Configure the Microsoft Exchange Online integration with your ServiceNow AI Platform instance

Release version: Washingtondc

Updated February 1, 2024

5 minutes to read

After you’ve installed the application from the ServiceNow Store, configure it to connect to your ServiceNow AI Platform instance. This activation activates the search and delete workflows.

Before you begin

Role required: sn_si.admin

Procedure

In your ServiceNow AI Platform instance, navigate to Security Operations > Integrations > Integration Configurations.
Locate the Microsoft Exchange Online tile.
Click Configure.

In the Microsoft Exchange Online Configuration dialog that is displayed, click Configure Exchange Online.

An example of a completed and validated form follows the table.

Configure Exchange Online link highlighted. — Figure 1. Configure Microsoft Exchange Online

Option	Description
Connection Settings tab
Tenant	The Microsoft Exchange Online tenant that you want to perform searches on. This text is the unique name that appears after @ for email addresses for your organization. For this example, `snowsecops.onmicrosoft.com` is the tenant (domain).
OAuth Application ID	The Application (client) ID that was generated for the account that you created in the Microsoft Azure portal. For more information, see Set up your Microsoft Azure account for the ServiceNow Microsoft Exchange Online integration.
OAuth Client Secret	Password (client secret) for the account that you created in the Microsoft Azure portal. For more information, see Set up your Microsoft Azure account for the ServiceNow Microsoft Exchange Online integration.
Additional Settings tab
Email Search Window (days)	The email search history range in number of days. The integration searches for email messages that have been sent or received in the Microsoft Exchange Online server for the number of calendar days that you enter. You’re required to enter a value between 1-30. 30 days is the default and the maximum number of days you can enter for a search. Entering a low number of days in the search window range improves response time, but you may not capture all matched messages as a result. This global setting is for all searches. Prior to executing the email search, there are no parameters that permit you to change this value for individual searches.
Maximum Search Duration	Use this option to set the search timeout threshold. If the timeout threshold is reached, the search ends and no results are displayed. You can specify a default value of 90 minutes and a maximum value of 240 minutes. By setting this threshold, you can avoid endless search loops that could cause performance issues on the Microsoft Exchange Online tenant and the ServiceNow instance.
Tagging	Security tag. Default is selected. When enabled, security tags are automatically applied to related security incidents when search and delete capabilities are initiated and successfully completed. The default tag names are displayed, but tag names and colors can be edited. For more information, see Edit security tags in the ServiceNow AI Platform for the Microsoft Exchange Online integration.
Recover Deleted Emails	Default is selected. This item only applies to emails that you have deleted using this integration. If you don’t want users in your organization to have access to the emails that you’ve deleted, verify that this check box is cleared. If the check box is cleared, the emails that you delete using the workflow of this integration are permanently deleted and placed in the Purges folder. This folder is a sub folder within the Recoverable Items folder on Microsoft Exchange Online that a user normally can’t access. If you want users to recover the emails you delete, select this check box. If this check box is selected, depending on how the user's account is configured in Microsoft Exchange Online, the emails you delete using the workflow of this integration are placed in the Deleted Items folder in the mailbox of the user. If an account is configured so that the user can view the Deleted Items folder in their mailbox, the user can recover the emails you delete from their Microsoft Exchange Online account. For more information, see Recover deleted items or email in Outlook Web App.
Search Completion Notification	Select this option to enable notifications when the search is completed. If the Enable check box is selected, you’ll receive notifications if any matching emails are found. If the check box is cleared, search completion notifications aren’t sent.
Approvals	Request approval to delete emails. Default is cleared. When the check box is cleared, the optional approval process for requesting prior permission before deleting emails from the Microsoft Exchange Online service is disabled. Verify that this check box is cleared if you want to grant your security incident analyst permission to delete emails without requesting prior permission. If enabled, a request is submitted via email to each member of an approval group. From the list, select an approval group from the list. For more information about creating an approval group, see Set up your ServiceNow AI Platform instance for the Microsoft Exchange Online integration. After a request is submitted to an approval group, only one approval is required from the group to complete the request. Any member of the approval group has approval authority. Having a group with more than one person with approval permission ensures that these requests are processed in a timely way.
Failure Notifications	Select the check box to enable failure notifications when the search or delete action fails due to invalid OAuth credentials. If Enabled, failure notifications are sent through email to each member of the failure notifications group when OAuth credentials are invalid. If the check box is cleared, no failure notifications are sent.
Email Result Threshold	From version 10.3 or later, you can specify an email delete threshold for approvals. If the number of emails being deleted is greater than or equal to the value specified here, the Delete request must be approved before the Delete action is invoked. If the threshold value is set to 1, every Delete request must be approved.

Configure the Connection Settings tab — Figure 2. Microsoft Exchange Online Connection Settings

Configure the Additional Settings tab. — Figure 3. Microsoft Exchange Online Additional Settings

Choose one to continue.

Option	Description
Save	Save your edits. This action doesn’t verify your connection.
On the Connection Settings tab, click Validate.	This action validates your Certificate authentication, your MID server connection, and OAuth credentials. If your credentials are valid, the Validate button and both indicators are green.

If an error message is displayed, or one or more of the indicators to the right of the Validate button are red, verify that the user account credentials you entered are valid. Enter your credentials and click Save again.

Validation unsuccessful with red indicator. — Figure 4. Validation unsuccessful

Refer to the following table for more information about the Validate button and the colored icons.


State of Validate button and indicators	Description
Validate button is green.	Indicates that the OAuth is valid.
Validate button is light red.	Exchange Online OAuth credentials button is red: Indicates that the Exchange Online OAuth credentials are invalid. Note: If any of the connections fields such as tenant ID, Client ID, or Client Secret are invalid then the corresponding error messages are displayed. Make sure to provide the valid connection details.