Scenario
You wish to implement Exclaimer within a sector that prioritizes stringent security protocols, such as legal, government, financial, and healthcare industries. These sectors handle highly sensitive information and are governed by strict regulatory compliance standards.
Resolution
This page highlights the recommendations for implementing Exclaimer in a way that fortifies your security needs, ensuring that:
- The route of emails is not altered.
- Azure permissions are minimized, avoiding the need for "read and write domains".
Select each option below to view the descriptions:
These tables list the permissions that are configured during the Exclaimer client side deployment:
Application Name |
Exclaimer Signatures for Office 365 <region> |
|||
---|---|---|---|---|
Purpose |
Used to synchronize user data from AAD to Exclaimer |
|||
Requirement |
Mandatory |
|||
API Name |
Permission Name |
Type |
Description |
Purpose |
Microsoft Graph |
User.Read |
Delegated |
Sign in and read user profile |
Used by the UI to query if the signed-in user is an Admin of Microsoft 365 and expose different setup options to them. |
Microsoft Graph |
Directory.Read.All |
Application |
Read directory data |
Used by the data service to query directory data which is then stored in an Exclaimer cache. |
Microsoft Graph |
User.Read.All |
Application |
Read all users' full profiles |
Used to read the user photo. |
Azure Active Directory Graph |
User.Read |
Delegated |
Enable sign-on and read user's profile |
Used by the UI to query if the signed-in user is an Admin of Microsoft 365 and expose different setup options to them. |
Azure Active Directory Graph |
Directory.Read.All |
Application |
Read directory data |
Used by the data service to query directory data, which is then stored in an Exclaimer cache. |
Application Name |
Exclaimer - Signatures for Outlook Feature |
|||
---|---|---|---|---|
Purpose |
Used by the Outlook Add-in & legacy app for Outlook for user sign-in and auth |
|||
Requirement |
Optional. Required for Client-Side signatures |
|||
API Name |
Permission Name |
Type |
Description |
Purpose |
Microsoft Graph |
User.Read |
Delegated |
Sign in and read user profile |
Used to confirm that the user is a valid user within your tenancy in O365 + Exclaimer before making the request to the product. |
Azure Active Directory Graph |
User.Read |
Delegated |
Enable sign-on and read user's profile |
Used to confirm that the user is a valid user within your tenancy in O365 + Exclaimer before making the request to the product. |
Application Name |
Exclaimer - User Details Editor |
|||
---|---|---|---|---|
Purpose |
Used to allow the user to sign in to User Details Editor |
|||
Requirement |
Optional. Required for User Details Editor feature |
|||
API Name |
Permission Name |
Type |
Description |
Purpose |
Microsoft Graph |
Openid | Delegated | Sign users in | To support user sign-in and mapping between Exclaimer subscription and AD user. |
Microsoft Graph |
Profile | Delegated | View user's basic profile | As above |
Microsoft Graph |
User.Read | Delegated | Sign in and read user profile | Used to confirm if the user is a 365 Global Admin and control access to Settings. |
To configure Client-Side signatures:
-
Sign up for an Exclaimer account.
- Complete the configuration process for Authorize and Synchronize for Microsoft 365 subscription.
- Skip the setup for Apply to email from all devices including mobile (Server-side).
- Complete the configuration process for See before you send for Microsoft 365 subscription (client-side).
-
Install the Exclaimer Outlook Add-in.
During installation, specify the users group in the Add users window.
NOTE: The Add-in can take up to 12 hours to deploy.