Product: Netmail Archive 5.x, 6.x
Netmail Archive uses PowerShell over EWS in order to communicate with Exchange and Exchange Online in Office 365. The archive job logs into each specified account using a single administrative account. This account needs to be granted access rights to all the accounts it needs to archive. This is achieved through the use of impersonation rights. Impersonation rights give a single user that ability to access all other accounts or individually specified accounts.
Netmail Requires an administration account. This account can be global administrator or can be a standard user account as long as it has been granted impersonation rights to other accounts and is a member of the "Exchange Management Group" Full or Read/Only.
For restrictive access to accounts (ie in a Hosted or Multi-Tenant environment) consult Microsoft Power Shell commands for granting impersonation rights to specific groups or users.
Grant Impersonation Rights
On one of the following workstations:
Windows 10, Windows 8.1, Windows Server 2016, Windows Server 2012 / 2012R2, Windows 7SP1 or Windows Server 2008R2 SP1.
Note: Micrsosoft .NET Framework 4.5 or later and Windows Management Framework 3.0 or 4.0 is required and should be present on Windows Server 2012 and higher.
1. Run Windows Powershell as Administrator (Right click on menu item)
2. In PowerShell Window type following commands:
PS>$UserCredential = Get-Credential
(Popup will allow entry of O365 global admin user)
PS>$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
(Creates a remote powershell session with O365 (US))
(Imports Exchange PowerShell Commands)
PS>NewManagementRoleAssignment -Name:NMArchiveImpersonation -Role:ApplicationImpersonation -User "Globaladmin@tenant.onmicrsoft.com"
(Sets the user to have access to all accounts on the tenant)
(Removes the remote powershell session)