How to Configure Impersonation to Deploy the Product via MS Graph Connection [Office 365]¶
[This article is work-in-progress]
Tip
See this article if your company uses an Office 365 mail server over Exchange Web Services instead of MS Graph. Or this article in case your company uses an MS Exchange On Premises mail server, or this article for Hybrid mail server deployment options
Note
Privacy and security of any data access and handling associated with this LinkPoint Connect(ME) deployment procedure are guaranteed by the applicable Connect(ME) policies
LinkPoint Connect(ME) can connect to MS Office 365 mail accounts over MS Graph, as a more contemporary and versatile alternative to Exchange Web Services. See this article for complete information on using MS Graph connection. Unlike other Impersonation deployment scenarios (see the links in the Tip above), this connection type does not require configuring an Impersonation service account.
For MS Graph connection type, a special Org-wide mass deployment procedure is used. Follow the instructions below to deploy the solution over MS Graph Impersonation.
The procedure consists of three steps¶
All configuration steps are performed in LPC Admin panel.
Step 1. Create an MS Graph Impersonation Org via LPC Admin panel or convert an existing Office 365 Org to this connection type [described in this article]
Step 2. Grant permissions consent by mail server Admin account [described in this article]
Step 3. Verify the Configuration [described in this article]
Step 1: Create an MS Graph Impersonation Org via LPC Admin panel or convert an existing Office 365 Org¶
1.1.
1.2.
1.3.
&nbs;
How to Switch an Org from EWS Connection to MS Graph Connection in Admin panel¶
Alternatively, in case LinkPoint Connect(ME) was deployed for your Org via Office 365 EWS impersonation and you want to switch it to MS Graph, this possibility is implemented via LPC Admin panel. To do that, follow the steps below:
1.
2.
3.
Step 2: Grant permissions consent by mail server Admin account¶
To authorize LinkPoint Connect(ME) access to end users’ mail data over MS Graph, the local mail server Admin should do the following:
2.1. Log in to LPC Admin panel with Admin credentials. You will see the default Org’s tab upon logging in
2.2. Open the subtab Email configuration
>>> Click to see a screenshot <<<
2.3. Click Microsoft 365 OAuth (Graph API)
>>> Click to see a screenshot <<<
2.4. A standard Office 365 OAuth window will appear. Select Microsoft 365 Admin’s account or enter the login credentials in the dialog. Don’t worry, this authorization will be used exclusively to grant the access permissions for MS Graph impersonated access
>>> Click to see a screenshot <<<
2.5. Next, you will see the Permissions authorization dialog
On LinkPoint Connect(ME) side, the set of permissions is individually configured for every Enterprise customer’s Org by our Support team. Each permission is required to provide a specific LinkPoint Connect(ME) function, so if some permissions are not granted the corresponding features become unavailable
>>> Click to see the full permissions list and a screenshot <<<
The complete list of permissions
Click Accept in the bottom right corner of the dialog to grant the permissions.
If everything went well, you will see a notification “Signed in successfully”, then will read Impersonation status: Authorized in the Email Configuration tab.
LPC access focusing to specific user accounts¶
In many configurations LPC mailbox data access granted over MS Graph Impersonation must be limited to a specific group of entitled users. That is accomplished using Blacklist and Whitelist settings.
Follow the steps below to perform that. Based on this Microsoft article.
1.
Step 3: Verify the Connectivity¶
3.1.
3.2.
3.3.
3.4.
We would love to hear from you