Table of Contents
Register an application in Microsoft Entra ID
1. Register a new application
Navigate to App registrations, then select + New registration.
Name your application and select the option for Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant).
Create a Web URI like so, then click Register.
2. Additional redirect URIs
In the application overview navigate to your redirect URIs:
Select + Add a platform again and add a new Single-page application, then create the following two redirect URIs:
1. https://<your_domain>.<tld>/login/login.html
2. https://<your_domain>.<tld>/new-o365/dist/index.html
3. Create a client secret
Navigate to Certificates & secrets and select + New client secret.
Give the secret a name and an expiration, save, then copy the value for the next step. Don’t forget! The secret value is only visible once, when you leave this page it will become hidden forever and you will not be able to copy it again.
Connect your application to Lucy
1. Add your Microsoft Entra ID (Azure) application
Settings > Common System Settings > Azure Applications
Select + New Application and fill out the details. Use the client ID, client secret, and tenant ID from the application you created.
Click Save, and then you will be prompted to authenticate with Entra ID using your Microsoft account.
In order to complete the setup you must be an administrator in the AD, and you must grant the requested permissions when connecting the application to Lucy:
API permissions explained
| Setting | Explanation |
|---|---|
| User.Read | Allows the app to sign in and read the profile of the signed-in user. |
| Directory.Read.All | Allows the app to read data in the user's directory. |
| Allows the app to access the user's primary email address. | |
| offline_access | Allows the app to request refresh tokens. |
| openid | Sign users in. |
| profile | Allows the app to access the user's basic profile information. |
| User.Read.All | Allows the app to read the full profile of all users. |
2. Configure the add-in settings
Settings > Submitted Email Settings > Plugin Settings
Select + Add Settings and choose a client and name, then click Save. Then you can configure the Settings and Language Settings.
See this page for details on the different settings.
When configuring the plugin settings for Office 365, be sure to select your application before saving!
Default settings If you updated your workstation from version 4.12.1 to 4.13, the existing plugin settings are now stored under "Default Settings". You can create multiple configurations for the plugin on a per-client basis.
3. Download the XML file
Phishing Incident Reports
Navigate to the incidents dashboard and select Download Plugin. Select the option for Microsoft Outlook 365.
Classic Microsoft Outlook 365 This option uses the older Rest API version of the add-in. Don’t use this unless you know why you’re doing it.