Chat now with support
Chat with Support

Metalogix Archive Manager for Exchange 8.3 - ArchiveWeb Manual

ArchiveWeb Settings

ArchiveWeb is configured and ready for use right after installation. No user action is required. However, should the need arise, default configuration can be adjusted in Configuration tool.

The Configuration tool is available on the ArchiveWeb server under <installdir>/Program Files (x86)/Common Files/PAM/PAMConfig/PamConfig.exe. Its ArchiveWeb tab list available configuration options. (For more information on the Multi-factor authentication tab see the section Multi-factor authentication (MFA).)

img-030

 

Tenant service location - URL for MultiTenantWS web service

AM for Exchange service - URL for ExchangePAMWS web service

AM for Files service - URL for FilePAMWebService web service

Search service location - URL for PamSearch web service

Search cache folder - user's temporary storage folder to store e.g. messages downloaded from Exchange server for preview functionality

Export folder - folder where exported files (PST export, ZIP export) are stored (download link points to this folder)

Export folder auto-cleanup [days] - files older than the specified number of days will be deleted from the Export folder.

Export one version per document during PST export - indicates whether to export one version per document during PST export

Auditing server name & port - machine where auditing component is installed

Log-off time - time in minutes to log off when inactive

Show offline server caption - check to show [OFFLINE] suffix for decommissioned servers in servers' list (Archive Manager for Files)

Hide location server - unchecked by default; indicating whether to hide Location Server Name from user's mailbox displayed in Mailboxes tree-view; if not checked, Location Server Name will be displayed as a suffix to user's email, e.g. administrator@[VMMVC5]

Check linked mailboxes - checking whether currently logging user has a linked mailbox associated. When unchecked, the entire login process can be accelerated because no additional Active Directory search is performed

Check trusted domains - checking trusted domains and reading information from trusted relationships. When unchecked the entire login process can be accelerated because no additional reads (from trusted domains) are performed

Use cache for views - when checked, all grid source data are cached after first load. Then all operation on grid that do not change the data will be performed quicker

Use Single Sign-On - when this option is checked, it will set Single Sign-On feature for ArchiveWeb login.

Multi-factor Authentication

ArchiveWeb supports multi-factor authentication (MFA) for O365 user accounts. Setting up MFA is a two-step process:

1.Create a new application in the Azure portal.

2.Configure ArchiveWeb with the Archive Manager configuration tool.


Create a new application in the Azure portal

ArchiveWeb requires a specific Azure site to be created that is used to return an authentication token back to the ArchiveWeb after a user is authenticated via Microsoft portal.

1.Login to your Azure Portal using your administrator credentials (https://portal.azure.com). If your account gives you access to more than one tenant, select your account in the top right corner, and set your portal session to the Azure AD tenant that you want.

2.In the left-hand navigation pane, select the Azure Active Directory service, and then select App registrations > New registration. The App registrations page appears.

3.Click New registration. The Register an Application page appears.

mfa-010

4.Provide the information on this page as described below:

a.Name - Enter a meaningful application name that will be displayed to users. For example, Archive Manager ArchiveWeb.

b.Supported account types - Select the account type you would like your application to support that best meets your company policy.

c.Redirect URI - from the application type drop down select Web. In the URI field enter the ArchiveWeb URI where the user will be redirected after multi-factor authentication (eg. https://<fullservername>/ArchiveWeb/Login/Login/Login)

info

NOTE: The HTTPS protocol is required for MFA to work with O365. To ensure the HTTPS can be used, follow the steps below;

1.On the ArchiveWeb server, open the IIS Management Console.

2.Expand the server node and then expand the Sites node.

3.Select Default Web Site and right-click to open the context menu. Then select Edit Bindings. The Site Bindings window opens.

4.Click Add. The Add Site Bindings window opens.

5.Select https from the Type drop down and fill in the other details as required.

6.Click OK to save the https site binding.

7.Restart the IIS service from the server node and then close the IIS Management console.

5.Click Register. Azure AD assigns a unique application (client) ID to your app, and the application's Overview page opens.

mfa-020

6.From the navigation menu, click Branding. Enter the URLs that your organization may use for the different branding artifacts.

