How to Set Impersonation Mode for GAL or Public Folder Sync to User MailboxesApril 12, 2016
Who the heck is calling me NOW?April 28, 2016
To manage GAL and public folder contact sync for your entire Office 365 tenant, CiraSync needs both Global Admin permissions and the Application Impersonation role.
You can make a dedicated Azure/Office 365 account for this. If you are only using the GAL Sync feature, the account does not need to be a licensed user so this procedure won't incur any additional charges from Microsoft. If you are reading from a public folder, you wont be able to assign "reviewer" permissions to the service account unless it is mail enabled. We use "Exchange Online Kiosk" for this since it is the least expensive mail enabled account you can buy.
The benefits of making a dedicated Azure Account are as follows:
- If you use your own Office 365 credentials, you will need to change the password periodically. The dedicated account can have a super strong password and you can set it to never expire.
- As with any third party application accessing your tenant, it is convenient to give the exact permissions required to run the software.
- You can disable this account without affecting anything else
- It is self-documenting regarding the purpose of the account and you can delegate management to a coworker without revealing your own password.
If you are going to support 10 or more users with CiraSync, we recommend following these steps to set up this dedicated account and perform public folder contact sync for Office 365:
Launch the Office 365 Admin Center and choose Edit a User
Editing user in Office 365 Admin Center
Edit the user that will be used to setup CiraSync Enterprise Edition
User setting up CiraSync Enterprise Edition
Verify that this user is a Global Administrator. This is required.
Verifying Global Administrator
From the Admin Center, choose Exchange
Admin Center for CiraSync Enterprise Edition
From the permissions menu, choose Admin Roles
Admin Roles for CiraSync Enterprise Edition
Hit the plus symbol to add a new Admin Role
New Admin Role in CiraSync Enterprise Edition
Create a new admin role called App Impersonation
New admin Role for App Impersonation
- Click the plus symbol and select ApplicationImpersonation
- Click the plus symbol
- Add the CiraAdmin account (same one selected in step 2)
You are now ready to launch the CiraSync Enterprise Edition setup for your Office 365 tenant and public folder contact sync for Office 365!