MailStore Server Help - User contributions [en]

PowerShell API Wrapper Tutorial

2022-06-15T09:31:38Z

Bmeyn:

__NOTOC__

<div class=msnote>'''Important notice:''' The PowerShell API wrapper for the MailStore Server Administration API provided on this website is to be regarded as an example implementation of an API client. This wrapper should help system administrators and developers to quickly understand how MailStore Server Administration API calls work and how to use them in their own scripts. 
Please understand that beyond this documentation no further support for the Powershell API wrapper is provided. Unless stated otherwise, the PowerShell API wrapper as well as all related example scripts are released under the terms and conditions of the [[wikipedia:MIT_License|MIT License]].</div>

This tutorial aims to explain the usage of the [[Administration API - Using the API|Administration API]] through simple Windows PowerShell example scripts. Basic knowledge of MailStore Server, Windows and PowerShell is a necessary precondition. In order to prevent loss of data, service interruption or other problems, it is highly recommended to use a non-productive test environment for this tutorial as well as for script development in general. The {{go.mailstore.com|target{{=}}website&context{{=}}server-trial-download|30-day-trial version}} of MailStore Server is perfectly suited for this.

== Installation of Necessary Components ==
The examples demonstrated here use the MailStore PowerShell API Wrapper and are compatible with Windows PowerShell 3.0 and higher. Depending on your version of Windows it might be necessary to download and install a compatible version of PowerShell first. You can find the components necessary for this tutorial here:

* [[Media:MailStore_Server_Scripting_Tutorial.zip|MailStore PowerShell API Wrapper and tutorial example scripts]]
* [https://docs.microsoft.com/en-us/powershell/scripting/windows-powershell/wmf/overview?view=powershell-5.1 Windows Management Framework] for your Operating System which includes the PowerShell

Please take note of the system requirements and further notices for the respective version of the Windows Management Framework.

'''Important Notice:''' Installation of a Windows Management Framework on systems that require a specific version of Windows PowerShell, such as Microsoft Exchange Servers, is not supported and may lead to massive system failures and data loss.

After downloading and installing Windows PowerShell (if necessary) please unzip the MailStore PowerShell API Wrapper and the example scripts (to ''C:\MailStore Server Scripting Tutorial\PowerShell\'' by default).

Neither the MailStore PowerShell API Wrapper nor the example scripts are digitally signed, therefore execution of such scripts has to be enabled in an administrative PowerShell session using

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Set-ExecutionPolicy -ExecutionPolicy Unrestricted
</source>

== Importing the MailStore PowerShell API Wrapper ==
The MailStore PowerShell API Wrapper is implemented as a PowerShell Script Module (''MS.PS.Lib.psm1'') and can thus be imported in a PowerShell session via its manifest (''MS.PS.Lib.psd1'') by using ''Import-Module''.

Please open a PowerShell session and import the API wrapper module using this command:

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Import-Module "C:\MailStore Server Scripting Tutorial\PowerShell\API-Wrapper\MS.PS.Lib.psd1"
</source>

=== Getting Information about the MailStore PowerShell API Wrapper ===
The MailStore PowerShell API Wrapper provides several functions and variables to access the MailStore Server Administration API, following PowerShell conventions. Enter the following command to get information about these features:

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Get-Module MS.PS.Lib | fl
</source>

More detailed information is available through the module's properties. For example,

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
(Get-Module MS.PS.Lib).ExportedFunctions
</source>

returns the functions provided by the module. Via

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Get-Help *MSApi*
</source>

the MailStore PowerShell API Wrapper returns inline help for all its functions.

== Calling API Wrapper Functions ==
The following example script (''Example1.ps1'' in the tutorial package) explains the basic usage of MailStore PowerShell API Wrapper functions.

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Import-Module '..\API-Wrapper\MS.PS.Lib.psd1'
$msapiclient = New-MSApiClient -Username admin -Password admin -MailStoreServer localhost -Port 8463 -IgnoreInvalidSSLCerts
$return = Invoke-MSApiCall $msapiclient "GetServerInfo"
$return | fl
</source>

The function ''New-MSApiClient'' creates a new API client object, which is used by the ''Invoke-MSApiCall'' function for API calls. The values for ''-Username, -Password, -MailStoreServer and -Port'' used in the script are the function's defaults, only the switch ''-IgnoreInvalidSSLCerts'' has to be set if untrusted certificates are used; otherwise an error occurs.

Apart from the API client object, ''Invoke-MSApiCall'' needs an [[Administration API - Function Reference|API command]] and its parameters if applicable. The command ''[[Administration API - Function Reference#GetServerInfo|GetServerInfo]]'' in the script does not have any parameters and returns a JSON object as follows:

PS C:\MailStore Server Scripting Tutorial\PowerShell\Scripts>$return | fl
error :
token :
statusVersion : 2
statusCode : succeeded
percentProgress :
statusText :
result : @{version=9.1.0.10258; machineName=PC001}
logOutput :

If the call has succeeded, the status object's ''result'' property contains another JSON object with the data returned by the function:

PS C:\MailStore Server Scripting Tutorial\PowerShell\Scripts>$return.result | fl
version : 9.1.0.10258
machineName : PC001

=== Providing Parameters ===
For most MailStore Server Administration API commands you need to provide parameters. Of course, the MailStore PowerShell API Wrapper's ''Invoke-MSApiCall'' function can submit these parameters, as demonstrated by the following script (''Example2.ps1'' in the tutorial package):

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Import-Module '..\API-Wrapper\MS.PS.Lib.psd1'
$msapiclient = New-MSApiClient -Username admin -Password admin -MailStoreServer localhost -Port 8463 -IgnoreInvalidSSLCerts
$users = (Invoke-MSApiCall $msapiclient "GetUsers").result
foreach ($user in $users) {(Invoke-MSApiCall $msapiclient "GetUserInfo" @{userName = $user.userName}).result | fl}
</source>

The scripts lists details about the users created in MailStore Server. Because the MailStore PowerShell API Wrapper converts MailStore Server Management API responses into objects, their properties can be used directly in the script's workflow.

The API command ''[[Administration API - Function Reference#GetUserInfo|GetUserInfo]]'' used in the script requires a parameter ''userName''. The function ''Invoke-MSApiCall'' expects parameters as a hashtable, e.g. ''@{parametername1 = value1; parametername2 = value2;...}''. Parameter names are case sensitive.

First, MailStore Server's user list is requested with the API command ''[[Administration API - Function Reference#GetUserList|GetUsers]]'' which returns an array of user entries as follows:

userName : abby.hernandez
fullName : Abby Hernandez
distinguishedName : CN=Abby Hernandez,OU=tutorial,DC=example,DC=com

The script now iterates over this array using the ''userName'' property of each entry as a parameter for the API command ''[[Administration API - Function Reference#GetUserInfo|GetUserInfo]]''. For the entry listed above the result could be as follows:

userName : abby.hernandez
fullName : Abby Hernandez
distinguishedName : CN=Abby Hernandez,OU=tutorial,DC=example,DC=com
authentication : directoryServices
emailAddresses : {abby.hernandez@example.com}
pop3UserNames : {}
privileges : {login}
privilegesOnFolders : {@{folder=abby.hernandez; privileges=System.Object[]}}

As can be seen in the ''privilegesOnFolders'' property, returned objects may be nested and may also contain further objects.

=== Handling Asynchronous API Calls ===
The server may decide to execute Administration API commands asynchronously if their execution takes more time. The MailStore PowerShell API Wrapper can either wait for such [[Administration API - Using the API#Long Running Processes|asynchronously executed API commands]] to complete or run them as [http://technet.microsoft.com/en-us/library/hh847783%28v=wps.620%29.aspx PowerShell Jobs] in the background.

==== Waiting for Asynchronous API Calls to Complete ====
A script's execution can be interrupted until a PowerShell Job created by the API wrapper terminates as demonstrated by the following script (''Example3.ps1'' in the tutorial package):

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Import-Module '..\API-Wrapper\MS.PS.Lib.psd1'
$msapiclient = New-MSApiClient -Username "admin" -Password "admin" -Server "localhost" -Port 8463 -IgnoreInvalidSSLCerts
$return = Invoke-MSApiCall $msapiclient "VerifyStore" @{id = "1"}
$return | fl
</source>

By using ''Invoke-MSApiCall'' the API wrapper waits for an API command that is executed asynchronously by MailStore Server to complete and simply returns its final result.

==== Subscribing to Events Triggered by Asynchronous API Calls ====
Instead of interrupting a script's execution, the PowerShell Jobs created by the API wrapper can be reacted to while they are running in the background. These jobs trigger a PowerShell EngineEvent with each status request that the script can subscribe to in order to execute further code on each occurrence. To demonstrate this, the previous script needs to be adapted only a bit (''Example4.ps1'' in the tutorial package):

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Import-Module '..\API-Wrapper\MS.PS.Lib.psd1'
$msapiclient = New-MSApiClient -Username "admin" -Password "admin" -Server "localhost" -Port 8463 -IgnoreInvalidSSLCerts
$return = Start-MSApiCall $msapiclient "VerifyStore" @{id = "1"}
if ($return.statusCode -eq "running") {
$mssevent = Register-EngineEvent -SourceIdentifier $return.Token -Action {write-host $event.MessageData}
} else {
$return | fl
}
</source>

By using ''Start-MSApiCall'' the API wrapper runs an API command that is executed asynchronously by MailStore Server in the background and returns its first result. The script subscribes to the event that is triggered by the background job via [http://technet.microsoft.com/en-us/library/hh849967.aspx Register-EngineEvent], using the return object's ''Token'' property as ''SourceIdentifier''. By that property the event relates to the triggering PowerShell Job and thus to the server process. The ''Action'' script block is itself created as a PowerShell Job that is executed with each triggering of the event. Through the ''MessageData'' property of the ''$event'' [http://technet.microsoft.com/en-us/library/hh847768.aspx automatic variable] the script block can access the return object provided by the background job. That object contains the status of the server process:

@{error=; token=e2b7c58ff37df64e2b62bb02bde9bbfd; statusVersion=77; statusCode=running; percentProgress=95; statusText=; result=; logOutput= 1400 messages verified...}

Via these mechanisms the script can execute further tasks while monitoring the server process in the background. Execution and handling of multiple asynchronous API commands is also possible this way.

==== Cancelling Asynchronous API Calls ====
To cancel the execution of an asynchronous API command, use ''Stop-MSApiCall'' with either the token or the return object. For the example above the call would be:

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Stop-MSApiCall $MSApiclient -AsyncReturnObject $return
</source>
=== Pinning the TLS version ===

The API Wrapper supports TLS1.2, TLS1.1 and TLS1.0 connections and uses the highest version available. In case only a specific TLS version should be used, the ''SecurityProtocol'' parameter can be used. The supported values are ''Tls12'', ''Tls11'' and ''Tls''.

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Import-Module '..\API-Wrapper\MS.PS.Lib.psd1'
$msapiclient = New-MSApiClient -Username admin -Password admin -MailStoreServer localhost -Port 8463 -IgnoreInvalidSSLCerts -SecurityProtocol Tls12
</source>

PowerShell API Wrapper Tutorial

2022-06-15T09:30:52Z

Bmeyn: Reverted edits by Bmeyn (talk) to last revision by Dweuthen

__NOTOC__

<div class=msnote>'''Important notice:''' The PowerShell API wrapper for the MailStore Server Administration API provided on this website is to be regarded as an example implementation of an API client. This wrapper should help system administrators and developers to quickly understand how MailStore Server Administration API calls work and how to use them in their own scripts. 
Please understand that beyond this documentation no further support for the Powershell API wrapper is provided. Unless stated otherwise, the PowerShell API wrapper as well as all related example scripts are released under the terms and conditions of the [[wikipedia:MIT_License|MIT License]].</div>

This tutorial aims to explain the usage of the [[Administration API - Using the API|Administration API]] through simple Windows PowerShell example scripts. Basic knowledge of MailStore Server, Windows and PowerShell is a necessary precondition. In order to prevent loss of data, service interruption or other problems, it is highly recommended to use a non-productive test environment for this tutorial as well as for script development in general. The {{go.mailstore.com|target{{=}}website&context{{=}}server-trial-download|30-day-trial version}} of MailStore Server is perfectly suited for this.

== Installation of Necessary Components ==
The examples demonstrated here use the MailStore PowerShell API Wrapper and are compatible with Windows PowerShell 3.0 and higher. Depending on your version of Windows it might be necessary to download and install a compatible version of PowerShell first. You can find the components necessary for this tutorial here:

* [[Media:MailStore_Server_Scripting_Tutorial.zip|MailStore PowerShell API Wrapper and tutorial example scripts]]
* [https://docs.microsoft.com/en-us/powershell/wmf Windows Management Framework] for your Operating System which includes the PowerShell

Please take note of the system requirements and further notices for the respective version of the Windows Management Framework.

'''Important Notice:''' Installation of a Windows Management Framework on systems that require a specific version of Windows PowerShell, such as Microsoft Exchange Servers, is not supported and may lead to massive system failures and data loss.

After downloading and installing Windows PowerShell (if necessary) please unzip the MailStore PowerShell API Wrapper and the example scripts (to ''C:\MailStore Server Scripting Tutorial\PowerShell\'' by default).

Neither the MailStore PowerShell API Wrapper nor the example scripts are digitally signed, therefore execution of such scripts has to be enabled in an administrative PowerShell session using

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Set-ExecutionPolicy -ExecutionPolicy Unrestricted
</source>

== Importing the MailStore PowerShell API Wrapper ==
The MailStore PowerShell API Wrapper is implemented as a PowerShell Script Module (''MS.PS.Lib.psm1'') and can thus be imported in a PowerShell session via its manifest (''MS.PS.Lib.psd1'') by using ''Import-Module''.

Please open a PowerShell session and import the API wrapper module using this command:

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Import-Module "C:\MailStore Server Scripting Tutorial\PowerShell\API-Wrapper\MS.PS.Lib.psd1"
</source>

=== Getting Information about the MailStore PowerShell API Wrapper ===
The MailStore PowerShell API Wrapper provides several functions and variables to access the MailStore Server Administration API, following PowerShell conventions. Enter the following command to get information about these features:

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Get-Module MS.PS.Lib | fl
</source>

More detailed information is available through the module's properties. For example,

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
(Get-Module MS.PS.Lib).ExportedFunctions
</source>

returns the functions provided by the module. Via

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Get-Help *MSApi*
</source>

the MailStore PowerShell API Wrapper returns inline help for all its functions.

== Calling API Wrapper Functions ==
The following example script (''Example1.ps1'' in the tutorial package) explains the basic usage of MailStore PowerShell API Wrapper functions.

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Import-Module '..\API-Wrapper\MS.PS.Lib.psd1'
$msapiclient = New-MSApiClient -Username admin -Password admin -MailStoreServer localhost -Port 8463 -IgnoreInvalidSSLCerts
$return = Invoke-MSApiCall $msapiclient "GetServerInfo"
$return | fl
</source>

The function ''New-MSApiClient'' creates a new API client object, which is used by the ''Invoke-MSApiCall'' function for API calls. The values for ''-Username, -Password, -MailStoreServer and -Port'' used in the script are the function's defaults, only the switch ''-IgnoreInvalidSSLCerts'' has to be set if untrusted certificates are used; otherwise an error occurs.

Apart from the API client object, ''Invoke-MSApiCall'' needs an [[Administration API - Function Reference|API command]] and its parameters if applicable. The command ''[[Administration API - Function Reference#GetServerInfo|GetServerInfo]]'' in the script does not have any parameters and returns a JSON object as follows:

PS C:\MailStore Server Scripting Tutorial\PowerShell\Scripts>$return | fl
error :
token :
statusVersion : 2
statusCode : succeeded
percentProgress :
statusText :
result : @{version=9.1.0.10258; machineName=PC001}
logOutput :

If the call has succeeded, the status object's ''result'' property contains another JSON object with the data returned by the function:

PS C:\MailStore Server Scripting Tutorial\PowerShell\Scripts>$return.result | fl
version : 9.1.0.10258
machineName : PC001

=== Providing Parameters ===
For most MailStore Server Administration API commands you need to provide parameters. Of course, the MailStore PowerShell API Wrapper's ''Invoke-MSApiCall'' function can submit these parameters, as demonstrated by the following script (''Example2.ps1'' in the tutorial package):

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Import-Module '..\API-Wrapper\MS.PS.Lib.psd1'
$msapiclient = New-MSApiClient -Username admin -Password admin -MailStoreServer localhost -Port 8463 -IgnoreInvalidSSLCerts
$users = (Invoke-MSApiCall $msapiclient "GetUsers").result
foreach ($user in $users) {(Invoke-MSApiCall $msapiclient "GetUserInfo" @{userName = $user.userName}).result | fl}
</source>

The scripts lists details about the users created in MailStore Server. Because the MailStore PowerShell API Wrapper converts MailStore Server Management API responses into objects, their properties can be used directly in the script's workflow.

The API command ''[[Administration API - Function Reference#GetUserInfo|GetUserInfo]]'' used in the script requires a parameter ''userName''. The function ''Invoke-MSApiCall'' expects parameters as a hashtable, e.g. ''@{parametername1 = value1; parametername2 = value2;...}''. Parameter names are case sensitive.

First, MailStore Server's user list is requested with the API command ''[[Administration API - Function Reference#GetUserList|GetUsers]]'' which returns an array of user entries as follows:

userName : abby.hernandez
fullName : Abby Hernandez
distinguishedName : CN=Abby Hernandez,OU=tutorial,DC=example,DC=com

The script now iterates over this array using the ''userName'' property of each entry as a parameter for the API command ''[[Administration API - Function Reference#GetUserInfo|GetUserInfo]]''. For the entry listed above the result could be as follows:

userName : abby.hernandez
fullName : Abby Hernandez
distinguishedName : CN=Abby Hernandez,OU=tutorial,DC=example,DC=com
authentication : directoryServices
emailAddresses : {abby.hernandez@example.com}
pop3UserNames : {}
privileges : {login}
privilegesOnFolders : {@{folder=abby.hernandez; privileges=System.Object[]}}

As can be seen in the ''privilegesOnFolders'' property, returned objects may be nested and may also contain further objects.

=== Handling Asynchronous API Calls ===
The server may decide to execute Administration API commands asynchronously if their execution takes more time. The MailStore PowerShell API Wrapper can either wait for such [[Administration API - Using the API#Long Running Processes|asynchronously executed API commands]] to complete or run them as [http://technet.microsoft.com/en-us/library/hh847783%28v=wps.620%29.aspx PowerShell Jobs] in the background.

==== Waiting for Asynchronous API Calls to Complete ====
A script's execution can be interrupted until a PowerShell Job created by the API wrapper terminates as demonstrated by the following script (''Example3.ps1'' in the tutorial package):

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Import-Module '..\API-Wrapper\MS.PS.Lib.psd1'
$msapiclient = New-MSApiClient -Username "admin" -Password "admin" -Server "localhost" -Port 8463 -IgnoreInvalidSSLCerts
$return = Invoke-MSApiCall $msapiclient "VerifyStore" @{id = "1"}
$return | fl
</source>

By using ''Invoke-MSApiCall'' the API wrapper waits for an API command that is executed asynchronously by MailStore Server to complete and simply returns its final result.

==== Subscribing to Events Triggered by Asynchronous API Calls ====
Instead of interrupting a script's execution, the PowerShell Jobs created by the API wrapper can be reacted to while they are running in the background. These jobs trigger a PowerShell EngineEvent with each status request that the script can subscribe to in order to execute further code on each occurrence. To demonstrate this, the previous script needs to be adapted only a bit (''Example4.ps1'' in the tutorial package):

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Import-Module '..\API-Wrapper\MS.PS.Lib.psd1'
$msapiclient = New-MSApiClient -Username "admin" -Password "admin" -Server "localhost" -Port 8463 -IgnoreInvalidSSLCerts
$return = Start-MSApiCall $msapiclient "VerifyStore" @{id = "1"}
if ($return.statusCode -eq "running") {
$mssevent = Register-EngineEvent -SourceIdentifier $return.Token -Action {write-host $event.MessageData}
} else {
$return | fl
}
</source>

By using ''Start-MSApiCall'' the API wrapper runs an API command that is executed asynchronously by MailStore Server in the background and returns its first result. The script subscribes to the event that is triggered by the background job via [http://technet.microsoft.com/en-us/library/hh849967.aspx Register-EngineEvent], using the return object's ''Token'' property as ''SourceIdentifier''. By that property the event relates to the triggering PowerShell Job and thus to the server process. The ''Action'' script block is itself created as a PowerShell Job that is executed with each triggering of the event. Through the ''MessageData'' property of the ''$event'' [http://technet.microsoft.com/en-us/library/hh847768.aspx automatic variable] the script block can access the return object provided by the background job. That object contains the status of the server process:

@{error=; token=e2b7c58ff37df64e2b62bb02bde9bbfd; statusVersion=77; statusCode=running; percentProgress=95; statusText=; result=; logOutput= 1400 messages verified...}

Via these mechanisms the script can execute further tasks while monitoring the server process in the background. Execution and handling of multiple asynchronous API commands is also possible this way.

==== Cancelling Asynchronous API Calls ====
To cancel the execution of an asynchronous API command, use ''Stop-MSApiCall'' with either the token or the return object. For the example above the call would be:

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Stop-MSApiCall $MSApiclient -AsyncReturnObject $return
</source>
=== Pinning the TLS version ===

The API Wrapper supports TLS1.2, TLS1.1 and TLS1.0 connections and uses the highest version available. In case only a specific TLS version should be used, the ''SecurityProtocol'' parameter can be used. The supported values are ''Tls12'', ''Tls11'' and ''Tls''.

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Import-Module '..\API-Wrapper\MS.PS.Lib.psd1'
$msapiclient = New-MSApiClient -Username admin -Password admin -MailStoreServer localhost -Port 8463 -IgnoreInvalidSSLCerts -SecurityProtocol Tls12
</source>

PowerShell API Wrapper Tutorial

2022-06-15T09:29:32Z

Bmeyn: /* Installation of Necessary Components */

__NOTOC__

<div class=msnote>'''Important notice:''' The PowerShell API wrapper for the MailStore Server Administration API provided on this website is to be regarded as an example implementation of an API client. This wrapper should help system administrators and developers to quickly understand how MailStore Server Administration API calls work and how to use them in their own scripts. 
Please understand that beyond this documentation no further support for the Powershell API wrapper is provided. Unless stated otherwise, the PowerShell API wrapper as well as all related example scripts are released under the terms and conditions of the [[wikipedia:MIT_License|MIT License]].</div>

This tutorial aims to explain the usage of the [[Administration API - Using the API|Administration API]] through simple Windows PowerShell example scripts. Basic knowledge of MailStore Server, Windows and PowerShell is a necessary precondition. In order to prevent loss of data, service interruption or other problems, it is highly recommended to use a non-productive test environment for this tutorial as well as for script development in general. The {{go.mailstore.com|target{{=}}website&context{{=}}server-trial-download|30-day-trial version}} of MailStore Server is perfectly suited for this.

== Installation of Necessary Components ==
The examples demonstrated here use the MailStore PowerShell API Wrapper and are compatible with Windows PowerShell 3.0 and higher. Depending on your version of Windows it might be necessary to download and install a compatible version of PowerShell first. You can find the components necessary for this tutorial here:

* [[Media:MailStore_Server_Scripting_Tutorial.zip|MailStore PowerShell API Wrapper and tutorial example scripts]]
* [https://docs.microsoft.com/en-us/powershell/scripting/windows-powershell/wmf/overview?view=powershell-5.1] for your Operating System which includes the PowerShell

Please take note of the system requirements and further notices for the respective version of the Windows Management Framework.

'''Important Notice:''' Installation of a Windows Management Framework on systems that require a specific version of Windows PowerShell, such as Microsoft Exchange Servers, is not supported and may lead to massive system failures and data loss.

After downloading and installing Windows PowerShell (if necessary) please unzip the MailStore PowerShell API Wrapper and the example scripts (to ''C:\MailStore Server Scripting Tutorial\PowerShell\'' by default).

Neither the MailStore PowerShell API Wrapper nor the example scripts are digitally signed, therefore execution of such scripts has to be enabled in an administrative PowerShell session using

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Set-ExecutionPolicy -ExecutionPolicy Unrestricted
</source>

== Importing the MailStore PowerShell API Wrapper ==
The MailStore PowerShell API Wrapper is implemented as a PowerShell Script Module (''MS.PS.Lib.psm1'') and can thus be imported in a PowerShell session via its manifest (''MS.PS.Lib.psd1'') by using ''Import-Module''.

Please open a PowerShell session and import the API wrapper module using this command:

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Import-Module "C:\MailStore Server Scripting Tutorial\PowerShell\API-Wrapper\MS.PS.Lib.psd1"
</source>

=== Getting Information about the MailStore PowerShell API Wrapper ===
The MailStore PowerShell API Wrapper provides several functions and variables to access the MailStore Server Administration API, following PowerShell conventions. Enter the following command to get information about these features:

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Get-Module MS.PS.Lib | fl
</source>

More detailed information is available through the module's properties. For example,

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
(Get-Module MS.PS.Lib).ExportedFunctions
</source>

returns the functions provided by the module. Via

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Get-Help *MSApi*
</source>

the MailStore PowerShell API Wrapper returns inline help for all its functions.

== Calling API Wrapper Functions ==
The following example script (''Example1.ps1'' in the tutorial package) explains the basic usage of MailStore PowerShell API Wrapper functions.

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Import-Module '..\API-Wrapper\MS.PS.Lib.psd1'
$msapiclient = New-MSApiClient -Username admin -Password admin -MailStoreServer localhost -Port 8463 -IgnoreInvalidSSLCerts
$return = Invoke-MSApiCall $msapiclient "GetServerInfo"
$return | fl
</source>

The function ''New-MSApiClient'' creates a new API client object, which is used by the ''Invoke-MSApiCall'' function for API calls. The values for ''-Username, -Password, -MailStoreServer and -Port'' used in the script are the function's defaults, only the switch ''-IgnoreInvalidSSLCerts'' has to be set if untrusted certificates are used; otherwise an error occurs.

Apart from the API client object, ''Invoke-MSApiCall'' needs an [[Administration API - Function Reference|API command]] and its parameters if applicable. The command ''[[Administration API - Function Reference#GetServerInfo|GetServerInfo]]'' in the script does not have any parameters and returns a JSON object as follows:

PS C:\MailStore Server Scripting Tutorial\PowerShell\Scripts>$return | fl
error :
token :
statusVersion : 2
statusCode : succeeded
percentProgress :
statusText :
result : @{version=9.1.0.10258; machineName=PC001}
logOutput :

If the call has succeeded, the status object's ''result'' property contains another JSON object with the data returned by the function:

PS C:\MailStore Server Scripting Tutorial\PowerShell\Scripts>$return.result | fl
version : 9.1.0.10258
machineName : PC001

=== Providing Parameters ===
For most MailStore Server Administration API commands you need to provide parameters. Of course, the MailStore PowerShell API Wrapper's ''Invoke-MSApiCall'' function can submit these parameters, as demonstrated by the following script (''Example2.ps1'' in the tutorial package):

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Import-Module '..\API-Wrapper\MS.PS.Lib.psd1'
$msapiclient = New-MSApiClient -Username admin -Password admin -MailStoreServer localhost -Port 8463 -IgnoreInvalidSSLCerts
$users = (Invoke-MSApiCall $msapiclient "GetUsers").result
foreach ($user in $users) {(Invoke-MSApiCall $msapiclient "GetUserInfo" @{userName = $user.userName}).result | fl}
</source>

The scripts lists details about the users created in MailStore Server. Because the MailStore PowerShell API Wrapper converts MailStore Server Management API responses into objects, their properties can be used directly in the script's workflow.

The API command ''[[Administration API - Function Reference#GetUserInfo|GetUserInfo]]'' used in the script requires a parameter ''userName''. The function ''Invoke-MSApiCall'' expects parameters as a hashtable, e.g. ''@{parametername1 = value1; parametername2 = value2;...}''. Parameter names are case sensitive.

First, MailStore Server's user list is requested with the API command ''[[Administration API - Function Reference#GetUserList|GetUsers]]'' which returns an array of user entries as follows:

userName : abby.hernandez
fullName : Abby Hernandez
distinguishedName : CN=Abby Hernandez,OU=tutorial,DC=example,DC=com

The script now iterates over this array using the ''userName'' property of each entry as a parameter for the API command ''[[Administration API - Function Reference#GetUserInfo|GetUserInfo]]''. For the entry listed above the result could be as follows:

userName : abby.hernandez
fullName : Abby Hernandez
distinguishedName : CN=Abby Hernandez,OU=tutorial,DC=example,DC=com
authentication : directoryServices
emailAddresses : {abby.hernandez@example.com}
pop3UserNames : {}
privileges : {login}
privilegesOnFolders : {@{folder=abby.hernandez; privileges=System.Object[]}}

As can be seen in the ''privilegesOnFolders'' property, returned objects may be nested and may also contain further objects.

=== Handling Asynchronous API Calls ===
The server may decide to execute Administration API commands asynchronously if their execution takes more time. The MailStore PowerShell API Wrapper can either wait for such [[Administration API - Using the API#Long Running Processes|asynchronously executed API commands]] to complete or run them as [http://technet.microsoft.com/en-us/library/hh847783%28v=wps.620%29.aspx PowerShell Jobs] in the background.

==== Waiting for Asynchronous API Calls to Complete ====
A script's execution can be interrupted until a PowerShell Job created by the API wrapper terminates as demonstrated by the following script (''Example3.ps1'' in the tutorial package):

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Import-Module '..\API-Wrapper\MS.PS.Lib.psd1'
$msapiclient = New-MSApiClient -Username "admin" -Password "admin" -Server "localhost" -Port 8463 -IgnoreInvalidSSLCerts
$return = Invoke-MSApiCall $msapiclient "VerifyStore" @{id = "1"}
$return | fl
</source>

By using ''Invoke-MSApiCall'' the API wrapper waits for an API command that is executed asynchronously by MailStore Server to complete and simply returns its final result.

==== Subscribing to Events Triggered by Asynchronous API Calls ====
Instead of interrupting a script's execution, the PowerShell Jobs created by the API wrapper can be reacted to while they are running in the background. These jobs trigger a PowerShell EngineEvent with each status request that the script can subscribe to in order to execute further code on each occurrence. To demonstrate this, the previous script needs to be adapted only a bit (''Example4.ps1'' in the tutorial package):

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Import-Module '..\API-Wrapper\MS.PS.Lib.psd1'
$msapiclient = New-MSApiClient -Username "admin" -Password "admin" -Server "localhost" -Port 8463 -IgnoreInvalidSSLCerts
$return = Start-MSApiCall $msapiclient "VerifyStore" @{id = "1"}
if ($return.statusCode -eq "running") {
$mssevent = Register-EngineEvent -SourceIdentifier $return.Token -Action {write-host $event.MessageData}
} else {
$return | fl
}
</source>

By using ''Start-MSApiCall'' the API wrapper runs an API command that is executed asynchronously by MailStore Server in the background and returns its first result. The script subscribes to the event that is triggered by the background job via [http://technet.microsoft.com/en-us/library/hh849967.aspx Register-EngineEvent], using the return object's ''Token'' property as ''SourceIdentifier''. By that property the event relates to the triggering PowerShell Job and thus to the server process. The ''Action'' script block is itself created as a PowerShell Job that is executed with each triggering of the event. Through the ''MessageData'' property of the ''$event'' [http://technet.microsoft.com/en-us/library/hh847768.aspx automatic variable] the script block can access the return object provided by the background job. That object contains the status of the server process:

@{error=; token=e2b7c58ff37df64e2b62bb02bde9bbfd; statusVersion=77; statusCode=running; percentProgress=95; statusText=; result=; logOutput= 1400 messages verified...}

Via these mechanisms the script can execute further tasks while monitoring the server process in the background. Execution and handling of multiple asynchronous API commands is also possible this way.

==== Cancelling Asynchronous API Calls ====
To cancel the execution of an asynchronous API command, use ''Stop-MSApiCall'' with either the token or the return object. For the example above the call would be:

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Stop-MSApiCall $MSApiclient -AsyncReturnObject $return
</source>
=== Pinning the TLS version ===

The API Wrapper supports TLS1.2, TLS1.1 and TLS1.0 connections and uses the highest version available. In case only a specific TLS version should be used, the ''SecurityProtocol'' parameter can be used. The supported values are ''Tls12'', ''Tls11'' and ''Tls''.

<source lang="powershell" smart-tabs="true" toolbar="false" gutter="false">
Import-Module '..\API-Wrapper\MS.PS.Lib.psd1'
$msapiclient = New-MSApiClient -Username admin -Password admin -MailStoreServer localhost -Port 8463 -IgnoreInvalidSSLCerts -SecurityProtocol Tls12
</source>

Move Archiving Emails from Microsoft 365 - Modern Authentication

2022-06-13T15:37:53Z

Bmeyn: /* Public Folders */

{{Implementation Guide Preamble|Exchange Online / Microsoft 365|{{#ev:youtube|https://youtu.be/X0Um0cDWGg0|350|right|''Tech Tip: Microsoft 365 Archiving Profiles''}}| Our Tech Tip video shows the essential configuration steps in this article.}}
 
{{Multiline Notices|Heading=Important Notices|MailStore Server supports archiving emails from Microsoft 365 (Modern Authentication) only with the global Microsoft Cloud. National clouds such as ''Microsoft Cloud for US Government'', ''Microsoft Cloud Germany'' (operated by T-Systems) and ''Azure and Microsoft 365 operated by 21Vianet in China'' are not supported. For archiving emails from ''Office 365 Germany'' and ''Office 365 operated by 21Vianet'', please refer to the [[Synchronizing_User_Accounts_with_Microsoft_365_(Basic_Authentication)|corresponding implementation guide]].|For better readability, the terms ''Microsoft 365'' and ''Exchange Online'' are used interchangeably hereinafter instead of ''Exchange Online / Microsoft 365''.}}

== App Registration & User Synchronization ==
Before archiving Microsoft 365 mailboxes, registering MailStore Server in your Microsoft 365 tenant is required. It is also highly recommended to synchronize users in MailStore Server directly with that tenant to fetch all information that is relevant for archiving such as email addresses. The registration and synchronization procedures are described in the chapter [[Synchronizing User Accounts with Microsoft 365 (Modern Authentication)]] of the MailStore Server manual.

'''Please note:''' MailStore Server runs as a [[MailStore Server Service Configuration|Windows service]] and thus must use ''Application Permissions'' to access user mailboxes in Microsoft 365. By design, on the Microsoft identity platform, which is at the heart of Microsoft 365 authentication and authorization, this permission scope encloses the full level of privileges implied by a permission. As a consequence, once registered as described above, MailStore Server has access to all mailboxes in your Microsoft 365 tenant. Therefore, with regard to security, access to the Microsoft 365 archiving profiles in MailStore Server is limited to MailStore Server administrators.

=== Including Microsoft 365 Shared Mailboxes ===
In Microsoft 365, shared mailboxes are special mailboxes that multiple users have access to. Unlike a normal mailbox, a shared mailbox is not associated to a licensed Microsoft 365 user. For MailStore Server to create user entries for shared mailboxes, you must therefore deactivate the option ''Synchronize licensed Microsoft Exchange Online users only'' in the section [[Synchronizing User Accounts with Microsoft 365 (Modern Authentication)#User_Database_Synchronization|User Database Synchronization]]. 
After synchronization you can grant MailStore Server users access to the archive of the shared mailbox by [[Users,_Folders_and_Settings#Folder_Access_.28e.g._Access_to_the_Emails_of_Other_Users.29|assigning privileges]]. For archiving shared mailboxes, just proceed as for individual or multiple mailboxes as detailed below.

== Archiving Individual Microsoft 365 Mailboxes ==
{{Archiving Single Mailbox Preamble|Microsoft 365}}
For each mailbox, please proceed as follows:

* Log on to MailStore Client as MailStore Server administrator.
* Click on ''Archive Email''.
* From the ''Email Servers'' list in the ''Create Profile'' area of the ''Archive Email'' page, select ''Microsoft 365'' to create a new archiving profile.
* A wizard opens to assist in specifying the archiving settings. 
*; [[File:Microsoft 365 mailbox 01.png|center|347px]]
* Select ''Single Mailbox'' and click on ''OK''.
*; [[File:Microsoft 365 mailbox 02.png|center|347px]]
* Select the Microsoft 365 credentials that you have created during the registration of MailStore Server with Microsoft 365 from the ''Credentials'' drop-down list. You can also use the button (…) to access the [[Synchronizing_User_Accounts_with_Microsoft_365_(Modern_Authentication)#Creating_Credentials_in_MailStore_Server|Credential Manager]].
* In the ''Mailbox'' field, enter the primary email address of the user whose mailbox you want to archive.
* Click on ''Test'' to verify that MailStore Server can access the mailbox.
* Click on ''Next''.
* If needed, adjust the settings for the [[Email_Archiving_with_MailStore_Basics#Archiving_Specific_Folders|List of Folders to be Archived]], the [[Email_Archiving_with_MailStore_Basics#Specifying_Filter_Criteria_for_Archiving|filter]] and the [[Email_Archiving_with_MailStore_Basics#Archiving_Specific_Folders|Deletion Rules]]. By default, no emails will be deleted from the mailbox. The ''Timeout'' value only has to be adjusted in specific cases (e.g. with very slow network connections).
*; [[File:Microsoft_365_mailbox_03.png|center|347px]]
* Click on ''Next'' to continue.
* Select the archive of the user for whom the selected mailbox is to be archived. If the user does not exist yet, click on ''Create a New User…''.
*; [[File:Microsoft_365_mailbox_04.png|center|347px]]
* Click on ''Next''.
* In the last step, a name for the archiving profile can be specified. After clicking ''Finish'', the archiving profile will be listed under ''Saved Profiles'' and, if desired, can be run immediately or automatically.

More information on how to execute archiving profiles can be found under the topic [[Email Archiving with MailStore Basics]]

== Archiving Multiple Microsoft 365 Mailboxes Centrally ==
{{Archiving Multiple Mailboxes Preamble|Microsoft 365}}
Please proceed as follows:

* Log on to MailStore Client as MailStore Server administrator.
* Click on ''Archive Email''.
* From the ''Email Servers'' list in the ''Create Profile'' area of the ''Archive Email'' page, select ''Microsoft 365'' to create a new archiving profile.
* A wizard opens to assist in specifying the archiving settings. 
*; [[File:Microsoft 365 mailboxes 01.png|center|347px]]
* Select ''Multiple Mailboxes'' and click ''OK''. 
*; {{Archiving_Multiple_or_Multidrop_Note|multiple mailboxes|[[#App_Registration_.26_User_Synchronization|directory synchronization]]}}
*; [[File:Microsoft 365 mailboxes 02.png|center|347px]]
* Select the Microsoft 365 credentials that you have created during the registration of MailStore Server with Microsoft 365 from the ''Credentials'' drop-down list. You can also use the button (…) to access the [[Synchronizing_User_Accounts_with_Microsoft_365_(Modern_Authentication)#Creating_Credentials_in_MailStore_Server|Credential Manager]].
* Click on ''Next'' to continue.
*; [[File:Microsoft 365 mailboxes 03.png|center|347px]]
* If needed, adjust the settings for the [[Email_Archiving_with_MailStore_Basics#Archiving_Specific_Folders|List of Folders to be Archived]], the [[Email_Archiving_with_MailStore_Basics#Specifying_Filter_Criteria_for_Archiving|filter]] and the [[Email_Archiving_with_MailStore_Basics#Archiving_Specific_Folders|Deletion Rules]]. By default, no emails will be deleted from the mailbox. The ''Timeout'' value only has to be adjusted in specific cases (e.g. with very slow network connections). Please keep in mind that these settings apply to all mailboxes to be archived, as specified in the next step.
*; {{Archiving_Multiple_Mailboxes_Centrally_Options|Microsoft_365_mailboxes_04.png|Microsoft 365}}

== Archiving Incoming and Outgoing Emails Directly ==
{{Archiving Exchange Journal Mailbox Preamble|Exchange Online}}

=== Step 1: Setup and Configure MailStore Gateway ===
Please refer to the [https://help.mailstore.com/en/gateway/ MailStore Gateway Manual] for detailed instructions about:

* Installation and Setup of MailStore Gateway
* Logging on to MailStore Gateway's Management Console
* Creating MailStore Gateway mailboxes

After these steps, a mailbox with an individual email address (e.g. mbx-dead1234beef5678@gateway.example.com) should exist.

=== Step 2: Configure MailStore Server ===
{{Archiving MailStore Gateway Mailbox|''In- and Outbound E-Mail Automatically''|Microsoft 365 journal 01.png|Arch_MailStore_Gateway_Office365_02.png|''Microsoft 365''|TargetFolderHint=DontShow|POP3Hint=DontShow|DSLink=[[#App_Registration_.26_User_Synchronization|directory synchronization]]}}

=== Step 3: Creating a Journal Rule ===
The following steps describe how to set up journaling for your Microsoft 365 account.

* Sign in to the [https://admin.microsoft.com/ Microsoft 365 admin center] as an Exchange or Global Administrator for your Microsoft 365 tenant.
* Expand the left navigation menu by clicking ''Show all''.
* In the ''Admin centers'' section, choose ''Exchange''.
* In the ''Exchange admin center'', navigate to ''compliance management''.
* Select ''journal rules''.
* Under ''Send undeliverable journal reports to'' select an alternate journaling mailbox that receives None Delivery Reports (NDRs) for undeliverable journal reports in case the primary journal mailbox is unreachable. This mailbox must be a dedicated mailbox, any mail sent directly to this mailbox won't be journaled.
* Click on ''+ (New)''.
*:The dialog window ''new journal rule'' opens:
*:[[File:Arch_office365_journal_01.png|center|550px]]
* Enter a name for the journal rule, e.g. ''Journalling''.
* In the ''If the message is sent to or received from…'' section select whether the rule should apply to all messages or to specific users or groups.
* Under ''Journal the following messages…'', choose whether to capture all messages, internally sent messages only, or only those messages with an external sender or recipient.
* Enter the email address of the previously created MailStore Gateway mailbox in the ''Send journal reports to:'' box.
* Click on ''Save'' to activate the rule.

