This procedure enables the Message Trace API for an Microsoft 365 installation, which helps Expel investigate phishing submissions.
This procedure varies depending on which option you selected while connecting your Microsoft 365 installation to Workbench:
For more information, see the Microsoft 365 Direct setup for Workbench. If you need help, contact support.
Option 1: If You Choose to Enable Microsoft 365 Integration
New Installation
-
Navigate to Roles and administrators, scroll down and select these roles:
-
Global reader
-
Security reader
-
-
Select Add assignments.
-
Search for the Expel Microsoft 365 integration enterprise app and select it.
-
Select Add.
Existing Installation
-
Navigate to Expel Microsoft 365 Integration > API Permissions, and then select Grant admin consent.
-
Consent to the new API permissions.
-
Navigate to Roles and administrators, scroll down and select these roles:
-
Select Add assignments.
-
Search for the Expel Microsoft 365 integration enterprise app and select it.
-
Select Add.
Option 2: If You Choose to Create Custom Azure Application
New and Existing Installations
-
Follow all previous API permission steps for Step 2: Option 2 in Microsoft 365 Direct setup for Workbench.
-
Navigate to the custom application and select API Permissions.
-
On the APIs my organization uses tab, select Add a permission.
-
Search for and select Microsoft 365 Exchange Online.
-
Select Application permissions, and then, in the Select permissions search field, search for ReportingWebService.
-
Select the ReportingWebService.Read.All permission, and then select Add permissions.
-
Select Grant admin consent for Expel, and then select Yes.
-
Confirm that consent is granted for the added permission.
-
Navigate to Roles and administrators, and then select the following roles:
-
Global reader
-
Security reader
-
-
Select Add assignments.
-
Search for the custom app registration and select it.
-
Select Add.
Microsoft 365, M365, messagetrace, MessageTrace