It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Attention

As of March 1, 2022, the legacy Barracuda Essentials Security, Compliance, and Complete editions are no longer available for purchase. Only existing customers can renew or add users to these plans.

Following October 30, 2022, the documentation and trainings will no longer be updated and will contain outdated information.

For more information on the latest Email Protection plans, see Barracuda Email Protection.

To update your bookmarks, see the following for the latest documentation and trainings:

Note that MSP customers should continue to follow Barracuda Essentials for MSPs.

Office 365 Compliance Edition

  • Last updated on

After you have completed the procedures in Step 1 - Set Up Essentials for Office 365 and Step 2 - Configure Office 365 for Inbound and Outbound Mail, continue below to set up your Barracuda Cloud Archiving Service.

Barracuda Cloud Archiving Service

  1. Configure Directory Services
  2. Launch the Initial Setup Wizard
  3. Configure Journaling from Office 365 Mail Service
  4. Create and Configure an Office 365 Exchange Online Service Account

Step 1. Configure Directory Services

Google Directory Service integration is currently not supported for Barracuda Cloud Archiving Service.

You must configure LDAP or Azure AD for group expansion and user attributes in the Barracuda Cloud Archiving Service.

Active Directory Limitations
Barracuda Networks does not support using default AD groups, such as Domain Users, when applying entitlements for user access. Due to limitations within AD, these groups may not contain all users or any users at all.

Verify User Status
Before adding users to the Barracuda Cloud Archiving Service via your organization's LDAP servers, verify that users are enabled, are members of the domain, and that the mail attribute is set for each user.

Incoming Connections
To ensure uninterrupted access to LDAP server from the Barracuda Cloud, you must allow incoming connections from the following IP ranges:

    • 35.170.131.81
    • 54.156.244.63
    • 54.209.169.44

Secure LDAP
Barracuda Networks recommends connecting your LDAP connection using SSL (LDAPS). As the information will be transmitted between Barracuda Networks' cloud servers and your Cloud email service, you must ensure that the connection is secure. Contact your IT Administrator if you need help setting up LDAPS in your network.

Use AD authentication to store and administer Barracuda Cloud Archiving Service user accounts via your organization's LDAP or Azure AD.

When you first set up the Barracuda Cloud Archiving Service, a warning notice displays across the top of the web interface notifying you that you must configure AD through Barracuda Cloud Control and enable groups. Before you continue, you are required to either set up AD and wait for a sync to complete, or select to proceed without AD. Barracuda Networks strongly recommends setting up local AD.

Create a Barracuda Cloud Control Directory
  1. Go to Home >  Admin > Directories.
  2. Click the Add Directory button. 
    addLdap.png
  3. Select one of the following sections to add a new LDAP or Azure active directory.
Add a New LDAP Active Directory
  1. Select LDAP Active Directory.
  2. On the INFO tab, specify a new Directory Name.
  3. Activate the Authentication option to have users authenticate using their LDAP credentials. If you disable this option, users authenticate with Barracuda Cloud Control.

     

    Barracuda Networks strongly recommends creating an additional administrator account using an independent domain that does not use Active Directory (AD) authentication. This allows you access to your Barracuda Networks product account if your AD server goes down or fails.

     

    addLdapInfo.png

  4. Click SAVE AND CONTINUE.
  5. On the HOST tab, specify the following for the LDAP host:
    • LDAP Host IP address 
    • LDAP Host Port – Use Port 389 for LDAP and LDAPTLS or Port 636 for LDAPS.
    • Base Domain Name (DN) – Any user or group that exists with the search base that will sync to Barracuda Networks. For example, DC=domain,DC=com.
    • Bind DN – Enter the bind domain name for a service account with read permissions to the active directory.
    • Password – Password associated with the service account.
    • Connection Security – Select SSLTLS, or None. For more information, see New Requirements for LDAP Authentication.
  6. (Optional) To add additional servers, click Add LDAP Host.
  7. If your LDAP server uses a self-signed certificate, toggle on the Allow Self-Signed Certificate setting.
  8. Click TEST CONNECTION to check connectivity to the host. If the connection fails, verify your settings are correct and that you have allowed the Barracuda Networks IP in your firewall. Contact Barracuda Networks Technical Support for additional troubleshooting.
  9. If the connection succeeds, it displays as Connected. Click SAVE AND  CONTINUE.
    addLdapHost.png
  10. On the DOMAINS tab, add the domains associated with your users.
  11. For each domain that you add, click Verify and following the instructions to verify the domain.
    verifyLdapDomain.png
  12. After each domain is verified, you can sync your users and groups to the Barracuda Cloud Control.
Add a New Azure Active Directory
  1. Select Azure Active Directory.
  2. On the INFO tab, specify a new Directory Name. For example, "Office 365". 
  3. Click CONNECT TO MICROSOFT to sign into Microsoft and authorize Barracuda Cloud Control to connect to your Azure Active Directory account.
    1. Log in with your Office 365 administrator credentials.
    2. Accept the credentials for the application request.

    addAzureInfo.png

  4. Activate the Authentication option to have users authenticate using their Azure credentials. If you disable this option, users authenticate with Barracuda Cloud Control.

    Barracuda Networks strongly recommends creating an additional administrator account using an independent domain that does not use Active Directory (AD) authentication. This allows you access to your Barracuda Networks product account if your AD server goes down or fails.

