Microsoft 365 Exchange/Defender Connector
This page captures detail step to be follow by Bolster Customer to successfully integrate Microsoft 365 Exchange/Defender with Bolster platform. It allows Bolster created Microsoft Entra registered application to manage your Exchange online for adding/remove bolster identified malicious URLs/domains using tenant allow blocklist
Step 1. Prerequisite Steps To be Followed on Customer Microsoft Account
1. Go to the following URL and grant consent. This needs to be done by someone with admin privileges.
https://login.microsoftonline.com/<tenant-id>/adminconsent?client_id=e37a1370-f714-4353-8ad4-589a56baa138&scope=https://outlook.office365.com/.default <tenant-id> is the customer’s Microsoft Entra tenant ID which can be found on the overview section in Microsoft Entra Admin Center Portal. (see below sample screenshot).
and <client-id> is the ID of the Bolster registered Microsoft Entra application which is e37a1370-f714-4353-8ad4-589a56baa138
A sample link will look like below:
https://login.microsoftonline.com/683750ea-1fd5-4610-a861-0e9ad4d83cf8/adminconsent?client_id=e37a1370-f714-4353-8ad4-589a56baa138&scope=https://outlook.office365.com/.default
The URL will load admin grant permission page (See below sample screenshot that):
Bolster Email Defense – This is a bolster application registered as a multi-tenant application on Bolster Microsoft Entra account. As shown above in the screenshot, we get access to manage Exchange as App which would let us execute PowerShell commands to specifically allow/block bolster identified URLs or Domains into your Exchange.
The registration process for this application is as per the instructions provided by Microsoft.
2. Once permission is granted by clicking on the Accept button, you should see a callback response from Bolster platform similar to below screenshot:
Incase of you are not seeing the above message, there might be either access_denied issue or other problem. please make sure you have admin rights to grant permission when retrying. If its still a problem please contact us with the screenshot of the error.
3. After successfully granting permission, log into Azure portal. Go to Roles and Administrators -> Select Exchange Administrator -> Add Assignments -> Search for Bolster Email Defense to assign the role of Exchange Administrator.
a. Login to Azure Portal and Search for “roles and admin”
b. Go to Microsoft Entra roles and administrators Page
c. Search for “exchange administrator” role and select the Exchange Administrator Role.
d. Click on Add Assignments
e. Search for Bolster Email Defense, select it and click on Add
f. Once the role is assigned, Bolster Email Defense should show up on the Exchange Administrator Assignments.
The details instructions are also available on Microsoft documentation page.
4. Once the above steps are completed, make a note of Tenant-ID and Primary domain found in Overview section of Microsoft Entra page. These values are required when setting up Exchange Integration on Bolster Platform.
Step 2. With prerequisite steps done, you can proceed to integrate Exchange/Defender with Bolster Platform
1. Login to Bolster Platform
a. Navigate to Integrations and click on Microsoft 365 Exchange/Defender (as shown below)
2. Provide a name for the connector under Connector Name. From the pre-requisite steps, input following fields (as shown in the screenshot below)
a. Tenant-Id
b. Primary Domain
3. Click on the TEST CONNECTOR button to verify the setup. Once everything looks good, click on Save to save the details into Bolster Platform.
4. You are now ready to create Playbook, to automatically configure adding URL/domain blocklist on Exchange/Defender.
5. We have provided Daily Phish or Scam Domain To Block On Exchange/Defender template (as shown below) for selecting the URLs/Domains using Primary Domain and Current Disposition fields from Web module.
6. Please note only following fields are supported when creating Playbook for Exchange connector to successfully add to your tenant block list.
- Current Disposition (required)
- Source URL or Domain Name (any one)
- Export format JSON (required)