Microsoft 365 Export

To be able to export emails to a Microsoft 365 mailbox, MailStore Server requires specific permissions on the target mailbox for an export. The more common help for exporting can be found in the article Exporting Email.

Please note: Backup strategies (a backup of the entire archive) are discussed separately in the article Backup and Restore.

Steps for setting up permissions

The PowerShell module ExchangeOnlineManagement is required to set the permission. The presence of the module can be checked with the following command. 

  • Get-Module ExchangeOnlineManagement -ListAvailable
  • If the output is empty, the module can be installed with the following command: 
    Install-Module -Name ExchangeOnlineManagement
  • If the output is not empty but the version is older than 3.8.0, the module can be updated with the following command: 
    Update-Module -Name ExchangeOnlineManagement
  • Then the module can be loaded: 
    Import-module ExchangeOnlineManagement
  • Connect with your client, use a user who has Role Management permissions: 
    Connect-ExchangeOnline -Organization <tenantID>
  • Creating the app registration also resulted in the creation of an Enterprise App with its own ObjectID in your tenant. The next step requires the Enterprise App's ObjectID (not from the original app registration) and ApplicationID. Both can be found in the Entra ID Portal at this page.
  • Now create a service principal for this Enterprise App: 
    New-ServicePrincipal -AppId <appID> -ObjectId <enterpriseAppObjectID> -DisplayName "MailStore Service Principal"
  • The service principal must now be granted permission to send emails on behalf of a user. This user's email address must later be specified as the sender in the MailStore SMTP settings:

    Important Note: All emails restored using this mailbox will also be saved as a copy in the mailbox's Sent Items folder. Therefore, we recommend using a dedicated shared mailbox that only authorized employees have access to.

  • Add-MailboxPermission -Identity "[email protected]" -User <enterpriseAppObjectID> -AccessRights FullAccess
  • Additionally, make sure that SMTP is allowed for this user: 
    Set-CASMailbox -Identity "[email protected]" -SmtpClientAuthenticationDisabled $false
  • Click the … in the Credentials section and select your Credentials.
Retrieved from "https://help.mailstore.com/en/server/index.php?title=Microsoft_365_Export&oldid=7991"