Skip to main content
Microsoft 365 Admin - Security Group Connection
Updated over 5 months ago

Registering our application in Microsoft Azure enables your administrators to connect mailboxes to SigParser simply by adding them to a mail enabled security group.

The mailbox owners do not need to create SigParser accounts or manually connect their mailboxes. You can add or remove mailboxes from your Exchange Admin Center.

Recommended for connecting 10+ mailboxes.

To complete these tasks, follow the instructions below or run our Powershell script.

Watch the following video for additional information:

To Start

  • You will need access to the following:

    • A SigParser account. Either create an account or have access to your organization’s SigParser account with the permissions needed to add users and connect mailboxes.

    • Admin access for Microsoft Azure

    • Admin access for Exchange Admin

    • Have Windows PowerShell installed and be able to run application commands on your computer.

    • Have a list of the email addresses you wish to connect and scan in SigParser.

    • You will need active mailbox licenses to enable scanning. You can purchase or reallocate licenses as-needed to complete mailbox scanning.

    • Use the instructions page in SigParser to copy/paste the necessary values.

    • If you need additional support, you can schedule a help session HERE. Have the above items configured prior to your scheduled call.


Go to SigParser

  • In your SigParser account, go to Mailboxes > +Add > Connect Mailboxes with admin > Create New Connection > Microsoft 365 Security Group


Add Members to a Mail-Enabled Security Group

  • Select Mail-enabled security > Next

  • Name the group: SigParser Mailboxes

    • Description is optional

  • Assign Group Owner(s).

    • Group owners will have the ability to add or remove members from this group.

    • Group owner mailboxes will not be scanned by SigParser.

  • Once you have added Group owners, select Next

  • Add group members. This is the list of mailboxes you wish to connect to SigParser and scan.

  • Once you have added Group members, select Next

  • Add group email address

    • Example: sigparsermailboxes

  • Under Approval, select Require owner approval to join the group

  • Select Create Group

Enter a Member Email Address

  • Enter an email address from any of the group members added above onto the instructions page in SigParser. This will be used for testing this connection later.


Enter Group ID

  • Select the newly created mail-enabled security group

  • Copy the “SigParser Mailboxes” Object Id into the textbox on the instructions page in SigParser.


Register SigParser App in Microsoft Azure

  • Select + New Registration

  • Enter the following info:

    • Name: SigParser Mailboxes App

    • Supported account types: Single tenant option

    • Redirect URI: (leave blank)

  • Select Register

Enter App Registration IDs

Select the newly added SigParser Mailboxes App. Copy and paste the Application (client) ID and the Directory (tenant) ID from your Azure page into the fields on the SigParser instructions page.


Grant API Permissions for SigParser App

  • Select API permissions from the menu on the left

  • Select + Add a permission > Microsoft Graph > Application permissions

  • In the search bar, begin typing one of the following permissions. Select the checkbox next to the permission. Do this for each of the following permissions.

    • Calendars.Read

    • Contacts.Read

    • GroupMember.Read.All

    • Mail.Read

    • User.Read.All

  • When you have selected all of the permissions, select Add permissions

  • Select ✔ Grant admin consent


Create and Enter SigParser App Client Secret

  • From the menu on the left, select Certificates & secrets > Client secrets > + New client secret

  • Enter the following details:

    • Description: SigParser Mailboxes Secret

    • Expires: 24 months

  • Select Add

  • Copy and paste the Client Secret Value (NOT Secret ID) from Azure into the corresponding field on the SigParser instructions page.


Create an Access Policy for SigParser App

  • On Windows open Microsoft Powershell

  • Copy and paste the commands from the SigParser instructions page. Wait for a successful response before continuing. This will install the Exchange Online Manager Powershell module

    • Install-Module -Name ExchangeOnlineManagement -Scope CurrentUser -Repository PSGallery -Force; Import-Module ExchangeOnlineManagement

  • Copy and paste the following command and press enter. You may need to authenticate your 365 login. Wait for a successful response before continuing. This will connect to your Microsoft 365 account

    • Connect-ExchangeOnline

  • Copy and paste the following command and press enter

    • New-ApplicationAccessPolicy -PolicyScopeGroupId [your group object ID] -AppId [your app ID] -AccessRight RestrictAccess -Description "Restrict SigParser's access"

  • Copy and paste the following command and press enter. This will test if SigParser can access the restricted email address.

    • Test-ApplicationAccessPolicy -Identity [test.mailbox@yourdomain] -AppId [your app ID]


Name and Test Connection

  • Enter a Connection Name (e.g. Microsoft365 Connection)

  • Click the Create & Test Connection button

  • The mailboxes will automatically start processing 90 days of history within a few hours

  • To manage your connection moving forward, go to Mailboxes and select the connection under the column “Connection.”


Connect More Mailboxes

To connect more mailboxes with this connection:

  • Select the SigParser Mailboxes Mail Enabled Security Group

  • Select Members

  • Select View and manage members > Add members

  • Add the mailboxes you want to connect to SigParser

  • In SigParser, go to Mailboxes > under the "Connection" column, select the Office 365 Admin Connection

  • Select the Resync button at the top of this page

  • You should see the mailboxes added at the bottom of this page.


If you have any questions, send us an email at support@sigparser.com. You can also book a demo session HERE.

Did this answer your question?