7.From the navigation menu, click Authentication and verify that the Redirect URI parameters are as expected.

mfa-030

8.From the navigation menu, click Certificates & Secrets.

9.In the Client secrets section click New client secret. the Add a client secret page opens.

mfa-040

10.Enter values as described below:

a.Description - enter a meaningful description. For example, ArchiveWeb Client Secret.

b.Expires - set the expiry term that best meets your company policy.

11.Click Add. the client secret is displayed on the Certificates & Secrets page.

info

IMPORTANT: Copy and save the client secret in a safe place. It will not be available when you navigate away from this Azure blade.

12.From the navigation menu, click API Permissions. and then click Add a permission. The Request API permissions page appears.

13.From the Microsoft APIs category, scroll down to the Supported legacy APIs section and select Azure Active Directory Graph.

mfa-060

14.From the Request API permissions page for Azure Active Directory Graph that appears, select Delegated permissions.

mfa-070

15.Click Add permission.

16.From the navigation menu, click Expose an API.

17.In the Scopes defined section, click Add a scope. The Add a scope page opens.

mfa-080

18.Microsoft Azure generates an Application ID URI automatically. It is a globally unique URI used to identify this web API. It is the prefix for scopes and in access tokens,and is also referred to as an identifier URI. You can keep this value or specify a unique value in the same format.

info

IMPORTANT: Copy and save this value in a safe place.

19.Click Save and continue. The Add a scope page displays more options.

mfa-090

20.Click Add scope to complete the registration.


Configure ArchiveWeb with the Archive Manager configuration tool

1.Open the Archive Manager Configuration Tool from C:\Program Files (x86)\Common Files\PAM\PAMConfig\PamConfig.exe

2.From the sidebar, click ArchiveWeb.

3.Click the ArchiveWeb tab. The ArchiveWeb Configuration page appears.

mfa-100

4.Select the Use Multi-factor Authentication check box to enable the fields in the Multi-factor authentication Configuration window.

5.Click the Multi-factor authentication tab. The Multi-factor authentication Configuration window appears.

mfa-110

6.Enter the field values as described below:

a.Organization Name in Office365 - enter the name of your O365 organization URL. For example, democorp.onmicrosoft.com

b.Client ID - enter the Client Id that you saved from the Azure application registration steps.

c.Client Secret - enter the Client Secret that you saved from the Azure application registration steps.

7.Click Apply.

info

IMPORTANT:

When at least one user in an organization has MFA set, the Organization, Client ID and Client Secret should be set in Multi-factor authentication tab as a readiness exercise.

If only a few users in your organization have MFA enabled, the Use Multi-factor Authentication check box should stay unchecked. The settings in the Multi-factor authentication tab will persist when the Use Multi-factor Authentication check box is unchecked. The users who have MFA enabled will be prompted to enter the credentials (user email and password) and then they will be redirected to the Microsoft site where the user has to authenticate again. After a successful authentication by Microsoft, the user will be redirected back to ArchiveWeb.

When all users accounts in an organization have MFA enabled, the Use Multi-factor Authentication check box can be selected. This will force ArchiveWeb to use multi-factor authentication for all users that log in to ArchiveWeb. Users will be prompted to enter only the login email address and they will be redirected to the Microsoft login form to finish the login process.

General Data Protection Regulation

ArchiveWeb now supports option to manage the new General Data Protection Regulation (GDPR) regulations. User can create a retention change request (for Exchange and/or Files items) via context menu. When the request is created, approver(s) get email notification and can review the request. User who created a request is informed via email notification once approver has processed the request. User (who has appropriate permission) can follow his/her requests in ArchiveWeb by clicking on Retention tab. User can see open, approved and denied requests and also the history.

Approver(s) except of these read-only functions (opened, approved, denied requests and history) have ability to export all items from request to ZIP file, denied the entire request and approve (all or selected) items from request.

 

To use all features of new Retention functionality the working SMTP server is needed, however to use Retention functionality the SMTP is not mandatory. The SMTP service is used to send notification emails to approver(s) and/or retention requester(s).

 

If you’d like to use SMTP service (set SMTP server to use with ArchiveWeb) see the next section: Setting SMTP server under Archive Manager Configuration (PamConfig).

