What permissions are requested to set up the Inbox Defender?
- Read and write mail in all mailboxes: A key part of the Inbox Defender is scanning emails for analysis for potential malicious behavior and insert banners into them. This permission allows that.
- Read all users' relevant people lists: This is for the verify-spoofing functionality, which allows Upfort to verify if they have stored the email as a contact or as a domain address, and check if there is a possible spoofing attempt
- Sign in and read user profile: This permission is part of the Microsoft functionality to allow Upfort to operate through their API
What settings are enabled on Microsoft when the Inbox Defender is enabled?
The setup process authorizes an Upfort application in the Entra Tenant, the Inbox Defender application is a multi-tenant app, typically that creates a service principal for each tenant.
Activating the Inbox Defender for Microsoft 365 adds the Upfort application to your Entra Enterprise App list, which allows us to use an EWS Managed API scope to run Inbox Defender on the tenant mailboxes.
Finding Upfort Inbox Defender in Microsoft Admin Center
Admins can find the Upfort Inbox Defender connection within Microsoft's Entra ID portal by following these steps:
- Go to the Microsoft Entra ID portal: https://entra.microsoft.com/
- Navigate to the Enterprise Applications tab.
- Locate the Upfort Inbox Defender application.