Knowledge Base Article: Exchange & Office 365 RBAC permissions requirements for the HelpMaster Email Manager service account.

Exchange & Office 365 RBAC permissions requirements for the HelpMaster Email Manager service account.

E-mail:7

Exchange server Office 365 O365 2013 2016 2019 RBAC permissions requirements HelpMaster Email Manager service account impersonation role UserApplication ApplicationImpersonation

HelpMaster > All Services > Email Manager Service > Configuration

E-mail

23/05/2018 12:38:07 PM

12/12/2019 10:44:27 AM

Average Rating (from {{model.ratings}} ratings)

Applies to

HelpMaster Email Manager v16 & above
Exchange Server 2010 & above
Office 365

Summary

For the HelpMaster Email Manager service to be able to fully utilize Exchange Server & Office 365 mailboxes via an Outlook profile, it may require additional Role Based Access Control permissions to act on behalf of the Exchange or Office 365 mailbox. This is in addition to the Email Manager Service Logon Account requiring the standard "FULL" and "Send As" (&/or "Send on Behalf Of") delegation of permissions to any Exchange mailboxes that need to be scanned by the Email Manager service.

Symptoms 

The Email Manager service Event Log may report that it cannot access a particular Exchange or Office 365 mailbox or it's 'Folder ID' which is an ID generated by HelpMaster to identify each mailbox that is being utilized. This may occur even if the Email Manager Service Logon Account already has "FULL" and "Send As" (&/or "Send on Behalf Of") permissions to any of the selected Exchange or Office 365 mailboxes.

Resolution

The solution is to grant the Email Manager Service Logon Account, Exchange Role Based Access to the ApplicationImpersonation and UserApplication roles as outlined in the Microsoft Technet articles below. This is done from the Exchange Admin Centre as follows...

  1. Login to your on-premise Exchange Admin Centre as an Enterprise Administrator, or from your Office 365 Admin Portal choose the "Exchange" Admin center,
    [image]

  2. Navigate to "permissions" and click "+" to add a new "admin role" group. Name it something like "HelpMaster Service" & write a description for easy identification,
    [image]

  3. Under the "Roles:" label click "+" and add the "ApplicationImpersonation" & "UserApplication" roles as a minimum, plus any others you may need like "Public Folders" access,

  4. Under the "Members:" label click "+" and add your HelpMaster Service Logon Account and any other users you wish to grant these permissions to,
    [image]

  5. Click "Save" to apply your new RBAC permissions.

 

Further Information

Understanding Role Based Access Control

Microsoft Technet ApplicationImpersonation role

Microsoft Technet UserApplication role

Please contact PRD Software for any further information about this issue.

Attachments ({{entity.Attachments.length}})