Forensic Email Collector 4.0.287 Release Notes

Metaspike Software Releases
1

We’ve just released a new FEC version with a major new feature: a new enterprise authentication method! :grin:

Each time we released a new enterprise authentication method in the past, such as delegate access, impersonation, or domain-wide delegation, it opened the doors to numerous possibilities for preserving evidence from organizations. I believe this will be no different. Let’s dive in!

App-only Authentication for M365

FEC now supports App-only Authentication when targeting M365 accounts—both via Exchange Web Services (EWS) and Microsoft Graph API. In a nutshell, Microsoft defines App-only access as follows:

When an application directly accesses a resource, like Microsoft Graph, its access isn’t limited to the files or operations available to any single user. The app calls APIs directly using its own identity, and a user or app with admin rights must authorize it to access the resources. This scenario is application-only access.

You can read more about this from Microsoft here:

Here are the primary use cases for App-only Authentication in the context of FEC:

ApplicationImpersonation Role Being Retired

Microsoft announced that they are retiring the ApplicationImpersonation role in M365. Their plan is to completely remove the role after February 2025 (source). App-only Authentication will replace Impersonation in FEC when targeting M365, and you will be able to continue to perform batch acquisitions against M365 in enterprise scenarios.

Overcoming Lack of Impersonation Support in Graph API

Unlike EWS, Microsoft Graph API does not support Impersonation. App-only Authentication fills this gap and allows acquisitions via Graph API while being authenticated at the tenant level. This way, Graph API is moving one step closer to being able to replace EWS. This will also come in handy for some Graph-related new features we are planning to release in 2025. :wink:

Granular Access Control

When using App-only Authentication, you can leverage Role Based Access Control (RBAC) to achieve granular, resource-scoped access control. For instance, the target organization can provide access to only certain administrative units or mailboxes rather than the entire organization. :muscle:t2:

You can learn more about how to set things up in our new support document here:

The installer is :lock: here when you are ready!