Enterprise Vault.cloud™ Archive Administration Help

Last Published:
Product(s): Enterprise Vault.cloud (Version Not Specified)
  1. Getting started with Archive Administration
    1.  
      About Enterprise Vault.cloud Archive Administration
    2.  
      Prerequisites for Archive Administration
    3.  
      Archive Administration web browser support
    4.  
      What's new in this release
    5.  
      Signing in to Archive Administration
    6.  
      Signing out from Archive Administration
    7.  
      Resetting a forgotten password
    8.  
      Password policy
  2. Archive Overview
    1.  
      About the Archive Overview
    2.  
      Viewing the Full Archive Usage report
  3. Customer Dashboard
    1.  
      About customer dashboard
    2.  
      Viewing and exporting dashboard statistics details
  4. My Config
    1.  
      About the My Config page
    2.  
      About Services
    3.  
      Selecting the User Management options
    4. About Provisioning
      1.  
        Configuring the Personal.cloud deployment options
      2.  
        Configuring the administrator notification options
    5.  
      CloudLink Sync Summary
    6. About Managed Tags
      1.  
        Creating a managed tag
      2.  
        Assigning a managed tag to users
      3.  
        Changing the retention policy associated with a managed tag
      4.  
        Deleting a managed tag
    7. About Account Management
      1.  
        Searching for archive accounts
      2.  
        Using search filters
      3.  
        Creating an archive account
      4.  
        Viewing the details of an archive account
      5.  
        About the Account Details page
      6.  
        Editing an archive account
      7.  
        Deleting an archive account
      8.  
        Deploying users
      9.  
        Enabling services for existing Exchange Online archive accounts
      10.  
        Removing user access
      11.  
        Disabling bulk user accounts
      12.  
        Editing Mobile Web Access permission for existing archive accounts
      13.  
        Unlocking an archive account
      14.  
        Exporting archive account information
  5. Archive Collectors
    1.  
      About Archive Collectors
    2.  
      Adding new archive collectors
    3. About Exchange Online Archiving
      1.  
        Setting up modern authentication in Azure AD for Exchange Online sync
      2.  
        Configuring Exchange Online sync
      3.  
        About Exchange Online folder synchronization
      4.  
        Prerequisite for migrating Exchange Online Users configured with Folder Sync to Exchange Online Folder Synchronization
      5.  
        Configuring Exchange Online folder synchronization
    4. About Bloomberg Archiving
      1.  
        Configuring the Bloomberg Sync
    5. About Microsoft Teams Archiving
      1.  
        Registering a Microsoft Azure App for Teams Collector
      2.  
        Requesting access to protected APIs in Microsoft Graph
      3.  
        Enabling Microsoft Team service for customer
      4.  
        Configuring Microsoft Teams Sync
    6. About OneDrive for Business Archiving
      1.  
        Registering a Microsoft Azure App for OneDrive for Business Collector
      2.  
        Enabling the OneDrive for Business service for customer
      3.  
        Configuring OneDrive for Business Sync
  6. Role Management
    1.  
      About Role Management
    2.  
      Editing the built-in administrator roles
    3.  
      Creating custom administrator roles
    4.  
      Assigning administrator roles to an archive account
    5.  
      Assigning the reviewer role to an archive account
    6.  
      Assigning several archive accounts for monitoring
  7. Policy Management
    1.  
      About Policy Management
    2.  
      Configuring archive options
    3.  
      Disabling account archiving
    4.  
      Configuring an advanced password policy
    5.  
      Configuring trusted networks for Enterprise Vault.cloud access
  8. Classification
    1.  
      About classification
    2.  
      Which emails get classified?
    3.  
      Steps for setting up classification
    4.  
      Accessing the Veritas Information Classifier
    5.  
      Enterprise Vault.cloud item properties for use in custom classification policies
  9. Import Data
    1.  
      About Import Data
    2.  
      Importing data into archives
  10. Authentication Management
    1.  
      Configuring the Enterprise Vault.cloud authentication service
    2.  
      Enabling the Authentication Settings permission for the Policy Manager role
    3.  
      Assigning the Policy Manager role to an administrator
    4.  
      Selecting an authentication method
    5.  
      Uploading a token-signing certificate
    6.  
      Validating the Identity Provider URL
    7.  
      Activating single sign-on
  11. AD FS Configuration Guide
    1.  
      Configuring AD FS to work with Enterprise Vault.cloud
    2.  
      Adding a relying party trust for Enterprise Vault.cloud
    3.  
      Generating a token-signing certificate
  12. Retention Management
    1.  
      About Retention Management
    2.  
      Configuring the default retention period
    3.  
      Creating a retention policy
    4.  
      Editing a retention policy
    5.  
      Deleting a retention policy
    6.  
      Associating a retention policy with a policy target
    7.  
      Disassociating a retention policy from a policy target
    8.  
      Enabling and disabling the storage expiry setting
    9.  
      Viewing the storage expiry status table
  13. Continuity Management
    1.  
      About Email Continuity
    2.  
      Email Continuity prerequisites
    3.  
      Configuring Email Continuity
    4.  
      Provisioning the Email Continuity service for your mail servers
    5.  
      Adding the Email Continuity IP ranges to your firewall and mail server allowlists
    6.  
      Updating your email security provider routing configuration
    7.  
      Testing the Email Continuity configuration
    8.  
      Managing Email Continuity
    9.  
      Email Continuity FAQ
  14. Reports Management
    1.  
      About Enterprise Vault.cloud reports and logs
    2.  
      Viewing the Activity Log
    3.  
      Viewing the Message Log
    4.  
      Viewing the Usage Log
    5.  
      Viewing the Usage Reports
    6.  
      Creating a Retention Log Report
    7.  
      Viewing the Mobile Browser Log
    8.  
      Viewing the Personal Browser Log
    9.  
      Viewing the Discovery Browser Log
    10.  
      Creating a Messaging Report
    11.  
      Creating a Personal Archive Report
    12.  
      Creating a Mobile Web Access Report
    13.  
      Creating a Discovery Archive Report
    14.  
      Creating a Mail Reassignment status report
  15. Notification Management
    1.  
      Usage notifications
    2.  
      Enabling or disabling usage notifications
    3.  
      Changing the usage notification threshold and frequency
    4.  
      Adding email addresses for usage notifications
    5.  
      Removing email addresses from usage notifications
  16. Personal.cloud Deployment for IBM Notes
    1.  
      Personal.cloud deployment for IBM Notes
  17. Archive Administration Updates in Previous Releases
    1.  
      About the updates for previous releases
  18. Archive Administration Known Issues
    1.  
      Archive Administration Known Issues

