Difference between revisions of "Exchange Module Office365"
| Line 1: | Line 1: | ||
| − | |||
| − | |||
Office 365 is Microsoft's cloud solution. It moves all the hard stuff to Microsoft and all you have to do is add users and call them when there is a problem. Retain lets you make sure you have a copy of your data where they can't lose it. | Office 365 is Microsoft's cloud solution. It moves all the hard stuff to Microsoft and all you have to do is add users and call them when there is a problem. Retain lets you make sure you have a copy of your data where they can't lose it. | ||
| + | |||
| + | ==[[O365_Setup]]== | ||
[http://support.gwava.com/kb/?View=entry&EntryID=2437 Setting up Retain with Office 365] | [http://support.gwava.com/kb/?View=entry&EntryID=2437 Setting up Retain with Office 365] | ||
| Line 7: | Line 7: | ||
[http://support.gwava.com/kb/?View=entry&EntryID=2484 O365: How Retain Authenticates Users] | [http://support.gwava.com/kb/?View=entry&EntryID=2484 O365: How Retain Authenticates Users] | ||
| − | |||
| + | ==Exchange Module Office365 Basics== | ||
O365 is a little different from On-Premise as it needs two users: | O365 is a little different from On-Premise as it needs two users: | ||
*A user with Global Administrator rights for getting the user and group list via the sync365 script | *A user with Global Administrator rights for getting the user and group list via the sync365 script | ||
Revision as of 20:36, 1 April 2015
Office 365 is Microsoft's cloud solution. It moves all the hard stuff to Microsoft and all you have to do is add users and call them when there is a problem. Retain lets you make sure you have a copy of your data where they can't lose it.
Contents |
O365_Setup
Setting up Retain with Office 365
O365: How Retain Authenticates Users
Exchange Module Office365 Basics
O365 is a little different from On-Premise as it needs two users:
- A user with Global Administrator rights for getting the user and group list via the sync365 script
- A normal user with Application Impersonation rights to collect the messages via Retain which we will refer to as the Impersonation User
Note: These accounts are based in O365 only. This is important if you are running a hybrid with On-Premise Active Directory and O365.
Administrator User
You may want to have a separate administrator user just for Retain to use for the sync365.ps1 powerscript.
- This requires Global Administrator rights.
Microsoft has a technical article on how to create an additional admin user. [1]
Impersonation User
This is just like the normal Retain Impersonation User and is setup up as an ordinary default mailbox user in the Exchange Admin Center.
Create a Normal Exchange user and make sure to give it Application Impersonation rights.
- Log into the Office 365 admin center as the Administrator user.
Creating a User for Retain
- Select Users/Active Users
- Click the Plus sign to create a new user mailbox.
- Fill in the appropriate information.
- Give it a simple name like RetainWorker, and have it match the logon name.
- Press Save.
Adding Application Impersonation rights
Application Impersonation is not a default right for users so you will need to set up the permissions for that and assign them to a user. Microsoft has a technical article on how to configure the system [2]
- In the Office 365 Admin Center choose Admin (near the bottom of the left navbar or from the dropdown menu at the top right) select Exchange to go to the Exchange admin center.
- Select Permissions from the left navbar, which should take you to admin roles by default
- Click the Plus sign to create a new admin role.
- Give it a name such as "Application Impersonation" or "Message Archive" and a description such as "Used by Retain to access messages".
- Under Roles click the Plus sign to add a role.
- Select the Display Name ApplicationImpersonation, click add->, then ok.
- Under Members click the Plus sign to add a user.
- Select the retain user, click add->, then ok.
- Press save.
sync365.ps1
This script is found under tools/exchange/Office365 and needs to be modified for each system.
It needs 3 things:
- The User Principal Name (UPN) of a user with Administrator rights.
- The Password of that user.
- The Path path to where the resulting exchangeuser.csv and exchangegroups.csv files will go, there is no need of a finale backslash. This needs to end up in the ...\RetainServer\WEB-INF\cfg directory.
- NOTE: In powershell the backslashes '\' need to be escaped by another backslash '\\'. For example, C:\\Temp
- NOTE: if the path has spaces then the path needs to be quoted. For example, "C:\\Retain Program\\RetainServer\\WEB-INF\\cfg"
This requires an Administrator account user UPN and password.
Automating the Office365 sync365.ps1 script
Using a Linux-based Retain server with Office365
Troubleshooting
One of the more useful tools in this case is Microsoft's troubleshooting tool: Microsoft Remote Connectivity Analyzer
Use the admin user specified in the sync365.ps1 script and the Impersonation user. You are looking for at least one good connection.
How Retain Authenticates against O365
- Retain looks up the username from the csv file to get the full user information.
- with the given credentials it does an autodiscover call, which is an SSL secured call with the username and password provided by the user.
- if the O365 autodiscover is successful, the user has logged into Retain successfully
