.. _concepts-ms-exchange:
Microsoft Exchange
-------------------
.. _21.2|VOSS-873:
.. _21.3-PB1|VOSS-1072|EKB-12730:
.. _21.4-PB4|EKB-17545:
.. _21.4-PB4|EKB-18215:
.. _21.4-PB5|VOSS-1314:
Overview
..........
This feature allows you to manage Microsoft Exchange Online mailboxes and
calendars from within VOSS Automate, including assigning access and calendar permissions
to users and team members licensed for Microsoft Office.
Using automation, it is possible to model the end-state of a user's mailbox configuration during their
on-boarding or offboarding workflow. For example, it is possible to have the correct retention policy or
archiving status set when a user's mailbox is being on-boarded. Or automatically have email forwarding and
automated replies set when the user's mailbox is being offboarded.
.. note::
Any admin role (Provider, Customer, Site) can access and work with Microsoft Exchange mailboxes,
provided that Microsoft is enabled at the hierarchy.
.. rubric:: Related Topics
*
.. raw:: latex
Configure Microsoft Tenant Connection Parameters in the Core Feature Guide
.. raw:: html
Configure Microsoft Tenant Connection Parameters
*
.. raw:: latex
Overbuild for Microsoft in the Core Feature Guide
.. raw:: html
Overbuild for Microsoft
Microsoft Exchange Integration
...............................
The diagram displays the workflow steps for integrating VOSS Automate with Microsoft Exchange:
.. index:: Flowchart;Microsoft Exchange Overview
.. include:: ms-exchange-overview.uml
The table describes the steps in the Microsoft Exchange integration workflow diagram:
.. tabularcolumns:: |p{5cm}|p{10cm}|
+---------------------------------------------------+---------------------------------------------------------------+
| Integrate Microsoft Exchange | Description |
+===================================================+===============================================================+
| 1. Generate/import certificate in Automate, & | When adding the new Microsoft tenant and you're using |
| enable Exchange | Microsoft Exchange, you must either generate a certificate or |
| | import an existing certificate and have Automate manage it. |
| | Automate pushes the certificate to the PowerShell proxy. |
+---------------------------------------------------+---------------------------------------------------------------+
| 2. Perform a sync | Once the Microsoft tenant is configured, perform a sync |
| | from the tenant configuration screen. This syncs in all |
| | Microsoft entities configured on the tenant, including |
| | Microsoft Exchange components. |
+---------------------------------------------------+---------------------------------------------------------------+
| 3. Configure NDLs | To prepare for the overbuild that will move synced in |
| | Microsoft entities to the sites (including Microsoft |
| | Exchange components), add the Microsoft Exchange |
| | authentication credentials to the network device lists (NDLs) |
| | for sites with subscribers requiring mailbox management in |
| | VOSS Automate. |
+---------------------------------------------------+---------------------------------------------------------------+
| 4. Run overbuild | Microsoft users must be included in the overbuild |
| | settings. An overbuild moves Microsoft Office 365 users to |
| | the sites, based on the model filter criteria defined in |
| | the overbuild settings. Microsoft 365 users includes users |
| | enabled for Microsoft Teams and Microsoft Exchange on the |
| | Microsoft Cloud portal. |
+---------------------------------------------------+---------------------------------------------------------------+
| 5. Manage mailboxes | Once you've set up VOSS Automate for integration with |
| | Microsoft Exchange Online, synced in mailboxes, and run |
| | the overbuild to move users and mailboxes to the sites, |
| | you can manage these mailboxes and calendars for users and |
| | users and teams from within VOSS Automate: |
| | |
| | * Assign access and calendar permissions for user |
| | mailboxes |
| | * Add, update, or delete shared mailboxes, including |
| | assigning or removing mailbox access and calendar |
| | permissions |
| | * Add or update the **Owners** field for Distribution Group |
| | mailboxes |
+---------------------------------------------------+---------------------------------------------------------------+
Supported Microsoft Exchange Mailboxes in VOSS Automate
.........................................................
Four types of Microsoft Exchange mailboxes are supported in VOSS Automate:
* User mailboxes
* Shared mailboxes
* Room mailboxes
* Distribution Groups
User mailboxes are created for individual Microsoft Office 365 users on the Microsoft Cloud portal, while
shared mailboxes, room mailboxes, and distribution groups can be created on the Microsoft Office portal or in
VOSS Automate.
Any changes made to the mailboxes and their associated calendars are synced between the
Microsoft Cloud portal and VOSS Automate. This allows a VOSS Automate admin user to manage mailboxes
from within VOSS Automate, and have these changes seamlessly update on the Microsoft Cloud.
