Enterprise Vault™ Setting up Exchange Server and Office 365 for SMTP Archiving

Last Published:
Product(s): Enterprise Vault (14.5)
  1. Configuring Exchange Server for an Enterprise Vault SMTP Archiving solution
    1.  
      About using Enterprise Vault SMTP Archiving for Exchange Server journaling
    2.  
      Summary of steps
    3.  
      Creating a remote domain using the Exchange Management shell
    4.  
      Creating a recipient mail contact in the remote domain
    5.  
      Creating a Send Connector for the remote domain
    6.  
      Setting up Exchange Server journaling
    7.  
      Points to note when setting up Enterprise Vault SMTP Archiving servers
  2. Configuring Office 365 for Enterprise Vault SMTP Archiving
    1.  
      About using Enterprise Vault SMTP Archiving for Office 365 journaling
    2.  
      Summary of steps
    3.  
      Creating an Office 365 to Enterprise Vault Send Connector
    4.  
      Points to note when setting up Enterprise Vault SMTP Archiving servers
  3. Configuring the Azure RMS Decryption feature for Office 365 email encryption support
    1.  
      About configuring the Azure RMS Decryption feature for Office 365 email encryption support
    2.  
      Summary of steps
    3.  
      Configuring IRM settings for journal report decryption in your organization
    4.  
      Getting the Rights Management configuration details of your Azure tenant
    5.  
      Creating a new service principal that represents your tenant to external applications
    6.  
      Adding the service principal to the list of superusers for your organization
    7.  
      Installing Microsoft Right Management Services Client 2.1
    8.  
      Configuring the decryption of RMS-protected messages in Enterprise Vault
  4. Configuring decryption of MPIP-protected Office 365 emails archived in Enterprise Vault
    1.  
      About configuring the MPIP decryption feature in Enterprise Vault
    2.  
      Summary of steps
    3.  
      Disable decryption of journal report in your organization
    4.  
      Register an application with the Azure Active Directory
    5.  
      Assign the required permissions to an application
    6.  
      Upload certificates
    7.  
      Configure decryption of MPIP-protected emails in Enterprise Vault

Points to note when setting up Enterprise Vault SMTP Archiving servers

Detailed instructions on how to configure Enterprise Vault SMTP Archiving are provided in the manual, Setting up SMTP Archiving. This section highlights points that you need to consider when configuring your Enterprise Vault environment, and the Enterprise Vault SMTP servers.

  • If you want to allow encrypted connections to the Enterprise Vault SMTP servers, then you need to obtain and import a suitable certificate on the Enterprise Vault SMTP servers.

    For instructions on how to obtain a certificate, see the section, "Obtaining an SSL/TLS certificate", in Setting up SMTP Archiving.

    You import certificates for the SMTP servers using the SMTP server settings in the Enterprise Vault Administration Console. The SMTP server settings are in the properties of the container Targets > SMTP.

  • Make sure that the Enterprise Vault SMTP servers are configured to accept traffic from the servers that use the Office 365 Send Connector. If you use a firewall, then connections to the SMTP servers are likely to be from servers in your internal network. Connection Control on the SMTP server settings dialog lets you configure the servers that can connect to the SMTP servers.

  • On the SMTP servers do not configure authentication for connections, as this cannot be configured on the Office 365 Send Connector.

  • To secure communications you can use a combination of the following features:

    • Set up a firewall, and firewall ACLs based on Office 365 email addresses.

    • In your internal network, use an internal address to route messages to Enterprise Vault, for example journal@evsmtp.local. This is then the SMTP target address that you configure in Enterprise Vault.

    • Deliver messages to the SMTP servers using IP addresses, not DNS.

    • On the Enterprise Vault SMTP servers, use the Connection Control dialog to configure the servers in your internal network that are allowed to connect to the SMTP servers.

  • If you use a single journal address for the whole environment, Enterprise Vault accepts the journal traffic on any SMTP server. In Enterprise Vault 12.3 and later, you can assign multiple archives to an SMTP routing address to spread the archiving load over several archives and Enterprise Vault storage servers. In previous releases of Enterprise Vault, you could only implement target address rewriting to do this.

    Assigning multiple archives to an SMTP routing address, and target address rewriting are described in Setting up SMTP Archiving. Additional information is provided in Best Practices for Deploying SMTP Archiving. You can access these documents at the following address on the Veritas support website: http://www.veritas.com/docs/000004016.