 

 

Archive Manager Configuration (PamConfig)

·First, configuration has to be done outside of ArchiveWeb. Open Archive Manager Configuration Tool from <installdir>\ Program Files (x86) \ Common Files \ PAM \ PAMConfig \ PamConfig.exe.

 

1.Click on Users tab.

2.Make sure that database and scripts are up to date.

3.Click on Users tab / SMTP configuration tab and set the required settings

 

 
Snap109
 

oServer name – specify SMTP server name or IP address where the SMTP server is installed

oPort – specify the SMTP port

oUse SSL – check this button if the SMTP requires SSL connection

oUser name, Password – specify SMTP credential

oSender email – specify email address which will be used to hand-shake with the SMTP

oNumber of retries – specify number of retries the SMTP will try to send the message

 

 

 

ArchiveWeb

Permissions

New Retention permissions have been added to ArchiveWeb:

Permission

Default value

Meaning

Approve retention change requests

Denied

Allows to approve or denied the retention change request and export items

Create retention change request

Denied

Allow to create a new retention change request and to display Retention tab at the top of the navigation bar with ability to list open, approved, denied requests and history.

 

Archive tab – Exchange

User who has at least “Create retention change request” permission will be able to create a retention change request from the context-menu for selected item(s).

For single item – in a preview pane, click on […] action menu and select Create retention change request option

 

For multi selected items – from context-menu select Create retention change request option

 

In both cases the following pop-up window will appear:

 

·Task name – name for retention change request

·Delete request – select to create a delete request

·Set retention time to – select to set a new retention time in months. The purpose for this option is create a retention change request to decrease retention time

·Delete items after the retention expires – by selecting this option the expired items will be automatically deleted

·Reason for request – description of request

 

By clicking on Send request the retention change request will be submitted for approval. Newly created retention change request will appear in Open and History grids in Retention tab.

NOTE: Only items which have no Legal hold flag set will be added to retention change request.

 

 

When the SMTP is correctly set, notification email will be send for user(s) who have “Approve retention change requests” permission set.

Example of notification email:

 

 

 

Archive tab – Files

User who has at least “Create retention change request” permission will be able to create a retention change request from the context-menu for selected item(s).

For single item – in a preview pane, click on […] action menu and select Create retention change request option.

 

For multi selected items – from context-menu select Create retention change request option.

 

In both cases the following pop-up window will appear:

 

 

·Task name – name for retention change request

·Delete request – select to create a delete request

·Set retention time to – select to set a new retention time via calendar. The purpose for this option is create a retention change request to decrease retention time

·Delete items after the retention expires – by selecting this option the expired items will be automatically deleted

·Reason for request – description of request

 

By clicking on Send request the retention change request will be submitted for approval. Newly created retention change request will appear in Open and History grids in Retention tab.

NOTE: Only items which have no Legal hold flag set will be added to retention change request.

 

When the SMTP is correctly set, notification email will be send for user(s) who have “Approve retention change requests” permission set.

 

 

 

Retention tab

This menu option is available to user who has at least “Create retention change request” permission set. The user can see list of open, approved, denied requests and history.

 

Column

Meaning

Task name

Retention change request task name

Request type

Request type:

Change retention request – request to decrease retention time

Delete request – request to delete item

Requested retention

Contains retention time requested in Change retention request task; for Delete request this column is empty

Automatic Deletion

Informs if the option "Delete items after the retention expires" is activated for the given item

Submitted by

Name of the user who submitted the request

Date created

Date-time when the request was submitted

Processed by

Name of the user who approved/denied the request

Date processed

Date-time when the request was approved/denied

Submitted items

Number of items in submitted request

Status

Request task’s status

Reason

Approve/Denied reason

Reason for request

Reason the submitter entered

 

OPEN REQUESTS

OpenRequests

 

When a user has “Approve retention change requests” permission, it means the user is an approver and has permission to Approve, Denied or Export request items. In this case when the OPEN REQUESTS tab contains any request, after clicking on a request in a grid, the item list grid should look like (double-click on item in the list grid will invoke item preview in a pop-up window):

 

ListGrid

 

 

·Approve selected – selected items will be prepared for approval process. After the approver confirms the following dialog, the items will be asynchronously processed

 
request approval

 

