Applies to: Office 365 with Exchange, User Mailbox
Before you set up Exchange Mailbox in the Command Center, you must assign permissions to online service accounts or applications.
If you are using basic authentication, you must complete the following prerequisite tasks:
In an Office 365 with Exchange environment, you must configure the following service accounts to discover, archive, cleanup and restore data for user mailboxes, group mailboxes and all public folders.
Local System Account (Windows user) is required when more than one access node is used.
Run Application Check Readiness for the Exchange Mailbox Client
Note:
Azure tenants with default security enabled are not supported as the default security setting does not permit configuration of MFA App password for service accounts.
If you are using modern authentication, you must complete the following prerequisite tasks:
When you upgrade to Feature Release 20, if you move from basic authentication to modern authentication and you are using a manually created app, you must have the Group.Write.All permission under Microsoft Graph and the full_access_as_app permission under Under Supported Legacy API in the Azure portal.
When you upgrade to Feature Release 20, if you move from basic authentication to modern authentication and you are using an automatically created app, select Authorized App under Connection in the Exchange Settings page so that the required permissions are added automatically.
Note:
Modern authentication requires only one service account. The service account can be an unlicensed Exchange admin user.
Azure tenants with default security enabled are not supported as the default security setting does not permit configuration of MFA App password for service accounts.
If you choose Express Configuration, by providing global admin credentials, Azure apps and unlicensed Exchange admin user is auto created.
Restoring Messages to PST and MSG Files
If you restore messages as PST or msg files using Office 365 with Exchange, you must install Microsoft Outlook on the access node that is the restore destination. In this case, the Microsoft Outlook license is not required.