Here in this article, I will discuss that how to grant application impersonation rights in office 365 mailboxes using Office 365 Exchange Admin Portal as well as PowerShell commands.
Working with Application Impersonation in Exchange Online is very helpful for the administrators. As Application Impersonation is the best feature of Office 365 which enables applications to impersonate users to do any activities on their behalf without having their login credentials. This option can be used in many seniors such as PSTs migration to Office 365, Integration with a telephone system, CRM integration, performing scheduled local backups of Office 365 mailboxes, Offboarding and migrating users from one platform to etc.
Application Impersonation feature is available on Microsoft Exchange Server 2007 or higher and Microsoft Office 365 plan E3. In order to setup Application Impersonation using Office 365 Exchange Admin Portal, the following steps should be carried out.
Above steps will ensure you how to grant application impersonation rights in office 365. But if you are planning to perform migration and backup of all users’ mailboxes at once with impersonation then you have to give a few more permissions as shown below.
Go to recipients from Exchange Admin center > Double click on each mailbox > Click on Mailbox Delegation > Give Send As, Send on Behalf and Full Access permissions to the Admin mailbox > Finally, click on Save button. That’s it.
Note: In the above screenshots, I have shown how to grant Send As permission to the Admin mailbox. So in this way, you also need to give other permissions to the same mailbox such as Send on Behalf and Full Access.
If you are familiar with the Windows PowerShell commands and you want to know how to grant application impersonation rights in office 365 using PowerShell? below steps will show how you can easily give impersonation rights to all office 365 users of your organization with the following commands:
New-ManagementRoleAssignment –name:impersonationAssignmentName –Role:ApplicationImpersonation –User:serviceAccount
To assign the application impersonation role for the specific users or groups of users, you have to run the following commands.
New-ManagementScope –Name:scopeName –RecipientRestrictionFilter:recipientFilter
New-ManagementRoleAssignment –Name:impersonationAssignmentName –Role:ApplicationImpersonation –User:serviceAccount –CustomRecipientWriteScope:scopeName
Conclusion: In this article, I have discussed how to grant application impersonation rights in office 365 using Exchange Admin Portal and Windows PowerShell commands. I hope this article will help many Office 365 administrators in configuring impersonation in Exchange Online. If you have any difficulty or doubts while assigning application impersonation management role in office 365 then feel free to contact us. We will be happy to help you