Prepare to run discovery on Exchange Online 365

Steps

  1. Create or identify an Exchange 365 account for Exchange discovery scanning.
  2. Grant the account one of the following roles to allow the Forcepoint DLP crawler to discover messages and display results:
    • Organization Management
    • View Only Organization Management

    The crawler account should now be able to access Exchange via Outlook Web App (OWA) and move between the mailboxes intended to be scanned during the discovery.

    Log onto OWA with this account, and try switching between mailboxes as shown below:

  3. Configure Exchange impersonation for the service account used for discovery:
    1. Open the Windows PowerShell as administrator.
    2. Enter the following command:
      $LiveCred = Get-Credential
    3. When prompted for credentials, enter the user name (email address) and password for the Exchange 365 account to be used for discovery.
    4. Enter the following command:

      $Session = New-PSSession -ConfigurationName

      Microsoft.Exchange -ConnectionUri https://

      ps.outlook.com/powershell/ -Credential $LiveCred -

      Authentication Basic –AllowRedirection

      Read and ignore any warnings that result.

    5. Enter the following commands:

      Import-PSSession $Session

      Set-ExecutionPolicy RemoteSigned

    6. When prompted to change the execution policy, respond Yes.
    7. Enter the following command:

      Enable-OrganizationCustomization

    8. Enter the following command:

      New-ManagementRoleAssignment –Name "Impersonation-

      Forcepoint" –Role "ApplicationImpersonation" –User

      user@mydomain.onmicrosoft.com

      Here, “Impersonation-Forcepoint” is the name of the administrator role being created for the Exchange 365 account and “user@mydomain” is the user name that will be used for the discovery task.

  4. To configure an Exchange discovery task:
    1. Log on to the Data Security module of the Forcepoint Security Manager.
    2. Go to the Main > Policy Management > Discovery Policies page, then click Add network task > Exchange Task.
    3. Complete the wizard as explained in the Forcepoint DLP Administrator Help. On the Exchange Servers page, enter the credentials set up above.
  5. Make sure that Integrated Windows authentication is turned on (default). If it is not:
    1. In the Exchange admin center, go to servers > virtual directories > EWS (Default Web Site).
    2. Select Integrated Windows authentication.
    3. Click Save.