Exchange Server 365

Back

 

A so-called impersonation user must be created for Exchange Server 365 and assigned rights (role).
(Impersonation is the way to grant an application the right to work as if it were logged in as a user. This requirement applies to ERP / CRM systems, archive products, and many other things that are supposed to do something on behalf of the user. In our case reading the calendar status of the users).

 

As a rule, of course, an application does not have a user’s access data. But even if you grant a service account all the rights that the user has, it is still not the same to access information with the service account. A simple example: If you create a new object, it not only gets the permissions of the object above it. But it also gets an “owner”. Even if a service account has the right to create an element in a folder or mailbox, the user is not the “owner” but the service account is entered as the “creator”. At least for access via a “Full Access” right.

It is, therefore, better if a process can pretend to be “a user”. This is exactly what is possible with the “impersonation law”.

In order to create the administrator role and assign it to the user, you have to log in to the Microsoft 365 admin center in the Exchange admin center. You need admin rights to configure the Exchange Admin Center.

Once in the Exchange Admin Center, a new administrator role is created in the “Permissions” tab.

Enter any name in the administrator role, in our example “sys-collection exchange service”. Then select the role “ApplicationImpersonation” and enter the user who should have the right.

This user is entered in the sys-Collection Management Exchange Server and the password is stored.