LogoLogo
Get Demo
  • đź’«NEXT-GENERATION PRODUCT
    • Introduction
    • Getting Started
      • 1. Invite System Users
      • 2. Add Target Users
        • Add Users via CSV
        • Add users via SCIM
          • SCIM Setup in Azure AD
          • SCIM Setup in Okta
          • SCIM Setup in Onelogin
          • SCIM Setup in Jumpcloud
        • Add users via LDAP
        • Add Users via API
      • 3. Email Deliverability
        • Microsoft 365
          • M365: Direct Email Creation
          • M365: Whitelisting
        • Google Workspace
          • Google: Direct Email Creation
          • Google: Whitelisting
        • Exchange 2013 and 2016
      • 4. Track Opened Emails
      • 5. Allow Phishing URLs
        • Whitelist for Office 365
        • Whitelist for Google Workspace
        • Whitelist for Exchange 2013/2016
        • Whitelist in Security Solutions
      • 6. Setup Phishing Reporter
        • Step 1. Download Phishing Reporter
        • Step 2. Deploy Phishing Reporter
          • How to Deploy Add-In in Microsoft 365
          • How to Deploy Add-In in Exchange Admin Center
          • How to Deploy Add-In in Google Workspace
          • How to Deploy Add-In in Outlook
            • Troubleshooting Phishing Reporter Add-In on Outlook Desktop
      • 7. Incident Responder Setup
        • Step 1. Integrate Threat Intel Partners
        • Step 2. Mail Configurations
          • Microsoft 365
          • Google Workspace (Gsuite)
          • Exchange (EWS)
    • Platform
      • Dashboard
        • Dashboard Widgets
        • Incident Responder Widgets
        • Threat Sharing Widgets
        • Phishing Simulator Widgets
      • Threat Intelligence
      • Email Threat Simulator
        • Start Scan
        • View Scan Report
        • Create Trusted Account on Exchange
        • Start Scan on O365 Email Account
        • Start Scan on Google Workspace Email Account
      • Threat Sharing
        • Communities
        • Incidents
      • Phishing Simulator
        • Manage Phishing Scenarios
          • Phishing Scenarios
          • Email Templates
          • Landing Pages
        • Phishing Campaign Manager
        • Phishing Campaign Reports
        • Settings
          • DNS Services and Domains
          • Exclude IP Address
      • Callback Simulator
        • Manage Callback Scenarios
          • Callback Scenarios
          • Callback Email Templates
          • Callback Templates
        • Callback Campaign Manager
        • Callback Campaign Reports
        • Settings
          • Callback Phone Numbers
      • Vishing Simulator
        • Vishing Templates
        • Vishing Campaign Manager
        • Vishing Campaign Reports
      • Smishing Simulator
        • Manage Smishing Scenarios
          • Smishing Scenarios
          • Text Message Templates
          • Landing Page Templates
        • Smishing Campaign Manager
        • Smishing Campaign Reports
        • Settings
          • Manage DNS and Domains
          • Exclude IP Addresses
      • Quishing Simulator
        • Manage Quishing Scenarios
          • Quishing Scenarios
          • Quishing Templates
          • Quishing Landing Page Templates
        • Quishing Campaign Manager
        • Quishing Campaign Reports
        • Settings
          • DNS and Domains
          • Excluding IP Address
      • Awareness Educator
        • Training Library
        • Enrollments
        • Certificates
        • Training Reports
        • Training Completion Queries
      • Incident Responder
        • Incident Responder Dashboard
        • Investigations
        • Integrations
        • Playbook
        • Mail Configurations
          • Microsoft 365
          • Exchange
          • Google Workspace
        • Cross Company Integration
