Define Your Visibility

  1. Select your Microsoft 365 permission mode for visibility and remediation.

    2. The visibility defines the type of remediation policy you can apply. The options available will differ depending on your previous selections.

    Microsoft 365 Authentication

    • Read and Write — Allows visibility and on-demand or automated remediation (that is, move or delete suspect messages). Read and write permissions will be requested from Microsoft 365.

    • Read — Allows visibility only, no remediation. Read-only permissions will be requested from Microsoft 365.

    If you choose Read and Write, you will need to turn on the remediation policy in your Configuration Settings once your setup is complete. To apply auto-remediation to all internal emails, ensure the Apply Policy to domains not in the list above box on the Configuration > Mail flow configuration > Domains panel is selected.

    For Microsoft 365 Authentication mode, Secure Email Threat Defense requests access permissions from Microsoft. These permissions depend on whether you choose Read and Write or Read mode. You can find details about the permissions in the linked Microsoft documentation.

    Table 1. Microsoft Graph API Permissions

    MS Graph API Permission ETD Mode ETD Usage
    Mail.Read Read

    • EML download

    • Reclassification feedback
    Mail.ReadWrite Read and Write

    • All Mail.Read usages

    • Remediation

      • Create quarantine folders

      • Move messages

      • Delete messages
    User.Read All Default requesting user permission
    Domain.Read.All All Import mail servers
    Organization.Read.All All Import domains
    User.Read.All All

    • Recipient validation

    • Group based policy exceptions
    Group.Read.All All

    • Recipient validation

    • Group based policy exceptions
    GroupMember.Read.All All Group based policy exceptions

  2. If you chose Microsoft 365 Authentication, connect to Microsoft 365.

    1. Click Next to connect to Microsoft 365.

    2. Log in to your Microsoft 365 account, as prompted. This account must have Global Admin rights; Secure Email Threat Defense will not store or use the account. To learn why these rights are required, see Why are Microsoft 365 Global Admin rights required to set up Secure Email Threat Defense?.

    3. Click Accept to accept the permissions for the Secure Email Threat Defense app. You will be redirected to the Secure Email Threat Defense setup page.

    4. Click Next.