How to set the AIP label in the Powershell script to send the email?

%3CLINGO-SUB%20id%3D%22lingo-sub-1745979%22%20slang%3D%22en-US%22%3EHow%20to%20set%20the%20AIP%20label%20in%20the%20Powershell%20script%20to%20send%20the%20email%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1745979%22%20slang%3D%22en-US%22%3E%3CP%3E%3CFONT%20size%3D%224%22%3EI%20wrote%20a%20Powershell%20script%20to%20get%20the%20local%20administrators%20accounts%20from%20the%20endpoints%20and%20then%20distribute%20to%20the%20endpoints%20by%20using%20intune%2C%20then%20send%20the%20results%20back%20to%20IT%20by%20email.%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%224%22%3EHowever%2C%20the%20Microsoft%20Azure%20Information%20Protection%20(AIP)%20prompt%20out%20and%20request%20to%20select%20a%20label.%20May%20I%20know%20how%20to%20set%20the%20AIP%20label%20in%20the%20script%2C%20thus%20that%20the%20endpoint%20can%20send%20the%20email%20silently%3F%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%224%22%3EOr%20any%20method%20to%20bypass%20the%20AIP%3F%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%224%22%3E%24result%20%3D%20%24%7Benv%3ATEMP%7D%2B%22%5C%22%2B%24%7Benv%3Acomputername%7D%2B%22.csv%22%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%224%22%3EGet-LocalGroupMember%20-Group%20%22Administrators%22%20%7C%20Format-Table%20%E2%80%93AutoSize%20%7C%20Export-Csv%20-Path%20%24result%3C%2FFONT%3E%3C%2FP%3E%3CH1%20id%3D%22toc-hId-556111795%22%20id%3D%22toc-hId-556224100%22%3E%3CFONT%20size%3D%224%22%3E%23create%20COM%20object%20named%20Outlook%3C%2FFONT%3E%3C%2FH1%3E%3CP%3E%3CFONT%20size%3D%224%22%3E%24Outlook%20%3D%20New-Object%20-ComObject%20Outlook.Application%3C%2FFONT%3E%3C%2FP%3E%3CH1%20id%3D%22toc-hId--1251342668%22%20id%3D%22toc-hId--1251230363%22%3E%3CFONT%20size%3D%224%22%3E%23create%20Outlook%20MailItem%20named%20Mail%20using%20CreateItem()%20method%3C%2FFONT%3E%3C%2FH1%3E%3CP%3E%3CFONT%20size%3D%224%22%3E%24Mail%20%3D%20%24Outlook.CreateItem(0)%3C%2FFONT%3E%3C%2FP%3E%3CH1%20id%3D%22toc-hId-1236170165%22%20id%3D%22toc-hId-1236282470%22%3E%3CFONT%20size%3D%224%22%3E%23add%20properties%20as%20desired%3C%2FFONT%3E%3C%2FH1%3E%3CP%3E%3CFONT%20size%3D%224%22%3E%24Mail.To%20%3D%20%22%3CA%20href%3D%22mailto%3Axxxx%40abc.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Exxxx%40abc.com%3C%2FA%3E%22%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%224%22%3E%24Mail.Subject%20%3D%20%24%7Benv%3Acomputername%7D%2B%22%20Local%20Administrators%20Account%22%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%224%22%3E%24Mail.Body%20%3D%20%22IT%20Security%20Task%22%3C%2FFONT%3E%3CBR%20%2F%3E%3CFONT%20size%3D%224%22%3E%24Mail.Attachments.Add(%24result)%3B%3C%2FFONT%3E%3C%2FP%3E%3CH1%20id%3D%22toc-hId--571284298%22%20id%3D%22toc-hId--571171993%22%3E%3CFONT%20size%3D%224%22%3E%23send%20message%3C%2FFONT%3E%3C%2FH1%3E%3CP%3E%3CFONT%20size%3D%224%22%3E%24Mail.Send()%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

I wrote a Powershell script to get the local administrators accounts from the endpoints and then distribute to the endpoints by using intune, then send the results back to IT by email.
However, the Microsoft Azure Information Protection (AIP) prompt out and request to select a label. May I know how to set the AIP label in the script, thus that the endpoint can send the email silently?
Or any method to bypass the AIP?

 

$result = ${env:TEMP}+"\"+${env:computername}+".csv"
Get-LocalGroupMember -Group "Administrators" | Format-Table –AutoSize | Export-Csv -Path $result

#create COM object named Outlook

$Outlook = New-Object -ComObject Outlook.Application

#create Outlook MailItem named Mail using CreateItem() method

$Mail = $Outlook.CreateItem(0)

#add properties as desired

$Mail.To = "xxxx@abc.com"
$Mail.Subject = ${env:computername}+" Local Administrators Account"
$Mail.Body = "IT Security Task"
$Mail.Attachments.Add($result);

#send message

$Mail.Send()

1 Reply

Hi @wilsonsyl,

 

I don't think there is a simple solution to your problem. I would suggest to find a way to bypass AIP. Maybe uploading the file to a share or something similar instead of sending it via mail.

 

BR,

Mattia