Veritas Alta™ View Compliance and Governance User Guide

Last Published:
Product(s): Veritas Alta Archiving (1.0), Veritas Alta eDiscovery (1.0)
  1. Getting started
    1.  
      About Veritas Alta View Compliance and Governance Management Console
    2.  
      Prerequisites for using Veritas Alta View Compliance and Governance Management Console
    3.  
      Veritas Alta View Compliance and Governance Management Console web browser support
    4.  
      What's new in this release
    5.  
      Signing in to Veritas Alta View Compliance and Governance Management Console
    6.  
      Signing out from Veritas Alta View Compliance and Governance Management Console
    7.  
      Resetting a forgotten password
    8.  
      Changing your profile password
  2. Archive Overview
    1. About Archive Overview
      1.  
        Archive Usage
      2.  
        Sync Activity
      3.  
        Roles
    2.  
      Viewing the Archive Usage Snapshot report
  3. Working with Dashboard
    1.  
      About dashboard
    2.  
      Viewing and exporting statistics of Alta Capture-specific archives
    3.  
      Viewing and exporting mail statistics of EVC-specific archives
  4. Managing Configurations
    1.  
      About the Configuration page
    2.  
      Viewing provisioned services
    3.  
      Selecting the User Management options
    4. About Provisioning
      1.  
        Configuring the Alta Personal Archive deployment options
      2.  
        Configuring the administrator notification options
    5.  
      CloudLink Sync Summary
    6. About Managed Tags
      1.  
        Creating a managed tag
      2.  
        Assigning a managed tag to users
      3.  
        Changing the retention policy associated with a managed tag
      4.  
        Deleting a managed tag
    7. About Account Management
      1.  
        Searching for archive accounts
      2.  
        Using search filters
      3.  
        Creating an archive account
      4.  
        Viewing and editing the archive account details
      5.  
        About the Account Details page
      6.  
        Editing an archive account
      7.  
        Deleting an archive account
      8.  
        Deploying users
      9.  
        Enabling services for existing archive accounts
      10.  
        Removing user access
      11.  
        Disabling bulk user accounts
      12.  
        Editing Mobile Web Access permission for existing archive accounts
      13.  
        Unlocking an archive account
      14.  
        Exporting archive account information
      15.  
        Editing contact details of a system administrator
  5. Managing Archive Collectors
    1.  
      About Archive Collectors
    2.  
      Adding new archive collectors
    3.  
      Updating configuration of existing archive collectors
    4.  
      Stopping the import job of archive collectors
    5.  
      Restarting import job of archive collectors
    6.  
      Viewing the latest status of Archive Collectors
    7.  
      Deleting an existing archive collector
    8. About Exchange Online Archiving
      1.  
        Setting up modern authentication in Azure AD for Exchange Online sync
      2.  
        Configuring Exchange Online sync
      3.  
        About Exchange Online folder synchronization
      4.  
        Prerequisite for migrating Exchange Online Users configured with Folder Sync to Exchange Online Folder Synchronization
      5.  
        Configuring Exchange Online folder synchronization
    9. About Bloomberg Archiving
      1.  
        Configuring the Bloomberg Synchronization
    10. About Microsoft Teams Archiving
      1.  
        Registering a Microsoft Azure App for Teams Collector
      2.  
        Requesting access to protected APIs in Microsoft Graph
      3.  
        Enabling Microsoft Teams Archiving service for customer
      4.  
        Configuring Microsoft Teams Synchronization
    11. About OneDrive for Business Archiving
      1.  
        Registering a Microsoft Azure App for OneDrive for Business Collector
      2.  
        Enabling the OneDrive for Business Archiving service for customer
      3.  
        Configuring OneDrive for Business Synchronization
    12. About Data Uploading
      1.  
        Configuring data uploading collection
    13. About Alta Capture Services Archiving
      1.  
        Enabling Alta Capture Services for Archiving