  5. After you are redirected back to the Barracuda Cloud Control, click Save.

Back to the Top

Step 2. Launch the Initial Setup Wizard

  1. Click Archiver in the left pane. The initial setup wizard will run.
  2. Click Next.

  3. Click Verify to verify the directory service configuration in your Barracuda Cloud Control account.
    setupWizardDirSvcs.png

  4. Click Next.

  5. Verify that all the email domains you plan to archive are listed here. If there are any missing, add them now.
    setupWizardLocalDomains.png
  6. Click Next.
  7. (Optional) Specify a retention policy. Otherwise, click Next.
    setupWizardRetention.png
  8. Click Finish to apply your changes.
    setupWizardFinish.png

Back to the Top

Step 3. Configure Journaling from Office 365 Mail Service

Option 1. Configure Journaling from the Web Interface
  1. Go to the Mail Sources > SMTP Journaling page.
  2. Go to Journaling Setup Scripts > Office 365 Setup Script, and click Run Script.
  3. Follow the onscreen prompts to configure Office 365 to journal mail to the Barracuda Cloud Archiving Service.
Option 2. Configure Journaling via Script
  1. Go to the Mail Sources > SMTP Journaling page.
  2. In the Journaling Setup Scripts > Office 365 Setup Script section, click Download to save the PowerShell script to your local system, or click Show Script to copy the script to your clipboard.
  3. Open Windows PowerShell, and run the script to configure Office 365 to journal mail to the Barracuda Cloud Archiving Service.

If you are unable to run the journaling script and need to manually configure journaling, see Manually Configure Journaling.

Back to the Top

Step 4. Create and Configure an Office 365 Exchange Online Service Account

Requirements

If this is a Cloud Service Provider (CSP) account, refer to this article Azure MFA Requirements for Microsoft CSPs to ensure the correct configuration is set.

Microsoft Exchange Online

Microsoft Exchange Online message throttling policies set bandwidth limits and restrict the number of processed messages. Throttling is enabled by default in Microsoft Exchange Online. Currently you cannot set policies to disable throttling in Exchange Online; for details, refer to the Microsoft Outlook dev blog. Barracuda is working on a solution to provide this option in the future.


To import from Exchange Online using EWS, see How to Configure Microsoft Exchange Online Email Import Using EWS. If you are not using EWS, use the following instructions to import from Exchange Online.

Step 1. Connect to Office 365 Exchange Online
  1. Install Exchange Online module.
    • If you have already installed Exchange Online module, proceed to the next step.
    • To install Exchange Online module, open Windows PowerShell as an administrator and enter the following command: 
      Install-Module -Name ExchangeOnlineManagement
  2. Connect to Exchange Online Powershell and log in with your Office 365 administrator account using the following command:
    Connect-ExchangeOnline

    For more information on connecting to Exchange Online Powershell, see the Microsoft article https://docs.microsoft.com/en-us/powershell/exchange/connect-to-exchange-online-powershell?view=exchange-ps.

  3. After you connect to Exchange Online PowerShell, enter the following command:
    Get-Mailbox -ResultSize unlimited | Add-MailboxPermission -User <ServiceAccount@domain.com> -AccessRights fullaccess -InheritanceType all -Automapping $false
     Permissions are assigned on existing mailboxes only; if additional mailboxes are added to your organization, you must rerun this command.

    For more information on adding mailbox permissions, see Add-MailboxPermission in Microsoft TechNet. For information on testing mailbox rights, see Get-MailboxPermission in Microsoft TechNet.

Step 2. Import from Office 365 Exchange Online

To import from Exchange Online using EWS, see How to Configure Microsoft Exchange Online Email Import Using EWS. If you are not using EWS, use the following instructions to import from Exchange Online.

  1. Log into the Barracuda Cloud Archiving Service as the admin, and go to Mail Sources > Exchange Integration.

  2. Click Start New Action. In the Select Action page, click Email Import.
  3. In the Select Server page, click Add New Server.
  4. In the Add New Server dialog box, enter a Configuration Name, the email address for the service account and the service account password.
  5. Click Autodiscover.

If autodiscover is unable to identify your settings, use the steps in the following section, Manually Configure Settings.

Manually Configure Settings

Use the steps in this section only if autodiscover is unable to identify your settings as described above in the section Automatically Discover Settings.

Step 1. Manually Obtain Exchange Hostname Using PowerShell
  1. Open Windows PowerShell, and connect to Office 365 Exchange Online.

  2. Enter the following command, and then press Enter:
    Get-Mailbox -Identity <username for service account> | Format-List ExchangeGuid, PrimarySMTPAddress

  3. To determine the Exchange Hostname, combine the ExchangeGuid with the domain portion of the PrimarySMTPAddress to form  ExchangeGuid@domain.com .
    powershellCommand.png
  4. To close out the remote PowerShell session, enter the following command, and then press Enter:
    Disconnect-ExchangeOnline
Step 2. Manually Configure Server Settings for Email Import
  1. Log into the Barracuda Cloud Archiving Service as the admin, and go to Mail Sources > Exchange Integration.

  2. Click Start New Action. In the Select Action page, click Email Import.
  3. In the Select Server page, click Add New Server.
  4. In the Add New Server dialog, click Configure Manually; enter the Exchange details:
    1. Configuration Name – Enter a name to identify the configuration.
    2. Exchange Hostname – Enter the Exchange hostname from Step 1 Manually Obtain Exchange Hostname Using PowerShell 
    3. Username – Enter the service account username.
    4. Password – Enter the password associated with the username.
    5. Exchange 2013 – Select Yes.
    6. Advanced Options – In the Proxy Server field type  outlook.office365.com and leave the Global Catalog Server field blank.
  5. Click Save to add your configuration and close the dialog box.
  6. In the Configure Action page, click Continue.

  7. In the View Summary page, select All Users from the Source drop-down menu.

  8. Specify the desired Date and Schedule settings. Click Continue.

  9. Verify the configuration settings in the View Summary page, and then click Submit to add the Email Import to the Scheduled Actions table.

 

Back to the Top

See Also

Click the component tabs above or click a link below to learn more: