Chat now with support
Chat with Support

Identity Manager 9.2 - Administration Guide for Connecting to Exchange Online

About this guide Managing Exchange Online environments Synchronizing an Exchange Online environment
Setting up Exchange Online synchronization Customizing the synchronization configuration Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Basic data for managing an Exchange Online environment Exchange Online organization configuration Exchange Online mailboxes Exchange Online mail users Exchange Online mail contacts Exchange Online mail-enabled distribution groups
Creating Exchange Online mail-enabled distribution groups Editing main data for Exchange Online mail-enabled distribution groups Main data for Exchange Online mail-enabled distribution groups Receive restrictions for Exchange Online mail-enabled distribution groups Customizing send permissions for Exchange Online mail-enabled distribution groups Specifying moderators for Exchange Online mail-enabled distribution groups Specifying Exchange Online mail-enabled distribution groups Assigning Exchange Online mail-enabled distribution groups to Exchange Online recipients Exchange Online mail-enabled distribution group inheritance based on categories Adding Exchange Online dynamic distribution groups to Exchange Online mail-enabled distribution groups Adding an Exchange Online dynamic distribution group to Exchange Online mail-enabled distribution groups Adding Exchange Online mail-enabled public folder to Exchange Online mail-enabled distribution groups Assigning extended properties to Exchange Online mail-enabled distribution groups Deleting Exchange Online mail-enabled distribution groups
Exchange Online Office 365 groups Exchange Online dynamic distribution groups Exchange Online mail-enabled public folders Reports about Exchange Online objects Configuration parameters for managing an Exchange Online environment Default project template for Exchange Online Editing Exchange Online system objects Exchange Online connector settings

Creating Exchange Online mail users

When you create a mail user, an Azure Active Directory user account is also created and linked to the mail user.

Azure Active Directory configuration settings are used for generating random passwords for new mail users, for sending login credentials, and for applying password policies. For more information, see the One Identity Manager Administration Guide for Connecting to Azure Active Directory.

NOTE: It is recommended to use account definitions to set up mail users for company identities.

  • In order to create mail users through account definitions, identities must have a central user account and obtain the IT operating data through assignment to a primary department, primary location, or a primary cost center.

  • Some of the main data of the mail users is mapped from identity main data using templates.

To create a mail user

  1. In the Manager, select the Azure Active Directory > Mail user category.

  2. Click in the result list.

  3. On the main data form, enter the main data for the mail user.

  4. Save the changes.

Related topics

Editing main data of Exchange Online mail users

To edit a mail user.

  1. In the Manager, select the Azure Active Directory > Mail users category.

  2. Select the mail user in the result list and run the Change main data task.

  3. Edit the mail user's main data.

  4. Save the changes.
Related topics

Main data for Exchange Online mail users

Table 17: Mail user main data
Property Description

Identity

Identity to use the mail user.

  • An identity is already entered if the mail user was generated by an account definition.

  • If you create the mail user manually, you can select an identity from the menu.

    The menu displays activated and deactivated identities by default. If you do not want to see any deactivated identities, set the QER | Person| HideDeactivatedIdentities configuration parameter.

NOTE: If you assign a deactivated identity to a mail user, the mail user might be locked or deleted depending on the configuration.

No link to an identity required

Specifies whether the mail user is intentionally not assigned an identity. The value is determined from the linked user account.

Not linked to an identity

Indicates why the No link to an identity required option is enabled for this mail user. The value is determined from the linked user account. Possible values:

  • By administrator: The option was set manually by the administrator.

  • By attestation: The user account was attested.

  • By exclusion criterion: The user account is not associated with an identity due to an exclusion criterion. For example, the user account is included in the exclude list for automatic identity assignment (configuration parameter PersonExcludeList).

Account definition

Account definition through which the mail user was created.

Use the account definition to automatically populate mail user main data and to specify a manage level for the mail user. One Identity Manager finds the IT operating data of the assigned identity and uses it to populate the corresponding fields in the mail user.

NOTE: The account definition cannot be changed once the mail user has been saved.

Manage level

Manage level with which the mail user is created. Select a manage level from the menu. You can only specify the manage level can if you have also entered an account definition. All manage levels of the selected account definition are available in the menu.

Azure Active Directory tenant

The Azure Active Directory tenant’s name.

Azure Active Directory user account

Azure Active Directory user account that uses this mail user.

First name

The user’s first name. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Last name

The user’s last name. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Initials

The user’s initials. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Name

The mail user’s identifier.

Display name

Name as used in the address book.

Alias

Unique alias for further identification of the mail user.

User ID

User ID that user uses to log in.

Example:

<alias>@<domain.com>
<user>@yourorganization.onmicrosoft.com

Password

Login password. The identity’s central password can be mapped to the mail user's password. For more information about an identity’s central password, see One Identity Manager Identity Management Base Module Administration Guide.

NOTE: One Identity Manager password policies are taken into account when a user password is being verified. Ensure that the password policy does not violate the target system's requirements.

Azure Active Directory configuration settings are used for generating random passwords for new mail users, for sending login credentials, and for applying password policies. For more information, see the One Identity Manager Administration Guide for Connecting to Azure Active Directory.

