Skip to main content
On Premises Engine - Setup with Microsoft 365
Updated over 4 months ago

The below processes are designed to be deployed in an Azure or private cloud environment connecting to Microsoft 365. You'll setup a Mail Enabled Security group which the On Premise Engine will watch for new mailboxes being added or removed.

Estimated Time: 1 hour with help from SigParser team.

Please Note: Do not try to complete all of these steps without a SigParser support staff member on a call. It is easy to miss a step.

Setup Virtual Machine

Create a new virtual machine (VM). The VM is where all the scanning and processing of emails and calendar meetings will be done.


Configure Virtual Machine Settings

  • Operating System

    • Windows Operating System

    • OS-orchestrated patching: patches will be installed by OS

  • Network Access

    • Outbound:

      • Amazon AWS

        • US: logs.us-west-2.amazonaws.com - port 443

        • EU: logs.eu-central-1.amazonaws.com - port 443

      • ipaas.sigparser.com - port 443

      • serialkeymanager.com - port 443

      • app.cryptolens.io - port 443

      • time.windows.com - port 123

  • Backups

    • Enable backup

    • Backup policy: (new) DailyPolicy


Open Notepad file on VM to temporarily store ID values

  • Create a new Notepad file on C:\sigparser

  • Copy and paste the following into the file

    • SIGPARSER API KEY:

    • AWS_ACCESS_KEY_ID :

    • AWS_SECRET_ACCESS_KEY:

    • GROUP MEMBER EMAIL ADDRESS:

    • GROUP OBJECT ID:

    • APPLICATION (CLIENT) ID:

    • APPLICATION (DIRECTORY) ID:

    • APPLICATION CLIENT SECRET:

  • You will fill in these values in the following steps. These values will be used to create and test the MS365 connection.


Create SigParser Application API Key

  • Login to SigParser application at https://app.sigparser.com/

  • Go to Settings > Developers page

  • Click the "New API Key" button

  • Name the API Key "On Premise Engine", select all checkboxes, and click the Generate Key button

  • Copy the API Key value into the Notepad file for later use


Copy AWS CloudWatch IDs into Notepad File

  • A SigParser team member on provide you with a Key ID and Access Key for logging metrics related to the On Premise Engine. This is done to improve the level of support that can be provided by the SigParser team.

  • Copy the following values to the Notepad file on the VM

    • AWS_ACCESS_KEY_ID

    • AWS_SECRET_ACCESS_KEY

  • Save the Notepad file for later use


Create a MS365 Mail-Enabled Security Group

  • Select Mail-enabled security > Next

  • Name the group: SigParser Mailboxes

    • Description is optional

  • Assign Group Owner(s).

    • Group owners will have the ability to add or remove members from this group.

    • Group owner mailboxes will not be scanned by SigParser.

  • Once you have added Group owners, select Next

  • Add Group members.

    • This is the list of mailboxes you wish to connect to SigParser and scan.

  • Once you have added Group members, select Next

  • Add group email address

    • Example: sigparsermailboxes@(yourdomain)

  • Under Approval, select Require owner approval to join the group

  • Select Create Group


Copy a Member Email Address into Notepad file

  • Copy one of the email addresses from any of the group members added above and paste into the notepad file next to GROUP MEMBER EMAIL ADDRESS


Copy Group Object ID into Notepad file

  • Select the SigParser Mailboxes mail-enabled security group

  • Copy the Object ID and paste into the notepad file next to GROUP OBJECT ID


Register SigParser App in Microsoft Azure

  • Select + New Registration

  • Enter the following info:

    • Name: SigParser Email Fetcher

    • Supported account types: Single tenant option

    • Redirect URI: (leave blank)

  • Select Register


Copy App Registration IDs into Notepad file

  • Go to App Registration > Overview screen for the SigParser Mailboxes app

  • Copy the APPLICATION (CLIENT) ID and APPLICATION (DIRECTORY) ID values in to your Notepad file


Grant API Permissions for SigParser App

  • Select API permissions from the menu on the left

  • Select + Add a permission > Microsoft Graph > Application permissions

  • In the search bar, begin typing one of the following permissions. Select the checkbox next to the permission. Do this for each of the following permissions.

