Skip to main content

How to Integrate Microsoft 365 with BreachBits

Keep the emails used for credential and social testing up-to-date with a Microsoft 365 integration.

Updated over 3 weeks ago

If your organization uses Microsoft 365 for email, you can establish a secure integration with BreachBits to keep the list of emails used for credential threat testing and social engineering current. Before each BreachRisk Assessment, our Platform will use your Microsoft 365 integration to refresh the emails used by BreachBits.

Note: If your organization already has an active Azure integration, you do not need to add an additional Microsoft 365 integration. Your Azure integration can be used to keep your users' emails up-to-date.

Note: To perform the following steps, a user with the role of Application Developer or Global Administrator in Microsoft 365 is required.

Step 1: Sign in to the Microsoft Entra Admin Center

  1. Open a web browser and navigate to the Microsoft Entra Admin Center at entra.microsoft.com.

  2. Sign in with an account that has the necessary permissions (Global Administrator or Application Developer).

Step 2: Register a New Application

  1. In the left navigation pane, find the Applications dropdown and click on App registrations.

  2. Click on the New registration button.

  3. In the Register an application page:

    • Name: Enter a name for your application (e.g., "BreachBitsIntegration").

    • Supported account types: Select Accounts in this organizational directory only (Single tenant).

    • Redirect URI: Leave blank.

  4. Click the Register button.

Step 3: Note Down the Application (Client) ID and Directory (Tenant) ID

  1. After the application is registered, you will be taken to the overview page of your new application.

  2. Note down the Application (client) ID and Directory (tenant) ID. You will need these values to complete the integration.

Step 4: Add API Permissions

  1. In the left navigation pane, click on API permissions.

  2. Click on the Add a permission button.

  3. In the Request API permissions page, click on Microsoft Graph.

  4. Choose Application permissions.

  5. Add the following permissions:

    • User.Read.All: To read user information.

    • Directory.Read.All: To read directory data, including admin roles.

    • Authentication.Read.All: To read authentication methods, including MFA status.

  6. Click the Add permissions button.

Step 5: Grant Admin Consent

  1. In the API permissions page, you will see a list of the permissions you added.

  2. Click on the Grant admin consent for [Your Tenant Name] button.

  3. Confirm the consent by clicking Yes.

Step 6: Create a Client Secret

  1. In the left navigation pane, click on Certificates & secrets.

  2. Under Client secrets, click the New client secret button.

  3. In the Add a client secret page:

    • Description: Enter a description for the secret (e.g., "BreachBits_secret").

    • Expires: Select an expiration duration. When the secret expires, you will have to re-create the BreachBits integration with the new client secret.

  4. Click the Add button.

  5. The value of the client secret will be displayed. Copy this value and save it in a secure place. This value will not be shown again after you navigate away from this page.

Did this answer your question?