Microsoft 365 Exchange Online
  • 2 Minutes to read
  • PDF

Microsoft 365 Exchange Online

  • PDF

Article Summary


The integration between SAFE and Microsoft 365 Exchange Online has been temporarily suspended due to Microsoft's deprecation of Remote PowerShell. We are actively working on transitioning to the new integration method and plan to release it in an upcoming SAFE release.

About this document

This document gives you the step-by-step procedure to configure Office 365 Exchange Online in SAFE.


SAFE seamlessly integrates with Microsoft Office 365 - Exchange Online and allows you to do the configuration assessment for your Exchange Online account.

Configure Exchange Online 

Follow the below procedure to configure the Microsoft Office 365 - Exchange Online:

  1. Download the Office 365 Certificate from SAFE as follow:
    1. Navigate to the SAFE Hooks > Assessment Tools.
    2. Click the Configure button available on the Office 365 Exchange Online Card.
    3. On the configuration screen, click the Download Certificate button. A certificate file will be downloaded to your system.
  2. Register the application on Azure AD as follows:
    1. Login to Office 365 with a "Global Administrator" privilege user.
    2. Navigate to Admin Centre > Azure Active Directory
    3. Click the App Registration option available under Manage in the left-option menu.
    4. Click the New Registration button. The system opens Register an application page.
    5. Enter the Name (display name for the application).
    6. Select the Account Type as "Accounts in this organizational directory only (Organization name only - Single tenant)".
    7. Click the Register button.
  3. Assign the API permissions to the app as follows:
    1. Navigate to your registered application on the App Registrations page.
    2. Click the API permissions option available under Manage from the left-options menu.
    3. On the API permissions page, click Add a permission button.
    4. From "APIs my organization uses" search Office 365 Exchange Online and click it.
    5. Select Application Permissions.
    6. Go to Exchange and select "Exchange.ManageAsApp".
    7. Click the Add permissions button. The permission will be available under the API/Permissions name option.
    8. Change the status of the permission. By default, permission is not granted to the organization.
    9. Click the "Not granted for organization" text under the status column.
    10. Click Grant admin consent for your organization
    11. Read the confirmation dialog that opens and click Yes.
    12. Change the status to Granted for your Organization.
  4. Attach the certificate to the Azure AD application as follows:
    1. On the App registrations page, navigate to your registered application.
    2. Click Certificates & secrets available under Manage in the left-options menu.
    3. On the Certificates & secrets page, click the Upload certificate button.
    4. Browse and upload the certificate downloaded from SAFE.
    5. Click the Add button.
  5. Assign the Azure AD roles to the application as follows:
    1. Navigate to Azure Active Directory.
    2. Click Roles and administrators available under Manage in the left-options menu.
    3. Find and select the supported roles by clicking the name of the role. For this integration select the role of "Global reader".
    4. Click Add Assignments.
    5. On the Add assignments pop-up, select your application.
    6. Click the Add button.
  6. Enter the connector details on SAFE as follows:
    1. Navigate to the Administration > SAFE Hooks > Assessment Tools.
    2. Click the Configure button available on the Office 365 Exchange Online Card.
    3. Enter the Application ID of the application you created.
    4. Enter the OrganizationDomain. To find the Organization Domain:
      1. Go to Azure Active Directory > Overview
      2. Find the Primary Domain and copy it.
    5. Enter a value in the number of days for Auto Scan Frequency.
  7. Click the Test Button.
  8. Once the connection is verified, click Save.
  9. Once the configuration is saved, enable the Office 365 Exchange Online toggle button available at the top-right corner of the screen.

View Assessment Details

Once the Office 365 Exchange Online is configured, the system onboards the asset in SAFE.  Go to the Assets page under technology, and search with the name as ExchangeOnline - the domain of your organization. You can see the assessment result on the asset details page.

Was this article helpful?