# Execute Response Actions with Microsoft O365 (certificate)

In this guide, you'll onboard the [Microsoft O365 (certificate)](https://learn.microsoft.com/en-us/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps) action connector. This configuration will establish a trusted relationship between Radiant Security and your Azure application to authenticate with the Exchange Online Management PowerShell module. With the action connector, you can execute PowerShell commands from the Radiant Security application with one click.&#x20;

<details>

<summary><i class="fa-bolt-lightning">:bolt-lightning:</i> <mark style="color:red;">Available actions</mark></summary>

The following actions are available after you set up the Microsoft O365 action connector. Keep in mind, additional permissions are required.

* Block sender
* Block sender domain
* Block URLs

</details>

At the end of this configuration, you will provide Radiant Security with the following:

* **Private Certificate File**
* **Private Certificate Password**
* **Application ID**
* **Organization Name**

### Prerequisites

* [ ] This configuration requires that you are an administrator of the O365 account.

### Generate the self-signed certificate

Choose to either generate the certificate on [Windows](#windows-powershell-certificate-generation) or [MacOS/Linux](#macos-linux-openssl-certificate-generation).

#### Windows: PowerShell certificate generation

1. In PowerShell, update the DnsName to reflect your organization by executing the following commands:

{% hint style="info" %}
If you are an E.U. tenant, replace `app.radiantsecurity.ai` by `app.eu1.radiantsecurity.ai`
{% endhint %}

```json
# Create certificate
$mycert = New-SelfSignedCertificate -DnsName "app.radiantsecurity.ai" -CertStoreLocation "cert:\CurrentUser\My" -NotAfter (Get-Date).AddYears(10) -KeySpec KeyExchange

# Export certificate to .pfx file
$mycert | Export-PfxCertificate -FilePath mycert.pfx -Password (Get-Credential).password

# Export certificate to .cer file
$mycert | Export-Certificate -FilePath mycert.cer
```

{% hint style="info" %}
**Note**: Save the **.cer file** to upload to Azure at a later step. Save the **.pfx file** to upload to Radiant Security at a later step. Save the **password** to upload to Radiant Security at a later step.
{% endhint %}

#### MacOS/Linux: OpenSSL certificate generation

1. In the command line, generate a private key for signing this request:

```json
openssl genrsa -out key.pem 2048
```

2. Create certificate signing request using user input for certificate details:

```json
openssl req -new -sha256 -key key.pem -out csr.csr
```

3. Sign the certificate signing request using the private key:

```json
openssl x509 -req -in csr.csr -signkey key.pem -out certificate.pem -days 3650 -sha256
```

4. Convert the **pem** certificate to a **pfx** certificate file. This is required for the PowerShell exchange online authentication.

```json
openssl pkcs12 -inkey key.pem -in certificate.pem -export -out cert.pfx
```

{% hint style="info" %}
**Note**: Ensure you provide an input for the CN (common name) as it identifies the certificate.
{% endhint %}

{% hint style="info" %}
**Note**: Save the **.pem file** to upload to Azure at a later step. Save the **.pfx file** to upload to Radiant Security at a later step. Save the **password** to upload to Radiant Security at a later step.
{% endhint %}

### Update the Azure app manifest

1. Log in to [Azure](https://portal.azure.com/#home).
2. From the left side menu, navigate to Microsoft Entra ID.
3. From the left menu, navigate to **App Registrations**.
4. Under **All applications** search for `Radiant Security`.
5. Click to open the application and copy the **Application (client) ID**.

{% hint style="info" %}
**Note**: Be sure to save the Application (client) ID as it will be needed at a later step.
{% endhint %}

### Upload the certificate

1. From the left side menu, click **Certificates & secrets** then, click the **Certificates** tab, and choose **Upload certificate**.
2. Upload the certificate `.pem` or `.cer` file that you saved from the previous step.

### Copy the primary domain

1. From the [Entra ID Home menu](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Overview), copy the **Primary domain**.

### Create the action connector in Radiant Security

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, select **Settings** > **Credentials** and click **+ Add Credential**.
3. Search for and select **Microsoft O365 (certificate)** and click **Configure Credential**.
4. Enter a **Credential Name**.
5. Under **Required Credentials**, provide the following information that you obtained from the previous steps:

   * **Private Certificate (pfx) File Upload**: `the .pfx file downloaded`
   * **Private Certificate Password**: `the password associated with the .pfx file`
   * **Application (client) ID**: `the Application (client) ID you copied from Azure`
   * **Primary Domain**: `the Primary Domain you copied from Azure`