We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Step 1 - Set Up Essentials for Office 365

  • Last updated on

For each Barracuda Cloud Control account, you can have either a linked Barracuda Email Security Gateway appliance or a Barracuda Email Security Service subscription. You cannot use a single Barracuda Cloud Control account for both a linked appliance and the service subscription.

This article assumes you are deploying Barracuda Services for the first time. If you previously deployed Barracuda Cloud-to-Cloud Backup, Barracuda Email Security Service, or the Barracuda Cloud Archiving Service and want to migrate to Barracuda Essentials for Office 365, contact your Barracuda Networks sales representative.

Ensure Connectivity and Redundancy

The Barracuda Email Security Service connects with your network from various IP addresses, including performing LDAP lookups. To ensure that the service can connect with your network, allow traffic originating from the range of network addresses based on your Barracuda Email Security Service instance; see Barracuda Email Security Service IP Ranges.

Select Your Plan

Determine the plan that best suits your organization's needs. The available options are built on the following components:

  • Barracuda Email Security – Security service protecting both inbound and outbound email against the latest spam, viruses, worms, phishing and denial of service attacks.
  • Advanced Threat Protection – Protects against advanced malware, zero-day exploits, and targeted attacks.
  • Barracuda Cloud Archiving Service – Journal mail directly from Office 365 to the Barracuda Cloud to optimize email storage, meet regulatory compliance and e-discovery requirements, and provide anytime/anywhere access to old emails.
  • Barracuda Cloud-to-Cloud Backup – Protects Exchange Online, OneDrive for Business, and SharePoint Online data by backing it up directly to Barracuda Cloud Storage. For Exchange Online, Barracuda Cloud-to-Cloud Backup protects all email messages, including all attachments, as well as the complete folder structure of each user's mailbox. In OneDrive for Business, all files under the Documents Library, including the entire folder structure, are protected. Easily locate and restore folders, individual items, or entire mailboxes. Barracuda Cloud-to-Cloud Backup provides complete protection of SharePoint Online. With item-level recovery options, items can be restored directly into SharePoint Online from the backups of Document Libraries, Site Page Libraries, and Picture Libraries in Team Site, Publishing Site, and Wiki Site.

Table 1. Plan Options.

  Complete Edition Compliance Edition Security Edition
Barracuda Email Security Service checkmarkicon.png checkmarkicon.png checkmarkicon.png
Advanced Threat Protection checkmarkicon.png checkmarkicon.png checkmarkicon.png
Barracuda Cloud Archiving Service checkmarkicon.png checkmarkicon.png  
Barracuda Cloud-to-Cloud Backup checkmarkicon.png    

Step 1. Set Up Essentials

To complete the setup you must have a Barracuda Cloud Control account. If you do not already have an account, go to https://login.barracudanetworks.com/ and click Create a User. Enter your name, email address, and company name, and specify whether this is a partner account. Click Create User; for partners, be sure to read How to Add a Managed Customer Account. Follow the instructions emailed to the entered email account to create your Barracuda Cloud Control account. See Password Complexity Policies before setting up your password.
See also: Partner Accounts.

  1. Go to https://login.barracudanetworks.com and log in with your Barracuda Cloud Control credentials.
  2. Open a new browser window, go to https://www.barracuda.com/products/essentials, click Buy Now.

  3. In the Plan Details page, the selected plan displays; click the drop-down menu if you want to select a different option.
  4. Enter the Number of users, and select the Subscription Type. Verify your order summary in the right pane, and click Continue.

    If you are not signed into Barracuda Cloud Control, click Sign in in the right pane. If you do not have a Barracuda Cloud Control account, use the left pane to create and sign in to your account.

  5. The Barracuda Account page displays your Barracuda Cloud Control account information. If you want to sign in using a different account, click Sign out and use a different account.
  6. Select from the following Client Account options:
    1. Add this service to an existing Barracuda account – Select the desired Account from the drop-down menu, and select your location from the Location of Use drop-down menu
    2. Create a new Barracuda account for this service – Enter the new account details.
  7. Click Continue.
  8. In the Billing Details (Optional) page, enter your billing information to purchase the service, or leave the Billing Information section blank to start a free 14-day evaluation. Click Continue.

  9. Once the setup process is complete, click Finish. The setup page displays in Barracuda Cloud Control and your 14-day trial begins immediately.

