Office 365

Integration of Office 365

Last adaptation to the version: 3.3 (02.2023)

New:

Authentication with OAuth 2 possible with Azure
Supplemented journal rules in Office 365

Last updated:

Journal Rule Setup in Office 365 updated

notempty

This article refers to a Beta version

3.3 (Office365, Stand 2023 3.0.2 2.5.7

Introduction

The UMA operates in HUB mode and in this case retrieves the emails from a collective account.

While many email providers only support this function for incoming emails, Office 365 also allows outgoing mails to be copied to the collective mailbox using a so-called journal rule.

This article shows how to set up the Office 365 Administration Portal in the UMA.

User Administration

Connection to an Active Directory (recommended)

If an Active Directory is available, it is recommended to integrate the Office 365 environment into the local environment. Integration synchronizes users and email settings between Office 365 and the Active Directory. This facilitates the administration of all systems and increases the comfort for the user.

notempty

This is the only way to archive public folders and shared mailboxes as public folders!

Local Users

If no Active Directory is available, the users can be managed locally on the UMA.

notempty

Only private archives can be created and not public ones.

For example, if an info@ address exists, this address must be assigned to a user. This also consumes a User-License in Securepoint UMA.
The release of this archive for other users is not possible.

setup

Adding the Journal Rule

Journal rule in Office 365

notempty

Change in Office365 portal

Login to the Microsoft Purview compliance portal
Select “Solutions” from the menu bar on the left-hand side of the screen
Call up the “Data lifecycle management”'
Under 'Exchange (Legacy)' a journal rule can then be added using the + New Rule' button

notempty

Attention: It is not possible to use an email domain that is managed by Office 365.

Caption	Value	Description
Send journal reports to	B20201332.123abc@archiv.securepoint.cloud	Copies of incoming and outgoing emails will be sent to this address. The UMA queries this email account and archives it.
Journal rule name	UMA Archiving	User-defined, meaningful rule name
Journal messages sent or recieved from	Everyone A specifog user or group	For a correct configuration, Everyone must be selected. The second option opens a window from which the user or group is selected.
Record the following messages in the Journal	All messages Internal messages only External messages only	For a correct configuration, All messages must be selected.

After a click on Save the rule is active and a copy of every incoming and outgoing email is sent to the entered email address.

notempty

An address for undeliverable journal reports must also be provided. The email address you enter here must be within the Office365 domain and no rules of any kind must be applied to the account's inbox!

Configuration in UMA

This mailbox is then entered in the UMA.
The configuration is done in the menu System Settings/ email Server
Section

Remote email accounts receive all journal emails from a mail server.
This usually includes several individual user email accounts.
The remote email accounts must be created in the Mail Server as journal accounts, so that all associated mails (outgoing and incoming mails of the mail server) can be received here.

Archiving only takes place if the following settings have been made under System settings / Email accounts users with a corresponding email address can be created.

Protocol: POP3 / IMAP

Caption	Value	Description
Name:	Journal Account	Freely selectable name
Protocol:	IMAP	used protocol
Servername:	imap.mailsever.anyideas.de	Mail server that hosts the journal address.
Username:	tttpointcloud	User name for the Journal-emai account
Password:	•••••	Password for the journal email account
Keep Mails:		Usually, emails are deleted after they have been picked up. Activating Keepmails prevents this deletion.
Connection Security: New as of UMA v3.3.1	STARTTLS	STARTTLS is used for connection encryption. Default
	SSL	SSL is used for connection encryption
	None (insecure)	The connection is not encrypted. Should only be used temporarily if the remote station does not support encrypted communication! An update of the remote station is urgently required! E-mails and Passwords are sent in plain text. Use is not recommended. Use of this option is a security risk
Max. email size	disabled	A size can be defined up to which the email is archived
Email header evaluation:	Enable MS Journal-Envelope autodetection default	The recognition of the header entries "MS journal envelope" enables the UMA BCC recipient to recognize in the Exchange-own header and assign it to a user account. BCC recipients are not in the original mail header
	Disable MS Journal-Envelope autodetection	Uses the original header of the email to assign it to a user account
	X-Envelope-To	Uses only the X-Envelope-To entry from the original header of the email to assign it to a user account
	X-Original-To	Uses only the X-Original-To entry from the original header of the email to assign it to a user account
	Delivered-To	Uses only the Delivered-To entry from the original header of the email to assign it to a user account
	Custom Recipient Header	A custom defined header part to be evaluated. Example: envelope-from

Protocol: OAuth (IMAP)

New as of UMA NG v3.3

Requirement: Configured apps in Azure with OAuth (→Wiki)

Caption	Value	Description
Name:	Journal Account	Freely selectable name
Protocol:	OAuth 2 (IMAP)	used protocol
Servername:	outlook.office365.com
Tenant ID:	aaaabbbb-1111-2222-3333-…	In Microsoft Azure in the menu Azure Active Directory / Overview under Tenant ID
Client ID:	11111111-aaaa-bbbb-2222-…	In Microsoft Azure, in the menu Enterprise Applications / All Applications / Application Name / Overview under Application ID
Username:	ttt-point@anyideas.onmicrosoft.com	Username for the journal email account in Azure
Client Secret:	33334444-dddd-eeee-ffff-…	In Microsoft Azure in the menu Certificates & secrets in the tab Client secrets under Value
Fetch emails every:	1 minute	Specifies how often the external mail server is checked for new emails
Keep Mails:		Usually, emails are deleted after they have been picked up. Activating Keepmails prevents this deletion. When activated, external mailboxes can fill up! Keepmails should only be used temporarily for test purposes, or if it is otherwise ensured that the external mailbox does not reach its capacity limit.
Connection Security: New as of UMA v3.3.1	STARTTLS	STARTTLS is used for connection encryption.
	SSL	SSL is used for connection encryption. Default
	None (insecure)	The connection is not encrypted. Should only be used temporarily if the remote station does not support encrypted communication! An update of the remote station is urgently required! E-mails and Passwords are sent in plain text. Use is not recommended. Use of this option is a security risk
Max. email size	disabled	A size can be defined up to which the email is archived
Email header evaluation:	Enable MS Journal-Envelope autodetection default	The recognition of the header entries "MS journal envelope" enables the UMA BCC recipient to recognize in the Exchange-own header and assign it to a user account. BCC recipients are not in the original mail header
	Disable MS Journal-Envelope autodetection	Uses the original header of the email to assign it to a user account
	X-Envelope-To	Uses only the X-Envelope-To entry from the original header of the email to assign it to a user account
	X-Original-To	Uses only the X-Original-To entry from the original header of the email to assign it to a user account
	Delivered-To	Uses only the Delivered-To entry from the original header of the email to assign it to a user account
	Custom Recipient Header	A custom defined header part to be evaluated. Example: envelope-from

The Office 365 specific configuration is now complete.

The users must also be created or the UMA must be connected to an Active Directory. The setup is described in this Wiki.