Microsoft O365 (certificate)

Configure the action connector for Microsoft O365 (certificate).

In this guide, you'll onboard the Microsoft O365 (certificate) action connector. This configuration will establish a trusted relationship between Radiant Security and your Azure application to authenticate with the Exchange Online Management PowerShell module. With the action connector, you can execute PowerShell commands from the Radiant Security application with one click.

Available actions

The following actions are available after you set up the Microsoft O365 action connector. Keep in mind, additional permissions are required.

Block sender
Block sender domain
Block URLs

At the end of this configuration, you will provide Radiant Security with the following:

Private Certificate File
Private Certificate Password
Application ID
Organization Name

Prerequisites

This configuration requires that you are an administrator of the O365 account.

Generate the self-signed certificate

Choose to either generate the certificate on Windows or MacOS/Linux.

Windows: PowerShell certificate generation

In PowerShell, update the DnsName to reflect your organization by executing the following commands:

# Create certificate
$mycert = New-SelfSignedCertificate -DnsName "app.radiantsecurity.ai" -CertStoreLocation "cert:\CurrentUser\My" -NotAfter (Get-Date).AddYears(10) -KeySpec KeyExchange

# Export certificate to .pfx file
$mycert | Export-PfxCertificate -FilePath mycert.pfx -Password (Get-Credential).password

# Export certificate to .cer file
$mycert | Export-Certificate -FilePath mycert.cer

Note: Save the .cer file to upload to Azure at a later step. Save the .pfx file to upload to Radiant Security at a later step. Save the password to upload to Radiant Security at a later step.

MacOS/Linux: OpenSSL certificate generation

In the command line, generate a private key for signing this request:

openssl genrsa -out key.pem 2048

Create certificate signing request using user input for certificate details:

openssl req -new -sha256 -key key.pem -out csr.csr

Sign the certificate signing request using the private key:

openssl x509 -req -in csr.csr -signkey key.pem -out certificate.pem -days 3650 -sha256

Convert the pem certificate to a pfx certificate file. This is required for the PowerShell exchange online authentication.

openssl pkcs12 -inkey key.pem -in certificate.pem -export -out cert.pfx

Note: Ensure you provide an input for the CN (common name) as it identifies the certificate.

Note: Save the .pem file to upload to Azure at a later step. Save the .pfx file to upload to Radiant Security at a later step. Save the password to upload to Radiant Security at a later step.

Update the Azure app manifest

Log in to Azure.
From the left side menu, navigate to Microsoft Entra ID.
From the left menu, navigate to App Registrations.
Under All applications search for Radiant Security.
Click to open the application and copy the Application (client) ID.

Note: Be sure to save the Application (client) ID as it will be needed at a later step.

Upload the certificate

From the left side menu, click Certificates & secrets then, click the Certificates tab, and choose Upload certificate.
Upload the certificate .pem or .cer file that you saved from the previous step.

Copy the primary domain

From the Entra ID Home menu, copy the Primary domain.

Create the action connector in Radiant Security

Log in to Radiant Security.
From the navigation menu, select Settings > Credentials and click + Add Credential.
Search for and select Microsoft O365 (certificate) and click Configure Credential.
Enter a Credential Name.
Under Required Credentials, provide the following information that you obtained from the previous steps:
- Private Certificate (pfx) File Upload: the .pfx file downloaded
- Private Certificate Password: the password associated with the .pfx file
- Application (client) ID: the Application (client) ID you copied from Azure
- Primary Domain: the Primary Domain you copied from Azure

PreviousKnowBe4 NextNetskope

Last updated 14 days ago