This blog is part of a multi-series
Part 3: Send email notification options – this blog
Part 4: Dynamic content and expressions – coming soon
Sending an email notification is an everyday automation task. Organizations commonly use the "Office 365 Outlook" Logic App connector, action "Send an email", to perform this routine task. This blog will cover other options for sending an email notification like using a shared mailbox, crating approval process, adding options, using HTTP connector, etc.
In one of the following blog series parts, we will also go through actions like "Compose" and "Create HTML table" that we are using to enrich email notifications sent.
When using playbooks, Office 365 Outlook connector is one of the few connectors that are not utilizing service principal and/or managed identity as an option to authorize Logic App connector. You must use user identity to authorize the connector, and all sent emails, for example, are sent using that identity (From: will be from the user that authorized the connector).
But for those who want to use the group for that option, you can utilize Send As functionality of Office 365 Connector. When you finish authorizing the connector or using existing authorization, you need to select “Add new parameter” and choose “From (Send As)”. Please note that the user who authorized the connector needs to have Send As permission on that group.
Office 365 Outlook connector can be used to send approval emails as well. This can be used when we want SOC Analyst approval to perform an action; based on that input, we will decide whether that action will be performed. For example, if we have an incident the user is compromised, and it includes known IP or some other entity, we can automatically send an email with an approval request to block the user. In the body, we can enter all necessary data from the incident so that SOC Analysts can decide.
Example of email with approval process:
After this, we can add a condition that if we click Approve – we will block the user, or if we click Reject – the user will not be blocked. For that, we will use the “SelectedOption” value from dynamic content.
If we need to get users’ input, we can send an email with options as automation. We can offer multiple choices to users from which they can choose. Based on the selection, we can decide the following action in the playbook.
Since it can be more than 2 selections, the condition can be tricky to configure. In this case, we can utilize the Switch condition where we can have a stream for each choice offered:
An example where we can use this is when we have a sign in from an unfamiliar location, where we can offer a few choices to the user to see did the user performed that action. Choices can be Yes - business trip, Yes – Vacation, No, Not sure, etc. When using this for sensitive tasks, double-check users’ answers because users will sometimes click on the first response, or bad actors can pretend that it is the actual user.
This specific action in Office 365 Outlook Logic App connector gives you the option to send email from the shared mailbox. You still need to authorize the Logic App connector with the user identity, but all emails will be sent using a shared mailbox:
If you need to use service principal/managed identity to send an email, you can utilize HTTP action and authorize it with service principal or system-assigned managed identity.
In this case, we are utilizing Microsoft Graph API – Send mail, and we need to assign “Mail.Send” permission to the service principal or managed identity.
This is an example of how to use HTTP action with sample body.
Method:
POST
API:
https://graph.microsoft.com/v1.0/users/<email>/sendMail
Headers:
content-type: application/JSON
Body:
{
"message": {
"body": {
"content": "<email body text>",
"contentType": "Text"
},
"subject": "<email subject>",
"toRecipients": [
{
"emailAddress": {
"address": "<send to email>"
}
}
]
},
"saveToSentItems": "false"
}
If you prefer to utilize Outlook or Gmail accounts to send an email, you can utilize native actions from Outlook.com and Gmail connectors. You will need to authorize these connectors with a valid Outlook.com or Gmail account to be able to utilize the same.
You can also utilize the SMTP Logic App connector to send an email. You will need the following data to authorize the connection; after authorisation, you can use it to send emails.
Property |
Required |
Description |
Connection Name |
Yes |
A name for the connection to your SMTP server |
SMTP Server Address |
Yes |
The address for your SMTP server |
User Name |
Yes |
Your username for your SMTP account |
Password |
Yes |
Your password for your SMTP account |
SMTP Server Port |
No |
A specific port on your SMTP server you want to use |
Enable SSL? |
No |
Turn on or turn off TLS/SSL encryption. |
Note:
When you use 2-step verification, the connector may be blocked from accessing your account. If this is the case, please try to create and use an App Password.
Part 4: Dynamic content and expressions – coming soon >
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.