Difference between revisions of "Archiving Emails from Microsoft 365 Hybrid"

[unchecked revision][unchecked revision]
Line 1: Line 1:
{{Multiline Notices|Heading=Important Notices|MailStore Server supports archiving emails from a hybrid environment with Microsoft 365 (Modern Authentication) and on-premises Exchange Server(s) only with the Microsoft's Best Practice Guides [https://learn.microsoft.com/en-us/exchange/exchange-hybrid Exchange Hybrid Deployments (Microsoft)] and only with the global Microsoft Cloud.  
+
__NOTOC__
 +
{{Multiline Notices|Heading=Important Notices|MailStore Server supports archiving emails from a hybrid environment with Microsoft 365 (Modern Authentication) and on-premises Exchange Server(s) only with [https://learn.microsoft.com/en-us/exchange/exchange-hybrid Microsoft's Best Practice Guides] and only with the global Microsoft Cloud.  
 
|For better readability, the terms ''Microsoft 365'' and ''Exchange Online'' are used interchangeably hereinafter instead of ''Exchange Online / Microsoft 365''.
 
|For better readability, the terms ''Microsoft 365'' and ''Exchange Online'' are used interchangeably hereinafter instead of ''Exchange Online / Microsoft 365''.
 
| Please test the described configurations early, preferably in the trial phase. In case your scenario differs from Microsoft's described best practices or is in any other way more individual, questions about feasibility can be identified early and discussed with our technical support.}}
 
| Please test the described configurations early, preferably in the trial phase. In case your scenario differs from Microsoft's described best practices or is in any other way more individual, questions about feasibility can be identified early and discussed with our technical support.}}
 
  
 
== App Registration & User Synchronization ==
 
== App Registration & User Synchronization ==
You have two different options to synchronize users and their information to make their mailboxes known and to allow them to log in with their Active Directory credentials.
+
You have two options to synchronize users and their information into MailStore Server to make their mailboxes known and to allow them to log in at MailStore Server with their usual login details.
  
* Synchronizing purely with Microsoft 365 (recommended for most scenarios):
+
=== Synchronizing with Microsoft 365 (recommended for most scenarios) ===
Here MailStore Server will ''only'' be synchronized with the Azure Active Directory of your Microsoft 365 tenant. Since your local Active Directory is being synchronized with the Azure Directory via a Azure AD Connector, all relevant users are also present in Microsoft 365.
+
MailStore Server will only be synchronized with the Azure Active Directory of your Microsoft 365 tenant. Since your local Active Directory is being synchronized with the Azure Directory via an Azure AD Connector, all relevant users details are also present in Microsoft 365.
The advantage is that you can use all modern authentication methods, such as especially MFA, in MailStore Server.
+
The advantage is that you can use all modern authentication methods, especially MFA, in MailStore Server.
In this case, proceed as if you solely had a Microsoft 365 environment:
+
Proceed as if you solely had a Microsoft 365 environment:
[[Synchronizing User Accounts with Microsoft 365 (Modern Authentication)]]
+
[[Synchronizing User Accounts with Microsoft 365 - Modern Authentication]]
  
* Synchronizing with the local Active Directory of your company:
+
=== Synchronizing with the local Active Directory of your company ===
This is only recommended if there is a valid reason to do so.
+
If you want to use Windows Authentication or Microsoft Active Directory Federation Services (ADFS) for logging in at MailStore Server you are able to synchronize MailStore Server with your local Active Directory.<br />If you want to archive user mailboxes, shared mailboxes or public folder you still have to follow the [[Synchronizing User Accounts with Microsoft 365 - Modern Authentication|user synchronization with Microsoft 365 article]] to provide proper access permissions to your Microsoft 365 tenant.<br /><br />
Such a reason could be that you are using a local ADFS, meaning a local authentication service, or that you prefer to make use of local authentication methods, such as integrated Windows authentication (less secure, not recommended).
+
Do not execute these steps:
To provide proper access permissions to your Microsoft 365 tenant, you still need to partially proceed with the article on setting up user synchronization with Microsoft 365:
+
:* 2.4 Configuring App Authentication in Azure AD
[[Synchronizing User Accounts with Microsoft 365 (Modern Authentication)]]
+
:* 2.5 Configuring the Redirect URI in MailStore Server
But only configure the app registration and permissions (skip steps 2.4, 2.7 following, and 4).
+
:* 2.7 User Database Synchronization
To then synchronize users locally, proceed as described in the following article:
+
:* 4. Running Directory Services Synchronization
[[Active Directory Integration]]
+
The created app will be used later in the process for archiving the mailboxes. To synchronize users from the local Active Directory, follow the [[Active Directory Integration]] article now.
  
