The below processes are designed to be deployed in an Azure or private cloud environment connecting to Microsoft 365. You'll setup a Mail Enabled Security group which the On Premise Engine will watch for new mailboxes being added or removed.
Estimated Time: 1 hour with help from SigParser team.
Warning: Do not try this without a SigParser support staff member on a call. It is easy to miss a step.
Setup Virtual Machine
Create a new virtual machine. The VM is where all the processing will be done.
Machine Specific Settings
Windows Operating System
Network Access
Outbound network access needed.
Inbound: Need RDP 3389 access
Backup: Enable backup
Backup policy: (new) DailyPolicy
Guest OS updates: OS-orchestrated patching: patches will be installed by OS
VM OS Configuration
Login to the VM you just created
Install Google Chrome or Microsoft Edge
In Windows Explorer turn on the visibility of file extensions.
Download the SigParser On Premise Engine release zip file to the VM
Right click on the Zip file and click “Extract to…”
Select the location C:\sigparser
Click Next
Wait for the extract to finish
Go to c:\sigparser\
Copy the C:\sigparser\EmailFetcher\appsettings-template - office365.json file from folder and paste it to C:\sigparser folder.
Then rename the file to appsettings.json
Open the new appsettings.json file for editing. We’ll put all our configuration into this file. Then later we’ll copy this file to different locations for each of the apps.
In C:\sigparser create a text file named allow.txt
If you want to allow only specific domains to be mined then put each domain name on a different line.
If you want all domains to be mined then put an asterisk (*) only in the file.
In C:\sigparser create a file called deny.txt
On each line put any email domains SigParser shouldn’t process if all the people on an email have those domains. This should generally be your company domain names and maybe your HR company.
In Windows search for Environment Variables and add the following AWS environment variables
SigParserLicenseKey with the license key from SigParser
AWS_ACCESS_KEY_ID = Access key with permission to write to Cloudwatch logs.
AWS_SECRET_ACCESS_KEY = Access key secret for writing to Cloudwatch logs.
Rename the file c:\sigparser\EmailFetcher\log4net-template.config file to log4net.config
Open the file
Change the region setting to the value provided by SigParser IT
Save the file
Create a Microsoft 365 Security Group
Go to Exchange Admin Console (https://admin.exchange.microsoft.com)
Go to Recipients > Groups > Mail-enabled security
Click Add a group
In Group Type, select Mail-enabled security
In Basics, set Name to SigParser
In Settings,
Set Group email address to sigparser@yourdomain
In Review, review data and click Create Group
Go to Recipients > Groups > and select the SigParser group
Go to Members > View all and manage owners > +Add owners
Select your group owner and click Add
Get the Group ID from the URL browser bar
Go to next step to add members to your security group
Add Members to Security Group
Go to Exchange Admin Console (https://admin.exchange.microsoft.com)
Go to Recipients > Groups > and select the SigParser group
Go to Members > View all and manage owners > +Add members
Add the members or groups who will be connected to SigParser
Register SigParser App in Microsoft Azure
Go to Microsoft Azure portal (https://portal.azure.com)
Go to App registrations > New Registration
Enter the following info
Name: SigParser Email Fetcher
Supported account types: Single tenant option
Redirect URI : Leave blank
Click Register
Add API Permissions
Click on the API permissions section
Give the app these Microsoft Graph as Application permissions
Calender.Read : Yes
Contacts.Read : Yes
GroupMember.Read.All : Yes
Mail.Read : Yes
User.Read.All : Yes
Grant Admin Consent
Create Access Policy
Open Powershell
Open powershell as administrator and paste this command to install the Exchange Online Manager
Install-Module -Name ExchangeOnlineManagement
Run this command next to enable Microsoft powershell scripts to run
set-executionpolicy unrestricted
Load the Exchange Online Management Tool with this command
Import-Module ExchangeOnlineManagement
Connect to your Microsoft account
Connect-ExchangeOnline
Create a new access policy with SigParsers app id and a security group
New-ApplicationAccessPolicy -PolicyScopeGroupId example@mail.com -AppId d323f806-e9e0-xxxx-xxxx-xxxxxxxxxxxx -AccessRight RestrictAccess -Description "Restrict SigParser's access"
(Replace -PolicyScopeGroupId example@mail.com with the email of your security group)
Test if SigParser can access restricted email address
Test-ApplicationAccessPolicy -Identity example@mail.com -AppId d323f806-e9e0-4f23-a8e2-4ca821ffbbeb
(Replace -Identity example@mail.comwith an email outside of SigParsers scope)
⚠️ If you have a multiregion setup or replication that only happens every 10 minutes or every hour then it can take some time before all these steps will work until the new group and members are sync'd.
Create secrets file
Create the following file: c:\sigparser\secrets.json
{
"SigParserApiToken": "your api key",
"Office365ClientSecret": "office 365 client secret for the app you created in Azure"
}
SigParserApiToken = Create an account at https://app.sigparser.com and generate an API key.
Someone from SigParser needs to configure the API feature on your account in the backend.
Office365ClientSecret - Use the secret you from the Azure portal for the application here.
Save the file.
Copy appsettings.json
Review the appsettings.json file one last time to make sure everything is set as desired.
Copy the appsettings.json file to the EmailFetcher folder.
Configure Scheduled Task
Configure the scheduled task to run the SigParser On Premise Engine on a schedule.