Email Server Integration: Microsoft Office 365 Setup

Prev Next

Prerequisites for Microsoft Office 365

These steps will be performed by the customer’s Microsoft Admin:

  • Create a mail-enabled group in your Microsoft Tenant.

  • Restrict app access to the mail-enabled group, using command line with Powershell.

Set Up Email Security Group for Microsoft Office 365

  1. Log in to Office 365 Administrator account: https://admin.microsoft.com/.

  2. Navigate to the Admin app.

  3. To create a security group in the Microsoft 365 admin center, go to Groups > Active groups and click Add a group. mceclip0.png

    1. In the Group type step, select mail-enabled security and click Next to continue. mceclip1.png

    2. Once you have entered all settings, click Finish and Create Group.

    3. Now, you can add members to that group. To do so, select the group, go to the Members tab, and click View all and manage members. The pane that opens allows you to edit group membership. mceclip2.png

    4. Finally, if you want to delete a security group, find it on the Active groups‘ page, click the More actions button and select Delete Group from the drop-down list. mceclip0.png

Run Commands in Microsoft PowerShell to Restrict App Access to Mail-Enabled Group

Please note if you already have Powershell and the following modules installed, please skip to step 12.

  1. Install Powershell – Install PowerShell on Windows, Linux, and macOS – PowerShell

  2. Open Powershell – sudo pwsh

  3. Install PSWSMan module – Install-Module -Name PSWSMan

  4. Install WSMan – Install-WSMan

  5. Restart Powershell.

  6. Open Powershell again.

  7. Install ExchangeOnlineManagement – Install-Module -Name ExchangeOnlineManagement

  8. Import ExchangeOnlineManagement Module – Import-Module ExchangeOnlineManagement

  9. Authenticate principal microsoft admin user – Connect-ExchangeOnline -UserPrincipalName {AdminUserEmailID}

  10. A new window will pop up. Enter Admin user credentials. On successful authentication, close the window.

  11. Return back to Powershell.

  12. Set access right to Email Group:

    New-ApplicationAccessPolicy
    -AccessRight <ApplicationAccessPolicyRight>
    -AppId <String[]>
    -PolicyScopeGroupId <RecipientIdParameter>
    [-Confirm]
    [-Description <String>]
    [-WhatIf]
    [<CommonParameters>]
    
    Example:
    New-ApplicationAccessPolicy -AppId 5ef0c8a8-d0df-4303-9d64-ebf8e6ee8279 
    -PolicyScopeGroupId [email protected] 
    -AccessRight RestrictAccess 
    -Description "Restrict this app to members of distribution group."
    
    To check if it is a valid security principal
    Get-Recipient 
    -Identity '[email protected]'|Select-Object IsValidSecurityPrincipal
    This works with the Mail-Enabled-Security group only

Additional PowerShell Resources