Skip to main content
Version: 2.18.0

Enabling the Outlook email banner via Helm

The email banner is an optional feature for Outlook monitoring. Halo will sanitize email attachments regardless of whether the banner is configured. When enabled, Storage Monitor will:

  • mount an Exchange Online certificate from the cdrplatform-secrets secret using the key exchange-online-cert
  • set EXCHANGEONLINE__CertificatePath=/mnt/exchange/exchange-certificate.pfx
  • use EXCHANGEONLINE__AppId and EXCHANGEONLINE__Organization from chart configuration
  • create the Exchange Online distribution group and transport rule on startup
  • keep the distribution group synchronized with Outlook monitors in the background

Prerequisites

  • You have Outlook monitoring already configured for the service
  • You have registered your application with Microsoft Entra ID with the required Exchange Online permissions
  • You have a .pfx certificate with private key for the Exchange Online app registration — see Setup Exchange Online for the Outlook banner for certificate creation instructions
  • You know the Exchange Online app registration AppId
  • You know the Exchange Online Organization value, for example glasswall.com
  • You have version 2.4.0+ of the cdrplatform-storage-monitor Helm chart

Deployment

Add the certificate to the existing cdrplatform-secrets secret in the target namespace:

kubectl -n cdrplatform patch secret cdrplatform-secrets \
  --type merge \
  -p "{\"data\":{\"exchange-online-cert\":\"$(base64 -w0 < exchange-certificate.pfx)\"}}"

Then deploy or upgrade the chart:

helm upgrade --install cdrplatform-storage-monitor cdrplatform-storage-monitor -n cdrplatform \
    --set image.tag="178428" \
    --set image.registry="glasswallhub.azurecr.io" \
    --set image.pullPolicy=IfNotPresent \
    --set cloud_provider=local \
    --set ingress.tls.enabled=true \
    --set ingress.tls.domain=${domain_name} \
    --set ingress.tls.secretName=tls-secret \
    --set deployment.replicaCount=1 \
    --set configuration.DATABASE__Provider="mongo" \
    --set configuration.GRAPHAPI__TenantName="${storage_monitor_tenant_name}" \
    --set configuration.WEBHOOKS__CallbackBaseAddress="https://${domain_name}" \
    --set secretsFromRef[0].DATABASE__ConnectionString.secretName="mongodb-cdrplatform-cdrp-user" \
    --set secretsFromRef[0].DATABASE__ConnectionString.key="connectionString.standard" \
    --set configuration.ENABLE_OUTLOOK_BANNER=true \
    --set configuration.EXCHANGEONLINE__AppId="<exchange-online-app-id>" \
    --set configuration.EXCHANGEONLINE__Organization="<tenant>"
    -f cdrplatform-storage-monitor/values.yaml \
    --atomic

Notes

  • To disable the feature again, set ENABLE_OUTLOOK_BANNER back to false and redeploy through Helm.
Last updated on