Providing Service Accounts Access to Mailboxes in Exchange Online(Through Azure Active Directory)

Applies to: Office 365 with Exchange, User Mailbox

In an Office 365 with Exchange environment, you must configure the following service accounts to discover, archive, cleanup and restore data.

  • Exchange Online Service Account
  • Local System Account (Windows user)

Before You Begin

The Office 365 with Exchange (Exchange Online) Administrator Account must have the following service accounts configured:

  • Exchange Online Service Account, which must meet the following requirements:
    • Must be an online mailbox.
  • Local System Account (Windows user), which must meet the following requirements:
    • Must be a member of the Local Administrator Group.


  1. Open Windows PowerShell and create a remote PowerShell session to Office 365 with Exchange.
  2. To assign impersonation and view-only recipient permissions, type the following command:

    New-RoleGroup -Name "ExchangeonlinebackupGrp" -Roles "ApplicationImpersonation", "View-Only Recipients" -Members user1


    • ExchangeonlinebackupGrp is a unique name of the new role group.
    • user1 is service account.

Last modified: 8/9/2018 5:11:07 PM