Step 1 - Set Up Essentials for Office 365

Similar documents
Step 1 - Set Up Essentials for Office 365

Essentials Wizard Help - Configure Office 365

How to Configure Impersonation for OneDrive for Business Data Sources

How to Configure Office 365 for Inbound and Outbound Mail

Step 4 - Choose Your Deployment

To create a few test accounts during the evaluation period, use the Manually Add Users steps.

Step 2 - Deploy Advanced Security for Exchange Server

Office 365 Journaling

Office 365 Standalone Security

Configuring an IMAP4 or POP3 Journal Account for Microsoft Exchange Server 2003

Step 3 - Deploy Compliance Edition for Exchange 2013 and Newer

Using Trustwave SEG Cloud with Cloud-Based Solutions

Using Trustwave SEG Cloud with Exchange Online

How to Install and Configure the Barracuda Outlook Add-In

Step 3 - Deploy Advanced Security and Compliance for Exchange Server

How to Journal to the Cloud Archiving Service from Microsoft Exchange Server 2007 and 2010

Envelope Journaling for Microsoft Exchange 2003 Version 1.0

Workspace ONE UEM Notification Service. VMware Workspace ONE UEM 1811

Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.

Enterprise Vault.cloud Journaling Guide

StorageCraft Cloud Backup

Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.

How to Install and Configure the Barracuda Outlook Add-In

Microsoft Exchange Server 2016

Integrate Microsoft Office 365. EventTracker v8.x and above

GLBA Compliance. with O365 Manager Plus.

Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.

Migrating from IBM Lotus Domino to Zimbra Collaboration Suite

Vision deliver a fast, easy to deploy and operate, economical solution that can provide high availability solution for exchange server

AvePoint Online Services 2

SafeConsole On-Prem Install Guide. version DataLocker Inc. July, SafeConsole. Reference for SafeConsole OnPrem

HIPAA Compliance. with O365 Manager Plus.

Barracuda NextGen Report Creator

Configuring an IMAP or POP3 Journal Account for Microsoft Exchange Server 2007 and 2010

Mail Assure. Quick Start Guide

RoomWizard Exchange Connector. Complete Implementation/Upgrade Guide Microsoft Exchange On-Premises Microsoft Office 365

Barracuda Security Service User Guide

User Manual. ARK for Exchange Server (ARKES)

Vyapin Office 365 Management Suite

FISMA Compliance. with O365 Manager Plus.

Configuration Guide. BlackBerry UEM Cloud

Office 365 Inbound and Outbound SMX configuration. 4 th January 2018

Microsoft Exchange 2016 Quiz [Solved]

Enterprise Vault Setting up Exchange Server and Office 365 for SMTP Archiving and later

Getting Started Guide moduscloud

Course CLD209.1x Microsoft Exchange Server 2016 Hybrid Topologies

Setting up Microsoft Office 365

Enterprise Vault Setting up Exchange Server and Office 365 for SMTP Archiving and later

Important Information

Welcome to ContentCatcher 3.0! If this is your first time using ContentCatcher 3.0, here s a great way to start. We ll walk you through the essential

How to configure Sophos for all other clients

Contents. Limitations. Prerequisites. Configuration

Veritas Enterprise Vault Setting up SharePoint Server Archiving 12.2

RED IM Integration with Bomgar Privileged Access

Installation Manual. Fleet Maintenance Software. Version 6.4

Workshare Protect Server 3.9 on Microsoft Azure. Admin Guide

ADMINISTRATOR GUIDE. Find out how to configure GFI OneConnect in different environments, and learn how to set up advanced features.