      2.  
        Configuring Capture Services for Archiving
  6. Managing Roles and Permissions
    1.  
      About Role Management
    2.  
      Editing the built-in administrator roles
    3.  
      Creating custom administrator roles
    4.  
      Assigning administrator roles to an archive account
    5.  
      Assigning the reviewer role to an archive account
    6.  
      Assigning several archive accounts for monitoring
  7. Managing Policies
    1.  
      About Policy Management
    2.  
      Configuring archive options
    3.  
      Enabling and disabling account archiving
    4.  
      Configuring an advanced password policy
    5.  
      Configuring trusted networks for Veritas Alta Archiving access
    6.  
      Managing Custom Headers
    7.  
      Managing Discard Rules
  8. Managing Authentication
    1.  
      Configuring the Veritas Alta Archiving authentication service
    2.  
      Enabling the Authentication Settings permission for the Policy Manager role
    3.  
      Assigning the Policy Manager role to an administrator
    4.  
      Selecting an authentication method
    5.  
      Uploading a token-signing certificate
    6.  
      Validating the Identity Provider URL
    7.  
      Activating single sign-on
  9. Managing Retention Policies
    1.  
      About Retention Management
    2.  
      Configuring the default retention period
    3.  
      Creating a retention policy
    4.  
      Editing a retention policy
    5.  
      Deleting a retention policy
    6.  
      Associating a retention policy with a policy target
    7.  
      Disassociating a retention policy from a policy target
    8.  
      Enabling and disabling the storage expiry setting
    9.  
      Viewing the storage expiry status table
  10. Managing Email Continuity Services
    1.  
      About Email Continuity
    2.  
      Email Continuity prerequisites
    3.  
      Configuring Email Continuity
    4.  
      Provisioning the Email Continuity service for your mail servers
    5.  
      Adding the Email Continuity IP ranges to your firewall and mail server allowlists
    6.  
      Updating your email security provider routing configuration
    7.  
      Testing the Email Continuity configuration
    8.  
      Managing Email Continuity
    9.  
      Email Continuity FAQ
  11. Managing Reports and Notifications
    1.  
      About Veritas Alta Archiving reports, logs, usage, and notifications
    2. Reports
      1.  
        Generating a Messaging Report
      2.  
        Generating a Personal Archive Report
      3.  
        Generating a Mobile Web Access Report
      4.  
        Generating a Discovery Archive Report
      5.  
        Generating an Advanced Supervision specific Report
    3. Usage
      1.  
        Generating a service usage report
      2.  
        Generating a mailbox statistics report
      3.  
        Generating an archived message size report
    4. Logs
      1.  
        Viewing the Activity Log
      2.  
        Viewing the Message Log
      3.  
        Viewing the Usage Log
      4.  
        Creating a Retention Log Report
      5.  
        Viewing the Mobile Browser Log
      6.  
        Viewing the Personal Browser Log
      7.  
        Viewing the Discovery Browser Log
    5. Notifications
      1.  
        Enabling or disabling usage notifications
      2.  
        Changing the usage notification threshold and frequency
      3.  
        Adding or removing email addresses for usage notifications
  12. Classification
    1.  
      About classification
    2.  
      Which emails get classified?
    3.  
      Steps for setting up classification
    4.  
      Accessing the Veritas Alta Classification
    5.  
      Veritas Alta Archiving item properties for use in custom classification policies
  13. Managing Data Import
    1.  
      About Import Data
    2.  
      Importing data into archives
  14. AD FS Configuration Guide
    1.  
      Configuring AD FS to work with Veritas Alta Archiving
    2.  
      Adding a relying party trust for Veritas Alta Archiving
    3.  
      Generating a token-signing certificate
  15. Alta Personal Archive Deployment for IBM Notes
    1.  
      Alta Personal Archive deployment for IBM Notes
  16. Archive Administration Updates in Previous Releases
    1.  
      About the updates for previous releases

