Difference between revisions of "Archiving Emails from Microsoft 365 Hybrid"

[checked revision][checked revision]
 
(3 intermediate revisions by the same user not shown)
Line 8: Line 8:
  
 
=== Synchronizing with Microsoft 365 (recommended for most scenarios) ===
 
=== Synchronizing with Microsoft 365 (recommended for most scenarios) ===
MailStore Server will only be synchronized with the Azure Active Directory of your Microsoft 365 tenant. Since your local Active Directory is being synchronized with the Azure Directory via an Azure AD Connector, all relevant users details are also present in Microsoft 365.
+
MailStore Server will only be synchronized with Microsoft Entra ID of your Microsoft 365 tenant. Since your local Active Directory is being synchronized with Microsoft Entra ID via a Microsoft Entra ID Connector, all relevant users details are also present in Microsoft 365.
 
The advantage is that you can use all modern authentication methods, especially MFA, in MailStore Server.
 
The advantage is that you can use all modern authentication methods, especially MFA, in MailStore Server.
 
Proceed as if you solely had a [[Synchronizing User Accounts with Microsoft 365 - Modern Authentication|Microsoft 365 environment]].
 
Proceed as if you solely had a [[Synchronizing User Accounts with Microsoft 365 - Modern Authentication|Microsoft 365 environment]].
Line 15: Line 15:
 
If you want to use Windows Authentication or Microsoft Active Directory Federation Services (ADFS) for logging in at MailStore Server you are able to synchronize MailStore Server with your local Active Directory.<br />If you want to archive user mailboxes, shared mailboxes or public folder you still have to follow the [[Synchronizing User Accounts with Microsoft 365 - Modern Authentication|user synchronization with Microsoft 365 article]] to provide proper access permissions to your Microsoft 365 tenant.<br /><br />
 
If you want to use Windows Authentication or Microsoft Active Directory Federation Services (ADFS) for logging in at MailStore Server you are able to synchronize MailStore Server with your local Active Directory.<br />If you want to archive user mailboxes, shared mailboxes or public folder you still have to follow the [[Synchronizing User Accounts with Microsoft 365 - Modern Authentication|user synchronization with Microsoft 365 article]] to provide proper access permissions to your Microsoft 365 tenant.<br /><br />
 
Do not execute these steps:
 
Do not execute these steps:
:* 2.4 Configuring App Authentication in Azure AD
+
:* 2.4 Configuring App Authentication in Microsoft Entra ID
 
:* 2.5 Configuring the Redirect URI in MailStore Server
 
:* 2.5 Configuring the Redirect URI in MailStore Server
 
:* 2.7 User Database Synchronization
 
:* 2.7 User Database Synchronization

Latest revision as of 14:48, 27 March 2024

Important Notices:
  • MailStore Server supports archiving emails from a hybrid environment with Microsoft 365 (Modern Authentication) and on-premises Exchange Server(s) only with Microsoft's Best Practice Guides and only with the global Microsoft Cloud.
  • If you have archived emails from an Exchange server and synchronized users from an Active Directory until now, follow the article Changing Archiving from Microsoft Exchange Server to Microsoft 365.
  • For better readability, the terms Microsoft 365 and Exchange Online are used interchangeably hereinafter instead of Exchange Online / Microsoft 365.
  • Please test the described configurations early, preferably in the trial phase. In case your scenario differs from Microsoft's described best practices or is in any other way more individual, questions about feasibility can be identified early and discussed with our technical support.

App Registration & User Synchronization

You have two options to synchronize users and their information into MailStore Server to make their mailboxes known and to allow them to log in at MailStore Server with their usual login details.

Synchronizing with Microsoft 365 (recommended for most scenarios)

MailStore Server will only be synchronized with Microsoft Entra ID of your Microsoft 365 tenant. Since your local Active Directory is being synchronized with Microsoft Entra ID via a Microsoft Entra ID Connector, all relevant users details are also present in Microsoft 365. The advantage is that you can use all modern authentication methods, especially MFA, in MailStore Server. Proceed as if you solely had a Microsoft 365 environment.

Synchronizing with the local Active Directory of your company

If you want to use Windows Authentication or Microsoft Active Directory Federation Services (ADFS) for logging in at MailStore Server you are able to synchronize MailStore Server with your local Active Directory.
If you want to archive user mailboxes, shared mailboxes or public folder you still have to follow the user synchronization with Microsoft 365 article to provide proper access permissions to your Microsoft 365 tenant.

Do not execute these steps:

  • 2.4 Configuring App Authentication in Microsoft Entra ID
  • 2.5 Configuring the Redirect URI in MailStore Server
  • 2.7 User Database Synchronization
  • 4. Running Directory Services Synchronization

The created app will be used later in the process for archiving the mailboxes. To synchronize users from the local Active Directory, follow the Active Directory Integration article now.

Archiving Microsoft 365 Mailboxes or Public Folders

Use the manual for archiving mailboxes in Microsoft 365 as a guide. On-premise Exchange mailboxes are also being archived using Microsoft 365.

Archiving Incoming and Outgoing Emails Directly

Both your Microsoft 365 tenant and on-premises Exchange Server need to be configured to send journal reports for incoming and outgoing mails.

  • First configure the Journaling for Microsoft 365 with the MailStore Gateway: Archiving Incoming and Outgoing Emails Directly - Microsoft 365
  • Then configure your local Exchange Server to also send their journal reports to the same Gateway mailbox. Use the manual for your matching Exchange Server version, but we recommend not creating a journal mailbox (skip step 1 in this case), but to define the external email address of your MailStore Gateway to be the recipient of these reports. This way, all reports are received at the same destination: