Admin Submission API allows submission of URLs, mail messages, file mail messages and files to Microsoft to re-scan and get newest verdict on submitted entity. Admin Submissions API is available both to Exchange Online Protection customers as well as to Office 365 ATP customers. The repo provides two PowerShell scripts:
- for URLs submission: AdminSubmissionAPI.ps1
- for email and emails from the attachment: Email_AdminSubmissionAPI.ps1 Both scripts provide read of re-scan result capability. The pre-requisites and preparation steps for URL and email submissions scripts related to the Azure AD app registration are the same and are described below,
- Registered Azure AD app with Delegated permission: Read and write threat assessment requests (ThreatAssessment.ReadWrite.All). For creating new request, we need delegated permission to access users’ data as a signed-in user.
- MSAL PS Powershell module by Jason Thompson: https://www.powershellgallery.com/packages/MSAL.PS https://github.com/AzureAD/MSAL.PS
- Azure AD user account. This user will be used to authenticate to Azure AD when running the script. The script uses Authorization Code flow OAUTH for authentication
- Navigate to the Azure AD admin portal
- Click “New registration”
- Enter name of your app for example "Threat Assessment". Leave “Accounts in this organizational directory only” option selected
- Select “public client/native” and click "Register"
- Click “API permissions” from left navigation menu.
- Click “Add a permission”. Click: "Microsoft Graph"
- Click "Delegated permissions". Scroll down through the list of permission. Select "ThreatAssessment.ReadWrite.All". Click “Add permissions”.
Note that email submission script will also need following Graph API permissions: Mail.Read and Mail.Read.Shared
- Refresh the list of permissions. Click “Grant admin consent for <your organization’s name>”. Click Yes.
- Next click on “Authentication” from left navigation menu. Configure Redirect URIs for Mobile and desktop applications as shown on the screenshot below by adding following ones:
- https://login.microsoftonline.com/common/oauth2/nativeclient
- http://localhost/
- urn:ietf:wg:oauth:2.0:oob
10. On the App screen click “Overview” and copy “Application (client) ID” to the script code into the $clientID variable.
11. Next, we need to assign user allowed to use this app. Assign user(s) to the app by following instruction from this article
12. Next in the Enterprise Application window, navigate to “Properties”. Select Yes next to “User assignment required” and click “Save”
After pre-requisites and deployment steps are fullfiled please read below manuals on how to execute the scripts: