Application Integrations
      Back to home
      1. Help Center
      2. Application Integrations

      Microsoft Exchange Online Message Trace Integration

      A step-by-step guide to setting up Microsoft Exchange Online Message Trace monitoring on the AgileBlue Cerulean AI SecOps platform.

      Overview

      The AgileBlue Cerulean AI SecOps Platform has the ability to monitor Microsoft Exchange Online Message Trace logs by accessing the Office365 REST API.

      Please note: Auditing must be enabled for your organization in order to ensure data collection. For more information, click here.

      Configure Your Azure Application

      1. Log in to the Azure Portal using your Office365 Global Administrator credentials. (E.g. an account that is marked as Global Administrator.)
      2. Navigate to the Microsoft Entra ID option in the menu
      3. Select App Registrations in the left-hand menu
      4. Click New registration
      5. Configure the options for this App Registration as shown below:
        1. Name: AgileBlue Message Trace Collection
        2. Supported account types: Accounts in this organizational directory only (Your tenant only - Single tenant)
        3. Redirect URI: No value/not needed
      6. Select API permissions
      7. Click on Add a permission
      8. On the pop out, select Office365 Exchange Online
      9. Select Application permissions
      10. Under Office365 Application APIs Application permissions, expand and check the following options:
        1. ReportingWebService.Read.All
      11. Click Add permissions at the bottom of the pop out to save your changes
      12. Select Grant admin consent for [your tenant name]

      Create Client Secret Key & Collect Account Details


      1. Select Certificates & secrets from the left-hand menu
      2. Once the page loads, click New client secret
      3. On the pop out that appears, provide a Description of AgileBlue Collection Service and select Never for expiration
        1. If never is not an available option, we recommend selecting 24 months. If that's the case, please note the expiration date. A new secret will need to be generated and provided to AgileBlue at that time.
      4. Click Add

        CAUTION! Depending on your version of Azure/Office365 and/or your security configurations, you may only have ONCE CHANCE to grab this value. Be sure to copy this value and store it somewhere safe immediately.

      5. Copy the Secret Value to a secure location
        1. NOTE: The Secret Value is different than the Secret ID. The required value may have numbers, letters, and special characters. The Secret ID will only include numbers, letters, and hyphens. Please ensure the Secret Value is collected, not the Secret ID.
      6. Navigate back to the Overview page and copy the following values:

        1. Application (client) ID

        2. Directory (tenant) ID

      Submitting Sensitive Data

      The final step is to submit these sensitive details to AgileBlue. Once ready, please email support@agileblue.com and a specialist will send back an encrypted message. You will be able to respond to that message with the following values:

        1. Secret Value
        2. Application (client) ID
        3. Directory (tenant) ID
        4. Secret Value Expiration Date

      Need Help?

      AgileBlue is always here to support you and ensure you are 100% successful. If there are any issues with the installation or if you have any questions, please reach out to AgileBlue Support.

      Email: support@agileblue.com 
      Phone: (216) 606-9400      🚨