Mailbox Setup¶
Mailboxes are the connection points between external email systems and the GRC-ITSM platform. Each mailbox monitors an email address for incoming messages, creates or updates tickets from those messages, and can be used as the "from" address for outgoing communications.
Navigation
Configuration > Email > Mailbox Setup on the GRC-ITSM website navigation.
The platform supports any number of mailboxes, each configured independently with its own connection settings, processing rules, and ticket creation defaults.
Connection Types¶
| Type | When to Use |
|---|---|
| Office 365 / Azure | Recommended for organizations using Microsoft 365. Connects via Azure App Registration using Microsoft Graph API with OAuth2 authentication |
| Google Mail | For organizations using Gmail or Google Workspace |
| IMAP/SMTP | For mailboxes not hosted on Microsoft 365 or Google. Uses standard IMAP for receiving and SMTP for sending |
Office 365 / Azure Configuration¶
The recommended connection method for most GRC-ITSM deployments. Requires:
| Setting | Purpose |
|---|---|
| Application (Client) ID | From the Azure App Registration |
| Directory (Tenant) ID | The Azure AD/Entra ID tenant |
| Client Secret | Generated in the Azure App Registration with a configurable expiry |
Supports both licensed mailboxes and shared mailboxes (shared mailboxes require Send As permissions to be configured).
Email Processing Methods (Azure)¶
| Method | Description |
|---|---|
| Mailbox Scan | The platform periodically polls the mailbox for new emails |
| Webhooks | Azure sends real-time notifications when new emails arrive, enabling near-instant ticket creation |
Per-Mailbox Settings¶
Each mailbox can be configured with its own defaults for how incoming emails are processed:
| Setting | Purpose |
|---|---|
| Mailbox Name | Descriptive name for the mailbox within the platform |
| Email Address | The actual email address being monitored |
| Connection Type | Office 365/Azure, Google, or IMAP/SMTP |
| Send Method | SMTP or Azure Graph API for outgoing email from this mailbox |
| Processing Method | Mailbox Scan or Webhooks (Azure only) |
| Message Group | Which set of email templates the mailbox uses for outgoing communications |
| Default Ticket Type | The ticket type created for incoming emails that don't match any specific email rules |
Team-Specific Mailboxes¶
Teams can be configured to use a specific mailbox for their outgoing communications. This means that when an agent on the Engineering team replies to a ticket, the reply comes from the Engineering team's mailbox rather than the default service desk address. This is configured per team as a mailbox override.
Inbound Log¶
Each mailbox has an Inbound Log that shows every email processed, its status, and whether it created a new ticket or updated an existing one. This is the first place to check when troubleshooting email processing issues.
If an email was not automatically processed, a manual import option is available at the bottom of the mailbox's Incoming tab.
Azure App Registration¶
For Office 365/Azure mailboxes, the Azure App Registration requires Microsoft Graph API permissions. The specific permissions depend on the processing method:
Mailbox Scan (Delegated Permissions):
- Mail.ReadWrite - read and write mailbox content
- Mail.Send - send emails
- User.Read.All - read user profiles
- Group.Read.All - read group membership
Webhook Processing (Application Permissions):
- Mail.ReadWrite - read and write mailbox content
- Mail.Send - send emails
When using webhook processing with application permissions, configure an application access policy to restrict which mailboxes the application can access.
Client Secret Expiry
Azure Client Secrets have configurable expiry dates. Set a calendar reminder to rotate the secret before it expires, otherwise email processing will stop until a new secret is configured.