Start Scan on O365 Email Account
This document will provide information on how to start the Email Threat Simulator scan to the email inbox by using the “Continue with Microsoft Office 365” feature.
Microsoft O365 requires extra configuration steps in order to use the Email Threat Simulator with an O365 email account.
Create Microsoft Azure Application
Follow the steps to create and configure the application on Microsoft Azure.
Login to Microsoft Azure.
From the Home page, go to the App Registrations menu from the Azure Services page
Create a new application by clicking on the +New Registration button.
Fill in the following fields on the Register an Application page and then click the Register button.
Name: Enter a name for your application.
Supported account types: Select the “Accounts in this organizational directory only (Single tenant)” option.
Redirect URI: Leave this field blank.
After creating the application, copy the “Application (client) ID” and “Directory (tenant) ID” from the Overview page to use it in the platform later.
Follow the steps to assign the required permission to the application that has been created on Microsoft Azure.
To assign EWS.AccessAsUser.All permission;
Click API Permissions from the left menu and click the +Add a permission button.
Click APIs my organization users title on the Request API Permissions page.
Select Delegated permissions option on the Office 365 Exchange Online page.
Enable the EWS.AccessAsUser.All permission in the EWS field and then click Add Permission button.
To assign Mail.Read permission;
Click API Permissions from the left menu and click the +Add a permission button.
The Microsoft APIs field will appear by default on the Request API Permission page.
Click on Microsoft Graph and select Delegated Permissions option.
Enable the Mail.Read permission in the Mail field and after that click Add Permission button.
Click the Grant admin consent for “CompanyName” button to successfully grant these permissions to the application.
Follow the steps to configure Authentication configuration in order to start a simulation from the platform.
Set permissions on the Web Applications field from the Authentication menu;
Click on the Authentication from the left menu and then click on the +Add a platform button from the Platform Configurations page.
From Configure Platforms page, under the Web Applications title, click on the Single-page Application button.
Under the Configure Single-page Application title, find Redirect URLs and Front-Channel Logout URL and then write https://ets-api.keepnetlabs.com/ to both fields.
Under the Implicit Grant and Hybrid Flows title, enable the Access tokens (used for implicit flows) and ID tokens (used for implicit and hybrid flows) options.
Click on Configure button to finish this configuration steps.
Set permissions on the Mobile and Desktop Applications field from the Authentication menu;
Click on the +Add a platform button from the Platform Configurations page.
From Configure Platforms page, under the Mobile and Desktop Applications title, click on the Mobile and Desktop Applications button.
Under the Configure Desktop + Devices title, find Redirect URLs and then select the “https://login.microsoftonline.com/common/oauth2/nativeclient” address.
Click on Configure button to finish this configuration steps.
Set permissions on the Advanced Settings field from the Authentication menu;
From the Authentication menu, under the Advanced Settings title, find Allow Public Client Flows field and activate the “Enable the following mobile and desktop flows:” option.
Click the Save button to finish this configuration steps.
Please make sure that the 2FA authentication is disabled on the email account before starting a simulation on the platform.
Azure might need approximately 30-60 minutes to apply the changes on their side. If you see an error while starting a simulation, please wait a few hours and then try again.
How to start the simulation with the “Continue with Microsoft Office 365“ feature?
Follow the following steps to start the simulation from the platform.
Go to Email Threat Simulator > Scans page from the left menu on the platform.
Click on the +NEW button to start a new simulation.
Read the warning message and then click the “I Understand” button.
Follow the steps in the following table for further steps to start a simulation.
You can find more information about the Email Threat Simulator here.
Test Email Address | The email address that the simulation will be started on. |
Choose an Option | Select the “Continue with Microsoft Office 365” option. |
Password | The password of the email address that will be used in the simulation |
Application (Client) ID | The Application (Client) ID information that is visible in the application that is created in the Azure platform. |
Directory (Tenant) ID | The Directory (Tenant) ID information that is visible in the application that is created in the Azure platform. |
Click on the Next button to go to the next page and customize the options as wished on “the “Scan and Delivery Settings” page and then go to the last page to agree on the “User Agreement” to start the simulation.
Troubleshoot
If you’re unable to start an ETS scan on an O365 email account, follow these steps to troubleshoot:
Check Sign-In Logs: Navigate to the User Sign-In logs for the email account used for the ETS scan. Review the logs to identify any technical issues preventing Keepnet from connecting to the account.
Verify MFA/2FA Settings: Ensure that Multi-Factor Authentication (MFA) or Two-Factor Authentication (2FA) is disabled for the email account used for the ETS scan.
Allow Time for Settings to Apply: After configuring the account settings according to the documentation, wait at least 60 minutes before initiating the ETS scan. Microsoft may require some time to apply the changes across your organization.
If you still can't start an ETS scan on the email account, please contact the support team for further assistance.
Last updated