The table describes the Microsoft Exchange mailboxes supported in VOSS Automate, and the ways in which you can work
with these mailboxes:
.. tabularcolumns:: |p{5cm}|p{10cm}|
+--------------------+-----------------------------------------------------------------------------------------------------------+
| Mailbox type | Description |
+====================+===========================================================================================================+
| User | User mailboxes are assigned to a single, licensed, Microsoft Office user. These mailboxes are created |
| | on Microsoft Exchange Online and synced in to VOSS Automate. |
| | |
| | The ability to manage access permissions on user mailboxes and calendars is useful where you need to |
| | allow other users to view, send, or receive emails on behalf of the mailbox owner. For example, to |
| | grant access to an executive assistant, or to monitor the mailbox of a user who is unable to attend |
| | to their emails or calendar items while out of office. |
| | |
+--------------------+-----------------------------------------------------------------------------------------------------------+
| Shared | Shared mailboxes can be created on Microsoft Exchange and synced in to VOSS Automate, or they can be |
| | added, updated, or deleted on VOSS Automate, and any changes are then synced back to the Microsoft |
| | Cloud portal. |
| | |
| | Shared mailboxes are useful for groups of individual users or for teams. For example, a shared |
| | mailbox might be used for a support or sales team, with different members having the same or |
| | custom access and calender permissions on the shared mailbox. |
| | |
| | The owner, or user principal, of a shared mailbox is a 'dummy', unlicensed user on the Microsoft |
| | Cloud, and does not add to the VOSS Automate subscriber count. The user principal name of a shared |
| | mailbox is auto-generated based on the display name you define. |
| | |
| | |
+--------------------+-----------------------------------------------------------------------------------------------------------+
| Room | Room mailboxes can be created on Microsoft Exchange and synced in to VOSS Automate, or they can be |
| | added, updated, or deleted on VOSS Automate, and any changes are then synced back to the Microsoft |
| | Cloud portal. |
| | |
| | Rooms are entities, typically an actual room at a physical location, that become a user for the |
| | purpose of creating the Microsoft Exchange mailbox. The entity name is the user principal name of |
| | the room mailbox. |
+--------------------+-----------------------------------------------------------------------------------------------------------+
| Distribution Group | Distribution Groups can be created on Microsoft Exchange and synced to VOSS Automate, or they |
| | can be added, updated, or deleted on VOSS Automate, and any changes are then synced back to the Microsoft |
| | Cloud portal. |
| | |
| | A distribution group is typically used to send emails to a group of recipients. You can add owners (one |
| | or more), for a distribution group in VOSS Automate, as well as modify owners. |
| | |
+--------------------+-----------------------------------------------------------------------------------------------------------+
Mailbox Access Permissions and Calendar Permissions
''''''''''''''''''''''''''''''''''''''''''''''''''''
Access permissions on Microsoft Exchange mailboxes define the ownership rights and mailbox access permissions
of one or more users for the mailbox. When configuring access permissions on a mailbox, you select a user from a list of users at the same hierarchy level
as the mailbox, and select their access role permissions, for example, ``Read and Manage``, ``Send As`` or
``Send on Behalf``.
Calendar permissions allow you to assign a combination of role access permissions, such as ``Owner``, and
individual permissions, such as ``Delete All Items``, to one or more users, on the calendar associated
with the mailbox.
You can assign or remove access permissions and calendar permissions on all mailbox types, for users that exist
at the same site as the mailbox.
.. _manage-ms-exchange-mailboxes:
Manage Microsoft Exchange Mailboxes in VOSS Automate
......................................................
This procedure updates Microsoft Exchange user mailboxes, and adds, modifies, and deletes Microsoft Exchange shared mailboxes, room
mailboxes, and distribution groups.
.. note::
You can only add or delete shared mailboxes, room mailboxes, and distribution groups in VOSS Automate. User mailboxes may be
updated in VOSS Automate, but they can be added or deleted only on the Microsoft Cloud portal.
1. Log in to the Automate Admin Portal.
2. Go to (default menus) **Microsoft Subscriber Management > Exchange**
3. Choose the menu for the relevant mailbox type, either **User Mailboxes**, **Shared Mailboxes**,
**Room Mailboxes**, or **Distribution Groups**.
4. View the summary list view of the mailbox type you selected.
.. note::
* The **Located At** column in the list view displays the hierarchy level of mailboxes. Some may be at the customer level,
and some may have been moved to a site.
Microsoft Exchange mailboxes are initially synced in at the customer level, and must be moved to the sites,
either manually (via the list view or the mailbox management screens), or when running the overbuild.
* Separate menu items are available for recipient types of mailboxes: **User Mailboxes** and **Shared Mailboxes**.
If required when a user if off-boarded, the **User Mailboxes** entry can be converted to a **Shared Mailboxes** entry.
