1. Expel Support Center
  2. Expel Phishing
  3. Phishing setup

Microsoft 365 Message Trace set up

  • Updated

This procedure enables the Message Trace API for an Microsoft 365 installation, which helps Expel investigate phishing submissions.

Before you start

This procedure varies depending on which option you selected while connecting your Microsoft 365 installation to Workbench:

  • If you chose Option 1: Enable Microsoft 365 integration during installation, use Option 1 below.

  • If you chose Option 2: Create Custom Azure Application during installation, use Option 2 below.

For more information, see the Microsoft 365 Direct setup for Workbench. If you need help, contact your engagement manager.

Option 1: If you choose to enable Microsoft 365 integration

New installation

  1. Navigate to Azure AD roles and administrators, scroll down and select these roles:

    • Global reader

    • Security reader

    mceclip0.png

  2. Click Add assignments.

    mceclip0.png

  3. Search for the Expel Microsoft 365 integration enterprise app and select it.

    mceclip2.png

  4. Click Add.

    Add_assignments_click_add.jpg

Existing installation

  1. Open the Expel Microsoft 365 Integration > API Permissions tab and select Grant admin consent.

  2. Consent to the new API permissions.

  3. Navigate to Azure AD roles and administrators, scroll down and select these roles:

    • Global reader

    • Security reader

    mceclip0.png

  4. Click Add assignments.

    mceclip0.png

  5. Search for the Expel Microsoft 365 integration enterprise app and select it.

    mceclip2.png

  6. Click Add.

    Add_assignments_click_add.jpg

Option 2: If you choose to create custom Azure application

New and existing installations

  1. Follow all previous API permission steps for Option 2: Create Custom Azure Application in the Microsoft 365 Direct setup for Workbench.

  2. Navigate to the custom Azure application and click API Permissions.

  3. On the APIs my organization uses tab, click Add a permission.

  4. Search for and select Microsoft 365 Exchange Online.

    Office365_Message_Trace_API_Permissions.png

  5. Select Application permissions and search for ReportingWebService in the Select permissions search field.

    Request_API_permissions_Add.jpg

  6. Select the ReportingWebService.Read.All permission, then click Add permissions.

  7. Select Grant admin consent for Expel, and then click Yes.

    Grant_admin_consent.jpg

  8. Confirm that consent is granted for the added permission.

    Grant_admin_consent_confirm.jpg

  9. Navigate to Azure AD roles and administrators, scroll down and select these roles:

    • Global reader

    • Security reader

    mceclip0.png

  10. Click Add assignments.

    mceclip0.png

  11. Search for the custom Azure app registration and select it.

    Add_assignments_Option2.jpg

  12. Click Add.

Tip

This article was accurate at the time of writing, but changes happen. If you find the instructions are outdated, leave a description in the comment field below and let us know!

Related terms

Office365, O365, messagetrace, MessageTrace

Tip

This article was accurate at the time of writing, but changes happen. If you find the instructions are outdated, leave a description in the comment field below and let us know!

  • Was this article helpful?

  • 0 out of 0 found this helpful

Related articles