12.3.Email archive System settings
General Email archive system settings are available on the System settings page. To configure these settings, navigate to Email Archive ⇒ Settings ⇒ System settings on the ribbon:
a) Database settings:
Select the Email archive database, that you have previously configured on Email Archive ⇒ Settings ⇒ Databases page (in our case it is database “Email Archive DB”), from the dropdown list. This selected database will be used by the provisioning job. The provisioning job will store here the metadata during the synchronization process.
b) EWS settings:
Under Exchange server type and Exchange server interface version select the type and version of the server, where your email provider is running.
In case of the user having/using a German cloud (dedicated and isolated Microsoft Azure version for Germany), Germany must be selected in the Region dropdown list.
In case that the predefined settings for Microsoft 365 and PowerShell don’t match your expectation and/or needs, it is possible to select the Custom option from the Region dropdown list and specify your own values.
Enter the EWS URL. Choose whether you want to Use impersonation or not. By default, this checkbox is turned off. If it is turned on, the Email archive will use Impersonation instead of delegation (more information in this section).
Impersonation allows the superuser account to impersonate any other user’s account and access their mailboxes.
If the Microsoft 365 user has “desktopless” license, his account can’t be used for impersonation. The problem is that EWS access is disabled for such user (he is unable to connect to EWS).
Select one EWS authentication mode from the dropdown list. There are 2 options: Basic and Modern. Basic authentication method was used by default in previous versions and it wasn’t possible to select another authentication type. Modern authentication is more secure and complex and requires the app (Email archive in this case) to be registered on Azure portal. How to register it and gain the necessary IDs and client secret is described in this section. The app can be registered by using this PowerShell script too.
Specify the PowerShell URL and select the PowerShell authentication type. PowerShell can use Basic and Modern authentication type, too.
The EWS and PowerShell data must be requested from the email provider you are using (the configuration properties are the same for On-premise and Hosted Exchange).
Under Max. connection count option, the user may define how many parallel connections will be maintained by the system when connecting to PowerShell.
If you do not have a valid certificate, you can check the Ignore SSL errors checkbox.
Keep connection alive: If it is turned on, then the connection between contentACCESS and the Exchange server is cached, which increases the performance. If the Exchange is load balanced, some requests can land on another Exchange and therefore cause errors in contentACCESS. In these cases, unchecking the keep alive option will destroy the connection after each request and will rebuild it on the next request.
- If you are communicating with one Exchange server: turn it on to increase the performance
- If you have a load balanced Exchange environment and there are communication problems with the Exchange: it is recommended to turn it off
Further enter the applicable User name and Password to connect to the Exchange (use explicit credentials or log in under service-credentials).
We recommend to run a test connection via Test button.
In case of the user having cloud environment, it is possible to set Microsoft 365 “SuperUser” under Exchange connections. To learn what to configure for the “SuperUser” mailbox, please check this section of our documentation.
Solution: contentACCESS can use modern authentication to connect to Microsoft 365 Exchange Online. This requires an Azure App registration to be configured on the Microsoft 365 tenant. The procedure to create the App registration is described in this chapter.
For more information about how to configure contentACCESS to use modern authentication for PowerShell on Exchange Online, please refer to this section of the manual.
c) Hybrid Exchange settings:
In order to support Hybrid exchange environment, please check this checkbox and configure the settings. In that case, contentACCESS will connect to both On-premise and Microsoft 365, which are configured separately.
d) General settings:
Use forest wide queries: This option allows to list the users and groups in other child domains. The option is available by On-premise Exchange server type only.
Many big companies are separating the users from resources into multiple child domains. Without that option, the email provisioning will search only the current domain (where the MS Exchange is installed), but not the others. Using this option, the searching will be extended to look into other domains too. This option has some impact on the provisioning performance.
Allow to re-link mailboxes: By default this option is turned off. If this option is turned on, the provisioning job will be able to detect that a mailbox was deleted and replaced by a new one. The new mailbox (even if the mailboxGUID is changed) will be linked to the deleted (old) entry. If this option is turned off, the provisioning job will not attempt to re-link the mailbox, however, the mailbox will be marked with a warning flag in the Address book.
Default restore method: The administrator may decide the default restore method here. The data can be restored either into the existing shortcut (in-place restore), or a new item can be created. The default setting is used by the Email archive restore and Shortcut synchronization jobs.
Allow to archive public folders: The default contentACCESS behavior is not to archive the public folders; if you want to archive them, this option must be selected, otherwise they will be ignored. If public folder archiving is turned on and later off, the existing archived public folder mailbox is not removed (nor disabled). It will be simply not archived further, but the existing data remain in the archive.
Public folder access: When connecting using the Exchange Web Services, a mailbox (any mailbox) must be opened. This mailbox is defined here. It is recommended to use the superuser mailbox. If this value is changed, it is necessary to run the email provisioning job.
Retention reference date: If Sent date is set here, then the option Reference date when creating a new retention will use the Sent date value.
Allow to archive one-off emails: One-off items are emails with special message class and custom code (for example a contentACCESS shortcut) that is disconnected from the custom form (i.e. the message class is reverted, and the custom code is included in the mail).
By default, the option to archive such emails is unchecked, because these are not correct emails. These emails were reported as errors in the System logs before, now they are reported as information.
By checking this option, the system will archive these emails (may be necessary in journal archiving). The one-offed emails will be archived “as-is” – with no warranty that it will be possible to open them in Outlook.
e) Message class handling:
Enables to exclude certain message classes from the email archiving process on the level of the tenant. This feature can be quite useful for companies that have a policy stating that certain message classes, e.g. Contacts, Tasks etc. mustn’t be archived. Here you can also exclude custom message classes. E.g. if your company already has a third party archive, then you can exclude these already archived emails from the re-archiving process. Wildcards are also supported in the exclude message class list. Supported formats are: contains: *Test*; EndsWith: *Test; StartsWith: IPM*.
Shortcutting of non email items (appointment, task, post, contact) is also allowed. The message class of these items won’t be changed by the job, only the body and attachments will be. The shortcut type is taken from job settings. If you wish to process these items, select Create shortcut from the dropdown list, if not, select Do not create shortcut.
The Allow converting to shortcut checkbox for Rights protected messages enables the administrator to allow this kind of emails to be shortcutted on a tenant level – this option is disabled/unchecked by default. You can read more about the archiving of rights protected messages in this section.