CloudSOC O365 Securlet - Microsoft Deprecation of Legacy O365 Mail REST API
search cancel

CloudSOC O365 Securlet - Microsoft Deprecation of Legacy O365 Mail REST API


Article ID: 246883


Updated On:


CASB Advanced Threat Protection CASB Security Premium CASB Securlet SAAS CASB Security Standard


CloudSOC uses Microsoft Outlook Mail REST API to get Outlook activities. This API lets CloudSOC read messages and attachments, view and respond to event messages.

This article from Microsoft describes the API in detail -

Microsoft has decided to deprecate this legacy API on 15 November 2022.

Consequently, Broadcom O365 Securlet Team has developed an integration with the newer version of this API - Microsoft’s Graph API.

To be able to use our O365 securlet with this API, our customers will need to deactivate / reactivate the O365 Securlet so the application can obtain required permissions to use Microsoft’s Graph API.  


To enable the new MS Graph API the O365 Securlet has to be deactivated/reactivated.

  • Customer will need to have Microsoft E5 license for the CloudSOC Securlet to be able to scan their User's messages in MS Teams or Microsoft E3 license if the customer will not use Teams Messages.

  • No existing data is purged (Keep Purge option unchecked during deactivation - highly recommended)

  • No loss of data inspection by the Securlet is expected. If using same O365 accounts, any event that take place during the reactivation will be queued and processed later after reactivation.

  • Time duration of the reactivation will vary from 15-30 minutes depending on the number of O365 accounts being reactivated. (Documenting existing settings excluded)

Preparation Steps Needed In Advance:

  • First - check O365 GA Service Accounts, Test Logins, export Sites
  1. Have MS Administrator login to each MS O365 Service Account(s) to be used during 0365 Securlet reactivation and ensure the Service Account(s) have Global Admin (GA) role in O365 - required for reactivation. Also take note of the email address(es).

  2. While still logged in to each O365 Service Account export list of Site URLs to CSV files:

  3. From Exported Sites CSV file - Create new CSV file(s) with just one Top Level Site URL for each account. No column name, no “/” after the URL – One CSV for each O365 Account.

    CSV Example:

  4. The email address you use as the user name for the administrator login on your Office 365 account must be within the primary or secondary domains listed for your CloudSOC account. Verify you can login to CloudSOC with the Sys Admin account(s).

Next save the existing O365 Securlet Config settings to be re-used later during reactivation

  1. From the CloudSOC Store | click on O365 Securlet Configuration | Office 365 Configure


  1. Take a screenshot of each O365 account configuration listed in the drop down list, and ALSO copy text in each field to notepad for easy re-entry later during Securlet reactivation


   3. Before Deactivation/Reactivation - Create a Broadcom CASB Support case to notify Support of the date you are planning to  Deactivate/Reactivate the O365 Securlet

   4. Approximately 2-3 days before O365 Securlet Deactivation/Reactivation:

  1. Check to be sure you still have the O365 Securlet Config screenshots, the notepad line by line saved values, logins, passwords, and reconfirm date/time with O365 GA Admin if one is needed.

  2. Update your open CASB Support case with confirmation of the date/time you are planning to perform deactivation/reactivation.

  3. Look for your Support Engineer’s acknowledgement in the Support Case to confirm that we know about your planned date/time, have informed our Engineering team, and they responded that they see no conflict. (Such as perhaps too many clients all on same day)

After Support confirmation Above - At planned date/time for Deactivation

  1. From the CloudSOC Store | click on O365 Securlet Configuration | Office 365 Configure

   2. Reminder: Do NOT check any box to Purge Data!

   3. If there are multiple O365 accounts, remove each account one at a time by clicking the Delete Account link until you have one account left.
        You’ll need to enter Your CASB Tenant’s Primary domain. (example shown below)

   4. Leave the Purge Data box on the left un-checked

   5. For the last O365 account, click on the Deactivate button and you’ll be required to enter the Tenant’s Primary domain again.



  1. Wait approx. 10 min to give CloudSOC time to fully deactivate the O365 Securlet before attempting to reactivate.

    Note: If you try to reactivate too quickly in rare instances you may get an error.

Steps for O365 Securlet Reactivation (after deactivation No Purge):

  1. Follow O365 Securlet Tech Doc instructions for reactivation using screenshots and your previously saved text values to re-populate each of the fields.

  • Note: During reactivation there will be a new checkbox at the bottom for "Teams Messages" option. (no new license needed for Teams Message scanning)

  • MS Teams Message Scanning Phase I enhancement adds content inspection with Notify / Alert / block capabilities - but is NOT able to perform all remediation yet.

  • Clients who already reactivated to Graph API previously between Aug 2022 and 08 Sep 2022 can submit a request for Engineering to enable "Teams-Messages" in the backend through a new CASB Support case, or by contacting their Sales SE.

    2. For importing Sharepoint "Sites"  using the O365 Admin's Username and Password often fails. Copy/Paste in the CSV file saved during Preparation Step #3 above.


    2. Screenshot and link below to the O365 Securlet Tech Doc section for adding additional O365 Accounts if needed


  • Use your saved screenshots and saved text for the fields from additional O365 Accounts to re-populate and reactivate each one.


If you have further questions please engage with CASB Support through your existing or new CASB Support Case for this activity.