Difference between revisions of "Archiving Emails from Microsoft 365 Hybrid"
[unchecked revision] | [unchecked revision] |
Rrommelrath (talk | contribs) (Created page with "{{Multiline Notices|Heading=Important Notices|MailStore Server supports archiving emails from a hybrid environment with Microsoft 365 (Modern Authentication) and on-premi...") |
Rrommelrath (talk | contribs) |
||
Line 15: | Line 15: | ||
This is only recommended if there is a valid reason to do so. | This is only recommended if there is a valid reason to do so. | ||
Such a reason could be that you are using a local ADFS, meaning a local authentication service, or that you prefer to make use of local authentication methods, such as integrated Windows authentication (less secure, not recommended). | Such a reason could be that you are using a local ADFS, meaning a local authentication service, or that you prefer to make use of local authentication methods, such as integrated Windows authentication (less secure, not recommended). | ||
− | To synchronize users | + | To provide proper access permissions to your Microsoft 365 tenant, you still need to partially proceed with the article on setting up user synchronization with Microsoft 365: |
+ | [[Synchronizing User Accounts with Microsoft 365 (Modern Authentication)]] | ||
+ | But only configure the app registration and permissions (skip steps 2.4, 2.7 following, and 4). | ||
+ | To then synchronize users locally, proceed as described in the following article: | ||
[[Active Directory Integration]] | [[Active Directory Integration]] | ||
Revision as of 11:44, 20 October 2022
- MailStore Server supports archiving emails from a hybrid environment with Microsoft 365 (Modern Authentication) and on-premises Exchange Server(s) only with the Microsoft's Best Practice Guides [Hybrid Deployments (Microsoft)] and only with the global Microsoft Cloud. National clouds such as Microsoft Cloud for US Government, Microsoft Cloud Germany (operated by T-Systems) and Azure and Microsoft 365 operated by 21Vianet in China are not suppoted.
- For better readability, the terms Microsoft 365 and Exchange Online are used interchangeably hereinafter instead of Exchange Online / Microsoft 365.
App Registration & User Synchronization
You have two different options to synchronize users and their information to make their mailboxes known and to allow them to log in with their Active Directory credentials.
- Synchronizing purely with Microsoft 365 (recommended for most scenarios):
Here MailStore Server will only be synchronized with the Azure Active Directory of your Microsoft 365 tenant. Since your local Active Directory is being synchronized with the Azure Directory via a sync tool, all relevant users are also present in Microsoft 365. The advantage is that you can use all modern authentication methods, such as especially MFA, in MailStore Server. In this case, proceed as if you solely had a Microsoft 365 environment: Synchronizing User Accounts with Microsoft 365 (Modern Authentication)
- Synchronizing with the local Active Directory of your company:
This is only recommended if there is a valid reason to do so. Such a reason could be that you are using a local ADFS, meaning a local authentication service, or that you prefer to make use of local authentication methods, such as integrated Windows authentication (less secure, not recommended). To provide proper access permissions to your Microsoft 365 tenant, you still need to partially proceed with the article on setting up user synchronization with Microsoft 365: Synchronizing User Accounts with Microsoft 365 (Modern Authentication) But only configure the app registration and permissions (skip steps 2.4, 2.7 following, and 4). To then synchronize users locally, proceed as described in the following article: Active Directory Integration
Archiving Microsoft 365 Mailboxes or Public Folders
Use the manual for archiving mailboxes in Microsoft 365 as a guide (also for actual on-premises Exchange mailboxes):
- Archiving Individual Mailboxes
- Archiving Multiple Exchange Mailboxes Centrally
- Shared Mailboxes
- Public Folders
Archiving Incoming and Outgoing Emails Directly
One thing special that you need to be aware of is that both your Microsoft 365 tenant and on-premises Exchange Server(s) need to be configured to send journal reports for incoming and outgoing mails.
- First we recommend configuring the Journaling for Microsoft 365 with the MailStore Gateway: Archiving Incoming and Outgoing Emails Directly (Microsoft 365)
- Then configure your local Exchange Server(s) to also send their journal reports to the Gateway. Use the manual for your matching Exchange Server version, but we recommend not creating a journal mailbox (skip step 1 in this case), but to define the external email address of your MailStore Gateway to be the recipient of these reports. This way all reports are received at the same destination: