FortiMail MS365 API Guide
FortiMail MS365 API Guide
Application Registration:
Follow these steps to retrieve Tenant Id, Application Id and Application Secret:
- Go to https://aad.portal.azure.com
- Azure Active Directory > App Registration > New Registration, enter a name
(my_fortimail_app), then Register
- In my_fortimail_app Overview you will find Tenant and Application Ids
- Under my_fortimail_app > API Permissions remove any default permissions
- Add below Microsoft Graph Application Permissions:
• Mail.ReadWrite
• Mail.Send
• User.Read.All
- Grant admin consent for all these permissions
- Under my_fortimail_app > Certificates and Secrets, create a new Client Secret (your
Application Secret), copy its value in a file
FortiMail Configuration
- Under System > Account, create a new account using the values you gathered during
the application registration
- Under Policy > Realtime Scan > Setting, enable Realtime scan and configure FortiMail
hostname
- This hostname should be resolvable from the Internet and resolve as FortiMail public
IP address
- FortiMail should have a valid CA signed certificate loaded matching that hostname (use
web browser or site like digicert to check your certificate)
- FortiMail port 443 should be reachable from the internet
- In case of port redirection make sure the external port is specified under Realtime Scan
> Setting
- Once FortiMail has subscribed to Microsoft to receive notification you should see
following log message under Microsoft 365 View > Monitor > Log > Mail Event:
- Send a test email to an address of an active account, you should see Mail Event log
starting with:
You should also have an associated History log (if you click on Session ID column)