== Public Folders ==
{{Archiving Exchange Public Folders Preamble|Exchange Online|Microsoft 365}}
* Sign in to the [https://admin.microsoft.com/ Microsoft 365 admin center] as an Exchange or Global Administrator for your Microsoft 365 tenant.
* Expand the left navigation menu by clicking ''Show all''.
* In the ''Admin centers'' section, choose ''Exchange''.
* In the ''Exchange admin center'', navigate to ''public folders''.
* Click on the ''Ellipsis (…)'' and select ''Root permissions''.
*: [[File:Microsoft_365_pf_01.png|center|480px]]
* A new browser window opens. Click on ''+ (Add)''.
* Use ''Browse'' to choose the Microsoft 365 user you want to grant permissions.
* Choose ''Custom'' as ''Permission level'' and grant ''Read items'' and ''Delete all'' permissions.
*: [[File:Arch_office365_pf_02.png|center|347px]]
* Click on ''Save''.
* Enable the option ''Apply changes to this public folder and all its subfolders.''
* Click on ''Save''.
* Click on ''Close'' after saving has been completed successfully.

=== Step 3: Setting up the Archiving Process ===
* Log on to MailStore Client as MailStore Server administrator.
* Click on ''Archive Email''.
* From the ''Email Servers'' list in the ''Create Profile'' area of the ''Archive Email'' page, select ''Microsoft 365'' to create a new archiving profile.
* A wizard opens to assist in specifying the archiving settings. 
*; [[File:Microsoft 365 pf 03.png|center|347px]]
* Select ''Public Folders'' and click on ''OK''. 
*; [[File:Microsoft 365 pf 04.png|center|347px]]
* Select the Microsoft 365 credentials that you have created during the registration of MailStore Server with Microsoft 365 from the ''Credentials'' drop-down list. You can also use the button (…) to access the [[Synchronizing_User_Accounts_with_Microsoft_365_(Modern_Authentication)#Creating_Credentials_in_MailStore_Server|Credential Manager]].
* In the ''Mailbox'' field, enter the primary email address of the user that has access to the public folders as described above.
* The value of the ''Target Folder'' box defines the top level folder below which the public folder hierarchy will be created in the target archive. Usually, you can leave this value to its default.
* Click on ''Test'' to verify that MailStore can access the public folders.
* Click on ''Next'' to continue.
*; [[File:Microsoft 365 pf 05.png|center|347px]]
* Adjust the settings for the [[Email_Archiving_with_MailStore_Basics#Archiving_Specific_Folders|List of Folders to be Archived]]. By default, all public folders that contain emails will be archived.
* If needed, adjust [[Email_Archiving_with_MailStore_Basics#Specifying_Filter_Criteria_for_Archiving|the filter]] and the [[Email_Archiving_with_MailStore_Basics#Deleting_Emails_after_Archiving|Deletion Rules]]. By default, no emails will be deleted from the public folders. The ''Timeout'' value only has to be adjusted in specific cases (e.g. with very slow network connections).
* Click on ''Next'' to continue.
*; [[File:Microsoft 365 pf 06.png|center|347px]]
* In the next step, select the archive of the user you have prepared in step 1.
* In the last step, specify a name for the archiving profile. After clicking ''Finish'' the archiving profile will be listed under ''Saved Profiles'' and can be run immediately or automatically if desired.

[[de:E-Mail-Archivierung_von_Microsoft_365_(Modern_Authentication)]]
[[en:Archiving_Emails_from_Microsoft_365_(Modern_Authentication)]]

Enhancing SSL Security

2022-05-30T12:28:37Z

Bmeyn: /* Recommended Settings */

The default configuration of most operating systems allow any set of supported ciphers and hashes to be used by applications when acting as SSL client or server. While this ensures full compatibility with other client and server applications, it does no longer match the expectation in SSL encrypted communication in regards to privacy and trust due to supporting insecure protocols, cipher suites and hash algorithms.

Therefore enhancing the security of SSL mainly consists of disabling these insecure protocols, ciphers and hashes as well as prioritize cipher suites that allow the usage of [[wikipedia:Perfect Forward Secrecy|Perfect Forward Secrecy]].

As MailStore Server relies on Windows' security support provider (SSP) called ''Secure Channel'' (also known as ''Schannel''), a number of registry keys have to be created or modified in order to disable insecure protocols, ciphers and hashes. Although Microsoft's article [https://docs.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings Transport Layer Security (TLS) registry settings] describes in detail which registry keys affect the security provider settings, it is not recommended to manually change these keys. A safer way to adjust the ''Schannel'' settings for server applications is [https://www.nartac.com/ Nartac Software's IIS Crypto] tool.

'''Important note: ''' Modifying the configuration of the security support provider (SSP) in Windows may affect general operating system functions such as authentication services and remote desktop and management capabilities or other third party applications that rely on SSP. Thus careful testing of all services is required after applying the changes. 

== Recommended Settings ==
Highest level of security can be achieved with the following settings in ''IIS Crypto'' on the MailStore Server computer.

{| class="wikitable"
| '''Protocols Enabled'''
| TLS 1.2
|-
| '''Ciphers Enabled'''
| AES 128/128 
AES 256/256
|-
| '''Hashes Enabled'''
| SHA 
SHA256 
SHA384 
SHA512 
|-
| '''Key Exchange Enabled'''
| Diffie-Hellman 
PKCS 
ECDH
|-
| '''SSL Cipher Suite Order'''
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 
|}

[[de:SSL-Sicherheit verbessern]]
[[en:Enhancing SSL Security]]

Changing Archiving from Microsoft Exchange Server to Microsoft 365

2022-04-13T11:24:47Z

Bmeyn: /* Finalizing the Migration */

{{#ev:youtube|https://youtu.be/fWm-GaUstZk|350|right|''Tech Tip: Changing Archiving from Microsoft Exchange Server to Microsoft 365''}}
This article shows the changes required in MailStore Server when switching the email environment from a local Microsoft Exchange installation to Microsoft 365.

Our Tech Tip video provides an overview. Please note that the actual steps might deviate from those shown in the video based on the current configuration.
 

== Notes and Considerations ==
As with any changes in a production environment, changing archiving in MailStore Server should be planned carefully in advance. Therefore, before implementing any changes, please take the following notes into consideration:
* It is strongly recommended to implement the modifications described in this article in a test environment first because the changes to your Exchange and MailStore Server installations may not be reverted without huge effort if at all.
* Please make sure that you have a current [[Backup_and_Restore|backup]] of your Exchange and MailStore Server installations before applying any modifications to your production environment.
* It is recommended to update MailStore Server to the latest version before applying any modifications. Please make sure that your [https://www.mailstore.com/en/products/mailstore-server/faq/ Update and Support Service contract] is valid and take heed of the [[Update_Notices_for_MailStore_Server|update notices]].
* It is assumed that MailStore Server currently runs in an Active Directory / Exchange Server environment according to the [[Archiving_Emails_from_Microsoft_Exchange|MailStore Implementation Guides for Microsoft Exchange Servers]] and shall run according to the [[Archiving_Emails_from_Microsoft_365_(Modern_Authentication)|MailStore Implementation Guide for Microsoft 365 (Modern Authentication)]] hereafter.
* The modifications to the configuration of MailStore Server should be applied in [[MailStore_Server_Service_Configuration#Controlling_the_Service|Safe Mode]] to avoid interference by background tasks or user interaction.
* Microsoft 365 does not support journal mailboxes hosted within Microsoft 365 itself. If you archive all incoming and outgoing emails with MailStore Server, you need a journal mailboxes that is hosted outside Microsoft 365. MailStore offers [https://help.mailstore.com/en/gateway/Main_Page MailStore Gateway] as a free solution that can provide journal mailboxes in your company intranet.

== Changing User Synchronization ==
As a first step, you must change the directory services that MailStore Server synchronizes its users with from ''Active Directory'' to ''Microsoft 365 (Modern Authentication)''. This is necessary because Microsoft 365 uses Azure Active Directory instead of a local Active Directory as directory service.

Initially, please run a [[Active_Directory_Integration#Running_Directory_Services_Synchronization|directory services synchronization]] in MailStore Server with the current configuration to make sure that all user data is complete and up-to-date.

== User Name Format ==
The steps required for changing the directory service depend on the [[Active_Directory_Integration#User_Database_Synchronization|user name format]] that is currently being used in MailStore Server for user synchronization with the local Active Directory.
* If you are currently using the ''SAM Account Name'' or the ''User Principal Name (Local Part)'', i.e. a "flat" user name without domain part (e.g.<code>john.doe</code>) as user name in MailStore Server, users and archive folders must be renamed in MailStore Server. In this case, please follow the steps in the next section.
* If you are already using the the full ''User Principal Name'' (''UPN'', e.g.<code>john.doe@example.com</code>) as user name in MailStore Server and
** exactly that UPN will be used to log on to Microsoft 365 in the future, you can leave the user names, archive folders and source folders in MailStore Server as is. Please continue directly with the section [[#Changing Directory Service Synchronization to Microsoft 365|Changing Directory Service Synchronization to Microsoft 365]].
** you want to change the naming scheme of the UPN (e.g. from <code>john.doe@example.com</code> to <code>jdoe@example.com</code> or from <code>jane.doe@example.com</code> to <code>jane.doe@example.org</code>) for logging on to Microsoft 365, user names, archive folders and source folders in MailStore Server need to be renamed. In this case, please follow the steps in the next section.

=== MailStore Migration Scripts ===
The modifications in the following sections rely on Windows PowerShell scripts which require Windows PowerShell 3.0 or higher.
* You can download the scripts [[Media:MailStoreServerMigrationScripts.zip|here]]; they can be found in the folder <code>migration</code> after extraction.
* To use the scripts, access to the [[Administration_API_-_Using_the_API|MailStore Administration API]] in the [[MailStore_Server_Service_Configuration#Services|MailStore Server Service Configuration]] must be enabled.

=== Renaming Users and Archives in MailStore Server ===
MailStore Server distinguishes users by user name only. For example, <code>john.doe</code> and <code>john.doe@example.com</code> are two different users from a MailStore Server perspective, requiring two user licenses. Furthermore, a user's archive is also associated by user name alone, so that, for a user named <code>john.doe</code>, MailStore always creates an archive ''(Archive) john.doe''. However, once such an archive contains archived emails, it will retain its name even if the associated user name changes.

For these reasons, user names and archive folders in MailStore Server must be equal to the user names of the directory service that MailStore Server synchronizes its users with. Because Azure Active Directory uses the full ''User Principal Name'' (''UPN'', usually the primary email address) as user name, you must rename users and archive folders if you are currently using a different user name format or want to change the ''UPN''.

For renaming users and archive folder, please proceed as follows:
* Edit the scripts <code>MSS_1_prepare_users.ps1</code> and <code>MSS_2_update_users.ps1</code> in the PowerShell ISE and adjust the values in the section ''Adjust these values according to your installation'' according to your MailStore Server installation.
* Run the script <code>MSS_1_prepare_users.ps1</code> in the PowerShell ISE with ''F5''.
* The file <code>mailstore-users.txt</code> will be created (in the folder <code>C:\Users\<Your user name>\</code> by default). It contains the current MailStore Server user names.
* Edit this file in a text editor. Change the new user names after the "=", so that the entries look like this:
*; <pre>AD user name=Microsoft 365 user name</pre> 
*; Example (with changes highlighted)
*; <code>jane.doe=jane.doe</code><code style="color: blue">@example.com</code> 
*; Please use only lower case for letters in user names. For user names that should not change (e.g. the default ''admin'' user), just leave the corresponding entries as is.
* Save the file <code>mailstore-users.txt</code> that now should contain the current and the future user names.
* Run the script <code>MSS_2_update_users.ps1</code> in the PowerShell ISE with ''F5''.
* The script now renames the users and their archive folder in MailStore Server and also updates the archive folder permissions accordingly.
* Log on as MailStore Server administrator with the MailStore Client and check the new user names and archive folders.
* If the local part of the users' email addresses (the part before the "@") has not changed, you can proceed directly with the steps in section [[#Changing Directory Service Synchronization to Microsoft 365|Changing Directory Service Synchronization to Microsoft 365]]. Otherwise the source folders may need to be renamed as described in the next section.

=== Renaming Source Folders in MailStore Server ===
The folder level below the archive folders reflects the source from which MailStore Server has archived the emails. In case of Exchange archiving, the folder name consists of the prefix ''Exchange'' and the local part of the email address (the part before the "@"), so that for the email address <code>john.doe@example.com</code> the source folder name in MailStore Server would be ''Exchange john.doe@example.com''.

Source folder names only need to be renamed if '''all''' of the following conditions and requirements are met. Otherwise you can proceed directly with the steps in section [[#Changing Directory Service Synchronization to Microsoft 365|Changing Directory Service Synchronization to Microsoft 365]].
* The local part of the email address shall be changed in course of migrating to Microsoft 365 (e.g. from <code>john.doe@example.com</code> to <code>j.doe@example.com</code>) '''and'''
* both the emails that have been archived so far from the local Exchange Server and those that will be archived from Microsoft 365 henceforth should appear in the same folder structure on source level (e.g. so far in ''Exchange john.doe'' and in ''Exchange j.doe'' after).

For renaming the source folders, please proceed as follows:
* Enable access to user archives by administrators in MailStore Server; it is disabled by default. Changing this option is described in chapter [[Compliance_General#Archive_Access|Compliance General]] of the MailStore Server manual.
* Edit the scripts <code>MSS_3_prepare_folders.ps1</code> and <code>MSS_4_update_folders.ps1</code> in the PowerShell ISE and adjust the values in the section ''Adjust these values according to your installation'' according to your MailStore Server installation.

* Run the script <code>MSS_3_prepare_folders.ps1</code> in the PowerShell ISE with ''F5''.
* The file <code>mailstore-folders.txt</code> will be created (in the folder <code>C:\Users\<Your user name>\</code> by default). It contains the full paths of the current source folders that consist of user names and the source folder names, separated by "/".
* Edit this file in a text editor. Change the new source folders after the "=", so that the entries look like this:
*; <pre>Old source folder path=new source folder path</pre> 
*; Example (with changes highlighted)
*;<code>j.doe@example.com/</code><code style="color: red">Exchange jane.doe</code><code>=j.doe@example.com/</code><code style="color: blue">Exchange j.doe</code> 
*; For source folders that should not change, just leave the corresponding entries as is.
* Save the file <code>mailstore-folders.txt</code> that now should contain the current and the future source folders.
* Run the script <code>MSS_4_update_folders.ps1</code> in the PowerShell ISE with ''F5''.
* The script now renames the source folders in MailStore Server.
* Log on as MailStore Server administrator with the MailStore Client and check the new source folders.

=== Changing Directory Service Synchronization to Microsoft 365 ===
To enable users to log on to MailStore Server with their Microsoft 365 credentials instead of their Active Directory, you must switch the directory service synchronization to ''Microsoft 365 (Modern Authentication)''. Please follow the steps in chapter [[Synchronizing User Accounts with Microsoft 365 (Modern Authentication)]] of the MailStore Server manual.
Initially, just test the synchronization using the ''Test Settings'' button. Check the directory service synchronization results, migrated users should show as ''modified''. You can also check that user authentication against Microsoft 365 works as expected.

== Changing the Archiving Profiles ==
For archiving Microsoft 365 mailboxes, MailStore Server offers dedicated Microsoft 365 archiving profiles that support modern authentication. Existing Exchange archiving profiles cannot be used for archiving Microsoft 365 mailboxes because they only support basic authentication.

=== Deactivating Existing Profiles and Jobs ===
If you run MailStore Server in [[MailStore_Server_Service_Configuration#Controlling_the_Service|Safe Mode]] as recommended before, automatic execution of archiving profiles and by jobs is disabled. To deactivate them permanently, please proceed as follows:
* Log on as MailStore Server administrator through the MailStore Client.
* Click on ''Archive E‑mail''
* Below the profiles list, enable the option ''Show Profiles of All Users''.
* Switch every Exchange archiving profile to ''Manual'' through the context menu.
* If you have configured Exchange export profiles, click on ''Export E‑mail'' in the menu tree and repeat the previous steps.
* If you have configured scheduled job for running Exchange profiles, click on ''Administrative Tools > Management API > Jobs'' and deactivate every job that run an Exchange profile through the context menu.

=== Creating new Microsoft 365 Profiles ===
Create new Microsoft 365 profiles and jobs according to the following articles. They should be set to manual initially to check their execution and results.
* For archiving Microsoft 365 mailboxes, follow the implementation guide [[Archiving_Emails_from_Microsoft_365_(Modern_Authentication)|Archiving Emails from Microsoft 365 (Modern Authentication)]].
* Creating Microsoft 365 export profiles is described in chapter [[Exporting Email]] of the MailStore Server manual.
* Once the profiles have been set up you can update existing jobs as described in chapter [[Jobs#Properties|jobs]] of the MailStore Server manual.

== Finalizing the Migration ==
To finalize the migration in MailStore Server, please proceed as follows:
* Close all MailStore Client sessions and restart the MailStore Server service.
* Log on as MailStore Server administrator again through the MailStore Client.
* In the main menu tree, go to ''Administrative Tools > Users and Archives > Archives'' and check the names of the archive folders.
* Switch to ''Archive E‑mail'' and run each Microsoft 365 archiving profile manually. If you are satisfied with the results, you can delete the old Exchange archiving profiles.
* If applicable, repeat the previous step for export profiles and jobs.
* If you have previously enabled access to user archives by administrators in MailStore Server as described in chapter [[Compliance_General#Archive_Access|Compliance General]], revert that change.
* If you have enabled ''Single-Sign-On (SSO)'' by setting the server name of the MailStore Server computer and the authentication method to ''Windows Authentication'' through group policies [[MailStore_Client_Deployment#Configuring_Policy_Settings|for the MailStore Client]] or the [[MailStore_Outlook_Add-in_Deployment|for the MailStore Outlook Add-in]], you must change the group policy setting ''Authentication'' to ''Standard Authentication''.
* During login, MailStore Server calls the default web browser to have the user log in through the Microsoft 365 login dialog; this communication is TLS-encrypted via HTTPS. Therefore, for a better user experience, it is recommended to configure a SSL certificate in MailStore Server that is trusted by the web browser. Further information can be found in the [[Using_Your_Own_SSL_Certificate|Using Your Own SSL Certificate]] article.

After finishing these tasks successfully, the migration in MailStore Server is complete.
[[de:Umstellung_der_Archivierung_von_Microsoft_Exchange_Server_auf_Microsoft_365]]
[[en:Changing_Archiving_from_Microsoft_Exchange_Server_to_Microsoft_365]]

Changing Archiving from Microsoft Exchange Server to Microsoft 365

2022-04-06T09:20:28Z

Bmeyn: /* Renaming Users and Archives in MailStore Server */

{{#ev:youtube|https://youtu.be/fWm-GaUstZk|350|right|''Tech Tip: Changing Archiving from Microsoft Exchange Server to Microsoft 365''}}
This article shows the changes required in MailStore Server when switching the email environment from a local Microsoft Exchange installation to Microsoft 365.

Our Tech Tip video provides an overview. Please note that the actual steps might deviate from those shown in the video based on the current configuration.
 

== Notes and Considerations ==
As with any changes in a production environment, changing archiving in MailStore Server should be planned carefully in advance. Therefore, before implementing any changes, please take the following notes into consideration:
* It is strongly recommended to implement the modifications described in this article in a test environment first because the changes to your Exchange and MailStore Server installations may not be reverted without huge effort if at all.
* Please make sure that you have a current [[Backup_and_Restore|backup]] of your Exchange and MailStore Server installations before applying any modifications to your production environment.
* It is recommended to update MailStore Server to the latest version before applying any modifications. Please make sure that your [https://www.mailstore.com/en/products/mailstore-server/faq/ Update and Support Service contract] is valid and take heed of the [[Update_Notices_for_MailStore_Server|update notices]].
* It is assumed that MailStore Server currently runs in an Active Directory / Exchange Server environment according to the [[Archiving_Emails_from_Microsoft_Exchange|MailStore Implementation Guides for Microsoft Exchange Servers]] and shall run according to the [[Archiving_Emails_from_Microsoft_365_(Modern_Authentication)|MailStore Implementation Guide for Microsoft 365 (Modern Authentication)]] hereafter.
* The modifications to the configuration of MailStore Server should be applied in [[MailStore_Server_Service_Configuration#Controlling_the_Service|Safe Mode]] to avoid interference by background tasks or user interaction.
* Microsoft 365 does not support journal mailboxes hosted within Microsoft 365 itself. If you archive all incoming and outgoing emails with MailStore Server, you need a journal mailboxes that is hosted outside Microsoft 365. MailStore offers [https://help.mailstore.com/en/gateway/Main_Page MailStore Gateway] as a free solution that can provide journal mailboxes in your company intranet.

== Changing User Synchronization ==
As a first step, you must change the directory services that MailStore Server synchronizes its users with from ''Active Directory'' to ''Microsoft 365 (Modern Authentication)''. This is necessary because Microsoft 365 uses Azure Active Directory instead of a local Active Directory as directory service.

Initially, please run a [[Active_Directory_Integration#Running_Directory_Services_Synchronization|directory services synchronization]] in MailStore Server with the current configuration to make sure that all user data is complete and up-to-date.

== User Name Format ==
The steps required for changing the directory service depend on the [[Active_Directory_Integration#User_Database_Synchronization|user name format]] that is currently being used in MailStore Server for user synchronization with the local Active Directory.
* If you are currently using the ''SAM Account Name'' or the ''User Principal Name (Local Part)'', i.e. a "flat" user name without domain part (e.g.<code>john.doe</code>) as user name in MailStore Server, users and archive folders must be renamed in MailStore Server. In this case, please follow the steps in the next section.
* If you are already using the the full ''User Principal Name'' (''UPN'', e.g.<code>john.doe@example.com</code>) as user name in MailStore Server and
** exactly that UPN will be used to log on to Microsoft 365 in the future, you can leave the user names, archive folders and source folders in MailStore Server as is. Please continue directly with the section [[#Changing Directory Service Synchronization to Microsoft 365|Changing Directory Service Synchronization to Microsoft 365]].
** you want to change the naming scheme of the UPN (e.g. from <code>john.doe@example.com</code> to <code>jdoe@example.com</code> or from <code>jane.doe@example.com</code> to <code>jane.doe@example.org</code>) for logging on to Microsoft 365, user names, archive folders and source folders in MailStore Server need to be renamed. In this case, please follow the steps in the next section.

=== MailStore Migration Scripts ===
The modifications in the following sections rely on Windows PowerShell scripts which require Windows PowerShell 3.0 or higher.
* You can download the scripts [[Media:MailStoreServerMigrationScripts.zip|here]]; they can be found in the folder <code>migration</code> after extraction.
* To use the scripts, access to the [[Administration_API_-_Using_the_API|MailStore Administration API]] in the [[MailStore_Server_Service_Configuration#Services|MailStore Server Service Configuration]] must be enabled.

=== Renaming Users and Archives in MailStore Server ===
MailStore Server distinguishes users by user name only. For example, <code>john.doe</code> and <code>john.doe@example.com</code> are two different users from a MailStore Server perspective, requiring two user licenses. Furthermore, a user's archive is also associated by user name alone, so that, for a user named <code>john.doe</code>, MailStore always creates an archive ''(Archive) john.doe''. However, once such an archive contains archived emails, it will retain its name even if the associated user name changes.

For these reasons, user names and archive folders in MailStore Server must be equal to the user names of the directory service that MailStore Server synchronizes its users with. Because Azure Active Directory uses the full ''User Principal Name'' (''UPN'', usually the primary email address) as user name, you must rename users and archive folders if you are currently using a different user name format or want to change the ''UPN''.

For renaming users and archive folder, please proceed as follows:
* Edit the scripts <code>MSS_1_prepare_users.ps1</code> and <code>MSS_2_update_users.ps1</code> in the PowerShell ISE and adjust the values in the section ''Adjust these values according to your installation'' according to your MailStore Server installation.
* Run the script <code>MSS_1_prepare_users.ps1</code> in the PowerShell ISE with ''F5''.
* The file <code>mailstore-users.txt</code> will be created (in the folder <code>C:\Users\<Your user name>\</code> by default). It contains the current MailStore Server user names.
* Edit this file in a text editor. Change the new user names after the "=", so that the entries look like this:
*; <pre>AD user name=Microsoft 365 user name</pre> 
*; Example (with changes highlighted)
*; <code>jane.doe=jane.doe</code><code style="color: blue">@example.com</code> 
*; Please use only lower case for letters in user names. For user names that should not change (e.g. the default ''admin'' user), just leave the corresponding entries as is.
* Save the file <code>mailstore-users.txt</code> that now should contain the current and the future user names.
* Run the script <code>MSS_2_update_users.ps1</code> in the PowerShell ISE with ''F5''.
* The script now renames the users and their archive folder in MailStore Server and also updates the archive folder permissions accordingly.
* Log on as MailStore Server administrator with the MailStore Client and check the new user names and archive folders.
* If the local part of the users' email addresses (the part before the "@") has not changed, you can proceed directly with the steps in section [[#Changing Directory Service Synchronization to Microsoft 365|Changing Directory Service Synchronization to Microsoft 365]]. Otherwise the source folders may need to be renamed as described in the next section.

=== Renaming Source Folders in MailStore Server ===
The folder level below the archive folders reflects the source from which MailStore Server has archived the emails. In case of Exchange archiving, the folder name consists of the prefix ''Exchange'' and the local part of the email address (the part before the "@"), so that for the email address <code>john.doe@example.com</code> the source folder name in MailStore Server would be ''Exchange john.doe@example.com''.

Source folder names only need to be renamed if '''all''' of the following conditions and requirements are met. Otherwise you can proceed directly with the steps in section [[#Changing Directory Service Synchronization to Microsoft 365|Changing Directory Service Synchronization to Microsoft 365]].
* The local part of the email address shall be changed in course of migrating to Microsoft 365 (e.g. from <code>john.doe@example.com</code> to <code>j.doe@example.com</code>) '''and'''
* both the emails that have been archived so far from the local Exchange Server and those that will be archived from Microsoft 365 henceforth should appear in the same folder structure on source level (e.g. so far in ''Exchange john.doe'' and in ''Exchange j.doe'' after).

For renaming the source folders, please proceed as follows:
* Enable access to user archives by administrators in MailStore Server; it is disabled by default. Changing this option is described in chapter [[Compliance_General#Archive_Access|Compliance General]] of the MailStore Server manual.
* Edit the scripts <code>MSS_3_prepare_folders.ps1</code> and <code>MSS_4_update_folders.ps1</code> in the PowerShell ISE and adjust the values in the section ''Adjust these values according to your installation'' according to your MailStore Server installation.

* Run the script <code>MSS_3_prepare_folders.ps1</code> in the PowerShell ISE with ''F5''.
* The file <code>mailstore-folders.txt</code> will be created (in the folder <code>C:\Users\<Your user name>\</code> by default). It contains the full paths of the current source folders that consist of user names and the source folder names, separated by "/".
* Edit this file in a text editor. Change the new source folders after the "=", so that the entries look like this:
*; <pre>Old source folder path=new source folder path</pre> 
*; Example (with changes highlighted)
*;<code>j.doe@example.com/</code><code style="color: red">Exchange jane.doe</code><code>=j.doe@example.com/</code><code style="color: blue">Exchange j.doe</code> 
*; For source folders that should not change, just leave the corresponding entries as is.
* Save the file <code>mailstore-folders.txt</code> that now should contain the current and the future source folders.
* Run the script <code>MSS_4_update_folders.ps1</code> in the PowerShell ISE with ''F5''.
* The script now renames the source folders in MailStore Server.
* Log on as MailStore Server administrator with the MailStore Client and check the new source folders.

=== Changing Directory Service Synchronization to Microsoft 365 ===
To enable users to log on to MailStore Server with their Microsoft 365 credentials instead of their Active Directory, you must switch the directory service synchronization to ''Microsoft 365 (Modern Authentication)''. Please follow the steps in chapter [[Synchronizing User Accounts with Microsoft 365 (Modern Authentication)]] of the MailStore Server manual.
Initially, just test the synchronization using the ''Test Settings'' button. Check the directory service synchronization results, migrated users should show as ''modified''. You can also check that user authentication against Microsoft 365 works as expected.

== Changing the Archiving Profiles ==
For archiving Microsoft 365 mailboxes, MailStore Server offers dedicated Microsoft 365 archiving profiles that support modern authentication. Existing Exchange archiving profiles cannot be used for archiving Microsoft 365 mailboxes because they only support basic authentication.

=== Deactivating Existing Profiles and Jobs ===
If you run MailStore Server in [[MailStore_Server_Service_Configuration#Controlling_the_Service|Safe Mode]] as recommended before, automatic execution of archiving profiles and by jobs is disabled. To deactivate them permanently, please proceed as follows:
* Log on as MailStore Server administrator through the MailStore Client.
* Click on ''Archive E‑mail''
* Below the profiles list, enable the option ''Show Profiles of All Users''.
* Switch every Exchange archiving profile to ''Manual'' through the context menu.
* If you have configured Exchange export profiles, click on ''Export E‑mail'' in the menu tree and repeat the previous steps.
* If you have configured scheduled job for running Exchange profiles, click on ''Administrative Tools > Management API > Jobs'' and deactivate every job that run an Exchange profile through the context menu.

=== Creating new Microsoft 365 Profiles ===
Create new Microsoft 365 profiles and jobs according to the following articles. They should be set to manual initially to check their execution and results.
* For archiving Microsoft 365 mailboxes, follow the implementation guide [[Archiving_Emails_from_Microsoft_365_(Modern_Authentication)|Archiving Emails from Microsoft 365 (Modern Authentication)]].
* Creating Microsoft 365 export profiles is described in chapter [[Exporting Email]] of the MailStore Server manual.
* Once the profiles have been set up you can update existing jobs as described in chapter [[Jobs#Properties|jobs]] of the MailStore Server manual.

== Finalizing the Migration ==
To finalize the migration in MailStore Server, please proceed as follows:
* Close all MailStore Client sessions and restart the MailStore Server service.
* Log on as MailStore Server administrator again through the MailStore Client.
* In the main menu tree, go to ''Administrative Tools > Users and Archives > Archives'' and check the names of the archive folders.
* Switch to ''Archive E‑mail'' and run each Microsoft 365 archiving profile manually. If you are satisfied with the results, you can delete the old Exchange archiving profiles.
* If applicable, repeat the previous step for export profiles and jobs.
* If you have previously enabled access to user archives by administrators in MailStore Server as described in chapter [[Compliance_General#Archive_Access|Compliance General]], revert that change.
* If you have enabled ''Single-Sign-On (SSO)'' by setting the server name of the MailStore Server computer and the authentication method to ''Windows Authentication'' through group policies [[MailStore_Client_Deployment#Configuring_Policy_Settings|for the MailStore Client]] or the [[MailStore_Outlook_Add-in_Deployment|for the MailStore Outlook Add-in]], you must change the group policy setting ''Authentication'' to ''Standard Authentication''.

After finishing these tasks successfully, the migration in MailStore Server is complete.
[[de:Umstellung_der_Archivierung_von_Microsoft_Exchange_Server_auf_Microsoft_365]]
[[en:Changing_Archiving_from_Microsoft_Exchange_Server_to_Microsoft_365]]

Update Notices for MailStore Server

2022-03-30T13:27:04Z

Bmeyn: /* General Information */

== General Information ==

* '''Before you start the installation, please check if your current license really allows to upgrade the software.'''
* '''Before the installation, read the [https://go.mailstore.com?product=MailStore%20Server&target=changelog&lang=en changelog] for information about all changes in the respective versions.'''
* '''Make sure you have a recent backup of your archive. Learn more about backing up and restoring MailStore Server [[Backup and Restore|here]]'''.
* The installation process will uninstall older versions of the software automatically. All archives and the configuration data will be kept. There is no need to manually uninstall old versions previously.
* During the installation process the MailStore Server service is automatically stopped and restarted afterwards. Running archiving profiles will be cancelled and may show up as failed. Should stopping the service fail for any reason, please stop the service manually and run the installation again.
* Carefully check the auto-detected settings during the installation process.
* Updating MailStore Client and/or MailStore Outlook Add-in installations
** Versions older than 9.x require an update of the MailStore Client and/or MailStore Outlook Add-in installations when updating to a new major or minor version (e.g. 5.1 to 5.2).
** Since version 9.x and up to 13.x this is typically required only for major version updates (e.g. 9.8 to 10). Exceptions are mentioned in the version specific notices below.
** For version 22.x and higher, version specific notices regarding these updates will be included if necessary.
*; Further information can be found in the articles [[MailStore Client Deployment]] and [[MailStore Outlook Add-in Deployment]]
* The following version specific upgrade notices are cumulative. Therefore, also read the notices regarding all version numbers between yours and the one you are going to install.
* For versions that are not explicitly listed here, the upgrade notices for preceding versions apply accordingly.

== Upgrading to 13.x ==
* '''Update of MailStore Client and Outlook Add-in''' Irrespective of MailStore Client's auto-update mechanism, a reinstallation of MailStore Client and the MailStore Outlook Add-in is required to make use of the following improvements:
** Unified validation of TLS certificates.
** Unified evaluation of group policies.
** Distinct error messages for certain certificate errors.
** Outlook Add-in: Due to the required changes of the login process to support modern authentication with Microsoft 365 and Google Workspace, the Outlook Add-in must be updated to version 13 to be able to connect to MailStore Server 13.x. Connecting to an older version of MailStore Server is no longer supported after the update.
* '''Unencrypted Connections'''
*; Support for unencrypted connections to MailStore Server has been fully removed. This affects MailStore Outlook Add-in, and the Legacy Web Access. After updating the Outlook Add-in, it automatically tries to connect to the default HTTPS port (8462) if either the default HTTP port (8461) or no port was set as part of the server name previously. In all other cases, the initial connections may fail and requires the server name to be adjusted by the user, or by an administrator via group policies.
* '''HTTP-to-HTTPS Redirect'''
*; The HTTP-to-HTTPS redirect option, which must be considered insecure without the use of properly configured [[wikipedia:HTTP_Strict_Transport_Security|HTTP Strict Transport Security (HSTS)]], has been removed. Users are required to use the correct HTTPS URL to access MailStore Web Access.
* '''Windows Authentication'''
*; The authentication method selection has been removed from the newly design login dialog. Therefore, traditional Windows Authentication available in on-prem Active Directory controlled environments, can only be enabled through group policies. Further information on group policies can be found in [[MailStore Client Deployment]] and [[MailStore Outlook Add-in Deployment]].
* '''Microsoft 365 Support'''
*; A new directory service synchronization profile [[Synchronizing_User_Accounts_with_Microsoft_365_(Modern_Authentication)|Microsoft 365 (Modern Authentication)]] as well as new profiles for archiving and exporting emails from or to Microsoft 365 have been introduced. These support modern authentication (OAuth 2.0 & OpenID Connect) and customers of Microsoft 365 are advised to regularly check for Microsoft's announcement on the timeline for removing HTTP Basic Auth from Microsoft Exchange Web Services (EWS) and to plan the migration to the new profiles in advance. Once Microsoft disables support for HTTP Basic Auth in Exchange Web Services on Microsoft 365, the existing directory service synchronization profile ''Microsoft 365 (Basic Auth)'' (formerly named ''Office 365'') and the Microsoft Exchange archiving and export profiles will stop working.
* '''Google Workspace Support'''
*; The [[Google Workspace Integration|Google Workspace directory service synchronization profile]] has been extended with support for modern authentication (OAuth 2.0 & OpenID Connect). Customers of Google Workspace are advised to regularly check for Google's announcement on the timeline for removing support for less secure apps, and should plan the migration to the new setting in advance. Once Google disables support for Less Secure Apps in Google Workspace, the existing directory service synchronization profile ''Google Workspace'' will no longer allow users to login to MailStore as long as the authentication method is still set to ''IMAP''.
* '''IMAP Access to Archive'''
*; When using either the new ''Microsoft 365 (Modern Authentication)'' or ''Google Workspace'' directory service synchronization profile, user that have been added by these profiles, can not access their archive via the integrated IMAP server as MailStore Server is not able to verify those passwords itself.
* '''Startup Scripts'''
*; The [[MailStore Server Service Configuration]] now provides functionality to configure connections to remote SMB/CIFS network shares without having to store credential in a plain text batch file. Therefore, startup scripts are no longer recommended to be used for that purpose. Unless there actually is a startup script found in MailStore Server's program directory, the corresponding menu item ''Startup Script'' will not be shown in the MailStore Server Service Configuration.
* '''Mobile Web Access'''
*; The dedicated Mobile Web Access has been removed due to no longer supported third-party components (e.g. jQuery Mobile) and in favor of MailStore Web Access, which has been received major enhancements in terms of performance and usability.
* '''Legacy Web Access'''
*; As parts of Legacy Web Access are representing the server-side of the Outlook Add-in, the Legacy Web Access is still present, but no longer advertised on the login screen of the Web Access.
* '''Group Policies'''
*; The following group policy settings are no longer supported in MailStore 13:
** '''MailStore Client: Accept Thumbprint'''
**; If a server name has been defined by a group policy, the certificate used by MailStore Server must be trusted by the client computer and it must not be revoked or expired.
** '''MailStore Outlook Add-in: Accept Thumbprint'''
**; If a server name has been defined by a group policy, the certificate used by MailStore Server must be trusted by the client computer and it must not be revoked or expired.
** '''MailStore Outlook Add-in: Enable TLS/SSL encryption'''
**; As MailStore Server no longer supports unencrypted inbound connections and the default behavior of MailStore Outlook Add-in as been modified accordingly, this option is ignored.

== Upgrading to 12.1 ==
* '''System Requirements'''
*; Windows Vista, Windows Server 2008, and Windows Small Business Server 2008 support has been removed from MailStore in this version. For a current list of supported operating systems, please refer to [[System Requirements]].

== Upgrading to 12 ==
* '''Expired Certificates'''
*; Irrespective of whether the certificate's trust can be verified, no connection is established by MailStore Client to server's whose certificate has expired or was revoked. In such a case, the certificate must be replaced by means of the MailStore Server service configuration tool first.
* '''Using Certificates'''
*; If in the past, different certificates were used for the services provided by MailStore Server, the same certificate configuration as for new installations will be shown during the installation. The certificate configured in that step will afterwards be used for all provided services and can be change in the MailStore Server service configuration tool.

== Upgrading to 11 ==
* '''Upgrading Archive Stores'''
*; '''Depending on the archive size this can take an excessive amount of time. On average 50.000 messages are processed per minute during the upgrade.'''
*; Until the archive stores have been upgraded, not all functionality of the software is available. To facilitate
** retention policies,
** the search functionality,
** the improved recovery records,
*; the databases of the archive stores must be upgraded.
*;Proceed as follows to upgrade:
** Log in as MailStore administrator (admin).
** Click on ''Administrative Tools'' > ''Storage'' and then ''Storage Locations''.
** Either click on the yellow info box to upgrade all archive stores at once or right-click on an archive store and select ''Perform Upgrade'' to upgrade a single archive store.
** Carefully read the notices and click on ''OK'' to start the upgrade process or click on ''Cancel''.
**: [[File:Fg_upgrade10.png|center]]
* '''Retention Policies''' If not all attached archive stores are available (State: ''Archive here'', ''Normal''), or their status is ''Write-Protected'', no automatic processing of retention policies takes place. Therefore verify if an archive store is set to ''Disabled'' or ''Write-Protected'' after the upgrade and change it to one of the above states or detach it completely.
* '''Access via Integrated IMAP Server''' To access the archive via the integrated IMAP server, an encrypted connection is now mandatory. If necessary, adjust the configuration of your email clients accordingly and enable TLS or STARTTLS.
* '''Management API Commands Get-/SetComplianceConfiguration''' The property ''globalRetentionTimeYears'' has been removed from the commands. Own scripts using these commands have to be adjusted accordingly. To manage retention policies, two new commands are available: ''GetRetentionPolicies'' and ''SetRetentionPolicies''.

== Upgrading to 10.2 ==
* '''Web Access''' The new responsive Web Access is exclusively available via the HTTPS port. User who are still using the unencrypted HTTP port to access Web Access, will see a corresponding notice about this circumstance. Thus it is recommended to use a trustworthy certificate signed by an official or internal certificate authority. See [[Using Your Own SSL Certificate]] for details.
=== Known Issues ===
* The backend of the new responsive Web Access expects MailStore Server to be reachable on IP address 127.0.0.1 (localhost) and the default TCP port 8460. If you configured MailStore to listen on a specific IP address for MailStore Client connections in the [[MailStore Server Service Configuration]], please reset it to ''(All IP Addresses)'' and ''Port'' 8460. This problem was fixed with version 10.2.3.

== Upgrading to 10.1 ==
* '''Archiving Emails''' If not all attached archive stores are available (State: ''Archive here'', ''Normal'', or ''Write-Protected''), no archiving takes place. Running archiving profiles are terminated with an appropriate message. Under certain circumstances this prevents the creation of duplicate emails while archiving. Therefore verify if an archive store is set to ''disabled'' after the upgrade and change it to one of the above states or detach it completely.
* '''Status Reports''' If a longer period should be covered by status reports, it must be ensured that the profile and job results are kept for at least that period. The default value of previous installations is one week and should be adjusted to the new default value of 90 days.

== Upgrading to Version 10 ==
* '''Encryption Notices''' Due to enhanced encryption mechanisms, MailStore archives that have been upgraded to version 10 are tied to the Windows-Installation on which MailStore Server has been installed. Under certain conditions some actions (e.g. restoring the default admin, attaching foreign archive stores, etc.) in MailStore require the input of a recovery key. By default this is the product key of the installation.Please make sure to store the product key entered during installation in a safe location.In environments with higher security requirements it is recommended to change the default recovery key and, depending on the backup target, exclude the unencrypted search indexes from backups. Corresponding information can be found in the [[MailStore Server Service Configuration]] article.
* '''Upgrade of Master Database''' To facilitate encryption of the master database it is upgraded to Firebird 3 during the first start of the MailStore Server service and encrypted afterwards. This process might extend the time required for the first start of the service by several minutes.
* '''Upgrading Archive Stores''' To facilitate encryption the databases of the archive store must be upgraded. Proceed as follows to upgrade:
** Log in as MailStore administrator (admin).
** Click on ''Administrative Tools'' > ''Storage'' and then ''Storage Locations''.
** Either click on the yellow info box to upgrade all archive stores at once or right-click on an archive store and select ''Perform Upgrade'' to upgrade a single archive store.
** Carefully read the notices and click on ''OK'' to start the upgrade process or click on ''Cancel''.
**: [[File:Fg_upgrade10.png|center]]
* '''Archives of Other Users''' These are no longer visible for MailStore administrators if the ''Archive Access'' (formerly knows as ''E-mail Preview'') is blocked. Administrative functions such as deleting or renaming user archives are accessible through [[Archives|Administrative Tools > Users and Archives > Archives]].
* '''Export E-mails''' The previous change may also have an impact on export profiles owned by a MailStore administrator, in case the export scope contains archives of other users. As these are no longer visible to MailStore administrators if the ''Archive Access'' (formerly knows as ''E-mail Preview'') is blocked, they are not taken into account by export profiles.
* '''Auditing''' All activities that are exclusively executable by MailStore administrators are displayed as ''Enabled (locked)'' at ''Compliance'' > ''Auditing''. Irrespective of the ''Disabled'' status, all activities of MailStore administrators, excluding ''MessageRetrieveContent'', are written into the audit log.
* '''Default Password''' If you have not changed the default MailStore administrators (admin) password yet, you will be asked to set a new password during the first logon after the update. The same occurs when the password has been reset to ''admin'' after restoring the default admin.