If the SMTP is correctly set the submitter will be informed via email, example of notification email

 

 

·Deny all – all items (no selecting is required) will be prepared for deny process. After the approver confirms the following dialog, all items will be denied, no operation from retention change request will be processed and if the SMTP is correctly set the submitter will be informed via email

 
deny request

·Export all – all items will be exported to ZIP file. There is option to encrypt the output ZIP file with a password

 

 

APPROVED REQUESTS

Grid contains list of approved requests

 

ApprovedRequests

 

DENIED REQUESTS

Grid contains list of denied requests

 

DeniedRequests

 

HISTORY

Grid contains list of requests (open, approved and denied). For approved and denied requests after clicking on a request in a grid, items grid will contain list of items (double-click on item in the list grid will invoke item preview in a pop-up window)

 

History

 

The list grid contains “processed” and “waiting” filters.

Column

Meaning

From

For Exchange items – sender’s name

To

For Exchange items – recipient(s) names

Subject

For Exchange items – item’s subject

Folder

For Files items – folder’s name

Name

For Files items – file’s name

Approved

Indicates whether the item was approved

Error

Contains error message, if any

Warning

Contains warning messages, if any

 

·Processed – contains list of processed items.

oFor “Change retention request” – items with selected “Approved” column have been processed, retention time have been changed; if error occurred the “Error” column will contain a message

oFor “Delete request” – items with selected “Approved” column have been processed by Delete job, item has been deleted; if error occurred the “Error” column will contain a message

·Waiting – contains list of items waiting for processing.

oFor “Delete request” – items with selected “Approved” column waiting for Delete job to process the items

 

Post-processing Plugin for Search

Enhance your ArchiveWeb search by a new search option. Besides Subject and From text boxes in the Exchange Archive search a brand new searching option can be added to the search query – To field. In this way user can search for items sent to specific recipient.

To enable the above mentioned searching by recipients, a post processing plugin must be installed. This plugin indexes mail recipients.

Steps to install the Recipients post processing plugin

1.Open Archive Manager Configuration Tool from <installdir>\ Program Files (x86) \Common Files \ PAM \ PAMConfig \ PamConfig.exe.

2.Switch to the Post Processing tab.

3.Switch to the Post Processing Scopes tab.

4.Right-click on the desired scope and from the context menu select Configure.

5.Click Add.

6.Installed plugins will be loaded in the Add Plugin pop-up window. Select the PostProcessRecipients plugin in the drop-down box and click Add.

clip0045

7.The plugin is listed in the Plugins list in Configuration tab. By default it is active.

clip0046

Steps to Configure a Plugin

When a new plugin is added onto the Plugins list, there are no mailboxes specified for it by default. The user must specify the mailboxes as well as the bookmark date (if necessary). If no mailboxes are selected then post processing will not process any archived emails and attachments. To configure a plugin you need to specify all mailboxes the plugin will take action on. Then specify the desired bookmark date.

1.From the Plugins list, select the PostProcessRecipients plugin. Right-click the plugin and click Properties from the context menu .

clip0047

2.In the Plugin properties window you may choose for which mailboxes you want to apply the plugin. Check:

·Apply for all mailboxes or

·Apply for selected mailboxes and click the Mailboxes button

info

NOTE: Verify that the Plugin is active is checked so that the plugin is enabled.

clip0048

3.In the Plugin mailboxes window click Add to add mailboxes.

clip0049

4.In the Select mailbox enter the name of a mailbox in the text box to search for the mailbox. Double-click the desired mailbox in the list to transfer it to the Selected objects section. In the Selected objects section you can check which users you have selected. Confirm by clicking OK.

clip0050

5.Click Close.

clip0051

Steps to specify a bookmark date

1.Right-click the desired plugin and click Set Bookmark from the context menu.

2.In the Enter bookmark window specify the desired time. Click OK.

clip0052

info

NOTE:

The bookmark date is displayed in the Plugins list in Configuration tab.

If you reset the bookmark date, the change takes effect immediately, and there is no need to disable and enable the plugin again.

If you remove a plugin by using the Remove button, it will stop completely without remembering where it stopped. If you then load that plugin again, you must configure it again.

 

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating