0% found this document useful (0 votes)
66 views2 pages

FortiMail MS365 API Guide

This document provides guidance on configuring FortiMail to integrate with Microsoft 365 APIs. It describes registering an application in Azure Active Directory to retrieve keys and IDs, and then using those values to configure a new account in FortiMail. It also covers enabling real-time scanning in FortiMail and verifying the subscription by checking logs for acknowledgment and test email notifications.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
66 views2 pages

FortiMail MS365 API Guide

This document provides guidance on configuring FortiMail to integrate with Microsoft 365 APIs. It describes registering an application in Azure Active Directory to retrieve keys and IDs, and then using those values to configure a new account in FortiMail. It also covers enabling real-time scanning in FortiMail and verifying the subscription by checking logs for acknowledgment and test email notifications.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

FortiMail Microsoft 365 API Guide

(for firmware version 6.4 b391 and later)

Application Registration:
Follow these steps to retrieve Tenant Id, Application Id and Application Secret:

- Go to https://aad.portal.azure.com
- Azure Active Directory > App Registration > New Registration, enter a name
(my_fortimail_app), then Register
- In my_fortimail_app Overview you will find Tenant and Application Ids
- Under my_fortimail_app > API Permissions remove any default permissions
- Add below Microsoft Graph Application Permissions:
• Mail.ReadWrite
• Mail.Send
• User.Read.All
- Grant admin consent for all these permissions
- Under my_fortimail_app > Certificates and Secrets, create a new Client Secret (your
Application Secret), copy its value in a file

(see following video)

FortiMail Configuration
- Under System > Account, create a new account using the values you gathered during
the application registration
- Under Policy > Realtime Scan > Setting, enable Realtime scan and configure FortiMail
hostname
- This hostname should be resolvable from the Internet and resolve as FortiMail public
IP address
- FortiMail should have a valid CA signed certificate loaded matching that hostname (use
web browser or site like digicert to check your certificate)
- FortiMail port 443 should be reachable from the internet
- In case of port redirection make sure the external port is specified under Realtime Scan
> Setting
- Once FortiMail has subscribed to Microsoft to receive notification you should see
following log message under Microsoft 365 View > Monitor > Log > Mail Event:

Microsoft 365 acknowledgment received from Microsoft server for subscription

- Send a test email to an address of an active account, you should see Mail Event log
starting with:

Microsoft 365 notification of mail received, from

You should also have an associated History log (if you click on Session ID column)

You might also like