Skip to content
English
Contact Support
  • There are no suggestions because the search field is empty.

Setting Up Direct Mail Injection (DMI) for Microsoft Phishing Simulations

Improve deliverability and eliminate the need to configure Phishing Simulation and Advanced Delivery settings.

M365 Direct Mail Injection is a secure, efficient alternative to using SMTP for delivering phishing simulations directly to users' inboxes in Microsoft 365. By leveraging the Microsoft Graph API, this method improves deliverability and eliminates the need to configure Phishing Simulation and Advanced Delivery settings. This guide walks you through the steps required to enable M365 Direct Mail Injection via Azure's API credentials.

Step 1: Access the Azure Portal

  1. Navigate to the Azure Portal:
    Go to Azure Portal.
  2. Go to Microsoft Entra ID:
    Under "Azure Services," click on Microsoft Entra ID or use the direct link:
    Entra ID Overview.

Step 2: Register a New Application

  1. App Registration:
    • In the Entra ID menu, click on App Registrations.
    • Click New Registration.
    • Enter the application name: DuneSecurity DirectMailInjection.
    • For Account Types, select: Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multi-Tenant).
    • Click Register.

Step 3: Add Required API Permissions

  1. Navigate to API Permissions:
    In the newly created app, click on API Permissions under the Manage section.
  2. Add Permissions:
    • Click Add Permission.
    • Select Microsoft Graph.
    • Under the Application Permissions tab, add the following permissions:
      • User.Read.All
      • Mail.ReadWrite
    • Click Add Permissions to confirm.

Step 4: Grant Admin Consent

  1. Admin Consent:
    After adding the permissions, click Grant Admin Consent to apply the permissions to the app.

Step 5: Create a Client Secret

  1. Create a Client Secret:

    • In the Certificates & Secrets section under Manage, click on New Client Secret.
    • Provide a description (e.g., "Direct Mail Injection Secret").
    • Set the expiration period to 6 months.
    • Click Add to generate the secret.

  2. Save Secret and IDs:
    After generating the secret, securely copy and store the following details:

    • Secret Value (Note: You won’t be able to view this again, so save it securely).
    • Client ID.
    • Tenant (Directory) ID.

Step 6: Share Credentials with Dune Security

Share the following credentials securely with Dune Security:

  1. Client Secret (Value).
  2. Client ID.
  3. Tenant (Directory) ID.

Note: These credentials will be securely handled to ensure the integrity and confidentiality of your data.

image-1-dmi

image-2-dmi copy

Step 7: Test the Setup

Once the credentials have been added by Dune Security, a test email will be sent to ensure that the M365 Direct Mail Injection configuration is working correctly. This will verify proper delivery and ensure that phishing simulations reach the intended recipients without being blocked.