== Upgrading to Version 9.7 ==
* '''Search Indexes''' Due to changes in the area of indexing email attachment contents, the search index settings should be opened and confirmed after the update, so that MailStore can identify potentially missing or unsupported IFilters.
* '''Archiving from Gmail''' This version contains a new Gmail profile, that provides additional functionality such as support for deleting emails from the Gmail mailbox and OAuth2 authentication. Please notice, that it does not support any other folders than "All Mail" and "Sent Items". This new behavior anticipates scenarios which have been recognized as confusing by users in the past and that where caused by the interaction of Gmail labels, IMAP folders and MailStore's single instance store. Existing Google Mail profiles can still be modified and executed, but no new ones can be created. It is recommended to replace old "Google Mail" profiles by this new Gmail profile.

=== Known Issues ===
* Indexing the content of Open Document Format email attachments requires a working installation of OpenOffice or LibreOffice, though Microsoft Office 2010 Filter Pack officially provides support for these file types. Additional information can be found in the [[Search Indexes]] article.

== Upgrading to Version 9.6 ==
* '''Update of MailStore Client and Outlook Add-in''' Independent of MailStore Client's auto-update mechanism, a reinstallation of MailStore Client and the MailStore Outlook Add-in is required to make use of the following improvements:
** Client: Pin to taskbar now possible on Windows 7 and newer.
** Support for different SSL certificate thumbprint formats in group policies.
** Group policies allow configuration of client and Outlook Add-in language.
* '''MailStore Proxy''' Starting with version 9.6, MailStore Proxy requires .NET Framework 4.5.1. Hence the [[MailStore_Proxy#System_Requirements|system requirements of MailStore proxy]] have also changed in regards to the operating system.

== Upgrading to Version 9.3 ==
* '''Supported SSL certificates''' Using SSL certificates which utilize MD5-hash based signature algorithms (e.g. ''md5rsa'') is technically no longer possible since version 9.3. For years (approx. 2010) MD5-hash based signature algorithms have no longer been used for signing certificates. However, should the error message ''Authentication failed because the remote party has closed the transport stream.'' occur after installing the upgrade, please follow the instructions in the corresponding [https://cs.mailstore.com/index.php?/Knowledgebase/Article/View/120/5/erro-message-authentication-failed-because-the-remote-party-has-closed-the-transport-stream Knowledgebase article].

== Upgrading to Version 9.x ==
* '''System Requirements''' Please ensure that your system configuration matches the updated system requirements. MailStore Server, MailStore Client and MailStore Outlook Add-in now require .NET Framework 4.5.1 and Internet Explorer 8 or higher. Thus Windows Vista SP2 or newer is required.
* '''Server-side Execution of E-mail-Server Profiles and Internal Backup''' Archiving from and exporting to email servers as well as the internal backup function is now carried out by the MailStore Server service itself. Thus it is necessary that the MailStore Server computer has the required permissions to access email servers and network shares where applicable (see [[Using Network Attached Storage (NAS)]]). In either case, verify carefully that all automated tasks are still working properly after updating.
* '''Scheduling of Profiles''' For executing archiving and export profiles of type ''E-mail Servers'', an internal scheduler is now used. This scheduler is used for all newly created profiles as soon as automatic execution is enabled in the profile settings. Existing profiles of type ''E-mail Servers'' are set to manual execution after upgrading to MailStore Server 9. Their execution remains triggered based in the corresponding by task in the Windows Task Scheduler. To completely turn these profiles into independent server-side profiles, remove the corresponding task from the Windows Task Scheduler first and then enable automatic execution in the profile setting in MailStore Server. Further information can be found in [[Email_Archiving_with_MailStore_Basics#Working_with_Archiving_Profiles|Working with Archiving Profiles]] and [[Email_Archiving_with_MailStore_Basics#Automating_the_Archiving_Process|Automating the Archiving Process]]
* '''Group Policies''' New ADM and ADMX templates are used for the configuration of MailStore Client and MailStore Outlook Add-in. Group Policies created with the new templates are not compatible with older versions of MailStore Client and MailStore Outlook Add-In, nor does MailStore Client 9 and MailStore Outlook Add-in 9 support Group Policies that have been created based on previous versions of the ADM and ADMX templates. Please replace any existing Group Policies when upgrading to MailStore Server 9. Further information can be found in [[MailStore Client Deployment]] and [[MailStore Outlook Add-in Deployment]].
* '''Automatic Creation of New Archive Stores''' A new default threshold of 5 million emails has been introduced for the automatic creation of new archive stores in MailStore Server 9. For existing installations it is recommended to adjust this value after upgrading to MailStore Server 9 as described in [[Storage Locations]].
* '''PDF Support of Full Text Search''' PDF support has been removed from MailStore Server's own indexer. Therefore it is required to either install a recent version of Adobe Reader or an appropriate IFilter driver (i.e. [http://www.adobe.com/support/downloads/detail.jsp?ftpID=5542 Adobe PDF iFilter] on the MailStore Server computer.
* '''MailStore Server Administration API''' The API has been completely rewritten. As it does not provide and kind of backward compatibility with previous versions, it is required to carefully verify and, if necessary, to modify scripts that make use of the Administration API.
* '''AVM KEN! Support Removed''' After the vendor's support for AVM KEN! has already stopped in September 2010, the support by MailStore ends with MailStore Server 9. Existing AVM KEN! profiles are automatically removed from MailStore - archived emails remain in the archive.

=== Known Issues ===
* '''Missing Email Headers when Printing from MailStore Web Access''' '''''(resolved in version 9.6)''''' Due to the technical implementation of the HTML view, emails printed from within MailStore Web Access do not contain information about sender, recipient and subject. Until a fix is available, the workaround is to open the emails in an email client such as Microsoft Outlook or Mozilla Thunderbird for printing.

== Upgrading to Version 8.x ==

* '''System Requirements''' Please ensure that your system configuration matches the updated system requirements. MailStore Client and MailStore Outlook Add-in now require .NET Framework 3.5 SP1 and Internet Explorer 8 or higher.

== Upgrading to Version 7.0 ==

* '''Management Shell / Batch Scripts''' The server-side part of the Management Shell command set, which included commands such as <code>user-add</code> or <code>filegroup-create</code>, has completely been replaced by the more powerful [[Administration_API_-_Using_the_API|MailStore Server Administration API]]. If you have written custom scripts (e.g. batch scripts) for user management or store management, please update them so that it uses the new command set. [[MailStore_Server_Management_Shell|More information about the MailStore Server Management Shell]]

== Upgrading to Version 6.0 ==

* '''Upgrading File Groups''' The file group format has changed to ensure high performance and stability in the future. To upgrade existing file groups to the new format, proceed as follows:
** Log in as MailStore administrator (admin).
** Click on ''Administrative Tools'' > ''Storage'' and then ''Storage Locations''.
** Either click on the yellow info box to upgrade all file groups at once or right-click on a file group and select ''Perform Upgrade'' to upgrade a single file group.
**: [[File:Fg_upgrade6.png]]
** Carefully read the notices and click on ''OK'' to start the upgrade process or click on ''Cancel''.
** While the upgrade process is running, you will see a window showing information about the upgrade progress. You can click on ''Cancel'' at any time to interrupt the upgrade process in order to continue it later.
* '''Automatic Creation of New File Groups''' If you are using a scheduled task to create new file groups regularly, we recommend to remove that scheduled task and proceed as described in chapter [[Storage_Locations#Creating_File_Groups_Automatically|Creating File Groups Automatically]] of the MailStore Server manual. Please notice the recommended limit of 500.000 messages per file group; that is the default value for all new installations of MailStore Server 6.
* '''Active Directory Integration''' After upgrading to MailStore Server 6 it is required to reconfigure the Active Directory integration with the new Directory Service interface. Please follow the instructions in chapter [[Active Directory Integration]] of the MailStore Server manual. '''Important notice:''' From MailStore Server 6 on, accessing the Active Directory is done under the security scope of the MailStore Server service (instead of MailStore Client). Therefor, please pay attention to ''Authentication'' under ''Specifying Connection Settings''.
* '''Generic LDAP Integration''' After upgrading to MailStore Server 6 it is required to reconfigure the generic LDAP integration with the new Directory Service interface. Please follow the steps in chapter [[Generic LDAP Integration]] of the MailStore Server manual.
* '''Firewall Settings''' If you have set up firewall rules manually to allow access to MailStore Server, MailStore Web Access, MailStore Outlook Add-in or the MailStore integrated IMAP server, we recommend to remove the firewall rules before installing MailStore Server 6. If desired, MailStore Server 6 can set up and update firewall rules on its own, after changes have been made in the [[MailStore Server Service Configuration]] (formerly known as MailStore Server Base Configuration).
* '''No More Separate Downloads''' There is only one MailStore Server setup file, that includes all appropriate setup files for MailStore Client, MailStore Outlook Add-in and MailStore Proxy. MailStore Server setup creates a link on your desktop that opens an Explorer window with the setup files. If the desktop link does not exist you can find the setup files in the ''Setup-<version>'' sub-folder of your MailStore Server installation directory.

== Upgrading to Version 5.0 ==

* '''MailStore Outlook Add-In''' MailStore Outlook Add-in requires access to MailStore Web Access. Should the situation arise that your firewall block the MailStore Web Access ports (default: 8461 for HTTP and 8462 for HTTPS), please reconfigure you firewall accordingly.

== Upgrading to Version 4.5 ==

* '''Database Backups''' Database backup tasks or profiles which were created with an earlier version of MailStore Server need to be re-created with this version. Use the new backup functionality in Administrative Tools which provides you with several new features.
* '''Search Indexes''' If you have created search indexes with a MailStore Server version equal or earlier than 3.0.2, you will be prompted to rebuild them after your first administrator logon to MailStore Server. Depending on the number of users and file groups, this process might take several minutes or hours. You can continue to use MailStore Server during this process, however the search functionality might be limited until the process is finished.

[[de:Hinweise_zum_Update_von_MailStore_Server]]
[[en:Update Notices for MailStore Server]]

Update Notices for MailStore Server

2022-03-30T12:58:55Z

Bmeyn: /* General Information */

== General Information ==

* '''Before you start the installation, please check if your current license really allows to upgrade the software.'''
* '''Before the installation, read the [https://go.mailstore.com?product=MailStore%20Server&target=changelog&lang=en changelog] for information about all changes in the respective versions.'''
* '''Make sure you have a recent backup of your archive. Learn more about backing up and restoring MailStore Server [[Backup and Restore|here]]'''.
* The installation process will uninstall older versions of the software automatically. All archives and the configuration data will be kept. There is no need to manually uninstall old versions previously.
* During the installation process the MailStore Server service is automatically stopped and restarted afterwards. Running archiving profiles will be cancelled and may show up as failed. Should stopping the service fail for any reason, please stop the service manually and run the installation again.
* Carefully check the auto-detected settings during the installation process.
* Updating MailStore Client and/or MailStore Outlook Add-in installations
** Versions older than 9.x require an update of the MailStore Client and/or MailStore Outlook Add-in installations when updating to a new major or minor version (e.g. 5.1 to 5.2).
** Since version 9.x and up to 13.x this is typically only required for major version updates (e.g. 9.8 to 10). Exceptions are mentioned in the version specific notices below.
** For version 22.x and higher, version specific notices regarding these updates will be included if necessary.
*; Further information can be found in the articles [[MailStore Client Deployment]] and [[MailStore Outlook Add-in Deployment]]
* The following version specific upgrade notices are cumulative. Therefore, also read the notices regarding all version numbers between yours and the one you are going to install.
* For versions that are not explicitly listed here, the upgrade notices for preceding versions apply accordingly.

== Upgrading to 13.x ==
* '''Update of MailStore Client and Outlook Add-in''' Irrespective of MailStore Client's auto-update mechanism, a reinstallation of MailStore Client and the MailStore Outlook Add-in is required to make use of the following improvements:
** Unified validation of TLS certificates.
** Unified evaluation of group policies.
** Distinct error messages for certain certificate errors.
** Outlook Add-in: Due to the required changes of the login process to support modern authentication with Microsoft 365 and Google Workspace, the Outlook Add-in must be updated to version 13 to be able to connect to MailStore Server 13.x. Connecting to an older version of MailStore Server is no longer supported after the update.
* '''Unencrypted Connections'''
*; Support for unencrypted connections to MailStore Server has been fully removed. This affects MailStore Outlook Add-in, and the Legacy Web Access. After updating the Outlook Add-in, it automatically tries to connect to the default HTTPS port (8462) if either the default HTTP port (8461) or no port was set as part of the server name previously. In all other cases, the initial connections may fail and requires the server name to be adjusted by the user, or by an administrator via group policies.
* '''HTTP-to-HTTPS Redirect'''
*; The HTTP-to-HTTPS redirect option, which must be considered insecure without the use of properly configured [[wikipedia:HTTP_Strict_Transport_Security|HTTP Strict Transport Security (HSTS)]], has been removed. Users are required to use the correct HTTPS URL to access MailStore Web Access.
* '''Windows Authentication'''
*; The authentication method selection has been removed from the newly design login dialog. Therefore, traditional Windows Authentication available in on-prem Active Directory controlled environments, can only be enabled through group policies. Further information on group policies can be found in [[MailStore Client Deployment]] and [[MailStore Outlook Add-in Deployment]].
* '''Microsoft 365 Support'''
*; A new directory service synchronization profile [[Synchronizing_User_Accounts_with_Microsoft_365_(Modern_Authentication)|Microsoft 365 (Modern Authentication)]] as well as new profiles for archiving and exporting emails from or to Microsoft 365 have been introduced. These support modern authentication (OAuth 2.0 & OpenID Connect) and customers of Microsoft 365 are advised to regularly check for Microsoft's announcement on the timeline for removing HTTP Basic Auth from Microsoft Exchange Web Services (EWS) and to plan the migration to the new profiles in advance. Once Microsoft disables support for HTTP Basic Auth in Exchange Web Services on Microsoft 365, the existing directory service synchronization profile ''Microsoft 365 (Basic Auth)'' (formerly named ''Office 365'') and the Microsoft Exchange archiving and export profiles will stop working.
* '''Google Workspace Support'''
*; The [[Google Workspace Integration|Google Workspace directory service synchronization profile]] has been extended with support for modern authentication (OAuth 2.0 & OpenID Connect). Customers of Google Workspace are advised to regularly check for Google's announcement on the timeline for removing support for less secure apps, and should plan the migration to the new setting in advance. Once Google disables support for Less Secure Apps in Google Workspace, the existing directory service synchronization profile ''Google Workspace'' will no longer allow users to login to MailStore as long as the authentication method is still set to ''IMAP''.
* '''IMAP Access to Archive'''
*; When using either the new ''Microsoft 365 (Modern Authentication)'' or ''Google Workspace'' directory service synchronization profile, user that have been added by these profiles, can not access their archive via the integrated IMAP server as MailStore Server is not able to verify those passwords itself.
* '''Startup Scripts'''
*; The [[MailStore Server Service Configuration]] now provides functionality to configure connections to remote SMB/CIFS network shares without having to store credential in a plain text batch file. Therefore, startup scripts are no longer recommended to be used for that purpose. Unless there actually is a startup script found in MailStore Server's program directory, the corresponding menu item ''Startup Script'' will not be shown in the MailStore Server Service Configuration.
* '''Mobile Web Access'''
*; The dedicated Mobile Web Access has been removed due to no longer supported third-party components (e.g. jQuery Mobile) and in favor of MailStore Web Access, which has been received major enhancements in terms of performance and usability.
* '''Legacy Web Access'''
*; As parts of Legacy Web Access are representing the server-side of the Outlook Add-in, the Legacy Web Access is still present, but no longer advertised on the login screen of the Web Access.
* '''Group Policies'''
*; The following group policy settings are no longer supported in MailStore 13:
** '''MailStore Client: Accept Thumbprint'''
**; If a server name has been defined by a group policy, the certificate used by MailStore Server must be trusted by the client computer and it must not be revoked or expired.
** '''MailStore Outlook Add-in: Accept Thumbprint'''
**; If a server name has been defined by a group policy, the certificate used by MailStore Server must be trusted by the client computer and it must not be revoked or expired.
** '''MailStore Outlook Add-in: Enable TLS/SSL encryption'''
**; As MailStore Server no longer supports unencrypted inbound connections and the default behavior of MailStore Outlook Add-in as been modified accordingly, this option is ignored.

== Upgrading to 12.1 ==
* '''System Requirements'''
*; Windows Vista, Windows Server 2008, and Windows Small Business Server 2008 support has been removed from MailStore in this version. For a current list of supported operating systems, please refer to [[System Requirements]].

== Upgrading to 12 ==
* '''Expired Certificates'''
*; Irrespective of whether the certificate's trust can be verified, no connection is established by MailStore Client to server's whose certificate has expired or was revoked. In such a case, the certificate must be replaced by means of the MailStore Server service configuration tool first.
* '''Using Certificates'''
*; If in the past, different certificates were used for the services provided by MailStore Server, the same certificate configuration as for new installations will be shown during the installation. The certificate configured in that step will afterwards be used for all provided services and can be change in the MailStore Server service configuration tool.

== Upgrading to 11 ==
* '''Upgrading Archive Stores'''
*; '''Depending on the archive size this can take an excessive amount of time. On average 50.000 messages are processed per minute during the upgrade.'''
*; Until the archive stores have been upgraded, not all functionality of the software is available. To facilitate
** retention policies,
** the search functionality,
** the improved recovery records,
*; the databases of the archive stores must be upgraded.
*;Proceed as follows to upgrade:
** Log in as MailStore administrator (admin).
** Click on ''Administrative Tools'' > ''Storage'' and then ''Storage Locations''.
** Either click on the yellow info box to upgrade all archive stores at once or right-click on an archive store and select ''Perform Upgrade'' to upgrade a single archive store.
** Carefully read the notices and click on ''OK'' to start the upgrade process or click on ''Cancel''.
**: [[File:Fg_upgrade10.png|center]]
* '''Retention Policies''' If not all attached archive stores are available (State: ''Archive here'', ''Normal''), or their status is ''Write-Protected'', no automatic processing of retention policies takes place. Therefore verify if an archive store is set to ''Disabled'' or ''Write-Protected'' after the upgrade and change it to one of the above states or detach it completely.
* '''Access via Integrated IMAP Server''' To access the archive via the integrated IMAP server, an encrypted connection is now mandatory. If necessary, adjust the configuration of your email clients accordingly and enable TLS or STARTTLS.
* '''Management API Commands Get-/SetComplianceConfiguration''' The property ''globalRetentionTimeYears'' has been removed from the commands. Own scripts using these commands have to be adjusted accordingly. To manage retention policies, two new commands are available: ''GetRetentionPolicies'' and ''SetRetentionPolicies''.

== Upgrading to 10.2 ==
* '''Web Access''' The new responsive Web Access is exclusively available via the HTTPS port. User who are still using the unencrypted HTTP port to access Web Access, will see a corresponding notice about this circumstance. Thus it is recommended to use a trustworthy certificate signed by an official or internal certificate authority. See [[Using Your Own SSL Certificate]] for details.
=== Known Issues ===
* The backend of the new responsive Web Access expects MailStore Server to be reachable on IP address 127.0.0.1 (localhost) and the default TCP port 8460. If you configured MailStore to listen on a specific IP address for MailStore Client connections in the [[MailStore Server Service Configuration]], please reset it to ''(All IP Addresses)'' and ''Port'' 8460. This problem was fixed with version 10.2.3.

== Upgrading to 10.1 ==
* '''Archiving Emails''' If not all attached archive stores are available (State: ''Archive here'', ''Normal'', or ''Write-Protected''), no archiving takes place. Running archiving profiles are terminated with an appropriate message. Under certain circumstances this prevents the creation of duplicate emails while archiving. Therefore verify if an archive store is set to ''disabled'' after the upgrade and change it to one of the above states or detach it completely.
* '''Status Reports''' If a longer period should be covered by status reports, it must be ensured that the profile and job results are kept for at least that period. The default value of previous installations is one week and should be adjusted to the new default value of 90 days.

== Upgrading to Version 10 ==
* '''Encryption Notices''' Due to enhanced encryption mechanisms, MailStore archives that have been upgraded to version 10 are tied to the Windows-Installation on which MailStore Server has been installed. Under certain conditions some actions (e.g. restoring the default admin, attaching foreign archive stores, etc.) in MailStore require the input of a recovery key. By default this is the product key of the installation.Please make sure to store the product key entered during installation in a safe location.In environments with higher security requirements it is recommended to change the default recovery key and, depending on the backup target, exclude the unencrypted search indexes from backups. Corresponding information can be found in the [[MailStore Server Service Configuration]] article.
* '''Upgrade of Master Database''' To facilitate encryption of the master database it is upgraded to Firebird 3 during the first start of the MailStore Server service and encrypted afterwards. This process might extend the time required for the first start of the service by several minutes.
* '''Upgrading Archive Stores''' To facilitate encryption the databases of the archive store must be upgraded. Proceed as follows to upgrade:
** Log in as MailStore administrator (admin).
** Click on ''Administrative Tools'' > ''Storage'' and then ''Storage Locations''.
** Either click on the yellow info box to upgrade all archive stores at once or right-click on an archive store and select ''Perform Upgrade'' to upgrade a single archive store.
** Carefully read the notices and click on ''OK'' to start the upgrade process or click on ''Cancel''.
**: [[File:Fg_upgrade10.png|center]]
* '''Archives of Other Users''' These are no longer visible for MailStore administrators if the ''Archive Access'' (formerly knows as ''E-mail Preview'') is blocked. Administrative functions such as deleting or renaming user archives are accessible through [[Archives|Administrative Tools > Users and Archives > Archives]].
* '''Export E-mails''' The previous change may also have an impact on export profiles owned by a MailStore administrator, in case the export scope contains archives of other users. As these are no longer visible to MailStore administrators if the ''Archive Access'' (formerly knows as ''E-mail Preview'') is blocked, they are not taken into account by export profiles.
* '''Auditing''' All activities that are exclusively executable by MailStore administrators are displayed as ''Enabled (locked)'' at ''Compliance'' > ''Auditing''. Irrespective of the ''Disabled'' status, all activities of MailStore administrators, excluding ''MessageRetrieveContent'', are written into the audit log.
* '''Default Password''' If you have not changed the default MailStore administrators (admin) password yet, you will be asked to set a new password during the first logon after the update. The same occurs when the password has been reset to ''admin'' after restoring the default admin.

== Upgrading to Version 9.7 ==
* '''Search Indexes''' Due to changes in the area of indexing email attachment contents, the search index settings should be opened and confirmed after the update, so that MailStore can identify potentially missing or unsupported IFilters.
* '''Archiving from Gmail''' This version contains a new Gmail profile, that provides additional functionality such as support for deleting emails from the Gmail mailbox and OAuth2 authentication. Please notice, that it does not support any other folders than "All Mail" and "Sent Items". This new behavior anticipates scenarios which have been recognized as confusing by users in the past and that where caused by the interaction of Gmail labels, IMAP folders and MailStore's single instance store. Existing Google Mail profiles can still be modified and executed, but no new ones can be created. It is recommended to replace old "Google Mail" profiles by this new Gmail profile.

=== Known Issues ===
* Indexing the content of Open Document Format email attachments requires a working installation of OpenOffice or LibreOffice, though Microsoft Office 2010 Filter Pack officially provides support for these file types. Additional information can be found in the [[Search Indexes]] article.

== Upgrading to Version 9.6 ==
* '''Update of MailStore Client and Outlook Add-in''' Independent of MailStore Client's auto-update mechanism, a reinstallation of MailStore Client and the MailStore Outlook Add-in is required to make use of the following improvements:
** Client: Pin to taskbar now possible on Windows 7 and newer.
** Support for different SSL certificate thumbprint formats in group policies.
** Group policies allow configuration of client and Outlook Add-in language.
* '''MailStore Proxy''' Starting with version 9.6, MailStore Proxy requires .NET Framework 4.5.1. Hence the [[MailStore_Proxy#System_Requirements|system requirements of MailStore proxy]] have also changed in regards to the operating system.

== Upgrading to Version 9.3 ==
* '''Supported SSL certificates''' Using SSL certificates which utilize MD5-hash based signature algorithms (e.g. ''md5rsa'') is technically no longer possible since version 9.3. For years (approx. 2010) MD5-hash based signature algorithms have no longer been used for signing certificates. However, should the error message ''Authentication failed because the remote party has closed the transport stream.'' occur after installing the upgrade, please follow the instructions in the corresponding [https://cs.mailstore.com/index.php?/Knowledgebase/Article/View/120/5/erro-message-authentication-failed-because-the-remote-party-has-closed-the-transport-stream Knowledgebase article].

== Upgrading to Version 9.x ==
* '''System Requirements''' Please ensure that your system configuration matches the updated system requirements. MailStore Server, MailStore Client and MailStore Outlook Add-in now require .NET Framework 4.5.1 and Internet Explorer 8 or higher. Thus Windows Vista SP2 or newer is required.
* '''Server-side Execution of E-mail-Server Profiles and Internal Backup''' Archiving from and exporting to email servers as well as the internal backup function is now carried out by the MailStore Server service itself. Thus it is necessary that the MailStore Server computer has the required permissions to access email servers and network shares where applicable (see [[Using Network Attached Storage (NAS)]]). In either case, verify carefully that all automated tasks are still working properly after updating.
* '''Scheduling of Profiles''' For executing archiving and export profiles of type ''E-mail Servers'', an internal scheduler is now used. This scheduler is used for all newly created profiles as soon as automatic execution is enabled in the profile settings. Existing profiles of type ''E-mail Servers'' are set to manual execution after upgrading to MailStore Server 9. Their execution remains triggered based in the corresponding by task in the Windows Task Scheduler. To completely turn these profiles into independent server-side profiles, remove the corresponding task from the Windows Task Scheduler first and then enable automatic execution in the profile setting in MailStore Server. Further information can be found in [[Email_Archiving_with_MailStore_Basics#Working_with_Archiving_Profiles|Working with Archiving Profiles]] and [[Email_Archiving_with_MailStore_Basics#Automating_the_Archiving_Process|Automating the Archiving Process]]
* '''Group Policies''' New ADM and ADMX templates are used for the configuration of MailStore Client and MailStore Outlook Add-in. Group Policies created with the new templates are not compatible with older versions of MailStore Client and MailStore Outlook Add-In, nor does MailStore Client 9 and MailStore Outlook Add-in 9 support Group Policies that have been created based on previous versions of the ADM and ADMX templates. Please replace any existing Group Policies when upgrading to MailStore Server 9. Further information can be found in [[MailStore Client Deployment]] and [[MailStore Outlook Add-in Deployment]].
* '''Automatic Creation of New Archive Stores''' A new default threshold of 5 million emails has been introduced for the automatic creation of new archive stores in MailStore Server 9. For existing installations it is recommended to adjust this value after upgrading to MailStore Server 9 as described in [[Storage Locations]].
* '''PDF Support of Full Text Search''' PDF support has been removed from MailStore Server's own indexer. Therefore it is required to either install a recent version of Adobe Reader or an appropriate IFilter driver (i.e. [http://www.adobe.com/support/downloads/detail.jsp?ftpID=5542 Adobe PDF iFilter] on the MailStore Server computer.
* '''MailStore Server Administration API''' The API has been completely rewritten. As it does not provide and kind of backward compatibility with previous versions, it is required to carefully verify and, if necessary, to modify scripts that make use of the Administration API.
* '''AVM KEN! Support Removed''' After the vendor's support for AVM KEN! has already stopped in September 2010, the support by MailStore ends with MailStore Server 9. Existing AVM KEN! profiles are automatically removed from MailStore - archived emails remain in the archive.

=== Known Issues ===
* '''Missing Email Headers when Printing from MailStore Web Access''' '''''(resolved in version 9.6)''''' Due to the technical implementation of the HTML view, emails printed from within MailStore Web Access do not contain information about sender, recipient and subject. Until a fix is available, the workaround is to open the emails in an email client such as Microsoft Outlook or Mozilla Thunderbird for printing.

== Upgrading to Version 8.x ==

* '''System Requirements''' Please ensure that your system configuration matches the updated system requirements. MailStore Client and MailStore Outlook Add-in now require .NET Framework 3.5 SP1 and Internet Explorer 8 or higher.

== Upgrading to Version 7.0 ==

* '''Management Shell / Batch Scripts''' The server-side part of the Management Shell command set, which included commands such as <code>user-add</code> or <code>filegroup-create</code>, has completely been replaced by the more powerful [[Administration_API_-_Using_the_API|MailStore Server Administration API]]. If you have written custom scripts (e.g. batch scripts) for user management or store management, please update them so that it uses the new command set. [[MailStore_Server_Management_Shell|More information about the MailStore Server Management Shell]]

== Upgrading to Version 6.0 ==

* '''Upgrading File Groups''' The file group format has changed to ensure high performance and stability in the future. To upgrade existing file groups to the new format, proceed as follows:
** Log in as MailStore administrator (admin).
** Click on ''Administrative Tools'' > ''Storage'' and then ''Storage Locations''.
** Either click on the yellow info box to upgrade all file groups at once or right-click on a file group and select ''Perform Upgrade'' to upgrade a single file group.
**: [[File:Fg_upgrade6.png]]
** Carefully read the notices and click on ''OK'' to start the upgrade process or click on ''Cancel''.
** While the upgrade process is running, you will see a window showing information about the upgrade progress. You can click on ''Cancel'' at any time to interrupt the upgrade process in order to continue it later.
* '''Automatic Creation of New File Groups''' If you are using a scheduled task to create new file groups regularly, we recommend to remove that scheduled task and proceed as described in chapter [[Storage_Locations#Creating_File_Groups_Automatically|Creating File Groups Automatically]] of the MailStore Server manual. Please notice the recommended limit of 500.000 messages per file group; that is the default value for all new installations of MailStore Server 6.
* '''Active Directory Integration''' After upgrading to MailStore Server 6 it is required to reconfigure the Active Directory integration with the new Directory Service interface. Please follow the instructions in chapter [[Active Directory Integration]] of the MailStore Server manual. '''Important notice:''' From MailStore Server 6 on, accessing the Active Directory is done under the security scope of the MailStore Server service (instead of MailStore Client). Therefor, please pay attention to ''Authentication'' under ''Specifying Connection Settings''.
* '''Generic LDAP Integration''' After upgrading to MailStore Server 6 it is required to reconfigure the generic LDAP integration with the new Directory Service interface. Please follow the steps in chapter [[Generic LDAP Integration]] of the MailStore Server manual.
* '''Firewall Settings''' If you have set up firewall rules manually to allow access to MailStore Server, MailStore Web Access, MailStore Outlook Add-in or the MailStore integrated IMAP server, we recommend to remove the firewall rules before installing MailStore Server 6. If desired, MailStore Server 6 can set up and update firewall rules on its own, after changes have been made in the [[MailStore Server Service Configuration]] (formerly known as MailStore Server Base Configuration).
* '''No More Separate Downloads''' There is only one MailStore Server setup file, that includes all appropriate setup files for MailStore Client, MailStore Outlook Add-in and MailStore Proxy. MailStore Server setup creates a link on your desktop that opens an Explorer window with the setup files. If the desktop link does not exist you can find the setup files in the ''Setup-<version>'' sub-folder of your MailStore Server installation directory.

== Upgrading to Version 5.0 ==

* '''MailStore Outlook Add-In''' MailStore Outlook Add-in requires access to MailStore Web Access. Should the situation arise that your firewall block the MailStore Web Access ports (default: 8461 for HTTP and 8462 for HTTPS), please reconfigure you firewall accordingly.

== Upgrading to Version 4.5 ==

* '''Database Backups''' Database backup tasks or profiles which were created with an earlier version of MailStore Server need to be re-created with this version. Use the new backup functionality in Administrative Tools which provides you with several new features.
* '''Search Indexes''' If you have created search indexes with a MailStore Server version equal or earlier than 3.0.2, you will be prompted to rebuild them after your first administrator logon to MailStore Server. Depending on the number of users and file groups, this process might take several minutes or hours. You can continue to use MailStore Server during this process, however the search functionality might be limited until the process is finished.

[[de:Hinweise_zum_Update_von_MailStore_Server]]
[[en:Update Notices for MailStore Server]]

MailStore Proxy

2022-03-21T11:50:02Z

Bmeyn:

With the release of [https://help.mailstore.com/en/gateway MailStore Gateway] on 10/4/2019, MailStore Proxy has been marked as deprecated. The last available version is 13.2.1.20465; there will be no further development. While our Technical Support will be happy to assist you with the transition to MailStore Gateway, please understand that we do not provide technical support for MailStore Proxy beyond that anymore.

With the MailStore proxy server, emails can be archived automatically upon sending and receiving. The advantages and disadvantages of this procedure are discussed in chapter [[Choosing_the_Right_Archiving_Strategy#Archiving_All_Incoming_and_Outgoing_Emails_Automatically|Archiving Incoming and Outgoing Emails Automatically]].

The MailStore Proxy server is available to all MailStore Server customers free of charge and can be downloaded under https://my.mailstore.com/Downloads

== System Requirements ==

* Windows Vista/2008 or higher
* .NET Framework 4.5.1 or higher

== Procedure ==
To attach MailStore Proxy to SMTP or POP3 connections, it needs to be configured in a fashion, that it is located between two systems. Depending on the planned archiving strategy, MailStore Proxy can be placed between email clients and an email server (company-internal or internet service provider) or between two email servers. MailStore Proxy writes down a copy of the transmitted emails to a joint transfer directory along with a report containing transmission details such as sender and recipient.

MailStore Server archives the emails copied by MailStore Proxy from a joint transfer directory. This process can be automated and executed several times per day.

[[Image:MailStoreProxy1_en.png|560px|center|thumbnail|Example: Usage of MailStore Proxy with email server located at an ISP]]

== Installation and Configuration of MailStore Proxy ==
* Download MailStore Proxy from the [https://my.mailstore.com/Downloads MailStore website's download section].
* Install MailStore Proxy on any computer. It is not required that MailStore Server is installed on the same machine, but a joint transfer directory or network share has to exist to which both have full access.
* After the installation, start ''MailStore Proxy Admin'' by clicking on the new desktop icon.
* Under ''Configuration'', MailStore Proxy can be adjusted to your environment.
: [[File:tech_proxy_02.png|center|550px]]

=== Specifying the Report Output Directory ===
In the field ''Report Output Directory'', specify the directory to which MailStore Proxy is to write the transmission reports. In order to be able to archive the emails it contains, MailStore Server has to have access to this directory as well. The directory is valid for all proxy servers (SMTP and POP3).

=== Adding or Removing a Proxy Server ===
After installing MailStore Proxy, an example configuration already exists for a SMTP proxy server as well as for a POP3 proxy server. In case you need more proxy servers, e.g. you use email servers from different internet service providers, you can add or remove additional proxy servers by clicking on the appropriate button next to the label "Proxy Servers".

=== Configuring a SMTP Proxy Server ===
In order to configure a SMTP proxy server follow these steps:

* In the list ''Proxy Servers'', click on the name of the proxy server you want to configure. Right after installing MailStore Proxy an example configuration named ''SMTP Proxy Server'' exists, which can be adjusted to your environment.
* In the field ''Name'' you can optionally enter a meaningful name for the SMTP proxy server. This is especially a good idea, in cases where you have more than one proxy server configured. Technically this has no effect on the proxy server.
* Under ''Listen on'', specify the IP address on which MailStore Proxy should listen for incoming connections. The field ''Port'' specifies the port, where MailStore Proxy should listen for incoming connections in order to forward them to the ''Target Host''. The default port is 25. Unless there is another email server running on the computer that listens to port 25 as well, the default should not be changed. Communication with MailStore Proxy can either be unencrypted or encrypted by using StartTLS. SSL connections, often referred to as SMTPS, are currently not supported by MailStore Proxy.
* In the field ''Target Host'', specify to which SMTP server MailStore Proxy is to redirect the incoming connections. Usually, this is the SMTP server of the internet service provider or a company-internal SMTP server. Change the value of the field ''Port'' if the SMTP port of the SMTP server differs from the standard port (25).
* If the connection to the target host is to be encrypted, the type of encryption can be selected under ''Encryption''. Whether or not the connection to the target host is encrypted does in no way depend on the connection to MailStore Proxy being encrypted. '''Please note:''' Connections of the encryption type ''SSL'' are usually not established through port 25 but port 465. Please do not forget to change the value of the field ''Port'' accordingly.
* If the external SMTP server requires authentication, login credentials can be specified in the fields ''User Name'' and ''Password''. These values are then used when connecting to the target host. By filling out that fields, it is not necessary to configure the login credentials on every single workstation in your network. '''Important note: ''' In case you store the login credentials for your SMTP transmission in the SMTP proxy server, you should not make the SMTP proxy server reachable from the Internet, as this will create a so called open-relay server, that gets quickly miss-used by senders of spam.
* After adjusting the settings, click on ''Save Configuration & Restart'' to restart MailStore Proxy.

=== Configuring a POP3 Proxy Server ===
* In the list ''Proxy Servers'', click on the name of the POP3 proxy server you want to configure. Right after installing MailStore Proxy an example configuration named ''POP3 Proxy Server'' exists, which can be adjusted to your environment.
* Under ''Listen on'', specify the IP address on which MailStore Proxy should listen for incoming connections. The field ''Port'' specifies the port, where MailStore Proxy should listen for incoming connections in order to forward them to the ''Target Host''. The default port is 110. Unless there is another email server running on the computer that listens to port 110 as well, the default should not be changed.
* In the field ''Target Host'', specify to which POP3 server MailStore Proxy is to redirect the incoming connections. Usually, this is the POP3 server of the internet service provider or a company-internal POP3 server. Change the value of the field ''Port'' if the POP3 port of the POP3 server differs from the standard port (110). Communication with MailStore Proxy can either be unencrypted or encrypted by using StartTLS. Inbound SSL connections, often referred to as POP3S (TCP port 995), are currently not supported by MailStore Proxy.
* If the connection to the target host is to be encrypted, the type of encryption can be selected under ''Encryption''. Whether or not the connection to the target host is encrypted does in no way depend on the connection to MailStore Proxy being encrypted. '''Please note:''' Connections of the encryption type ''SSL'' are usually not established through port 110 but port 995. Please do not forget to change the value of the field ''Port'' accordingly.
* After adjusting the settings, click on ''Save Configuration & Restart'' to restart MailStore Proxy.

== Integrating MailStore Proxy in Your Email Environment ==
Depending on your archiving strategy there may exists two different locations in your email environment where reconfiguration is required.

=== Configuration of the Email Clients ===
If the MailStore Proxy is located between your email clients and email server (company-internal or internet service provider), replace the outgoing email server (SMTP) and the incoming email server (POP3) with the DNS hostname or IP address of the MailStore Proxy. If necessary change the ports appropriate to the ''Listen on'' ports of your SMTP or POP3 proxy server.

=== Configuration of the Email Server ===
Is the MailStore Proxy located between two email server, e.g. between your company-internal and the one of your internet service provider, make sure that your email server sends all outgoing emails to the MailStore Proxy. Often the required option can be found under the term "Smarthost" or "Outgoing Relay" in the configuration options of your email server. Fill in the DNS hostname or IP address of the MailStore server and adjust the ports appropriate to the ''Listen on'' ports of your SMTP or POP3 proxy server.

If your email server fetches the content of POP3 mailboxes from your internet service provider's email server, make sure that the connection gets established to the MailStore Proxy in the future. Please refer to the manual of your email server for further information on how to change that settings.

== Configuration of MailStore Server ==
Before configuring MailStore Server, please make sure that a MailStore user account exists for each user whose emails are to be archived with the MailStore Proxy server. Please refer to chapter [[Users,_Folders_and_Settings#User_Management|User Management]] for more information.

'''Important notice:''' It is imperative that, in user management under ''Properties'', the email address is specified for each user. This is the only way to make sure that the emails in the archive are assigned to the appropriate users. If the POP3 user name does not match the user's email address, the user name has to be added separately.

'''Please proceed as follows:'''

* Start MailStore Client on the computer on which MailStore Server is installed. Log on to MailStore Client as administrator.
* Click on ''Archive Email'' and then on ''MailStore Proxy''.
:[[File:tech_proxy_03.png|center]]
* Select the directory that was specified earlier as Report Output Directory in the proxy configuration.
* Under ''Delete report files when archiving'', mark the checkbox succeeded only after the archiving process has been tested sufficiently. Even if this setting is disabled, MailStore Server does not archive duplicate emails.
* Under ''Delete report files when archiving'', mark the checkbox ''failed due to unknown email addresses / POP3 users only'' after the email addresses of all users have been verified (in ''User Management'' under ''Properties''). '''Background:''' Those emails received from the proxy server which MailStore is unable to assign to any MailStore user remain in the output directory of the proxy server. The option to ''Delete report files when archiving failed due to unknown email addresses / POP3 users'' provides a way to keep the amount of such data at a minimum.
* Click on ''Next''.
* At the last step, a name for the archiving profile can be specified. After clicking ''Finish'', the archiving profile will be listed under ''Saved Settings (Profiles)'' and can be run immediately, if desired.

{{Starting the Archiving Process}}

[[de:MailStore Proxy]]
[[en:MailStore Proxy]]

Jobs

2022-03-21T10:37:53Z

Bmeyn: /* Templates */

MailStore Server allows the creation of jobs to execute server side [[Administration_API_-_Function_Reference|Management API-Commands]] in the background. Templates are available for the most important [[Administration_API_-_Function_Reference|Management API-Commands]], which simplifies the creation of jobs.

