- Incident Responder Release Notes
- Get Started with Incident Responder
- Configure Incident Responder Settings
- Core Settings
- Analytics Settings
- Configure Services
- Prerequisites for Configuring Incident Responder Microsoft Services with OAuth2.0 Authentication
- Configure the Amazon Elastic Compute Cloud (EC2) Service
- Configure the Anomali ThreatStream API Service
- Configure the Atlassian Jira Service
- Configure the BMC Remedy Service
- Configure the Check Point Firewall Service
- Configure the Cisco AMP for Endpoints Service
- Configure the Cisco Services Engine (ISE) Service
- Configure the Cisco Threat Grid Service
- Configure the Cisco Umbrella Enforcement Service
- Configure the Cisco Umbrella Investigate Service
- Configure the CrowdStrike Falcon Host API Service Service
- Configure the CrowdStrike Falcon Host API Service Service
- Configure the CyberArk Service
- Configure the Cylance Protect Service
- Configure the Exabeam Advanced Analytics Service
- Configure the Exabeam Cloud Search Service
- Configure the Exabeam DL Service
- Configure the FireEye HX Service
- Configure the Fortinet Service
- Configure the Google Gmail Service
- Configure the IntSights Cyber Intelligence Ltd. Service
- Configure the IRNotificationSMTPService Service
- Configure the Microsoft Active Directory (AD) (Latest) Service
- Configure the Microsoft Exchange Service
- Configure the Microsoft Outlook Office 365 Service
- Configure the Microsoft Windows Defender ATP Service
- Configure the Microsoft Windows Management Instrumentation Service
- Configure the Netskope Service
- Configure the Okta Service
- Configure the Palo Alto Networks Firewall Service
- Configure the Palo Alto Networks Wildfire Service
- Configure the Rapid7 insightVM Service
- Configure the SentinelOne Service
- Configure the SentinelOneV2 Service
- Configure the Service Now Service
- Configure the Slack Service
- Configure the SlashNext Service
- Configure the Splunk Service
- Configure the ThreatConnect API Service
- Configure the Urlscan.io API Service
- Configure the VirusTotal Service
- Configure the Zscaler Service
- Test a Service
- Edit a Service
- Disable a Service
- Upload a Custom Service
- Delete a Custom Service
- Create an Email Template for the Notify by Email Action
- Respond to Security Incidents
Configure the Microsoft Outlook Office 365 Service
Configure Microsoft Outlook Office 365 as a service to delete emails and search for emails using actions.
Updated: March 22, 2023
If your Microsoft Exchange Online account uses OAuth2.0 modern authentication, ensure you complete certain tasks.
In the Microsoft Exchange admin center (EAC), ensure you have an admin role group with
ApplicationImpersonationandView-Only Recipientspermissions.Assign an Microsoft Outlook Office 365 account with an active mailbox the admin role with
ApplicationImpersonationandView-Only Recipientspermissions. You use the email address and password for this account later.If you use a proxy, ensure that you whitelist https://reports.office365.com/
In the sidebar, click SETTINGS
, then select Core.Under SERVICE INTEGRATIONS, select Services.
Select a service:
To configure a specific service, hover over a service, then click CONFIGURE. Use the search by vendor or filter by action to find a service.
To manually provide the relevant information for a service, click Configure a new service
.To view all actions for a service, hover over a service, then click the information icon
.
Enter information about the service:
Service Name – Enter a unique name for the service. By default, the service name is Outlook Office365.
(Optional) Description – Describe the service.
(Optional) Owner – Enter the email address of the person or group responsible for the service.
Host – Enter your mail server name; for example, outlook.office365.com.
Username – Enter the email address of a Microsoft Outlook Office 365 account with an active mailbox and specific permissions.
Password – Enter the password to the Microsoft Outlook Office 365 account.
Clientid – Enter the application (client) ID.
Client Secret – Enter the client secret you previously added.
Tenant Id – Enter your Azure AD tenant ID.
Version – Select the version of your Exchange server: EXCHANGE 2010 SP2, EXCHANGE 2010 SP1, or EXCHANGE 2010. If you don't know the version of your Exchange server, select AUTONEGOTIATE.
To validate the source, select TEST CONNECTIVITY.
Select CREATE SERVICE.