  10. Click Set up to get started.

Step 2. Configure Connectors and Permissions

Barracuda Email Security Service

  1. In Barracuda Cloud Control, in the left panel, click Barracuda Email Security Service. Click Domains, then click Add Domain.
  2. In the dialog box, enter the primary Office 365 Domain Name you want to filter, for example: example.com
  3. Enter the Mail Server hostname (FQDN) or IP address for the domain entered in the previous step, for example: example-com.mail.protection.outlook.com
  4. Click Add Domain.

  5. Click Verify in the Mail Servers column; the Domains >Domain settings page displays. Select the manner in which to verify the domain ownership:

    • MX Records – Replace your current MX records with the Barracuda Email Security Service MX records displayed on the verify page.
    • CNAME Records – Validate your domain by adding a CNAME record.
    • Email to the domain's technical contact – Send a verification email to the technical contact email address listed on your domain's WHOIS entry.

      This verification option is not available if the Barracuda Email Security Service cannot find your domain's WHOIS entry. If there is not a technical contact, then only the MX Records, CNAME, and Email to the Postmaster options displays on this page.

    • Email to the postmaster – Send a verification email to the postmaster email address for your domain. The confirmation email will include a link that the recipient can click to verify the domain.

      This option is available if the Barracuda Email Security Service can find your postmaster in your domain’s WHOIS records. This method sends a verification email to the postmaster email address for your domain. The confirmation email includes a link that the recipient must click to verify the domain.

  6. On the Domains page, in the Settings column, click Edit. The Domains > Domain Settings page displays. You can complete the configuration there.


Barracuda Cloud Archiving Service

Option 1. Configure Journaling from the Web Interface

  1. In Barracuda Cloud Control, in the left panel, click Archiver.
  2. Go to the Mail Sources > SMTP Journaling page.
  3. In the Journaling Setup Scripts section, locate the Office 365 Setup Script and click Run Script.
  4. Follow the onscreen prompts to configure Office 365 to journal mail to the Barracuda Cloud Archiving Service.

Option 2. Configure Journaling via Script

  1. In Barracuda Cloud Control, in the left panel, click Archiver.
  2. Go to the Mail Sources >SMTP Journaling page.
  3. In the Journaling Setup Scripts section, locate the appropriate script for your system. Click Download to save the PowerShell script to your local system or click Show Script to copy the script to your clipboard.
  4. Open Windows PowerShell, and run the script to configure Office 365 to journal mail to the Barracuda Cloud Archiving Service. 

Option 3. Manually Configure Journaling

Add a Remote Domain and Connector

  1. Log into Office 365 Exchange admin center.
  2. Select mail flow > remote domains.
  3. Click the + symbol. In the new remote domain, complete the following:
    1. Name – Type Barracuda Cloud Archiving Service
    2. Remote Domain – Enter your region-specific MAS hostname, for example, type: mas.barracudanetworks.com

      For a list of region-specific MAS hostnames, see Data Centers by Region.

    3. Out of Office automatic reply types – Select None
    4. Automatic replies – Select Allow automatic forwarding
    5. Message reporting – Clear all options
    6. Use rich-text format – Select Never
    7. Supported Character Set – Set both options to None
  4. Click Save.
  5. Click Mail flow > connectors, and click the + symbol.
  6. The Select your mail flow scenario page displays.
  7. From the From menu, select Office 365, and from the To menu, select Partner organization. Click Next.
  8. Enter a Name and (optional) Description to identify the connector. Click Next.

  9. Specify the domain, then click OK.

  10. Select Only when email messages are sent to these domains, click the +  symbol, and in the add domain field, type your region-specific MAS hostname, for example: mas.barracudanetworks.com. Click Next.

  11. Select Use the MX record associated with the partner's domain. Click Next.
  12. Select Always use Transport Layer Security (TLS) to secure the connection (recommended), then select Any digital certificate, including self-signed certificates. Click Next.
  13. In the confirmation page, verify your settings, then click Next.
    Office 365 runs a test to verify your settings.

  14. In the Barracuda Cloud Archiving Service, go to the Mail Sources > SMTP Journaling page and copy the email address from the SMTP Journaling Info section, for example: bma_mycompany@mas.barracudanetworks.com

  15. In Office 365, paste this email address into the provided field in the Verification page, and click Validate.

    Note that the sending email portion of the verification may fail depending on your Office 365 configuration. This is not a concern as long as it passes the connectivity test.