Refer to the additional API operations available for the subscriber's mailbox ArchiveStatus at :ref:`ms-subscribers`.
5. **Do you want to** ...
* **Move one or more mailboxes to a different level of the hierarchy**? Select the relevant checkboxes, then click **Move**.
* **Export the data of one or more mailboxes**? Select the relevant checkboxes, then click **Export**. Choose an export format, and click **Export**.
* **Delete one or more mailboxes (shared or room mailboxes, or distribution groups only)**? Select the relevant checkboxes, then click **Delete**.
* **Add a new mailbox (shared or room mailboxes, or distribution groups only)**?
* Click the toolbar **Plus** icon.
* Define a **Display Name** for the new mailbox. The **Mail Name** field automatically updates
with an allowed string value of the **Display Name** (for example, no spaces).
* Select a **Mail Domain**. The **Primary Email Address** using the specified domain is assigned to
the new mailbox.
* Save your changes. Go to step 6 to update mailbox permissions and settings.
* **View or update a mailbox**?
* Click in the relevant row to open the mailbox management screen.
* Go to step 6 to update mailbox permissions and settings.
6. Update mailbox settings:
.. tabularcolumns:: |p{3cm}|p{12cm}|
=========================== ===========================================================================
For all mailbox types You can:
* Move the mailbox to another level in the hierarchy.
* Update the mailbox display name.
On the **Delegation** tab you can set permissions and calendar permissions.
To do this, select a mailbox user and assign access rights.
For user mailboxes * On the **User mailbox** tab you can modify the retention policy and the
archive status.
* On the **Email forwarding** tab you can choose an option for forwarding
all emails to this mailbox. Options are: **None**, **Internal**, or **External**
You can then add an internal or external email address, and choose whether
to send email to this mailbox and forward to another mailbox (if you've chosen
Internal or External).
Configuration templates associated with the Quick Add Group allows you to set
default values when adding or removing the subscriber. See the following settings
in Quick Add Subscriber Groups:
* MS Exchange Online User Mailbox Template
* MS Exchange Online Convert Mailbox Template
Available fields:
* DisplayName: mailbox display name
* Permissions
* CalendarPermissions: users and their access rights can be managed.
* ForwardingAddress: for the Internal forwarding mailbox address.
* ForwardingSmtpAddress: for the External forwarding mailbox address.
* DeliverToMailboxAndForward: additional setting for the Internal forwarding
to deliver to both the user mailbox and the forwarding mailbox.
* AutoReplyState: automatic replies are enabled or disabled.
* InternalMessage: set internal autoreply message.
* ExternalAudience: choose None, contact list, all senders
* ExternalMessage: set external autoreply message.
* RetentionPolicy: selected policy for mailboxes
* ArchiveStatus - for enabling and disabling archiving (Automate
contains API operations for mailbox conversion and archiving)
* Custom attributes (1 to 15) - you can't update these values in Automate;
MS Exchange updates will reflect on the user display form.
=========================== ===========================================================================
.. tabularcolumns:: |p{3cm}|p{12cm}|
=========================== ===========================================================================
For shared mailboxes * The **Email forwarding** tab offers similar settings to the **User mailbox**,
but applied to the shared mailbox.
* The **Automatic replies** tab allows you to enable or disable this feature
(scheduling not available yet), with options to specify reply messages and
audience.
For room mailboxes * Add or update the **Location** field to define the physical location of
the room associated with this mailbox.
* Add or update the **Room Capacity** field to define the number of people the
room associated with this mailbox holds.
For a distribution group You can:
* Add or update owners
* Add or update members (users with access
permissions for sending emails as a selected user, or on
behalf of a selected user).
=========================== ===========================================================================
.. note::
Delete is allowed only for shared mailboxes, room mailboxes, or distribution groups.
7. Assign or remove permissions:
* To assign access or calendar permissions to a user:
* Click the **Plus** icon at either **Permissions** or **Calendar Permissions** (as applicable).
* Select the user, and select the relevant permissions.
* Repeat this step to assign permissions to additional users.
* To remove access or calendar permissions from a user:
* Either uncheck permissions assigned to the user, or remove the user entry from the relevant
permissions field (**Permissions** or **Calendar Permissions**).
* Repeat this step to remove permissions from additional users.
.. note::
Calendar permissions are only relevant for user, shared, and room mailboxes.
For distribution groups, only mailbox access permissions are relevant.
When deleting (removing) permissions, the Microsoft cloud portal may take a few minutes to
process the update, which may cause a delay for the refreshed data to reflect in the Automate GUI.
8. Save your changes.
.. rubric:: Related Topics
* :ref:`quick-add-subscriber-groups`