Skip to main content

Microsoft Office 365 Message Trace getting started guide

Scott Dewbre
  • Updated

This procedure creates the items Expel needs to make requests to the Office 365 Message Trace API on your behalf. Onboarding your Office 365 Message Trace helps Expel investigate your phishing submissions.

Step 1: Create an API user for Office 365 Message Trace access

  1. Login to the Office 365 admin center (https://admin.microsoft.com), navigate to the Active users list view, and click Add a user.

    mceclip0.png

  2. Fill in the required fields. Note the username and password for use in a later step. Click Next.

    mceclip0.png

  3. Select Create a user without product license and then click Next.

    mceclip2.png

  4. Click Next again to skip Optional settings.

  5. On the Review and finish screen, click Finish adding.

    mceclip1.png

  6. Login to the Exchange admin center (https://admin.exchange.microsoft.com), navigate to Roles > Admin roles, scroll to the bottom of the page, and select View-Only - Audit Logs.

    mceclip5.png

  7. With View Only - Audit Logs highlighted, click Copy role group.

    mceclip6.png

  8. Name the role, provide a description, and click Next.

    mceclip7.png

  9. In the Permissions form, scroll all the way to the bottom and select View-Only Recipients.

    mceclip8.png

  10. Make sure only View-Only Recipients permission is selected and click Next.

    mceclip9.png

  11. Search for the user created at the beginning of these steps. Select the user and click Next.

    mceclip10.png

  12. Verify the information on screen, edit as necessary, and then click Add role group.

    mceclip11.png

Step 2: Configure your technology in Workbench

Now that we have all the correct access configured and noted the credentials, we can integrate Office 365 Message Trace with Workbench.

  1. In a new browser tab, log into https://workbench.expel.io.

  2. On the console page, navigate to Settings and click Security Devices.

  3. At the top of the page, click Add Security Device.

    Button_WB_add_security_device.png

  4. Search for and select your technology Message Trace.

    mceclip2.png

  5. Fill in the fields as follows:

    • Name: the name of the plugin, for example: "Phishing O365 Message Trace."

    • Location: the location of the device within your organization, for example: "Cloud."

    • O365 account username: the username created in Step 1.

    • O365 account password: the password created in Step 1.

      mceclip1.png

  6. Click Save.

  7. To confirm this device is functioning, report/send a test email to Expel and ask the SOC to promote to investigation. The automatic workflow runs against your new device to confirm it's working. Afterward, the report/test email can be closed.

Related terms

Office365, O365, messagetrace, MessageTrace

Related articles

Comments

0 comments

Please sign in to leave a comment.