Partner Integration Portal (PIP) Installation Guide

Amazon AppStream 2.0: SOLIDWORKS Deployment Guide

COURSE A ADMINISTERING EXCHANGE SERVER 2016

kalmstrom.com Business Solutions

EMC SourceOne Management Pack for Microsoft System Center Operations Manager

WatchGuard XTMv Setup Guide Fireware XTM v11.8

SafeConsole On-Prem Install Guide

How to Configure Envelope (SMTP) Journaling for Microsoft Exchange Server 2013 and Newer Standard Journaling

BUSINESS CLOUD FAX By Northland Communications

Important Information

Automation Anywhere Enterprise 10 LTS

Azure Security and Compliance Practical Exercises

Configuring the SMA 500v Virtual Appliance

Mail Assure. User Guide - Admin, Domain and Level

SIEM Tool Plugin Installation and Administration

Link Platform Manual. Version 5.0 Release Jan 2017

StoragePoint Advanced Installation Guide

Ontrack PowerControls for Microsoft Exchange Server ReadMe

You can find more information about the service at

scconnect v1.x ADMINISTRATION, INSTALLATION, AND USER GUIDE

LifeSize Control Installation Guide

Upgrading Good Messaging and Good Mobile Control

Administering Microsoft Exchange Server 2016

INTEGRATION TO MICROSOFT EXCHANGE Installation Guide

CA Service Desk Integration with Remote Support

BMC FootPrints 12 Integration with Remote Support

GSX 365 Usage Usage & Compliance Reporting Collect, Analyze & Anticipate

KYOCERA Net Admin User Guide

Mail Assure Quick Start Guide

Azure for On-Premises Administrators Practice Exercises

Configuring, Managing and Troubleshooting Microsoft Exchange Server 2010

Testing and Restoring the Nasuni Filer in a Disaster Recovery Scenario

Microsoft Windows SharePoint Services

Oracle Cloud. Using Oracle Eloqua Adapter Release E

WatchGuard XTMv Setup Guide

Appliance Installation Guide

Mission Guide: Dropbox

Migrate Data from Cisco Secure ACS to Cisco ISE

External Data Connector for SharePoint

One Identity Active Roles 7.2. Azure AD and Office 365 Management Administrator Guide

LDAP Configuration Guide

Archiving Service. Exchange server setup (2013) AT&T Secure Gateway Service

Enabling the Bullhorn and Calendar Integration with Google Apps

Transcription:

The standalone Office 365 Standalone Email Security option is available for purchase only through the Barracuda Self-Service Gateway or Barracuda MSP. This article assumes you are deploying Barracuda Services for the first time. If you previously deployed Barracuda Cloud-to-Cloud Backup, Barracuda Email Security Service, or the Barracuda Cloud Archiving Service and want to migrate to Barracuda Essentials for Office 365, contact your Barracuda Networks sales representative. Ensure Connectivity and Redundancy Open your firewall ports to allow the IP address ranges for LDAP connectivity based on your Barracuda Email Security Service instance; see Barracuda Email Security Service IP Ranges. (Optional) Configure Office 365 to block inbound email not originating from Barracuda Email Security Service IP address range Important The Barracuda Email Security Service connects with your network from various IP addresses, including performing LDAP lookups. To ensure that the service can connect with your network, allow traffic originating from the range of network addresses based on your Barracuda Email Security Service instance; see Barracuda Email Security Service IP Ranges. Select Your Plan Determine the plan that best suits your organization's needs. The available options are built on the following components: Barracuda Email Security Security service protecting both inbound and outbound email against the latest spam, viruses, worms, phishing and denial of service attacks. Advanced Threat Protection Protects against advanced malware, zero-day exploits, and targeted attacks. Barracuda Cloud Archiving Service Journal mail directly from Office 365 to the Barracuda Cloud to optimize email storage, meet regulatory compliance and e-discovery requirements, and provide anytime/anywhere access to old emails. Barracuda Cloud-to-Cloud Backup Protects Exchange Online, OneDrive for Business, and SharePoint Online data by backing it up directly to Barracuda Cloud Storage. For Exchange Online, Barracuda Cloudto-Cloud Backup protects all email messages, including all attachments, as well as the complete folder structure of each user's mailbox. In OneDrive for Business, all files under the Documents Library, including the entire folder structure, are protected. Easily locate and restore folders, individual items, or entire mailboxes. Barracuda Cloud-to-Cloud Backup provides complete protection of SharePoint Online. With item-level recovery options, items can be restored directly into SharePoint Online from the backups of Document Libraries, Site Page Libraries, and Picture Libraries in Team Site, Publishing Site, and Wiki Site. Table 1. Plan Options. Complete Edition Compliance Edition Security Edition Standalone Email Security 1 / 20