== Creating Jobs ==
To create a new job, proceed as follows:

* Log on to MailStore Client as MailStore administrator.
* Click on ''Administrative Tools > Management API > Jobs''.
: [[File:Jobs_01.png|500px|center]]
* Select a template from the ''Create Job'' section for the type of job to be created or click on ''Miscellaneous'' > ''Manual...'' to set up background execution of other [[Administration_API_-_Function_Reference|Management API commands]].
* If a template was selected, it may be required to make additional settings in the ''Common Settings'' section of the ''New Job'' dialog. Otherwise enter the Management API command and all its arguments in the ''Action'' text box alike you would in the [[MailStore Server Management Shell|Management Shell]].
* Now specify in the ''Schedule'' section when and how often the job should to be executed.
*: '''Important notice:''' Running storage maintenance commands too frequently may have a negative impact on the overall performance of the system and thus should preferably carried out during non-working hours.
* Click ''OK'' to create the new job.

The newly created job will now be executed in the background based on its configured schedule. In order to verify that the job execution results in the expected behavior, jobs can be [[#Executing Jobs Manually|run manually]] at any time prior to their first automatic execution.

== Verifying Job Results ==
To show the results of the last job execution or results of all previous executions of a particular job, proceed as follows:

* Log on to MailStore Client as MailStore administrator.
* Click on ''Administrative Tools > Management API > Jobs''.
* Select a job from the ''Jobs'' table.
* Click on ''Details...'' in the ''Last Executions'' section next to the job list to show the result of the most recent execution or click on ''All Results...'' to display the list of results of all previous executions.
* If ''All Results...'' was clicked, double clicking on a list item in the ''Last Results'' dialog opens its details.

Information about showing the results of all jobs can be found in [[Job Results]].

== Executing Jobs Manually ==

Follow the instructions below to to execute jobs manually:

* Log on to MailStore Client as MailStore administrator.
* Click on ''Administrative Tools > Management API > Jobs''.
* Select a job from the ''Jobs'' table.
* Click on ''Run'' in the ''Current State'' section next to the job list.

After the execution has finished you can [[#Verifying Job Results|verify the job results]].

== Modifying Jobs ==
This section describes how the different job properties can be changed at any time.

=== Status ===
Newly created jobs are enabled by default and therefore will be automatically executed in the background based on their individual schedule. To suppress these executions, the job status can be adjusted as follows:

* Log on to MailStore Client as MailStore administrator.
* Click on ''Administrative Tools > Management API > Jobs''.
* Right click on the job to be modified in the ''Jobs'' table and uncheck the ''Enabled'' option to disable the scheduled execution or check the ''Enabled'' option to re-enable the scheduled execution of a previously disabled job.

=== Rename ===
To rename a job, proceed as follows:

* Log on to MailStore Client as MailStore administrator.
* Click on ''Administrative Tools > Management API > Jobs''.
* Right click on the job to be renamed and then select ''Rename...''.
* Enter a new name for the job.
* Click ''OK''.

=== Change Owner ===
In rare cases it might be necessary to change the owner of a job. Proceed as follow to change the owner of a job:

* Log on to MailStore Client as MailStore administrator.
* Click on ''Administrative Tools > Management API > Jobs''.
* Right click on the appropriate job and then click on ''Change Owner...''.
* Select the new owner in the ''Select User'' dialog. Only MailStore administrators are selectable here.
* Click on ''OK''.
'''Important Notice:''' If you revoke the MailStore administrator role from a job owner later, all jobs owned by that user will fail. In this case you have to assign the jobs to another MailStore administrator manually.

=== Properties ===
To modify the properties of jobs proceed as follows:

* Log on to MailStore Client as MailStore administrator.
* Click on ''Administrative Tools > Management API > Jobs''.
* Double click on the job to be modified or right click on the job and then click on ''Properties''.
* Make the desired changes to the job properties.
* Click ''OK'' to save the changes.

== Templates ==

{| class="wikitable"
! width="250px"| Template
! Description
|-
! colspan="2" style="text-align:left;" | Storage
|-
| Create Backup
| Creates a backup in the given target directory based on the configured schedule. The search index files can be excluded optionally. Further information are available in [[Backup and Restore]].
|-
| Maintain all FDB Files
| Maintains all Firebird embedded database that are used in standard or advanced archive stores of type ''Directory (File System)''. Further details can be found in [[Maintenance and Repair]].
|-
| Rebuild Broken Search Indexes
| Rebuilds all search indexes that are currently in the state ''Needs rebuild''. Further details can be found in [[Maintenance and Repair]].
|-
| Check Data Integrity
| Verifies the data integrity between "Folder Information and Meta Data" as well as "Email Headers and Contents". Optionally search indexes can be included in the verification, but this profoundly increases the time to run the integrity check. Further details can be found in [[Maintenance and Repair]].
|-
! colspan="2" style="text-align:left;" | Profiles
|-
| Archive E-mail
| Runs server side archiving profiles based on their configured schedule. Please note that server side archiving profiles are executed automatically and continuously in the background by default. Thus server side archiving profiles can only be executed by a job if the execution of the profile is set to ''Manual'' in the profile management. '''Hint:''' We recommend using this execution method only in special scenarios where automatic and continuous archiving is not desired.
|-
| Export E-mail
| Runs server side export profiles based on their configured schedule. Server side archiving profiles can only be executed from a job if the execution of the profile is set to ''Manual'' in the profile management. '''Hint:''' If an automatic and continuous execution of an export profile is desired, we recommend to change the execution of the profile to ''Automatic'' in the profile management.
|-
! colspan="2" style="text-align:left;" | Miscellaneous
|-
| Synchronize with Directory Services
| Synchronizes the MailStore user database with the configured directory service. The behavior is equivalent to clicking on ''Synchronize'' at ''Administrative Tools > Users and Privileges > Directory Services''. '''Please note:''' Archiving profiles for multiple, journal or catch all mailboxes provide an option to synchronize users with a directory service prior to archiving. This option should be preferred.
|-
| Send Status Report
| Sends a status report via email to one or more recipients. The status report contains a summary of the key figures of the MailStore Server installation. This includes license information, size of the archive, compliance settings, results of import- and export profiles as well as job results. The covered period of time can be selected from a predefined list. The schedule when the report is sent should correspond to the covered period of time. E.g. a report that covers ''Yesterday'', ''Last Week'' or ''Last Month'' should be sent ''Daily at 1 AM'', ''On Mondays at 1 AM'' or ''Monthly on first day at 1 AM''. '''Please note:''' If any running archiving profile or job has continuously failed during the reporting period, an "[ACTION REQUIRED]" is prepended to the subject of the e-mail.
|-
| Process Retention Policies
| Evaluates all enabled [[Retention Policies]] and deletes messages that are out of retention if applicable.
|}

== Automatically Created Jobs ==
When installing or upgrading to MailStore Server 10 or higher a new Job ''RenewMasterKey (System)'' is created automatically. This monthly running Job renews the master key that is used to encrypt the database encryption keys. In case the job was deleted, it can be re-created manually by clicking ''Miscellaneous'' > ''Custom...'' with the ''Action'' ''RenewMasterKey''. By default the job is executed monthly at 3:00 AM.

[[de:Jobs]]
[[en:Jobs]]

Google Workspace Integration

2022-01-14T14:52:45Z

Bmeyn:

{{DISPLAYTITLE:Synchronizing User Accounts with Google Workspace}}
{{Directory Services Preamble|Google Workspace account|Google Workspace}}

Please note that on December 16th 2019, [https://go.mailstore.com/?lang=en&target=gsuite-lsa-restriction Google announced] to limit access to Google Workspace accounts for less secure apps in the future. This affects any MailStore Server version prior to 13, which therefore will no longer be able to authenticate users against Google Workspace when trying to log into MailStore Server.
 
 
In MailStore Server 13, support for modern authentication methods via OAuth 2.0 & OpenID Connect as per Google's recommendation was introduced. Although MailStore Server 13 still comes with support for IMAP-based authentication, this document only covers the setup using modern authentication methods as required by Google in the future.

== Prerequisites, Recommendations, Limitations ==
* To comply with Google's requirements for ''Authorized redirect URIs'' of OAuth 2.0 clients, MailStore Server must be accessible via an URI that ends with a public top-level domain. This does not necessarily mean that it must indeed be accessible from the Internet. Google uses the list from https://publicsuffix.org for validation.
* For best user experience, the certificate used by MailStore Server should be trusted by all client and the used web browsers. Using a certificate that is signed by an trusted certificate authority or [[Using_Lets_Encrypt_Certificates|using Let's Encrypt certificates]] is highly recommended.
* If users are supposed to login to MailStore Server from outside the organization's network without a VPN, using [[Accessing_the_Archive_with_the_MailStore_Client_software|MailStore Client]], [[Accessing_the_Archive_with_the_Microsoft_Outlook_integration|MailStore Outlook Add-in]] or the [[Accessing_the_Archive_with_MailStore_Web_Access|Web Access]], the URIs mentioned in this article must be resolvable via DNS on the Internet and port-forwardings to the MailStore Server computer must be set up on the firewall or router if necessary.
* When using Google to authenticate users at login, [[Accessing_the_Archive_via_Integrated_IMAP_Server|accessing the archive via IMAP]] is not possible for technical reasons.

== Register Project with Google ==
Irregardless of whether own or third-party applications such as MailStore Server are supposed to interact with a Google Workspace account through Google APIs, they must be registered as a project with Google first. This is necessary to ensure that access by external applications is limited to a necessary minimum and that each application uses its own set of credentials to authenticate with Google.

=== Create New Project ===
To register a project for MailStore Server with Google, proceed as follows:

* Go to the [https://console.cloud.google.com Google Cloud Platform Console].
* If prompted, login using a Google account of you Google Workspace organization. Logging in with a user that has admin privileges is highly recommended.
* If no project exists, click ''Create Project'' on the dashboard. Otherwise, open the project list by clicking on the project drop-down in the header bar and click ''New project''.
* Type in a meaningful name into the ''Project name'' field, e.g. <tt>MailStore Server</tt>.
* Verify that ''Organization'' matches the desired organization and adjust the ''Location'' if needed.
* Click on ''Create''.

Once the project has been created, make sure that it is selected in the project drop-down list before proceeding.

==== Add API Libraries ====
* Open the ''Navigation menu'' (☰) and select ''APIs & Services'' > ''Library''.
* In the ''API Library'', search and enable the following APIs and services:
*: <tt>Admin SDK API</tt>
*: <tt>Gmail API</tt>

==== Customize Consent Screen ====
* Open the ''Navigation menu'' (☰) and select ''APIs & Services'' > ''OAuth consent screen''.
* Under ''User Type'' select ''Internal''.
* Click ''Create''.
* Type in a meaningful name into the ''App name'' field, e.g. <tt>MailStore Server</tt>.
* Fill out the other fields according to the policies of your organization.
* Click ''Save and Continue''.
* In the next steps, directly click ''Save and Continue'' again as MailStore Server does not need users to authorize any scopes.

=== Create Service Account ===
A service account is required for MailStore Server to authenticate with Google and request authorization to use certain Google APIs for synchronizing users and accessing mailboxes. Follow these steps to create such a service account.

* Open the ''Navigation menu'' (☰) and select ''APIs & Services'' > ''Credentials''.
* Click ''+ Create Credentials'' and select ''Service account'' from the drop-down list.
* On the ''Create service account'' page, enter a name for the service account, e.g. <tt>MailStore Server Service</tt>.
* You can leave the the service account id in the default.
* Enter a description such as: <tt>Service account for MailStore Server to synchronize users and access mailboxes</tt>.
* Click ''Create and Continue''.
* The service account does not require permissions on project level, therefore do not select a role. Also, users do not need access to the service account, so no changes are needed in the ''Grant users access to this service account'' step.
* Click ''Done''.
* In the list of service accounts that is now displayed, click on the newly created service account to open its properties.
* Under ''Keys'' click on ''Add Key'' and select ''Create new key''.
* Select ''JSON'' as key type and click ''Create''.
* The JSON file will be downloaded automatically. Save the JSON file in a secure location as it allows access to cloud resources of your organization.
* Click ''Close''.
* Back under ''Details'', click ''Show Advanced Settings''.
* In the ''Domain-wide Delegation'' section, copy the ''Client ID'' to the clipboard.
* Open the [https://admin.google.com/ Google Workspace Admin Console] by clicking on the button and log in with your Google Workspace domain admin credentials.
* Open the ''Navigation menu'' (☰) and select ''Security'' > ''Access and data control'' > ''API controls''.
* Under ''Domain wide delegation'', click ''Manage domain wide delegation''.
* On the ''Domain-wide delegation'' page, click ''Add new''.
* Copy the ''Client ID'' of the OAuth 2.0 Client that is linked with the service account from the clipboard.
* Under ''OAuth Scope'', add the following scopes:
*: <tt><nowiki>https://mail.google.com/, https://www.googleapis.com/auth/admin.directory.group.readonly, https://www.googleapis.com/auth/admin.directory.user.readonly</nowiki></tt>
* Click ''Authorize''.

=== Create OAuth 2.0 Client for User Authentication ===
To allow users to log in to MailStore Server by authenticating with Google using the OpenID Connect mechanism, another OAuth 2.0 client must be created as described below.

* Go to the [https://console.cloud.google.com Google Cloud Platform Console].
* Open the ''Navigation menu'' (☰) and select ''APIs & Services'' > ''Credentials''.
* Click ''+ Create Credentials'' and select ''OAuth client ID'' from the drop-down list.
* Select ''Web application'' as ''Application type''.
* Enter a ''Name'', e.g. <tt>MailStore Server OpenID Connect</tt>.
* Click ''+ Add URI'' under ''Authorized redirect URIs''.
* Enter the URI that is reachable by clients in the ''URIs'' field using the the following scheme:
*:<tt>https://<fqdn>[:<port>]/oidc/signin</tt>
*; with the following components:
*: '''https://''' Specifying the protocol ''https://'' is mandatory. To prevent certificate warnings later at login, the [[MailStore_Server_Service_Configuration#Certificate|certificate used by MailStore Server]] must be trusted by all client and the used web browsers.
*: '''FQDN''' The fully qualified domain name of the MailStore Server computer, e.g. <tt>mailstore.example.com</tt>. This must be resolvable from all clients, from where users are supposed to log in to MailStore Server.
*: '''Port''' The TCP port of MailStore Web Access (default: <tt>8462</tt>). This must match the port configured in the [[MailStore Server Service Configuration#Services|MailStore Server Service Configuration]] at ''Network Settings'' > ''Services'' > ''MailStore Web Access / Outlook Add-in (HTTPS)''. The TCP port is only required if it is different from the default port of the HTTPS protocol (443).
*: '''/oidc/signin''' The path at which MailStore Server expects to receive the authentication response from Google via the web browser.
* Click ''Create'' to finish.
* Copy the client ID and client secret from the ''Your Client ID'' and ''Your Client Secret'' fields to a safe place (e.g. password safe or similar) and click ''OK''.
::{| class="wikitable"
|+ Examples of valid redirect URIs
|-
! style="width:80px;" | Product
! style="width:80px;" | FQDN
! style="width:40px;" | Port
! Resulting Redirect URI
|-
| align="center"| MailStore Server
| align="center"| mailstore.example.com
| align="center"| 8462
| <code><nowiki>https://mailstore.example.com:8462/oidc/signin</nowiki></code> Redirect URI with fully qualified domain name and MailStore Web Access default port.
|-
| align="center"| MailStore Server
| align="center"| mailstore.example.com
| align="center"| 443
| <code><nowiki>https://mailstore.example.com/oidc/signin</nowiki></code> If the HTTPS default port 443 is used for MailStore Web Access or as source of a port forwarding rule on a firewall, specifying the port as part of the redirect URI can be omitted.
|-
| align="center"| MailStore SPE
| align="center"| archive.example.com
| align="center"| 443
| <code><nowiki>https://archive.example.com/<instanceid>/oidc/signin</nowiki></code> The ''instanceid'' of the instance is part of the Redirect URI.
|-
|}

== Configure MailStore Server ==
After the project has been successfully set up on the Google side, MailStore Server can now be configured to synchronize and authenticate users with Google Workspace.

{{Directory Services Accessing Configuration|Google Workspace|gapps_sync_01.png}}

=== Connection ===
For synchronization, MailStore Server requires information on how to connect to the Google Workspace.

* '''Key ID''' To import the private key, select the JSON file hat has been generated by Google for the service account in the [[#Create_Service_Account|Create Service Account]] step.
* '''Service Account''' The service account is determined automatically from the JSON file.
* '''User Name''' The email address of a Google Workspace Administrator (e.g. admin@example.com).

=== User Database Synchronization ===
After configuring the connection settings as described above, you can specify filter criteria for the Google Workspace synchronization in this section.

* '''Sync only these groups''' Choose one or several Google Workspace groups if you only want their members to be created as MailStore Server users. That way it's possible to exclude certain users from being synchronized to MailStore Server.

=== Authentication ===
The authentication settings define how MailStore Server should authenticate users at login, that have been synchronized from Google Workspace.

* '''Method''' Ensure that ''OpenID Connect'' is selected. As mentioned in the introduction, the ''IMAP'' option is only available for backward compatibility.
* '''Client ID''' Enter the client ID from the [[#Create_OAuth_2.0_Client_for_User_Authentication|Create OAuth_2.0 Client…]] step.
* '''Client Secret''' Enter the client secret from the [[#Create_OAuth_2.0_Client_for_User_Authentication|Create OAuth_2.0 Client…]] step.
* '''Redirect URI''' Enter the same redirect URI as defined in the [[#Create_OAuth_2.0_Client_for_User_Authentication|Create OAuth 2.0 Client…]] step .

{{Directory Services Options|Google Workspace Account}}
{{Directory Services Assign Default Privileges|Google Workspace Account}}
{{Directory Services Run Synchronization|Google Workspace Account}}
[[File:ApplicationIntegration_sync_02.png|450px|center]]

{{Directory Services Test Authentication}}
[[de:Google Workspace-Integration]]
[[en:Google Workspace Integration]]

Move Archiving Emails from Microsoft 365 - Modern Authentication

2021-11-19T09:33:33Z

Bmeyn:

{{Implementation Guide Preamble|Exchange Online / Microsoft 365|{{#ev:youtube|https://youtu.be/X0Um0cDWGg0|350|right|''Tech Tip: Microsoft 365 Archiving Profiles''}}| Our Tech Tip video shows the essential configuration steps in this article.}}
 
{{Multiline Notices|Heading=Important Notices|MailStore Server supports archiving emails from Microsoft 365 (Modern Authentication) only with the global Microsoft Cloud. National clouds such as ''Microsoft Cloud for US Government'', ''Microsoft Cloud Germany'' (operated by T-Systems) and ''Azure and Microsoft 365 operated by 21Vianet in China'' are not supported. For archiving emails from ''Office 365 Germany'' and ''Office 365 operated by 21Vianet'', please refer to the [[Synchronizing_User_Accounts_with_Microsoft_365_(Basic_Authentication)|corresponding implementation guide]].|For better readability, the terms ''Microsoft 365'' and ''Exchange Online'' are used interchangeably hereinafter instead of ''Exchange Online / Microsoft 365''.}}

== App Registration & User Synchronization ==
Before archiving Microsoft 365 mailboxes, registering MailStore Server in your Microsoft 365 tenant is required. It is also highly recommended to synchronize users in MailStore Server directly with that tenant to fetch all information that is relevant for archiving such as email addresses. The registration and synchronization procedures are described in the chapter [[Synchronizing User Accounts with Microsoft 365 (Modern Authentication)]] of the MailStore Server manual.

'''Please note:''' MailStore Server runs as a [[MailStore Server Service Configuration|Windows service]] and thus must use ''Application Permissions'' to access user mailboxes in Microsoft 365. By design, on the Microsoft identity platform, which is at the heart of Microsoft 365 authentication and authorization, this permission scope encloses the full level of privileges implied by a permission. As a consequence, once registered as described above, MailStore Server has access to all mailboxes in your Microsoft 365 tenant. Therefore, with regard to security, access to the Microsoft 365 archiving profiles in MailStore Server is limited to MailStore Server administrators.

=== Including Microsoft 365 Shared Mailboxes ===
In Microsoft 365, shared mailboxes are special mailboxes that multiple users have access to. Unlike a normal mailbox, a shared mailbox is not associated to a licensed Microsoft 365 user. For MailStore Server to create user entries for shared mailboxes, you must therefore deactivate the option ''Synchronize licensed Microsoft Exchange Online users only'' in the section [[Synchronizing User Accounts with Microsoft 365 (Modern Authentication)#User_Database_Synchronization|User Database Synchronization]]. 
After synchronization you can grant MailStore Server users access to the archive of the shared mailbox by [[Users,_Folders_and_Settings#Folder_Access_.28e.g._Access_to_the_Emails_of_Other_Users.29|assigning privileges]]. For archiving shared mailboxes, just proceed as for individual or multiple mailboxes as detailed below.

== Archiving Individual Microsoft 365 Mailboxes ==
{{Archiving Single Mailbox Preamble|Microsoft 365}}
For each mailbox, please proceed as follows:

* Log on to MailStore Client as MailStore Server administrator.
* Click on ''Archive Email''.
* From the ''Email Servers'' list in the ''Create Profile'' area of the ''Archive Email'' page, select ''Microsoft 365'' to create a new archiving profile.
* A wizard opens to assist in specifying the archiving settings. 
*; [[File:Microsoft 365 mailbox 01.png|center|347px]]
* Select ''Single Mailbox'' and click on ''OK''.
*; [[File:Microsoft 365 mailbox 02.png|center|347px]]
* Select the Microsoft 365 credentials that you have created during the registration of MailStore Server with Microsoft 365 from the ''Credentials'' drop-down list. You can also use the button (…) to access the [[Synchronizing_User_Accounts_with_Microsoft_365_(Modern_Authentication)#Creating_Credentials_in_MailStore_Server|Credential Manager]].
* In the ''Mailbox'' field, enter the primary email address of the user whose mailbox you want to archive.
* Click on ''Test'' to verify that MailStore Server can access the mailbox.
* Click on ''Next''.
* If needed, adjust the settings for the [[Email_Archiving_with_MailStore_Basics#Archiving_Specific_Folders|List of Folders to be Archived]], the [[Email_Archiving_with_MailStore_Basics#Specifying_Filter_Criteria_for_Archiving|filter]] and the [[Email_Archiving_with_MailStore_Basics#Archiving_Specific_Folders|Deletion Rules]]. By default, no emails will be deleted from the mailbox. The ''Timeout'' value only has to be adjusted in specific cases (e.g. with very slow network connections).
*; [[File:Microsoft_365_mailbox_03.png|center|347px]]
* Click on ''Next'' to continue.
* Select the archive of the user for whom the selected mailbox is to be archived. If the user does not exist yet, click on ''Create a New User…''.
*; [[File:Microsoft_365_mailbox_04.png|center|347px]]
* Click on ''Next''.
* In the last step, a name for the archiving profile can be specified. After clicking ''Finish'', the archiving profile will be listed under ''Saved Profiles'' and, if desired, can be run immediately or automatically.

More information on how to execute archiving profiles can be found under the topic [[Email Archiving with MailStore Basics]]

== Archiving Multiple Microsoft 365 Mailboxes Centrally ==
{{Archiving Multiple Mailboxes Preamble|Microsoft 365}}
Please proceed as follows:

* Log on to MailStore Client as MailStore Server administrator.
* Click on ''Archive Email''.
* From the ''Email Servers'' list in the ''Create Profile'' area of the ''Archive Email'' page, select ''Microsoft 365'' to create a new archiving profile.
* A wizard opens to assist in specifying the archiving settings. 
*; [[File:Microsoft 365 mailboxes 01.png|center|347px]]
* Select ''Multiple Mailboxes'' and click ''OK''. 
*; {{Archiving_Multiple_or_Multidrop_Note|multiple mailboxes|[[#App_Registration_.26_User_Synchronization|directory synchronization]]}}
*; [[File:Microsoft 365 mailboxes 02.png|center|347px]]
* Select the Microsoft 365 credentials that you have created during the registration of MailStore Server with Microsoft 365 from the ''Credentials'' drop-down list. You can also use the button (…) to access the [[Synchronizing_User_Accounts_with_Microsoft_365_(Modern_Authentication)#Creating_Credentials_in_MailStore_Server|Credential Manager]].
* Click on ''Next'' to continue.
*; [[File:Microsoft 365 mailboxes 03.png|center|347px]]
* If needed, adjust the settings for the [[Email_Archiving_with_MailStore_Basics#Archiving_Specific_Folders|List of Folders to be Archived]], the [[Email_Archiving_with_MailStore_Basics#Specifying_Filter_Criteria_for_Archiving|filter]] and the [[Email_Archiving_with_MailStore_Basics#Archiving_Specific_Folders|Deletion Rules]]. By default, no emails will be deleted from the mailbox. The ''Timeout'' value only has to be adjusted in specific cases (e.g. with very slow network connections). Please keep in mind that these settings apply to all mailboxes to be archived, as specified in the next step.
*; {{Archiving_Multiple_Mailboxes_Centrally_Options|Microsoft_365_mailboxes_04.png|Microsoft 365}}

== Archiving Incoming and Outgoing Emails Directly ==
{{Archiving Exchange Journal Mailbox Preamble|Exchange Online}}

=== Step 1: Setup and Configure MailStore Gateway ===
Please refer to the [https://help.mailstore.com/en/gateway/ MailStore Gateway Manual] for detailed instructions about:

* Installation and Setup of MailStore Gateway
* Logging on to MailStore Gateway's Management Console
* Creating MailStore Gateway mailboxes

After these steps, a mailbox with an individual email address (e.g. mbx-dead1234beef5678@gateway.example.com) should exist.

=== Step 2: Configure MailStore Server ===
{{Archiving MailStore Gateway Mailbox|''In- and Outbound E-Mail Automatically''|Microsoft 365 journal 01.png|Arch_MailStore_Gateway_Office365_02.png|''Microsoft 365''|TargetFolderHint=DontShow|POP3Hint=DontShow|DSLink=[[#App_Registration_.26_User_Synchronization|directory synchronization]]}}

=== Step 3: Creating a Journal Rule ===
The following steps describe how to set up journaling for your Microsoft 365 account.

* Sign in to the [https://admin.microsoft.com/ Microsoft 365 admin center] as an Exchange or Global Administrator for your Microsoft 365 tenant.
* Expand the left navigation menu by clicking ''Show all''.
* In the ''Admin centers'' section, choose ''Exchange''.
* In the ''Exchange admin center'', navigate to ''compliance management''.
* Select ''journal rules''.
* Under ''Send undeliverable journal reports to'' select an alternate journaling mailbox that receives None Delivery Reports (NDRs) for undeliverable journal reports in case the primary journal mailbox is unreachable. This mailbox must be a dedicated mailbox, any mail sent directly to this mailbox won't be journaled.
* Click on ''+ (New)''.
*:The dialog window ''new journal rule'' opens:
*:[[File:Arch_office365_journal_01.png|center|550px]]
* Enter a name for the journal rule, e.g. ''Journalling''.
* In the ''If the message is sent to or received from…'' section select whether the rule should apply to all messages or to specific users or groups.
* Under ''Journal the following messages…'', choose whether to capture all messages, internally sent messages only, or only those messages with an external sender or recipient.
* Enter the email address of the previously created MailStore Gateway mailbox in the ''Send journal reports to:'' box.
* Click on ''Save'' to activate the rule.

== Public Folders ==
'''Important Notice:''' Due to a Microsoft 365 behavior related to Microsoft Exchange Autodiscover and OAuth2 authentication, archiving errors can occur when archiving public folders using modern authentication. The MailStore Engineering team is currently working on a solution, together with Microsoft. If archiving errors do occur, please use [https://help.mailstore.com/en/server/Archiving_Emails_from_Microsoft_365_(Basic_Authentication)#Public_Folders public folder archiving with basic authentication] as a workaround. You can check if basic authentication for the Exchange Web Services (EWS) is still enabled in your Microsoft 365 tenant by following the guidance in this [https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-september-2021-update/ba-p/2772210 Microsoft blog article] and change the setting if needed.
{{Archiving Exchange Public Folders Preamble|Exchange Online|Microsoft 365}}
* Sign in to the [https://admin.microsoft.com/ Microsoft 365 admin center] as an Exchange or Global Administrator for your Microsoft 365 tenant.
* Expand the left navigation menu by clicking ''Show all''.
* In the ''Admin centers'' section, choose ''Exchange''.
* In the ''Exchange admin center'', navigate to ''public folders''.
* Click on the ''Ellipsis (…)'' and select ''Root permissions''.
*: [[File:Microsoft_365_pf_01.png|center|480px]]
* A new browser window opens. Click on ''+ (Add)''.
* Use ''Browse'' to choose the Microsoft 365 user you want to grant permissions.
* Choose ''Custom'' as ''Permission level'' and grant ''Read items'' and ''Delete all'' permissions.
*: [[File:Arch_office365_pf_02.png|center|347px]]
* Click on ''Save''.
* Enable the option ''Apply changes to this public folder and all its subfolders.''
* Click on ''Save''.
* Click on ''Close'' after saving has been completed successfully.

=== Step 3: Setting up the Archiving Process ===
* Log on to MailStore Client as MailStore Server administrator.
* Click on ''Archive Email''.
* From the ''Email Servers'' list in the ''Create Profile'' area of the ''Archive Email'' page, select ''Microsoft 365'' to create a new archiving profile.
* A wizard opens to assist in specifying the archiving settings. 
*; [[File:Microsoft 365 pf 03.png|center|347px]]
* Select ''Public Folders'' and click on ''OK''. 
*; [[File:Microsoft 365 pf 04.png|center|347px]]
* Select the Microsoft 365 credentials that you have created during the registration of MailStore Server with Microsoft 365 from the ''Credentials'' drop-down list. You can also use the button (…) to access the [[Synchronizing_User_Accounts_with_Microsoft_365_(Modern_Authentication)#Creating_Credentials_in_MailStore_Server|Credential Manager]].
* In the ''Mailbox'' field, enter the primary email address of the user that has access to the public folders as described above.
* The value of the ''Target Folder'' box defines the top level folder below which the public folder hierarchy will be created in the target archive. Usually, you can leave this value to its default.
* Click on ''Test'' to verify that MailStore can access the public folders.
* Click on ''Next'' to continue.
*; [[File:Microsoft 365 pf 05.png|center|347px]]
* Adjust the settings for the [[Email_Archiving_with_MailStore_Basics#Archiving_Specific_Folders|List of Folders to be Archived]]. By default, all public folders that contain emails will be archived.
* If needed, adjust [[Email_Archiving_with_MailStore_Basics#Specifying_Filter_Criteria_for_Archiving|the filter]] and the [[Email_Archiving_with_MailStore_Basics#Deleting_Emails_after_Archiving|Deletion Rules]]. By default, no emails will be deleted from the public folders. The ''Timeout'' value only has to be adjusted in specific cases (e.g. with very slow network connections).
* Click on ''Next'' to continue.
*; [[File:Microsoft 365 pf 06.png|center|347px]]
* In the next step, select the archive of the user you have prepared in step 1.
* In the last step, specify a name for the archiving profile. After clicking ''Finish'' the archiving profile will be listed under ''Saved Profiles'' and can be run immediately or automatically if desired.

[[de:E-Mail-Archivierung_von_Microsoft_365_(Modern_Authentication)]]
[[en:Archiving_Emails_from_Microsoft_365_(Modern_Authentication)]]

System Requirements

2021-11-18T11:13:21Z

Bmeyn: /* Other Software */

== Hardware ==
The calculator below helps to specify the hardware needs subject to the number of users, stored email, and the [[Choosing_the_Right_Archiving_Strategy|archiving strategy]].

Calculations are based on the following base values:

* Yearly Email Volume per User: 10000
* Email Size: 75Kb
* Compression Ratio: 60%

<system_requirements product="server"/>

'''Please note: '''For a planned MailStore Server installation with more than 500 users, please contact our [https://www.mailstore.com/en/support/ Technical Support] to determine the optimal hardware setup.

== Software ==

=== Operating System ===
MailStore Server, [[Accessing_the_Archive_with_the_MailStore_Client_software|MailStore Client]] and [[Accessing_the_Archive_with_the_Microsoft_Outlook_integration|MailStore Outlook Add-in]] require the following operating systems for installation and execution. Both 32-bit and 64-bit versions are supported.

* Microsoft Windows 10
* Microsoft Windows 8.1
* Microsoft Windows 7 SP1
* Microsoft Windows Server 2019 (Essentials, Standard, Datacenter)
* Microsoft Windows Server 2016 (Essentials, Standard, Datacenter)
* Microsoft Windows Server 2012 R2 (Foundation, Essentials, Standard, Datacenter)
* Microsoft Windows Server 2012 (Foundation, Essentials, Standard, Datacenter)
* Microsoft Windows Small Business Server 2011 SP1
* Microsoft Windows Server 2008 R2 SP1 (Foundation, Standard, Enterprise, Datacenter)

'''Please note: '''For a MailStore Server installation with more than 25 users, a Microsoft Windows Server operating system is required for the [[MailStore_Server_Service_Configuration|MailStore Server Service]] because of restrictions of concurrent connections of Microsoft Windows client operating systems.

=== Other Software ===
The following other software is required:

* [http://www.mailstore.com/?netfx4 Microsoft .NET Framework Version 4.5.1] or higher
* ''Optional:'' [[Search_Indexes#Install_Missing_IFilters|IFilter drivers]] on the MailStore Server computer for filetypes to be indexed

=== Outlook Versions ===
MailStore Outlook Add-in is compatible with the following versions of Microsoft Outlook for Windows. Both, 32-bit and 64-bit versions are supported.

* Microsoft Outlook 2019 (Click-to-Run only, Windows Store version is '''not''' supported)
* Microsoft Outlook 2016 as component for Office 365 (Click-to-Run)
* Microsoft Outlook 2016
* Microsoft Outlook 2013 as component for Office 365 (Click-to-Run)
* Microsoft Outlook 2013
* Microsoft Outlook 2010 (Click-to-Run is '''not''' supported)
* Microsoft Outlook 2007
* Microsoft Outlook 2003

{{Multiline_Notices|Heading=Important Notice|{{3rd_Party_Product_EOL_Notice|Outlook 2003, 2007 and 2010|Microsoft|are}}}}

=== Web Browsers ===
The following web browsers are officially supported by MailStore Web Access. Other browsers based on the same rendering engine as the once below (e.g. Opera) ''may'' work as well.

{| class="wikitable" |
! Operating System / Browser
! Edge
! IE 11
! Firefox (Latest)
! Chrome (Latest)
! Safari (Latest)
|-
! Windows 10
| style="text-align: center; | Supported
| style="text-align: center; | Supported
| style="text-align: center; | Supported
| style="text-align: center; | Supported
|
|-
! Windows 8.1
|
| style="text-align: center; | Supported
| style="text-align: center; | Supported
| style="text-align: center; | Supported
|
|-
! Windows 7 (SP1)
|
| style="text-align: center; | Supported
| style="text-align: center; | Supported
| style="text-align: center; | Supported
|
|-
! macOS
|
|
| style="text-align: center; | Supported
| style="text-align: center; | Supported
| style="text-align: center; | Supported
|-
! Linux
|
|
| style="text-align: center; | Supported
| style="text-align: center; | Supported
|
|}

== Frequently Asked Questions ==
=== Email Volume ===
'''Q:''' How do large email volumes affect the performance and what is recommended maximum?

'''A:''' The more emails are archived on a daily basis the more resources are required and more time is needed to execute certain tasks such as searching the archive. Environment with much higher volumes than 10000 emails per user per year, may experience degraded performance over time.

=== Dedicated machine ===
'''Q:''' Can I install MailStore Server on the same computer where Microsoft Exchange or any other email server is installed or do I have to install it on a dedicated machine?

'''A:''' Primarily this depends on the size of your setup, the archiving strategy and the kind of usage. Whenever possible, the MailStore Server service should be installed on a dedicated machine.

=== Database server ===
'''Q:''' Most email archiving products on the market seem to require Microsoft SQL Server or a similar product installed. Does MailStore Server also require an external database server?

'''A:''' MailStore Server comes with an [[Storage_Locations|integrated storage]] and does not depend on any other external database server.

=== Web server ===
'''Q:''' Do I need an additional web server like Microsoft IIS or Apache to offer MailStore Web Access to my clients?

'''A:''' No. MailStore Server runs its own HTTP server on the corresponding TCP ports. Therefore you do not need an additional web server to use MailStore Web Access.

=== Anti-Virus Software ===
'''F:''' What needs to be considered while using anti-virus software with MailStore?

'''A:''' When using file based virus scanners, it is recommended to exclude all archive directories (master database and archive stores) from scanning. For more information, please refer to the [[Notes_on_Antivirus_Software|notes on anti-virus software]].

=== Virtualization ===
'''Q:''' Is it possible to run MailStore Server on virtual machines like VMware guests or similar?

'''A:''' Yes it is possible, as long as the underlying operating system supports it, there is no problem running MailStore Server inside a virtualized environment.

=== Terminal Server environments ===
'''Q:''' Is it possible to run MailStore in a terminal server environment?

'''A:''' Yes, running MailStore Client and MailStore Outlook Add-in is absolutely possible. Running MailStore Server service on a terminal server is not recommended.

=== Network Attached Storage ===
'''Q:''' Do I have to store the archive on the local hard disk, or can I also store it (or parts of it) on network attached storage, e.g. a network share?

'''A:''' In general, using local storage is preferable to using network storage. To use MailStore Server with storage on a NAS, different options are available which are described in the article [[Using Network Attached Storage (NAS)]].

[[de:Systemanforderungen]]
[[en:System Requirements]]

Changing Archiving from Microsoft Exchange Server to Microsoft 365

2021-11-16T08:39:30Z

Bmeyn:

{{#ev:youtube|https://youtu.be/fWm-GaUstZk|350|right|''Tech Tip: Changing Archiving from Microsoft Exchange Server to Microsoft 365''}}
This article shows the changes required in MailStore Server when switching the email environment from a local Microsoft Exchange installation to Microsoft 365.

Our Tech Tip video provides an overview. Please note that the actual steps might deviate from those shown in the video based on the current configuration.
 

== Notes and Considerations ==
As with any changes in a production environment, changing archiving in MailStore Server should be planned carefully in advance. Therefore, before implementing any changes, please take the following notes into consideration:
* It is strongly recommended to implement the modifications described in this article in a test environment first because the changes to your Exchange and MailStore Server installations may not be reverted without huge effort if at all.
* Please make sure that you have a current [[Backup_and_Restore|backup]] of your Exchange and MailStore Server installations before applying any modifications to your production environment.
* It is recommended to update MailStore Server to the latest version before applying any modifications. Please make sure that your [https://www.mailstore.com/en/products/mailstore-server/faq/ Update and Support Service contract] is valid and take heed of the [[Update_Notices_for_MailStore_Server|update notices]].
* It is assumed that MailStore Server currently runs in an Active Directory / Exchange Server environment according to the [[Archiving_Emails_from_Microsoft_Exchange|MailStore Implementation Guides for Microsoft Exchange Servers]] and shall run according to the [[Archiving_Emails_from_Microsoft_365_(Modern_Authentication)|MailStore Implementation Guide for Microsoft 365 (Modern Authentication)]] hereafter.
* The modifications to the configuration of MailStore Server should be applied in [[MailStore_Server_Service_Configuration#Controlling_the_Service|Safe Mode]] to avoid interference by background tasks or user interaction.
* Microsoft 365 does not support journal mailboxes hosted within Microsoft 365 itself. If you archive all incoming and outgoing emails with MailStore Server, you need a journal mailboxes that is hosted outside Microsoft 365. MailStore offers [https://help.mailstore.com/en/gateway/Main_Page MailStore Gateway] as a free solution that can provide journal mailboxes in your company intranet.

== Changing User Synchronization ==
As a first step, you must change the directory services that MailStore Server synchronizes its users with from ''Active Directory'' to ''Microsoft 365 (Modern Authentication)''. This is necessary because Microsoft 365 uses Azure Active Directory instead of a local Active Directory as directory service.

Initially, please run a [[Active_Directory_Integration#Running_Directory_Services_Synchronization|directory services synchronization]] in MailStore Server with the current configuration to make sure that all user data is complete and up-to-date.

== User Name Format ==
The steps required for changing the directory service depend on the [[Active_Directory_Integration#User_Database_Synchronization|user name format]] that is currently being used in MailStore Server for user synchronization with the local Active Directory.
* If you are currently using the ''SAM Account Name'' or the ''User Principal Name (Local Part)'', i.e. a "flat" user name without domain part (e.g.<code>john.doe</code>) as user name in MailStore Server, users and archive folders must be renamed in MailStore Server. In this case, please follow the steps in the next section.
* If you are already using the the full ''User Principal Name'' (''UPN'', e.g.<code>john.doe@example.com</code>) as user name in MailStore Server and
** exactly that UPN will be used to log on to Microsoft 365 in the future, you can leave the user names, archive folders and source folders in MailStore Server as is. Please continue directly with the section [[#Changing Directory Service Synchronization to Microsoft 365|Changing Directory Service Synchronization to Microsoft 365]].
** you want to change the naming scheme of the UPN (e.g. from <code>john.doe@example.com</code> to <code>jdoe@example.com</code> or from <code>jane.doe@example.com</code> to <code>jane.doe@example.org</code>) for logging on to Microsoft 365, user names, archive folders and source folders in MailStore Server need to be renamed. In this case, please follow the steps in the next section.

=== MailStore Migration Scripts ===
The modifications in the following sections rely on Windows PowerShell scripts which require Windows PowerShell 3.0 or higher.
* You can download the scripts [[Media:MailStoreServerMigrationScripts.zip|here]]; they can be found in the folder <code>migration</code> after extraction.
* To use the scripts, access to the [[Administration_API_-_Using_the_API|MailStore Administration API]] in the [[MailStore_Server_Service_Configuration#Services|MailStore Server Service Configuration]] must be enabled.

=== Renaming Users and Archives in MailStore Server ===
MailStore Server distinguishes users by user name only. For example, <code>john.doe</code> and <code>john.doe@example.com</code> are two different users from a MailStore Server perspective, requiring two user licenses. Furthermore, a user's archive is also associated by user name alone, so that, for a user named <code>john.doe</code>, MailStore always creates an archive ''(Archive) john.doe''. However, once such an archive contains archived emails, it will retain its name even if the associated user name changes.

