Microsoft 365 Exchange Online Management
Last updated
Was this helpful?
Last updated
Was this helpful?
To enable Office 365 Exchange Online Management, you must first install Dropzone Certificate Credentials.
Some Dropzone actions use x509 certificate based authentication, for example retrieving quarantined emails during phishing analysis. In this section we will set up the Dropzone certificate as trusted by Microsoft.
Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.app
In the bottom left hand corner, click Settings > Integrations
Click "Available"
In the Search bar, search MS 365/Defender, then click "Configure"
Under "Connection", click "mycompany.dropzone.app.crt" and download the file
Return to the Application Overview for your new application
Applications > App Registration > All Applications > Dropzone AI
In the left side bar, click "Certificates & Secrets"
Navigate to Certificates, then click "Upload Certificate"
Select the certificate file you downloaded from the Dropzone UI earlier
For description, use "Dropzone AI"
You should now see the certificate in the UI, including a 'thumbprint' (a cryptographic hash of the certificate.)
Once you have installed your Dropzone credentials, you may assign the Office 365 Exchange Online Management permissions. To do so, do the following:
In the left sidebar, return the API permissions page
Click "Add a permission"
Select "APIs my organization uses"
Type "Office 365 Exchange Online" in the search bar
Click "Application permissions"
Add the following permissions:
Exchange.ManageAsApp
Read file details
Once done selecting all the permissions, click "Add permissions"
Click "Grant admin consent for [mycompany.net]"
Click "Yes"
Open your powershell environment
Connect to Entra ID and get information about the application we configured. The value for the -AppID
parameter is the "Application (Client) ID" you recorded earlier
Note this Id
field which we'll use in the next command, which we refer to as the object-spid
(Service Principal ID)
Connect to Exchange Online and Create an Exchange Online Service Principal for our Application
Lastly, we assign Transport Hygiene Exchange Role to our Application
In the left navigation, select Manage > Custom domain names
In the domain list you'll find one that ends in .onmicrosoft.com
. Record this domain for use later in the Dropzone UI where it is called "Organization ID"
Next we need to run PowerShell commands to grant permissions. You may use whatever PowerShell environment you prefer. The examples below were performed using Azure's interactive Cloud Shell. You may find some of the useful.
For example go to and click on the Cloud Shell icon
Sign into as an administrator