Overview

For Archiver to sync items from Microsoft 365 (previously known as Microsoft Office 365) using EWS (Exchange Web Services) specific permissions are required. This article shares the process for setting necessary permissions.

 

Solution

Follow these steps to set the permissions:

1. Open a Power Shell with the Azure module
   • If not installed, please refer to Azure Active Directory Cmdlets or use "Import-Module MSOnline" cmdlet to Connect to Microsoft 365 with PowerShell for installing.
     
     
2. Execute the following commands with the user information (highlighted in the code block below in bold) to set permissions:
   Replace the user's email address with the real email address.
   

   Set-ExecutionPolicy RemoteSigned
   
   $O365Cred = Get-Credential
   $O365Session = New-PSSession –ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $O365Cred -Authentication Basic -AllowRedirection
   
   Import-PSSession $O365Session
   Connect-MsolService –Credential $O365Cred
   Enable-OrganizationCustomization
   
   New-ManagementScope -name "MAUMPolling" -recipientrestrictionfilter {recipienttype -eq "UserMailbox"}
   New-ManagementRoleAssignment -name "MAUMPollingRA" -role:applicationimpersonation -user "administrator@mydomain.com" -customrecipientwritescope "MAUMpolling"

   • If the Connect-MsolService –Credential $O365Cred command does not work please use the following method to update the ManagementRoleAssignment

     Set-ExecutionPolicy RemoteSigned
     
     Install-Module -Name ExchangeOnlineManagement -Scope CurrentUser
     Import-Module -Name ExchangeOnlineManagement
     Connect-ExchangeOnline
     Enable-OrganizationCustomization
     
     New-ManagementScope -name "MAUMPolling" -recipientrestrictionfilter {recipienttype -eq "UserMailbox"}
     New-ManagementRoleAssignment -name "MAUMPollingRA" -role:applicationimpersonation -user "administrator@mydomain.com" -customrecipientwritescope "MAUMpolling"

3. Set On-premise Active Directory requirements:
   • An on-premise Active Directory is required.
   • Users which are to be synchronized from Microsoft 365 must be added into the local on-premise Active Directory.
   • Users in Active Directory must have the MAIL fields set which must map to the email address of the corresponding user in Microsoft 365.

 

NOTE 

If using Multi-Factor authentication additional prompts are needed to authenticate if users are receiving PSSessionOpenFailed when performing the commands. 

Replace the user's email address with the real email address.

$office365UserPrincipalName = "admin@emea.contoso.com" 
$PSExoPowershellModuleRoot = (Get-ChildItem -Path $env:userprofile -Filter CreateExoPSSession.ps1 -Recurse -ErrorAction SilentlyContinue -Force | Select -Last 1).DirectoryName 
$ExoPowershellModule = "Microsoft.Exchange.Management.ExoPowershellModule.dll"; 
$ModulePath = [System.IO.Path]::Combine($PSExoPowershellModuleRoot, $ExoPowershellModule);

Import-Module $ModulePath;

$Office365PSSession = New-ExoPSSession -UserPrincipalName $office365UserPrincipalName -ConnectionUri "https://outlook.office365.com/powershell-liveid/"

Import-PSSession $Office365PSSession

Testing

After performing the steps to set the permissions, users will perform the steps outlined in Using GFI Archiver Import/Export Tool for Importing Emails from Microsoft Exchange Mailboxes to perform an Import of the mail stored in the Exchange mail store. 

 

Related Articles

• Prerequisites for Mailbox Folder Structure Retrieval
• Setting Permissions of Microsoft Exchange Mailboxes for Using GFI Archiver Mailbox Restore Tool
• Protocols Used by Import Export Tool in GFI Archiver to Access Microsoft Exchange
• Applying Necessary User Settings for Mailbox Folder Structure Retrieval in GFI Archiver