Overview
Direct Delivery allows you to send messages directly to a Microsoft or Google user's inbox using the Microsoft Graph or Google API, bypassing traditional mail servers. This approach minimizes delivery issues often encountered during simulated phishing tests.
To ensure successful delivery, the recipient email addresses must exist and have active mailboxes within the Azure or Google Workspace tenant where Direct Delivery is enabled. Messages cannot be delivered to alias addresses. When Direct Delivery is enabled for a PhishingBox Group, campaigns will automatically send simulated phishing and training emails to the group's targets using this method.
Direct Delivery settings can be configured at either the Account level (Mail Settings) or the Group level (Create/Edit Group). Use the links below to navigate to the relevant section:
Mail Settings
When a PhishingBox account has Direct Delivery enabled, you’ll have the option to activate it in the Campaign Wizard on the Review Tab. This allows you to send simulated phishing and training emails to the account's targets using Direct Delivery.
Microsoft
Follow the steps below to enable Direct Delivery for a Microsoft 365 tenant:
- Navigate to Administration > Settings > Mail Settings > Direct Delivery tab
- Click the "Enable Direct Delivery For Microsoft Entra ID" button.
- Click "Accept" to grant the following requested permissions:
- Read all users' full profiles
- Read mail in all mailboxes
- Read and write mail in all mailboxes
- Sign in and read user profile
NOTE: These permissions grant access to read, modify or delete emails. Direct Delivery will never interface with inboxes to read, modify or delete emails. These permissions are only used to deliver mail to inboxes.
To disable Direct Delivery, click the "Disable Direct Delivery for Microsoft Entra ID" button.
Follow the steps below to enable Direct Delivery for a Google Workspace tenant:
- Log in as a global administrator on your Google Workspace account.
- Navigate to Security > Access and data control > API controls.
- Click on "MANAGE DOMAIN WIDE DELEGATION" at the bottom of the page.
- Click "Add new".
- Use 101149194897466439972 as the client ID.
- Enter
https://www.googleapis.com/auth/gmail.insert
for the OAuth scope. - Click "Authorize" on the new domain-wide delegation policy.
- Got to the PhishingBox Portal.
- Navigate to Administration > Settings > Mail Settings > Direct Delivery tab
- Click the "Enable Direct Delivery For Google Workspace" button.
- Authorize the Direct Delivery by entering the email of a global domain admin.
- Click "Save".
To disable Direct Delivery, click the "Disable Direct Delivery for Google Workspace" button.
Create / Edit Group
When a PhishingBox group has Direct Delivery enabled, campaigns will automatically use Direct Delivery to send simulated phishing and training emails to the group’s targets, regardless of the toggle option on the final screen of campaign creation.
NOTE: It's possible to enable Direct Delivery for the entire account instead of a specific group. See the Direct Delivery Section of our Mail Settings article.
Microsoft
To enable Microsoft 365 Direct Delivery for a group, follow these steps:
- Targets / Groups > Edit Group > Direct Delivery Tab
- Click the "Enable Direct Delivery For Microsoft Entra ID" button.
- Click "Accept" to grant the following requested permissions:
- Read all users' full profiles
- Read mail in all mailboxes
- Read and write mail in all mailboxes
- Sign in and read user profile
NOTE: These permissions grant access to read, modify or delete emails. Direct Delivery will never interface with inboxes to read, modify or delete emails. These permissions are only used to deliver mail to inboxes.
To disable Direct Delivery, click the "Disable Direct Delivery for Microsoft Entra ID" button.
To enable Google Workspace Direct Delivery for a group, follow these steps:
- Log in as a global administrator on your Google Workspace account.
- Navigate to Security > Access and data control > API controls.
- Click on "MANAGE DOMAIN WIDE DELEGATION" at the bottom of the page.
- Click "Add new".
- Use 101149194897466439972 as the client ID.
- Enter
https://www.googleapis.com/auth/gmail.insert
for the OAuth scope. - Click "Authorize" on the new domain-wide delegation policy.
- Got to the PhishingBox Portal.
- Navigate to Administration > Settings > Mail Settings > Direct Delivery tab
- Click the "Enable Direct Delivery For Google Workspace" button.
- Authorize the Direct Delivery by entering the email of a global domain admin.
- Click "Save".
To disable Direct Delivery, click the "Disable Direct Delivery for Google Workspace" button.
Comments
0 comments
Please sign in to leave a comment.