Configure Threat Mailbox in CTIX using OAuth authentication for EWS
You can configure your Microsoft mailbox account as a Threat Mailbox in CTIX to directly receive emails in the CTIX application.
For authenticating an EWS application, you can use the OAuth authentication service provided by Microsoft Entra ID.
Steps
To configure the CTIX EWS application for OAuth, do the following:
Register your Application with Microsoft Entra ID
To use OAuth, an application must have an application ID issued by Microsoft Entra ID. You can register your application as a public client with Microsoft Entra ID.
Steps
Open a browser and go to the Microsoft Entra ID Portal and sign in using a Microsoft account.
Select Microsoft Entra ID under Services, then select App registrations under Manage.
Select New Registration and enter the following details:
Enter a unique name for your app to identify among all existing apps.
Set the supported account type based on your requirements.
For Redirect URI, change the dropdown to Public client (mobile & desktop) and set the value to
urn:ietf:wg:oauth:2.0:oob.
Click Register.
The system generates the following set of credentials that you must copy and retain to add later in CTIX:
Application (client) ID
Directory (tenant) ID
Configure Application Permissions
Steps
To configure application permissions in Microsoft Entra ID, do the following:
Select Microsoft Entra ID under Services, then select App registrations under Manage.
Navigate to All applications and search for the app you registered.
Open the app and select API permissions in the left-hand navigation under Manage.
Open Microsoft Graph and select Application permissions.
Search for mail and expand the Mail section.
Select Mail.ReadWrite and Mail.Send permissions to allow the app to read, write, and send emails.
Click Add a permission and navigate to APIs my organization uses.
Search for Office 365 Exchange Online permission and click Application permissions.
Select full_access_as_app to use Exchange Web Services with full access to all mailboxes, and click Add permission.
Select Grant admin consent for org and accept the consent dialog.
Select Certificates & secrets in the left-hand navigation under Manage, and select New client secret.
Enter a short description to define the need for the key.
Select the key expiration period. By default, the system selects 180 days as the key expiration period. You choose from the available options or choose a custom start and end date.
Click Add.
Copy the value of the generated client secret and save it. You will require this value in CTIX as the secret key.
For more information on authenticating an EWS application using OAuth, see Microsoft documentation.
Configure Threat Mailbox in CTIX
Configure your mailbox in CTIX using EWS and OAuth authentication.
Before you Start
Make sure your user group has Create Threat Mailbox and Update Threat Mailbox permissions.
Keep the Tenant ID, Application ID, and Client Secret key values handy to enter in CTIX.
The EWS default domain is outlook.office365.com.
Steps
Sign in to the CTIX application.
From Administration, navigate to Integration Management.
Under Feed Sources, select Email and click Add Email Source.
Enter a name for your threat mailbox.
Select Account Type as EWS and Authentication Type as OAuth 2.0.
Enter your email address or your user name.
Now enter the Client Secret that you generated as the Secret Key in Microsoft Entra ID.
Enter your domain, the EWS email default domain is outlook.office365.com.
Enter the Tenant ID and Application ID.
Click Save and choose your preferences to successfully configure the Threat Mailbox.
For more information on configuring a Threat Mailbox in CTIX, see Email Sources.