Documentation forAccess Rights Manager

Configure Exchange resources

See the following sections for more information.

Add an Exchange Online resource

  1. Complete the application preparation as described in Prepare Exchange resources.

    Exchange Online requires a specific app registration. You cannot use the credentials from the app registration for Azure AD, Teams, and OneDrive or SharePoint Online.
  2. Start the Configuration application.

  3. Click Scans.

  4. Click Exchange.

  5. In the Exchange selection window, configure the resource and assigned collector.

    1. In the Credential field, accept the default selection.

      The credential displayed here is not used for accessing Exchange Online. You can select the access information for Exchange Online in a future step.

    2. In the Name field, select Microsoft Exchange Online. This is the default selection.

    3. Select one or more collectors with an Internet connection.

      The scan runs using one collector. If you select more than one collector, ARM automatically selects the appropriate collectors based on the CPU and RAM use.

  6. Click Apply.

  7. In the Configuration window, locate the Exchange scan summary highlighted with an Exchange icon.

    New resource configurations display at the bottom. Click the scroll bar (1) tool highlighted below to scroll to the Exchange scan summary.

  8. Click the not set (2) link highlighted above to select the Exchange Online credentials.

    New resource configurations display at the bottom.

  9. In the Read Credentials window, select the credentials.

    To access Exchange Online, you can use a registered app (recommended) or a service account. See Prepare Exchange resources for more information.

    1. In the Username/App-ID field, select the app ID for access using a registered app or the user name of the service account in email format.

      For example:

      abc@xyz.com

    2. In the Password/Thumbprint field, select the thumbprint for access using the registered app or the service account password.

    3. In the Organization field for access using the registered app, specify the organization.

      For access using a service account, leave this field blank.

  10. Click Apply.

Identify the organization for access to Exchange Online via registered app

  1. Log in to the Microsoft Azure website at portal.azure.com as an administrator

  2. Click Azure Active Directory > Custom domain names.

    You will see a list of available domain names that you can enter as organization.

  3. Use the domain name ending with .onmicrosoft.com.

    For example:

    yourcompany.onmicrosoft.com

Add an Exchange on-premise resource

  1. Complete the app preparation as described in Prepare Exchange resources. When you are finished, perform the steps in this section.

    Exchange Online requires a specific app registration. You cannot use the credentials from the app registration for Azure AD, Teams, and OneDrive or SharePoint Online.
  2. Start the Configuration application.

  3. Click Scans.

  4. Click Exchange.

  5. In the Exchange selection window, select a resource.

    1. Enter the credentials for the account used to execute the Exchange scan.

      The credentials from the basic configuration are preset. SolarWinds recommends using a service account.
      The credentials are used to search for Exchange servers in Active Directory to list them below.

    2. Filter the results list and then press Enter to confirm.

      You can also specify an unlisted Exchange server.

    3. Select the Exchange Server.

      All DAGs* or servers that are contained in the current Active Directory site will be listed.

    4. Select one or more collectors.

      The scan is executed using one collector. If you selected more than one collector, ARM automatically decides through which collector the scan will be executed based on the CPU and RAM utilization.

    5. Click Apply.

      ARM can connect to Database Availability Group (DAG) servers to execute scans. You can select the DAG server directly in the scan configuration. To perform the scan, adjust the settings on all DAG Exchange servers as described in Preparing the PowerShell Website. The decision made by the collector on which server to establish a connection to is made by the DAG during the initial connection. As a result, successive scans can occur on different servers.

      Since IP-less DAGs (from Exchange 2016 Default Setting, optional in Exchange 2013) do not have an Administrative Access Point (AAP), the Exchange server cannot be managed through this DAG. In this case, specify an Exchange server directly or use the load balancing namespace.

Customize an Exchange configuration

  1. Start the Configuration application.
  2. Click Scans.

  3. In the Configuration window, locate the Exchange scan summary highlighted with an Exchange icon.

  4. Choose a configuration task.

    You can:

Modify the Exchange scan settings

To modify or change the settings, you can:

  1. Click to start or cancel an Exchange scan.

    The typical scan speed is around 10 elements per second.

  2. Click or to schedule regular scans.
  3. Click the scan configuration name to change the name of the configuration.

Modify the credentials and collector server

You can:

  1. Change the credentials used to execute the scan.

    Enter the Exchange Online user name in e-mail format.

    For example:

    sa-exchange@arm-demo.com

  2. Change the collector server.

    The collector server requires Internet access when using Exchange Online.

Define the scan scope

When you click one of the highlighted links shown above, the Exchange scan option window displays.

If you select a subset of folders for readable public folders, no statistical data will be available. Beginning in Microsoft Exchange 2013, administrative permissions to public folders are not available.

Select a mailbox type

To select the mailbox type, a filter is applied to the RecipientTypeDetails property, as shown below.

  1. Click the link highlighted above.

  2. In the Mailbox detains window, determine if the substitution rules and mailbox folders are read.

  3. Under Mailbox Type, determine the range in which mailbox details are read with Exchange Web Service (EWS).

    The mailbox type selection is independent for scans with PowerShell and EWS. You can determine which mailbox types are scanned and for which mailbox types the mailbox folders are scanned.

Customize the connection settings for Exchange Online

Click the link to configure the connections settings for the Exchange Online scan.

Select the authentication mechanism.

Note that the "Basic" mechanism has already been deprecated by Microsoft for Exchange Online.

Connection settings for Exchange on-premise

  1. Start the Configuration application.
  2. Click Scans.

  3. In the Configuration window, locate the Exchange scan summary highlighted with an Exchange icon.

  4. In the summary window, click one of the links highlighted below to configure the connections settings for the Exchange on-premise scan.

  5. In the Exchange connection settings window, click one of the links highlighted above to configure the connections settings for the Exchange on-premise scan.

    The following settings must match the IIS-website settings. See Preparation of the PowerShell website for details.

  6. Under Exchange PowerShell website name, enter the name of the Exchange PowerShell website.

    In standard settings, this name is PowerShell.

  7. Under Authentication mechanism, select an authentication mechanism.

    For Exchange Online select Basic.

  8. Under Exchange PowerShell website name, note the following conditions:

    1. If the client access server is unreachable using the fully qualified computer name, deselect the Use full qualified computer name checkbox.
    2. If required, select an encrypted connection option.

      This setting must match the similar setting in the PowerShell website.

  9. Click Apply.