Barracuda Email Security Service Advanced Threat Protection Barracuda Cloud Archiving Service Barracuda Cloud-to-Cloud Backup Step 1. Set Up Essentials To complete the setup you must have a Barracuda Cloud Control account. If you do not already have an account, go to https://login.barracudanetworks.com/ and click Create a User. Enter your name, email address, and company name, and specify whether this is a partner account. Click Create User; for partners, be sure to read Adding a Managed Customer Account. Follow the instructions emailed to the entered email account to create your Barracuda Cloud Control account. See Password Complexity Policies before setting up your password. 1. 3. 4. Go to https://login.barracudanetworks.com and log in with your Barracuda Cloud Control credentials. Open a new browser window, go to https://www.barracuda.com/products/essentials, click Buy Now, and in the Purchase Essentials dialog, click Office 365. In the Plan Details page, the selected plan displays; click the drop-down menu if you want to select a different option. Enter the Number of users, and select the Subscription Type. Verify your order summary in the right pane, and click Continue. If you are not signed into Barracuda Cloud Control, click Sign in in the right pane. If you do not have a Barracuda Cloud Control account, use the left pane to create and sign in to your account. 5. 7. 8. The Barracuda Account page displays your Barracuda Cloud Control account information. If you want to sign in using a different account, click Sign out and use a different account. Select from the following Client Account options: 1. Add this service to an existing Barracuda account Select the desired Account from the drop-down menu, and select your location from the Location of Use drop-down menu Create a new Barracuda account for this service Enter the new account details. Click Continue. In the Billing Details (Optional) page, enter your billing information to purchase the service, or leave the Billing Information section blank to start a free 14-day evaluation. Click Continue. 9. Once the setup process is complete, click Finish. The setup page displays in Barracuda Cloud Control and your 14-day trial begins immediately. 10. Click Set up to get started. Step Launch Essentials Wizard To complete this section, verify you have the following: Office 365 admin credentials Credentials to run a PowerShell script or terminal to manually execute PowerShell scripts 2 / 20

For more information, see Essentials Wizard Help - Getting Started. Getting Started Page When you launch the Essentials wizard, the Getting Started page displays. Click Continue. Link Office 365 Account Page 1. The Link Office 365 Account page displays. Use this page to connect Essentials to your Office 365 account. Click Authorize; the Office 365 login screen displays. Enter your Office 365 admin credentials, and click Sign in. In the Office 365 permissions page, click Accept to connect Essentials to your Office 365 account. Route Outbound Email Page 1. The Route Outbound Email page displays. Use this page to create outbound email connectors for domains on your Office 365 account. By default, Route outbound email for all domains through Barracuda Essentials is selected and a list of all domains that will be configured displays. Click Continue; the wizard verifies your domains and replaces your current MX records with the Barracuda Email Security Service Primary and Backup MX records. If you only want to route inbound mail through the Barracuda Email Security Service and not your outbound mail, clear Route outbound email for all domains through Barracuda Essentials. Click Continue. Configure Office 365 Page The Configure Office 365 page displays. Use this page to configure and set up your services. Select from the following options: Allow Barracuda to configure connectors and permissions (recommended) Select to automatically configure permissions via PowerShell. 1. When prompted, log in using your Office 365 admin credentials, and click OK. If your Office 365 account requires multi-factor authentication (MFA), Barracuda cannot automatically run the PowerShell script. Once configuration is complete and your Office 365 account authorizes the connection, the Configuration Summary displays. Click OK. 3. Continue with Step 2 - Complete Service Configuration. Download and run the Windows PowerShell script Select to download and run the PowerShell script from your local system. 1. Download the Microsoft tools using the provided links. 3 / 20

3. 4. Download and run the PowerShell script. When prompted, enter your Office 365 admin credentials. Once authorized, click Finish. The Essentials page displays in Barracuda Cloud Control. Continue to Step 2 - Complete Service Configuration. Option 3. Manually configure connectors and permissions Select to manually configure connectors and permissions. Barracuda Email Security Service Manually configure connectors and permissions... 1. 3. 4. In Barracuda Cloud Control, click Barracuda Email Security Service in the left pane, click Domains, and click Add Domain. In the dialog box, enter the primary Office 365 Domain Name you want to filter, for example: corpdomain.com Enter the Mail Server hostname (FQDN) or IP address for the domain entered in the previous step, for example: corpdomain-com.mail.protection.outlook.com Click Add. 5. Click Verify in the Mail Servers column; the Domains >Domain settings page displays. Select the manner in which to verify the domain ownership: MX Records Replace your current MX records with the Barracuda Email Security Service MX records displayed on the verify page. CNAME Records Validate your domain by adding a CNAME record. Email to the domain's technical contact Send a verification email to the technical contact email address listed on your domain's WHOIS entry. This verification option is not available if the Barracuda Email Security Service cannot find your domain's WHOIS entry. If there is not a technical contact, then only the MX Records, CNAME, andemail to the Postmasteroptions displays on this page. Email to the postmaster Send a verification email to the postmaster email address for your domain. The confirmation email will include a link that the recipient can click to verify the domain. This option is available if the Barracuda Email Security Service can find your postmaster in your domain s WHOIS records. This method sends a verification email to the postmaster email address for your domain. The confirmation email includes a link that the recipient must click to verify the domain. 6. On the Domains page, click Edit in the Settings column; the Domains > Domain Settings page displays where you can complete the configuration. Barracuda Cloud Archiving Service Manually configure connectors and permissions... 4 / 20

Option 1. Configure Journaling from the Web Interface Click to configure journaling from web interface... 1. 3. Go to the Mail Sources > SMTP Journaling page. Go to Journaling Setup Scripts > Office 365 Setup Script, and click Run Script. Follow the onscreen prompts to configure Office 365 to journal mail to the Barracuda Cloud Archiving Service. Option Configure Journaling via Script Click to configure journaling via script... 1. 3. Go to the Mail Sources >SMTP Journaling page. In the Journaling Setup Scripts section, click Download to save the PowerShell script to your local system, or click Show Script to copy the script to your clipboard. Open Windows PowerShell, and run the script to configure Office 365 to journal mail to the Barracuda Cloud Archiving Service. Option 3. Manually Configure Journaling Click to manually configure journaling... Add a Remote Domain and Connector 1. 3. Log in to Office 365 Exchange admin center. Select mail flow > remote domains. Click the + symbol. In the new remote domain, complete the following: 1. Name Type Barracuda Cloud Archiving Service Remote Domain Enter your region-specific MAS hostname, for example, type: mas.barracudanetworks.com For a list of region-specific MAS hostnames, see Data Centers by Region. 3. Out of Office automatic reply types Select None 4. Automatic replies Select Allow automatic forwarding 5. Message reporting Clear all options 6. Use rich-text format Select Never 7. Supported Character Set Set both options to None 5 / 20

4. Click Save. 5. Click Mail flow > connectors, and click the + symbol. 6. The Select your mail flow scenario page displays. 7. From thefromdrop-down menu, select Office 365, and from thetodrop-down menu, selectpartner organization: 6 / 20

8. Enter a Name and (optional) Description to identify the connector: 7 / 20

9. Click Next. Select Only when email messages are sent to these domains, click the + symbol, and in theadd domainfield, type your region-specific MAS hostname, for example: mas.barracudanetworks.com 10. Click OK: 8 / 20

11. Click Next. Select Use the MX record associated with the partner's domain: 1 Select Always use Transport Layer Security (TLS) to secure the connection (recommended) > 9 / 20

Any digital certificate, including self-signed certificates: 13. Click Next. In the confirmation page, verify your settings: 10 / 20

14. Click Next. Office 365 runs a test to verify your settings. 15. Go to the Mail Sources > SMTP Journaling page in the Barracuda Cloud Archiving Service, and copy the email address from the SMTP Journaling Info section, for example: bma_mycompany@mas.barracudanetworks.com 16. In Office 365, paste this email address into the provided field in the Verification page, and click Validate. Note that the sending email portion of the verification may fail depending on your Office 365 configuration. This is not a concern as long as it passes the connectivity test. 17. Once the verification is complete, your mail flow settings are added.. Create a Non-Delivery Report Recipient Before creating journal rules, specify a journal recipient for non-delivery reports (NDRs) to reduce the risk of losing journal reports: 1. 3. Log in to your Office 365 Exchange admin center. Select compliance management > journal rules. If an NDR email recipient is not already specified, click Select address to the right of Send undeliverable journal reports to field: 4. Browse to and select a recipient from the address book. 5. You can search for a recipient by typing all or part of a display name, and then clicking the Search icon, or click on either the Display Name or E-Mail Address heading to sort the list. 11 / 20

6. Click OK once you select a recipient, and in the NDRs for undeliverable journal reports window, click Save. Best Practice Create a shared mailbox and use that mailbox for the NDR recipient. Configure Office 365 to Send Journal Mail 1. 3. Log in to Office 365 Exchange admin center. Select compliance management > journal rules. Click the + symbol; in the new journal rule dialog box, complete the following: 1. Send journal reports to Enter the journaling address from the Mail Sources > SMTP page in the Barracuda Cloud Archiving web interface. This is called the journaling mailbox. Name By default, the name of the journal rule is automatically generated from the journal recipients. If there are existing journal rules that contain the same journal recipients, numbers are automatically appended to the journal rule name to avoid duplicates. If you choose to override the automatically-generated name by typing in a custom name, verify the name is unique and descriptive. 3. If the message is sent to or received from Select Apply to all messages to journal all recipients. 4. Journal the following messages Select All messages to journal all messages regardless of source or destination: Because the journaling mailbox may contain sensitive information, it is recommended that you create organization-wide policies that govern who can access the journaling mailboxes in your organization. 4. Click Save. The rule is added toe journal rules table. Once you complete the configuration, mail begins forwarding to the Barracuda Cloud Archiving Service. Log in to the web interface as the administrator, and go to the Basic > Dashboard page. Processed mail displays in the Message Statistics table. Statistics are cached and may take up to 30 minutes to appear. 12 / 20

For additional configuration options and features, log in to the web interface, and click Help. Barracuda Cloud-to-Cloud Backup Manually configure permissions... Configure Impersonation for OneDrive for Business Click here to see more In order for Barracuda Cloud-to-Cloud Backup to access OneDrive user accounts for backup, you must create a new service account with administrative privileges, and then assign that account SharePoint Site Collection Administrator privileges. Step 1. Create a New Service Account 1. Log in to your Office 365 Management Panel using an account with administrative privileges, and click users and groups in the left pane. click the + symbol to create a new account. 3. In the details page, enter the details for the new service account, and click next. 4. In the settings page, select Yes to assign administrator permissions, and from the drop-down menu, select Global administrator. Optionally, you can add an alternate email address and location. Click next. 5. In the assign licenses page, make no changes. Click next. 6. In the send results in email page, click Create. The service account details are sent to the admin. 7. To activate the account, log in to your Office 365 Management Panel using the new service account, and update the password. Step Configure Permissions Use this step to configure permissions for current users. There are two options you can use to give the service account created in Step 1. Create a New Service Account access to user accounts: Option 1 Run a SharePoint Online Management Shell script to automatically apply the proper permissions to each user account; this is the preferred and fastest. If you have multiple users, this is also the easiest method. or Option 2 Manually configure each user account from within the Microsoft SharePoint Admin Center. If you have only a few users, this is the easiest method. Option 1. Configure Permissions Using a SharePoint Online Management Shell Script 1. Download and open the AdminRights.ps1 script using a text editor such as Notepad. Navigate to and edit the following four variables: 13 / 20

3. 4. 5. $o365login Replace with your Office 365 service account or administrator account username. $o365pw Replace with your Office 365 service account or administrator account password. $spadminurl Replace with the same URL used in your organization's OneDrive URL, but suffixed with -admin $spmyurl Replace with the same URL used in your organizations OneDrive URL, but suffixed with -my Save and close the script. Locate the SharePoint Online Management Shell installed in Step 1, then right-click and click Run as administrator. Change your working directory within the SharePoint Online Management Shell to the location where you saved the AdminRights.ps1 script: 6. Run the following command: Set-ExecutionPolicy Unrestricted 7. Run the following command to run the AdminRights.ps1 script:.\adminrights.ps1 14 / 20