  16. When verification is complete, your mail flow settings are added.


Create a Non-Delivery Report Recipient

Before creating journal rules, specify a journal recipient for non-delivery reports (NDRs) to reduce the risk of losing journal reports:

  1. Log into your Office 365 Exchange admin center.
  2. Select compliance management > journal rules.
  3. If an NDR email recipient is not already specified, click Select address to the right of Send undeliverable journal reports to field:
  4. Browse to and select a recipient from the address book.
    You can search for a recipient by typing all or part of a display name, and then clicking the Search icon, or click on either the Display Name or E-Mail Address heading to sort the list.
  5. After you select a recipient, click OK. In the NDRs for undeliverable journal reports window, click Save.

    Best Practice
    Create a shared mailbox and use that mailbox for the NDR recipient.

Configure Office 365 to Send Journal Mail

  1. Log into Office 365 Exchange admin center.
  2. Select compliance management > journal rules.
  3. Click the + symbol. In the new journal rule dialog box and complete the following:
    1. Send journal reports to – Enter the journaling address from the Mail Sources > SMTP page in the Barracuda Cloud Archiving web interface. This is called the journaling mailbox.
    2. Name – By default, the name of the journal rule is automatically generated from the journal recipients. If there are existing journal rules that contain the same journal recipients, numbers are automatically appended to the journal rule name to avoid duplicates. If you choose to override the automatically-generated name by typing in a custom name, verify the name is unique and descriptive.
    3. If the message is sent to or received from – Select Apply to all messages to journal all recipients.
    4. Journal the following messages – Select All messages to journal all messages regardless of source or destination:

      Because the journaling mailbox may contain sensitive information, it is recommended that you create organization-wide policies that govern who can access the journaling mailboxes in your organization.

  4. Click Save. The rule is added toe journal rules table.

Once you complete the configuration, mail begins forwarding to the Barracuda Cloud Archiving Service. Log in to the web interface as the administrator, and go to the Basic > Dashboard page. Processed mail displays in the Message Statistics table. Statistics are cached and may take up to 30 minutes to appear.

For additional configuration options and features, log in to the web interface, and click Help.


Barracuda Cloud-to-Cloud Backup

Configure Impersonation for OneDrive for Business

Configure Impersonation for Exchange Online

In order for Barracuda Cloud-to-Cloud Backup to access user mailboxes for backup, you must create a new service account with administrative privileges and apply the impersonation role to that account.

To configure impersonation within Exchange Online:

Step 1. Create a New Service Account

  1. Log in to your Office 365 Management Panel using an account with administrative privileges, and click users and groups in the left pane.
  2. Click the + symbol to create a new account.
  3. In the details page, enter the details for the new service account, and click next.
  4. In the settings page, select Yes to assign administrator permissions, and from the drop-down menu, select Global administrator. Optionally, you can add an alternate email address and location. Click next.
  5. In the assign licenses page, make no changes. Click next.
  6. In the send results in email page, click Create. The service account details are sent to the admin.
  7. To activate the account, log in to your Office 365 Management Panel using the new service account, and update the password.

Step 2. Create Impersonation Role

Option 1. Manually Set Up Impersonation

  1. Log in to your Office 365 Management Panel using an account with administrative privileges, and go to permissions > admin roles.
  2. Click the + symbol. In the new role group dialog box, type BarracudaBackupImpersonation in both the Name and Description fields:
  3. Scroll down to Roles, and click the + symbol.
  4. From the list, select ApplicationImpersonation, and click add:
  5. Click OK.
  6. Scroll down to Members, select the service account created in Step 1: Create a New Service Account, and click add
  7. Click OK. Click Save to save your settings and close the Role Group window. The Impersonation role is now listed in Admin Roles.

Option 2. Set Up Impersonation via PowerShell

Use the following steps to assign the ApplicationImpersonation role using PowerShell:

  1. At the PowerShell command prompt, enter the following command:
    New-ManagementRoleAssignment –name:impersonationAssignmentName –Role:ApplicationImpersonation –User:serviceAccount
    name is the friendly name of the role assignment. Each time you assign a role, an entry is made in the role-based access control (RBAC) roles list. You can verify role assignments by using the Get-ManagementRoleAssignment cmdlet found in the Microsoft Dev Center article How to: Configure impersonation.
    Role is the RBAC role to assign. When you set up impersonation, you assign the ApplicationImpersonation role.
    User is the service account.

  2. Press Enter.


Continue with Step 2 - Complete Service Configuration


Last updated on