Thursday, February 18, 2016

Set Impersonation Mode for GAL or Public Folder Sync to User Mailboxes

By Vern Weitzman

There are two types of permissions that you can give to a service account so that it can easily update contacts, appointments and sticky notes inside of users mailboxes. Delegation is the most common permission used for on-premise Exchange Servers. It allows granular permissions

 
This blog post shows the steps required to enable a user or service account to open mailboxes in impersonation mode on Office 365 Exchange.

  1. Log in to your Office 365 Management Console as a Global Administrator. Under the ADMIN menu, launch Exchange.


2) Next you will see the Exchange admin center.  Launch the admin roles menu beneath Permissions.


3) After you click admin roles, click the plus (+) symbol to add a new role. If another role already exists that has impersonation, you can just edit that role.

After you hit the plus (+) symbol to add a new role (or edit an existing one), the roles dialog appears.  If it’s a new role, type the name App Impersonation.


Add the service account under Members.   If you are using the cloud service and don’t have a service account yet, you should use grant the App Impersonation role to your mailbox (or to whatever mailbox that you used to set up the cloud service).

It can sometimes take several minutes for these changes to become active.

If you would like to enable App Impersonation via Powershell, read the blog post How to Configure an Office 365 Hybrid Premise Service Account.