Enterprise Vault™ Setting up Exchange Server and Office 365 for SMTP Archiving

Last Published:
Product(s): Enterprise Vault (14.5)
  1. Configuring Exchange Server for an Enterprise Vault SMTP Archiving solution
    1.  
      About using Enterprise Vault SMTP Archiving for Exchange Server journaling
    2.  
      Summary of steps
    3.  
      Creating a remote domain using the Exchange Management shell
    4.  
      Creating a recipient mail contact in the remote domain
    5.  
      Creating a Send Connector for the remote domain
    6.  
      Setting up Exchange Server journaling
    7.  
      Points to note when setting up Enterprise Vault SMTP Archiving servers
  2. Configuring Office 365 for Enterprise Vault SMTP Archiving
    1.  
      About using Enterprise Vault SMTP Archiving for Office 365 journaling
    2.  
      Summary of steps
    3.  
      Creating an Office 365 to Enterprise Vault Send Connector
    4.  
      Points to note when setting up Enterprise Vault SMTP Archiving servers
  3. Configuring the Azure RMS Decryption feature for Office 365 email encryption support
    1.  
      About configuring the Azure RMS Decryption feature for Office 365 email encryption support
    2.  
      Summary of steps
    3.  
      Configuring IRM settings for journal report decryption in your organization
    4.  
      Getting the Rights Management configuration details of your Azure tenant
    5.  
      Creating a new service principal that represents your tenant to external applications
    6.  
      Adding the service principal to the list of superusers for your organization
    7.  
      Installing Microsoft Right Management Services Client 2.1
    8.  
      Configuring the decryption of RMS-protected messages in Enterprise Vault
  4. Configuring decryption of MPIP-protected Office 365 emails archived in Enterprise Vault
    1.  
      About configuring the MPIP decryption feature in Enterprise Vault
    2.  
      Summary of steps
    3.  
      Disable decryption of journal report in your organization
    4.  
      Register an application with the Azure Active Directory
    5.  
      Assign the required permissions to an application
    6.  
      Upload certificates
    7.  
      Configure decryption of MPIP-protected emails in Enterprise Vault

Upload certificates

To be able to preview Microsoft Purview Information Protection (MPIP) protected emails in Discovery Accelerator:

  • Emails must be decrypted by the Enterprise Vault storage servers.

  • The HTML preview must be generated and stored on Vault Storage Partition.

  • Enterprise Vault storage servers must authenticate with the Azure Active Directory using X509 certificate-based authentication.

You can choose separate certificates for each Enterprise Vault storage servers and upload all those server specific servers to register the Azure Active Directory application. You can also choose to upload a single certificate. However, the certificate must be installed on all the Enterprise Vault storage servers, or you can choose to upload the PFX certificate file and the certificate details must be stored in the Enterprise Vault directory database.

Note:

Public key of the certificate must be uploaded to the Azure Active Directory and the Enterprise Vault storage server should have both the public and the private keys.

  1. On the left navigation pane, click Certificates & secrets, select Certificates (0) on the right pane, and click Upload certificate.

  2. Upload the required certificate and click Add.

    You may specify a certificate description in the Description section. Otherwise, Common Name (CN) of the server is displayed.

  3. Ensure that the certificate has been uploaded and verify that the count has increased.

    Note:

    Make a note of the Thumbprint of the certificate or certificates uploaded, which is required for enabling decryption of the MPIP-protected emails in Enterprise Vault.