I'm posting this as a top-level discussion for anyone that may be looking for an answer to the question of whether the Outlook VBO can be used to send encrypted/signed emails.
I've looked into this a bit based on information I've found on the internet. Creating an encrypted email in Outlook is pretty easy when you do it manually via the UI (assuming your Outlook client or Exchange server are properly configured). Microsoft provides a handy little button titled Encryption on the Options tab.
Unfortunately, doing this programmatically via interop with Outlook is bit more of a pain. 🤦♂️ Below is some code you can add to the Code stage in the Send Email action of the MS Outlook Email VBO that should allow you to encrypt and/or sign emails (assuming you have an appropriate certificate installed and configured):
And before the two lines at the end of the Code stage where the mail item is saved and actually sent:
There are a few things to be aware of though:
UPDATES
20220218 - There is another option for supporting encryption in emails that we're investigating. It involves the use of Sensitivity Labels and Azure Information Protection. This only apples to users of Microsoft 365 though. Currently, the Microsoft VBOs (Excel, Word, and Outlook) do not support Sensitivity Labels, but it is a feature we're looking at adding. With Sensitivity Labels, a specific label can be applied to files/email, either automatically or manually, that results in the file/email being encrypted. You can track the progress of this work, as well as vote for it, through the DX Ideas Portal.
#Outlook #EncryptedEmail
Cheers,
------------------------------
Eric Wilson
Director, Integrations and Enablement
Blue Prism Digital Exchange
------------------------------
I've looked into this a bit based on information I've found on the internet. Creating an encrypted email in Outlook is pretty easy when you do it manually via the UI (assuming your Outlook client or Exchange server are properly configured). Microsoft provides a handy little button titled Encryption on the Options tab.
Unfortunately, doing this programmatically via interop with Outlook is bit more of a pain. 🤦♂️ Below is some code you can add to the Code stage in the Send Email action of the MS Outlook Email VBO that should allow you to encrypt and/or sign emails (assuming you have an appropriate certificate installed and configured):
Const PR_SECURITY_FLAGS As String = "http://schemas.microsoft.com/mapi/proptag/0x6E010003"
' Check flags for Encryption and Signing.
If (Encrypt_Message) And (Sign_Message) Then
mail.PropertyAccessor.SetProperty(PR_SECURITY_FLAGS, &H3)
ElseIf (Encrypt_Message) Then
mail.PropertyAccessor.SetProperty(PR_SECURITY_FLAGS, &H1)
ElseIf (Sign_Message) Then
mail.PropertyAccessor.SetProperty(PR_SECURITY_FLAGS, &H2)
End If
If you choose to add this code to your VBO, I would recommend that you create a backup copy of the VBO to make it easier to rollback should you encounter any issue.
You can add the code anywhere in the Code stage titled Send Item of the Send Email action so long as it's after the line where the variable mail is defined and initialized:
And before the two lines at the end of the Code stage where the mail item is saved and actually sent:
There are a few things to be aware of though:
- There are other examples on the internet that show this in a slightly cleaner fashion. In those cases they are performing a bitwise OR of any existing value of the PR_SECURITY_FLAGS property and the new value. That's all well and good, but my personal testing in v6.10.4 shows that when you try to pass any sort of VB.NET variable into the SetProperty call results in a Type Mismatch exception. That's why I have 3 separate lines that basically do the same thing just with a different hardcoded value at the end. I tried using variables of type Long, Integer, UInteger, ULng, Int16, Int32, Object, and String. None of them worked. 🤷♂️
- The code above expects that you'll define two input variables on the Send Email action called Encrypt Message and Sign Message, and those will be passed into the Code stage. Those variables are of type Flag.
- VERY IMPORTANT: If you make this change and you call the action on a machine who's Outlook installation has NOT been previously configured to support sending emails with encryption and signing, a pop-up window, from Outlook, will block the BP process from moving ahead. The pop-up is basically a message stating that the Outlook client has not been configured with a proper Digital ID certificate that can be used for encryption and/or signing. At that point all you can do is click the OK button on the dialog to dismiss it. When you do that, you'll receive an exception in the Code stage stating that the action was aborted.
UPDATES
20220218 - There is another option for supporting encryption in emails that we're investigating. It involves the use of Sensitivity Labels and Azure Information Protection. This only apples to users of Microsoft 365 though. Currently, the Microsoft VBOs (Excel, Word, and Outlook) do not support Sensitivity Labels, but it is a feature we're looking at adding. With Sensitivity Labels, a specific label can be applied to files/email, either automatically or manually, that results in the file/email being encrypted. You can track the progress of this work, as well as vote for it, through the DX Ideas Portal.
#Outlook #EncryptedEmail
Cheers,
------------------------------
Eric Wilson
Director, Integrations and Enablement
Blue Prism Digital Exchange
------------------------------
