Enterprise Vault™ Setting up Exchange Server and Office 365 for SMTP Archiving

Last Published:
Product(s): Enterprise Vault (14.5)
  1. Configuring Exchange Server for an Enterprise Vault SMTP Archiving solution
    1.  
      About using Enterprise Vault SMTP Archiving for Exchange Server journaling
    2.  
      Summary of steps
    3.  
      Creating a remote domain using the Exchange Management shell
    4.  
      Creating a recipient mail contact in the remote domain
    5.  
      Creating a Send Connector for the remote domain
    6.  
      Setting up Exchange Server journaling
    7.  
      Points to note when setting up Enterprise Vault SMTP Archiving servers
  2. Configuring Office 365 for Enterprise Vault SMTP Archiving
    1.  
      About using Enterprise Vault SMTP Archiving for Office 365 journaling
    2.  
      Summary of steps
    3.  
      Creating an Office 365 to Enterprise Vault Send Connector
    4.  
      Points to note when setting up Enterprise Vault SMTP Archiving servers
  3. Configuring the Azure RMS Decryption feature for Office 365 email encryption support
    1.  
      About configuring the Azure RMS Decryption feature for Office 365 email encryption support
    2.  
      Summary of steps
    3.  
      Configuring IRM settings for journal report decryption in your organization
    4.  
      Getting the Rights Management configuration details of your Azure tenant
    5.  
      Creating a new service principal that represents your tenant to external applications
    6.  
      Adding the service principal to the list of superusers for your organization
    7.  
      Installing Microsoft Right Management Services Client 2.1
    8.  
      Configuring the decryption of RMS-protected messages in Enterprise Vault
  4. Configuring decryption of MPIP-protected Office 365 emails archived in Enterprise Vault
    1.  
      About configuring the MPIP decryption feature in Enterprise Vault
    2.  
      Summary of steps
    3.  
      Disable decryption of journal report in your organization
    4.  
      Register an application with the Azure Active Directory
    5.  
      Assign the required permissions to an application
    6.  
      Upload certificates
    7.  
      Configure decryption of MPIP-protected emails in Enterprise Vault

Configuring the decryption of RMS-protected messages in Enterprise Vault

Configure the RMS settings in the site properties, and the SMTP policy to allow Enterprise Vault to decrypt RMS-protected messages.

To configure RMS settings in Enterprise Vault

  1. In the left pane of the Administration Console, expand the hierarchy until the name of the site is visible.
  2. Right-click the name of the site. Then click Properties. The site properties are displayed.
  3. Click the RMS tab.
  4. Select the Enable RMS Decryption check box.
  5. Edit the following settings:

    • Intranet URL

    • Extranet URL

    • BPOS Tenant ID

    • Application Principal ID

    • Symmetric Key

  6. Click Test to verify whether the Enterprise Vault server can authenticate with the Azure Information Protection (AIP) services using the provided settings.
  7. Click OK to close the site properties.
  8. In the left pane of the Administration Console, expand the hierarchy until Policies is visible.

    Expand Policies and click SMTP.

    In the right-hand pane, double-click the name of the policy that is used for SMTP archiving. The policy's properties are displayed.

  9. Click the Advanced tab.
  10. Set ClearText copies of RMS Protected items to Treat as Secondary.
  11. Set Decrypt RMS Protected items to Decrypt for journal archives only.
  12. Click OK to close the SMTP policy properties.
  13. Restart the SMTP archiving task and the associated Storage service to apply the changes.