MS Outlook

Connecting MS Outlook to LightBeam

Overview

LightBeam Spectra users can connect various data sources to the LightBeam application and these data sources will be continuously monitored for PII, PHI data.

Example: MS Outlook, Gmail, Slack, etc.

Scanning Behavior

LightBeam’s Outlook scanning operates in two modes:

Default Mode

Scans only the “Sent Items” folder by default for Outlook datasource.
Active by default

Inbox Scanning Mode

Controlled by an environment variable.
Disabled by default.
When enabled:
- Scans all folders except “Deleted Items.”
- Includes inbox, sent items, and other user folders.

Technical Implementation

Scanning begins automatically after data source configuration.
Inbox scanning requires environment variable configuration.
Users can be included or excluded from scanning at any time.
Inbox Scanning Mode can be enabled/disabled per datasource, with flexible user configuration options post-setup.

Connecting Outlook Data Source

Log in to your LightBeam Instance.
Click on DATASOURCES on the Top Navigation Bar.
Click on Add a Data Source.

Search for “Outlook”.

Click on Outlook.

Fill in the details as shown below and click on Next:

Basic Information

Data Source Name: This is the unique name given to the data source.
Description: This is an optional field needed to describe the use of this data source.
Primary Owner: Email address of the person responsible for this data source which will get alerts by default.
Entity Creation: LightBeam Spectra detects and associates attributes based on the context and identifies whose data it is; these are called entities. Example: Jane Doe is an entity for whom LightBeam Spectra might have detected Name and SSN in a monitored data source.
Source of Truth: LightBeam Spectra would have monitored data sources that contain data acting as a single point of truth and that can be used for looking up entities/attributes which help to identify if the other attributes/entities found in any other data source are accurate or not. A Source of Truth data set would create entities based on the attributes found in the data.
Location: The location of the data source.
Purpose: The purpose of the data being collected/processed.
Stage: The stage of the data source. Example: Source, Processing, Archival, etc.

Datasource Configuration

Provide the credentials as shown below and click on Test Connection.

Connection Details

Client Id: It refers to the unique identifier assigned to the Azure portal application that is used for integrating LightBeam with the Outlook data source. It is generated when you register an application in the Azure portal.
Client Secret Value: It is a confidential key or password associated with the Azure portal application. It is used to authenticate and authorize the application when accessing Outlook resources. The Client Secret Value is generated when you create a new client secret value in the Azure portal.
Scan Data: It refers to a configuration setting that determines the frequency at which the data from the Outlook data source is scanned or updated. In this case, it is mentioned as "10 Minutes", indicating that the data will be scanned or updated every 10 minutes.
Tenant Id: It is a unique identifier assigned to the Azure Active Directory (AAD) tenant associated with the organization. It represents the organization's directory or identity store in Azure AD. The Tenant Id is obtained from the Azure portal.
Status: It indicates if the current state of the integration between LightBeam and the Outlook data source is currently active or inactive.

Verify that you get the message “Connection Success!”. Click on Next.
In this step, you can choose :
1. Domain which you want to scan for: This is optional field where you specify the domain name which you want to scan from total detected domains.
2. Scan selected members and groups: Email address of members and groups which you want include or exclude from scanning.

i) All members and groups

ii) Selected members and grou

To choose option (i), select All members and groups, and click on Save.

Under EXCLUSION LIST FOR SCANNING, you can enter the email addresses of the members and groups you would like to exclude from the scan.

To choose option (ii), select Selected members and groups. Now enter the email address(es) of the member(s) and group(s) that you would like to include for scanning in the Search box individually.

Select the inputs by ticking the checkboxes next to them.

Click on Save.

Now we are ready to browse through the onboarded Outlook datasource dashboard.

Note: To get the Outlook data source details please check Appendix

Inbox and Sent Mail Scanning

LightBeam Spectra now scans both inbox and sent mailboxes for a comprehensive analysis of email data. This enhancement provides a more complete picture of PII and PHI data flow within your organization.

2.1 Dashboard Updates

The dashboard now displays separate counters for sent and received emails containing sensitive information. This allows for a quick overview of potential data exposure risks in both outgoing and incoming communications.

Total Email count, now shows separate counts for Sent and Received emails.

