Creating a Microsoft Exchange Service Account
If you use Microsoft Exchange, Exchange Online or Office 365, you must create an Exchange Service Account before deploying ARCHIVE. You must know the UPN and Exchange alias for this account, and ensure that this account, and the archive servers are in an organizational unit (OU) which will exempt them from GPOs and password policy changes.
IMPORTANT
The service account must have an active mailbox in order for address book syncing (presented in a different step) to function correctly.
The service account must have an active mailbox in order for address book syncing (presented in a different step) to function correctly.
How to create an exchange service account
For more information about IPRO's Exchange Service Account security management—see FAQ Exchange Service Account.
- Log into the Exchange Administration Console (EAC). An Administrator account is required.
- From the left-hand panel, select Roles> Admin Roles.
- Click Add role group.
- In the Set up the basics section, do the following:
- Give the custom role an appropriate Name.
- Add a Description specifying what permissions the members of this role group will have. Include that this custom role group should not be deleted.
- Leave Write Scope at the Default setting.
- Click Next.
- In the Add permissions section, individually select the following:
- Address Lists
- Application Impersonation
- Distribution Groups
- Journaling
- Mailbox Import Export
- Mailbox Search
- Transport Rules
- Click Next.
- In the Assign admins section, select the Exchange Service Account previously created. Enter it in the Members field.
- Click Next.
- In the Review role group and finish section, double-check all. When ready, click Add Role Group.
- Disable Multi-Factor Authentication (MFA) in the Exchange account you just created for deployment.
IMPORTANT
Do not disable MFA for all Exchange accounts.
Do not disable MFA for all Exchange accounts.