Hi @Dharmaraj Kurle ,
Welcome to the Microsoft Q&A platform!
Yes, you can configure Direct Email Injection (DMI) with Microsoft Office 365 to insert simulated phishing emails into users' inboxes using the Exchange Web Services (EWS) API. Here are the detailed steps to enable DMI:
- Create a Microsoft 365 administrator account:
- Create a dedicated administrator account for DMI authorization.
- Assign the following roles to this account:
- Application Impersonation
- Application Administrator
- Authorize the DMI application in Azure:
- Sign in to the Azure portal with your administrator account.
- Navigate to Azure Active Directory > Enterprise Applications.
- Click New Application and search for the DMI application.
- Follow the prompts to authorize the application.
- Configure EWS API permissions:
- Make sure the DMI application has the required permissions to use the EWS API.
- You may need to configure specific API permissions under the API permissions section of the DMI application in the Azure portal.
- Set up a secure connection:
- In the console of your DMI provider (e.g. KnowBe4, CanIPhish), navigate to Integration settings.
- Select Microsoft 365 Direct Email Injection and click New Integration.
- Provide a unique name for the integration and click Sign in with Microsoft.
- Complete the authentication process to establish a secure connection.
- Test the configuration:
- Send a test phishing email to ensure that the DMI setup is working properly.
- Verify that the email bypasses the filtering rules and goes directly to the user's inbox.
- Monitor and adjust:
- Monitor the DMI setup regularly to ensure that it continues to function as expected.
- Make adjustments as needed, especially if there are changes to Microsoft 365 policies or DMI provider updates.
For more detailed guidance, you can refer to the Direct Message Injection (DMI) Configuration Guide.
Please feel free to contact me for any updates. And if this helps, don't forget to mark it as an answer.
Best,
Jake Zhang