Enterprise Vault™ Setting up Exchange Server and Office 365 for SMTP Archiving

Last Published:
Product(s): Enterprise Vault (14.5)
  1. Configuring Exchange Server for an Enterprise Vault SMTP Archiving solution
    1.  
      About using Enterprise Vault SMTP Archiving for Exchange Server journaling
    2.  
      Summary of steps
    3.  
      Creating a remote domain using the Exchange Management shell
    4.  
      Creating a recipient mail contact in the remote domain
    5.  
      Creating a Send Connector for the remote domain
    6.  
      Setting up Exchange Server journaling
    7.  
      Points to note when setting up Enterprise Vault SMTP Archiving servers
  2. Configuring Office 365 for Enterprise Vault SMTP Archiving
    1.  
      About using Enterprise Vault SMTP Archiving for Office 365 journaling
    2.  
      Summary of steps
    3.  
      Creating an Office 365 to Enterprise Vault Send Connector
    4.  
      Points to note when setting up Enterprise Vault SMTP Archiving servers
  3. Configuring the Azure RMS Decryption feature for Office 365 email encryption support
    1.  
      About configuring the Azure RMS Decryption feature for Office 365 email encryption support
    2.  
      Summary of steps
    3.  
      Configuring IRM settings for journal report decryption in your organization
    4.  
      Getting the Rights Management configuration details of your Azure tenant
    5.  
      Creating a new service principal that represents your tenant to external applications
    6.  
      Adding the service principal to the list of superusers for your organization
    7.  
      Installing Microsoft Right Management Services Client 2.1
    8.  
      Configuring the decryption of RMS-protected messages in Enterprise Vault
  4. Configuring decryption of MPIP-protected Office 365 emails archived in Enterprise Vault
    1.  
      About configuring the MPIP decryption feature in Enterprise Vault
    2.  
      Summary of steps
    3.  
      Disable decryption of journal report in your organization
    4.  
      Register an application with the Azure Active Directory
    5.  
      Assign the required permissions to an application
    6.  
      Upload certificates
    7.  
      Configure decryption of MPIP-protected emails in Enterprise Vault

Register an application with the Azure Active Directory

To enable Enterprise Vault to decrypt Microsoft Purview Information Protection (MPIP) protected emails, you must first register it with the Azure Active Directory. Registering the application establishes the trust relationship between the Enterprise Vault and the Microsoft identity platform.

Perform the following steps to register the application:

Note:

Ensure that you have an Azure Account with an active subscription.

  1. Open the Azure Portal (https://portal.azure.com/) by entering the credentials which have access to register application.

    Depending on the configuration of your tenant, you may also need to be a member of the "Global Administrator" directory role to register the application.

  2. Select Azure Active Directory from the Azure services.

  3. On the left navigation pane, select App registrations.

  4. Click + New registration.

  5. Enter the user-facing display name for the application and click Register.

    Note:

    Ensure that all the other values on the Register an application UI is the same as displayed in the above image.

  6. Navigate to the Overview section and find your Application (client) ID and Directory (tenant) ID.

    Note:

    Make a note of the Application (client) ID and Directory (tenant) ID, which are required for enabling decryption of the MPIP-protected emails in Enterprise Vault.