Body Of Encrypted Outlook Email Not Populating

I am writing a script that will open an encrypted Outlook Template File to send. However, the body of the email is not popluating. Code below. Any help would be appreciated.

‘’’
$outlook = New-Object -ComObject outlook.application
$Mail=$outlook.CreateItemFromTemplate(“C:\Users$env:UserName\AppData\Roaming\Microsoft\Templates\Encrypted.oft”)
$Mail.SentOnBehalfOfName = “UnattendedEmailAddress”
$Mail.To =“VendorEmailAddress”
$Mail.CC = “HelpDeskEmailAddress”
$Mail.Subject = “User With The Email $Vendor Was Not Found”
$Mail.Body = ‘Please Double Check The Vendors Email Address And Then Enter It Again’
$Mail.save()
$inspector=$Mail.getinspector
$inspector.display()
#$Mail.Send()
‘’’

Welcome! For future posts, pleas format your code: Formatting your code: How to format code on PowerShell.org

Sometimes, funky things can happen if all the code isn’t formatted as code. Much appreciated!

I find it’s best in these scenarios to back up and do a ubnch of testing. I don’t have your template file but… for example:

  1. With no templates (using createitem[0]) it works, I can see the body.
  2. With a template that forces encryption it doesn’t work. I replicated this.
  3. With a template that does not enforce cnryption, it works.

For me, the way i ‘encrypted it’, was just clicking the encryption button on the template. With that troubleshooting, we can conclude that PS is not the issue here, and it’s likely the encryption not allowing us to actually modify the body. This might be by design. The entire point of encrypting a mail is to encrypt the contents (body) of the mail. As such, this is a guess, but perhaps it has to do with that, so you trying to ‘modify’ a body, and it simply doesn’t allow you to do that.

So IMO, you have a decision to make… Does this actually need encrypted? If not, don’t bother. If so, you probably need to investigate other ways of accomplishing this task. You can open a ticket with MS to ask if this how its designed to work, but be prepared to be escalated several times and repeat yourself. I think my ‘guess’ is probably a good one. One potential workaround is if you have a set number of vendors or whatever to do this with, and most of it is the same thing, you might be able to manage several template files with the body already hard-coded into the template, then use PS to evaluate logic and pull in the proper template file, but I don’t know anything about what you’re truly trying accomplish.

In any case, I don’t think the reason it’s not working is PS related, apologies :frowning: .

That is what I was afraid of. Unfortunately, we have over 600 providers with different information that needs to go in each eamil that is HIPPA, PI and PHI related so it needs to be encrypted. It would make the job of sending these emails a lot easier. May have to go right to MS but not mentally ready for the long haul that will be.

I am only asking out of curiosity and learning. Is the primary intent to deliver an encrypted e-mail to the recipient and if so, why does the template need to be encrypted when the actual e-mail will be? I suspect maybe you have data at rest concerns for the templates, hence the encryption?

Again, just trying to learn here :slight_smile:

The template is not encrypted, the template just has the IRM option for encryption already set. That setting is used as the base of the email to apply the IRM encrytion.

Maybe instead of setting that encryption flag on the template, you can use PS to set the encryption property after you’ve modified all the properties? Just a random idea, no clue if it would work, or even if that’s possible, but may dig around to see if you find any methods on the mail object after created to see what’s possible.

Yeah I have found some info about a PermissionTemplateGUID that should be able to set that property in conjunction with the permission property. However, I can seem to find the permissiontemplateGUID associated with the account I am trying to use. The PermissionTemplateGUID did not show when I sent my self a IRM encrypted email and then read the properties of that email.

Thanks for the explanation :slight_smile:

You can set a mail rule in Exchange to encrypt specific emails. You could have a keyword in the subject and/or body that triggers encryption with whatever rights management template you choose.

https://it.tufts.edu/book/export/html/1565

@krzydoug This is a solid idea, assuming OP either is an Exchange Admin, or is able to convince the Exchange admins of making a change like this.

To clarify these are not inbox rules, but transport rules. ‘mail rules’ is a bit ambiguous, and last I checked; this wasn’t possible with a normal mailbox rule (the option to encrypt was simply missing from the GUI). I do know that you can easily encrypt messages though using a transport rule.

Thanks for clarifying. I should’ve said “Mail flow rules” but yes they are in the exchange admin center. I set this type of policy up in environments I support so the user just has to put secure/confidential in the subject and it gets encrypted automagically. Also can set a rule that matches patterns like social security numbers, credit card numbers, account numbers, etc to do the same thing.

Yea we do the same thing here. Basically we have a subject line we can add and it auto encrypts. I’m not sure why I didn’t mention that as a possible solution, just not where my head was at when originally thinking about the problem =D.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.