Before you install the Exchange package, make sure that your on-premises environment meets the prerequisites.
Assigning Permissions to On-Premises Service Accounts
-
Assign full access to service accounts
The service account must have full access rights to all the mailboxes on the server.
-
If you locate the agent on an off-host access node, the service account must be in the Local Administrator Group on the access node server.
Assigning Permissions to Online Service Accounts
If you are using basic authentication, you must perform the following prerequisite tasks:
Note
-
Multi-Factor Authentication (MFA) is supported only when the App password is set for the service account in the Azure portal.
-
Azure tenants with default security enabled are not supported as the default security setting does not permit configuration of MFA App password for service accounts.
If you are using modern authentication, you must perform the following prerequisite tasks:
-
Configuring Support for Office 365 with Exchange in China or Germany
-
When you upgrade to Feature Release 20, if you move from basic authentication to modern authentication and you are using a manually created app, you must have the Group.Write.All permission under Microsoft Graph and the full_access_as_app permission under Under Supported Legacy API in the Azure portal.
Note
-
Modern authentication requires only one service account. The service account can be an unlicensed Exchange admin user.
-
Azure tenants with default security enabled are not supported as the default security setting does not permit configuration of MFA App password for service accounts.