Azure: How to create authentication credentials for sending emails using SMTP

In the previous article we saw how to set up Azure Communication Services and send email through the portal. Now it's time to create a user to send emails through third-party apps. Let's do this using the Azure CLI.

The first step is to get the Communication Service ID. We're going to do this using the az communication show command, the Communication Service name and the resource group name. The result will be stored in a variable.

COMUNICATION_SERVICE_ID=$(az communication show \
    --name myCommunicationService \
    --resource-group myResourceGroup \
    --query id \
    --output tsv)

Now let's create a new role definition. We're going to do this using the az role definition create command. Let's put the Communication Service ID value obtained in the previous step inside the "AssignableScopes" key.

az role definition create \
    --role-definition '{
        "Name": "ACS Email Write",
        "IsCustom": true,
        "Description": "",
        "Actions": [
            "Microsoft.Communication/CommunicationServices/Read",
            "Microsoft.Communication/EmailServices/write"
        ],
        "NotActions": [],
        "AssignableScopes": [
            "'"$COMUNICATION_SERVICE_ID"'"
        ]
    }'

And finally, it's time to register the app. This is done using the az ad sp create-for-rbac command. For this step, it is important to use the Communication Service ID and role name from the previous steps.

CLIENT_SECRET_DURATION_IN_YEARS=2
az ad sp create-for-rbac \
    --name MyApp \
    --role "ACS Email Write" \
    --scopes $COMUNICATION_SERVICE_ID \
    --years $CLIENT_SECRET_DURATION_IN_YEARS

And the result should be something like this:

{
  "appId": "102be14a-039f-4137-abea-0c9915d241c1",
  "displayName": "MyApp",
  "password": "pS.1D~PN1Acu__ABCxci__sUPaCbgDUJpldeYx.z",
  "tenant": "56627bc1-6207-4854-9736-67b4893c2a72"
}

And with that we already have what we need to send emails using SMTP.

For the username, we must concatenate three fields: the Communication Service name, the application ID and the tenant ID. All separated by a pipe or a point.

In this example, the Communication Service name is myCommunicationService, the application ID is 102be14a-039f-4137-abea-0c9915d241c1, and the tenant ID is 56627bc1-6207-4854-9736-67b4893c2a72. The username would look like this:

myCommunicationService|102be14a-039f-4137-abea-0c9915d241c1|56627bc1-6207-4854-9736-67b4893c2a72

or

myCommunicationService.102be14a-039f-4137-abea-0c9915d241c1.56627bc1-6207-4854-9736-67b4893c2a72

For the password, use the value from the az ad sp create-for-rbac command. In this example, the value is pS.1D~PN1Acu__ABCxci__sUPaCbgDUJpldeYx.z.

This would be the SMTP configuration:

username: myCommunicationService|102be14a-039f-4137-abea-0c9915d241c1|56627bc1-6207-4854-9736-67b4893c2a72
password: pS.1D~PN1Acu__ABCxci__sUPaCbgDUJpldeYx.z
host: smtp.azurecomm.net
port: 587
ssl: true

And that's it. If you have any questions, feel free to comment. 🙂

For more details, click on the link below to access the official documentation.

How to create authentication credentials for sending emails using SMTP - An Azure Communication Services Quickstart

Learn about how to use a service principal to create authentication credentials for sending emails using SMTP.

Microsoft Learnddouglas