Create a Microsoft 365 Exchange Online Service Account
Note that the switch to Exchange Web Services (EWS) simplifies the Exchange Integration configuration by eliminating the need to use a service account.
Exchange Integration now supports the Exchange Web Services (EWS) protocol for connecting to Exchange Online. With recent changes from Microsoft, using EWS ensures that Exchange Integration will continue to work with Exchange Online. In addition, the switch to EWS simplifies the Exchange Integration configuration by eliminating the need to use a service account and the accompanying requirement to update the service account's permissions after creating new users with mailboxes. Note that EWS sources do not support Email Stubbing actions. Ensure outbound connections to port 443 are open and use the MAS hostname Your Microsoft administrator account credentials will only be used to authorize the BCAS application to keep track of authorization details that allow the appliance access to EWS. Using Exchange Integration with EWS does not require a BCAS subscription or connecting the Barracuda Message Archiver to Cloud Storage. BCAS does not handle any data in the mailboxes. Note that you will no longer need a service account to set up an Exchange Online source. These instructions will set up a new Exchange Online source using EWS. To add a new Exchange Server source, see Microsoft Exchange Server Deployment. Click Start New Action. In the Select Action page, click Email Import. If you are not already logged in, a new tab or pop-up window prompts you to enter your Microsoft 365 administrator account login information from which Exchange Integration will process mail. If you are not logged in and do not see the tab or window, ensure that pop-ups from the Barracuda Message Archiver are not blocked. In the Configure Action page, select All Users from the drop-down menu, and specify the desired Date and Schedule settings. Click Continue.Requirements
mas.barracudanetworks.com
to allow the Barracuda Message Archiver outbound connection to the Barracuda Cloud Archiving Service (BCAS). This is required to authorize a new source and to run each action.Add a New Exchange Online Source
Configure a Microsoft Exchange Server 2010 and Newer Service Account
Service Account Password Setting
When configuring the service account, you must set the password to never expire. To set this option in Active Directory (AD), go to the Properties dialog box for the service account, click the Account tab, and in the Account options section, select Password never expires. Click OK to save your settings.
To create an email service account:
- Verify the service account has a mailbox, and is not hidden in the Global Address List (GAL).
- (Optional but highly recommended) Establish a user account through Outlook Web Access (OWA) or other source before setting up the email service account.
As a best practice, use a unique account for this integration point and grant it the least level of privileges required, coordinating with the system administrator. This email service account requires administrative write privileges to the Exchange server. For additional information, see Security for Integrating with Other Systems - Best Practices.
Use the following steps to set the permissions on Exchange where CUDASVC is the name of the Barracuda service account: Use the following steps to apply permissions for the service account where database name is the name of the specific Mail Store database rather than all databases:
Get-MailboxDatabase | Add-ADPermission -User "CUDASVC" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin
Add-RoleGroupMember "Organization Management" -Member "CUDASVC"
Get-MailboxDatabase -Identity database name | Add-ADPermission -User "CUDASVC" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin
Continue with Microsoft Exchange Server Operations based on your Exchange Server:
Configure a Microsoft Exchange Server 2007 Service Account
Service Account Password Setting
When configuring the service account, you must set the password to never expire. To set this option in Active Directory (AD), go to the Properties dialog box for the service account, click the Account tab, and in the Account options section, select Password never expires. Click OK to save your settings.
To create an email service account:
- Verify the service account has a mailbox, and is not hidden in the Global Address List (GAL).
- (Optional but highly recommended) Establish a user account through Outlook Web Access (OWA) or other source before setting up the email service account.
As a best practice, use a unique account for this integration point and grant it the least level of privileges required, coordinating with the system administrator. This email service account requires administrative write privileges to the Exchange server. For additional information, see Security for Integrating with Other Systems - Best Practices .
- Log into the Exchange Server as the administrator.
- From the Start menu, go to Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
- At the command prompt, enter the following command where Exchange2007 is the name of the Microsoft Exchange 2007 Server and CUDASVC is the name of the Barracuda service account, and then press Enter:
get-mailboxserver Exchange2007 | add-adpermission -user CUDASVC -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin
In the Exchange Management Shell, enter the following command to add View-Only Administrator permissions, replacing CUDASVC with the name of the Barracuda service account:
add-exchangeadministrator CUDASVC -role ViewOnlyAdmin
Important:
If inheritance to the individual mail stores is not enabled on a custom mailbox database, to set the Send As, Receive As, and Administer Information Store permissions at the store level, you must enter the following command in the Exchange Management Shell:
Add-ADPermission -identity "custom database name" -user "CUDASVC" -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin
To verify the Send As, Receive As, and Administer Information Store permissions, enter the following command in the Exchange Management Shell, where Exchange2007 is the name of the Microsoft Exchange 2007 Server, dbname is the name of the Exchange mail database, and CUDASVC is the name of the Barracuda service account:
get-mailboxdatabase Exchange2007\dbname | get-ADpermission -user CUDASVC | Format-List
Continue with Microsoft Exchange Server 2007 Operations