Overview
This Article will detail the process of adding a custom Microsoft Entra ID App registration. You will need global admin permission in Azure.
Creating the App
- Login to portal.azure.com.
- Navigate to Microsoft Entra ID > App Registrations.
- Click the "+ New registration" button.
- Fill the Register an application form with the following:
- Name: input an appropriate name (i.e. PhishingBox Entra App).
- Supported account type: Accounts in this organizational directory only (Single tenant).
-
Redirect URI:
- Platform: Web
-
URI:
https://<phish_portal_url>/authorize_graph_oauth.php
-
Mail Purge URI: Only required if you are using the Mail Purge feature.
https://<phish_portal_url>/authorize_mail_purge_graph_oauth.php
- Click "Register".
- On the App's Overview page, navigate to API Permissions.
- Click "+ Add permission" button.
- Click "Microsoft Graph".
- Click "Delegated permissions".
- Add the following permissions:
- Mail.Read
- Mail.ReadWrite
- offline_access
- openid
- profile
- User.Read
- Click "Add permissions".
- Click the "Grant admin consent for {tenant name}" button.
- If successful, you should receive green checkmark in the "Status" column:
- Navigate to the Overview page.
- Copy the "Application (client) ID "and the "Directory (tenant) ID" and paste them into a text file (you will need these later).
- Navigate to the Certificates & secrets page.
- Click the "+ new client secret" button.
- Input an appropriate description and set expiration to desired value.
NOTE: Once the secret expires you will have to update the app with a new secret.
- Click "Add"
- Copy the value that is generated and add it to the text file created on step 16.
NOTE: You will no longer be able to copy this file after navigating away from this page.
Adding app to PhishingBox
- In an incognito browser, Browse to the PhishingBox portal.
- Navigate to Administration > Settings > Mail Settings > Custom Microsoft Entra ID App tab.
- Click the "+ Add Custom App" button.
- Input the following values (this is where the text file values come in):
- App Name: an appropriate app name (i.e. Azure App).
- Client Id: Application (client) ID.
- Client Secret: Secret Value.
- App Type: Single.
-
Tenant Id: Directory (tenant) ID.
NOTE: Multi-tenant apps do not need to provide a tenant id.
- Click "Create App".
- Navigate to the Security Inboxes tab.
- Click the "+ Create" button.
- Connection Type: "Microsoft Entra ID".
- Microsoft App: select the app you created (it will appear with the name set on step 4).
- Click the "Authorize" button:
- If successful, you will be re-directed to a Microsoft login page.
- Sign in with the reporting inbox credentials.
- After signing in you will be redirected back to the PhishingBox and you will see the success message if the inbox adds successfully.
Now the Security Inbox is ready to use.
Comments
0 comments
Please sign in to leave a comment.