      • Phishing Reporter
        • Phishing Reporter Customization
        • Phishing Reporter Deployment
          • How to Deploy the Add-in in Microsoft 365
          • Phishing Reporter Page View Failure Due to Deprecated Exchange Online Tokens
          • Microsoft Ribbon Phishing Reporter
          • How to Deploy the Add-in in Exchange Admin Center
          • How to Deploy the Add-in in Google Workspace
          • Phishing Reporter Announcement Email Template
        • Diagnostic Tool
        • Integrating Microsoft Phishing Reporting Button with Keepnet
        • Troubleshooting Phishing Reporter on Outlook Desktop
      • Reports
        • Advanced Reports
        • Executive Reports
        • Scheduled Reports
        • Gamification Report
      • Company
        • Target Users
        • Companies
          • Company Groups
        • Company Settings
          • Privacy
            • Account Privacy
            • Data Privacy
          • AI Ally Settings
          • SMTP Settings
          • Direct Email Creation
            • Direct Email Creation for Google Workspace
            • Direct Email Creation for Microsoft 365
          • Notification Templates
          • Google User Provisioning
          • REST API
          • White Labeling
          • Proxy Settings
          • SAML Settings
            • How to Configure SAML on ADFS
            • How to Configure SAML on Google Workspace
            • How to Configure SAML on Azure AD
            • How to Configure SAML on CyberArk
            • How to Configure SAML on Okta
          • SCIM Settings
            • Getting Started with SCIM
            • Azure AD SCIM Integration
            • Okta SCIM Integration
            • Onelogin SCIM Integration
            • Jumpcloud SCIM Integration
          • SIEM Integrations
            • Splunk Integration
            • Syslog Integration
          • LDAP
          • Allowed Domains
        • System Users
          • People
          • Roles
        • Audit Log
        • Job Log
      • Free Phishing Email Analysis Service
    • Miscellaneous
      • Whitelisting
        • How to Whitelist an IP Address in Office 365
        • How to Whitelist an IP Address in Exchange 2013 and 2016
        • How to Whitelist an IP Address in Google Workspace
        • How to Whitelist in Mimecast
        • Whitelisting in Other Security Solutions
        • Whitelisting the Pictures on Microsoft Outlook Apps
        • Keepnet Tools Whitelisting Guidelines
        • Understanding Email Delivery Errors
        • Tracking Email Opens in Phishing Simulations
      • User Profile
      • Multi-Factor Authentication (MFA) Settings
      • On-Premise Requirement Checker
      • Platform Requirements
        • Portal UI Requirements
        • Phishing Reporter Requirements
        • Diagnostic Tool Requirements
      • Maintenance Tool
      • Understanding the Preferred Language Setting
  • 📚RESOURCES
    • Platform Security
    • Volume & Performance
    • Customer Help Desk
    • Product Update/Maintenance
    • Research Methodology
    • Release Notes
      • 2025
      • 2024
      • 2023
      • 2022
      • 2021
      • 2020
  • ⚖️Legal Hub
    • For Customers
      • Customer Terms of Service
      • Product Specific Terms
      • Jurisdiction Specific Terms
      • Data Processing Agreement
      • Regional Data Hosting Policy
      • Product and Services Catalog
      • Acceptable Use Policy
      • Keepnet Security Program
      • Microsoft CoPilot Usage Policy
    • For Everyone
      • Website
        • Terms of Use
        • Privacy Policy
        • Cookie Policy
      • Free Phishing Email Analysis
        • Terms of Service
        • Privacy Policy
      • Transparency Report
Powered by GitBook

