0%

Scenario

You wish to implement Exclaimer within a sector that prioritizes stringent security protocols, such as legal, government, financial, and healthcare industries. These sectors handle highly sensitive information and are governed by strict regulatory compliance standards.

Resolution

This page highlights the recommendations for implementing Exclaimer in a way that fortifies your security needs, ensuring that:

  • The route of emails is not altered.
  • Azure permissions are minimized, avoiding the need for "read and write domains".

Select each option below to view the descriptions:

Permissions configured during setup

These tables list the permissions that are configured during the Exclaimer client-side deployment:

Application Name

Exclaimer Signatures for Office 365 <region>

Purpose

Used to synchronize user data from AAD to Exclaimer

Requirement

Mandatory

API Name

Permission Name

Type

Description

Purpose

Microsoft Graph

User.Read

Delegated

Sign in and read user profile

Used by the UI to query if the signed-in user is an Admin of Microsoft 365 and expose different setup options to them.

Microsoft Graph

Directory.Read.All

Application

Read directory data

Used by the data service to query directory data which is then stored in an Exclaimer cache.

Microsoft Graph

User.Read.All

Application

Read all users' full profiles

Used to read the user photo.

Azure Active Directory Graph

User.Read

Delegated

Enable sign-on and read user's profile

Used by the UI to query if the signed-in user is an Admin of Microsoft 365 and expose different setup options to them.

Azure Active Directory Graph

Directory.Read.All

Application

Read directory data

Used by the data service to query directory data, which is then stored in an Exclaimer cache.

Application Name

Exclaimer - Signatures for Outlook Feature

Purpose

Used by the Outlook Add-in & legacy app for Outlook for user sign-in and auth

Requirement

Optional. Required for Client-Side signatures

API Name

Permission Name

Type

Description

Purpose

Microsoft Graph

User.Read

Delegated

Sign in and read user profile

Used to confirm that the user is a valid user within your tenancy in O365 + Exclaimer before making the request to the product.

Azure Active Directory Graph

User.Read

Delegated

Enable sign-on and read user's profile

Used to confirm that the user is a valid user within your tenancy in O365 + Exclaimer before making the request to the product.

Application Name

Exclaimer - User Details Editor

Purpose

Used to allow the user to sign in to User Details Editor

Requirement

Optional. Required for User Details Editor feature

API Name

Permission Name

Type

Description

Purpose

Microsoft Graph

Openid Delegated Sign users in To support user sign-in and mapping between Exclaimer subscription and AD user.

Microsoft Graph

Profile Delegated View user's basic profile As above

Microsoft Graph

User.Read Delegated Sign in and read user profile Used to confirm if the user is a 365 Global Admin and control access to Settings.

Configure Exclaimer for Client-Side deployment

To configure Client-Side signatures:

  1. Sign up for an Exclaimer account.
  2. Complete the configuration process for Authorize and Synchronize for Microsoft 365 subscription.
  3. Skip the setup for Apply to email from all devices including mobile (Server-side).
  4. Complete the configuration process for See before you send for Microsoft 365 subscription (client-side).
  5. Install the Exclaimer Outlook Add-in.
    During installation, specify the users group in the Add users window.

How easy was it to find what you needed?