United States | Application Impersonation – O365 and Email Archive Migrations

Nick Middleton - 27.11.201820181127

Application Impersonation – O365 and Email Archive Migrations

United States | Application Impersonation – O365 and Email Archive Migrations

For email archive migrations one of the pre-requisites are accounts with the application impersonation role.  Application Impersonation is a management role within Office365 (O365) enabling applications to impersonate users so actions can be performed on their behalf using EWS.

Within O365 there are two ways to set this up: via the O365 GUI or via PowerShell.

Migration account(s)

Create the migration account(s) via your normal process and set the password not to expire. Although this is not actually required to assign the role, setting the password to expire it will mean that once the account details are added into the migration tool you will not be needing to update them every 30,60,90 days depending on your policy. Having to update the credentials repeatedly could cause delays in the migration project.

Assigning role via the GUI

In the Exchange admin center, under permissions, admin roles.

United States | Application Impersonation – O365 and Email Archive Migrations

Click the + to add a new role group, give it a name and description then add the ApplicationImpersonation role to it. Finally add the members which will be the accounts (that you created earlier) you want to assign this role to and click save.

United States | Application Impersonation – O365 and Email Archive Migrations

When you now look under the admin roles you will see the new admin role and on the right-hand side, you can see the role assigned.

United States | Application Impersonation – O365 and Email Archive Migrations

Assigning role via PowerShell

Connect to your O365 PowerShell (https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/connect-to-exchange-online-powershell/connect-to-exchange-online-powershell?view=exchange-ps#connect-to-exchange-online-powershell-1)

Creating the role group and assigning the role is done with a single script, replacing the <..> values as shown:

Syntax

New-RoleGroup -Name <admin role name> -Roles ApplicationImpersonation -Members <UPN for migration accounts>

Example

New-RoleGroup -Name “Application Impersonation PS Group” -Roles ApplicationImpersonation -Members Migration.Account.PS@nickslab.onmicrosoft.com

Output

United States | Application Impersonation – O365 and Email Archive Migrations

You can check the Role Group with this script:

Syntax

Get-RoleGroup <Role group name>

Example

Get-RoleGroup “Application Impersonation PS Group”

Output

In the output, you can see the role assigned the members of the role group

United States | Application Impersonation – O365 and Email Archive Migrations

Confirm that the application impersonation role is working

Browse to https://testconnectivity.microsoft.com/

  • Click on ​the Office 365 tab.
  • Select Service Account Access and click on Next
  • Specify the target mailbox email address
  • Specify the migration account user name
  • Specify the migration account password
  • Checkmark Specify Exchange Web Services URL and specify the URL https://outlook.office365.com/EWS/Exchange.asmx
  • Check the box Use Exchange Impersonation.
  • Check Ignore Trust for SSL.​
  • Click on Perform Test.

Once results are displayed, check the overall results; also click on Expand All.

United States | Application Impersonation – O365 and Email Archive Migrations

THANK YOU FOR YOUR SUBMISSION!

United States | Application Impersonation – O365 and Email Archive Migrations

The form was submitted successfully.

Join the Insentra Community with the Insentragram Newsletter

Hungry for more?

If you’re waiting for a sign, this is it.

We’re a certified amazing place to work, with an incredible team and fascinating projects – and we’re ready for you to join us! Go through our simple application process. Once you’re done, we will be in touch shortly!

Who is Insentra?

Imagine a business which exists to help IT Partners & Vendors grow and thrive.

Insentra is a 100% channel business. This means we provide a range of Advisory, Professional and Managed IT services exclusively for and through our Partners.

Our #PartnerObsessed business model achieves powerful results for our Partners and their Clients with our crew’s deep expertise and specialised knowledge.

We love what we do and are driven by a relentless determination to deliver exceptional service excellence.

United States | Application Impersonation – O365 and Email Archive Migrations

Insentra ISO 27001:2013 Certification

SYDNEY, WEDNESDAY 20TH APRIL 2022 – We are proud to announce that Insentra has achieved the  ISO 27001 Certification.