    • Calendars.Read

    • Contacts.Read

    • GroupMember.Read.All

    • Mail.Read

    • User.Read.All

  • When you have selected all of the permissions, select Add permissions

  • Select ✔ Grant admin consent


Create an Access Policy for SigParser App

On Windows open Microsoft PowerShell

Run the following command in PowerShell

Install-Module -Name ExchangeOnlineManagement -Scope CurrentUser -Repository PSGallery -Force; Import-Module ExchangeOnlineManagement

Wait for a successful response before continuing. This will install the Exchange Online Manager Powershell module

Run the following command in Powershell

Connect-ExchangeOnline

You may need to authenticate your 365 login. Wait for a successful response before continuing. This will connect to your Microsoft 365 account

Edit & Run the following command in Powershell

New-ApplicationAccessPolicy -PolicyScopeGroupId GROUP OBJECT ID -AppId APPLICATION (CLIENT) ID -AccessRight RestrictAccess -Description "Restrict SigParser's access"

  • Update the GROUP OBJECT ID and APPLICATION (CLIENT) ID in your notepad file

  • Copy, Paste, and Run the command in PowerShell

  • Wait for confirmation that the policy has been granted

Edit & Run the following command in Powershell

Test-ApplicationAccessPolicy -Identity GROUP MEMBER EMAIL ADDRESS -AppId APPLICATION (CLIENT) ID

  • Update the GROUP MEMBER EMAIL ADDRESS and APPLICATION (CLIENT) ID in your notepad file

  • Copy, Paste, and Run the command in PowerShell

  • Wait for confirmation that access has been granted to the Group Member Email Address

⚠️ If you have a multi-region MS365 setup or replication that only happens every 10 minutes or every hour, it can take some time before all these steps will work until the new group and members are synchronized.


Install and Configure On Premise Engine on Virtual Machine

  • Login to your Virtual Machine

  • Make sure that Google Chrome or Microsoft Edge are installed

  • In Windows Explorer turn on visibility of file extensions

  • Download the SigParser On Premise Engine zip file to the VM

    • Right click on the Zip file and click “Extract to…”

    • Select the location C:\sigparser

    • Click Next

    • Wait for the extract to finish

  • Go to c:\sigparser\

  • In C:\sigparser\EmailFetcher, copy the file appsettings-template - office365.json from folder and paste it to C:\sigparser folder

    • Rename the file to appsettings.json

  • In C:\sigparser, create a text file named allow.txt

    • If you want to allow only specific domains to be mined then put each domain name on a different line.

    • If you want all domains to be mined then put an asterisk (*) only in the file.

  • In C:\sigparser, create a file called deny.txt

    • On each line put any email domains SigParser shouldn’t process if all the people on an email have those domains. This should generally be your company domain names and maybe your HR company.

  • In C:\sigparser, create a file called secrets.json

    • Enter the following in the file

    • {  
      "SigParserApiToken": "api key",
      "Office365ClientSecret": "office 365 client secret"
      }
    • Save the file

  • In C:\sigparser\EmailFetcher,

    • Rename log4net-template.config file to log4net.config

    • Open the file

    • Change the region setting to the value provided by SigParser team

    • Save and close the file

  • In Windows, search for Environment Variables and add the following variables

    • SigParserLicenseKey = API license key from Notepad file

    • AWS_ACCESS_KEY_ID = Access key from Notepad file

    • AWS_SECRET_ACCESS_KEY = Access key secret from Notepad file


Create and Update SigParser App Client Secret

  • Go to App Registration > Overview screen for the SigParser Mailboxes app

  • From the menu on the left, select Certificates & secrets > Client secrets > + New client secret

  • Enter the following details:

    • Description: SigParser Mailboxes Secret

    • Expires: 24 months

  • Select Add

  • Copy and paste the Client Secret Value (NOT Secret ID) from Azure into the "Office365ClientSecret" value in the C:\sigparser\secrets.json file


Add the SigParser API Key to Secrets File

  • Open C:\sigparser\secrets.json file

  • Copy the SIGPARSER API KEY from the Notepad file

  • Update the "SigParserApiToken" value in the json file

  • Close and save the json file


Update and Move appsettings.json File

  • Open C:\sigparser\appsettings.json file

  • Copy values from Notepad file into json file

    • "office365directoryid": "APPLICATION (DIRECTORY) ID",

    • "office365clientid": "APPLICATION (CLIENT) ID",

    • "monitoring_group_ids": "GROUP_OBJECT_ID",

  • Close and save the json file

  • Copy the appsettings.json file to the C:\sigparser\EmailFetcher folder


Configure Scheduled Task to Automatically Run On Premise Engine

Configure the scheduled task to run the SigParser On Premise Engine on a schedule.

Did this answer your question?