In this webinar, our experts showcase a variety of demo use cases of how different components of the...
If you're using Microsoft Exchange Online and you're setting up a server side sync or email router, you may be using the method of using one service account in your Exchange environment to use in the configuration of the email router or server side sync. This one service account would then be used for access to all other user mailboxes. In today's blog, however, we'll show you how to set permissions for an Exchange online service account for use with server side sync or email router. So let's dive in!
This steps outlined below are accomplishing this using PowerShell. Most of these steps can also be done via the web user interface of Office 365, but it's easier to automate the permissions on a large number of mailboxes with PowerShell.
1. First, connect to your Office 365 tenant via PowerShell.
2. Next, run PowerShell using the following commands to connect to your Office 365. When prompted, log in with an account that's a global administrator in your Office 365 tenant:
Import-Module MSOnline
$O365Cred = Get-Credential
$O365Session = New-PSSession –ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $O365Cred -Authentication Basic -AllowRedirection
Import-PSSession $O365Session
Connect-MsolService –Credential $O365Cred
3. Grant your service account the application impersonation role by running the following commands:
Note: This permission may sometimes take up to about an hour to take effect.
4. The service account will need "send as" permissions for any users that will be sending out emails from CRM through this setup as well as "full access" permissions for any users that will have incoming mail monitored by the email router or SSS (server side sync).
To grant "send as" permission for all existing mailboxes follow these steps:
Alternatively, if you wanted to apply permissions only to some users, simply create a text file of all the email addresses, one email address per line, and apply permissions with the commands below. First, create your text file with one email address per line and nothing else. Be sure that the email addresses are primary email address.
In this example, our file is called "emailaddresses.txt" and is saved in c:filelocation.
5. Run this command to import contents into a new variable we are calling $emails:
6. Next, to set "send as" permissions for the service account on all the mailboxes in the list follow these steps:
7. One optional step you may want is to have the password never expire for this service account (be sure to set a very strong password). This will prevent email processing from stopping when the service account's password expires. Through PowerShell, you can do this using the following command:
8. One final item to be aware of is that the "send as" and/or "full access" permissions were granted for existing mailboxes, but as new users get created in the future, the service account will need to have permissions added if the new users require incoming and/or outgoing email through CRM.
To grant these permissions for one user newuser@domain.com follow these steps:
That's all for the blog today. Want to learn more about Microsoft's wide array of services and products? Check out our information about Microsoft Office 365 and learn how you can bundle all of your cloud licenses and services by participating in our Microsoft Cloud by PowerObjects program!
Happy CRM'ing!