Adding/changing the credentials for Office 365 ingest account
To add or change credentials for Office 365 ingest account, you must use OAuth in order to authenticate with Microsoft Office 365. The main steps of this approach can be found here.
For Shortcut Rehydration
PST Flight Deck includes the ability to restore Enterprise Vault shortcuts found within PST files in the upload area prior to the ingestion into a desired target.
The current Enterprise Vault Service Account associated with the shortcuts being restored is required to run the service responsible for any Enterprise Vault related function, including shortcut rehydration. The Enterprise Vault server associated with the shortcuts must be running and able to successfully retrieve the items associated with the shortcuts via API calls to the source server.
The API for the version of Enterprise Vault being retrieved from is also required. This is typically included in the Enterprise Vault installation media (e.g. X:\Symantec Enterprise Vault\API Runtime\ where X:\ is the drive letter of the Enterprise Vault installation media). Frequently, customers choose to install the Enterprise Vault Admin Console instead of the API. This is an acceptable and supported configuration.
For Repair
PST Flight Deck includes the ability to identify and repair corrupted PST files where ever possible.
To facilitate this functionality, PST Flight Deck leverages the native repair utility for Outlook. Outlook 2016 x64 or later (including click to run versions) is required to be installed on any machine running a Repair module.
Using OAuth Authentication
PST Flight Deck can be configured to use OAuth in order to authenticate with Microsoft Office 365.
|
|
NOTE: OAuth is currently supported over the EWS endpoints. |
Step 1: Create a new Registered Application in Azure (steps can be found here)
To get an application ID:
1.Go to https://portal.azure.com and log in to your Office 365 tenant with an administrator account.
2.From the left menu, select Microsoft Entra ID > App registrations.
3.Click New registration.
4.Enter a name.
5.From the Supported account types, select Supported Account Type Single tenant.
6.Dont enter anything for Redirect URI (optional). Leave it as it is.
7.Click Register.
8.Copy the Application (client) ID and save it somewhere you will remember and securely. You will need it later.
Step 2: Add a certificate to the server running the Office 365 module.
To add an untrusted certificate to your bridgehead servers local certificate store:
1.Access the server where the Office 365 module is installed.
2.Open the certificates manager by start/run certlm.msc
3.Expand Trusted Root Certificate Authorities > Certificates.
4.Right-click Certificates and select All Tasks > Import to launch the Certificate Import Wizard.
5.Locate the (.cer) certificate file and follow the wizard prompts.
6.Supply password, if required.
7.Right-click Certificates and select All Tasks > Import to launch the Certificate Import Wizard.
8.Locate the (.pfx) certificate file and follow the wizard prompts.
9.Supply the password, if required.
Step 3: Configure Permissions and Roles
Configure Application Permissions: Return to the Azure portal and access Microsoft Entra ID > App registrations > owned applications. Then find the application you created in Step 1 above.
1.Select your application, and then select API Permissions.
2.Click Add a Permission.
3.In the Request API permissions section > Select APIs my organization uses, search for Office 365 Exchange Online and select this API.
4.Click Application Permissions
5.In the Permissions list section, select the full_access_as_app.
6.Click Add permissions.
7.Click Grant Admin consent.
Assign User Administrator role to the registered Application:
1.Navigate to Active Directory - Roles and Administrators
2.Find and open the User Administrator role
3.Click on Add Assignments
4.Search for the registered application (by Display Name)
5.Select the application and click Add.
The application is now recognized as Service Principal for the User Administrator role.
Step 4: Get a Thumbprint
To get a thumbprint:
1.Go to Certificates & Secrets and click the Upload Certificate button.
2.Upload your certificate file from Step 2.
3.Copy the certificate Thumbprint and save it somewhere. You will need it later.
Step 5: Add your Application ID and Thumbprint on the server running the PST Flight Deck Office 365 ingest module
1.In PST Flight Deck, open the Credential Editor. Click Credential Editor for more.
2.Select the Office 365 tab and click Add.
3.Enter the Application ID, Thumbprint, and Tenant (eg. tenant.onmicrosoft.com).
4.Save and close the Credential Editor.