Action Connectors
      Back to home
      1. Radiant Help Center
      2. Getting Started
      3. Action Connectors

      Action Connector: Microsoft O365 (certificate)

      Set up the action connector for Microsoft 365 to enable one-click mitigation.

      Overview

      This configuration will establish a trusted relationship between Radiant Security and your Azure application to authenticate with the Exchange Online Management PowerShell module. With the action connector, you can execute PowerShell commands from the Radiant Security application with one click. This action connector supports the running the Block Sender and Block URL automated tasks.

      In this guide, you'll onboard the Microsoft O365 (certificate) action connector by completing the following steps:

      At the end of this configuration, you will provide Radiant Security with the following:

      • Private Certificate File
      • Private Certificate Password
      • Application ID
      • Primary Domain

      Prerequisites

      This configuration requires that you are an administrator of the O365 account.

      Generate the self-signed certificate

      Choose to either generate the certificate on Windows or MacOS/Linux.

      Windows: PowerShell certificate generation

      1. In PowerShell, update the DnsName to reflect your organization by executing the following commands:
      # Create certificate
      $mycert = New-SelfSignedCertificate -DnsName "app.radiantsecurity.ai" -CertStoreLocation "cert:\\CurrentUser\\My" -NotAfter (Get-Date).AddYears(10) -KeySpec KeyExchange

      # Export certificate to .pfx file
      $mycert | Export-PfxCertificate -FilePath mycert.pfx -Password (Get-Credential).password

      # Export certificate to .cer file
      $mycert | Export-Certificate -FilePath mycert.cer

      ℹ️ Note: Save the .cer file to upload to Azure at a later step. Save the .pfx file to upload to Radiant Security at a later step. Save the password to upload to Radiant Security at a later step.

      MacOS/Linux: OpenSSL certificate generation

      1. In the command line, generate a private key for signing this request:
        openssl genrsa -out key.pem 2048
      2. Create certificate signing request using user input for certificate details:
        openssl req -new -sha256 -key key.pem -out csr.csr
      3. Sign the certificate signing request using the private key:
        openssl req -x509 -sha256 -days 3650 -key key.pem -in csr.csr -out certificate.pem
      4. Convert the pem certificate to a pfx certificate file. This is required for the PowerShell exchange online authentication.
        openssl pkcs12 -inkey key.pem -in certificate.pem -export -out cert.pfx

      ℹ️ Note: Ensure you provide an input for the CN (common name) as it identifies the certificate.

      ℹ️ Note: Save the .pem file to upload to Azure at a later step. Save the .pfx file to upload to Radiant Security at a later step. Save the password to upload to Radiant Security at a later step.

      Update the Azure app manifest

      1. Log in to Azure.
      2. From the left side menu, navigate to Azure Active Directory.
      3. From the left menu, navigate to App Registrations.
      4. Under All applications search for Radiant Security.
      5. Click to open the application and copy the Application (client) ID.

        Screenshot_2023-05-26_at_1_22_28_PM

      ℹ️ Note: Be sure to save the Application (client) ID as it will be needed at a later step.

      Upload the certificate

      1. From the left side menu, click Certificates & secrets then, click the Certificates tab, and choose Upload certificate.
      2. Upload the certificate .pem or .cer file that you saved from the previous step.

      Copy the primary domain

      1. From the Active Directory home menu, copy the Primary domain.

      primarydomain

      Create the action connector in Radiant Security

      1. Log in to Radiant Security.
      2. From the navigation menu, select Settings > Credentials and click + Add Credential.
      3. Search for and select Microsoft O365 (certificate) and click Configure Credential.
      4. Enter a Credential Name.
      5. Under Required Credentials, provide the following information that you obtained from the previous steps:
        • Private Certificate (pfx) File Upload: the .pfx file downloaded
        • Private Certificate Password: the password associated with the .pfx file
        • Application (client) ID: the Application (client) ID you copied from Azure
        • Primary Domainthe Primary Domain you copied from Azure
          Screenshot 2024-02-01 at 10.52.11 AM-1

       

      We value your opinion. Did you find this article helpful? Share your thoughts by clicking here or reach to our Product and Customer Success teams at support@radiantsecurity.ai 

       

      Last updated: 2024-08-23