Setting up modern authentication in Azure AD for Exchange Online sync

If you want to use modern authentication for O365 sync, you need to configure an app in Azure AD. After you complete this setup, you get the Application (Client) ID and the primary domain details. These details are required to manage Exchange Online synchronization.

To set up modern authentication in Azure AD for Exchange Online sync

  1. Create a new Azure AD app.

    To create app on the Azure Active Directory, you need to select App Registrations in the left navigation pane. Click New Registration, and provide the user-facing display name of the application. Click Register.

    Copy and note the Application (Client) ID.

  2. On the Azure AD portal, select Certificates & secrets, and upload the public key for a self-signed certificate created by you for the Azure AD app.

    Note:

    You can use any secured method to create a self-signed certificate and a public key. However, in this sample scenario, to create a self-signed certificate and a public key, the Create-SelfSignedCertificate.ps1 script is executed. This script is available with the Exchange Online V2 module. Save or install the module from https://www.powershellgallery.com/packages/ExchangeOnlineManagement/2.0.3

    Example to create a self signed certificate using Create-SelfSignedCertificate.ps1

    < Location where ExchangeOnlineManagement is installed or saved >\ExchangeOnlineManagement\2.0.3\Create-SelfSignedCertificate.ps1

    -CommonName AnimDemoCert -StartDate (Get-Date).Date -EndDate (Get-Date).Date.AddYears(1)

    After successful execution of this script, a self-signed certificate (.CER) and the public key (.PFX) will be created in the current working directory. You can use the .PFX certificate file in Veritas Alta Archiving, and corresponding .CER certificate file in Azure Active Directory.

    Note the password used for the certificate. You need this password later while configuring the Exchange Online sync in Archive Administrator.

    In the above example, the self-signed certificate is valid for a year. You can choose the certificate expiry as required.

  3. Upload the certificate (.CER file) that you have created in the previous step.

    Select Certificates & secrets in the left navigation pane. Upload the certificate (.CER file) that you have created in the previous step.

    Note:

    Certificates are the recommended way to connect to a registered Azure AD app and also Exchange Online V2 module only supports using certificates to connect to Exchange Online using a registered Azure AD app.

  4. Provide the required API permissions to the app.

    The following Azure AD app permissions are required for configuring Exchange Online sync with Modern Authentication:

    Note:

    The following permissions are required to support for full functionality of this feature. Items noted below as optional can be omitted if the API permission use and the associated functionality is not required for your environment.

    Exchange web service (EWS API\Proxy)

    (Optional)

    API permission use: Web folder deployment

    Note:

    This permission is required for the initial configuration, but is optional for ongoing use if this functionality is not required. You can remove it after initial configuration.

    How to configure: Exchange Online Exchange Online > Application permissions > Other permissions > full_access_as_app

    Exchange Online V2 (PowerShell)

    (Required)

    API permission use: To get exchange related information like delegated permissions, DL membership, and DDL membership.

    API permission path: Exchange Online Exchange Online > Application permissions > Exchange > Exchange.ManageAsApp

    Note:

    Exchange.ManageAsApp permission is required. For reference, see Set up app-only authentication

    Role: One of the following roles is required.

    • Need to assign RBAC roles to the app. You can assign any of the following roles:

      • Exchange Administrator: Use this role if you want the Exchange Online Sync connector create and manage journal address and journal rules in Exchange automatically for you.

        How to configure: AAD->Roles and Administrators->Exchange Administrator->Add Assignments->Search for the app-> Select app-> Add Exchange Administrator

      • Global Reader: Use this role if you prefer to create and manage journal address and journal rules in Exchange manually.

        How to configure: AAD->Roles and Administrators->Global Reader->Add Assignments->Search for the app-> Select app-> Add Global Reader.

        Note:

        You cannot see the App immediately after creating it. This could take 12-24 or more hours for the app to show up in the list to be selected.

    • Need to assign the Exchange Administrator role to add journal address in provisioning configuration automatically in exchange.

    • Else, the Global Reader role serves the same purpose for syncs.

    Graph API

    API permission use: To get user license and other information from Azure AD.

    How to configure:

    • MS Graph > Application permissions > User > User.Read.All

    • MS Graph > Application permissions > Directory > Directory.Read.All

    Permissions to be assigned: You need to at least assign the User.Read.All permission to the application.

    Reference: See Permissions

  5. To add the journal address automatically to Exchange, add app as an Exchange Administrator.

    Alternatively, if you want to add the journal address manually, assigning the Global Reader role is enough.

  6. From the Azure AD portal, select Custom domain names to view domain names for the Tenant.

    Copy and note a domain Name that is Available and contains .onmicrosoft.com which is required to use as the Tenant Name for full functionality in the configuration of Exchange Online sync in Veritas Alta Archiving.

    Example: evcloud.onmicrosoft.com