Configuring Remote Journaling via Microsoft 365

Microsoft 365 provides a remote journaling functionality to send a copy of all mail sent or received by members of a defined security group to a remote SMTP address. Spambrella provides you with the SMTP address to use for this configuration.

Solution

  • Setup on Email Archive Service
  • Configuring an Outbound Connector on Microsoft 365
  • Configuring a Journal Rule on Microsoft 365
  • Confirm Data is being Archived successfully

Archive Configuration

  • From the Admin User Interface, click Archive.
  • Select Launch Email Archive.

archive-tab

  • Expand Data Management and then Connections.

clipboard_ea4c71944cd874f3d751973b0427e7621.png

  • Click Add Connection to create a new connection.

clipboard_e65904203d1976184d1c9a99a3550237d.png

  • Provide an appropriate description for the connection and set the Connection Type to SMTP (Microsoft 365).

clipboard_e20aa0264b8c646fd40f943ece2ea3d45.png

  • Enter the appropriate address in the Undeliverable Journal Address field.

Note: This must match the email address entered in Step 2 of the section Configuring a Journal Rule on Microsoft 365. If these do not match, Remote Journaling will not function. This email address will not be Journaled and is only used for error reporting.

  • Click Next.
  • Note the SMTP Address provided as it required for the configuration on Microsoft 365. This can be viewed again later by editing the connection.

clipboard_e68a5ad0bca7c9c146b49103485ba122f.png

  • Click Done.

 

Configuring An Outbound Connector On Microsoft 365

  • Open the Microsoft 365 Admin Center.
  • Click the Admin Centers icon on the left-hand sidebar and choose Exchange.

Screenshot 2023-12-22 at 11.15.46.png

  • In the Exchange Dashboard, under the mail flow heading, click connectors.

Screenshot 2023-12-22 at 11.10.45.png

  1. Click the sign to add a new connector.
  2. Select Microsoft 365 for the From dropdown menu and Partner Organization for the To menu.
  3. Click Next.
  4. Enter a descriptive Name (and optionally, Description) for the connector.
  5. Tick the checkbox Turn it on to turn on the connector when it is saved. You can also edit the connector and check the box at any time.
  6. Click Next.
  7. Select Only when email messages are sent to these domains, then click + and enter the fully qualified domain name of the mail server: *.earchive.cloud  will work.
  8. Click OK to return to the connectors screen.
  9. Click Next.
  10. Select Use the MX record associated with the partner’s domain.
  11. Click Next.

Leave the default settings for the How should Microsoft 365 connect to your partner organization’s email server? step and click Next.

The next screen will ask you to confirm your settings. Review these settings, click back should you need to make any corrections. Otherwise, click Next.

confirm_settings.jpg

In the Validate this Connector step, click and enter the following address: verification@us.earchive.cloud

Note: The above address should be used. However, this will often fail verification but has no impact on success of the connector going forward. If this step fails.  You can continue with setup and testing.

When prompted to validate the connection, click Validate and wait for the validation operation to finish.

  • Click Save.

Configuring A Journal Rule On Microsoft 365

This step assumes you are enabling journaling for all users.

  1. From the Admin Centers dashboard, click Compliance. Then go to the Data Lifecycle Management dropdown and select Exchange (Legacy).
  2. Go to Settings in the top right corner above the action icons, review your Undeliverable reports where it says Send undeliverable journal reports to:, click Select address, click Browse, and select an admin email account. This account will receive notification of non-deliverable journal reports.

Note: This must match the address set in Step 5 of the Archive Configuration above.

  1. In the Journal Rules tab, Click the + sign to create a new Journal Rule.
  2. In the Send journal reports to field, enter the SMTP address of the journaling mailbox (e.g. 5er123acd-5432-123aa0a1-d9348328b71@us.earchive.cloud)

This was provided in Step 7 of the Archive Configuration.

  1. Enter a descriptive Name for the rule (e.g. Journaling to Proofpoint Archive).
  2. From the Journal messages sent or received from, choose Everyone.
  3. From the Type of message to journal, choose All messages.
  4. Click Save.
  5. When prompted to confirm that you want the rule to apply to all messages, click Yes.Example:

Screenshot 2023-12-22 at 11.35.23.png

Confirm Data Is Being Archived Successfully

To confirm that data is now being archived successfully please make sure to login and search the Archive with a user that has Discovery User access to all Mailboxes.

Set Discovery User Access For User

  1. Login to the Spambrella Admin Console as an Organization Admin.
  2. Click the Archive tab.
  3. In the Archive UI, click on the Users icon.

clipboard_eb79c191269b9db3d6f62a83e5fe7ad27.png

  1. Search for the desired user and click on the Action > manage permissions
  2. Click Enable Discovery User .
  3. Select the All Mailboxes radio button.
  4. Click Save.

Further resources:

Configuring Office 365 for Spambrella

Getting Started with Email Archiving