For these reasons, user names and archive folders in MailStore Server must be equal to the user names of the directory service that MailStore Server synchronizes its users with. Because Azure Active Directory uses the full ''User Principal Name'' (''UPN'', usually the primary email address) as user name, you must rename users and archive folders if you are currently using a different user name format or want to change the ''UPN''.

For renaming users and archive folder, please proceed as follows:
* Edit the scripts <code>MSS_1_prepare_users.ps1</code> and <code>MSS_2_update_users.ps1</code> in the PowerShell ISE and adjust the values in the section ''Adjust these values according to your installation'' according to your MailStore Server installation.
* Run the script <code>MSS_1_prepare_users.ps1</code> in the PowerShell ISE with ''F5''.
* The file <code>mailstore-users.txt</code> will be created (in the folder <code>C:\Users\<Your user name>\</code> by default). It contains the current MailStore Server user names.
* Edit this file in a text editor. Change the new user names after the "=", so that the entries look like this:
*; <pre>AD user name=Microsoft 365 user name</pre> 
*; Example (with changes highlighted)
*; <code>jane.doe=jane.doe</code><code style="color: blue">@example.com</code> 
*; For user names that should not change (e.g. the default ''admin'' user), just leave the corresponding entries as is.
* Save the file <code>mailstore-users.txt</code> that now should contain the current and the future user names.
* Run the script <code>MSS_2_update_users.ps1</code> in the PowerShell ISE with ''F5''.
* The script now renames the users and their archive folder in MailStore Server and also updates the archive folder permissions accordingly.
* Log on as MailStore Server administrator with the MailStore Client and check the new user names and archive folders.
* If the local part of the users' email addresses (the part before the "@") has not changed, you can proceed directly with the steps in section [[#Changing Directory Service Synchronization to Microsoft 365|Changing Directory Service Synchronization to Microsoft 365]]. Otherwise the source folders may need to be renamed as described in the next section.

=== Renaming Source Folders in MailStore Server ===
The folder level below the archive folders reflects the source from which MailStore Server has archived the emails. In case of Exchange archiving, the folder name consists of the prefix ''Exchange'' and the local part of the email address (the part before the "@"), so that for the email address <code>john.doe@example.com</code> the source folder name in MailStore Server would be ''Exchange john.doe@example.com''.

Source folder names only need to be renamed if '''all''' of the following conditions and requirements are met. Otherwise you can proceed directly with the steps in section [[#Changing Directory Service Synchronization to Microsoft 365|Changing Directory Service Synchronization to Microsoft 365]].
* The local part of the email address shall be changed in course of migrating to Microsoft 365 (e.g. from <code>john.doe@example.com</code> to <code>j.doe@example.com</code>) '''and'''
* both the emails that have been archived so far from the local Exchange Server and those that will be archived from Microsoft 365 henceforth should appear in the same folder structure on source level (e.g. so far in ''Exchange john.doe'' and in ''Exchange j.doe'' after).

For renaming the source folders, please proceed as follows:
* Enable access to user archives by administrators in MailStore Server; it is disabled by default. Changing this option is described in chapter [[Compliance_General#Archive_Access|Compliance General]] of the MailStore Server manual.
* Edit the scripts <code>MSS_3_prepare_folders.ps1</code> and <code>MSS_4_update_folders.ps1</code> in the PowerShell ISE and adjust the values in the section ''Adjust these values according to your installation'' according to your MailStore Server installation.

* Run the script <code>MSS_3_prepare_folders.ps1</code> in the PowerShell ISE with ''F5''.
* The file <code>mailstore-folders.txt</code> will be created (in the folder <code>C:\Users\<Your user name>\</code> by default). It contains the full paths of the current source folders that consist of user names and the source folder names, separated by "/".
* Edit this file in a text editor. Change the new source folders after the "=", so that the entries look like this:
*; <pre>Old source folder path=new source folder path</pre> 
*; Example (with changes highlighted)
*;<code>j.doe@example.com/</code><code style="color: red">Exchange jane.doe</code><code>=j.doe@example.com/</code><code style="color: blue">Exchange j.doe</code> 
*; For source folders that should not change, just leave the corresponding entries as is.
* Save the file <code>mailstore-folders.txt</code> that now should contain the current and the future source folders.
* Run the script <code>MSS_4_update_folders.ps1</code> in the PowerShell ISE with ''F5''.
* The script now renames the source folders in MailStore Server.
* Log on as MailStore Server administrator with the MailStore Client and check the new source folders.

=== Changing Directory Service Synchronization to Microsoft 365 ===
To enable users to log on to MailStore Server with their Microsoft 365 credentials instead of their Active Directory, you must switch the directory service synchronization to ''Microsoft 365 (Modern Authentication)''. Please follow the steps in chapter [[Synchronizing User Accounts with Microsoft 365 (Modern Authentication)]] of the MailStore Server manual.
Initially, just test the synchronization using the ''Test Settings'' button. Check the directory service synchronization results, migrated users should show as ''modified''. You can also check that user authentication against Microsoft 365 works as expected.

== Changing the Archiving Profiles ==
For archiving Microsoft 365 mailboxes, MailStore Server offers dedicated Microsoft 365 archiving profiles that support modern authentication. Existing Exchange archiving profiles cannot be used for archiving Microsoft 365 mailboxes because they only support basic authentication.

=== Deactivating Existing Profiles and Jobs ===
If you run MailStore Server in [[MailStore_Server_Service_Configuration#Controlling_the_Service|Safe Mode]] as recommended before, automatic execution of archiving profiles and by jobs is disabled. To deactivate them permanently, please proceed as follows:
* Log on as MailStore Server administrator through the MailStore Client.
* Click on ''Archive E‑mail''
* Below the profiles list, enable the option ''Show Profiles of All Users''.
* Switch every Exchange archiving profile to ''Manual'' through the context menu.
* If you have configured Exchange export profiles, click on ''Export E‑mail'' in the menu tree and repeat the previous steps.
* If you have configured scheduled job for running Exchange profiles, click on ''Administrative Tools > Management API > Jobs'' and deactivate every job that run an Exchange profile through the context menu.

=== Creating new Microsoft 365 Profiles ===
Create new Microsoft 365 profiles and jobs according to the following articles. They should be set to manual initially to check their execution and results.
* For archiving Microsoft 365 mailboxes, follow the implementation guide [[Archiving_Emails_from_Microsoft_365_(Modern_Authentication)|Archiving Emails from Microsoft 365 (Modern Authentication)]].
* Creating Microsoft 365 export profiles is described in chapter [[Exporting Email]] of the MailStore Server manual.
* Once the profiles have been set up you can update existing jobs as described in chapter [[Jobs#Properties|jobs]] of the MailStore Server manual.

== Finalizing the Migration ==
To finalize the migration in MailStore Server, please proceed as follows:
* Close all MailStore Client sessions and restart the MailStore Server service.
* Log on as MailStore Server administrator again through the MailStore Client.
* In the main menu tree, go to ''Administrative Tools > Users and Archives > Archives'' and check the names of the archive folders.
* Switch to ''Archive E‑mail'' and run each Microsoft 365 archiving profile manually. If you are satisfied with the results, you can delete the old Exchange archiving profiles.
* If applicable, repeat the previous step for export profiles and jobs.
* If you have previously enabled access to user archives by administrators in MailStore Server as described in chapter [[Compliance_General#Archive_Access|Compliance General]], revert that change.
* If you have enabled ''Single-Sign-On (SSO)'' by setting the server name of the MailStore Server computer and the authentication method to ''Windows Authentication'' through group policies [[MailStore_Client_Deployment#Configuring_Policy_Settings|for the MailStore Client]] or the [[MailStore_Outlook_Add-in_Deployment|for the MailStore Outlook Add-in]], you must change the group policy setting ''Authentication'' to ''Standard Authentication''.

After finishing these tasks successfully, the migration in MailStore Server is complete.
[[de:Umstellung_der_Archivierung_von_Microsoft_Exchange_Server_auf_Microsoft_365]]
[[en:Changing_Archiving_from_Microsoft_Exchange_Server_to_Microsoft_365]]

Using External Archive Stores

2021-09-29T09:26:41Z

Bmeyn:

In MailStore there are two types of archive stores: ''Internal Archive Stores'' and ''External Archive Stores''.

While, with interal archive stores, folder information, meta data, email headers and contents as well as the full text index are stored in the file system, external archive stores allow you to store some of these components in SQL databases.

Database servers where external archive stores reside on must not be turned off or put into standby mode at any time, as long as there is a MailStore Server service accessing them. Otherwise, database corruption may occur, which can lead to data loss. If database servers must be turned off or rebooted, for example due to maintenance, please set the corresponding external archive stores to ''disabled'' first.

For most environments, using internal archive stores is recommended; these are described in detail in chapter [[Storage Locations]].

== Structure of an Archive Store ==
In MailStore, both internal and external archive stores always consist of the following three components:
{{Archive_Stores_Structure|Contains all data needed for searching through emails and attachments. The full text index can be reconstructed at any time. MailStore always uses its own high-performance full text index and not the index of the SQL database, therefore the full text index always has to be stored in the file system. Additional information on full text indexes is available in chapter [[Search Indexes]].}}

== Creating an External Archive Store ==
Under ''Administrative Tools > Storage > Storage Locations'' you can create new archive stores and manage the archive's existing archive stores. To create an external archive store, please proceed as follows:

* Below the list of archive stores, click on the ''Create...'' button.
* [[File:Tech_storageloc_adv_01.png|right|350px]]The ''Create New Archive Store'' wizard opens.
* Select the database type:
** '''External Microsoft SQL Server Database''' The archive store is stored in an external Microsoft SQL Server Database. Emails can be stored in the database or in the file system.
** '''External PostgreSQL Database''' The archive store is stored in an external PostgreSQL Database. E-Mails can be stored in the database or in the file system.
* Click on ''Next''. 
Based on the database type additional parameters need to be configured in the next step.

=== External Archive Store Type: External Microsoft SQL Server Database ===
Before you can set up the database connection in MailStore, an empty database has to be created on the database server. The MailStore user who is used for the connection should be the owner of the database. Please see the documentation of the database server for details.

''Folder information and meta data'' are always stored in the SQL database, while storing ''email headers and contents'' therein is optional.

'''Please note:''' MailStore supports all editions of Microsoft SQL Server Version 2008, 2012, 2014 and 2016. Please keep their respective size limits in mind and verify their suitability for managing the expected volume of data in your environment.

Once you have created an empty database, please proceed as follows:

* Enter a name for the new external archive store in the ''Name'' field, e.g. ''2016-12''.
* If you don't want MailStore to archive new emails in the new archive store, deselect the option ''Archive new messages here''.
* Specify the connection parameters for the ''Microsoft SQL Server Database Connection'':
** [[File:Tech_storageloc_adv_mssql_01.png|right|350px]]'''Server Name:''' Enter the server name or the IP address of the SQL server on which a database has been created for MailStore. If you click on the arrow to the right of the input field, MailStore will return a list of all Microsoft SQL servers located on the network.
** '''User Name:''' Name of the user with access to the database.
** '''Password:''' Password of the user listed under ''User Name''.
** '''Database:''' Name of the database to be used by MailStore. Click on the arrow to the right of the input field to obtain a list of all available databases on the server.
* Under ''email headers and contents'' select the appropriate storage location. ''Microsoft SQL Server Database'' is the default suggestion. When choosing ''Directory (File System)'', the input field ''Directory'' is activated. MailStore derives a directory based on the name entered and the path of the master database. To choose a different directory, click on the button next to the ''Directory'' field or enter a path manually. The specified directory is created automatically. If it already exists, it must not contain any files or subfolders.
* A directory for the full text index is also derived based on the name entered and the path of the master database.
* Click on ''Finish''.

Please note that distributing the individual components of an external archive store among different local drives or network shares significantly increases the complexity of [[Backup and Restore]].

=== External Archive Store Type: External PostgreSQL Database ===
Before you can set up the database connection in MailStore, an empty database has to be created on the database server. The MailStore user who is used for the connection should be the owner of the database. Please see the documentation of the database server for details.

''Folder information and meta data'' are always stored in the SQL database, while storing ''email headers and contents'' therein is optional.

'''Please note:''' MailStore supports PostgreSQL version 8.4.8 or newer.

Once an empty database has been created, please proceed as follows:

* Enter a name for the new external archive store in the ''Name'' field, e.g. ''2016-12''.
* If you don't want MailStore to archive new emails in the new archive store, deselect the option ''Archive new messages here''.
* Specify the connection parameters for the ''PostgresSQL Database Connection'':
** [[File:Tech_storageloc_adv_pgsql_01.png|right|350px]]'''Server Name:''' Enter the server name or the IP address of the SQL server on which a database has been created for MailStore.
** '''Encrypted Connection:''' Enable encryption of connection to the database server.
** '''Accept all certificates:''' {{Option_Accept_all_certificates}}
** '''User Name:''' Name of a user with access to the database.
** '''Password:''' Password of the user specified under ''User Name''.
** '''Database:''' Name of the database to be used by MailStore. To obtain a list of all available databases on the server, click on the arrow to the right of the input field.
* Under ''Email Headers and Contents'' select the appropriate storage location. ''PostgresSQL Database'' is the default suggestion. Selecting ''Directory (File System)'' activates the input field ''Directory''. MailStore derives a directory based on the name entered and the path of the master database. To choose a different directory, click on the button next to the ''Directory'' field or enter a path manually. The specified directory is created automatically. If it already exists, it must not contain any files or subfolders.
* A directory for the full text index is also derived based on the name entered and the path of the master database.
* Click on ''Finish''.

Please note that distributing the individual components of an advanced archive store among different local drives or network shares significantly increases the complexity of [[Backup and Restore]].

[[de:Verwendung_externer_Archivspeicher]]
[[en:Using_External_Archive_Stores]]

System Requirements

2021-09-29T08:04:58Z

Bmeyn:

== Hardware ==
The calculator below helps to specify the hardware needs subject to the number of users, stored email, and the [[Choosing_the_Right_Archiving_Strategy|archiving strategy]].

Calculations are based on the following base values:

* Yearly Email Volume per User: 10000
* Email Size: 75Kb
* Compression Ratio: 60%

<system_requirements product="server"/>

'''Please note: '''For a planned MailStore Server installation with more than 500 users, please contact our [https://www.mailstore.com/en/support/ Technical Support] to determine the optimal hardware setup.

== Software ==

=== Operating System ===
MailStore Server, [[Accessing_the_Archive_with_the_MailStore_Client_software|MailStore Client]] and [[Accessing_the_Archive_with_the_Microsoft_Outlook_integration|MailStore Outlook Add-in]] require the following operating systems for installation and execution. Both 32-bit and 64-bit versions are supported.

* Microsoft Windows 10
* Microsoft Windows 8.1
* Microsoft Windows 7 SP1
* Microsoft Windows Server 2019 (Essentials, Standard, Datacenter)
* Microsoft Windows Server 2016 (Essentials, Standard, Datacenter)
* Microsoft Windows Server 2012 R2 (Foundation, Essentials, Standard, Datacenter)
* Microsoft Windows Server 2012 (Foundation, Essentials, Standard, Datacenter)
* Microsoft Windows Small Business Server 2011 SP1
* Microsoft Windows Server 2008 R2 SP1 (Foundation, Standard, Enterprise, Datacenter)

'''Please note: '''For a MailStore Server installation with more than 25 users, a Microsoft Windows Server operating system is required for the [[MailStore_Server_Service_Configuration|MailStore Server Service]] because of restrictions of concurrent connections of Microsoft Windows client operating systems.

=== Other Software ===
The following other software is required:

* [http://www.mailstore.com/?netfx4 Microsoft .NET Framework Version 4.5.1]
* ''Optional:'' [[Search_Indexes#Install_Missing_IFilters|IFilter drivers]] on the MailStore Server computer for filetypes to be indexed

=== Outlook Versions ===
MailStore Outlook Add-in is compatible with the following versions of Microsoft Outlook for Windows. Both, 32-bit and 64-bit versions are supported.

* Microsoft Outlook 2019 (Click-to-Run only, Windows Store version is '''not''' supported)
* Microsoft Outlook 2016 as component for Office 365 (Click-to-Run)
* Microsoft Outlook 2016
* Microsoft Outlook 2013 as component for Office 365 (Click-to-Run)
* Microsoft Outlook 2013
* Microsoft Outlook 2010 (Click-to-Run is '''not''' supported)
* Microsoft Outlook 2007
* Microsoft Outlook 2003

{{Multiline_Notices|Heading=Important Notice|{{3rd_Party_Product_EOL_Notice|Outlook 2003, 2007 and 2010|Microsoft|are}}}}

=== Web Browsers ===
The following web browsers are officially supported by MailStore Web Access. Other browsers based on the same rendering engine as the once below (e.g. Opera) ''may'' work as well.

{| class="wikitable" |
! Operating System / Browser
! Edge
! IE 11
! Firefox (Latest)
! Chrome (Latest)
! Safari (Latest)
|-
! Windows 10
| style="text-align: center; | Supported
| style="text-align: center; | Supported
| style="text-align: center; | Supported
| style="text-align: center; | Supported
|
|-
! Windows 8.1
|
| style="text-align: center; | Supported
| style="text-align: center; | Supported
| style="text-align: center; | Supported
|
|-
! Windows 7 (SP1)
|
| style="text-align: center; | Supported
| style="text-align: center; | Supported
| style="text-align: center; | Supported
|
|-
! macOS
|
|
| style="text-align: center; | Supported
| style="text-align: center; | Supported
| style="text-align: center; | Supported
|-
! Linux
|
|
| style="text-align: center; | Supported
| style="text-align: center; | Supported
|
|}

== Frequently Asked Questions ==
=== Email Volume ===
'''Q:''' How do large email volumes affect the performance and what is recommended maximum?

'''A:''' The more emails are archived on a daily basis the more resources are required and more time is needed to execute certain tasks such as searching the archive. Environment with much higher volumes than 10000 emails per user per year, may experience degraded performance over time.

=== Dedicated machine ===
'''Q:''' Can I install MailStore Server on the same computer where Microsoft Exchange or any other email server is installed or do I have to install it on a dedicated machine?

'''A:''' Primarily this depends on the size of your setup, the archiving strategy and the kind of usage. Whenever possible, the MailStore Server service should be installed on a dedicated machine.

=== Database server ===
'''Q:''' Most email archiving products on the market seem to require Microsoft SQL Server or a similar product installed. Does MailStore Server also require an external database server?

'''A:''' MailStore Server comes with an [[Storage_Locations|integrated storage]] and does not depend on any other external database server.

=== Web server ===
'''Q:''' Do I need an additional web server like Microsoft IIS or Apache to offer MailStore Web Access to my clients?

'''A:''' No. MailStore Server runs its own HTTP server on the corresponding TCP ports. Therefore you do not need an additional web server to use MailStore Web Access.

=== Anti-Virus Software ===
'''F:''' What needs to be considered while using anti-virus software with MailStore?

'''A:''' When using file based virus scanners, it is recommended to exclude all archive directories (master database and archive stores) from scanning. For more information, please refer to the [[Notes_on_Antivirus_Software|notes on anti-virus software]].

=== Virtualization ===
'''Q:''' Is it possible to run MailStore Server on virtual machines like VMware guests or similar?

'''A:''' Yes it is possible, as long as the underlying operating system supports it, there is no problem running MailStore Server inside a virtualized environment.

=== Terminal Server environments ===
'''Q:''' Is it possible to run MailStore in a terminal server environment?

'''A:''' Yes, running MailStore Client and MailStore Outlook Add-in is absolutely possible. Running MailStore Server service on a terminal server is not recommended.

=== Network Attached Storage ===
'''Q:''' Do I have to store the archive on the local hard disk, or can I also store it (or parts of it) on network attached storage, e.g. a network share?

'''A:''' In general, using local storage is preferable to using network storage. To use MailStore Server with storage on a NAS, different options are available which are described in the article [[Using Network Attached Storage (NAS)]].

[[de:Systemanforderungen]]
[[en:System Requirements]]

Storage Locations

2021-09-28T15:53:51Z

Bmeyn:

A MailStore archive physically (i.e. on the storage) consists of individual archive stores, each with its own database, search indexes and data containers. To MailStore users these archive stores are fully transparent; they have access to all archived emails in all active archive stores and thus get a logical view on the archive according to their respective privileges.

Under ''Administrative Tools > Storage > Storage Locations'' you can configure the parameters of the archive stores' auto-create, manually create new archive stores and manage the archive's existing archive stores. You can also view the location of the master database here.

== Changing the Storage Location of the Master Database ==
The storage location of the master database can only be viewed here. In case the MailStore Client is started on the MailStore Server machine, clicking on ''Change...'' closes the MailStore Client and starts the [[MailStore Server Service Configuration]].

== Archive Store Basics ==
In MailStore, there are two types of archive stores: ''Internal Archive Stores'' and ''External Archive Stores''.

Internal archive stores are stored entirely in configurable file system directories and can be created, managed and backed up automatically by MailStore. For most environments using internal archive stores is recommended.

External archive stores offer storage in SQL databases, but have several limitations. Information about external archive stores is available in chapter [[Using External Archive Stores]].

Both internal and external archive stores always consist of the following three components:
{{Archive Stores Structure}}
MailStore archive stores as a whole as well as their individual components can be put on different physical storage locations, including network based storages. For additional information, please refer to the article [[Using Network Attached Storage (NAS)]].

'''Important notice: '''When choosing the physical storage system, please attend to the [[System Requirements]].

== Creating Archive Stores ==
In MailStore Server, internal archive stores are created automatically and additionally can be created manually. External archive stores can only be created manually.

=== Creating Internal Archive Stores Automatically ===
From time to time, MailStore Server automatically creates a new internal archive store for optimal system performance and stability. The maximum size and amount of emails are determined by MailStore Server internally.

If needed, you can limit the size that an archive store can reach at most before a new one is created to align with your backup routine. You can also configure the storage location where new archive stores will be created automatically.

'''Important notice: '''The maximum size should not be configured manually without good reason, so that MailStore Server can determine the optimal time automatically for creating a new archive store.

To change these settings, please proceed as follows:

* Below the list of archive stores, click on the ''Create automatically...'' button.
* [[File:tech_storageauto_01.png|right|350px]]The ''Auto-Create Archive Stores'' dialog opens.
* Customize the settings as preferred.
* Under ''Base directory'' enter the directory below which you want MailStore Server to create the new internal archive stores. The internal archive stores that are created automatically by MailStore Server, including any subfolders, follow the naming scheme ''year-month'', e.g. ''2021-10''.
* ''Optional: ''With the option ''Use different base directories for databases, content and search indexes'' you can configure separate directories for the individual components of an archive store. For example, you can put database and search index on a fast storage to accelerate folder operations and the MailStore search while leaving the email content files on a slower storage.
* Click on ''OK''. 

=== Creating an Internal Archive Store Manually ===
To create a new internal archive store manually, please proceed as follows:

* Below the list of archive stores, click on the ''Create...'' button.
* The ''Create New Archive Store'' wizard opens.
* Select the option ''Internal Archive Store'' and click on ''Next''.
* [[File:tech_storageloc_int_01.png|right|350px]]Enter a name for the new internal archive store in the ''Name'' field, e.g. ''2021-10''.
* If you don't want MailStore to archive new emails in the new archive store, deselect the option ''Archive new messages here''.
* MailStore Server derives a base directory for the new internal archive store from the name entered and the path of the master database. By default, MailStore Server stores all components of an archive store in a folder structure that is created automatically below the base directory. You can optionally either change the proposed path manually or select an existing directory; an existing directory must not contain any files or subfolders.
* ''Optional: ''With the option ''Use different base directories for databases, content and search indexes'' you can configure separate directories for the individual components of an archive store. For example, you can put database and search index on a fast storage to accelerate folder operations and the MailStore search while leaving the email content files on a slower storage.
* Click on ''Finish'' to create the internal archive store. 

=== Creating an External Archive Store ===
External archive stores can only be created manually. Creating a new external archive store is described in chapter [[Using External Archive Stores]].

== Managing Archive Stores ==
[[File:tech_storageloc_01.png|center|550px]]
=== Setting the Status ===
Right-click on an archive store and select the status from the ''Set Status'' submenu. As an alternative, you can select an archive store and set the status via the drop-down list in the details pane on the right of the archive store list. You can set the following status:

* ''Archive here'' In MailStore Server, there can only be one archive store with this status. All newly archived emails are written into this archive store. The emails are available to all MailStore users and can be located by searching and through the folder structure. Emails in this archive store can be deleted or moved according to configured user privileges and compliance settings. '''Notice: '''If a new internal archive store has been created automatically, its status is initially set to ''Archive here''. If you set an external archive store's status to ''Archive here'', the automatic creation of internal archive stores will be suspended until you set an internal archive store to this status.
* ''Normal'' Emails in archive stores with status ''Normal'' are available to all MailStore users and can be located by searching and through the folder structure. Emails in this archive store can be deleted or moved according to configured user privileges and compliance settings.
* ''Write-Protected'' Irrespective of user privileges and compliance settings, emails in write-protected archive stores can only be accessed read-only. The emails are available to all MailStore users and can be located by searching and through the folder structure. However, emails in such archive stores cannot be deleted or moved. '''Notice: '''Please note that file system write access to the directory of the archive store is still required and that this status prevents automatic processing of retention policies.
* ''Disabled'' Disabling an archive store allows you to make changes to its configuration. This may be necessary after [[Moving the Archive]], for example. While an archive store is disabled, the emails contained therein are not available to the archive. '''Notice: '''Please note that this status prevents the execution of archiving profiles.

=== Editing ===
Through the context menu item ''Edit...'' you can change the name and the directories of an archive store with status ''Disabled''.

=== Renaming ===
Through the context menu item ''Rename...'' you can change the name of an archive store irrespective of its status.

=== Detaching ===
Through the context menu item ''Detach'' you can detach an archive store from the archive, for example if all email contained therein do no longer have to be archived. The detached archive store and the emails contained therein are no longer available to the archive.

=== Attaching ===
A detached archive store can be reattached to the archive using the ''Attach...'' button. If the archive store cannot be decrypted automatically, you will be asked for the respective recovery key. For example, this could be the case for archive stores that belonged to another MailStore installation or which have been moved from another machine. You can find more information on the recovery key in section [[MailStore_Server_Service_Configuration#Security_and_Encryption|Security and Encryption]] of chapter [[MailStore Server Service Configuration]].

=== Unlocking ===
If an archive store cannot be decrypted automatically, it will be listed as ''Locked'' in the list of archive stores. Through the context menu item ''Unlock'' or by changing the status you will be asked for the respective recovery key. You can find more information on the recovery key in section [[MailStore_Server_Service_Configuration#Security_and_Encryption|Security and Encryption]] of chapter [[MailStore Server Service Configuration]].

== Maintenance of Archive Stores ==
All available maintenance commands can be accessed through the context menu of the list of archive stores. Alternatively, you can select an archive store and click on the ''Maintenance'' drop-down list in the details pane. The following commands are available:

* ''Cleanup (Compact)'' Optimizes the data structures while compacting the data.
* ''Check Data Integrity'' Verifies the data integrity between "Folder Information and Meta Data" as well as "Email Headers and Contents".
* ''Maintain All FDB Files'' Maintains the master database and all databases of internal archive stores.
* ''Recalculate all statistics'' Recalculates the statistics (number of emails per archive store) for all archive stores.

Maintenance commands can also be scheduled for automatic execution via [[Jobs]].

[[de:Speicherorte]]
[[en:Storage Locations]]

Archiving Emails from Microsoft 365 - Basic Authentication

2021-09-27T07:28:42Z

Bmeyn:

'''Information in this document is no longer maintained and may no longer be up-to-date.''' 
On September 23rd, 2021 [https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-september-2021-update/ba-p/2772210 Microsoft announced] the end of support for Basic Authentication for Exchange Online APIs on '''October 1st, 2022'''. This affects any MailStore Server version prior to 13, which will then no longer be able to archive Microsoft 365 mailboxes.
 
 
In MailStore Server 13, support for modern authentication methods via OAuth 2.0 & OpenID Connect as per Microsoft's recommendation as well as corresponding archiving profiles were introduced. Therefore, for archiving Microsoft 365 mailboxes, please refer to the implementation guide [[Archiving Emails from Microsoft 365 (Modern Authentication)]].
{{Implementation Guide Preamble|Exchange Online / Office 365}}
'''Please note:''' For better readability the term ''Exchange Online / Office 365'' hereinafter is being referred to as ''Office 365''.

== Synchronizing Users ==
MailStore offers direct user synchronization support for Office 365. The setup procedure for the required service principal is described in the chapter [[Office 365 Integration]] of the MailStore Server manual.

Note that while Office 365 manages users in Azure Active Directory, this itself can be synchronized with on-premise user information. Even if Office 365 / Azure AD is not the primary source of user account information in your environment, it is highly recommended to synchronize MailStore directly with Office 365 to fetch all information that is relevant for archiving such as email addresses.

== Archiving Individual Office 365 Mailboxes ==
{{Archiving Single Mailbox Preamble|Office 365}}
'''Important notice:''' Archiving a single mailbox requires the Exchange Online feature ''EWS Application support''. Please make sure that your Office 365 plan supports this feature. More information is available in this [https://technet.microsoft.com/en-us/library/exchange-online-service-description.aspx TechNet article].
{{Archiving Exchange Single Mailbox|Office 365}}

== Archiving Multiple Office 365 Mailboxes Centrally ==
{{Archiving Multiple Mailboxes Preamble|Office 365}}
'''Important notice:''' Archiving multiple mailboxes requires the Exchange Online features ''EWS Application support'' and ''Role-Based Permissions''. Please make sure that your Office 365 plan supports these features. More information is available in this [https://technet.microsoft.com/en-us/library/exchange-online-service-description.aspx TechNet article].

=== Step 1: Setting up a service account for accessing mailboxes ===
To be able to archive multiple Office 365 mailboxes, you need to create an Office 365 user first. Afterwards follow these steps, to grant access permissions to the newly created user on all mailboxes:

* Log on to your Office 365 tenant through Microsoft's Online Portal with an admin account.
* In the ''Office 365 admin center'' choose ''ADMIN > Exchange''.
* Now, in the ''Exchange admin center'', navigate to ''permissions''.
* Under ''admin roles'' select ''+ (New)''.
*: [[Image:Arch_office365_multi_01.png|center|550px]]
* Enter a meaningful name (e.g. ''MailStore Impersonation'') and description for the new role group.
* Under ''Roles'' add the role ''ApplicationImpersonation''.
* Under ''Members'' add the user you want to give permission to access all mailboxes.
* Click on ''Save'' to create the new role group.

=== Step 2: Configuration of MailStore Server ===
{{Archiving Exchange Multiple Mailboxes|Office 365|DSLink=[[#Synchronizing_Users|directory synchronization]]}}

== Archiving Incoming and Outgoing Emails Directly ==
{{Archiving Exchange Journal Mailbox Preamble|Office 365}}

=== Step 1: Setup and Configure MailStore Gateway ===
Please refer to the [https://help.mailstore.com/en/gateway/ MailStore Gateway Manual] for detailed instructions about:

* Installation and Setup of MailStore Gateway
* Logging on to MailStore Gateway's Management Console
* Creating MailStore Gateway mailboxes

After these steps, a mailbox with an individual email address (e.g. mbx-dead1234beef5678@gateway.example.com) should exist.

=== Step 2: Creating a Journal Rule ===
The following steps describe how to set up journaling for your Microsoft Office 365 account.

* Log on to your Office 365 tenant through Microsoft's Online Portal with an admin account.
* In the ''Office 365 admin center'' choose ''ADMIN > Exchange''.
* Now, in the ''Exchange admin center'', navigate to ''compliance management''.
* Select ''journal rules''.
* Under ''Send undeliverable journal reports to'' select an alternate journaling mailbox that receives None Delivery Reports (NDRs) for undeliverable journal reports in case the primary journal mailbox is unreachable. This mailbox must be a dedicated mailbox, any mail sent directly to this mailbox won't be journaled.
* Click on ''+ (New)''.
*:The dialog window ''New Journal Rule'' opens:
*:[[File:Arch_office365_journal_01.png|center|550px]]
* Enter a name for the journal rule, e.g. ''Journaling''.
* In the ''If the message is sent to or received from...'' section select whether the rule should apply to all messages or to specific users or groups.
* Under ''Journal the following messages...'', choose whether to capture all messages, internally sent messages only, or only those messages with an external sender or recipient.
* Enter the email address of the previously created MailStore Gateway mailbox in the ''Send journal reports to:'' box.
* Click on ''save'' to activate the rule.

=== Step 3: Configuration of MailStore ===
{{Archiving MailStore Gateway Mailbox|TargetFolderHint=DontShow|POP3Hint=DontShow|DSLink=[[#Synchronizing_Users|directory synchronization]]}}

== Public Folders ==
{{Archiving Exchange Public Folders Preamble|Office 365}}
* Log on to your Office 365 tenant through Microsoft's Online Portal with an admin account.
* In the ''Office 365 admin center'' choose ''ADMIN > Exchange''.
* Now, in the ''Exchange admin center'', navigate to ''public folders''.
* Click on the ''Ellipsis (…)'' and select ''Root permissions''.
*: [[File:Arch_office365_pf_01.png|center|480px]]
* A new browser window opens. Click on ''+ (Add)''.
* Use ''Browse'' to choose the Office 365 user you want to grant permissions.
* Choose ''Custom'' as ''Permission level'' and grant ''Read items'' and ''Delete all'' permissions.
*: [[File:Arch_office365_pf_02.png|center|347px]]
* Click on ''Save''.
* Enable the option ''Apply changes to this public folder and all its subfolders.''
* Click on ''Save''.
* Click on ''Close'' after saving has been completed successfully.

=== Step 3: Setting up the Archiving Process ===
{{Archiving Exchange Public Folder|Office 365}}

== Shared Mailboxes ==
{{Template:Archiving_Exchange_Shared_Mailbox|Office 365}}

[[de:E-Mail-Archivierung von Microsoft Office 365]]
[[en:Archiving_Emails_from_Microsoft_Office_365]]

Synchronizing User Accounts with Microsoft 365 - Modern Authentication

2021-09-15T14:34:09Z

Bmeyn:

{{Directory Services Preamble|Microsoft 365 tenant|Microsoft 365|{{#ev:youtube|https://youtu.be/OtJx2EKEW0Y|350|right|''Tech Tip: Preparation of the Microsoft 365 Tenant and User Synchronization''}}| Our Tech Tip video shows the essential configuration steps in this article.}}
 
== Prerequisites, Recommendations and Limitations ==
* For best user experience, the certificate used by MailStore Server should be trusted by all clients and the used web browsers. Using a certificate that is signed by a trusted certificate authority or [[Using_Lets_Encrypt_Certificates|using Let's Encrypt certificates]] is highly recommended.
* If users are supposed to log in to MailStore Server from outside the organization's network without a VPN using [[Accessing_the_Archive_with_the_MailStore_Client_software|MailStore Client]], [[Accessing_the_Archive_with_the_Microsoft_Outlook_integration|MailStore Outlook Add-in]] or the [[Accessing_the_Archive_with_MailStore_Web_Access|Web Access]], the URIs mentioned in this article must be resolvable via DNS on the Internet and port-forwardings to the MailStore Server computer must be set up on the firewall or router if necessary.
* When using Microsoft 365 to authenticate users at login, [[Accessing_the_Archive_via_Integrated_IMAP_Server|accessing the archive via IMAP]] is not possible for technical reasons.
* MailStore Server supports synchronizing user accounts with Microsoft 365 (Modern Authentication) only with the global Microsoft Cloud. National clouds such as ''Microsoft Cloud for US Government'', ''Microsoft Cloud Germany'' (operated by T-Systems) and ''Azure and Microsoft 365 operated by 21Vianet in China'' are not supported. For synchronizing users with ''Office 365 Germany'' and ''Office 365 operated by 21Vianet'', please refer to the [[Synchronizing_User_Accounts_with_Microsoft_365_(Basic_Authentication)|corresponding manual chapter]].

== Connecting MailStore Server and Microsoft 365 ==
In order to synchronize user information from Microsoft 365, MailStore Server has to be connected to your Microsoft 365 tenant and been granted the required permissions. Microsoft 365 relies on Azure Active Directory as directory service. Each Microsoft 365 tenant corresponds to an Azure AD tenant that stores its user information.

=== Registering of MailStore Server as App in Azure AD ===
Through registration, MailStore Server gets an identity in Azure AD that makes it possible to authenticate to the tenant's services and use their resources.
* Sign in to the [https://portal.azure.com Azure Portal] as a Global Administrator for your Microsoft 365 tenant.
* In the navigation menu (☰), select the option ''Azure Active Directory''.
* On the next page, select ''App registrations'' in the ''Manage'' section of the left navigation menu.
* Select ''New Registration''. The ''Register an application'' page appears.
* In the ''Name'' field, enter a meaningful display name, e.g. ''MailStore Server''. This name will be shown to users on logon later on, for example.
* Leave all other settings on this page to their defaults.
* Click on ''Register''. If the registration has been successful, you are shown the overview page of the newly registered app.
The ''Application (client) ID'' shown on this page identifies MailStore Server in your Azure AD tenant and has to be copied into MailStore Server next, together with the ''Directory (tenant) ID''. Therefore, for the following steps, leave the overview page open in your web browser.

=== Creating Credentials in MailStore Server ===
Credentials for Microsoft 365 consist of the aforementioned IDs and a secret that MailStore Server uses to proof its identity to Azure AD. Microsoft recommends using certificates as secrets to identify apps in Azure AD. When creating credentials, such a certificate is generated automatically by MailStore Server but can also be recreated later on.
{{Directory Services Accessing Configuration|Microsoft 365 (Modern Authentication)|Microsoft 365 sync 01.png}}
* In the ''Connection'' section, click on the button (…) next to the ''Credentials'' drop-down list.
* In the ''Credential Manager'' that appears, click on ''Create…''
* In the ''Azure AD App Credentials'' dialog, enter the following information in the ''Settings'' section:
** '''Name''' A meaningful display name for the credentials, e.g. the name of your Microsoft 365 tenant.
** '''Application (client) ID''' The value of the corresponding field that you can copy from the Azure AD app overview page in your web browser.
** '''Directory (tenant) ID''' The value of the corresponding field that you can copy from the Azure AD app overview page in your web browser.
[[File:Microsoft 365 cred 01.png|center|347px]]
* In the ''Authentication'' section, click on the drop-down button next to the ''Certificate'' text box und select ''Download Certificate''. Save the certificate on your hard drive.
* Confirm your entries by clicking ''OK''.
* The newly created credentials are listed in the ''Credential Manager'' under the name you have entered with the type ''Microsoft 365''. Here you can also edit or delete existing credentials if necessary.
* Leave the ''Credential Manager'' by clicking ''Close''.
* The newly created credentials are selected in the corresponding drop-down list by default.

=== Publishing Credentials in Azure AD ===
For Azure AD to validate the identity of MailStore Server, the created certificate needs to be published in Azure AD.
* Switch to the Azure AD app overview page in your web browser.
* Select ''Certificates & secrets'' in the ''Manage'' section of the left navigation menu.
* Click on ''Upload certificate'' in the ''Certificates'' section. Select the certificate file that you have saved previously and upload it to Azure AD by clicking ''Add''.
* If uploading has been successful, the certificate's thumbprint as well as its start and expiry dates appear in the certificates list. You can compare the thumbprint and expiry date with those listed in the MailStore Credential Manager to check that you've uploaded the correct certificate.

=== Configuring App Authentication in Azure AD ===
For Azure AD to return the result of a user's authentication request to MailStore Server, the endpoint where MailStore Server expects authentication responses, the so-called ''Redirect URI'', has to be conveyed to Azure AD.
* In the Azure Portal in the web browser, select ''Authentication'' in the ''Manage'' section of the left navigation menu.
* Click on the ''Add a platform'' button in the ''Platform configurations'' section of the ''Authentication'' page.
* Select ''Web'' in the ''Web applications'' section of the ''Configure platforms'' menu page.
* In the field ''Redirect URI'', enter a URI in the format (without brackets)
*: <code>https://<fqdn>[:<port>]/oidc/signin</code>
*; with the following components<nowiki>:</nowiki>
*: '''https://''' Specifying the <code>https://</code> protocol is obligatory. To avoid certificate warnings during user logon, the web browsers on the client machines must trust the [[MailStore_Server_Service_Configuration#Certificate|certificate used by MailStore Server]].
*: '''FQDN''' The Fully Qualified Domain Name (FQDN) of your MailStore Server that consists of the machine name and the DNS domain, e.g. <code>mailstore.example.com</code>. This name must be resolvable by all clients from which users shall be able to log on to MailStore Server.
*: '''Port''' The TCP port of the MailStore Web Access (<code>8462</code> by default). This value must be equal to the port configured in the section ''Base Configuration > Network Settings > MailStore Web Access / Outlook Add-in (HTTPS)'' of the [[MailStore_Server_Service_Configuration#Services|MailStore Server Service Configuration]]. The TCP port has to be specified only if it is different from the default port of the HTTPS protocol (<code>443</code>).
*: '''/oidc/signin''' The endpoint where MailStore Server expects the authentication responses of Azure AD. This path has to be specified exactly as stated here at the end of the redirect URI.
* Leave the field ''Logout URL'' blank.
* Enable the ''ID tokens'' option in the ''Implicit grant'' section.
* Click on ''Configure'' to finish the configuration of the app authentication in Azure AD.
::{| class="wikitable"
|+ Examples for valid redirect URIs
|-
! style="width:80px;" | Product
! style="width:80px;" | FQDN
! style="width:40px;" | Port
! Resulting Redirect URI
|-
| align="center"| MailStore Server
| align="center"| mailstore.example.com
| align="center"| 8462
| <code><nowiki>https://mailstore.example.com:8462/oidc/signin</nowiki></code> Redirect URI with Fully Qualified Domain Name and MailStore Web Access default port
|-
| align="center"| MailStore Server
| align="center"| mailstore.example.com
| align="center"| 443
| <code><nowiki>https://mailstore.example.com/oidc/signin</nowiki></code> The port can be ommited if the HTTPS default port 443 has been configured for MailStore Web Access or as source port of a port-forwarding on the firewall or router.
|-
| align="center"| MailStore SPE
| align="center"| archive.example.com
| align="center"| 443
| <code><nowiki>https://archive.example.com/<instanceid>/oidc/signin</nowiki></code> The ''instanceid'' of the instance is part of the Redirect URI.
|-
|}
:: '''Important Notice:''' Please note that the redirect URI is case-sensitive. Also review the requirements on resolving URIs in the [[#Prerequisites, Recommendations and Limitations|Prerequisites, Recommendations and Limitations]] section.