 
== Archiving Microsoft&nbsp;365 Mailboxes or Public Folders ==
 
== Archiving Microsoft&nbsp;365 Mailboxes or Public Folders ==
Use the manual for archiving mailboxes in Microsoft 365 as a guide (also for actual on-premises Exchange mailboxes):
+
Use the manual for archiving mailboxes in Microsoft 365 as a guide. On-premise Exchange mailboxes are also being archived using Microsoft 365.
* [[Archiving_Emails_from_Microsoft_Exchange_2019#Archiving_Individual_Mailboxes|Archiving Individual Mailboxes]]
+
* [[Archiving_Emails_from_Microsoft_365_-_Modern_Authentication#Archiving_Individual_Microsoft_365_Mailboxes|Archiving Individual Mailboxes]]
* [[Archiving_Emails_from_Microsoft_Exchange_2019#Archiving_Multiple_Exchange_Mailboxes_Centrally|Archiving Multiple Exchange Mailboxes Centrally]]
+
* [[Archiving_Emails_from_Microsoft_365_-_Modern_Authentication#Archiving_Multiple_Microsoft_365_Mailboxes_Centrally|Archiving Multiple Exchange Mailboxes Centrally]]
* [[Archiving_Emails_from_Microsoft_Exchange_2019#Shared_Mailboxes|Shared Mailboxes]]
+
* [[Archiving_Emails_from_Microsoft_365_-_Modern_Authentication#Including_Microsoft_365_Shared_Mailboxes|Shared Mailboxes]]
* [[Archiving_Emails_from_Microsoft_Exchange_2019#Public_Folders|Public Folders]]
+
* [[Archiving_Emails_from_Microsoft_365_-_Modern_Authentication#Public_Folders|Public Folders]]
  
 
== Archiving Incoming and Outgoing Emails Directly ==
 
== Archiving Incoming and Outgoing Emails Directly ==
  
One thing special that you need to be aware of is that both your Microsoft 365 tenant and on-premises Exchange Server(s) need to be configured to send journal reports for incoming and outgoing mails.
+
Both your Microsoft 365 tenant and on-premises Exchange Server need to be configured to send journal reports for incoming and outgoing mails.
  
* First we recommend configuring the Journaling for Microsoft 365 with the MailStore Gateway: [[Archiving_Emails_from_Microsoft_Exchange_2019#Archiving_Incoming_and_Outgoing_Emails_Directly|Archiving Incoming and Outgoing Emails Directly (Microsoft 365)]]
+
* First configure the Journaling for Microsoft 365 with the MailStore Gateway: [[Archiving_Emails_from_Microsoft_365_-_Modern_Authentication#Archiving_Incoming_and_Outgoing_Emails_Directly|Archiving Incoming and Outgoing Emails Directly - Microsoft 365]]
* Then configure your local Exchange Server(s) to also send their journal reports to the Gateway. Use the manual for your matching Exchange Server version, but we recommend not creating a journal mailbox (skip step 1 in this case), but to define the external email address of your MailStore Gateway to be the recipient of these reports. This way all reports are received at the same destination:
+
* Then configure your local Exchange Server to also send their journal reports to the same Gateway mailbox. Use the manual for your matching Exchange Server version, but we recommend not creating a journal mailbox (skip step 1 in this case), but to define the external email address of your MailStore Gateway to be the recipient of these reports. This way, all reports are received at the same destination:
 
