Exchange Connectors Feature
This guide walks you through enabling Exchange Connectors monitoring in Optimize365 to secure mail flow across all your managed tenants.
Prerequisites
- Global Reader access in Microsoft Entra ID
Enabling Exchange Connectors
Step 1: Verify Permissions (You may need to do this per tenant)
Option 1:
- Sign in to the Microsoft Entra admin center (opens in a new tab)
- Browse to Entra ID > Roles & admins (Press - Show more.. if you cant see it)
- Select the Global Reader (Double-Click on it)
4.Select Add assignments and search for "Optimize365 Official" (AppId: daf90830-f34f-4ba6-986d-3774a1577225) and press Add
- It will appear on the list once it has been added
Option 2:
Alternatively, run this PowerShell:
# PowerShell script to verify and add Global Reader permission for Optimize365
# First, connect to Microsoft Graph PowerShell
Connect-MgGraph
# Optimize365 AppId
$appId = "daf90830-f34f-4ba6-986d-3774a1577225"
# Get service principal for Optimize365
$servicePrincipal = Get-MgServicePrincipal -Filter "appId eq '$appId'"
if ($null -eq $servicePrincipal) {
Write-Host "❌ Optimize365 service principal not found in this tenant. Verify the AppId is correct." -ForegroundColor Red
exit
}
Write-Host "✅ Found Optimize365 service principal: $($servicePrincipal.DisplayName)" -ForegroundColor Green
# Get Global Reader role
$globalReaderRole = Get-MgDirectoryRole -Filter "DisplayName eq 'Global Reader'"
if ($null -eq $globalReaderRole) {
# Role may not be activated yet, activate it
Write-Host "Global Reader role not activated yet, activating..." -ForegroundColor Yellow
# Get role template
$roleTemplate = Get-MgDirectoryRoleTemplate -Filter "DisplayName eq 'Global Reader'"
if ($null -eq $roleTemplate) {
Write-Host "❌ Unable to find Global Reader role template. Contact support." -ForegroundColor Red
exit
}
# Activate the role
$globalReaderRole = New-MgDirectoryRole -RoleTemplateId $roleTemplate.Id
Write-Host "✅ Global Reader role has been activated" -ForegroundColor Green
}
# Check if Optimize365 already has Global Reader role
$members = Get-MgDirectoryRoleMember -DirectoryRoleId $globalReaderRole.Id
$hasRole = $members | Where-Object { $_.Id -eq $servicePrincipal.Id }
if ($null -ne $hasRole) {
Write-Host "✅ Optimize365 already has the Global Reader role" -ForegroundColor Green
} else {
# Add Optimize365 to Global Reader role
Write-Host "Adding Optimize365 to Global Reader role..." -ForegroundColor Yellow
try {
New-MgDirectoryRoleMemberByRef -DirectoryRoleId $globalReaderRole.Id -BodyParameter @{
"@odata.id" = "https://graph.microsoft.com/v1.0/directoryObjects/$($servicePrincipal.Id)"
}
Write-Host "✅ Successfully added Optimize365 to Global Reader role" -ForegroundColor Green
} catch {
Write-Host "❌ Failed to add Optimize365 to Global Reader role: $_" -ForegroundColor Red
Write-Host " Please add the role manually in Microsoft Entra admin center" -ForegroundColor Yellow
}
}
# Now check Exchange permissions
Write-Host "`nVerifying Exchange permissions..." -ForegroundColor Cyan
Connect-ExchangeOnline -ManagedIdentity:$false
try {
# Test if we can access connector configurations
$connectors = Get-InboundConnector -ErrorAction Stop
Write-Host "✅ Successfully accessed Exchange connectors" -ForegroundColor Green
} catch {
Write-Host "❌ Cannot access Exchange connectors: $_" -ForegroundColor Red
Write-Host " Additional Exchange permissions may be required" -ForegroundColor Yellow
}
# Disconnect sessions
Disconnect-ExchangeOnline -Confirm:$false
Disconnect-MgGraph
Write-Host "`n✅ Permission verification complete" -ForegroundColor GreenStep 2: View Your Data
- Once enabled, go to the M365 > Exchange Connectors tab on your tenant (It takes a few minutes for the role to take effect)
- To refresh data after making changes, click the Exchange Connectors button again or refresh the page
Benefits
- View all mail connectors across client tenants in one dashboard
- Identify misconfigured or insecure connectors
- Monitor compliance with security best practices
Need Help?
Contact [email protected] if you encounter any issues.