=== Configuring the Redirect URI in MailStore Server ===
For MailStore Server to convey the redirect URI to requesting clients, it must be configured there, too.
* Switch to the ''Directory Services'' page in the MailStore Client.
* Enter the redirect URI in the corresponding field in the ''Authentication'' section. Just copy the value previously configured in Azure AD from the web browser.
[[File:Microsoft 365 sync 02.png|center|450px]]

=== Configuring API Permissions in Azure AD ===
* Switch again to Azure AD in your web browser.
* Select ''API permissions'' in the ''Manage'' section of the left navigation menu.
* Click on the ''Add a permission'' button in the ''Configured permissions'' section.
* On the ''Request API permissions'' menu page, select the API ''Microsoft Graph'' in the ''Commonly used Microsoft APIs'' section.
* Select the option ''Application permissions''.
* Enable the ''Directory > Directory.Read.All'' permission in the ''Select permissions'' section.
* Click on ''Add permissions''.
* The permissions are updated and the ''Directory.Read.All'' permission appears in the API permissions list under ''Microsoft Graph''.
* Click on the ''Add a permission'' button in the ''Configured permissions'' section again.
* On the ''Request API permissions'' menu page, select ''APIs my organization uses''.
* Search for ''Office 365 Exchange Online'' and click on the corresponding entry.
* Select the option ''Application permissions''.
* Enable the ''full_access_as_app'' permission in the ''Select permissions'' section.
* Click on ''Add permissions''.
* The permissions are updated and the ''full_access_as_app'' permission appears in the API permissions list under ''Exchange''.
* Now click on the ''Grant admin consent for <your tenant name>'' button in the ''Configured permissions'' section.
* Acknowledge the following notice with ''Yes''.
* The status of all granted permissions is updated to ''Granted for <your tenant name>''.
The configuration of MailStore Server's connection to Microsoft 365 within Azure AD is now complete. You can sign out of your Azure AD tenant and close the browser window. Switch to the ''Directory Services'' page in the MailStore Client again, all remaining configuration steps must be done there.

=== User Database Synchronization ===
After configuring the connection settings as described above, you can specify filter criteria for the Microsoft 365 synchronization in this section.
*'''Synchronize licensed Microsoft Exchange Online users only''' Only Microsoft 365 user accounts with a Microsoft Exchange Online license assigned to them will be taken into account by the synchronization.
*'''Synchronize enabled users only''' Only Microsoft 365 user accounts that do not have their login to Microsoft 365 blocked will be taken into account by the synchronization.
*'''Sync only these groups''' Choose one or several Microsoft 365 security groups if you only want their members to be created as MailStore Server users. That way it's possible to exclude certain users from being synchronized to MailStore Server.

{{Directory Services Options|Microsoft 365 tenant}}
{{Directory Services Assign Default Privileges|Microsoft 365}}
{{Directory Services Run Synchronization|Microsoft 365 tenant}}
[[File:Office365_sync_02.png|450px|center]]

{{Directory Services Test Authentication}}
[[de:Synchronisieren_von_Benutzerkonten_mit_Microsoft_365_(Modern_Authentication)]]
[[en:Synchronizing_User_Accounts_with_Microsoft_365_(Modern_Authentication)]]

Synchronizing User Accounts with Microsoft 365 - Modern Authentication

2021-07-06T14:37:14Z

Bmeyn: /* Prerequisites, Recommendations and Limitations */

{{Directory Services Preamble|Microsoft 365 tenant|Microsoft 365|{{#ev:youtube|https://youtu.be/xbunWdMZVos|350|right|''Tech Tip: Preparation of the Microsoft 365 Tenant and User Synchronization''}}| Our Tech Tip video shows the essential configuration steps in this article.}}
 
== Prerequisites, Recommendations and Limitations ==
* For best user experience, the certificate used by MailStore Server should be trusted by all clients and the used web browsers. Using a certificate that is signed by a trusted certificate authority or [[Using_Lets_Encrypt_Certificates|using Let's Encrypt certificates]] is highly recommended.
* If users are supposed to log in to MailStore Server from outside the organization's network without a VPN using [[Accessing_the_Archive_with_the_MailStore_Client_software|MailStore Client]], [[Accessing_the_Archive_with_the_Microsoft_Outlook_integration|MailStore Outlook Add-in]] or the [[Accessing_the_Archive_with_MailStore_Web_Access|Web Access]], the URIs mentioned in this article must be resolvable via DNS on the Internet and port-forwardings to the MailStore Server computer must be set up on the firewall or router if necessary.
* When using Microsoft 365 to authenticate users at login, [[Accessing_the_Archive_via_Integrated_IMAP_Server|accessing the archive via IMAP]] is not possible for technical reasons.
* MailStore Server supports synchronizing user accounts with Microsoft 365 (Modern Authentication) only with the global Microsoft Cloud. National clouds such as ''Microsoft Cloud for US Government'', ''Microsoft Cloud Germany'' (operated by T-Systems) and ''Azure and Microsoft 365 operated by 21Vianet in China'' are not supported. For synchronizing users with ''Office 365 Germany'' and ''Office 365 operated by 21Vianet'', please refer to the [[Synchronizing_User_Accounts_with_Microsoft_365_(Basic_Authentication)|corresponding manual chapter]].

== Connecting MailStore Server and Microsoft 365 ==
In order to synchronize user information from Microsoft 365, MailStore Server has to be connected to your Microsoft 365 tenant and been granted the required permissions. Microsoft 365 relies on Azure Active Directory as directory service. Each Microsoft 365 tenant corresponds to an Azure AD tenant that stores its user information.

=== Registering of MailStore Server as App in Azure AD ===
Through registration, MailStore Server gets an identity in Azure AD that makes it possible to authenticate to the tenant's services and use their resources.
* Sign in to the [https://portal.azure.com Azure Portal] as a Global Administrator for your Microsoft 365 tenant.
* In the navigation menu (☰), select the option ''Azure Active Directory''.
* On the next page, select ''App registrations'' in the ''Manage'' section of the left navigation menu.
* Select ''New Registration''. The ''Register an application'' page appears.
* In the ''Name'' field, enter a meaningful display name, e.g. ''MailStore Server''. This name will be shown to users on logon later on, for example.
* Leave all other settings on this page to their defaults.
* Click on ''Register''. If the registration has been successful, you are shown the overview page of the newly registered app.
The ''Application (client) ID'' shown on this page identifies MailStore Server in your Azure AD tenant and has to be copied into MailStore Server next, together with the ''Directory (tenant) ID''. Therefore, for the following steps, leave the overview page open in your web browser.

=== Creating Credentials in MailStore Server ===
Credentials for Microsoft 365 consist of the aforementioned IDs and a secret that MailStore Server uses to proof its identity to Azure AD. Microsoft recommends using certificates as secrets to identify apps in Azure AD. When creating credentials, such a certificate is generated automatically by MailStore Server but can also be recreated later on.
{{Directory Services Accessing Configuration|Microsoft 365 (Modern Authentication)|Microsoft 365 sync 01.png}}
* In the ''Connection'' section, click on the button (…) next to the ''Credentials'' drop-down list.
* In the ''Credential Manager'' that appears, click on ''Create…''
* In the ''Azure AD App Credentials'' dialog, enter the following information in the ''Settings'' section:
** '''Name''' A meaningful display name for the credentials, e.g. the name of your Microsoft 365 tenant.
** '''Application (client) ID''' The value of the corresponding field that you can copy from the Azure AD app overview page in your web browser.
** '''Directory (tenant) ID''' The value of the corresponding field that you can copy from the Azure AD app overview page in your web browser.
[[File:Microsoft 365 cred 01.png|center|347px]]
* In the ''Authentication'' section, click on the drop-down button next to the ''Certificate'' text box und select ''Download Certificate''. Save the certificate on your hard drive.
* Confirm your entries by clicking ''OK''.
* The newly created credentials are listed in the ''Credential Manager'' under the name you have entered with the type ''Microsoft 365''. Here you can also edit or delete existing credentials if necessary.
* Leave the ''Credential Manager'' by clicking ''Close''.
* The newly created credentials are selected in the corresponding drop-down list by default.

=== Publishing Credentials in Azure AD ===
For Azure AD to validate the identity of MailStore Server, the created certificate needs to be published in Azure AD.
* Switch to the Azure AD app overview page in your web browser.
* Select ''Certificates & secrets'' in the ''Manage'' section of the left navigation menu.
* Click on ''Upload certificate'' in the ''Certificates'' section. Select the certificate file that you have saved previously and upload it to Azure AD by clicking ''Add''.
* If uploading has been successful, the certificate's thumbprint as well as its start and expiry dates appear in the certificates list. You can compare the thumbprint and expiry date with those listed in the MailStore Credential Manager to check that you've uploaded the correct certificate.

=== Configuring App Authentication in Azure AD ===
For Azure AD to return the result of a user's authentication request to MailStore Server, the endpoint where MailStore Server expects authentication responses, the so-called ''Redirect URI'', has to be conveyed to Azure AD.
* In the Azure Portal in the web browser, select ''Authentication'' in the ''Manage'' section of the left navigation menu.
* Click on the ''Add a platform'' button in the ''Platform configurations'' section of the ''Authentication'' page.
* Select ''Web'' in the ''Web applications'' section of the ''Configure platforms'' menu page.
* In the field ''Redirect URI'', enter a URI in the format (without brackets)
*: <code>https://<fqdn>[:<port>]/oidc/signin</code>
*; with the following components<nowiki>:</nowiki>
*: '''https://''' Specifying the <code>https://</code> protocol is obligatory. To avoid certificate warnings during user logon, the web browsers on the client machines must trust the [[MailStore_Server_Service_Configuration#Certificate|certificate used by MailStore Server]].
*: '''FQDN''' The Fully Qualified Domain Name (FQDN) of your MailStore Server that consists of the machine name and the DNS domain, e.g. <code>mailstore.example.com</code>. This name must be resolvable by all clients from which users shall be able to log on to MailStore Server.
*: '''Port''' The TCP port of the MailStore Web Access (<code>8462</code> by default). This value must be equal to the port configured in the section ''Base Configuration > Network Settings > MailStore Web Access / Outlook Add-in (HTTPS)'' of the [[MailStore_Server_Service_Configuration#Services|MailStore Server Service Configuration]]. The TCP port has to be specified only if it is different from the default port of the HTTPS protocol (<code>443</code>).
*: '''/oidc/signin''' The endpoint where MailStore Server expects the authentication responses of Azure AD. This path has to be specified exactly as stated here at the end of the redirect URI.
* Leave the field ''Logout URL'' blank.
* Enable the ''ID tokens'' option in the ''Implicit grant'' section.
* Click on ''Configure'' to finish the configuration of the app authentication in Azure AD.
::{| class="wikitable"
|+ Examples for valid redirect URIs
|-
! style="width:80px;" | Product
! style="width:80px;" | Machine Name
! style="width:90px;" | DNS Domain
! style="width:40px;" | TCP Port
! Resulting Redirect URI
|-
| align="center"| MailStore Server
| align="center"| mailstore
| align="center"| example.com
| align="center"| 8462
| <code><nowiki>https://mailstore.example.com:8462/oidc/signin</nowiki></code> Redirect URI with Fully Qualified Domain Name and MailStore Web Access default port
|-
| align="center"| MailStore Server
| align="center"| mailstore
| align="center"| example.com
| align="center"| 443
| <code><nowiki>https://mailstore.example.com/oidc/signin</nowiki></code> The port can be ommited if the HTTPS default port 443 has been configured for MailStore Web Access or as source port of a port-forwarding on the firewall or router.
|-
| align="center"| MailStore SPE
| align="center"| archive
| align="center"| example.com
| align="center"| 443
| <code><nowiki>https://archive.example.com/<instanceid>/oidc/signin</nowiki></code> The ''instanceid'' of the instance is part of the Redirect URI.
|-
|}
:: '''Important Notice:''' Please note that the redirect URI is case-sensitive. Also review the requirements on resolving URIs in the [[#Prerequisites, Recommendations and Limitations|Prerequisites, Recommendations and Limitations]] section.

=== Configuring the Redirect URI in MailStore Server ===
For MailStore Server to convey the redirect URI to requesting clients, it must be configured there, too.
* Switch to the ''Directory Services'' page in the MailStore Client.
* Enter the redirect URI in the corresponding field in the ''Authentication'' section. Just copy the value previously configured in Azure AD from the web browser.
[[File:Microsoft 365 sync 02.png|center|450px]]

=== Configuring API Permissions in Azure AD ===
* Switch again to Azure AD in your web browser.
* Select ''API permissions'' in the ''Manage'' section of the left navigation menu.
* Click on the ''Add a permission'' button in the ''Configured permissions'' section.
* On the ''Request API permissions'' menu page, select the API ''Microsoft Graph'' in the ''Commonly used Microsoft APIs'' section.
* Select the option ''Application permissions''.
* Enable the ''Directory > Directory.Read.All'' permission in the ''Select permissions'' section.
* Click on ''Add permissions''.
* The permissions are updated and the ''Directory.Read.All'' permission appears in the API permissions list under ''Microsoft Graph''.
* Click on the ''Add a permission'' button in the ''Configured permissions'' section again.
* On the ''Request API permissions'' menu page, select ''APIs my organization uses''.
* Search for ''Office 365 Exchange Online'' and click on the corresponding entry.
* Select the option ''Application permissions''.
* Enable the ''full_access_as_app'' permission in the ''Select permissions'' section.
* Click on ''Add permissions''.
* The permissions are updated and the ''full_access_as_app'' permission appears in the API permissions list under ''Exchange''.
* Now click on the ''Grant admin consent for <your tenant name>'' button in the ''Configured permissions'' section.
* Acknowledge the following notice with ''Yes''.
* The status of all granted permissions is updated to ''Granted for <your tenant name>''.
The configuration of MailStore Server's connection to Microsoft 365 within Azure AD is now complete. You can sign out of your Azure AD tenant and close the browser window. Switch to the ''Directory Services'' page in the MailStore Client again, all remaining configuration steps must be done there.

=== User Database Synchronization ===
After configuring the connection settings as described above, you can specify filter criteria for the Microsoft 365 synchronization in this section.
*'''Synchronize licensed Microsoft Exchange Online users only''' Only Microsoft 365 user accounts with a Microsoft Exchange Online license assigned to them will be taken into account by the synchronization.
*'''Synchronize enabled users only''' Only Microsoft 365 user accounts that do not have their login to Microsoft 365 blocked will be taken into account by the synchronization.
*'''Sync only these groups''' Choose one or several Microsoft 365 security groups if you only want their members to be created as MailStore Server users. That way it's possible to exclude certain users from being synchronized to MailStore Server.

{{Directory Services Options|Microsoft 365 tenant}}
{{Directory Services Assign Default Privileges|Microsoft 365}}
{{Directory Services Run Synchronization|Microsoft 365 tenant}}
[[File:Office365_sync_02.png|450px|center]]

{{Directory Services Test Authentication}}
[[de:Synchronisieren_von_Benutzerkonten_mit_Microsoft_365_(Modern_Authentication)]]
[[en:Synchronizing_User_Accounts_with_Microsoft_365_(Modern_Authentication)]]

Notes on Antivirus Software

2021-06-22T07:54:26Z

Bmeyn:

__NOTOC__


Due to the various methods of archiving email supported by {{{product|MailStore Server}}} and its own highly optimized storage technology, please follow the guidance below when using antivirus programs.

== On-Access Scanner ==
To ensure best possible performance of the storage technology and to prevent disruption caused by antivirus software, it is recommended that you exclude all archive stores, and the location of the master database, from on-access scanning. All data in {{{product|MailStore Server}}} is stored encrypted and compressed and therefore cannot be reliably scanned by antivirus software. In case of false-positives, even corruption of an archive store may occur. The data directory used by MailStore Gateway should be excluded from on-access scanning as well.

== Web and Email Scanner ==
Depending on the email server, {{{product|MailStore Server}}} uses the HTTP, POP3 or IMAP protocol to access server mailboxes. Most recent antivirus software support scanning for viruses in those network protocols. Unfortunately they appear to be tested only with the most widespread email clients such as Microsoft Outlook and Mozilla Thunderbird. Compatibility with other email applications is often not guaranteed. In case of web scanners, which are optimized for scanning website visits by a normal web browser, issues like timeouts or connection resets may occur when accessing Microsoft Exchange Servers via "WebDAV over HTTP" or "Exchange Web Services" (uses HTTP as well).

Should archiving with {{{product|MailStore Server}}} be affected by one of the above problems and if there is an antivirus software with activated email or web scanner installed on the the computer that executes the archiving profiles, try to disable these component first. Should that not resolve the issue, it may be necessary to temporarily uninstall the antivirus software. We recommend to contact the vendor if the problem can be resolved by either disabling or uninstalling the antivirus software.

== Heuristic & Behavioral Analysis ==
{{{product|MailStore Server}}} uses multiple methods to access local applications, email servers or other resources for archiving. All these combined into one application seems to cause antivirus software to classify {{{product|MailStore Server}}}'s executables or even the download link as a threat.

In that case please try to verify that classification with an online virus scanner like [https://www.virustotal.com/ VirusTotal] and contact the vendor of your antivirus software if applicable.
<noinclude>
[[de:Hinweise_zu_Antivirenprogrammen]]
[[en:Notes on Antivirus Software]]
</noinclude>

SPE:Notes on Antivirus Software

2021-06-22T07:15:31Z

Bmeyn: Created page with "{{:Notes_on_Antivirus_Software|product=MailStore Service Provider Edition}}"

{{:Notes_on_Antivirus_Software|product=MailStore Service Provider Edition}}

Notes on Antivirus Software

2021-06-22T07:14:01Z

Bmeyn:

__NOTOC__


Due to the various methods of archiving email in {{{product|MailStore Server}}} and the storage of those using its own highly optimized storage technology, a few notes have to be followed when using antivirus programs.

== On-Access Scanner ==
To ensure best possible performance of the storage technology and to prevent disruption caused by antivirus software, it is recommended that you exclude all archive stores, and the location of the master database, from on-access scanning. All data in MailStore Server is stored encrypted and compressed and therefore cannot be reliably scanned by antivirus software. In case of false-positives, even corruption of an archive store may occur. The data directory used by MailStore Gateway should be excluded from on-access scanning as well.

== Web and Email Scanner ==
Depending on the email server, MailStore Server uses the HTTP, POP3 or IMAP protocol to access server mailboxes. Most recent antivirus software support scanning for viruses in those network protocols. Unfortunately they appear to be tested only with the most widespread email clients such as Microsoft Outlook and Mozilla Thunderbird. Compatibility with other email applications is often not guaranteed. In case of web scanners, which are optimized for scanning website visits by a normal web browser, issues like timeouts or connection resets may occur when accessing Microsoft Exchange Servers via "WebDAV over HTTP" or "Exchange Web Services" (uses HTTP as well).

Should archiving with MailStore Server be affected by one of the above problems and if there is an antivirus software with activated email or web scanner installed on the the computer that executes the archiving profiles, try to disable these component first. Should that not resolve the issue, it may be necessary to temporarily uninstall the antivirus software. We recommend to contact the vendor if the problem can be resolved by either disabling or uninstalling the antivirus software.

== Heuristic & Behavioral Analysis ==
MailStore Server uses multiple methods to access local applications, email servers or other resources for archiving. All these combined into one application seems to cause antivirus software to classify MailStore Server's executables or even the download link as a threat.

In that case please try to verify that classification with an online virus scanner like [https://www.virustotal.com/ VirusTotal] and contact the vendor of your antivirus software if applicable.

[[de:Hinweise_zu_Antivirenprogrammen]]
[[en:Notes on Antivirus Software]]

Notes on Antivirus Software

2021-06-21T13:01:09Z

Bmeyn:

__NOTOC__


Due to the various methods of archiving email in MailStore Server and the storage of those using its own highly optimized storage technology, a few notes have to be followed when using antivirus programs.

== On-Access Scanner ==
To ensure best possible performance of the storage technology and to prevent disruption caused by antivirus software, it is recommended that you exclude all archive stores, and the location of the master database, from on-access scanning. All data in MailStore Server is stored encrypted and compressed and therefore cannot be reliably scanned by antivirus software. In case of false-positives, even corruption of an archive store may occur. The data directory used by MailStore Gateway should be excluded from on-access scanning as well.

== Web and Email Scanner ==
Depending on the email server, MailStore Server uses the HTTP, POP3 or IMAP protocol to access server mailboxes. Most recent antivirus software support scanning for viruses in those network protocols. Unfortunately they appear to be tested only with the most widespread email clients such as Microsoft Outlook and Mozilla Thunderbird. Compatibility with other email applications is often not guaranteed. In case of web scanners, which are optimized for scanning website visits by a normal web browser, issues like timeouts or connection resets may occur when accessing Microsoft Exchange Servers via "WebDAV over HTTP" or "Exchange Web Services" (uses HTTP as well).

Should archiving with MailStore Server be affected by one of the above problems and if there is an antivirus software with activated email or web scanner installed on the the computer that executes the archiving profiles, try to disable these component first. Should that not resolve the issue, it may be necessary to temporarily uninstall the antivirus software. We recommend to contact the vendor if the problem can be resolved by either disabling or uninstalling the antivirus software.

== Heuristic & Behavioral Analysis ==
MailStore Server uses multiple methods to access local applications, email servers or other resources for archiving. All these combined into one application seems to cause antivirus software to classify MailStore Server's executables or even the download link as a threat.

In that case please try to verify that classification with an online virus scanner like [https://www.virustotal.com/ VirusTotal] and contact the vendor of your antivirus software if applicable.

[[de:Hinweise_zu_Antivirenprogrammen]]
[[en:Notes on Antivirus Software]]

Notes on Antivirus Software

2021-06-07T08:20:21Z

Bmeyn:

__NOTOC__


Due to the various methods of archiving email in MailStore Server and the storage of those using its own highly optimized storage technology, a few notes have to be followed when using antivirus programs.

== On-Access Scanner ==
To ensure best possible performance of the storage technology and to prevent disruption caused by antivirus software, it is recommended that you exclude all archive stores, and the location of the master database, from on-access scanning. All data in MailStore Server is stored encrypted and compressed and therefore cannot be reliably scanned by antivirus software. In case of false-positives, even corruption of an archive store may occur. The directory that is used by the MailStore Proxy, should be excluded from on-access scanning as well.

== Web and Email Scanner ==
Depending on the email server, MailStore Server uses the HTTP, POP3 or IMAP protocol to access server mailboxes. Most recent antivirus software support scanning for viruses in those network protocols. Unfortunately they appear to be tested only with the most widespread email clients such as Microsoft Outlook and Mozilla Thunderbird. Compatibility with other email applications is often not guaranteed. In case of web scanners, which are optimized for scanning website visits by a normal web browser, issues like timeouts or connection resets may occur when accessing Microsoft Exchange Servers via "WebDAV over HTTP" or "Exchange Web Services" (uses HTTP as well).

Should archiving with MailStore Server be affected by one of the above problems and if there is an antivirus software with activated email or web scanner installed on the the computer that executes the archiving profiles, try to disable these component first. Should that not resolve the issue, it may be necessary to temporarily uninstall the antivirus software. We recommend to contact the vendor if the problem can be resolved by either disabling or uninstalling the antivirus software.

== Heuristic & Behavioral Analysis ==
MailStore Server uses multiple methods to access local applications, email servers or other resources for archiving. All these combined into one application seems to cause antivirus software to classify MailStore Server's executables or even the download link as a threat.

In that case please try to verify that classification with an online virus scanner like [https://www.virustotal.com/ VirusTotal] and contact the vendor of your antivirus software if applicable.

[[de:Hinweise_zu_Antivirenprogrammen]]
[[en:Notes on Antivirus Software]]

Search Indexes

2021-05-11T08:04:31Z

Bmeyn: /* Install Missing IFilters */

MailStore Server offers users an extremely fast full-text search. All emails a user has read-access to are searched, in most cases in only fractions of a second. To ensure this remarkable speed, MailStore Server sets up so-called search indexes during archiving. They work in a way similar to the indexes often found in the back of books: looking up something in an index gets results significantly faster than searching each single page.

MailStore Server maintains one index file each

* per file group and
* per user.

MailStore Server can index all file types for which a so-called IFilter is installed on the MailStore Server computer. Typically, IFilters exist at least for all applications which are installed on the respective machines.

For reasons of stability and performance, MailStore Server processes the following file types directly, regardless of the IFilters that are installed:

* Text files (TXT)
* HTML files (HTM and HTML)

Typical tasks regarding indexes are described in the following sections.

== Install Missing IFilters ==
Typically, IFilters exist at least for all applications which are installed on the respective machines. If, for example, Microsoft Office 2013 is installed, the corresponding IFilter for Microsoft Office documents are installed as well.

Install the following IFilters on the MailStore Server computer to index the corresponding file types. Restart the MailStore Server service after the IFilter installation to let MailStore detect the newly installed IFilters.

* '''Plain Text Files (TXT, CSV)''' The IFilter responsible for these file types is shipped with Windows by default. In case this option is disabled, a registry values might be wrong. Open the registry editor and verify that the ''Default'' value of the key ''HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.csv\PersistentHandler'' is set to ''{5e941d80-bf96-11cd-b579-08002b30bfeb}'' and correct it if necessary.
* '''Portable Document Format (PDF)''' For indexing PDF attachments, install [ftp://ftp.adobe.com/pub/adobe/acrobat/win/11.x/PDFFilter64Setup.msi Adobe PDF iFilter] on 64bit operating systems, or [ftp://ftp.adobe.com/pub/adobe/reader/win/11.x/11.0.10/en_US/AdbeRdr11010_en_US.exe Adobe Acrobat Reader 11] (Internet Explorer or FTP client necessary for download) on 32bit operating systems.
*:'''Important Notices:'''
** Take note of the [https://www.adobe.com/devnet-docs/etk_deprecated/tools/AdminGuide/Acrobat_Reader_IFilter_configuration.pdf installation instructions] of the 64bit IFilter. Especially adding the ''bin'' folder of the IFilter installation folder to the ''PATH'' system variable increases indexing speed a lot. The ''PATH'' system variable can be adjusted via an administrative command prompt (cmd) and then rundll32 sysdm.cpl,EditEnvironmentVariables
** Newer versions of Adobe Acrobat Reader do not contain an IFilter. Thus, please deactivate the automatic update function of Adobe Acrobat Reader 11.
* '''Microsoft Office (97-2003), Microsoft Office (2007 and later),''' All these file types are supported by the [https://www.microsoft.com/en-us/download/details.aspx?id=17062 Microsoft Office 2010 Filter Pack].
* '''Open Document Format (Libre Office/Open Office)''' These file types require a working installation of OpenOffice or [https://www.libreoffice.org/ LibreOffice]. Latest version tested was ''LibreOffice 5.1''.
*: '''Notice:''' Though Microsoft's Office 2010 Filter Pack registers support for Open Document Format files, indexing does not work with that IFilters.

Additional information about IFilters can be found in the corresponding [[wikipedia:IFilter|Wikipedia article]].

== Setting Up Indexing for the Contents of File Attachments ==
In the standard configuration, MailStore Server includes the file names of file attachments in the search indexes but not their contents. To enable MailStore Server to search the contents of file attachments, it has to be configured accordingly. Please proceed as follows:

* Start ''MailStore Client'' and log on as administrator (''admin'').
* Click on ''Administrative Tools'' > ''Storage'' and then on ''Search Indexes''.
* In the area ''Attachments'' click on ''Change...''
* Select the file type groups or enter a space separated list of file extensions of attachment types you would like archive in the text field below Other File Extensions.
*: [[File:tech_index_02-9_7.png|center]]
* Click on ''OK'' to save the settings.

MailStore displays a notice, if file extensions were added for which no IFilter is installed on the MailStore Server machine.

The new settings apply to all emails that are archived as of now. To apply the settings to already archived emails, rebuild the appropriate search indexes as described below.

== Rebuilding Search Indexes ==
Normally, the creation, maintenance and usage of search indexes is completely transparent meaning that neither administrators nor MailStore users need to know of their existence or their internal workings. In some cases, however, some maintenance may become necessary. For example:

* because of power outage,
* because of unexpected termination of the MailStore Server service
* because of missing network connectivity (only with storage on an NAS),
* because of changes to the index configuration or
* when restoring restoring backups without search indexes.

In these cases it may occur that archive, index and settings are no longer synchronous and that individual indexes must be rebuilt. Generally, a corresponding error message will be displayed. In case multiple indexes should be rebuilt, make sure other processes such as archiving profiles, exporting profiles or jobs are paused, or else the indexing process may get interrupted.

To rebuild search indexes please proceed as follows:

* Start MailStore Client and log on as administrator (admin).
* Click on ''Administrative Tools'' > ''Storage'' and then on ''Search Indexes''.
* Check all search indexes to be rebuilt. Indexes with the status ''Please Rebuild'' are already checked for your convenience.
* Click on ''Rebuild Search Indexes''.
*: [[File:tech_index_01.png|center|450px]]

[[de:Suchindizes]]
[[en:Search Indexes]]

Search Indexes

2021-05-11T07:21:09Z

Bmeyn: /* Install Missing IFilters */

MailStore Server offers users an extremely fast full-text search. All emails a user has read-access to are searched, in most cases in only fractions of a second. To ensure this remarkable speed, MailStore Server sets up so-called search indexes during archiving. They work in a way similar to the indexes often found in the back of books: looking up something in an index gets results significantly faster than searching each single page.

MailStore Server maintains one index file each

* per file group and
* per user.

MailStore Server can index all file types for which a so-called IFilter is installed on the MailStore Server computer. Typically, IFilters exist at least for all applications which are installed on the respective machines.

For reasons of stability and performance, MailStore Server processes the following file types directly, regardless of the IFilters that are installed:

* Text files (TXT)
* HTML files (HTM and HTML)

Typical tasks regarding indexes are described in the following sections.

== Install Missing IFilters ==
Typically, IFilters exist at least for all applications which are installed on the respective machines. If, for example, Microsoft Office 2013 is installed, the corresponding IFilter for Microsoft Office documents are installed as well.

Install the following IFilters on the MailStore Server computer to index the corresponding file types. Restart the MailStore Server service after the IFilter installation to let MailStore detect the newly installed IFilters.

* '''Plain Text Files (TXT, CSV)''' The IFilter responsible for these file types is shipped with Windows by default. In case this option is disabled, a registry values might be wrong. Open the registry editor and verify that the ''Default'' value of the key ''HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.csv\PersistentHandler'' is set to ''{5e941d80-bf96-11cd-b579-08002b30bfeb}'' and correct it if necessary.
* '''Portable Document Format (PDF)''' For indexing PDF attachments, install [ftp://ftp.adobe.com/pub/adobe/acrobat/win/11.x/PDFFilter64Setup.msi Adobe PDF iFilter] on 64bit operating systems, or [ftp://ftp.adobe.com/pub/adobe/reader/win/11.x/ Adobe Acrobat Reader 11] (Internet Explorer or FTP client necessary for download) on 32bit operating systems.
*:'''Important Notices:'''
** Take note of the [https://www.adobe.com/devnet-docs/etk_deprecated/tools/AdminGuide/Acrobat_Reader_IFilter_configuration.pdf installation instructions] of the 64bit IFilter. Especially adding the ''bin'' folder of the IFilter installation folder to the ''PATH'' system variable increases indexing speed a lot. The ''PATH'' system variable can be adjusted via an administrative command prompt (cmd) and then rundll32 sysdm.cpl,EditEnvironmentVariables
** Newer versions of Adobe Acrobat Reader do not contain an IFilter. Thus, please deactivate the automatic update function of Adobe Acrobat Reader 11.
* '''Microsoft Office (97-2003), Microsoft Office (2007 and later),''' All these file types are supported by the [https://www.microsoft.com/en-us/download/details.aspx?id=17062 Microsoft Office 2010 Filter Pack].
* '''Open Document Format (Libre Office/Open Office)''' These file types require a working installation of OpenOffice or [https://www.libreoffice.org/ LibreOffice]. Latest version tested was ''LibreOffice 5.1''.
*: '''Notice:''' Though Microsoft's Office 2010 Filter Pack registers support for Open Document Format files, indexing does not work with that IFilters.

Additional information about IFilters can be found in the corresponding [[wikipedia:IFilter|Wikipedia article]].

== Setting Up Indexing for the Contents of File Attachments ==
In the standard configuration, MailStore Server includes the file names of file attachments in the search indexes but not their contents. To enable MailStore Server to search the contents of file attachments, it has to be configured accordingly. Please proceed as follows:

* Start ''MailStore Client'' and log on as administrator (''admin'').
* Click on ''Administrative Tools'' > ''Storage'' and then on ''Search Indexes''.
* In the area ''Attachments'' click on ''Change...''
* Select the file type groups or enter a space separated list of file extensions of attachment types you would like archive in the text field below Other File Extensions.
*: [[File:tech_index_02-9_7.png|center]]
* Click on ''OK'' to save the settings.

MailStore displays a notice, if file extensions were added for which no IFilter is installed on the MailStore Server machine.

The new settings apply to all emails that are archived as of now. To apply the settings to already archived emails, rebuild the appropriate search indexes as described below.

== Rebuilding Search Indexes ==
Normally, the creation, maintenance and usage of search indexes is completely transparent meaning that neither administrators nor MailStore users need to know of their existence or their internal workings. In some cases, however, some maintenance may become necessary. For example:

* because of power outage,
* because of unexpected termination of the MailStore Server service
* because of missing network connectivity (only with storage on an NAS),
* because of changes to the index configuration or
* when restoring restoring backups without search indexes.

In these cases it may occur that archive, index and settings are no longer synchronous and that individual indexes must be rebuilt. Generally, a corresponding error message will be displayed. In case multiple indexes should be rebuilt, make sure other processes such as archiving profiles, exporting profiles or jobs are paused, or else the indexing process may get interrupted.

To rebuild search indexes please proceed as follows:

* Start MailStore Client and log on as administrator (admin).
* Click on ''Administrative Tools'' > ''Storage'' and then on ''Search Indexes''.
* Check all search indexes to be rebuilt. Indexes with the status ''Please Rebuild'' are already checked for your convenience.
* Click on ''Rebuild Search Indexes''.
*: [[File:tech_index_01.png|center|450px]]

[[de:Suchindizes]]
[[en:Search Indexes]]

Search Indexes

2021-05-10T16:01:07Z

Bmeyn: /* Install Missing IFilters */

MailStore Server offers users an extremely fast full-text search. All emails a user has read-access to are searched, in most cases in only fractions of a second. To ensure this remarkable speed, MailStore Server sets up so-called search indexes during archiving. They work in a way similar to the indexes often found in the back of books: looking up something in an index gets results significantly faster than searching each single page.

MailStore Server maintains one index file each

* per file group and
* per user.

MailStore Server can index all file types for which a so-called IFilter is installed on the MailStore Server computer. Typically, IFilters exist at least for all applications which are installed on the respective machines.

For reasons of stability and performance, MailStore Server processes the following file types directly, regardless of the IFilters that are installed:

* Text files (TXT)
* HTML files (HTM and HTML)

Typical tasks regarding indexes are described in the following sections.

== Install Missing IFilters ==
Typically, IFilters exist at least for all applications which are installed on the respective machines. If, for example, Microsoft Office 2013 is installed, the corresponding IFilter for Microsoft Office documents are installed as well.

Install the following IFilters on the MailStore Server computer to index the corresponding file types. Restart the MailStore Server service after the IFilter installation to let MailStore detect the newly installed IFilters.

* '''Plain Text Files (TXT, CSV)''' The IFilter responsible for these file types is shipped with Windows by default. In case this option is disabled, a registry values might be wrong. Open the registry editor and verify that the ''Default'' value of the key ''HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.csv\PersistentHandler'' is set to ''{5e941d80-bf96-11cd-b579-08002b30bfeb}'' and correct it if necessary.
* '''Portable Document Format (PDF)''' For indexing PDF attachments, install [ftp://ftp.adobe.com/pub/adobe/acrobat/win/11.x/PDFFilter64Setup.msi Adobe PDF iFilter] on 64bit operating systems, or [ftp://ftp.adobe.com/pub/adobe/reader/win/11.x/ Adobe Acrobat Reader 11] (IE or FTP client necessary for download) on 32bit operating systems.
*:'''Important Notices:'''
** Take note of the [https://www.adobe.com/devnet-docs/etk_deprecated/tools/AdminGuide/Acrobat_Reader_IFilter_configuration.pdf installation instructions] of the 64bit IFilter. Especially adding the ''bin'' folder of the IFilter installation folder to the ''PATH'' system variable increases indexing speed a lot. The ''PATH'' system variable can be adjusted via an administrative command prompt (cmd) and then rundll32 sysdm.cpl,EditEnvironmentVariables
** Newer versions of Adobe Acrobat Reader do not contain an IFilter. Thus, please deactivate the automatic update function of Adobe Acrobat Reader 11.
* '''Microsoft Office (97-2003), Microsoft Office (2007 and later),''' All these file types are supported by the [https://www.microsoft.com/en-us/download/details.aspx?id=17062 Microsoft Office 2010 Filter Pack].
* '''Open Document Format (Libre Office/Open Office)''' These file types require a working installation of OpenOffice or [https://www.libreoffice.org/ LibreOffice]. Latest version tested was ''LibreOffice 5.1''.
*: '''Notice:''' Though Microsoft's Office 2010 Filter Pack registers support for Open Document Format files, indexing does not work with that IFilters.

Additional information about IFilters can be found in the corresponding [[wikipedia:IFilter|Wikipedia article]].

== Setting Up Indexing for the Contents of File Attachments ==
In the standard configuration, MailStore Server includes the file names of file attachments in the search indexes but not their contents. To enable MailStore Server to search the contents of file attachments, it has to be configured accordingly. Please proceed as follows:

* Start ''MailStore Client'' and log on as administrator (''admin'').
* Click on ''Administrative Tools'' > ''Storage'' and then on ''Search Indexes''.
* In the area ''Attachments'' click on ''Change...''
* Select the file type groups or enter a space separated list of file extensions of attachment types you would like archive in the text field below Other File Extensions.
*: [[File:tech_index_02-9_7.png|center]]
* Click on ''OK'' to save the settings.

MailStore displays a notice, if file extensions were added for which no IFilter is installed on the MailStore Server machine.

The new settings apply to all emails that are archived as of now. To apply the settings to already archived emails, rebuild the appropriate search indexes as described below.

== Rebuilding Search Indexes ==
Normally, the creation, maintenance and usage of search indexes is completely transparent meaning that neither administrators nor MailStore users need to know of their existence or their internal workings. In some cases, however, some maintenance may become necessary. For example:

* because of power outage,
* because of unexpected termination of the MailStore Server service
* because of missing network connectivity (only with storage on an NAS),
* because of changes to the index configuration or
* when restoring restoring backups without search indexes.

In these cases it may occur that archive, index and settings are no longer synchronous and that individual indexes must be rebuilt. Generally, a corresponding error message will be displayed. In case multiple indexes should be rebuilt, make sure other processes such as archiving profiles, exporting profiles or jobs are paused, or else the indexing process may get interrupted.

To rebuild search indexes please proceed as follows:

* Start MailStore Client and log on as administrator (admin).
* Click on ''Administrative Tools'' > ''Storage'' and then on ''Search Indexes''.
* Check all search indexes to be rebuilt. Indexes with the status ''Please Rebuild'' are already checked for your convenience.
* Click on ''Rebuild Search Indexes''.
*: [[File:tech_index_01.png|center|450px]]

[[de:Suchindizes]]
[[en:Search Indexes]]

MailStore Help

2021-05-04T16:07:41Z

Bmeyn: /* How-to */

__NOTOC__
{{DISPLAYTITLE:{{Product Name}} Help}}

{| width="100%" cellspacing="3" cellpadding="4"
|-
| valign="top" width="100%" colspan="2" |
== Email Archiving with {{Product Name}} ==
In addition to the latest version of the {{Product Name}} manual, you can find important articles and instructions here, which will help you to set up email archiving. Please do not hesitate to contact our support team if you have any further questions.
|-
| valign="top" width="50%" |
== Getting Started ==
* [[Quick Start Guide]]
* [[System Requirements]]
* [[Choosing the Right Archiving Strategy]]
== What's New ==
* [https://go.mailstore.com?product=MailStore%20Server&target=changelog&lang=en Changelog]
* [[Update Notices for MailStore Server|Update Notices]]
| valign="top" width="50%"|
== Manual ==
* [[Installation]]
* [[Archiving Email]]
* [[Accessing the Archive]]
* [[Exporting Email]]
* [[Administration]]
* [[MailStore Server Service Configuration]]
* [https://help.mailstore.com/en/gateway MailStore Gateway Help]
|-
| valign="top" width="50%" |
== Implementation Guides ==
{{:Implementation}}
| valign="top" width="50% |
== Articles ==
==== Deployment ====
* [[MailStore Client Deployment|MailStore Client]]
* [[MailStore Outlook Add-in Deployment|MailStore Outlook Add-in]]
==== Operation ====
* [[Backup and Restore]]
* [[Maintenance and Repair]]
* [[Monitoring]]
==== Security ====
* [[Security Advisories]]
* [[Enhancing SSL Security]]
* [[Notes on Antivirus Software]]
* [[Using Your Own SSL Certificate]]
* [[Using_Lets_Encrypt_Certificates|Using Let's Encrypt Certificates]]
==== Automation & Scripting ====
* [[Scripting|Automation with scripts]]
* [[Bulk Import of Email Files]]
* [[Implementing an Application Integration Server]]
==== How-to ====
* [[Changing Archiving from Microsoft Exchange Server to Microsoft 365]]
* [[Moving the Archive]]
* [[Using Network Attached Storage (NAS)]]
* [[Verifying a Signed Export]]
|-
| valign="top" width="50%" |

== Troubleshooting ==
In the [https://cs.mailstore.com/index.php?/Knowledgebase/List/Index/8/en knowledgebase] of our [https://cs.mailstore.com/ Customer Service Centers] you can find many answers to the most often asked questions or reoccurring error messages. Detailed troubleshooting instructions are also available there. 
== Administration API ==
The Administration API extends the management capabilities of {{Product Name}} by providing command-line as well as HTTP based access to all management functions. This allows to fully automate the administration of {{Product Name}} via scripts or even integration into centralized management solutions. For an even faster development, example API libraries for different scripting and programming languages are provided.
* [[MailStore Server Management Shell]]
* [[Administration API - Using the API|Using the API]]
* [[Administration API - Function Reference|Function Reference]]
==== Example Implementations of API Libraries ====
* [[PowerShell API Wrapper Tutorial|PowerShell]]
* [[Python API Wrapper Tutorial|Python]]
| valign="top" width="50%" |
== Tech Tip Videos ==
In our [https://youtube.com/playlist?list=PLGTSLnfosYvSkdccnpMDv5fjqYhJ_asQp Tech Tip Videos on Youtube] we provide valuable information and useful insights from our technical support team. Our technical support engineers will showcase specific features of MailStore Server and feature common use cases of our clients.
== Downloads ==
<div class="plainlinks">
* [https://www.mailstore.com/en/products/mailstore-server/downloads/ MailStore Setup Files]
* [http://help.mailstore.com/manual/server13-manual-en.pdf MailStore Server 13 Manual]
==== Manuals of Older Versions ====
* [http://help.mailstore.com/manual/server12-manual-en.pdf MailStore Server 12]
* [http://help.mailstore.com/manual/server11-manual-en.pdf MailStore Server 11]
* [http://help.mailstore.com/manual/server10-manual-en.pdf MailStore Server 10]
* [http://help.mailstore.com/manual/server9-manual-en.pdf MailStore Server 9]
* [http://help.mailstore.com/manual/server8-manual-en.pdf MailStore Server 8]
* [http://help.mailstore.com/manual/server7-manual-en.pdf MailStore Server 7]
* [http://help.mailstore.com/manual/server6-manual-en.pdf MailStore Server 6]
* [http://help.mailstore.com/manual/server5-manual-en.pdf MailStore Server 5]
==== Active Directory Group Policy Templates ====
* [[Media:MailStore_ADMX.zip|ADMX-Template]]
</div>
|}

[[de:MailStore Hilfe]]
[[en:MailStore Help]]

File:MailStoreServerMigrationScripts.zip

2021-05-04T16:05:38Z

Bmeyn:

Changing Archiving from Microsoft Exchange Server to Microsoft 365

2021-05-04T16:04:51Z

Bmeyn:

This article shows the changes required in MailStore Server when switching the email environment from a local Microsoft Exchange installation to Microsoft 365.