** [[Archiving_Emails_from_Microsoft_Exchange_2019#Archiving_Incoming_and_Outgoing_Emails_Directly|Exchange 2019]]
 
** [[Archiving_Emails_from_Microsoft_Exchange_2019#Archiving_Incoming_and_Outgoing_Emails_Directly|Exchange 2019]]
 
** [[Archiving_Emails_from_Microsoft_Exchange_2016#Archiving_Incoming_and_Outgoing_Emails_Directly|Exchange 2016]]
 
** [[Archiving_Emails_from_Microsoft_Exchange_2016#Archiving_Incoming_and_Outgoing_Emails_Directly|Exchange 2016]]
Line 40: Line 40:
  
  
[[de:E-Mail-Archivierung_von_Microsoft_365_(Hybrid)]]
+
[[de:E-Mail-Archivierung_von_Microsoft_365_Hybrid]]
[[en:Archiving_Emails_from_Microsoft_365_(Hybrid)]]
+
[[en:Archiving_Emails_from_Microsoft_365_Hybrid]]

Revision as of 10:00, 17 November 2022

Important Notices:
  • MailStore Server supports archiving emails from a hybrid environment with Microsoft 365 (Modern Authentication) and on-premises Exchange Server(s) only with Microsoft's Best Practice Guides and only with the global Microsoft Cloud.
  • For better readability, the terms Microsoft 365 and Exchange Online are used interchangeably hereinafter instead of Exchange Online / Microsoft 365.
  • Please test the described configurations early, preferably in the trial phase. In case your scenario differs from Microsoft's described best practices or is in any other way more individual, questions about feasibility can be identified early and discussed with our technical support.

App Registration & User Synchronization

You have two options to synchronize users and their information into MailStore Server to make their mailboxes known and to allow them to log in at MailStore Server with their usual login details.

Synchronizing with Microsoft 365 (recommended for most scenarios)

MailStore Server will only be synchronized with the Azure Active Directory of your Microsoft 365 tenant. Since your local Active Directory is being synchronized with the Azure Directory via an Azure AD Connector, all relevant users details are also present in Microsoft 365. The advantage is that you can use all modern authentication methods, especially MFA, in MailStore Server. Proceed as if you solely had a Microsoft 365 environment: Synchronizing User Accounts with Microsoft 365 - Modern Authentication

Synchronizing with the local Active Directory of your company

If you want to use Windows Authentication or Microsoft Active Directory Federation Services (ADFS) for logging in at MailStore Server you are able to synchronize MailStore Server with your local Active Directory.
If you want to archive user mailboxes, shared mailboxes or public folder you still have to follow the user synchronization with Microsoft 365 article to provide proper access permissions to your Microsoft 365 tenant.

Do not execute these steps:

  • 2.4 Configuring App Authentication in Azure AD
  • 2.5 Configuring the Redirect URI in MailStore Server
  • 2.7 User Database Synchronization
  • 4. Running Directory Services Synchronization

The created app will be used later in the process for archiving the mailboxes. To synchronize users from the local Active Directory, follow the Active Directory Integration article now.

Archiving Microsoft 365 Mailboxes or Public Folders

Use the manual for archiving mailboxes in Microsoft 365 as a guide. On-premise Exchange mailboxes are also being archived using Microsoft 365.

Archiving Incoming and Outgoing Emails Directly

Both your Microsoft 365 tenant and on-premises Exchange Server need to be configured to send journal reports for incoming and outgoing mails.

  • First configure the Journaling for Microsoft 365 with the MailStore Gateway: Archiving Incoming and Outgoing Emails Directly - Microsoft 365
  • Then configure your local Exchange Server to also send their journal reports to the same Gateway mailbox. Use the manual for your matching Exchange Server version, but we recommend not creating a journal mailbox (skip step 1 in this case), but to define the external email address of your MailStore Gateway to be the recipient of these reports. This way, all reports are received at the same destination: