanks!

Answer 1

Thanks @postanote for your suggestions, the fix eventually came down to this:

• from user@place.com I had to drop the 'place.com' and just keep the alias
• with -SmtpServer smtp.office365.com I had to drop 'office365.com' and replace with '[uni].edu'

Answer 2

As per the resources in my original comment.

Send-MailMessage is obsolete and no longer supported. Microsoft says this cmdlet does not guarantee a secure connection to SMTP servers. As per:

• https://aka.ms/SendMailMessage

Therefore use the below:

• Send-MgUserMail - MS Docs

Note: Send-MgUserMail requires a more complex parameter structure.

$EmailMessageContent=@'
<Strong> This is a Test Message</Strong><br>
Modern auth testing
'@

$params = @{
    Message = @{
        Subject = "Using MSGraph"
        Body = @{
            ContentType = "html"
            Content = $EmailMessageContent
        }
        ToRecipients = @(
            @{
                EmailAddress = @{
                    Address = "SomeRecipientEmaiAddress"
                }
            }
        )

    }
}
Import-Module Microsoft.Graph.Users.Actions
Connect-MgGraph -Scopes Mail.Read
Send-MgUserMail -UserId 'SomeSenderEmailAddress' -BodyParameter $params

Point of note:

SMTP AUTH will still be available when Basic authentication is permanently disabled on October 1, 2022. The reason SMTP will still be available is that many multi-function devices such as printers and scanners can't be updated to use modern authentication.

See also the below for full details of the why and so on... (and more sample code):

• Authenticate an IMAP, POP or SMTP connection using OAuth
• Moving on from Send-MailMessage: Sending Email from PowerShell using the Graph API

The Send-MailMessage Conundrum

Largely because of history, Exchange Online supports a wide variety of connectivity protocols. Microsoft is making some progress to convince customers to disable basic authentication for protocols they never use, and has upgraded older protocols like POP3 and IMAP4 to use OAuth 2.0 for modern authentication. As discussed in this blog, tenants will need to find PowerShell scripts which call the Send-MailMessage cmdlet and eventually upgrade the code with a more modern method to send email.

The Send-MailMessage cmdlet depends on the SMTP AUTH protocol to send email using basic authentication. Microsoft announced OAuth 2.0 support for SMTP AUTH in April 2020, but this doesn’t mean that an off-the-shelf replacement cmdlet is available. Microsoft says that the announcement “is for interactive applications to enable OAuth for IMAP and SMTP [AUTH].” In effect, this means mail clients or other applications which send, read, or otherwise process email. A quick trip to the referenced page leaves no doubt that this means more than replacing a few lines of code in a PowerShell script.