== Notes and Considerations ==
As with any changes in a production environment, changing archiving in MailStore Server should be planned carefully in advance. Therefore, before implementing any changes, please take the following notes into consideration:
* It is strongly recommended to implement the modifications described in this article in a test environment first because the changes to your Exchange and MailStore Server installations may not be reverted without huge effort if at all.
* Please make sure that you have a current [[Backup_and_Restore|backup]] of your Exchange and MailStore Server installations before applying any modifications to your production environment.
* It is recommended to update MailStore Server to the latest version before applying any modifications. Please make sure that your [https://www.mailstore.com/en/products/mailstore-server/faq/ Update and Support Service contract] is valid and take heed of the [[Update_Notices_for_MailStore_Server|update notices]].
* It is assumed that MailStore Server currently runs in an Active Directory / Exchange Server environment according to the [[Archiving_Emails_from_Microsoft_Exchange|MailStore Implementation Guides for Microsoft Exchange Servers]] and shall run according to the [[Archiving_Emails_from_Microsoft_365_(Modern_Authentication)|MailStore Implementation Guide for Microsoft 365 (Modern Authentication)]] hereafter.
* The modifications to the configuration of MailStore Server should be applied in [[MailStore_Server_Service_Configuration#Controlling_the_Service|Safe Mode]] to avoid interference by background tasks or user interaction.
* Microsoft 365 does not support journal mailboxes hosted within Microsoft 365 itself. If you archive all incoming and outgoing emails with MailStore Server, you need a journal mailboxes that is hosted outside Microsoft 365. MailStore offers [https://help.mailstore.com/en/gateway/Main_Page MailStore Gateway] as a free solution that can provide journal mailboxes in your company intranet.

== Changing User Synchronization ==
As a first step, you must change the directory services that MailStore Server synchronizes its users with from ''Active Directory'' to ''Microsoft 365 (Modern Authentication)''. This is necessary because Microsoft 365 uses Azure Active Directory instead of a local Active Directory as directory service.

Initially, please run a [[Active_Directory_Integration#Running_Directory_Services_Synchronization|directory services synchronization]] in MailStore Server with the current configuration to make sure that all user data is complete and up-to-date.

== User Name Format ==
The steps required for changing the directory service depend on the [[Active_Directory_Integration#User_Database_Synchronization|user name format]] that is currently being used in MailStore Server for user synchronization with the local Active Directory.
* If you are currently using the ''SAM Account Name'' or the ''User Principal Name (Local Part)'', i.e. a "flat" user name without domain part (e.g.<code>john.doe</code>) as user name in MailStore Server, users and archive folders must be renamed in MailStore Server. In this case, please follow the steps in the next section.
* If you are already using the the full ''User Principal Name'' (''UPN'', e.g.<code>john.doe@example.com</code>) as user name in MailStore Server and
** exactly that UPN will be used to log on to Microsoft 365 in the future, you can leave the user names, archive folders and source folders in MailStore Server as is. Please continue directly with the section [[#Changing Directory Service Synchronization to Microsoft 365|Changing Directory Service Synchronization to Microsoft 365]].
** you want to change the naming scheme of the UPN (e.g. from <code>john.doe@example.com</code> to <code>jdoe@example.com</code> or from <code>jane.doe@example.com</code> to <code>jane.doe@example.org</code>) for logging on to Microsoft 365, user names, archive folders and source folders in MailStore Server need to be renamed. In this case, please follow the steps in the next section.

=== MailStore Migration Scripts ===
The modifications in the following sections rely on Windows PowerShell scripts which require Windows PowerShell 3.0 or higher.
* You can download the scripts [[Media:MailStoreServerMigrationScripts.zip|here]]; they can be found in the folder <code>migration</code> after extraction.
* To use the scripts, access to the [[Administration_API_-_Using_the_API|MailStore Administration API]] in the [[MailStore_Server_Service_Configuration#Services|MailStore Server Service Configuration]] must be enabled.

=== Renaming Users and Archives in MailStore Server ===
MailStore Server distinguishes users by user name only. For example, <code>john.doe</code> and <code>john.doe@example.com</code> are two different users from a MailStore Server perspective, requiring two user licenses. Furthermore, a user's archive is also associated by user name alone, so that, for a user named <code>john.doe</code>, MailStore always creates an archive ''(Archive) john.doe''. However, once such an archive contains archived emails, it will retain its name even if the associated user name changes.

For these reasons, user names and archive folders in MailStore Server must be equal to the user names of the directory service that MailStore Server synchronizes its users with. Because Azure Active Directory uses the full ''User Principal Name'' (''UPN'', usually the primary email address) as user name, you must rename users and archive folders if you are currently using a different user name format or want to change the ''UPN''.

For renaming users and archive folder, please proceed as follows:
* Edit the scripts <code>MSS_1_prepare_users.ps1</code> and <code>MSS_2_update_users.ps1</code> in the PowerShell ISE and adjust the values in the section ''Adjust these values according to your installation'' according to your MailStore Server installation.
* Run the script <code>MSS_1_prepare_users.ps1</code> in the PowerShell ISE with ''F5''.
* The file <code>mailstore-users.txt</code> will be created (in the folder <code>C:\Users\<Your user name>\</code> by default). It contains the current MailStore Server user names.
* Edit this file in a text editor. Change the new user names after the "=", so that the entries look like this:
*; <pre>AD user name=Microsoft 365 user name</pre> 
*; Example (with changes highlighted)
*; <code>jane.doe=jane.doe</code><code style="color: blue">@example.com</code> 
*; For user names that should not change (e.g. the default ''admin'' user), just leave the corresponding entries as is.
* Save the file <code>mailstore-users.txt</code> that now should contain the current and the future user names.
* Run the script <code>MSS_2_update_users.ps1</code> in the PowerShell ISE with ''F5''.
* The script now renames the users and their archive folder in MailStore Server and also updates the archive folder permissions accordingly.
* Log on as MailStore Server administrator with the MailStore Client and check the new user names and archive folders.
* If the local part of the users' email addresses (the part before the "@") has not changed, you can proceed directly with the steps in section [[#Changing Directory Service Synchronization to Microsoft 365|Changing Directory Service Synchronization to Microsoft 365]]. Otherwise the source folders may need to be renamed as described in the next section.

=== Renaming Source Folders in MailStore Server ===
The folder level below the archive folders reflects the source from which MailStore Server has archived the emails. In case of Exchange archiving, the folder name consists of the prefix ''Exchange'' and the local part of the email address (the part before the "@"), so that for the email address <code>john.doe@example.com</code> the source folder name in MailStore Server would be ''Exchange john.doe@example.com''.

Source folder names only need to be renamed if '''all''' of the following conditions and requirements are met. Otherwise you can proceed directly with the steps in section [[#Changing Directory Service Synchronization to Microsoft 365|Changing Directory Service Synchronization to Microsoft 365]].
* The local part of the email address shall be changed in course of migrating to Microsoft 365 (e.g. from <code>john.doe@example.com</code> to <code>j.doe@example.com</code>) '''and'''
* both the emails that have been archived so far from the local Exchange Server and those that will be archived from Microsoft 365 henceforth should appear in the same folder structure on source level (e.g. so far in ''Exchange john.doe'' and in ''Exchange j.doe'' after).

For renaming the source folders, please proceed as follows:
* Enable access to user archives by administrators in MailStore Server; it is disabled by default. Changing this option is described in chapter [[Compliance_General#Archive_Access|Compliance General]] of the MailStore Server manual.
* Edit the scripts <code>MSS_3_prepare_folders.ps1</code> and <code>MSS_4_update_folders.ps1</code> in the PowerShell ISE and adjust the values in the section ''Adjust these values according to your installation'' according to your MailStore Server installation.

* Run the script <code>MSS_3_prepare_folders.ps1</code> in the PowerShell ISE with ''F5''.
* The file <code>mailstore-folders.txt</code> will be created (in the folder <code>C:\Users\<Your user name>\</code> by default). It contains the full paths of the current source folders that consist of user names and the source folder names, separated by "/".
* Edit this file in a text editor. Change the new source folders after the "=", so that the entries look like this:
*; <pre>Old source folder path=new source folder path</pre> 
*; Example (with changes highlighted)
*;<code>j.doe@example.com/</code><code style="color: red">Exchange jane.doe</code><code>=j.doe@example.com/</code><code style="color: blue">Exchange j.doe</code> 
*; For source folders that should not change, just leave the corresponding entries as is.
* Save the file <code>mailstore-folders.txt</code> that now should contain the current and the future source folders.
* Run the script <code>MSS_4_update_folders.ps1</code> in the PowerShell ISE with ''F5''.
* The script now renames the source folders in MailStore Server.
* Log on as MailStore Server administrator with the MailStore Client and check the new source folders.

=== Changing Directory Service Synchronization to Microsoft 365 ===
To enable users to log on to MailStore Server with their Microsoft 365 credentials instead of their Active Directory, you must switch the directory service synchronization to ''Microsoft 365 (Modern Authentication)''. Please follow the steps in chapter [[Synchronizing User Accounts with Microsoft 365 (Modern Authentication)]] of the MailStore Server manual.
Initially, just test the synchronization using the ''Test Settings'' button. Check the directory service synchronization results, migrated users should show as ''modified''. You can also check that user authentication against Microsoft 365 works as expected.

== Changing the Archiving Profiles ==
For archiving Microsoft 365 mailboxes, MailStore Server offers dedicated Microsoft 365 archiving profiles that support modern authentication. Existing Exchange archiving profiles cannot be used for archiving Microsoft 365 mailboxes because they only support basic authentication.

=== Deactivating Existing Profiles and Jobs ===
If you run MailStore Server in [[MailStore_Server_Service_Configuration#Controlling_the_Service|Safe Mode]] as recommended before, automatic execution of archiving profiles and by jobs is disabled. To deactivate them permanently, please proceed as follows:
* Log on as MailStore Server administrator through the MailStore Client.
* Click on ''Archive E‑mail''
* Below the profiles list, enable the option ''Show Profiles of All Users''.
* Switch every Exchange archiving profile to ''Manual'' through the context menu.
* If you have configured Exchange export profiles, click on ''Export E‑mail'' in the menu tree and repeat the previous steps.
* If you have configured scheduled job for running Exchange profiles, click on ''Administrative Tools > Management API > Jobs'' and deactivate every job that run an Exchange profile through the context menu.

=== Creating new Microsoft 365 Profiles ===
Create new Microsoft 365 profiles and jobs according to the following articles. They should be set to manual initially to check their execution and results.
* For archiving Microsoft 365 mailboxes, follow the implementation guide [[Archiving_Emails_from_Microsoft_365_(Modern_Authentication)|Archiving Emails from Microsoft 365 (Modern Authentication)]].
* Creating Microsoft 365 export profiles is described in chapter [[Exporting Email]] of the MailStore Server manual.
* Once the profiles have been set up you can update existing jobs as described in chapter [[Jobs#Properties|jobs]] of the MailStore Server manual.

== Finalizing the Migration ==
To finalize the migration in MailStore Server, please proceed as follows:
* Close all MailStore Client sessions and restart the MailStore Server service.
* Log on as MailStore Server administrator again through the MailStore Client.
* In the main menu tree, go to ''Administrative Tools > Users and Archives > Archives'' and check the names of the archive folders.
* Switch to ''Archive E‑mail'' and run each Microsoft 365 archiving profile manually. If you are satisfied with the results, you can delete the old Exchange archiving profiles.
* If applicable, repeat the previous step for export profiles and jobs.
* If you have previously enabled access to user archives by administrators in MailStore Server as described in chapter [[Compliance_General#Archive_Access|Compliance General]], revert that change.
* If you have enabled ''Single-Sign-On (SSO)'' by setting the server name of the MailStore Server computer and the authentication method to ''Windows Authentication'' through group policies [[MailStore_Client_Deployment#Configuring_Policy_Settings|for the MailStore Client]] or the [[MailStore_Outlook_Add-in_Deployment|for the MailStore Outlook Add-in]], you must change the group policy setting ''Authentication'' to ''Standard Authentication''.

After finishing these tasks successfully, the migration in MailStore Server is complete.
[[de:Umstellung_der_Archivierung_von_Microsoft_Exchange_Server_auf_Microsoft_365]]
[[en:Changing_Archiving_from_Microsoft_Exchange_Server_to_Microsoft_365]]

Changing Archiving from Microsoft Exchange Server to Microsoft 365

2021-04-30T15:56:41Z

Bmeyn: Created page with "de:Umstellung_der_Archivierung_von_Microsoft_Exchange_Server_auf_Microsoft_365 en:Changing_Archiving_from_Microsoft_Exchange_Server_to_Microsoft_365"

[[de:Umstellung_der_Archivierung_von_Microsoft_Exchange_Server_auf_Microsoft_365]]
[[en:Changing_Archiving_from_Microsoft_Exchange_Server_to_Microsoft_365]]

HelpTopicIds

2021-04-27T07:16:11Z

Bmeyn:

* accs_export - [[Exporting_Email]]
* accs_extsearch - [[Accessing_the_Archive_with_the_MailStore_Client_software#Advanced_Search]]
* accs_outlook - [[Accessing_the_Archive_with_the_Microsoft_Outlook_integration]]
* accs_preview - [[Accessing_the_Archive_with_the_MailStore_Client_software#Email_Preview]]
* accs_web - [[Accessing_the_Archive_with_MailStore_Web_Access]]
* arch_delete - [[Email_Archiving_with_MailStore_Basics#Deleting_Emails_after_Archiving]]
* arch_filesystem - [[Archiving_Emails_from_External_Systems_(File_Import)]]
* arch_filepst - [[Archiving_Outlook_PST_Files_Directly]]
* arch_gateway - [[Archiving_MailStore_Gateway_Mailbox]]
* gateway_introduction - [[Archiving_MailStore_Gateway_Mailbox]]
* arch_googleapps_batch - [[Archiving_Emails_from_Google_Workspace#Archiving_Multiple_Mailboxes_Centrally]]
* arch_googleapps - [[Archiving_Emails_from_Google_Workspace]]
* arch_googleapps_multidrop - [[Archiving_Emails_from_Google_Workspace#Archiving_Incoming_and_Outgoing_Emails_Directly]]
* arch_googlemail_installed_app - [[Archiving_Emails_from_Gmail]]
* arch_icewarp - [[Archiving_Emails_from_IceWarp_Server]]
* arch_icewarp_mailbox - [[Archiving_Emails_from_IceWarp_Server#Archiving_Individual_Mailboxes]]
* arch_icewarp_mailboxes - [[Archiving_Emails_from_IceWarp_Server#Archiving_Multiple_Mailboxes_in_One_Step]]
* arch_icewarp_multidrop - [[Archiving_Emails_from_IceWarp_Server#Archiving_All_Incoming_and_Outgoing_Emails_Directly]]
* arch_imapbatch - [[Batch-archiving_IMAP_Mailboxes]]
* arch_inout - [[MailStore_Proxy]]
* arch_introduction - [[Archiving_Email]]
* arch_kerio - [[Archiving_Emails_from_Kerio_Connect]]
* arch_kerio_mailbox - [[Archiving_Emails_from_Kerio_Connect#Archiving_Individual_Mailboxes]]
* arch_kerio_mailboxes - [[Archiving_Emails_from_Kerio_Connect#Archiving_Multiple_Mailboxes_in_One_Step]]
* arch_kerio_multidrop - [[Archiving_Emails_from_Kerio_Connect#Archiving_Incoming_and_Outgoing_Emails_Directly]]
* arch_mailboxes - [[Archiving_Server_Mailboxes]]
* arch_mailclients - [[Archiving_Email_from_Outlook,_Thunderbird_and_others]]
* arch_mdaemon - [[Archiving_Emails_from_MDaemon]]
* arch_mdaemon_mailbox - [[Archiving_Emails_from_MDaemon#Archiving_Individual_Mailboxes]]
* arch_mdaemon_mailboxes - [[Archiving_Emails_from_MDaemon#Archiving_Multiple_Mailboxes_in_One_Step]]
* arch_mdaemon_multidrop - [[Archiving_Emails_from_MDaemon#Archiving_Incoming_and_Outgoing_Emails_Directly]]
* arch_multidrop - [[Archiving_IMAP_and_POP3_Multidrop_Mailboxes]]
* arch_profiles - [[Archiving_Email]]
* arch_schedule - [[Email_Archiving_with_MailStore_Basics#Automating_the_Archiving_Process]]
* arch_results - [[Email_Archiving_with_MailStore_Basics]]
* arch_selfolders - [[Email_Archiving_with_MailStore_Basics#Archiving_Specific_Folders]]
* bkup_integrated - [[Backup_and_Restore]]
* comp_auditing - [[Auditing]]
* comp_auditor - [[Compliance_General]]
* comp_forcechangepassword - [[Notes_on_Password_Complexity]]
* comp_general - [[Compliance_General]]
* comp_password_complexity - [[Notes_on_Password_Complexity]]
* comp_retention - [[Retention_Policies]]
* expo_googleapps - [[Exporting_Email]]
* gsta_login - [[Accessing_the_Archive_with_the_MailStore_Client_software#Starting_and_Login]]
* job_jobs - [[Jobs]]
* job_scheduling - [[Jobs]]
* job_results - [[Job_Results]]
* mads_sync - [[Administration]]
* tech_config - [[MailStore_Server_Service_Configuration]]
* tech_index - [[Search_Indexes]]
* tech_mscmd - [[MailStore_Server_Management_Shell]]
* tech_proxy - [[MailStore_Proxy]]
* tech_safemode - [[MailStore_Server_Service_Configuration]]
* tech_smtpsettings - [[SMTP_Settings]]
* tech_archives - [[Archives]]
* tech_storageloc - [[Storage_Locations]]
* tech_productupdates - [[Product_Updates]]
* umgm_privileges - [[Users,_Folders_and_Settings#User_Management]]
* umgm_users - [[Users,_Folders_and_Settings#User_Management]]
* xchg_introduction - [[Archiving_Emails_from_Microsoft_Exchange]]
* xchg_jour_intro - [[Archiving_Emails_from_Microsoft_Exchange]]
* xchg_mailbox - [[Archiving_Emails_from_Microsoft_Exchange]]
* xchg_mailboxes - [[Archiving_Emails_from_Microsoft_Exchange]]
* xchg_public - [[Archiving_Emails_from_Microsoft_Exchange]]
* impl_noownserver - [[Archiving_Emails_Without_Your_Own_Emailserver|(No own e-mail server)]]
* impl_exim - [[Archiving_Emails_from_an_Exim_Based_Email_Server|Exim]]
* impl_hmailserver - [[Archiving_Emails_from_hMailServer|hMailServer]]
* impl_intranator - [[Archiving_Emails_from_Intra2net_Systems|Intra2net Appliance Pro / Business Server]]
* impl_kerioconnect - [[Archiving_Emails_from_Kerio_Connect|Kerio Connect (Kerio MailServer)]]
* impl_kolab - [[Archiving_Emails_from_Kolab|Kolab]]
* impl_postfix - [[Archiving_Emails_from_a_Postfix_Based_Email_Server|Postfix]]
* impl_qmail - [[Archiving_Emails_from_a_Qmail_Based_Email_Server|Qmail]]
* impl_scalix - [[Archiving_Emails_from_Scalix|Scalix]]
* impl_sendmail - [[Archiving_Emails_from_a_Sendmail_Based_Email_Server|Sendmail]]
* impl_smartermail - [[Archiving_Emails_from_SmarterMail|SmarterMail]]
* impl_tobitdavid - [[Archiving_Emails_from_Tobit_David.fx|Tobit David.fx]]
* impl_zimbra - [[Archiving_Emails_from_Zimbra|Zimbra Collaboration Suite]]
* implexch_2003 - [[Archiving_Emails_from_Microsoft_Exchange_2003|Exchange 2003]]
* implexch_2007 - [[Archiving_Emails_from_Microsoft_Exchange_2007|Exchange 2007]]
* implexch_2010 - [[Archiving_Emails_from_Microsoft_Exchange_2010|Exchange 2010]]
* implexch_2013 - [[Archiving_Emails_from_Microsoft_Exchange_2013|Exchange 2013]]
* implexch_2016 - [[Archiving_Emails_from_Microsoft_Exchange_2016|Exchange 2016]]
* implexch_2019 - [[Archiving_Emails_from_Microsoft_Exchange_2019|Exchange 2019]]
* implexch_o365 - [[Archiving_Emails_from_Microsoft_Office_365|Office 365]]
* welc_licensing - [[License_Management]]
* arch_microsoft365 - [[Archiving_Emails_from_Microsoft_365_(Modern_Authentication)]]
* arch_microsoft365_single - [[Archiving_Emails_from_Microsoft_365_(Modern_Authentication)#Archiving_Individual_Microsoft.C2.A0365_Mailboxes]]
* arch_microsoft365_multiple - [[Archiving_Emails_from_Microsoft_365_(Modern_Authentication)#Archiving_Multiple_Microsoft.C2.A0365_Mailboxes_Centrally]]
* arch_microsoft365_public - [[Archiving_Emails_from_Microsoft_365_(Modern_Authentication)#Public_Folders]]
* expo_microsoft365 - [[Exporting_Email]]
* cred_microsoft365 - [[Synchronizing_User_Accounts_with_Microsoft_365_(Modern_Authentication)#Creating_Credentials_in_MailStore_Server]]

[[de:HelpTopicIds]]
[[en:helpTopicIds]]

File:Mads sync 01.png

2021-04-26T20:03:06Z

Bmeyn: Bmeyn uploaded a new version of File:Mads sync 01.png

Importing image file

File:Mads sync 01.png

2021-04-26T19:59:49Z

Bmeyn: Bmeyn uploaded a new version of File:Mads sync 01.png

Importing image file

MailStore Server Help:Books/server131-manual-en

2021-04-26T16:08:12Z

Bmeyn: Created page with "{{saved_book | setting-papersize = a4 | setting-toc = auto | setting-columns = 1 | setting-showtoc = 1 }} == MailStore Server 13.1 == === Documentation === ;Installation..."

{{saved_book
| setting-papersize = a4
| setting-toc = auto
| setting-columns = 1
| setting-showtoc = 1
}}

== MailStore Server 13.1 ==
=== Documentation ===
;Installation
:[[Installation]]
;Archiving Methods
:[[Archiving Email]]
:[[Choosing the Right Archiving Strategy]]
:[[Email Archiving with MailStore Basics]]
:[[Archiving Email from Outlook, Thunderbird and others]]
:[[Archiving Outlook PST Files Directly]]
:[[Archiving Emails from External Systems (File Import)]]
:[[Archiving Server Mailboxes]]
:[[Batch-archiving IMAP Mailboxes]]
:[[Archiving IMAP and POP3 Multidrop Mailboxes]]
;Accessing the Archive
:[[Accessing the Archive]]
:[[Accessing the Archive with the MailStore Client software]]
:[[Accessing the Archive with MailStore Web Access]]
:[[Accessing the Archive with the Microsoft Outlook integration]]
:[[Accessing the Archive via Integrated IMAP Server|Accessing the Archive using other Email Clients]]
;Export Email
:[[Exporting Email]]
;Administration
:[[Users, Folders and Settings]]
:[[Archives]]
:[[Active Directory Integration]]
:[[Setup Active Directory Federation Services]]
:[[Application Integration]]
:[[Google Workspace Integration]]
:[[IceWarp Server Integration]]
:[[Kerio Connect Integration]]
:[[Generic LDAP Integration]]
:[[MDaemon Integration]]
:[[Synchronizing User Accounts with Microsoft 365 (Modern Authentication)]]
:[[Synchronizing User Accounts with Microsoft 365 (Basic Authentication)]]
:[[Compliance General]]
:[[Retention Policies]]
:[[Auditing]]
:[[Audit Log]]
:[[Storage Locations]]
:[[Search Indexes]]
:[[Jobs]]
:[[Job Results]]
:[[Backup and Restore]]
:[[License Management]]
:[[SMTP Settings]]
:[[Active Sessions]]
:[[Product Updates]]
:[[MailStore Server Management Shell]]
;Service Configuration
:[[MailStore Server Service Configuration]]
;MailStore Server Administration API
:[[Administration API - Using the API]]
:[[Administration API - Function Reference]]

[[Category:Books|server131-manual-en]]

Active Directory Integration

2021-04-26T15:30:48Z

Bmeyn:

{{DISPLAYTITLE:Synchronizing User Accounts with Active Directory}}
{{Directory Services Preamble|Active Directory}}

'''Please note:''' MailStore Server does support neither subdomains nor domain trusts.
The MailStore Server service must run as 'Local System account' and the server must be a member of the domain if you want to use 'Integrated Windows authentication'.

== Accessing Directory Service Integration ==
{{Directory Services Accessing Configuration|Active Directory|mads_sync_01.png}}

== Connection to Active Directory ==
For synchronization MailStore Server requires information on how to connect to the Active Directory.

*'''Server (optional)''' DNS name or IP address of an Active Directory domain controller. If the MailStore Server machine is a member of the Active Directory, this setting is detected automatically.
*'''Protocol''' The protocol used to communicate with an Active Directory domain controller.
**''LDAP'' The default protocol when accessing an Active Directory. Though parts of the connection is unencrypted the real payload is encrypted.
**''LDAPS'' Additionally SSL secured version. Be aware that a properly configured certificate infrastructure is required, in which the MailStore Server computer must classify the domain controller's certificate as trustworthy.
*'''Base-DN (optional)''' Base DN of your Active Directory. Often the Base DN can be derived from the Active Directory domain name. For example, if the Active Directory domain name is ''company.local'' the Base DN usually is ''dc=company,dc=local''. The Base DN can also be selected by clicking the button left of the text field if access to an Active Directory domain controller is available. If the MailStore Server machine is a member of the Active Directory, this setting is detected automatically.
*'''Authentication''' Define how the MailStore Server service should identify itself to the Active Directory: 
**''Standard Authentication'' If MailStore Server is not installed directly on an Active Directory domain controller, using standard authentication is required. In this case, fill out the ''User Name'' and ''Password'' fields; enter the user name in UPN notation, e.g. ''Administrator@company.local''
**''Windows Authentication'' If MailStore Server is installed directly on an Active Directory domain controller, the MailStore Server service already has the necessary privileges to authenticate against Active Directory using Windows authentication.

=== User Database Synchronization ===
After configuring the connection settings as described above, you can specify filter criteria for the Active Directory synchronization in this section.

*'''Synchronize Microsoft Exchange users only''' Only user accounts with email addresses configured in Active Directory will be taken into account by the synchronization. Clear this checkbox only if all Active Directory users should be created as MailStore Server users as well.
**'''Synchronize users visible in address lists only''' Only Active Directory user accounts will be taken into account by the synchronization whose Exchange mailboxes are not hidden from Exchange address lists. This option can only be enabled if the option ''Synchronize Microsoft Exchange users only'' is enabled, too.
*'''Synchronize enabled users only''' Only user accounts enabled in Active Directory will be taken into account by the synchronization. Deactivating this option may be useful if certain Exchange mailboxes should be archived whose Active Directory user accounts are deactivated by default.
*'''Sync only these groups''' Choose one or several Active Directory security groups if you only want their members to be created as MailStore users. That way it's possible to exclude certain Active Directory accounts from being synchronized to MailStore, e.g. system accounts.
*: <div class="msnote">'''Note:''' When the MailStore Server Computer is member of a domain, that is not the domain where users are synchronized from, ''Universal Groups'' may not be selectable. An error with the errorcode 1355 might be shown then.</div>
* '''User Name Format''' Choose which naming scheme MailStore user names should follow:
** ''SAM Account Name'' The Pre-Windows 2000 user name.
** ''User Principal Name (UPN)'' The Windows user name including domain, e.g. ''jane.doe@example.com''
** ''User Principal Name (UPN) Local Part'' The Windows user name excluding domain, e.g. ''jane.doe''
{{Directory Services Authentication|Active Directory}}
{{Directory Services Options|Active Directory}}
{{Directory Services Assign Default Privileges|an Active Directory}}
{{Directory Services Run Synchronization|Active Directory}}
[[File:Mads_sync_02.png|450px|center]]

{{Directory Services Login with Directory Services Credentials|Active Directory}}
To use ''Single-Sign-On (SSO)'' with ''Windows-Authentication'', the client and the MailStore Server computer must be members of the same domain and the client must be authenticated at the domain controller. Also, additional configuration steps are necessary as described in the articles [[MailStore_Client_Deployment|MailStore Client Deployment]] and [[MailStore_Outlook_Add-in_Deployment|MailStore Outlook Add-in Deployment]].

[[de:Active Directory-Integration]]
[[en:Active Directory Integration]]

Accessing the Archive with the Microsoft Outlook integration

2021-04-26T15:17:49Z

Bmeyn: /* Login to MailStore Server */

With the MailStore Outlook Add-in, MailStore users can access the archive directly from within Microsoft Outlook.
{{#ev:youtube|https://youtu.be/X_lTDQjQzyQ|340|right|''Tech Tip: Using the MailStore Outlook Add-in''}}
The MailStore Outlook Add-in lets users find emails easily by browsing their archive's folder structure or by using the comfortable, fast search functionality and then open, restore or print them. Opened or restored emails can also be replied to or forwarded by using the familiar facilities of Microsoft Outlook.

Our Tech Tip video provides an overview.
 

== Installation & Update ==
The MailStore Outlook Add-In setup file that matches your MailStore Server version is stored on the MailStore Server machine. Follow the ''Install MailStore Client on other Computers'' link on your desktop and copy the corresponding setup file to the client computer. A list of supported Microsoft Outlook versions can be found under [[System_Requirements#MailStore_Outlook_Add-in|System Requirements]].

It is a regular Windows setup program, that can by executed on the appropriate client computer by double-clicking on the setup file. Just follow on-screen instructions.

'''Notice:''' Alternatively to installing the MailStore Outlook Add-In application manually, you can also deploy it to the client computer though the Active Directories Group Policy feature. More information on that can be found in the article [[MailStore Outlook Add-in Deployment]]

If an update is installed on the MailStore Server computer, MailStore Outlook Add-In usually stays compatible with MailStore Server. Therefore a re-installation of MailStore Outlook Add-In is only required if significant changes (e.g. security updates) are listed in the [https://go.mailstore.com/?product=MailStore%20Server&target=changelog&lang=en changelog].

After successful installation, a tab labeled "MailStore" will be visible in Microsoft Outlook.

[[File:Outlook2019RibbonTabEN.PNG|center|550px]]

=== Technical Considerations ===
* The MailStore Outlook Add-in uses the HTTP server integrated in MailStore Server to access the archive, which only allows encrypted HTTPS connections. Thus using a valid TLS/SSL certificate is recommended.
* If you have changed the configuration of the HTTPS port within the MailStore Server Service Configuration (the default HTTPS port is 8462), you must include the port number when logging in. Simply append the port number to the server name, separated by a colon (for example: <code>mailstore.example.com:443</code>)

== Login to MailStore Server ==
If the MailStore Outlook Add-in is not pre-configured, you will be asked to log in to MailStore Server as soon as you click any button in the MailStore Outlook Add-in.
[[File:OutlookAddin_Login_01.png|right|350px]]
The window ''Connect to MailStore Server'' appears.
* Enter the DNS host name of the computer on which MailStore Server is installed into ''Server Name''. Please refer to your system administrator for the server name and your access data.
* Click ''Connect'' to connect to MailStore Server.
 

[[File:OutlookAddin_Login_02.png|right|350px]]
Once the connection was established successfully, the user name dialog appears.
* Enter the user name of a MailStore user into the ''User Name'' field and click on ''Next''.
 
[[File:OutlookAddin_Login_03.png|right|350px]]
MailStore Server now determines how the user is to be authenticated.
* If MailStore Server is able to verify the user's credentials itself, the password dialog as shown on the right appears. Enter the password into the ''Password'' field and click on ''Log in''.
* If the user authenticates against Microsoft 365, Google Workspace or Active Directory Federation Services (AD FS), the default web browser will be opened to allow authentication through Microsoft's, Google's or the AD FS's authentication service. 
'''Hint:''' If you would like to log in to a different server or use different credentials, click on ''Settings'' in the MailStore Outlook Add-in and update the ''Server Name'' as desired or click on ''Clear Cached Credentials'' to use new credentials on next login.

== Search by Archive Folder ==
=== Display of the Archive Folder ===

[[File:WebArchiveFolders.png|right]]

In the MailStore Outlook Add-in, click on ''Browse Archive'' to display the part of the archive that is visible to you.

=== User Archives ===
The folder ''My Archive'' contains all emails that were archived from your mailboxes. If you have read-access to the archives of additional users, their emails are located in the folders labeled ''Archive of <user name>''.

=== Display of Emails in a Folder ===
To view the emails of a specific folder, simply click on the folder name. The emails are listed below the tree structure.
{{Quick Search|Outlook Add-In|left}}
{{Advanced Search|Outlook Add-In}}
== Email Display ==
To view an email which was returned by one of the search functions described above, simply click on it. A preview of the email is displayed on the right side of the screen.

Please keep in mind that images and any formatting will not be displayed in the preview for security reasons. Emails cannot be forwarded or replied to within the preview, either.

For a comprehensive view of an archived email and the ability to use all the Microsoft Outlook features such as printing, forwarding and replying, click on ''Open Email'' in the MailStore Outlook Add-in. The email will be loaded from the archive and displayed, either immediately or after a few seconds depending on size.

 

== Restoring Emails to the Application ==
[[File:OutlookAddinRestore.png|right]]

To restore an archived email which is no longer in your mailbox to Outlook, please proceed as follows:

* Locate the email within the archive and select it, so that it is shown in the preview area.
* In the MailStore Outlook Add-in, click on ''Restore Message''.
* Drag and drop the envelope icon into an Outlook email folder or a Windows Explorer file system folder.
* The email is restored immediately or after a few seconds, depending on its size. The email is restored as ''read''.

 

== Printing Emails ==
To quickly print an archived email on the current default printer, please proceed as follows:

* Locate the email within the archive and select it, so that it is shown in the preview area.
* In the MailStore Outlook Add-in, click on ''Print Message''.
* The email is immediately printed.

To print the message on a different than the default printer, use Outlook's built-in function accessible after you opened the message via ''Open Message'' from the add-in.

 

== Changing Regional Settings ==
By default the MailStore Outlook Add-in uses the same regional settings as Microsoft Outlook. The regional settings can also be set manually in the MailStore Outlook Add-in settings dialog.

[[de:Zugriff_über_die_Microsoft_Outlook-Integration]]
[[en:Accessing the Archive with the Microsoft Outlook integration]]

Accessing the Archive via Integrated IMAP Server

2021-04-26T15:09:53Z

Bmeyn:

With MailStore's integrated IMAP server you can access the MailStore archive in read-only mode with any IMAP-enabled email client. This provides a convenient way to access the email archive using not only many alternative email clients on any operating system (e.g. MacOS or Linux), but also through email apps running on Android or iOS devices. Installing MailStore Client on the user machines is not required.

== Prerequisite for Using the MailStore-Integrated IMAP Server ==
Activation and configuration of the integrated IMAP server are done using the [[MailStore Server Service Configuration]]. All IMAP-enabled email clients that support encrypted connections are supported, since the integrated IMAP server refuses the login over unencrypted connections.

'''Please note:''' When using Microsoft 365, Google Workspace or Active Directory Federation Services (AD FS) to authenticate users at login, accessing the archive via IMAP is not possible for technical reasons.

== Accessing the Integrated IMAP Server ==
Unless the integrated IMAP server is configured otherwise, users can access MailStore Server using the following settings:

* '''Incoming Mail Server''' - Host name or IP address of the MailStore server
* '''Port''' - For STARTTLS-encrypted connections (explicit TLS) the standard IMAP port 143 is used. For implicit TLS-encrypted connections the standard IMAP port 993 is used.
* '''User Name''' - Name of the MailStore user.
* '''Password''' - Password which is required for accessing the MailStore server.

'''Please note:''' In addition to configuring the incoming mail server, email clients often require configuring the outgoing mail server as well. In this case, using the same data as for an existing email account will facilitate further processing emails from the email archive.

[[de:Zugriff_über_MailStore_integrierten_IMAP-Server]]
[[en:Accessing the Archive via Integrated IMAP Server]]

Generic LDAP Integration

2021-04-26T15:03:34Z

Bmeyn:

{{Directory Services Preamble|LDAP server}}

== Accessing Directory Service Integration ==
{{Directory Services Accessing Configuration|LDAP server|Mldap_sync_01.png}}

== Connection to the LDAP Directory Service ==
For synchronization MailStore Server requires information on how to connect to the LDAP directory service and how to obtain the required data from it.

=== LDAP Connection ===
{| class="wikitable"
! width=250px | Name
! Description
|-
| Server Name
| DNS name or IP address of your LDAP server
|-
| Protocol
| Configure whether the connection to the LDAP server is to be unencrypted on port 389, LDAP-TLS on port 389, or LDAP-SSL on port 636
|-
| Accept all certificates (only when using LDAP-TLS or LDAP-SSL)
| {{Option_Accept_all_certificates}}
|-
| Administrative DN
| Distinguished Name (DN) or user name of a user with appropriate privileges on the LDAP server
|-
| Password
| Password of the user specified in Administrative DN
|-
| Base DN
| LDAP base DN, if needed
|}

=== User Filter and Attributes ===
{| class="wikitable"
! width=250px | Name
! Description
|-
| Filter (optional)
| Filter LDAP objects to return only user objects with email addresses
|-
| User Name
| The LDAP attribute containing the username that you wish MailStore to use
|-
| Local Part Only (E-mail Addresses / UPN)
| If unchecked, MailStore will use the full username including domain portion, e.g. ''username@example.com''. If checked, MailStore will only use the local part of the User Name specified, e.g. the ''username''
|-
| Full Name (optional)
| The full name of the user, for display purposes within MailStore
|-
| E-mail Addresses (opt.)
| The LDAP attribute containing the user's email address. This can contain multiple, comma separated, e-mail addresses
|}

=== Group Filter and Attributes ===
{| class="wikitable"
! width=250px | Name
! Description
|-
| Filter
| LDAP filter to return only group objects
|-
| Name
| The LDAP attribute that contains the common name of a group
|-
| Description (optional)
| The LDAP attribute that contains a human readable description for each group
|-
| Members
| The LDAP attribute that contains the common name of group members
|-
| Search Filter for Members
| LDAP filter to resolve group members when members are not specified as a DN string as part of the group results. MailStore will fill in the <tt>{member}</tt> variable with values from the ''Members'' attribute
|-
| Group
| The actual group(s) containing users that MailStore Server will synchronize
|}
{{Directory Services Authentication|LDAP}}
{{Directory Services Options|LDAP}}
{{Directory Services Assign Default Privileges}}

== Configuration Samples ==

=== Active Directory ===
It is possible to connect LDAP Generic to Active Directory, allowing for more flexibility and control than MailStore's built-in Active Directory support. For example, LDAP Generic will allow you to accept invalid or self-signed certificates when using LDAP-SSL or LDAP-TLS, use custom filters or change which attributes are used by MailStore.

It is assumed that the Active Directory LDAP service is reachable by the MailStore instance on TCP port 389 or 636, including opening ports in the firewall, where applicable.

As most Active Directory configurations are quite similar, it will be possible to copy/paste most of the examples below, making only minor modifications based on your environment.

