Set up and Permissions for the Service Account

Objective

This document aims to identify the permissions required for a service account that can be used to authorize Scalefusion to provide Conditional Exchange Access for Microsoft On-Prem Exchange.

Scope

The scope of this document is limited to identifying permissions for the service account that can be used to set up Conditional Exchange Access for Microsoft's On-Prem Active Directory. It does not cover how to set up CEA or other aspects of the entire feature. Please refer to our Help documentation for a complete understanding.

Service Account & Required Permissions

For Scalefusion to provide Conditional Exchange access, it needs the credentials for an account that has permissions to,

1. Fetch all the devices where the end-user uses Email via Exchange protocol.
2. Fetch all the devices where the end-user uses Email via the Outlook application.
3. Set-Mailbox rules using Exchange Cmdlet that allows or blocks access to Mailbox using Device Identifiers.

To be able to perform above operations, a Global Administrator credentials can be used, however organizations that are required to create specific service accounts with scoped permissions can do so by following the steps below,

1. Create a new Service Account with a unique username and password
   1. You can also use an existing service account.
2. Mail Recipient: Grant this account the Mail Recipient permission 
3. Organization Client Access: Grant the Organization Client Access Permissions