Automating with PowerShell: Deploying Send as Alias for M365

So Microsoft has finally caught up and now allows users to send emails from their aliases, a feature we’ve all been waiting for. To be able to send as an alias you’ll need to do two things. The first is to run the script that enabled the “Send From Alias” option. The second is to add the alias manually to the From Field. You do this by going to Outlook/OWA and selecting the from field. Click on “Other e-mail address” and manually enter the alias.

The script you’ll need to run is below and enables this option for all of your tenants, you can run this on a schedule using an Azure Function or just on demand.

The Script

######### Secrets #########
$ApplicationId = 'ApplicationID'
$ApplicationSecret = 'ApplicationSecret' | ConvertTo-SecureString -Force -AsPlainText
$TenantID = 'YourTenantID'
$RefreshToken = 'Refreshtoken'
$ExchangeRefreshToken = 'ExchangeToken'
$UPN = "A-Valid-UPN"
######### Secrets #########
$credential = New-Object System.Management.Automation.PSCredential($ApplicationId, $ApplicationSecret)

$aadGraphToken = New-PartnerAccessToken -ApplicationId $ApplicationId -Credential $credential -RefreshToken $refreshToken -Scopes '' -ServicePrincipal -Tenant $tenantID
$graphToken = New-PartnerAccessToken -ApplicationId $ApplicationId -Credential $credential -RefreshToken $refreshToken -Scopes '' -ServicePrincipal -Tenant $tenantID
Connect-MsolService -AdGraphAccessToken $aadGraphToken.AccessToken -MsGraphAccessToken $graphToken.AccessToken
$customers = Get-MsolPartnerContract -All
foreach ($customer in $customers) {
    write-host "Logging into tenant $($customer.DefaultDomainName)" -ForegroundColor Green
    $token = New-PartnerAccessToken -ApplicationId 'a0c73c16-a7e3-4564-9a95-2bdf47383716'-RefreshToken $ExchangeRefreshToken -Scopes '' -Tenant $customer.TenantId
    $tokenValue = ConvertTo-SecureString "Bearer $($token.AccessToken)" -AsPlainText -Force
    $credential = New-Object System.Management.Automation.PSCredential($upn, $tokenValue)
    $customerId = $customer.DefaultDomainName
    $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "$($customerId)&BasicAuthToOAuthConversion=true" -Credential $credential -Authentication Basic -AllowRedirection
    Import-PSSession $session -AllowClobber -CommandName 'Set-OrganizationConfig', 'get-OrganizationConfig'
    #From here you can enter your own commands
    $Enabled = (get-OrganizationConfig).SendFromAliasEnabled
    if ($Enabled) {
        write-host "Already enabled for $($Customer.DefaultDomainName)" -ForegroundColor Yellow
    else {
        write-host "Enabling for $($Customer.DefaultDomainName)" -ForegroundColor Green
        Set-OrganizationConfig -SendFromAliasEnabled $True 
    #end of commands
    Remove-PSSession $session


And that’s it! as always, Happy PowerShelling.


  1. DWM April 30, 2021 at 9:33 pm

    Line 18 has your applicationID. Even after substituting it for my own that line generates an error for me.

    1. DWM April 30, 2021 at 9:35 pm

      Adding “-Credential $credential” to line 18 corrected the error for me.

    2. Kelvin Tegelaar April 30, 2021 at 9:36 pm

      That’s not my application ID, that’s the application ID that is required for connecting to Exchange Online, a so called ‘Well-known-id’. Replacing that would break the script.

      1. DWM April 30, 2021 at 10:26 pm

        Thank you for that clarification. Starting over with this script and basically using the saved secrets output from , I get error “New-PartnerAccessToken : AADSTS700007: The grant was issued for a different client id” …during Line 18.

        The same saved secrets output is used successfully with your , so I don’t except a problem with the secrets.

          1. DWM April 30, 2021 at 11:26 pm

            That lead me to the problem… my $ExchangeRefreshToken was expired.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.