This article contains requirements and configuration instructions for setting up an on premises Exchange instance for Cloud Commander.

Exchange On-Prem service requirements

Requirements are below.

  • Ports 443, 5671 and 5672 need to be open to the core environment.
  • Service Account for local module server
    • The Service Account needs to have the ability to login
    • Service Accounts needs full access to C:\Users\<username>\AppData\Roaming
    • Service account needs to have “logon as a service” rights
    • Application Impersonation Rights to the on-prem Exchange mailboxes
    • Note: Multi-Factor Authentication is not supported for this service account.
  • This Service Account, or another account, needs to have the ability to install software.
  • Authentication Certificate
  • .NET framework 4.7.1 must be installed on the machine.
  • The user account used to run the service must be added to the “Log on as a service” list using group policy (this account must be a local administrator). Here’s how it looks:

Plus, you’ll want to have the following information available during the installation:

  • User name and password for the service account
  • Either the Office 365 Service Account, or AppID for the Application Registration providing EWS authentication
  • Thumbprint for the registered application

Step 1: Import the certificate

Import the certificate used for authentication. This certificate can be provided by Quadrotech or generated by you.
To import the certificate:

  1. Log in to the server as the Service Account running the service.
  2. Copy the certificate to the local server.
  3. Open Certificate Management.
  4. Right-click on Personal. Choose other tasks > import.
  5. Go to the certificate location.
  6. Follow the wizard to import the certificate and enter the password, if required.

Step 2: Deploy and run the installer (Exchange.Agent.Console.Installer.msi)

You’ll specify Exchange agent settings on the installer. For example:

  • Agent WebAPI Url: This is the Exchange Agent WebAPI URL
  • Logger Name: This is the name for SumoLogic
  • Optional fields have to be populated while using secured API

Here’s how it looks:

Then, you’ll specify the service account and password for the Exchange agent:

Step 3: Enter credentials

Enter credentials in the Credentials Editor. Although the editor has 3 options, for most OnPrem installs, you’ll only need to enter credentials on these 2 tabs:
Enter the credentials for a service account with application impersonation rights for the OnPrem Exchange environment that can ingest data.
Office 365
Select an Authentication method (Application or Basic) and then enter the credentials for a target Office 365 environment. Here’s more about the authentication options:

  • Application: This option is most common and faster than the Basic option.
  • Basic: Select this option if you’re only migrating a portion of an organization’s users. For example, if you’re performing a migration for a divestiture client where only 500 of 10,000 total users are moving to a new tenant.

After entering credentials and clicking Save, restart the On-prem module.

Step 4: Edit the config file (Optional)

Note: This step is for advanced installs.
Once the Exchange OnPrem console application is installed, you need to edit the Config.json file:

“ConnectionStrings”: {
“AgentWebAPI”: “Version=1.3-alpha;BaseUri=https://<EXCHANGE_WEB_API_URL>/”
“AzureAd”: {
“TenantId”: “<fill in>”,
“TenantName”: “<fill in>”,
“FrontendAppId”: “<fill in>”,
“FrontendSecretKey”: “<fill in>”,
“BackendAppIdUri”: “<fill in>”

You can get the AzureAD keys from the parameters.json file that was used when the application was deployed.
Then, you need to add proper Exchange and Office365 values into Credentials Editor.

Step 5: Credentials Editor

Cloud Commander needs to store the on-prem Exchange credentials in order to extract the messages to the server. You will also need the AppID of the target Application Registration that is granting mailbox access.
To configure the credentials, you need an account with Application Impersonation rights. Then:

  1. Log in to the server running the modules using the service account that was used to install the modules.
  2. Locate the Quadrotech Credentials Editor on the start menu and launch it.
  3. Expand the Exchange section.
  4. Enter the UPN for the account with Application Impersonation rights. Example:
  5. Enter the password for the account and click OK.
  6. Expand the Office365 section.
  7. Enter the AppID of the target Application Registration that is granting mailbox access.
  8. Click Ok.
  9. Click the Save button and close the Credentials Editor.
  10. From the services area, restart the Quadrotech Cloud Commander service.
Print Friendly, PDF & Email