Email(s) with PII count, which on hover displays the breakdown of Sent and Received emails containing PII.

2.2 Email Tab Enhancements

The email tab has been updated to include three main sections:

Sent Emails(Individuals): This tab shows information about emails sent from your organization, including the number of emails with PII/PHI and whether they were shared with external recipients.

Received Emails(Individuals): This new tab displays information about received emails, including those from external senders that may contain sensitive information.

Received Emails(Groups): This tab provides insights into emails sent to group addresses within your organization (e.g., , ). It shows the number of PII/PHI emails for each group.

The Card view layout for each user shows PII/PHI email counts and external sharing information.

2.3 External Members Section

The external members section now provides a more comprehensive view of data sharing:

Emails Sent: Shows recipient email addresses outside your organization that received emails containing sensitive information.

When you click on an item in the "Emails Sent" list, it redirects to the Emails Sent tab with that particular recipient filter applied in the sent mailbox view.

Emails Received: Displays sender email addresses from outside your organization that sent emails containing sensitive information to your users.

When you click on an item in the "Emails Received" list, which shows senders, it redirects to the Inbox tab with the sender filter applied, showing received emails from that external sender.

This enhanced External Members section gives you a more detailed overview of how sensitive information is shared with or received from external parties.

Appendix

Steps to Generate Outlook Data Source Credentials

Log in to
Click on Portal.

Click on the Search box on the Top Navigation bar. Type and search for “App Registrations”.
Click on App Registrations.

Click on New Registration. Add details as shown below and click Register.

Make sure that the redirect URL is as follows:

Click on Certificates and secrets.
Click on New client secret.
Fill in the client secret details in the Description and Expires fields.
Click on Add.

Copy the Client Secret value and keep it secure for future use as you will not be able to retrieve it later.

Example: x_sWncr4m~.2lFeKlWR1pu3SgT42lg.254

Configure API Permissions.

Click API permissions -> Add a permission -> Microsoft Graph -> Application permissions -> Add following permissions

Then add the following permissions:

Domain.Read.All
GroupMember.Read.All
Mail.Read
Mail.ReadBasic
Mail.ReadBasic.All
User.Read
User.Read.All

Once permissions are added, click on Grant admin consent for “Lightbeam.ai.”

Now, your application is ready to register.

NOTE: You should be an admin user to approve the permissions. If you’re not an admin user, take admin access or contact the administrator.

Click on Overview and get the Application Client Id and the Directory Tenant Id.

With this, we have all the required configuration parameters like Client ID, Client Secret, Tenant ID, and Delegated credentials (User Email ID) to onboard the Outlook data source to LightBeam.

This is the request body for the OneDrive registration. Replace Tenant ID, Client ID and Client Secret Key with the appropriate values.

{
"Configuration": {
"name": "Outlook",
"location": "India",
"datasourceType": "Outlook",
"microsoftOfficeConfig": {
"clientId": "CLIENT_ID",
"clientSecret": "CLIENT_SECRET",
"tenantId": "TENANT_ID",
"accountType": "organization",
"delegatedCredential": "EMAIL_ID"
}
}
}

Here, delegatedCredential is the email of a logged-in user who has created the Application/Admin Owner.

Success Tip: We recommend creating a dedicated Azure portal application specifically for integrating LightBeam with the Outlook data source. This application should be exclusively used for this purpose and not shared or repurposed for any other clients or applications. By doing so, you ensure secure and efficient access control, as well as maintain proper management of the LightBeam-Outlook connection.

About LightBeam

LightBeam automates Privacy, Security, and AI Governance, so businesses can accelerate their growth in new markets. Leveraging generative AI, LightBeam has rapidly gained customers’ trust by pioneering a unique privacy-centric and automation-first approach to security. Unlike siloed solutions, LightBeam ties together sensitive data cataloging, control, and compliance across structured and unstructured data applications providing 360-visibility, redaction, self-service DSRs, and automated ROPA reporting ensuring ultimate protection against ransomware and accidental exposures while meeting data privacy obligations efficiently. LightBeam is on a mission to create a secure privacy-first world helping customers automate compliance against a patchwork of existing and emerging regulations.

For any questions or suggestions, please get in touch with us at: .

PreviousMS Teams NextDeveloper Tools

Last updated 3 months ago