Using OAuth Authentication
PST Flight Deck can be configured to use OAuth in order to authenticate with Microsoft Office 365.
|
|
NOTE: OAuth is currently supported over the EWS endpoints. |
Step 1: Create a new Registered Application in Azure (steps can be found here)
To get an application ID:
1.Go to https://portal.azure.com and log in to your Office 365 tenant with an administrator account.
2.From the left menu, select Microsoft Entra ID > App registrations.
3.Click New registration.
4.Enter a name.
5.From the Supported account types, select Supported Account Type Single tenant.
6.Dont enter anything for Redirect URI (optional). Leave it as it is.
7.Click Register.
8.Copy the Application (client) ID and save it somewhere you will remember and securely. You will need it later.
Step 2: Add a certificate to the server running the Office 365 module.
To add an untrusted certificate to your bridgehead servers local certificate store:
1.Access the server where the Office 365 module is installed.
2.Open the certificates manager by start/run certlm.msc
3.Expand Trusted Root Certificate Authorities > Certificates.
4.Right-click Certificates and select All Tasks > Import to launch the Certificate Import Wizard.
5.Locate the (.cer) certificate file and follow the wizard prompts.
6.Supply password, if required.
7.Right-click Certificates and select All Tasks > Import to launch the Certificate Import Wizard.
8.Locate the (.pfx) certificate file and follow the wizard prompts.
9.Supply the password, if required.
Step 3: Configure Permissions and Roles
Configure Application Permissions: Return to the Azure portal and access Microsoft Entra ID > App registrations > owned applications. Then find the application you created in Step 1 above.
1.Select your application, and then select API Permissions.
2.Click Add a Permission.
3.In the Request API permissions section > Select APIs my organization uses, search for Office 365 Exchange Online and select this API.
4.Click Application Permissions
5.In the Permissions list section, select the full_access_as_app.
6.Click Add permissions.
7.Click Grant Admin consent.
Assign User Administrator role to the registered Application:
1.Navigate to Active Directory - Roles and Administrators
2.Find and open the User Administrator role
3.Click on Add Assignments
4.Search for the registered application (by Display Name)
5.Select the application and click Add.
The application is now recognized as Service Principal for the User Administrator role.
Step 4: Get a Thumbprint
To get a thumbprint:
1.Go to Certificates & Secrets and click the Upload Certificate button.
2.Upload your certificate file from Step 2.
3.Copy the certificate Thumbprint and save it somewhere. You will need it later.
Step 5: Add your Application ID and Thumbprint on the server running the PST Flight Deck Office 365 ingest module
1.In PST Flight Deck, open the Credential Editor. Click Credential Editor for more.
2.Select the Office 365 tab and click Add.
3.Enter the Application ID, Thumbprint, and Tenant (eg. tenant.onmicrosoft.com).
4.Save and close the Credential Editor.
PowerShell for Software Components
The following PowerShell commands will install the required components for the installation and operation of PST Flight Deck:
Windows 2008 R2 Service Pack 1
Import-module servermanager
Add-windowsfeature application-server, web-server, bits, web-asp-net, Web-Windows-Auth
Windows 2012 and Windows 2012 R2
Install-WindowsFeature Application-Server, Web-Server, Web-Windows-Auth, BITS
Install-WindowsFeature Net-Framework-Features
Install-WindowsFeature Web-Net-Ext45, Web-Asp-Net, NET-WCF-HTTP-ion45
Windows Server 2016
Install-WindowsFeature Web-Server, Web-Windows-Auth, BITS
Install-WindowsFeature Net-Framework-Features
Install-WindowsFeature Web-Net-Ext45, Web-Asp-Net, NET-WCF-HTTP-Activation45
It may be necessary to utilize the Source switch to specify the Sources directory on your installation media depending on your OS setup. For additional information, please read the following article: https://support.microsoft.com/en-us/kb/2913316.
Antivirus Exclusions
PST Flight Deck is a product designed to move large quantities of data from client workstations to a desired target. This involves a high level of processing against a given file. If not appropriately excluded, antivirus software can cause file locks, missing data, and performance-related issues that can impact the functionality of PST Flight Deck. The following should be excluded from antivirus scanning.
Modules
PST Flight Deck can be deployed in a number of configurations. It is expandable and customizable to suit the specific needs of any enterprise it is deployed in. Several areas are used to read and write data in a PST Flight Deck environment. Since these areas are frequently in use as part of PST file processing, we recommend that you exclude applicable directories for all of the following services:
·Backup
·Cleanup
·Filter/Extraction
·Park
·Uploads
·Hash table