Safetica Office 365 e-mail monitoring
Posted by Michael Skoupý, Last modified by Michael Skoupý on 17 March 2020 03:06 PM
The information mentioned in this article refers to Safetica 9.4 and older. If you are using Safetica 9.5 or higher, the steps described below are automated and you can follow a much-simplified configuration. You can learn more in this knowledge base article.
Safetica Office 365 e-mail monitoring requires an existing and configured Safetica Azure application. Follow this article to set it up: Safetica Office 365 file monitoring
Office 365 e-mail monitoring - Safetica Azure application permissions
In order to monitor Exchange Online e-mail, the Safetica Azure application requires additional sets of permissions:
1. Log in to your organization’s Azure Active Directory admin center: https://aad.portal.azure.com/
2. Go to All services → App registrations and find your Safetica Azure application and open its details
3. Within the application's view go to Manage → API permissions → Add a permission and add the following permissions:
5. Confirm the new permissions by clicking on Grant admin consent for <your tenant name>
6. Applying your changes may take a while, bear this in mind before continuing with next steps.
Office 365 e-mail monitoring - Basic authentication
Safetica uses Powershell commands to retrieve details about e-mail messages from Microsoft Graph API. As of the release of Safetica 9.1, Office 365 does not support Powershell authentication methods other than Basic: https://office365.uservoice.com/forums/264636-general/suggestions/20570782
From security standpoint we are not happy about this either, and we definitely intend to change the authentication method as soon as Microsoft allows us to do so.
In the meantime, you can use the following command to turn on Basic authentication on your Safetica Management Server machine:
Office 365 e-mail monitoring - Safetica Azure service account
The creation of Safetica service account is automated and requires an already configured Office 365 file monitoring and an already created Azure application with sufficient permissions - make sure the steps above have been followed properly.
1. Log in to your WebSafetica management console
2. Go to Management → General → Office 365 settings
3. Service account will report an Error. Click on authenticate and a new tab will open
4. Log in with your Azure administrator account and follow the steps
5. Once finished, you will be redirected back to WebSafetica where Service account will be reported as OK
6. Exchange Online monitoring is managed the same way as endpoint e-mail monitoring - visit the desktop Safetica Management Console and turn e-mail audit on and off for selected users in the Auditor module.