Copyright © Keepnet Labs LTD. All rights reserved.

On this page
  • Create Microsoft Azure Application
  • How to start the simulation with the “Continue with Microsoft Office 365“ feature?
  • Troubleshoot

Was this helpful?

Export as PDF
  1. NEXT-GENERATION PRODUCT
  2. Platform
  3. Email Threat Simulator

Start Scan on O365 Email Account

PreviousCreate Trusted Account on ExchangeNextStart Scan on Google Workspace Email Account

Last updated 8 months ago

Was this helpful?

This document will provide information on how to start the Email Threat Simulator scan to the email inbox by using the “Continue with Microsoft Office 365” feature.

Microsoft O365 requires extra configuration steps in order to use the Email Threat Simulator with an O365 email account.

Create Microsoft Azure Application

Follow the steps to create and configure the application on Microsoft Azure.

  • Login to .

  • From the Home page, go to the App Registrations menu from the Azure Services page

  • Create a new application by clicking on the +New Registration button.

  • Fill in the following fields on the Register an Application page and then click the Register button.

    • Name: Enter a name for your application.

    • Supported account types: Select the “Accounts in this organizational directory only (Single tenant)” option.

    • Redirect URI: Leave this field blank.

  • After creating the application, copy the “Application (client) ID” and “Directory (tenant) ID” from the Overview page to use it in the platform later.

Follow the steps to assign the required permission to the application that has been created on Microsoft Azure.

  • To assign EWS.AccessAsUser.All permission;

    • Click API Permissions from the left menu and click the +Add a permission button.

    • Click APIs my organization users title on the Request API Permissions page.

    • Select Delegated permissions option on the Office 365 Exchange Online page.

    • Enable the EWS.AccessAsUser.All permission in the EWS field and then click Add Permission button.

  • To assign Mail.Read permission;

    • Click API Permissions from the left menu and click the +Add a permission button.

    • The Microsoft APIs field will appear by default on the Request API Permission page.

    • Click on Microsoft Graph and select Delegated Permissions option.

    • Enable the Mail.Read permission in the Mail field and after that click Add Permission button.

Click the Grant admin consent for “CompanyName” button to successfully grant these permissions to the application.

Follow the steps to configure Authentication configuration in order to start a simulation from the platform.

Set permissions on the Web Applications field from the Authentication menu;

  • Click on the Authentication from the left menu and then click on the +Add a platform button from the Platform Configurations page.

  • From Configure Platforms page, under the Web Applications title, click on the Single-page Application button.

  • Under the Configure Single-page Application title, find Redirect URLs and Front-Channel Logout URL and then write https://ets-api.keepnetlabs.com/ to both fields.

  • Under the Implicit Grant and Hybrid Flows title, enable the Access tokens (used for implicit flows) and ID tokens (used for implicit and hybrid flows) options.

  • Click on Configure button to finish this configuration steps.

Set permissions on the Mobile and Desktop Applications field from the Authentication menu;

  • Click on the +Add a platform button from the Platform Configurations page.

  • From Configure Platforms page, under the Mobile and Desktop Applications title, click on the Mobile and Desktop Applications button.

  • Under the Configure Desktop + Devices title, find Redirect URLs and then select the “https://login.microsoftonline.com/common/oauth2/nativeclient” address.

  • Click on Configure button to finish this configuration steps.

Set permissions on the Advanced Settings field from the Authentication menu;

  • From the Authentication menu, under the Advanced Settings title, find Allow Public Client Flows field and activate the “Enable the following mobile and desktop flows:” option.

  • Click the Save button to finish this configuration steps.

Please make sure that the 2FA authentication is disabled on the email account before starting a simulation on the platform.

Azure might need approximately 30-60 minutes to apply the changes on their side. If you see an error while starting a simulation, please wait a few hours and then try again.

How to start the simulation with the “Continue with Microsoft Office 365“ feature?

Follow the following steps to start the simulation from the platform.

  • Go to Email Threat Simulator > Scans page from the left menu on the platform.

  • Click on the +NEW button to start a new simulation.

  • Read the warning message and then click the “I Understand” button.

  • Follow the steps in the following table for further steps to start a simulation.

Test Email Address

The email address that the simulation will be started on.

Choose an Option

Select the “Continue with Microsoft Office 365” option.

Password

The password of the email address that will be used in the simulation

Application (Client) ID

The Application (Client) ID information that is visible in the application that is created in the Azure platform.

Directory (Tenant) ID

The Directory (Tenant) ID information that is visible in the application that is created in the Azure platform.

Click on the Next button to go to the next page and customize the options as wished on “the “Scan and Delivery Settings” page and then go to the last page to agree on the “User Agreement” to start the simulation.

Troubleshoot

If you’re unable to start an ETS scan on an O365 email account, follow these steps to troubleshoot:

  1. Check Sign-In Logs: Navigate to the User Sign-In logs for the email account used for the ETS scan. Review the logs to identify any technical issues preventing Keepnet from connecting to the account.

  2. Verify MFA/2FA Settings: Ensure that Multi-Factor Authentication (MFA) or Two-Factor Authentication (2FA) is disabled for the email account used for the ETS scan.

  3. Allow Time for Settings to Apply: After configuring the account settings according to the documentation, wait at least 60 minutes before initiating the ETS scan. Microsoft may require some time to apply the changes across your organization.

You can find more information about the Email Threat Simulator .

If you still can't start an ETS scan on the email account, please for further assistance.

đź’«
Microsoft Azure
here
contact the support team