Description: Create tokened mails in Office 365 / Exchange Online mailboxes across your organization.
Step 1:
Log in to your Console, and Add a new Canarytoken.
Step 2:
Create a new token by selecting Office 365 Mail Bug from the drop-down list.
Step 3:
Click on Let's begin (1 of 4).
Step 4:
Modify the token options and paragraph text to your desired scenario and click on Save Template (2 of 4).
Mail Subject: This can be changed to whatever you want the subject of the mail to be. (Use something that would catch the eye of an attacker.)
Mail Content: You can change the content of this mail, we have given you a template to work from.
The template must include at least one link, with the target $token. This is the lure link which, when clicked, will trigger the alert. To add another link, simply select text in your template, click the Link button in the editor's toolbar, and enter $token as the Link URL.
Step 5:
Note: The Office 365 mail token will require permissions to be configured, you need to accept as an admin on your 365 account.
Step 6:
After the auth flow has completed, you can provide a comma-separated list of emails you would like to tokenize (or auto-populate this from the available users in your account).
Then click on Insert Tokens (4 of 4) to finalize the tokenization. Note that token mails are inserted into the user's archive folder, and will fail if that folder is not present.
Step 7:
Success, you are now presented with a summary report of the process.
Note: The OAuth access token granted to us will only be used for the duration of the tokening. It is destroyed after all mailboxes are tokened.