Enterprise Vault™ Setting up Exchange Server and Office 365 for SMTP Archiving
- Configuring Exchange Server for an Enterprise Vault SMTP Archiving solution
- About using Enterprise Vault SMTP Archiving for Exchange Server journaling
- Summary of steps
- Creating a remote domain using the Exchange Management shell
- Creating a recipient mail contact in the remote domain
- Creating a Send Connector for the remote domain
- Setting up Exchange Server journaling
- Points to note when setting up Enterprise Vault SMTP Archiving servers
- Configuring Office 365 for Enterprise Vault SMTP Archiving
- Configuring the Azure RMS Decryption feature for Office 365 email encryption support
- About configuring the Azure RMS Decryption feature for Office 365 email encryption support
- Summary of steps
- Configuring IRM settings for journal report decryption in your organization
- Getting the Rights Management configuration details of your Azure tenant
- Creating a new service principal that represents your tenant to external applications
- Adding the service principal to the list of superusers for your organization
- Installing Microsoft Right Management Services Client 2.1
- Configuring the decryption of RMS-protected messages in Enterprise Vault
Creating a Send Connector for the remote domain
Create a Send Connector to route journal mail from the Exchange Server to the Enterprise Vault SMTP servers.
To provide load balancing and fault tolerance, you can route mail using multiple smart hosts in the Send Connector, MX records, or a hardware load balancer. The smart host method is described in this section. This method is inexpensive, secure, and not complicated to configure; it does not require any new DNS zones, or the creation of MX records in DNS. It also allows you to select authentication and encryption methods on the connector. MX records do not provide the option to encrypt messages.
Typically, you add the Enterprise Vault SMTP servers as smart hosts to the Send Connector. If you have more than one smart host configured in the Send Connector, Exchange will use them in rotation, so that the smart hosts receive mail equally. High availability is also accomplished with this method; if one smart host is not available, the connector will use the next smart host.
Using MX records to provide load balancing and fault tolerance is described in Best Practices for Deploying SMTP Archiving.
To create a Send Connector for the remote domain
- Open the Exchange Admin Center, and click mail flow. At the top of the page, click send connectors, and then click + to start the new send connector wizard.
Enter an appropriate name for the connector, and leave Type as Custom. Click Next.
- To add smart hosts, select Route mail through smart hosts, and click + to add the IP addresses of the smart hosts; typically, the Enterprise Vault SMTP servers. Click Next.
- Configure the smart host authentication as follows:
If authentication is not configured on the Enterprise Vault SMTP servers, then select None.
If basic authentication is configured on the Enterprise Vault SMTP servers, then provide the same user name and password that is configured on the Enterprise Vault SMTP servers.
Do not select Offer basic authentication only after starting TLS. This option enables Mutual Transport Layer Security (TLS) on the Exchange Server, which is not supported on Enterprise Vault SMTP servers.
If encrypted connections are permitted on the Enterprise Vault SMTP servers, then select None.
TLS is enabled by default on Exchange Server 2013, and the server attempts TLS for all remote connections. Exchange Server 2013 uses opportunistic TLS, and the setup creates a self-signed certificate.
Click Next.
- On the Address space page, click + to add the remote domain that you created earlier. Click Next.
- On the Source server page, click + and add the Exchange Servers that are allowed to use this Send Connector.
When you have added the Exchange Servers, click Finish. The new connector is displayed in the list of Send Connectors.
- It is advisable to increase the maximum send message size for the Send Connector.
Double-click the connector to edit the properties. On the general page, choose an appropriate maximum message size for connector.
Do not select Enable on the Send Connector until the Enterprise Vault servers are fully configured and ready to receive SMTP traffic.
Confirm that the details on the other pages are correct and click Save.
