Configuring a service account

Service account on Microsoft Exchange impersonates other mailboxes when accessing exchange over various supported protocols. Following are the main steps for configuring service account.

• Setting up service accounts on Exchange server
• Configuring a service account on Exchange server

Setting up service accounts on Exchange server

For the purpose of Exchange Notification Proxy (ENP), Microsoft’s Exchange Web Services (EWS) protocol is used to access mailbox messages. For example service account is assigned to the following role:

ApplicationImpersonation

The EWS sends requests with the credentials of a single service account which includes an .XML key.

<soap:Header>

<t:RequestServerVersion Version="Exchange2013" />

<!-- The following causes the request to run as [email protected] -->

<t:ExchangeImpersonation>

<t:ConnectingSID>

<t:SmtpAddress>[email protected]</t:SmtpAddress>

</t:ConnectingSID>

</t:ExchangeImpersonation>

</soap:Header>

This allows a single account to access the mailbox of other accounts.

Configuring a service account on Microsoft Exchange server

Procedure 

1. In the Microsoft Exchange Management console, open a browser and type in URL. For example:
   https://<hostname>/ecp
   
2. Log in as an Admin, go to Mail > Options > Manage My Organization > Roles & Auditing> Mailboxes and create a new Role group.
3. Add the applicationImpersonation role to the group.
4. Add members to the group.
5. Click Save to finish.

For more information on configuring service account on Microsoft Exchange server, see Microsoft documentation.

A device authenticating to Ivanti EPMM with a certificate is also known as certificate-based authentication (CBA) to Ivanti EPMM.