Create tokened mails in Office 365 / Exchange Online mailboxes across your organization.
Step 1: Add a New Canarytoken
Log in to your Console, then click Add a new Canarytoken.
Step 2: Select the Office 365 Mail Bug
Create a new token by selecting Office 365 Mail Bug from the drop-down list.
Step 3: Start the Token Creation Process
Click on Let's begin (1 of 4).
Step 4: Customise and Save Your Template
Modify the token options and paragraph text to your desired scenario and click on Save Template (2 of 4).
Mail Subject: This can be changed to whatever you want the subject of the mail to be. (Use something that would catch the eye of an attacker.) Mail Content: You can change the content of this mail, we have given you a template to work from.
The template must include at least one link, with the target $token. This is the lure link which, when clicked, will trigger the alert. To add another link, simply select text in your template, click the Link button in the editor's toolbar, and enter $token as the Link URL.
Step 5: Grant the Required Permissions
The Office 365 mail token will require permissions to be configured, you need to accept as an admin on your 365 account.
Step 6: Tokenise Selected Mailboxes
After the auth flow has completed, you can provide a comma-separated list of emails you would like to tokenize (or auto-populate this from the available users in your account). Then click on Insert Tokens (4 of 4) to finalize the tokenization. Note that token mails are inserted into the user's archive folder, and will fail if that folder is not present.
Step 7: Review the Summary Report
Success, you are now presented with a summary report of the process.
The OAuth access token granted to us will only be used for the duration of the tokening. It is destroyed after all mailboxes are tokened.