Skip to main content

Search

How to set up an Office 365 mail token

Description: Create tokened mails in Office 365 / Exchange Online mailboxes across your organization.

 

Note: Tokens are generated in the user's Archive folder. If the mailbox does not have an Archive folder the process is aborted for that user.

 

Follow the steps below to tokenize a mailbox.

Step 1:

Log in to your Console.

Canary_Login_.png

Step 2:

Click Add a new Canarytoken.

mceclip0.png

 

Step 3:

Create a new token by selecting Office 365 Mail Bug from the drop-down list.

mceclip8.png

 

Step 4:

Click on Let's begin (1 of 4).

mceclip1.png

Step 5:

Modify the token options and paragraph text to your desired scenario and click on Save Template (2 of 4).

 

Mail Subject: This can be changed to whatever you want the subject of the mail to be. (Use something that would catch the eye of an attacker.)

Mail Content: You can change the content of this mail, we have given you a template to work from.

mceclip2.png

The template must include at least one link, with the target $token. This is the lure link which, when clicked, will trigger the alert. To add another link, simply select text in your template, click the Link button in the editor's toolbar, and enter $token as the Link URL.

Step 6:

Note: The Office 365 mail token will require permissions and a Role Group to be configured, which we will do below.

mceclip21.png

Step 7:

Head over to the Exchange admin center.

Expand the Roles drop-down and click on Admin Roles.

Click on Add role group to create a new role group.

mceclip3.png

Step 8:

Name the role Canarytoken (or something else if you'd prefer) then click Next.

mceclip4.png

Step 9:

Search for and select the ApplicationImpersonation and Mailbox Search roles to the new admin role.

mceclip5.png

Step 10:

Add a user to the new role group.

Note: The user must be an admin and will be used to authenticate on the Canary Console for temporary (Once the emails have been created, the permission can be removed) access to tokenise the user mailboxes. 

Once your selected admin has been added, click next for the role group creation success screen.

We can now close the Exchange Admin Center.

Note: Once this role has been assigned to a user, it can take a bit of time to reflect ~ 30 minutes in some cases.

mceclip7.png

mceclip20.png

Step 11:

Return to your Canary Console, where you can now click on Authorize via OAuth.

mceclip8.png

Step 12:

Here you can provide a comma-separated list of emails you would like to tokenize.

Then click on Insert Tokens (4 of 4) to finalize the tokenization.

mceclip3.png

Step 13:

Success, you are now presented with a summary report of the process.

Note: The OAuth access token granted to us will only be used for the duration of the tokening. It is destroyed after all mailboxes are tokened.

mceclip24.png

You're done! ;-)

Was this article helpful?
8 out of 13 found this helpful
Return to top