Microsoft Graph API

Overview

To integrate Cloud Email Security (CES) with Microsoft 365 using the Graph API, we will perform the following steps:

  1. Setup CES as a new application in Microsoft Azure
  2. Configure Graph API access through the Tenant Portal

Prospects with no subscription to Cloud Email Security can still perform Email Risk Assessment.

To conduct the assessment, the Microsoft Azure configuration and Tenant Portal configuration steps below need to be completed using the wizard provided by the Tenant Portal.

Microsoft Azure configuration

Perform the following steps:

  1. Log in to Microsoft Azure
  2. Go to App registrations
  1. Click on New registration
  1. Name the new application and set Supported account types

  1. Check the Overview of the new application. On the Overview page (marked 1. below) make note of the following:

    1. Client ID (2.; unique per applications)
    2. Tenant ID (3.; unique per user)
    3. Secret (4.; does not exist yet; created in the following step)

  2. Click Add a certificate or secret link to create a new secret
  1. Add a new client secret
  1. Define a description and expiry date of the new client secret
  1. New secret is available now (the secret will be used later on the Tenant Portal to configure credentials).

  1. Set application permissions navigating to the API permissions page (marked 1. below) to define the permissions that will be allowed to the application. By default only User.Read permission is granted. For Microsoft 365 Email-flow sanitization features add the following permissions:

    1. Group.Read.All
    2. GroupMember.Read.All
    3. Mail.ReadWrite
    4. User.Read.All

  2. If you are eligible for Microsoft Teams integration, add the following permissions:

    1. Channel.ReadBasic.All
    2. ChannelMessage.Read.All
    3. ChannelMessage.UpdatePolicyViolation.All
    4. Chat.Read.All
    5. Chat.UpdatePolicyViolation.All
    6. Files.ReadWrite.All
    7. Group.Read.All
    8. GroupMember.Read.All
    9. Mail.ReadWrite
    10. Team.ReadBasic.All
    11. User.Read.All
  1. On Microsoft APIs tab select Microsoft Graph
  1. Select Application permissions type permissions
  1. In the search box start typing the permission groups name, e.g. Mail.. Hint: multiple permissions can be selected at once.
  1. After all permissions are selected, press the Grant admin consent for… link. Which will grant these permissions (if user has rights).

Then the following list should be visible for M365 email integration:

For Microsoft Teams integration, the following list of rules should be visible:
  1. Configuration of Azure application is complete now.

Tenant Portal configuration

To configure the OPSWAT Cloud Email Security Tenant Portal for Microsoft 365 integration, perform the following steps:

  1. Login to the Tenant Portal navigating to https://portal-eu1.ces.opswat.com and then login in with your OPSWAT account.
  2. Accept the End User License Agreement (EULA)
  1. Provide the credentials created during the setup of Microsoft Azure application
  1. Select the groups to be protected by OPSWAT Cloud Email Security moving the groups to Active groups
  1. If you are eligible by the license for Microsoft Teams integration, a 4th step is shown in wizard:
  1. The configuration is completed.

Modify existing configuration

  1. Login to the Tenant Portal navigating to https://portal-eu1.ces.opswat.com and then login in with your OPSWAT account.
  2. Choose Microsoft 365 from the left navigation bar.
  1. Basic settings / Edit Credentials button allows to modify the Microsoft Azure application credentials.
  2. In Groups to scan select the groups to be protected by OPSWAT Cloud Email Security by moving from the Available groups to Active groups.

Email Assessment

Email Assessment is a service that can help organizations to uncover gaps in their existing email security systems. Email Assessment can also help to discover how OPSWAT Cloud Email Security can improve the security of the current email security system.

To setup the Email Assessment with Microsoft 365 Graph API integration, perform the following steps:

  1. Login to the Tenant Portal navigating to https://<yourtenant>.ces.opswat.com and then login in with your OPSWAT account.
  2. Accept the Cybersecurity Assessment Terms of Service.
  1. The next step is to setup your application with the necessary permissions and provide us your Microsoft 365 application credentials. Make sure to grant the following permissions to your M365 application:
    1. User.Read.All
    2. Group.Read.All
    3. GroupMember.Read.All
    4. Mail.Read
  1. Select the groups to be scanned. You can move groups using drag & drop or select multiple groups and use the arrow icon.
  1. When you finished the setup your Email Assessment starts. Once the Email Risk Assessment report is complete, our Sales team will promptly get in touch with you to discuss the results in detail.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Microsoft 365 Transport Connectors
On This Page
Microsoft Graph APIOverviewMicrosoft Azure configurationTenant Portal configurationModify existing configurationEmail Assessment