Requirements:
1. Ensure Exchange Web Services (EWS) are enabled on an SSL connection.
- Ensure that your Exchange server has a signed SSL certificate from an approved certificate authority.
- Ensure that inbound connections are allowed on any firewall on port 433 to your Exchange server. You can restrict IP access IP ranges. These are listed in step 4 of this article:
Whitelist Ebsta's IP addresses in Salesforce
2. Enable Exchange Autodiscover service
3. Enable basic authentication on Exchange server and Autodiscover service.
1. Create an Exchange user with a mailbox that will act as the service account.
2. Using Exchange Management Shell, enable the Active Directory extended permission for ms-Exch-EPI-Impersonation on all Client Access servers.*
Get-ExchangeServer | where {$_IsClientAccessServer -eq $TRUE} | ForEach-Object {Add-ADPermission -Identity $_.distinguishedname -User (Get-User -Identity <EnterExchangeSyncServiceAccountEmailAddress> | select-object).identity -extendedRight ms-Exch-EPI-Impersonation}
3. Enable the Active Directory extended rights for ms-Exch-EPI-May-Impersonate to provide the service account impersonate rights over mailboxes.*
Get-MailboxDatabase | ForEach-Object {Add-ADPermission -Identity $_.distinguishedname -User <EnterExchangeSyncServiceAccountAddress> -ExtendedRights ms-Exch-EPI-May-Impersonate}
* If you receive a pipeline error message, wait a few minutes and re-enter the command to let your server process the requests.
4. Configure your service account to impersonate the group of users you wish to connect to Ebsta by creating a management scope which defines the filter grouping the Exchange users.
e.g. If all relevant mailboxes had the Department filterable property set as 'InsideSales' replace <RecipientFilter> with Department -eq 'InsideSales'
New-ManagementScope -Name:<DefineExchangeSyncScopeName> -RecipientRestrictionFilter:{<RecipientFilter>}
5. Create a management role assignment that restricts the service account to impersonate only the users you defined in the management scope above.
New-ManagementRoleAssignment -Name:<DefineExchangeSyncRoleAssignmentName> -Role:ApplicationImpersonation -User:<EnterExchangeSyncServiceAccountAddress> -CustomRecipientWriteScope:<DefineExchangeSyncScopeName>
6. Once you have created your service account, you can test the connectivity and the scope at:
https://testconnectivity.microsoft.com/
Once connectivity of your service account has been tested, you are ready to connect your service account to Ebsta and to connect your mailboxes. Follow instructions in this article:
Connect an Office 365 or Exchange service account & connect mailboxes to Ebsta