Basic mode: Exchange Integration

Follow these steps to configure basic settings for the Cloud Extender® to integrate with Exchange.

Procedure

  1. Open the Cloud Extender Configuration Tool and select Exchange.
  2. Select the version of Exchange that you are using, and click Next.
    Exchange selection
  3. Configure the following settings based on server type:
    • If you are using Exchange On-Premises, configure the service account credentials and Exchange server URL (2010+):
      Service account configuration
      Option Description
      Remote PowerShell URL For Exchange 2010, 2013, and 2016 integration, the Cloud Extender uses Remote PowerShell.
      Use the following formats to configure your Remote PowerShell URL from the Cloud Extender Configuration Tool:
      • The Remote PowerShell URL format: https://<CAS-Server-hostname>/powershell
      • Cloud Extender does not support a load-balanced CAS (Client Access Server) array. The Cloud Extender must point to PowerShell on a specific CAS server.

      If you use RBAC roles for the service account, the Cloud Extender Configuration Tool does not display a warning that permissions are not validated. This behavior is expected and does not affect the configuration process.

      Username, password, and domain The credentials for the service account.

      The service account must be a local administrator on the Cloud Extender server and must have necessary rights on Exchange for integration: either standard rights or RBAC rights.

    • If you are using Office 365, configure the Office 365 PowerShell URL and the required service accounts:
      Service account configuration
      Option Description
      Remote PowerShell URL The Cloud Extender might automatically fill the Office 365 PowerShell URL as https://outlook.office365.com/powershell. Make sure that this URL does not change.

      Verify that the Cloud Extender can connect outbound to this URL from the Cloud Extender network.

      Office 365 Accounts Click the (+) plus sign to add the number of service accounts based on the guidelines for your environment.
      Use IE proxy for Office 365 PowerShell connections If the outbound connection from the Cloud Extender network to the Office 365 PowerShell URL must use the internal proxy, complete the following steps:
      1. Open the Internet Explorer (IE) browser on the Cloud Extender server in SYSTEM context or Service Account context.
        Note: Opening IE from the Start menu starts the browser as the logged in administrator and not in SYSTEM context. To switch to SYSTEM context, use psexec from SysInternals or press Shift and click IE, and then run the browser as the SYSTEM user.
      2. Select Tools > Internet Options > Connections Tab > LAN Settings.
      3. Configure proxy settings for the internal proxy, and then apply the settings.

      The Cloud Extender Configuration Tool uses this proxy setting to establish a remote PowerShell session to Office 365. The proxy settings on the first page of the Cloud Extender Configuration Tool do not apply to Office 365 connections.

      Validate All Accounts The Cloud Extender runs validation checks against Office 365 from each configured service account.

      The Cloud Extender checks for connectivity, validity of credentials, and permissions for each configured service account, including any accounts with issues. Make sure that all service accounts are functional.

      If validation fails, you can review the information in the following IBM Security blog to troubleshoot any issues with your account settings: MaaS360 with Watson for Cloud Extender Office 365 Admin Account support for Exchange Online

      Check that Two-Factor Authentication is disabled on your Service Account. Microsoft might demand this for service accounts with the Global Admin role, but not for MaaS360. To prevent the unnecessary requirements, it is recommended not to share your MaaS360 Exchange Service Account.

  4. Click Next to run the reachability tests for Exchange 2010+.
    Exchange account test

    For Office 365, account validation is automatically completed after you click Next.

    Exchange account test
    • The Cloud Extender connects to Exchange and lists the mailbox servers that are either reachable or unreachable.
    • Servers without Mailbox server roles and Mailbox servers without mailboxes are displayed under Not Reachable, which is an expected behavior.
    • Exchange Mailbox servers on other Exchange versions might show up under the Not Reachable server list.
    The Cloud Extender Configuration Tool reports and displays which reachability tests succeeded or failed after the Cloud Extender queries the EAS mailbox servers. These results provide accurate reporting on the status of the Exchange environment and which part of the reachability tests failed. The results for each queried EAS mailbox server are displayed in a grid on the Cloud Extender Configuration Tool.
    The Cloud Extender Configuration Tool reports the following error conditions:
    • Servers that are reachable.
    • Servers that are reachable but with 0 devices.
    • Servers that are not reachable.
    If you cannot establish a PowerShell session, troubleshooting steps are provided in the Cloud Extender Configuration Tool. You can also contact IBM Support for assistance with troubleshooting issues with the reachability tests.
  5. Click Save to complete the setup and return to the Cloud Extender Summary page.