What is DMI Injection and How to implement it?

What is DMI Injection and How to implement it?

The Direct Message Injection (DMI) feature eliminates the need to whitelist simulated phishing emails. DMI bypasses email filtering rules and places emails into your users’ inboxes. This feature works by creating a secure link between your TSAT console and your Microsoft 365 or Google Workspace account.


Setup for Outlook

If you are using Microsoft 365, the secure connection between TSAT and Microsoft 365 is created by authorizing the DMI application in Azure. This can be done by registering an app. Please find below the steps along with the screenshots to



1. The concerned organization’s admin will log in at
https://portal.azure.com/

 

2. Go to the App registration under the options of Azure services ( If you cannot view the option of App Registration, then search it on the search bar provided on the dashboard).



3. Click on New Registration to create a new app.



4. You will be redirected to the App Registration Page. Here you will be able to fill out the form–

     Application’s Name in the NAME field

     Supported Account Types

     Check for-> Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts, e.g., Skype, Xbox).

      ●    Click on Register to successfully submit the form.




5. Go back to Home Page and select Owned Applications, and select the application display name you created.



6. After selecting the application, you will be redirected to the App Registration page.



7. Go to => Certificates & secrets in the sidebar menu—

     Click on New Client Secret

                  ●    In Add Client Secret, enter the Description for the client secret and Expire time and Click on Add Button below. 





8. Copy the key value of created secret
(Note: Don’t refresh till you copy this at some place where it will not get lost because it will not be visible after that).

9. Go to Overview Tab; copy the Application (client) ID and Directory (tenant) ID.



10. Go to API permissions and now click on Add a permission.



11. Now select Microsoft Graph.



12. Now select Application permissions.



13. Now select the below permissions:

 

     Mail.Read

     Mail.ReadBasic.All

     Mail.ReadWrite

     User.Read.All

     User.ReadWrite.All

User.Read (This is already present in the permissions, No need to add).



14. After adding all the required API/Permissions, we now need to Grant admin consent for [Organizatoin_name] which will show a green tick for all permission status.



Once the app is registered, we would be adding the credentials over the TSAT dashboard for the domain.

NOTE: Make sure to enter the value in secret ID 



NOTE: If all the domains are over different tenants(multi-tenant) for Azure, we would need to do the same activity in all tenants for each domain.

    • Related Articles

    • Implementing Hash-Based Whitelisting for Ransomware simulation

      We can have hash-based whitelisting to allow specific executable files to be downloaded and executed. This method ensures that only files with specified hash values are permitted, providing a more granular control over which executables can run. ...
    • How will I know my whitelisting has been done correctly?

      You can verify the status of your whitelisting by initiating a test campaign. Once the email lands in your inbox, it indicates that your whitelisting has been done correctly. 
    • Creating Bypass policy at Microsoft 365 (formerly ATP whitelisting)

      Comprehensive Whitelisting in Microsoft Defender for Office 365 Safe Links Whitelisting: Access Microsoft 365 Defender Portal: Go to the Microsoft 365 Defender portal: Microsoft 365 Defender. Sign in with your admin credentials. Navigate to Safe ...
    • G Suite IP Whitelisting

      *Note : It might take a while to reflect the following setup on your Gmail admin console. Step 1: Enter https://admin.google.com/ in your address bar. This is your Admin console. Step 2: Go to Apps and choose Google Workspace. Step 3: On your system, ...
    • Microsoft 365 ATP (Advanced Threat Protection) Whitelisting

      In case you are using Microsoft O365 Advanced Threat within your mail environment, there is a possibility that you might experience false clicks and email attachment opens. In order for ThreatCop’s email to function properly, additional rules to ...