To add the ApplicationImpersonation role to the CES crawling identity in Exchange Online

1. Connect PowerShell to your Exchange Online organization (see Use Windows PowerShell in Exchange Online).

   Note:

   • Administrative rights are needed to run the New-ManagementRoleAssignment command.

   • Before running Import-PSSession $Session, you might need to run Set-ExecutionPolicy Unrestricted (see Using the Set-ExecutionPolicy Cmdlet).

   • More information on role addition (see Add a role to a user or USG).

2. In a PowerShell command-line connected to your Exchange Online organization, run the following command, where you replace CES_crawler@mycompany.com by the user identity used by your source: 

   PS> New-ManagementRoleAssignment -Role "ApplicationImpersonation" -User CES_crawler@mycompany.com

3. Validate the access to the Remote Archives on the Exchange Online server:

   1. Get the latest version of Microsoft EWSEditor.

   2. Create a new Exchange Service (File > New Exchange Service) using these parameters:

      Name	Value
      Autodiscover - Service URL	https://outlook.office365.com/EWS/Exchange.asmx
      Autodiscover - Exchange Version	Exchange2013
      Credentials - User Name	CES crawling identity in UPN/SMTP format
      Credentials - Password	Password of the CES crawling identity
      Impersonation - Id Type	SmtpAddress
      Impersonation - Id	SMTP address of one of the user with a Remote Archive to index

   3. Open the impersonated user archive (right-clicking Add Root Folder) using these parameters:

      Name	Value
      Well Known - Folder Name	ArchiveMsgFolderRoot
      Well Known - SMTP Address	SMTP address of the impersonated user

      Successful opening the impersonated user archive confirms that the CES crawling identity will be able to impersonate and access this Remote Archive.