30-Second Setup
No MX changes. No DNS records. No client software. Grant API consent and configure your risk policy — that's it.
Go to Azure Portal → Azure Active Directory → Enterprise Applications → New Application. Search for 'IntegrityLayer' in the gallery, or use 'Create your own application' and enter the App ID provided in your MSP dashboard.
Navigate to the app's API Permissions blade. Click 'Grant admin consent for [your tenant]'. This grants the required Graph API scopes across all mailboxes in the tenant. See /docs/api-scopes for the full permission list.
Under Certificates & Secrets, create a new client secret. Copy the Tenant ID and Client Secret — you'll paste these into the IntegrityLayer MSP Dashboard when adding this client.
# In IntegrityLayer dashboard MSP Portal → Clients → Add Client → Microsoft 365 Paste: tenant_id, client_secret Set: risk_threshold, fail_mode, mfa_type
# Send a test email Subject: 'please wire $500 to routing number 021000021' From: any mailbox in the tenant Expected: Quarantine within 500ms, MFA challenge sent
Go to admin.google.com → Apps → Google Workspace Marketplace Apps → Search for 'IntegrityLayer'. Click Install and grant domain-wide installation.
IntegrityLayer automatically registers a Gmail Push Notification subscription via the API. You'll see a confirmation in your MSP dashboard within 60 seconds of installation.
# In IntegrityLayer dashboard MSP Portal → Clients → Add Client → Google Workspace Paste: domain, service_account_key (JSON) Set: risk_threshold, fail_mode, mfa_type
# Send a test email Subject: 'change payroll routing number to 021000021' From: any @yourdomain.com address Expected: Quarantine within 500ms, MFA challenge sent