Configure Threat Mailbox in Intel Exchange using OAuth authentication for IMAP
Notice
This feature is available in Intel Exchange v3.7.5.1 onwards.
You can configure your Microsoft mailbox account as a Threat Mailbox in Intel Exchange to directly receive emails within the application.
For authenticating an IMAP-based mailbox, Intel Exchange supports OAuth 2.0 authentication through Microsoft Entra ID.
To configure the Intel Exchange IMAP application for OAuth, follow these steps:
Register your Application with Microsoft Entra ID
To use OAuth 2.0 for IMAP-based mailboxes, you must first register your application with Microsoft Entra ID. This registration generates the credentials required to authenticate your mailbox in Intel Exchange.
Steps:
To register your application, follow these steps:
Sign in to the Azure Portal.
Search and select App registrations under Azure Active Directory.
To register a new app, click New Registration.
In Name, enter a name for the app.
Note
You can leave all other settings at their default values.
Click Register to create the application. After registration, go to the Overview section to view and copy the following:
Application (client) ID
Directory (tenant) ID
Configure Application Permissions
After registering your application, assign the required API permissions to allow Intel Exchange to access mailbox data using IMAP.
Steps
To configure application permissions, follow these steps:
Go to Manage > API permissions in your registered app.
Click Add a permission, select APIs my organization uses, and then search for and select Office 365 Exchange Online.
Select Application permissions. In Select permissions, expand the IMAP section and select
IMAP.AccessAsApp.
Click Add permissions.
Click Grant admin consent for <Tenant> and select Yes to apply these permissions. After the permissions are granted, the status is updated to Granted.
Generate Client Secret
Generate a client secret for your registered application. Intel Exchange uses this secret as the authentication token when connecting to the mailbox using IMAP.
Steps
To generate a client secret, follow these steps:
In the Azure portal, go to your registered application.
Go to Manage > Certificates & secrets. Click New client secret and enter the following information:
Enter a description and select an expiration period.
Note
Client secret lifetime is limited to a maximum of 24 months. Microsoft recommends setting it to less than 12 months. For more information, see Add and manage application credentials in Microsoft Entra ID.
Click Add. Copy and store the Value of the client secret securely. You will not be able to view it again after you leave the page.
Retrieve Application’s Object ID
You need the application's Object ID to configure the service principal permissions using PowerShell.
Steps:
To retrieve the Object ID, follow these steps:
In the Azure portal, go to the Microsoft Entra ID service.
Under Manage, select Enterprise applications.
Search and select your registered application.
On the application's Overview page, copy the following values:
Application (client ID)
Object ID
Configure Service Principal Using PowerShell
Use PowerShell to grant the registered application access to the mailbox by assigning the required permissions.
Before you Start
Ensure you are logged in as a user with either the Global Administrator or Exchange Administrator role. This is required to register a service principal and assign mailbox permissions.
Steps
To configure the service principal, follow these steps:
Open Azure Cloud Shell or launch PowerShell with administrator privileges.
Run the following commands individually:
Install-Module ExchangeOnlineManagement Import-Module ExchangeOnlineManagement Connect-ExchangeOnline New-ServicePrincipal -AppId <AppId> -ObjectId <ObjectId> Add-MailboxPermission -Identity <user@domain.com> -User <ObjectId> -AccessRights FullAccess
Replace the placeholders
<AppId>,<ObjectId>, and<user@domain.com>with the actual values from the previous steps.After executing the commands, verify that the permissions have been successfully applied to the service principal.
Note
If mailbox access fails during integration, recheck the placeholder values used in the commands and ensure that the
IMAP.AccessAsApppermission was granted successfully.
Configure Threat Mailbox in Intel Exchange
Configure your mailbox in Intel Exchange using IMAP and OAuth 2.0 authentication.
Before you Start
Ensure your user group has the Create Threat Mailbox and Update Threat Mailbox permissions in Intel Exchange.
Ensure that you generated the Tenant ID, Client ID, Client Secret, Object ID, and Mailbox Email Address values.
Ensure the provided mailbox email has the following:
IMAP access is enabled for the mailbox
Is associated with a valid Microsoft Exchange account
Steps
To configure the Threat Mailbox in Intel Exchange using IMAP OAuth, follow these steps:
Sign in to the Intel Exchange application.
From Administration, go to Integration Management.
Under Feed Sources, select Email, and click Add Email Source.
Provide the following details:
Name: Enter a name for the Threat Mailbox
Account Type: Select IMAP
Authentication Type: Select MS OAuth 2.0
Enter the following values:
Email/Username
Secret Key
App ID
Tenant ID
Click Save and Continue.
Select the mailbox folders from which Intel Exchange should sync emails, and complete the setup.
After configuration, go to the Threat Mailbox in Intel Exchange to verify that emails are being syned successfully. For more information on configuring a Threat Mailbox in Intel Exchange, see Email Sources.