Key terms used for this integration

The following key terms are used during the installation and configuration. For more information about the following terms, see the ServiceNow Product Documentation website and the Microsoft docs website.

External systems connection for email search and delete

This application uses the REST based approach to fetch the data from Microsoft.

After the ServiceNow AI Platform is connected to the Microsoft Exchange Online service, the integration supports the various levels of email searches.

The upgraded version of the Security Incident Response integration with Microsoft Exchange Online is a new and robust SIR integration, which operates by utilizing application ID, tenant ID (organization), and the client secret to procure a bearer token (JWT) via REST APIs. This new integration doesn't require any Mid-Server or additional PowerShell capabilities. The application object established within Azure AD is assigned a Directory Role, which is then reflected in an access token.

The basic data flow of the email searches for the number of messages and the message details is illustrated in the following figure.

For email delete, the integration uses the Global Graph API. The recovery of deleted emails is available as an option during the configuration step and is described in more detail in Configure the Microsoft Exchange Online integration with your ServiceNow AI Platform instance.

The data flow for email delete with the preconfigured approval process is illustrated in the following figure.

Flows

The Microsoft Exchange Online application for email search and delete includes the following flows:

• Exchange online-Emails delete.
• Get Exchange Online email details.
• Microsoft Exchange Online -Email search and delete.

You are now ready to set up the accounts that are required for the integration.