==== LDAP Connection ====
{| class="wikitable"
! width=250px | Name
! Value
! Description
|-
| Server Name
| <tt>dc001.example.com</tt>
| DNS name or IP address of an Active Directory domain controller.
|-
| rowspan=3 | Protocol
| <tt>LDAP</tt>
| Do not use transport encryption
|-
| <tt>LDAP-TLS</tt>
| Use TLS as transport encryption
|-
| <tt>LDAP-SSL</tt>
| Use SSL as transport encryption
|-
| rowspan=2| Accept all certificates
| ''Enabled''
| Establish a TLS/SSL encrypted connection, even if the certificate validation failed.
|-
| ''Disabled''
| Do not establish a TLS/SSL encrypted connection, if the certificate validation failed.
|-
| Administrative DN
| <tt>mailstore@example.com</tt>
| Active Directory account for MailStore's use
|-
| Password
| <tt>MySecretPassword</tt>
| Password of the user specified in ''Administrative DN'' above
|-
| Base DN
| ''Empty''
| LDAP base DN will be detected automatically in Active Directory environments
|}

==== User Filter and Attributes ====
{| class="wikitable"
! width=250px | Name
! Value
! Description
|-
|rowspan = 4 | Filter (optional)
|<tt>(objectCategory=User)</tt>
|All users
|-
|<tt>(&(objectCategory=User)(mail=*))''</tt>
|All users with Active Directory e-mail addresses
|-
|<tt>(&(objectCategory=User)(proxyAddresses=*))</tt>
|All users with Exchange e-mail addresses
|-
|<tt>(&(objectCategory=User)(proxyAddresses=*)(mail=*))</tt>
|All users with Exchange e-mail addresses who are also listed in the global address book
|-
|rowspan = 2 |User Name
|<tt>userPrincipalName</tt>
| Use Active Directory user name as MailStore user name
|-
|<tt>sAMAccountName</tt>
| Use pre-Windows 2000 user name as MailStore user name
|-
|rowspan = 2 |Local Part Only (E-mail Addresses / UPN)
|''Enabled''
| Only use the local part from the Active Directory user name in UPN format
|-
|''Disabled''
| Use the full Active Directory user name in UPN format
|-
|Full Name (optional)
|<tt>displayName</tt>
|The user's visible name in Active Directory
|-
|rowspan = 2 |E-mail Addresses (opt.)
|<tt>proxyAddresses</tt>
|Exchange environments
|-
|<tt>mail</tt>
|Non-Exchange environments
|}

==== Group Filter and Attributes ====
{| class="wikitable"
! width=250px | Name
! Value
! Description
|-
| Filter
| <tt>(objectCategory=Group)</tt>
| All objects of category ''Group'', usually all groups
|-
| Name
| <tt>cn</tt>
| Use the value of the LDAP attribute ''CN'' as group name
|-
| Description (optional)
| <tt>description</tt>
| Use the value of the LDAP attribute ''description'' as group name
|-
| Members
| <tt>member</tt>
| Use the value LDAP attribute ''member'' to determine group members
|-
| Search Filter for Members
| ''emtpy''
| Group members are returned as Distinguished Names
|-
| Group
| <tt>MailStore Users</tt>
| Synchronize only users from the ''MailStore Users'' group
|}

=== OpenLDAP ===
OpenLDAP is a commonly used LDAP server, configuration will require some knowledge of your LDAP environment.

It is assumed that the LDAP service is reachable by the MailStore instance on TCP port 389 or 636, including opening ports in the firewall, where applicable.

As OpenLDAP is very flexible, configuration options vary from server to server and you may need to make significant modifications to the examples below to fit the schema used in your environment.

==== LDAP Connection ====
{| class="wikitable"
! width=250px | Name
! Value
! Description
|-
| Server Name
| <tt>directory.example.com</tt>
| DNS name or IP address of the OpenLDAP server.
|-
| rowspan=3 | Protocol
| <tt>LDAP</tt>
| Do not use transport encryption
|-
| <tt>LDAP-TLS</tt>
| Use TLS as transport encryption
|-
| <tt>LDAP-SSL</tt>
| Use SSL as transport encryption
|-
| rowspan=2| Accept all certificates
| ''Enabled''
| Establish a TLS/SSL encrypted connection, even if the certificate validation failed.
|-
| ''Disabled''
| Do not establish a TLS/SSL encrypted connection, if the certificate validation failed.
|-
| Administrative DN
| <tt>cn=admin,dc=example,dc=com</tt>
| LDAP username that MailStore should use for accessing the OpenLDAP server
|-
| Password
| <tt>MySecretPassword</tt>
| Password of the user specified in ''Administrative DN'' above
|-
| Base DN
| <tt>dc=example,dc=com</tt>
| The Base-DN of the LDAP directory
|}

==== User Filter and Attributes ====
{| class="wikitable"
! width=250px | Name
! Value
! Description
|-
|rowspan = 2 | Filter (optional)
|<tt>(objectClass=posixAccount)</tt>
|All objects of type ''posixAccount'', usually all users
|-
|<tt>(&(objectClass=posixAccount)(mail=*))</tt>
|All users with configured email address
|-
|rowspan = 2 |User Name
|<tt>uid</tt>
| Use the value of LDAP attribute ''UID'' as MailStore user name
|-
|<tt>cn</tt>
| Use the value of LDAP attribute ''CN'' as MailStore user name
|-
|rowspan = 2 |Local Part Only (E-mail Addresses / UPN)
|''Enabled''
| Only use the local part from a user name in UPN format
|-
|''Disabled''
| Use the full user name in UPN format
|-
|Full Name (optional)
|<tt>displayName</tt>
| Use the value of LDAP attribute ''displayName'' as MailStore user name
|-
|E-mail Addresses (opt.)
|<tt>mail</tt>
| Use the values of LDAP attribute ''mail'' for the email addresses of MailStore users
|}

==== Group Filter and Attributes ====
{| class="wikitable"
! width=250px | Name
! Value
! Description
|-
| Filter
| <tt>(objectClass=posixGroup)</tt>
| All objects of category ''posixGroup'', usually all groups
|-
| Name
| <tt>cn</tt>
| Use the value of the LDAP attribute ''CN'' as group name
|-
| Description (optional)
| <tt>description</tt>
| Use the value of the LDAP attribute ''description'' as group name
|-
| Members
| <tt>member</tt>
| Use the value LDAP attribute ''member'' to determine group members
|-
| rowspan=2 | Search Filter for Members
| ''emtpy''
| Group members are returned as Distinguished Names
|-
| <tt><nowiki>(|(&(objectClass=posixAccount)(uid={member}))(&(objectClass=posixGroup)(cn={member})))</nowiki></tt>
| members in ''memberUid'' are only given as plain user or group names
|-
| Group
| <tt>MailStore Users</tt>
| Synchronize only users from the ''MailStore Users'' group
|}

{{Directory Services Run Synchronization}}
[[File:mads_sync_02.png|center|450px]]

{{Directory Services Test Authentication}}
{{Directory Services Login with Directory Services Credentials|LDAP server}}

[[de:Generische_LDAP-Integration]]
[[en:Generic LDAP Integration]]

Accessing the Archive with the MailStore Client software

2021-04-26T15:01:16Z

Bmeyn: /* Starting and Login */

== Installation & Update ==
The MailStore Client setup file that matches your MailStore Server version is stored on the MailStore Server machine. Follow the ''Install MailStore Client on other Computers'' link on your desktop and copy the corresponding setup file to the client computer.

It is a regular Windows setup program, that can by executed on the appropriate client computer by double-clicking on the setup file. Just follow on-screen instructions.

'''Notice:''' Alternatively to installing the MailStore Client application manually, you can also deploy it to the client computer though the Active Directories Group Policy feature. More information on that can be found in the article [[MailStore Client Deployment]]

If an update is installed on the MailStore Server computer, MailStore Client updates itself automatically on first login to stay compatible with MailStore Server. Therefore a re-installation of MailStore Client is usually not required.

== Starting and Login ==
Start MailStore Client by using the appropriate link on the desktop.

[[File:Gsta_useclient_00.png|right|350px]]
The window ''Connect to MailStore Server'' appears.
* Enter the DNS host name of the computer on which MailStore Server is installed into ''Server Name''. Be aware, that the pre-filled entry ''localhost'' only works if the MailStore Client is run from the same machine where MailStore Server is installed.
* Click ''Connect'' to connect to MailStore Server.
 
 
'''Hint: '''Did you activate the option ''Always connect to this server'' and you want to change the destination server later? Hold the <code>Shift</code> key pressed while opening MailStore Client.

After establishing the connection to MailStore Server, MailStore Client checks if newer a version of its own program files is available for downloading and, if necessary, updates these automatically.

[[File:Gsta_useclient_01.png|right|350px]]
Once the connection was established successfully, the user name dialog appears.
* Enter the user name of a MailStore user into the ''User Name'' field and click on ''Next''.
 
[[File:Gsta_useclient_02.png|right|350px]]
MailStore Server now determines how the user is to be authenticated.
* If MailStore Server is able to verify the user's credentials itself, the password dialog as shown on the right appears. Enter the password into the ''Password'' field and click on ''Log in''.
* If the user authenticates against Microsoft 365, Google Workspace or Active Directory Federation Services (AD FS), the default web browser will be opened to allow authentication through Microsoft's, Google's or the AD FS's authentication service. 

== The MailStore Folder Structure ==
[[File:Accs_folders_01.png|right|240px]]
For each user, MailStore creates a folder on the highest level of the folder structure which corresponds to the archive of the respective user. It contains all emails that were archived for this user and is labeled ''My Archive''.

If the user has access to the archives of other MailStore users (as MailStore administrator, for example), their folders are listed as ''Archive of <User Name>'' under the top level folder ''Other Archives''

Below these main folders, the individual email sources (e.g. Microsoft Outlook or Exchange mailboxes) and their folder structures (e.g. ''Inbox'') are listed.

'''Notice: '''For MailStore administrators, accessing the archives of other users via the folder structure is blocked by default; this setting can be changed in the [[Compliance_General|compliance settings]]. Additionally, MailStore administrators can manage archives via the [[Archives]] page.

=== Deleting Folders ===
Folders and the emails contained therein can only be deleted after the appropriate user privileges have been assigned explicitly by the administrator. If the folder to be deleted contains any subfolders, they will be deleted as well.

=== Moving, Renaming, and Creating Folders Manually ===
Within MailStore, folders can be moved, renamed or created. Regular users can only do this within their own user archive, while MailStore administrators can move and rename folders beyond the boundaries of user archives.During the archiving process, MailStore adopts the folder structure and the folder names of the source (e.g. Microsoft Outlook).

Please note that moving large archives across the borders of user archives can take some time because the emails being moved have to be gathered by the full text index of the target user.

The features ''New Folder...'', ''Rename'' and ''Move to Folder...'' can be accessed by right-clicking on the corresponding archive folder.

If a MailStore administrator renames a user archive (Folder: ''Archive of <user name>'') without renaming the corresponding user, an empty archive will exist with this user name until it is changed.

'''Hint:''' Using an already existing folder name when renaming a folder, allows to merge the content of both folders.

=== Changing Message Type ===
In case the message recipient is shown wrongly instead of the message sender or vice versa, an administrator is able to change the ''message type'' of a message.

Highlight the emails and select ''Change Message Type'' in the context menu.

In case the message type of other users' message should be changed, [[Compliance_General#Archive_Access|archive access]] has to be unblocked.

Verify the [[Email_Archiving_with_MailStore_Basics#Archiving_Specific_Folders|archiving profile settings]] if necessary, so that the message type is already set correctly during archiving.

=== Deleting Emails ===
Highlight the emails to be deleted by clicking on the emails while holding down the <code>Ctrl</code> key (<code>Ctrl+A</code> will highlight all emails). Right-click on the highlighted item(s) and select ''Delete''. Users are only allowed to delete emails if they have received this privilege explicitly from the MailStore administrator.

Please keep in mind that allowing users to delete emails is not recommended; assigning such privileges makes it difficult, if not impossible, to comply with legal requirements regarding the storage of emails.

=== Moving Emails ===
Highlight the emails to be moved by clicking on the emails while holding down the <code>Ctrl</code> key (<code>Ctrl+A</code> will highlight all emails). Right-click on the highlighted item(s), select ''Move To Folder...'' and select a destination folder. Alternatively, drag and drop the highlighted emails into the destination folder. Emails can only be moved within a user archive unless you are a MailStore administrator.

== Searching by Folder Structure ==
MailStore sorts all archived email into MailStore's own folder structure. Below the main folders, the individual email sources (e.g. Microsoft Outlook or Exchange mailboxes) and their folder structures (e.g. ''Inbox'') are listed.

 

[[File:accs_folders_02.png|right|240px]]
=== Viewing the Emails in a Folder ===
To view the emails in a folder, simply click on the folder name. The emails will be listed below the folder structure.

Click on the text ''Sorted by: <value>'' to change the order in which emails are displayed. Emails can be sorted according to:

* Date
* From/To (sender/recipient of the email)
* Subject

Click on the Field to the right of ''Sorted by'' ("New to Old" in the screenshot) to reverse the order in which emails are arranged. By default, the latest email is displayed first.

=== Refreshing the View ===
To refresh the list of folders, click on a folder and press F5 on your keyboard.

Click on the folder again to refresh the list of emails.

=== Starting an Advanced Search in a Folder ===
To start an advanced search in a folder, right click on the folder and select ''Search here...''. The [[#Advanced Search|advanced search]] is shown and the folder is preselected.
 
{{Quick Search|Client|upper left}}
{{Advanced Search|Client}}

== Email Preview ==
MailStore offers an integrated email preview displaying emails the same way as standard email applications. To activate the preview, simply click on an email or use the arrow keys to highlight the desired email in the list.

[[File:Access client.png|center|550px]]

The menu bar above the email preview shows all functions available for the email currently displayed.

=== Save as... ===
Click on ''Save as...'' to save the current email in any Windows folder. Emails can be saved in the following file formats:

* '''RFC822 EML''' - These files can be opened independently from MailStore by double-clicking and can be moved to applications such as Mozilla Thunderbird by drag & drop.
* '''Outlook MSG''' - These files can be opened with or imported to all versions of Microsoft Outlook directly.

=== Print ===
Using the print function the email currently displayed will be printed including header information such as Date and Subject.

=== Find in Email ===
Click on ''Find in Email...'' to search the message body of the current email.

=== Internet Headers... ===
Click on ''Internet Headers'' to view the header of the current email, including all MIME parts.

=== Message Source ===
Click on ''Message Source'' to show the full source of the current message including all MIME-parts.

=== Delete (only with the appropriate privilege) ===
Click on ''Delete'' to delete the current email from the archive. Please keep in mind that, in order to use this function, the appropriate privilege has to be in place.

=== Retention Details (Administrators only) ===
This button is only available if [[Retention_Policies|retention policies]] are configured and enabled. 
[[File:Retention_Policies_05.png|right|350px]] Click on ''Retention Details'' to view the minimum and maximum retention date and the corresponding retention policies if applicable.

By clicking on a retention policy you can view its configuration directly. 

=== Reopening Emails in an Email Application ===
Emails previewed in MailStore can be reopened in any email application to reply to or forward them. Select an email client you want to open email messages in first, by clicking on ''Email Client:''. MailStore only lists email clients that are supported and that are installed on the computer from which MailStore Client is executed.

[[File:accs_openclient_01.png|center|450px]]

Depending on the selected email client, additional button may be visible:

* '''Open in <email client>''' - Open the current message to the selected email client. Please note, that emails are simply opened, not stored, in the application. To restore emails to an email application, please use [[Exporting Email|MailStore's Export Feature]].

* '''Restore to <email client>...''' - Restore the current message to the selected email client. If further settings are required an additional button ''Settings..'' will be shown.

[[de:Zugriff_über_die_MailStore_Client-Software]]
[[en:Accessing the Archive with the MailStore Client software]]

Accessing the Archive with the Microsoft Outlook integration

2021-04-26T14:59:17Z

Bmeyn: /* Login to MailStore Server */

With the MailStore Outlook Add-in, MailStore users can access the archive directly from within Microsoft Outlook.
{{#ev:youtube|https://youtu.be/X_lTDQjQzyQ|340|right|''Tech Tip: Using the MailStore Outlook Add-in''}}
The MailStore Outlook Add-in lets users find emails easily by browsing their archive's folder structure or by using the comfortable, fast search functionality and then open, restore or print them. Opened or restored emails can also be replied to or forwarded by using the familiar facilities of Microsoft Outlook.

Our Tech Tip video provides an overview.
 

== Installation & Update ==
The MailStore Outlook Add-In setup file that matches your MailStore Server version is stored on the MailStore Server machine. Follow the ''Install MailStore Client on other Computers'' link on your desktop and copy the corresponding setup file to the client computer. A list of supported Microsoft Outlook versions can be found under [[System_Requirements#MailStore_Outlook_Add-in|System Requirements]].

It is a regular Windows setup program, that can by executed on the appropriate client computer by double-clicking on the setup file. Just follow on-screen instructions.

'''Notice:''' Alternatively to installing the MailStore Outlook Add-In application manually, you can also deploy it to the client computer though the Active Directories Group Policy feature. More information on that can be found in the article [[MailStore Outlook Add-in Deployment]]

If an update is installed on the MailStore Server computer, MailStore Outlook Add-In usually stays compatible with MailStore Server. Therefore a re-installation of MailStore Outlook Add-In is only required if significant changes (e.g. security updates) are listed in the [https://go.mailstore.com/?product=MailStore%20Server&target=changelog&lang=en changelog].

After successful installation, a tab labeled "MailStore" will be visible in Microsoft Outlook.

[[File:Outlook2019RibbonTabEN.PNG|center|550px]]

=== Technical Considerations ===
* The MailStore Outlook Add-in uses the HTTP server integrated in MailStore Server to access the archive, which only allows encrypted HTTPS connections. Thus using a valid TLS/SSL certificate is recommended.
* If you have changed the configuration of the HTTPS port within the MailStore Server Service Configuration (the default HTTPS port is 8462), you must include the port number when logging in. Simply append the port number to the server name, separated by a colon (for example: <code>mailstore.example.com:443</code>)

== Login to MailStore Server ==
If the MailStore Outlook Add-in is not pre-configured, you will be asked to log in to MailStore Server as soon as you click any button in the MailStore Outlook Add-in.
[[File:OutlookAddin_Login_01.png|right|350px]]
The window ''Connect to MailStore Server'' appears.
* Enter the DNS host name of the computer on which MailStore Server is installed into ''Server Name''. Please refer to your system administrator for the server name and your access data.
* Click ''Connect'' to connect to MailStore Server.
 

[[File:OutlookAddin_Login_02.png|right|350px]]
Once the connection was established successfully, the user name dialog appears.
* Enter the user name of a MailStore user into the ''User Name'' field and click on ''Next''.
 
[[File:OutlookAddin_Login_03.png|right|350px]]
MailStore Server now determines how the user is to be authenticated.
* If MailStore Server is able to verify the user's credentials itself, the password dialog as shown on the right appears. Enter the password into the ''Password'' field and click on ''Log in''.
* If the user authenticates against Microsoft 365, Google Workspace or Active Directory Federation Services (AD FS), the web browser will be redirected to allow authentication through Microsoft's, Google's or the AD FS's authentication service. 
'''Hint:''' If you would like to log in to a different server or use different credentials, click on ''Settings'' in the MailStore Outlook Add-in and update the ''Server Name'' as desired or click on ''Clear Cached Credentials'' to use new credentials on next login.

== Search by Archive Folder ==
=== Display of the Archive Folder ===

[[File:WebArchiveFolders.png|right]]

In the MailStore Outlook Add-in, click on ''Browse Archive'' to display the part of the archive that is visible to you.

=== User Archives ===
The folder ''My Archive'' contains all emails that were archived from your mailboxes. If you have read-access to the archives of additional users, their emails are located in the folders labeled ''Archive of <user name>''.

=== Display of Emails in a Folder ===
To view the emails of a specific folder, simply click on the folder name. The emails are listed below the tree structure.
{{Quick Search|Outlook Add-In|left}}
{{Advanced Search|Outlook Add-In}}
== Email Display ==
To view an email which was returned by one of the search functions described above, simply click on it. A preview of the email is displayed on the right side of the screen.

Please keep in mind that images and any formatting will not be displayed in the preview for security reasons. Emails cannot be forwarded or replied to within the preview, either.

For a comprehensive view of an archived email and the ability to use all the Microsoft Outlook features such as printing, forwarding and replying, click on ''Open Email'' in the MailStore Outlook Add-in. The email will be loaded from the archive and displayed, either immediately or after a few seconds depending on size.

 

== Restoring Emails to the Application ==
[[File:OutlookAddinRestore.png|right]]

To restore an archived email which is no longer in your mailbox to Outlook, please proceed as follows:

* Locate the email within the archive and select it, so that it is shown in the preview area.
* In the MailStore Outlook Add-in, click on ''Restore Message''.
* Drag and drop the envelope icon into an Outlook email folder or a Windows Explorer file system folder.
* The email is restored immediately or after a few seconds, depending on its size. The email is restored as ''read''.

 

== Printing Emails ==
To quickly print an archived email on the current default printer, please proceed as follows:

* Locate the email within the archive and select it, so that it is shown in the preview area.
* In the MailStore Outlook Add-in, click on ''Print Message''.
* The email is immediately printed.

To print the message on a different than the default printer, use Outlook's built-in function accessible after you opened the message via ''Open Message'' from the add-in.

 

== Changing Regional Settings ==
By default the MailStore Outlook Add-in uses the same regional settings as Microsoft Outlook. The regional settings can also be set manually in the MailStore Outlook Add-in settings dialog.

[[de:Zugriff_über_die_Microsoft_Outlook-Integration]]
[[en:Accessing the Archive with the Microsoft Outlook integration]]

Accessing the Archive with MailStore Web Access

2021-04-26T14:55:09Z

Bmeyn:

The responsive Web Access makes the archive accessible through any current internet browser on any device. This way, important functions such as browsing and viewing archived messages can be made available without having to install additional software.

== Requirements for Using Web Access ==
* A list of supported internet browsers can be found in the [[System_Requirements#MailStore_Web_Access|System Requirements]].
* In order to use the ''Restore to Mailbox'' feature an administrator needs to configure the SMTP settings under ''Administrative Tools > Miscellaneous > SMTP Settings'' first.

== Accessing Web Access ==
Unless configured differently, users can access MailStore Web Access through this URL:

https://<fqdn>:8462

Please replace <fqdn> with the fully qualified domain name of the MailStore Server computer, e.g. <tt>mailstore.example.com</tt>.

To log in to the Web Access, fill out the ''User Name'' field and click ''Next''.

MailStore Server now determines how the user is to be authenticated.

* If MailStore Server is able to verify the user's credentials itself, the password dialog appears. Enter the password into the ''Password'' field and click on ''Log in''.
* If the user authenticates against Microsoft 365, Google Workspace or Active Directory Federation Services (AD FS), the web browser will be redirected to allow authentication through Microsoft's, Google's or the AD FS's authentication service.

== Search Archive ==
{{ Search }}
== Browse Archive ==
The folder ''My Archive'' contains all emails that were archived from your mailboxes. If you have read-access to the archives of other users, their emails are located in the folders labeled ''Archive of <user name>''.

To list the emails of a specific folder, simply click on the folder name.

== Email Preview ==
The email preview displays a message with its original formatting. For security reasons, contents and images that are referenced externally will be downloaded and displayed only upon request.

=== Open Email in Email Application ===
The toolbar item ''Open'' provides access to the functions ''Open as MSG'' and ''Open as EML''. This allows users to open the displayed message in an external email application such as Microsoft Outlook (MSG), Mozilla Thunderbird (EML) or other. These may be used to answer or forward archived emails.

=== Restore Email ===
The toolbar item ''Restore'' allows to send the displayed message to an arbitrary email address.

'''Please note:''' Before this function can be used preparations have to be done by an administrator. Please refer to [[SMTP Settings]] for more information.

=== Print Email ===
The toolbar item ''Print'' allows users to print the displayed message.

=== Show Internet Headers ===
The toolbar item ''Internet Headers'' shows the internet headers of the displayed message as well as all MIME parts.

== User Menu ==

=== Settings ===
By default the Web Access uses the same regional settings as the user's web browser. The regional settings can also be specified manually in the Web Access' settings dialog.

=== Help ===
Open this online help website.

=== About ===
Displays legal information such as ''Licensing Terms and Conditions'', ''3rd Party Licenses'', and ''Privacy Policy''.

=== Change Password===
The user can change the MailStore password. If the password policy, which is enabled by default, is active, the password must meet the [[Notes_on_Password_Complexity|complexity rules]].
This item is only shown if the user has the ''Change Password'' privilege and is not authenticated against an external directory service.

=== Sign out ===
Signs the current user out of the Web Access.

[[de:Zugriff_über_MailStore_Web_Access]]
[[en:Accessing_the_Archive_with_MailStore_Web_Access]]

Accessing the Archive via Integrated IMAP Server

2021-04-26T14:48:15Z

Bmeyn: /* Prerequisite for Using the MailStore-Integrated IMAP Server */

With MailStore's integrated IMAP server you can access the MailStore archive in read-only mode with any IMAP-enabled email client. This provides a convenient way to access the email archive using not only many alternative email clients on any operating system (e.g. MacOS or Linux), but also through email apps running on Android or iOS devices. Installing MailStore Client on the user machines is not required.

== Prerequisite for Using the MailStore-Integrated IMAP Server ==
Activation and configuration of the integrated IMAP server are done using the [[MailStore Server Service Configuration]]. All IMAP-enabled email clients that support encrypted connections are supported, since the integrated IMAP server refuses the login over unencrypted connections.

'''Please note:''' When using Microsoft 365, Google Workspace or AD FS to authenticate users at login, accessing the archive via IMAP is not possible for technical reasons.

== Accessing the Integrated IMAP Server ==
Unless the integrated IMAP server is configured otherwise, users can access MailStore Server using the following settings:

* '''Incoming Mail Server''' - Host name or IP address of the MailStore server
* '''Port''' - For STARTTLS-encrypted connections (explicit TLS) the standard IMAP port 143 is used. For implicit TLS-encrypted connections the standard IMAP port 993 is used.
* '''User Name''' - Name of the MailStore user.
* '''Password''' - Password which is required for accessing the MailStore server.

'''Please note:''' In addition to configuring the incoming mail server, email clients often require configuring the outgoing mail server as well. In this case, using the same data as for an existing email account will facilitate further processing emails from the email archive.

[[de:Zugriff_über_MailStore_integrierten_IMAP-Server]]
[[en:Accessing the Archive via Integrated IMAP Server]]

File:Mads sync 01.png

2021-04-26T14:25:09Z

Bmeyn: Bmeyn uploaded a new version of File:Mads sync 01.png

Importing image file

Setup Active Directory Federation Services

2021-04-26T14:16:57Z

Bmeyn:

MailStore Server can be configured to authenticate against Active Directory Federation Services (AD FS) when using the [[Active Directory Integration|Active Directory]] or [[Generic LDAP Integration|LDAP Generic]] directory service connectors.

== Prerequisites, Recommendations and Limitations ==
* This guide assumes that you already have AD FS installed and configured and only describes the parts specific to MailStore Server.
* For best user experience, the certificate used by MailStore Server should be trusted by all clients and the used web browsers. Using a certificate that is signed by an trusted certificate authority or [[Using_Lets_Encrypt_Certificates|using Let's Encrypt certificates]] is highly recommended.
* If users are supposed to log in to MailStore Server from outside the organization's network without a VPN using [[Accessing_the_Archive_with_the_MailStore_Client_software|MailStore Client]], [[Accessing_the_Archive_with_the_Microsoft_Outlook_integration|MailStore Outlook Add-in]] or the [[Accessing_the_Archive_with_MailStore_Web_Access|Web Access]], the URIs mentioned in this article must be resolvable via DNS on the Internet and port-forwardings to the MailStore Server computer must be set up on the firewall or router if necessary.
* When using AD FS to authenticate users at login, [[Accessing_the_Archive_via_Integrated_IMAP_Server|accessing the archive via IMAP]] is not possible for technical reasons.

== Creating an AD FS Application Group ==
To allow MailStore Server to request OpenID Connect (OIDC) tokens from AD FS, you have to create an ''Application Group'' in AD FS. This ''Application Group'' has to be referenced in MailStore Server to establish a trust relationship between those two systems.

* Login to your AD FS server system.
* Open the AD FS management console.
* Navigate to ''Application Groups''.
* Right click on ''Application Groups'' and select ''Add Application Group...'' or click ''Add Application Group...'' in the '''Actions''' pane.
* Enter a ''Name'', e.g. ''MailStore'', and select the template ''Native application acessing a web API''.
[[File:Adfs_setup_01.png|center|550px]]
* Click ''Next''.
* The ''Client Identifier'' of this application group is shown. Note this value since it is required later for configuring MailStore Server.
* In the field ''Redirect URI'', enter a URI in the format (without brackets)
*: <code>https://<fqdn>[:<port>]/oidc/signin</code>
*; with the following components<nowiki>:</nowiki>
*: '''https://''' Specifying the <code>https://</code> protocol is obligatory. To avoid certificate warnings during user logon, the web browsers on the client machines must trust the [[MailStore_Server_Service_Configuration#Certificate|certificate used by MailStore Server]].
*: '''FQDN''' The Fully Qualified Domain Name (FQDN) of your MailStore Server that consists of the machine name and the DNS domain, e.g. <code>mailstore.example.com</code>. This name must be resolvable by all clients from which users shall be able to log on to MailStore Server.
*: '''Port''' The TCP port of the MailStore Web Access (<code>8462</code> by default). This value must be equal to the port configured in the section ''Base Configuration > Network Settings > MailStore Web Access / Outlook Add-in (HTTPS)'' of the [[MailStore_Server_Service_Configuration#Services|MailStore Server Service Configuration]]. The TCP port has to be specified only if it is different from the default port of the HTTPS protocol (<code>443</code>).
*: '''/oidc/signin''' The endpoint where MailStore Server expects the authentication responses of AD FS. This path has to be specified exactly as stated here at the end of the redirect URI.
::{| class="wikitable"
|+ Examples for valid redirect URIs
|-
! style="width:80px;" | Product
! style="width:80px;" | Machine Name
! style="width:90px;" | DNS Domain
! style="width:40px;" | TCP Port
! Resulting Redirect URI
|-
| align="center"| MailStore Server
| align="center"| mailstore
| align="center"| example.com
| align="center"| 8462
| <code><nowiki>https://mailstore.example.com:8462/oidc/signin</nowiki></code> Redirect URI with Fully Qualified Domain Name and MailStore Web Access default port
|-
| align="center"| MailStore Server
| align="center"| mailstore
| align="center"| example.com
| align="center"| 443
| <code><nowiki>https://mailstore.example.com/oidc/signin</nowiki></code> The port can be ommited if the HTTPS default port 443 has been configured for MailStore Web Access or as source port of a port-forwarding on the firewall or router.
|-
| align="center"| MailStore SPE
| align="center"| archive
| align="center"| example.com
| align="center"| 443
| <code><nowiki>https://archive.example.com/<instanceid>/oidc/signin</nowiki></code> The ''instanceid'' of the instance is part of the Redirect URI.
|-
|}
[[File:Adfs_setup_02.png|center|550px]]
* Copy the ''Redirect URI'' into the clipboard and note this value, too, since it is also required later for configuring MailStore Server.
* Click ''Add'' to add the ''Redirect URI'' to the list of allowed URIs.
* Click ''Next'' to continue.
[[File:Adfs_setup_03.png|center|550px]]
* Paste the ''Redirect URI'' into the ''Identifier'' field of the ''Web API'' configuration.
* Click ''Add''.
* Click ''Next'' to continue.
[[File:Adfs_setup_04.png|center|550px]]
* Choose an ''Access Control Policy'' for this ''Application Group''.
* Click ''Next'' to continue.
[[File:Adfs_setup_05.png|center|550px]]
* Select the scopes ''allatclaims'', ''openid'' and ''profile''.
* Click ''Next'' to continue.
[[File:Adfs_setup_06.png|center|550px]]
* A summary of the configuration is shown.
* Click next to create the ''Application Group''.
[[File:Adfs_setup_08.png|center|550px]]
* A success message is shown.
[[File:Adfs_setup_08b.png|center|550px]]
* Close the dialog.

If the ''User Principal Name (UPN)'' or its local part should be used as user name in MailStore Server, configuration of AD FS is now complete and you can enter the ''Client Identifier'' and the ''Redirect URI'' that you have noted before in the configuration of the [[Active Directory Integration#Authentication|Active Directory]] or [[Generic LDAP Integration#Authentication|LDAP Generic]] directory service connectors in MailStore Server.

If, however, the ''sAMAccountName'' should be used as user name in MailStore Server, please follow the steps in the next section.

== Adding sAMAccountName as User Name ==
The OIDC token issued by AD FS does not include the sAMAccountName property of the users by default. If you have configured MailStore Server to use the sAMAccountName as user name, you have to configure the AD FS application group to include that property in the token. Otherwise MailStore Server is unable to associate the token with a user and users are unable to login.

* Right click on the newly created ''Application Group'' and select ''Properties''.
[[File:Adfs_setup_09.png|center|550px]]
* Select the ''Web API'' application and click ''Edit...''
* Open the tab ''Issuance Transform Rule''.
[[File:Adfs_setup_10.png|center|550px]]
* Click ''Add Rule...''
* Select ''Send LDAP Attribute as Claims'' from the ''Claim rule template'' drop down menu.
* Click ''Next'' to continue.
[[File:Adfs_setup_11.png|center|550px]]
* Enter a ''Claim rule name''.
* Select ''Active Directory'' from the ''Attribute store'' drop down menu.
* Select ''SAM-Account-Name'' in the ''LDAP Attribute'' column of the mapping table.
* Enter ''sAMAccountName'' in the ''Outgoing Claim Type'' column.
* Click ''Finish''.
[[File:Adfs_setup_12.png|center|550px]]

Configuration of AD FS is now complete and you can enter the ''Client Identifier'' and the ''Redirect URI'' that you have noted before in the configuration of the [[Active Directory Integration#Authentication|Active Directory]] or [[Generic LDAP Integration#Authentication|LDAP Generic]] directory service connectors in MailStore Server.
<noinclude>
[[de:Einrichtung_von_Active_Directory_Federation_Services]]
[[en:Setup_Active_Directory_Federation_Services]]
</noinclude>

Administration

2021-04-26T06:56:21Z

Bmeyn:

__NOTOC__
The administration of MailStore Server by an administrator is performed using MailStore Client on an arbitrary computer. MailStore administrators can access the ''Administrative Tools'' from the left navigation tree of the client or via ''Quick Access'' on the start page.

Under ''Administrative Tools'', MailStore administrators have access to the follow settings:

{| width="100%" cellspacing="3" cellpadding="4"
| valign="top" width="50%"|
'''Users and Privileges'''
* [[Users, Folders and Settings|Users]]
* '''Directory Services'''
** [[Active Directory Integration|Active Directory]]
*** [[Setup Active Directory Federation Services|Active Directory Federation Services]]
** [[Synchronizing_User_Accounts_with_Microsoft_365_(Modern_Authentication)|Microsoft 365 (Modern Authentication)]]
** [[Office 365 Integration|Microsoft 365 (Basic Authentication)]]
** [[Application Integration]]
** [[Google Workspace Integration|Google Workspace]]
** [[IceWarp Server Integration|IceWarp Server]]
** [[Kerio Connect Integration|Kerio Connect]]
** [[Generic LDAP Integration|LDAP Generic]]
*** [[Setup Active Directory Federation Services|Active Directory Federation Services]]
** [[MDaemon Integration|MDaemon USERLIST.DAT]]
* [[Users, Folders and Settings|Privileges]]
* [[Archives]]
'''Compliance'''
* [[Compliance General]]
** [[Retention Policies]]
* [[Auditing]]
* [[Audit Log]]
| valign="top" width="50%"|
'''Storage'''
* [[Storage Locations]]
* [[Search Indexes]]
* [[Backup_and_Restore|Create Archive Backup]]
'''Management API'''
* [[MailStore Server Management Shell|Command Prompt]]
* [[Jobs]]
* [[Job Results]]
'''Miscellaneous'''
* [[License Management]]
* [[SMTP Settings]]
* [[Active Sessions]]
* [[Product Updates]]
|}

[[de:Verwaltung]]
[[en:Administration]]

Setup Active Directory Federation Services

2021-04-23T16:20:44Z

Bmeyn:

MailStore Server can be configured to authenticate against Active Directory Federation Services (AD FS) when using the [[Active Directory Integration|Active Directory]] or [[Generic LDAP Integration|LDAP Generic]] directory service connectors.

== Prerequisites, Recommendations and Limitations ==
* This guide assumes that you already have AD FS installed and configured and only describes the parts specific to MailStore Server.
* For best user experience, the certificate used by MailStore Server should be trusted by all clients and the used web browsers. Using a certificate that is signed by an trusted certificate authority or [[Using_Lets_Encrypt_Certificates|using Let's Encrypt certificates]] is highly recommended.
* If users are supposed to log in to MailStore Server from outside the organization's network without a VPN using [[Accessing_the_Archive_with_the_MailStore_Client_software|MailStore Client]], [[Accessing_the_Archive_with_the_Microsoft_Outlook_integration|MailStore Outlook Add-in]] or the [[Accessing_the_Archive_with_MailStore_Web_Access|Web Access]], the URIs mentioned in this article must be resolvable via DNS on the Internet and port-forwardings to the MailStore Server computer must be set up on the firewall or router if necessary.
* When using AD FS to authenticate users at login, [[Accessing_the_Archive_via_Integrated_IMAP_Server|accessing the archive via IMAP]] is not possible for technical reasons.

== Creating an AD FS Application Group ==
To allow MailStore Server to request OpenID Connect (OIDC) tokens from AD FS, you have to create an ''Application Group'' in AD FS. This ''Application Group'' has to be referenced in MailStore Server to establish a trust relationship between those two systems.

* Login to your AD FS server system.
* Open the AD FS management console.
* Navigate to ''Application Groups''.
* Right click on ''Application Groups'' and select ''Add Application Group...'' or click ''Add Application Group...'' in the '''Actions''' pane.
* Enter a ''Name'', e.g. ''MailStore'', and select the template ''Native application acessing a web API''.
[[File:Adfs_setup_01.png|center|550px]]
* Click ''Next''.
* The ''Client Identifier'' of this application group is shown. Copy this value since it is required later in MailStore Server.
* In the field ''Redirect URI'', enter a URI in the format (without brackets)
*: <code>https://<fqdn>[:<port>]/oidc/signin</code>
*; with the following components<nowiki>:</nowiki>
*: '''https://''' Specifying the <code>https://</code> protocol is obligatory. To avoid certificate warnings during user logon, the web browsers on the client machines must trust the [[MailStore_Server_Service_Configuration#Certificate|certificate used by MailStore Server]].
*: '''FQDN''' The Fully Qualified Domain Name (FQDN) of your MailStore Server that consists of the machine name and the DNS domain, e.g. <code>mailstore.example.com</code>. This name must be resolvable by all clients from which users shall be able to log on to MailStore Server.
*: '''Port''' The TCP port of the MailStore Web Access (<code>8462</code> by default). This value must be equal to the port configured in the section ''Base Configuration > Network Settings > MailStore Web Access / Outlook Add-in (HTTPS)'' of the [[MailStore_Server_Service_Configuration#Services|MailStore Server Service Configuration]]. The TCP port has to be specified only if it is different from the default port of the HTTPS protocol (<code>443</code>).
*: '''/oidc/signin''' The endpoint where MailStore Server expects the authentication responses of AD FS. This path has to be specified exactly as stated here at the end of the redirect URI.
::{| class="wikitable"
|+ Examples for valid redirect URIs
|-
! style="width:80px;" | Product
! style="width:80px;" | Machine Name
! style="width:90px;" | DNS Domain
! style="width:40px;" | TCP Port
! Resulting Redirect URI
|-
| align="center"| MailStore Server
| align="center"| mailstore
| align="center"| example.com
| align="center"| 8462
| <code><nowiki>https://mailstore.example.com:8462/oidc/signin</nowiki></code> Redirect URI with Fully Qualified Domain Name and MailStore Web Access default port
|-
| align="center"| MailStore Server
| align="center"| mailstore
| align="center"| example.com
| align="center"| 443
| <code><nowiki>https://mailstore.example.com/oidc/signin</nowiki></code> The port can be ommited if the HTTPS default port 443 has been configured for MailStore Web Access or as source port of a port-forwarding on the firewall or router.
|-
| align="center"| MailStore SPE
| align="center"| archive
| align="center"| example.com
| align="center"| 443
| <code><nowiki>https://archive.example.com/<instanceid>/oidc/signin</nowiki></code> The ''instanceid'' of the instance is part of the Redirect URI.
|-
|}
[[File:Adfs_setup_02.png|center|550px]]
* Copy the ''Redirect URI'' into the clipboard.
* Click ''Add'' to add the ''Redirect URI'' to the list of allowed URIs.
* Click ''Next'' to continue.
[[File:Adfs_setup_03.png|center|550px]]
* Paste the ''Redirect URI'' into the ''Identifier'' field of the ''Web API'' configuration.
* Click ''Add''.
* Click ''Next'' to continue.
[[File:Adfs_setup_04.png|center|550px]]
* Choose an ''Access Control Policy'' for this ''Application Group''.
* Click ''Next'' to continue.
[[File:Adfs_setup_05.png|center|550px]]
* Select the scopes ''allatclaims'', ''openid'' and ''profile''.
* Click ''Next'' to continue.
[[File:Adfs_setup_06.png|center|550px]]
* A summary of the configuration is shown.
* Click next to create the ''Application Group''.
[[File:Adfs_setup_08.png|center|550px]]
* A success message is shown.
[[File:Adfs_setup_08b.png|center|550px]]
* Close the dialog.

=== Optional: sAMAccountName as user name ===
The OIDC token issued by AD FS does not include the sAMAccountName property of the users by default. If you have configured MailStore Server to use the sAMAccountName as user name, you have to configure the AD FS application group to include that property in the token. Otherwise MailStore Server is unable to associate the token with a user and users are unable to login.

If you have configured MailStore Server to use the ''User Principal Name (UPN)'' or its local part, these configuration steps are not required.

* Right click on the newly created ''Application Group'' and select ''Properties''.
[[File:Adfs_setup_09.png|center|550px]]
* Select the ''Web API'' application and click ''Edit...''
* Open the tab ''Issuance Transform Rule''.
[[File:Adfs_setup_10.png|center|550px]]
* Click ''Add Rule...''
* Select ''Send LDAP Attribute as Claims'' from the ''Claim rule template'' drop down menu.
* Click ''Next'' to continue.
[[File:Adfs_setup_11.png|center|550px]]
* Enter a ''Claim rule name''.
* Select ''Active Directory'' from the ''Attribute store'' drop down menu.
* Select ''SAM-Account-Name'' in the ''LDAP Attribute'' column of the mapping table.
* Enter ''sAMAccountName'' in the ''Outgoing Claim Type'' column.
* Click ''Finish''.
[[File:Adfs_setup_12.png|center|550px]]
* Have the ''Client Identifier'' and the ''Redirect URI'' available and return to MailStore Server to proceed with the configuration of the [[Active Directory Integration|Active Directory]] or [[Generic LDAP Integration|LDAP Generic]] directory service connectors.
<noinclude>
[[de:Einrichtung_von_Active_Directory_Federation_Services]]
[[en:Setup_Active_Directory_Federation_Services]]
</noinclude>