Skip to main content
 

This procedure enables the Message Trace API for an Office 365 installation, which helps Expel investigate phishing submissions.

Tip

This article was accurate at the time of writing, but changes happen. If you find the instructions are outdated, leave a description in the comment field below and let us know!

This procedure varies depending on which option you selected while connecting your Office 365 installation to Workbench:

  • If you chose Option 1: Enable Office 365 integration during installation, use Option 1 below.

  • If you chose Option 2: Create Custom Azure Application during installation, use Option 2 below.

For more information, see the Office 365 Direct setup for Workbench. If you need help, contact your engagement manager.

Option 1: If you choose to Enable Office 365 integration

New installation

  1. Navigate to Azure AD roles and administrators, scroll down and select Security reader.

    mceclip0.png
  2. Click Add assignments.

    mceclip0.png
  3. Search for the Expel Office 365 integration enterprise app and select it.

    mceclip2.png
  4. Click Add.

    Add_assignments_click_add.jpg

Existing installation

  1. Open the Expel Office 365 Integration > API Permissions tab and select Grant admin consent.

  2. Consent to the new API permissions.

  3. Navigate to Azure AD roles and administrators, scroll down and select Security reader.

    mceclip0.png
  4. Click Add assignments.

    mceclip0.png
  5. Search for the Expel Office 365 integration enterprise app and select it.

    mceclip2.png
  6. Click Add.

    Add_assignments_click_add.jpg

Option 2: If you choose to Create Custom Azure Application

New and Existing installations

  1. Follow all previous API permission steps for Option 2: Create Custom Azure Application in the Office 365 Direct setup for Workbench.

  2. Navigate to the custom Azure application and click API Permissions.

  3. Under the APIs my organization uses tab, click Add a permission.

  4. Search for and select Office 365 Exchange Online.

    mceclip2.png
  5. Select Application permissions and search for ReportingWebService in the Select permissions search field.

    Request_API_permissions_Add.jpg
  6. Select the ReportingWebService.Read.All permission, then click Add permissions.

  7. Select Grant admin consent for Expel, and then click Yes.

    Grant_admin_consent.jpg
  8. Confirm that consent is granted for the added permission.

    Grant_admin_consent_confirm.jpg
  9. Navigate to Azure AD roles and administrators, scroll down and select Security reader.

    mceclip0.png
  10. Click Add assignments.

    mceclip0.png
  11. Search for the custom Azure app registration and select it.

    Add_assignments_Option2.jpg
  12. Click Add.

Office365, O365, messagetrace, MessageTrace

Tip

This article was accurate at the time of writing, but changes happen. If you find the instructions are outdated, leave a description in the comment field below and let us know!