Fortinet black logo

Administration Guide

Home FortiMail 7.4.2 Administration Guide
7.4.2
7.4.2
7.4.1
7.4.0
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.7
6.2.0
6.0.6
6.0.4
6.0.3
6.0.1
6.0.0
5.4.10
5.4.8
5.4.5
5.4.4
5.4.3
5.4.0

Configuring accounts

Configuring accounts

Before you can scan email in Microsoft 365 or Google Workspace mailboxes, you must connect to a respective server.

Adding a Microsoft 365 account in FortiMail requires your Tenant ID, Application ID, and Application Secret. Adding a Google Workspace account in FortiMail requires an email address designated for the administrator, and the account's JSON content.

When acquiring the Tenant ID and Application ID from Microsoft 365, you must also grant consent permissions for the admin.

Add the following permissions for the administrator in Microsoft 365:

  • User.Read.All
  • Mail.ReadWrite
  • Mail.Send
  • GroupMember.Read.All

By default, User.Read is added.

To create a Microsoft 365 account

  1. Go to View > Microsoft 365 & Google Workspace.

  2. Go to .

  3. Click New.

  4. Leave Status enabled.

  5. Set Type to Microsoft 365.

  6. Enter the Tenant ID, Application ID, and the Application Secret.

    You receive log on credentials when you create the custom application on Microsoft Azure. For details, see the Azure documentation.

  7. Select a regional Service Endpoint appropriate to your geographical location.

  8. Enable Real-time Scan if you wish to conduct real-time scanning of emails that match certain criteria specified in a real-time scan policy. For more information, see Enabling and configuring real-time scanning.

  9. Optionally, click New under User Filter Setting to configure user filter settings.

    Enable Status, select the appropriate user Type, and specify additional options depending upon the filter type selected, then click Create.

    Note

    FortiMail supports the importation of Azure AD user group memberships, which can subsequently be applied to domain level recipient policies.

    To use this feature, select Azure AD Group from the Type dropdown when configuring User Filter Settings.

    This feature is currently only available when configuring Microsoft 365 accounts.
  10. When finished configuring the account, click Create.
To create a Google Workspace account

  1. Go to View > Microsoft 365 & Google Workspace.

  2. Go to .

  3. Click New.

  4. Leave Status enabled.

  5. Set Type to Google Workspace.

  6. Enter the Admin email and the JSON content.

    You receive JSON credentials when you create the custom application on Google Workspace. For details, see the Google documentation.

  7. Enable Real-time Scan if you wish to conduct real-time scanning of emails that match certain criteria specified in a real-time scan policy. For more information, see Enabling and configuring real-time scanning.

  8. Optionally, click New under User Filter Setting to configure user filter settings.

    Enable Status, select the appropriate user Type, and specify additional options depending upon the filter type selected, then click Create.

  9. When finished configuring the account, click Create.

    If successful, your account will appear in the account list, showing FortiMail connected to Microsoft 365 or Google Workspace.

  10. Click View User List to view the following email user information under the selected account:

    • Status: Displays whether the user is subscribed or not.

    • Email: User names of the email users on the Microsoft 365 or Google Workspace account.

    • Expiry Date: Subscription expiry date and time to notifications of the user's real-time email.

Previous
Next

Configuring accounts

Before you can scan email in Microsoft 365 or Google Workspace mailboxes, you must connect to a respective server.

Adding a Microsoft 365 account in FortiMail requires your Tenant ID, Application ID, and Application Secret. Adding a Google Workspace account in FortiMail requires an email address designated for the administrator, and the account's JSON content.

When acquiring the Tenant ID and Application ID from Microsoft 365, you must also grant consent permissions for the admin.

Add the following permissions for the administrator in Microsoft 365:

  • User.Read.All
  • Mail.ReadWrite
  • Mail.Send
  • GroupMember.Read.All

By default, User.Read is added.

To create a Microsoft 365 account

  1. Go to View > Microsoft 365 & Google Workspace.

  2. Go to .

  3. Click New.

  4. Leave Status enabled.

  5. Set Type to Microsoft 365.

  6. Enter the Tenant ID, Application ID, and the Application Secret.

    You receive log on credentials when you create the custom application on Microsoft Azure. For details, see the Azure documentation.

  7. Select a regional Service Endpoint appropriate to your geographical location.

  8. Enable Real-time Scan if you wish to conduct real-time scanning of emails that match certain criteria specified in a real-time scan policy. For more information, see Enabling and configuring real-time scanning.

  9. Optionally, click New under User Filter Setting to configure user filter settings.

    Enable Status, select the appropriate user Type, and specify additional options depending upon the filter type selected, then click Create.

    Note

    FortiMail supports the importation of Azure AD user group memberships, which can subsequently be applied to domain level recipient policies.

    To use this feature, select Azure AD Group from the Type dropdown when configuring User Filter Settings.

    This feature is currently only available when configuring Microsoft 365 accounts.
  10. When finished configuring the account, click Create.
To create a Google Workspace account

  1. Go to View > Microsoft 365 & Google Workspace.

  2. Go to .

  3. Click New.

  4. Leave Status enabled.

  5. Set Type to Google Workspace.

  6. Enter the Admin email and the JSON content.

    You receive JSON credentials when you create the custom application on Google Workspace. For details, see the Google documentation.

  7. Enable Real-time Scan if you wish to conduct real-time scanning of emails that match certain criteria specified in a real-time scan policy. For more information, see Enabling and configuring real-time scanning.

  8. Optionally, click New under User Filter Setting to configure user filter settings.

    Enable Status, select the appropriate user Type, and specify additional options depending upon the filter type selected, then click Create.

  9. When finished configuring the account, click Create.

    If successful, your account will appear in the account list, showing FortiMail connected to Microsoft 365 or Google Workspace.

  10. Click View User List to view the following email user information under the selected account:

    • Status: Displays whether the user is subscribed or not.

    • Email: User names of the email users on the Microsoft 365 or Google Workspace account.

    • Expiry Date: Subscription expiry date and time to notifications of the user's real-time email.

Previous
Next