Setting up modern authentication in Azure AD for Exchange Online sync

If you want to use modern authentication for O365 sync, you need to configure an app in Azure AD. After you complete this setup, you get the Application (Client) ID and the primary domain details. These details are required to manage Exchange Online synchronization.

To set up modern authentication in Azure AD for Exchange Online sync

  1. Create a new Azure AD app.

    To create app on the Azure Active Directory, you need to select App Registrations in the left navigation pane. Click New Registration, and provide the user-facing display name of the application. Click Register.

    Copy and note the Application (Client) ID.

  2. On the Azure AD portal, select Certificates & secrets, and upload the public key for a self-signed certificate created by you for the Azure AD app.

    Note:

    You can use any secured method to create a self-signed certificate and a public key. However, in this sample scenario, to create a self-signed certificate and a public key, the Create-SelfSignedCertificate.ps1 script is executed. This script is available with the Exchange Online V2 module. Save or install the module from https://www.powershellgallery.com/packages/ExchangeOnlineManagement/2.0.3

    Example to create a self signed certificate using Create-SelfSignedCertificate.ps1

    < Location where ExchangeOnlineManagement is installed or saved >\ExchangeOnlineManagement\2.0.3\Create-SelfSignedCertificate.ps1

    -CommonName AnimDemoCert -StartDate (Get-Date).Date -EndDate (Get-Date).Date.AddYears(1)

    After successful execution of this script, a self-signed certificate (.CER) and the public key (.PFX) will be created in the current working directory. You can use the .PFX certificate file in Enterprise Vault.cloud, and corresponding .CER certificate file in Azure Active Directory.

    Note the password used for the certificate. You need this password later while configuring the Exchange Online sync in Archive Administrator.

    In the above example, the self-signed certificate is valid for a year. You can choose the certificate expiry as required.

  3. Upload the certificate (.CER file) that you have created in the previous step.

    Select Certificates & secrets in the left navigation pane. Upload the certificate (.CER file) that you have created in the previous step.

    Note:

    Certificates are the recommended way to connect to a registered Azure AD app and also Exchange Online V2 module only supports using certificates to connect to Exchange Online using a registered Azure AD app.

  4. Provide the required API permissions to the app.

    The following Azure AD app permissions are required for configuring Exchange Online sync with Modern Authentication:

    Note:

    The following permissions are required to support for full functionality of this feature. Items noted below as optional can be omitted if the API permission use and the associated functionality is not required for your environment.

    Exchange web service (EWS API\Proxy)

    (Optional)

    API permission use: Web folder deployment

    Note:

    This permission is required for the initial configuration, but is optional for ongoing use if this functionality is not required. You can remove it after initial configuration.

    How to configure: Exchange Online Exchange Online > Application permissions > Other permissions > full_access_as_app

    Exchange Online V2 (PowerShell)

    (Required)

    API permission use: To get exchange related information like delegated permissions, DL membership, and DDL membership.

    API permission path: Exchange Online Exchange Online > Application permissions > Exchange > Exchange.ManageAsApp

    Note:

    Exchange.ManageAsApp permission is required. For reference, see Set up app-only authentication

    Role: One of the following roles is required.

    • Need to assign RBAC roles to the app. You can assign any of the following roles:

      • Exchange Administrator: Use this role if you want the Exchange Online Sync connector create and manage journal address and journal rules in Exchange automatically for you.

        How to configure: AAD->Roles and Administrators->Exchange Administrator->Add Assignments->Search for the app-> Select app-> Add Exchange Administrator

      • Global Reader: Use this role if you prefer to create and manage journal address and journal rules in Exchange manually.

        How to configure: AAD->Roles and Administrators->Global Reader->Add Assignments->Search for the app-> Select app-> Add Global Reader.

        Note:

        You cannot see the App immediately after creating it. This could take 12-24 or more hours for the app to show up in the list to be selected.

    • Need to assign the Exchange Administrator role to add journal address in provisioning configuration automatically in exchange.

    • Else, the Global Reader role serves the same purpose for syncs.

    Graph API

    API permission use: To get user license and other information from Azure AD.

    How to configure:

    • MS Graph > Application permissions > User > User.Read.All

    • MS Graph > Application permissions > Directory > Directory.Read.All

    Permissions to be assigned: You need to at least assign the User.Read.All permission to the application.

    Reference: See Permissions

  5. To add the journal address automatically to Exchange, add app as an Exchange Administrator.

    Alternatively, if you want to add the journal address manually, assigning the Global Reader role is enough.

  6. From the Azure AD portal, select Overview to view Tenant information section.

    Copy and note the primary domain details that you need as the Tenant name while configuring the Exchange Online sync in Enterprise Vault.cloud.