Microsoft 365 User Account
  • 16 Jun 2023
  • Dark
    Light

Microsoft 365 User Account

  • Dark
    Light

Article summary

Introduction

Before you register your Microsoft 365 domain with Cohesity and protect Exchange Online data, ensure the following prerequisites:

  1. Configure the required roles for your Microsoft 365 user account. For more information, see User Roles and Application Permissions.
  2. Custom Azure Application with the requisite permissions. For more information, see User Roles and Application Permissions.
  3. You must open specific ports in the firewall to allow the Cohesity cluster to protect Microsoft 365 Exchange Online data. For information on the required ports, see Firewall and Port Requirements.
  4. Review and understand the Considerations and Best Practices.

While registering Microsoft 365 domain on Cohesity, ensure that you provide the user account details with all the specified roles. For more information, see Register Microsoft 365 Source Within Cohesity.

Setup Microsoft User Account for Cohesity

  1. Login to Azure Portal.
  2. Navigate to Azure Active Directory | Users.
    1. Click on the three parallel lines at the top-left of the page.
    2. Within the list of options presented, select Azure Active Directory.
    3. Next, select Users in the left-hand panel.
  3. Click + New User.
    1. Enter User Name (Expedient recommends something in the vein of 'cohesitysvc' for easy identification.)
    2. Enter Name.
    3. Click Create.

Add Roles to the Microsoft 365 User Account

Your Microsoft 365 user account must have specific roles added to it for Cohesity Platform to access your Microsoft 365 domain. For more information, see User Roles and Application Permissions.

To add roles to the Microsoft 365 user account:

  1. Log in to Microsoft 365.
  2. On the Office 365 page, click Admin.
  3. On the Microsoft 365 admin center page, select Admin centers and then click Exchange.

Follow the Classic Exchange admin center steps in Step 4 next, or skip to Step 5 if you're on the new Exchange admin center page. If you see a message prompting you to switch to New Exchange, you're still in classic Exchange.

  1. To add roles from the Classic Exchange admin center page:
    1. Click Permissions and then select the Admin roles tab.
    2. Click + to create a new role group in the Admin roles tab.
    3. On the new role group page, enter a Name and Description, and under Roles, click +.
    4. In the Write scope drop-down, select Default and click Next.
    5. In the Select a Role page, select the following roles, click Add, and then OK:
      • ApplicationImpersonation
      • View-Only Configuration
      • View-Only Recipients
      • MailboxSearch
      • MailRecipients
    6. Under Members, click + to add the user account you plan to use to register the Microsoft 365 domain with Cohesity Platform, then click OK.
    7. Click Save to create the Role Group.
  2. To add roles from the new Exchange admin center page:
    1. Select Roles > Admin roles.
    2. On the Admin roles page, click Add role group.
    3. Under Basics, enter a Name and Description for the admin role.
    4. In the Write scope drop-down, select Default and click Next.
    5. Under Permissions, select the following and click Next:
      • ApplicationImpersonation
      • View-Only Configuration
      • View-Only Recipients
      • MailboxSearch
      • MailRecipients
    6. Under Admins, search and select the user account you plan to use to register the Microsoft 365 domain with Cohesity Platform, then click Next.
    7. Under Review and finish, review the configuration, and click Add role group.
    8. After the role group is added, click Done.

Enable Identified Names for Users, Groups, and Sites in Microsoft 365 Reports

By default, using Graph API, Microsoft reports display information as de-identified names for users, groups, and sites. However, for Mailbox size reporting to work in Cohesity, you need to have identifiable information in the Email activity reports.

Update the following organization setting in your Microsoft 365 admin center:

  1. Log in to your Microsoft 365 admin center as a Microsoft 365 tenant administrator.
  2. Go to Settings > Org settings > Services > Reports.
  3. Deselect In all reports, display de-identified names for users, groups, and sites.
  4. Click Save.

Was this article helpful?