8. 9. Press Enter to exit the script. Exit SharePoint Online Management Shell. You must complete the steps in Option 1 each time you add new users. Option Configure Permissions from the Microsoft SharePoint Admin Center 1. Log in to your Office 365 Management Panel using the service account created in Step 1. Create a New Service Account. In the left pane click Admin centers > SharePoint, and click user profiles. 3. Click Manage User Profiles: 15 / 20

4. In the Find profiles field, type the name of a user who's OneDrive for Business data is to be backed up, and then click Find: 5. Click the user's Account name, and then click Manage site collection owners: 6. The site collection owners dialog box displays. In the Site Collection Administrators field, add the service account with administrative privileges or another account with administrative privileges: Type the account name, and then click the Verify User ( ) icon, or Click the Directory ( ) icon, and navigate to and select the account from the directory: 7. 8. Click OK. The service account or administrative account added as the user's Site Collection Administrator can now view the user's entire OneDrive account. Repeat Steps 3 through 7 for each user who's OneDrive for Business data is to be backed up with Barracuda Cloud-to-Cloud Backup. Step 3. Set Up Impersonation Permissions Use these steps when adding all future users. 16 / 20

Complete the following steps to set up impersonation permission for the service account on all newly created OneDrive users: 1. 3. 4. 5. 6. Log in to your Office 365 Management Panel using the service account created in Step 1. Create a New Service Account. In the left pane click Admin centers > SharePoint, and click user profiles. In the My Site Settings section, Click Setup My Sites. In the My Site Secondary Admin section, click Enable My Site secondary admin. In the Secondary admin field, type the username of the newly created service account. Click OK. Configure Impersonation for Exchange Online Click here to see more In order for Barracuda Cloud-to-Cloud Backup to access user mailboxes for backup, you must create a new service account with administrative privileges and apply the impersonation role to that account. To configure impersonation within Exchange Online: Step 1. Create a New Service Account 1. Log in to your Office 365 Management Panel using an account with administrative privileges, and click users and groups in the left pane. Click the + symbol to create a new account. 3. In the details page, enter the details for the new service account, and click next. 4. In the settings page, select Yes to assign administrator permissions, and from the drop-down menu, select Global administrator. Optionally, you can add an alternate email address and location. Click next. 5. In the assign licenses page, make no changes. Click next. 6. In the send results in email page, click Create. The service account details are sent to the admin. 7. To activate the account, log in to your Office 365 Management Panel using the new service account, and update the password. Step Create Impersonation Role Option 1. Manually Set Up Impersonation Click here to see more 1. Log in to your Office 365 Management Panel using an account with administrative privileges, and go to permissions > admin roles. Click the + symbol. In the new role group dialog box, type BarracudaBackupImpersonation in both the Name and Description fields: 17 / 20

3. Scroll down to Roles, and click the + symbol. 4. From the list, select ApplicationImpersonation, and click add: 18 / 20

5. 6. 7. Click OK. Scroll down to Members, select the service account created in Step 1: Create a New Service Account, and click add. Click OK. Click Save to save your settings and close the Role Group window. The Impersonation role is now listed in Admin Roles. Option Set Up Impersonation via PowerShell Click here to see more Use the following steps to assign the ApplicationImpersonation role using PowerShell: 1. At the PowerShell command prompt, enter the following command: New-ManagementRoleAssignment name:impersonationassignmentname Role:ApplicationImpersonation User:serviceAccount Where: name is the friendly name of the role assignment. Each time you assign a role, an entry is made in the role-based access control (RBAC) roles list. You can verify role assignments by using the Get- ManagementRoleAssignment cmdlet found in the Microsoft Dev Center article How to: Configure impersonation. Role is the RBAC role to assign. When you set up impersonation, you assign the ApplicationImpersonation role. User is the service account. Press Enter. Continue with Step 2 - Complete Service Configuration 19 / 20

Figures 20 / 20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback