Adding attachment >3 MB not possible if no client secret is used

[scriptkiddy666]

Hi,
maybe it's a bug, but I'm unable to send attachments which are bigger than 3 MB via a managed identity or a normal app registration with certificate based authentication.
After creating a client secret for the same app registration it worked. (But I don't want to use a client secret.)
Is it possible, that the function which handles the upload somehow doesn't use the already existing session?
Because the upload doesn't work, but the email is send without problems (and without an attachment of course).

I used the following commands:
Connect-MgGraph -Identity
or
Connect-MgGraph -ClientId $ClientId -TenantId $TenantId -CertificateThumbprint $Thumbprint

Send-EmailMessage -From 'XXX' -To 'XXX' -HTML "XXX" -Subject 'XXX' -Graph -ReplyTo "XXX" -MgGraphRequest -Attachment "C:\temp\XXX.pdf" -Verbose

(By using the parameter -Credential and the function ConvertTo-GraphCredential for generating the credential object and removing the parameter -MgGraphRequest it worked.)

Thanks,
Markus

[PrzemyslawKlys]

Try using PS 7, it should provide better error reporting. Also do you have proper rights to upload files? As ReadWrite Emails? Send is not enough.

[scriptkiddy666]

Same with PS7 (do I have to "reinstall" the module for PS7?):

Yes, both, my managed identity and the app registration have Mail.Send and Mail.ReadWrite. (That should be fine, because it worked with the client secret for the same app registration.)

[PrzemyslawKlys]

You don't have to reinstall module.

Just to clarify:

• Does it work for 4MB plus with Connect-MgGraph and MgGraphRequest with ClientSecret?
• It doesn't work with Connect-MgGraph and MgGraphRequest with Certificate?

[PrzemyslawKlys]

And I assume in all cases the mailbox does exists? The one you're sending it with?

[scriptkiddy666]

You don't have to reinstall module.

Just to clarify:

• Does it work for 4MB plus with Connect-MgGraph and MgGraphRequest with ClientSecret?
  Yes. I just tried it again (also without executing Connect-MgGraph before) by just adding the -Credential parameter with the ClientSecret. Works like a charm. (The parameter -MgGraphRequeset was not added.)

• It doesn't work with Connect-MgGraph and MgGraphRequest with Certificate?
  Yes. I used Connect-MgGraph with my certificate before executing Send-EmailMessage.
  (-Credential parameter of Send-EmailMessage removed and -MgGraphRequest added instead.)

And I assume in all cases the mailbox does exists? The one you're sending it with?

Correct. (It's the always the same mailbox and I also tried it with a different one, but the error is the same.)

[scriptkiddy666]

I'm now using the following workaround without the need for a client secret:

$null = Connect-AzAccount -Identity
[System.Object]$AccessToken = (Get-AzAccessToken -ResourceTypeName 'MSGraph' -AsSecureString -WarningAction 'SilentlyContinue').Token
[System.Object]$Credentials = ConvertTo-GraphCredential -MsalToken ([System.Net.NetworkCredential]::new('', $AccessToken).Password)
[System.String[]]$Attachments = @(XXX)

Send-EmailMessage -From 'XXX' -To 'XXX' -HTML "XXX" -Subject 'XXX' -Graph -ReplyTo "XXX" -Credential $Credentials -Attachment $Attachments -DoNotSaveToSentItems