How to Connect the Microsoft DMI Integration
The guide explains how to connect the Microsoft Direct Message Injection (DMI) integration using the Graph API by requiring Global Admin access, navigating through the Phin platform to grant Microsoft permissions, enabling automated allowlisting for email delivery, testing the integration with phishing emails, and notes that disconnecting is restricted if DMI-only phishing templates are active, while also highlighting that enabling Microsoft DMI unlocks premium phishing templates and that the integration persists if the connecting admin retains Global Administrator rights.
Configure the Microsoft Direct Message Injection Integration Using Graph API
You will need Global Admin access for the client if you wish to connect to the Graph API Mail Delivery.
In addition to Microsoft DMI, it is recommended to enable allowlisting to ensure all email types deliver to their expected recipients. The Microsoft Automated Allowlisting integration is available to make this process quick and easy.
Connecting the Microsoft DMI Integration
- 1.Navigate to the Integrations page in the left-hand sidebar of your client's homepage.
- 2.Click into the Microsoft DMI tile and review the Microsoft permissions required.
- 3.Click Continue to Microsoft to begin the connection process.
- 4.You will be redirected from Phin to the Microsoft portal to give consent for the required permissions.
- 5.Once consent is given, you will be redirected back to Phin. A loading screen will appear as the integration finishes making the connection.
- 6.Once connected, you can send a test email to see if a test phishing email makes it into your inbox.
- 7.You can return to the Microsoft DMI page at any time and disable it by clicking Disconnect.
The only time you won't be able to disconnect the Microsoft DMI is if DMI-only phishing simulation templates are being used in a phishing campaign. These need to be removed from the campaign prior to disconnecting.
Enabling the Microsoft DMI also unlocks all Premium phishing templates. Those marked "DMI Only" are branded premium templates that can only be used if either the Microsoft DMI or Google DMI are enabled.
If either of the Microsoft or Google DMI solutions are not enabled (or are disabled after being enabled), all phishing simulation and training messages will be sent via SMTP.
If someone is added as an admin to Phin, connects this integration, and then is removed from Phin, the integration will continue to work as long as the admin has the "Global Administrator" role.
Enable a Custom Email Domain
Before adding a custom domain to Phin, ensure any third-party tools (Mimecast, INKY, Ironscales, etc.) have the domain included in their allowlist.
Enabling a custom domain will apply this change to training-related emails, reminders, and welcome emails.
If Microsoft DMI is enabled for a company, that company can receive training reminder emails from a custom domain of your choice.
- To enable a single custom domain across all companies utilizing Microsoft DMI (or Google DMI), go to Branding > Additional Email Customization at the partner level and set a custom domain.
- To enable a unique custom domain per company (e.g., training@acme.com for a company named Acme), go to Branding > Additional Email Customization at the company level and set a custom domain. If the field is disabled and says "noreply@phinsecurity.com" that means that neither DMI integration is enabled.