Overview
For Archiver to sync items from Microsoft 365 (previously known as Microsoft Office 365) using EWS (Exchange Web Services) specific permissions are required. This article shares the process for setting necessary permissions.
Solution
Follow these steps to set the permissions:
- Open a Power Shell with the Azure module
- If not installed, please refer to Azure Active Directory Cmdlets or use "
Import-Module MSOnline
" cmdlet to Connect to Microsoft 365 with PowerShell for installing.
- If not installed, please refer to Azure Active Directory Cmdlets or use "
- Execute the following commands with the user information (highlighted in the code block below in bold) to set permissions:
Replace the user's email address with the real email address.
Set-ExecutionPolicy RemoteSigned
$O365Cred = Get-Credential
$O365Session = New-PSSession –ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $O365Cred -Authentication Basic -AllowRedirection
Import-PSSession $O365Session
Connect-MsolService –Credential $O365Cred
Enable-OrganizationCustomization
New-ManagementScope -name "MAUMPolling" -recipientrestrictionfilter {recipienttype -eq "UserMailbox"}
New-ManagementRoleAssignment -name "MAUMPollingRA" -role:applicationimpersonation -user "administrator@mydomain.com" -customrecipientwritescope "MAUMpolling"-
If the Connect-MsolService –Credential $O365Cred command does not work please use the following method to update the ManagementRoleAssignment
Set-ExecutionPolicy RemoteSigned
Install-Module -Name ExchangeOnlineManagement -Scope CurrentUser
Import-Module -Name ExchangeOnlineManagement
Connect-ExchangeOnline
Enable-OrganizationCustomization
New-ManagementScope -name "MAUMPolling" -recipientrestrictionfilter {recipienttype -eq "UserMailbox"}
New-ManagementRoleAssignment -name "MAUMPollingRA" -role:applicationimpersonation -user "administrator@mydomain.com" -customrecipientwritescope "MAUMpolling"
-
- Set On-premise Active Directory requirements:
- An on-premise Active Directory is required.
- Users which are to be synchronized from Microsoft 365 must be added into the local on-premise Active Directory.
- Users in Active Directory must have the MAIL fields set which must map to the email address of the corresponding user in Microsoft 365.
NOTE
If using Multi-Factor authentication additional prompts are needed to authenticate if users are receiving PSSessionOpenFailed when performing the commands.
Replace the user's email address with the real email address.
$office365UserPrincipalName = "admin@emea.contoso.com"
$PSExoPowershellModuleRoot = (Get-ChildItem -Path $env:userprofile -Filter CreateExoPSSession.ps1 -Recurse -ErrorAction SilentlyContinue -Force | Select -Last 1).DirectoryName
$ExoPowershellModule = "Microsoft.Exchange.Management.ExoPowershellModule.dll";
$ModulePath = [System.IO.Path]::Combine($PSExoPowershellModuleRoot, $ExoPowershellModule);
Import-Module $ModulePath;
$Office365PSSession = New-ExoPSSession -UserPrincipalName $office365UserPrincipalName -ConnectionUri "https://outlook.office365.com/powershell-liveid/"
Import-PSSession $Office365PSSession
Testing
After performing the steps to set the permissions, users will perform the steps outlined in Using GFI Archiver Import/Export Tool for Importing Emails from Microsoft Exchange Mailboxes to perform an Import of the mail stored in the Exchange mail store.
Related Articles
- Prerequisites for Mailbox Folder Structure Retrieval
- Setting Permissions of Microsoft Exchange Mailboxes for Using GFI Archiver Mailbox Restore Tool
- Protocols Used by Import Export Tool in GFI Archiver to Access Microsoft Exchange
- Applying Necessary User Settings for Mailbox Folder Structure Retrieval in GFI Archiver