Confirmation

Reconfirm password.

Proxy addresses

Other email addresses for the mail user. Use the following syntax to set up other proxy addresses:

Address type: new email address

Recipient type (detail)

Type of mail user. You can select either Mail users or Guest mail users.

External email address Email address for forwarding messages.

Destination address type

Address type of the email address. Permitted value is SMTP.

Do not display in address list

Specifies whether the mail user is visible in address books. Set this option if you want to prevent the mail user from being displayed in address books. This option applies to all address books.

Risk index (calculated)

Maximum risk index value of all assigned groups. The property is only visible if the QER | CalculateRiskIndex configuration parameter is set. For more information, see the One Identity Manager Risk Assessment Administration Guide.

Category

Categories the mail user uses to inherit groups. Groups can be selectively inherited by mail users. To do this, the groups and mail users are divided into categories. Select one or more categories from the menu.

Groups can be inherited

Specifies whether the mail user can inherit groups through the identity. If the option is set, the mail user inherits groups through hierarchical roles, in which the identity is a member, or through IT Shop requests.

  • If you add an identity with a user accounts to, for example, a department and you have assigned groups to this department, the mail user inherits these groups.

  • If an identity has requested group membership in the IT Shop and the request is granted approval, the identity's mail user only inherits the group if the option is set.

Simple display

Simple display name for systems that cannot interpret all the characters of normal display names.

Phonetic display name

Display name in phonetic letters. It is used if the pronunciation and spelling of the name do not match. For example, the display name is used to sort recipients in the hierarchical address book if no sort order is given. They are sorted in ascending order from A to Z.

If no phonetic name is given, they are sorted by the display name.

Sort order

Specifies the order in which to display recipients in the hierarchical address book. The larger the value, the higher the ranking in the sort order.

If no order is given or more than one entries have the same sort order, recipients are sorted by their phonetic display name.

Message format

Format for messages that are sent to mail u. Permitted values are MIME (default) and Text.

Message body format

Format for body text of messages that are sent to mail users. Options are Text, HTML and TextAndHtml. The permitted values depend on the selected message format.

  • If the MIME message formation is fixed, the format of the body text can be Text, HTML and TextAndHtml (default).

  • If the message format is Text, the format of the body text can be Text.

Attachment format The Apple Macintosh operating system's attachment format for messages that are sent to mail users. Options are BinHex (default), UuEncode, AppleSingle, and AppleDouble.
Use preferred message format Specifies whether message format settings configured for the recipient are overwritten by the global settings.

Use MAPI-RTF

Specifies whether the mail user can receive messages in MAPI format. Available options are Never, Always, and Use default settings.

Sender authentication required

Specifies whether authentication data is requested from senders. Set this option to prevent anonymous senders mailing the mail user.

Moderation enabled

Specifies whether the mail user is moderated. Use the Assign moderators task to specify the moderators. Then enable the option.

Sending message

Specifies how senders are notified when they send messages to moderated mail users. Permitted values are:

  • Do not notify: The sender is not notified.

  • Only notify senders in your exchange organization: Only internal senders receive a notification.

  • Notify all senders: Internal and external senders receive notification.

Street

Street or road. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

City

City. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level. Locations can be automatically generated and identities assigned based on the town.

Mailbox

Mailbox. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

State

State. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Zip code

Zip code. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Country or region

The country ID.

Office

Office address.

Business phone

Business telephone numbers. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Additional phone numbers Other business telephone numbers.

Fax

Fax number. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Additional fax numbers

Additional fax numbers.

Home phone Private telephone number.

Additional private numbers

Additional telephone numbers.

Mobile phone

Mobile number. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Mobile phone

Mobile phone number.

Website.

The user's website.

Notes

More information about the user.

Item

The user's job title.

Department

Department. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Company

Company. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Manager

Manager responsible for the mail user.

To specify a manager

  1. Click next to the field.
  2. In the Table menu, select the table that maps the account manager.
  3. In the Account manager menu, select the manager.
  4. Click OK.

Assistant

Name of the mail contact's assistant.

Related topics

Receive restrictions for Exchange Online mail users

NOTE: The Assign mail acceptance and Assign mail rejection assignments are mutually exclusive. You can specify whether to accept or deny the recipient's message.

To customize mail acceptance for a mail user

  1. In the Manager, select the Azure Active Directory > Mail user category.

  2. Select the mail user in the result list.

  3. Select the Assign mail acceptance task to specify recipients whose messages are accepted.

    - OR -

    Select the Assign mail rejection task to specify recipients whose messages are rejected.

  4. Select the table containing the recipient from the menu at the top of the form. You have the following options:

    • Mail-enabled distribution groups

    • Dynamic distribution groups

    • Mailboxes

    • Mail users

    • Mail contacts

    • Office 365 groups

  5. In the Add assignments pane, assign recipients.

    TIP: In the Remove assignments pane, you can remove assigned recipients.

    To remove an assignment

    • Select the recipient and double-click .

  6. Save the changes.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating