Skip to content
English
Contact Support
  • There are no suggestions because the search field is empty.

Setting Up a GRAPH API for Watchtower Email Pulling

Remove suspicious email from user's mailboxes

By leveraging the Microsoft Graph API, this function allows Dune Watchtower to pull reported emails directly from user's mailboxes. This guide walks you through the steps required to enable the GRAPH API required for Watchtower to do this.

Step 1: Access the Azure Portal

  1. Navigate to the Azure Portal:
    Go to Azure Portal.
  2. Go to Microsoft Entra ID:
    Under "Azure Services," click on Microsoft Entra ID or use the direct link:
    Entra ID Overview.

Step 2: Register a New Application

  1. App Registration:
    • In the Entra ID menu, click on App Registrations.
    • Click New Registration.
    • Enter the application name: DuneSecurity Watchtower.
    • For Account Types, select: Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multi-Tenant).
    • Click Register.

Step 3: Add Required API Permissions

  1. Navigate to API Permissions:
    In the newly created app, click on API Permissions under the Manage section.
  2. Add Permissions:
    • Click Add Permission.
    • Select Microsoft Graph.
    • Under the Application Permissions tab, add the following permissions:
      • User.Read.All
      • Mail.ReadWrite
      • Mail.Send
    • Click Add Permissions to confirm.

Step 4: Grant Admin Consent

  1. Admin Consent:
    After adding the permissions, click Grant Admin Consent to apply the permissions to the app.

Step 5: Create a Client Secret

  1. Create a Client Secret:

    • In the Certificates & Secrets section under Manage, click on New Client Secret.
    • Provide a description (e.g., "Dune Watchtower Secret").
    • Set the expiration period to 6 months.
    • Click Add to generate the secret.

  2. Save Secret and IDs:
    After generating the secret, securely copy and store the following details:

    • Secret Value (Note: You won’t be able to view this again, so save it securely).
    • Client ID.
    • Tenant (Directory) ID.

Step 6: Share Credentials with Dune Security

Share the following credentials securely with Dune Security:

  1. Client Secret (Value).
  2. Client ID.
  3. Tenant (Directory) ID.

Note: These credentials will be securely handled to ensure the integrity and confidentiality of your data.

image-1-dmi

image-2-dmi copy

Step 7: Test the Feature

Once the credentials have been added by Dune Security, a test email will be sent to ensure that Watchtower pulls reported emails from a user's mailbox.