SpamHero connects to Entra ID (Previously known as Azure Active Directory) via the Microsoft Graph API. For SpamHero to connect to Microsoft Graph API, you will need the following:
If you are using the Azure portal, click the View button in the Manage Azure Active Directory box, scroll to bottom, and click Add application registration.
On the Overview screen (shown immediately after finishing the steps above), you'll find the Application (client) ID & Directory (tenant) ID, copy these down.
For SpamHero to be able to get data about your users, you will need to give this API key the User.Read.All
and Group.Read.All
permissions (The default User.Read
permission is not sufficient)
To add this permission:
User.Read.all
User.Read.All
checkbox that appearsGroup.Read.All
No other permissions are required, you can remove all other permissions.
If you want to sync a single group instead of all users, change the "sync URL" (in your sync settings in the SpamHero control panel) to this:
https://graph.microsoft.com/v1.0/groups/GROUP_ID_HERE/members?$select=displayName,mail,proxyAddresses,otherMails
Replacing GROUP_ID_HERE
with the ID of the group you want to sync.
If you set the "Quarantine user sync url" to this (after checking the "Automatically create quarantine logins" and "Use a separate sync URL to..." checkboxes), you can also use this endpoint to sync only a single group to make quarantine users, while still syncing all found users as email recipients.