[LEGACY] Configuring the Mimecast Synchronization Engine service account for Office 365

Document created by user.oxriBaJeN4 Employee on Sep 14, 2015Last modified by user.oxriBaJeN4 Employee on Dec 2, 2015
Version 7Show Document
  • View in full screen mode

Applies to: version 2.9.1 and earlier.

This article describes the requirements and steps required to configure a the Mimecast Synchronization service account for Office 365 environments.


Exchange Permissions


For Office 365 the user that is selected to run the Mimecast Synchronization Engine service needs to be mailbox enabled and have permissions to access the mailboxes hosted in Office 365. This is configured by,


  1. Create / select a user to run the Mimecast Synchronization Engine service in Office 365.
  2. Apply the Full Access mailbox permission for the service account user in order to be able to access the Office 365 mailboxes.
    1. On a workstation or server of your choice, start Windows PowerShell
    2. Set your Office 365 admin credentials using this command:

      $cred = Get-Credential

    3. Import the Office 365 cmdlets using this command:
      $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid -Credential $cred -Authentication Basic -AllowRedirection
    4. Finally import these cmdlets in to your local session using this command:

      Import-PSSession $Session

    5. Once connected you can configure the mailbox permissions for mailbox that you created / selected in step 1 using this command:
      Get-Mailbox -ResultSize unlimited | Add-MailboxPermission -User user1@domain.com -AccessRights fullaccess -InheritanceType all
      Where user1@domain.com is the primary SMTP address of the user that you created / selected in step 1.
    6. Microsoft best practice recommends to disconnect a PowerShell session from Office 365 once you have completed your tasks. This is done using this command:

      Remove-PSSession $Session

      Where $Session is the name of the variable used to create the session.

Observations: Mimecast has noticed the following Exchange / Office 365 behaviors when configuring these permissions:

  • The PowerShell Script Execution Policy should be set to unrestricted on the workstation being used to configure these permissions.
  • Once applied the permissions can take up to 6 hours to propagate through Office 365.
  • When new users are added to Office 365 these steps will need to repeated to ensure that the Mimecast Synchronization Engine can access the newly added mailboxes.


Setting the Service Account

Once the Mimecast Synchronization Engine is installed the service account should be set using the Site Configure utility. To do this follow these steps:

  1. Open the Site Configure Utility from Start | Programs | Mimecast Synchronization Engine
  2. Navigate to the Accounts Tab.
  3. Use the button to the left of the User Name text box to launch a Windows account picker dialog box.
  4. Type the name of the user account to set as the service account and click OK. This can be a local machine or Active Directory domain user.
  5. Type the password for the user account.
  6. In the Microsoft Mailbox section type the primary SMTP address of the user created / selected in step 1 of the Exchange Permissions section above.
  7. Type the password of the Microsoft Mailbox.
  8. Change the Directory | Type to the Microsoft Office 365 Directory and click Apply.


Next Steps


With the service account configured you are now ready to bind your Mimecast Synchronization Engine site to Mimecast. To learn more about this please see [LEGACY] Binding the Mimecast Synchronization Engine.