Enabling Impersonation in Microsoft Exchange Online
In an Exchange hybrid deployment, full access permission does not allow the CES crawling identity to access remote archives through Exchange Online Web Services (EWS). Only user impersonation can grant the CES crawling identity access to each user's remote archives. In an information system, impersonation is a mechanism that enables an application such as Coveo Enterprise Search (CES) to perform tasks on behalf of a user.
Consequently, in an Exchange hybrid deployment, when you want to index remote archives hosted on Exchange Online, you must enable impersonation for the CES crawling identity in your Exchange Online organization.
In Microsoft Exchange Online, the impersonation rights are granted to a user through the Exchange ApplicationImpersonation built-in management role.
To add the ApplicationImpersonation role to the CES crawling identity in Exchange Online
Connect PowerShell to your Exchange Online organization (see Use Windows PowerShell in Exchange Online).
In a PowerShell command-line connected to your Exchange Online organization, run the following command, where you replace CES_crawler@mycompany.com by the user identity used by your source:
PS> New-ManagementRoleAssignment -Role "ApplicationImpersonation" -User CES_crawler@mycompany.com
Validate the access to the Remote Archives on the Exchange Online server:
Get the latest version of Microsoft EWSEditor.
Create a new Exchange Service (File > New Exchange Service) using these parameters:
Name Value Autodiscover - Service URL https://outlook.office365.com/EWS/Exchange.asmx Autodiscover - Exchange Version Exchange2013 Credentials - User Name CES crawling identity in UPN/SMTP format Credentials - Password Password of the CES crawling identity Impersonation - Id Type SmtpAddress Impersonation - Id SMTP address of one of the user with a Remote Archive to index
Open the impersonated user archive (right-clicking Add Root Folder) using these parameters:
Name Value Well Known - Folder Name ArchiveMsgFolderRoot Well Known - SMTP Address SMTP address of the impersonated user
Successful opening the impersonated user archive confirms that the CES crawling identity will be able to impersonate and access this Remote Archive.