The BigFix Web Reports provides the possibility to schedule the sending reports using an email server. Starting from BigFix Version 10.0 Patch 1, Web Reports includes the possibility to setup an Office 365 credentials as email server through the OAuth authentication. This feature was necessary to overcome the decommissioned Basic authentication for Exchange Web Services (EWS) by Microsoft. In fact, Microsoft decided to drop the Basic authentication, over the SMTP protocol, on the cloud-based Office 365/Exchange Online products (see the announcement at this link https://techcommunity.microsoft.com/t5/exchange-team-blog/upcoming-changes-to-exchange-web-services-ews-api-for-office-365/ba-p/608055)
When setting up Web Reports to use Office365 mailboxes, you must first create an App Registration on the Microsoft Azure Active Directory.
Create an App Registration
Log into your Azure AD console and go to the ‘Azure Active Directory’ section from the list of ‘Admin interfaces’. Select ‘Manage’ -> ‘App Registrations’ -> ‘New Registration’ to create the App Registration.
Here you must provide the following information:
- Registration name is a descriptive name for the app. Users may have multiple apps for different Microsoft products granting different permissions and we suggest something like ‘WebReports Mail Report Service’.
- Account type determines what type of mailboxes can use OAuth for authenticating.
You can choose:
-
- Single tenant which supports only mailboxes for the Azure domain in which the App Registration is created.
- Multitenant which allows any Azure AD account to use OAuth for authenticating.
Single tenant is the recommended option as Multitenant requires more set up such as the Microsoft Partner Network.
- API permissions determines which permissions are granted to the App Registration. Web Reports requires ‘Mail.Send’ permissions for the Microsoft Graph API.
Users must create the Client secret for the App Registration in the ‘Certificates and secrets’ section. The Client secret is used by Web Reports to confirm the user identity during the OAuth process. Also, you need to put aside the Client ID and the Tenant ID. Both values are unique identifier assigned to the Azure AD account and are generated automatically and are available in the ‘Overview’ section.
For any kind of doubt and assistance on Azure and Office365 contact your IT department, check the official Microsoft documentation, or contact your Azure vendor.
Set up Office 365 as mail server of Web Reports
Before setting up the email server on the Web Reports, you should specify a default ‘From:’ address for emails sent from Web Reports, using the related configuration option, otherwise the email setup test will not work. This option can be set in the Windows Registry or in the Linux configuration file under the following path:
<BigFixMachineKey>\Enterprise Server\BESReports\EmailFromAddress
The specified email address must belong to the same tenant of the created App Registration if you chose the single tenant as account type for you App Registration.
Now, you can log into your BigFix Web Reports instance where you want to enable the email server and set up Office365 mailboxes as Email Server as follows:
- Click ‘Administration’ from the top tab bar.
- Click ‘Address Book’ from the sub tabs.
- Click ‘Email server settings’ from the section below (‘Set the outgoing email server’ link is also available in the yellow bar under the sub tabs if the email server is not yet enabled on Web Reports).
- Choose Office 365 as authentication mode:
Enter your Client ID, Client secret, and Tenant ID provided from the creation of the App Registration on the Microsoft Azure portal. Test the email server with the below ‘Test’ button to ensure that everything is working fine and save the email server settings.
Now, each scheduled report sending will be sent from Web Reports through the Office365 mailboxes of your Microsoft Azure tenant.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Author
Gaetano Fichera is a software engineer and a BigFix developer. He joined HCL in 2018 when he was still completing his master's degree. He is currently working on the BigFix Platform projects.