Barracuda Message Archiver & Office 365 Exchange Online Service Account Configuration

The following script grant an Office 365 Exchange online service account necessary permissions on Exchange Server to enable the Barracuda Message Archiver access to all mailboxes.

# Office 365 Global Admin Credential
$password=ConvertTo-securestring "PASSWORD" -AsPlainText -Force
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username,$password
# $cred = Get-Credential

# Connect to Office 365
if (!(Get-Module -ListAvailable -Name MSOnline)){Install-Module MSOnline -Confirm:$false -Force;}
$O365Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $O365Session -AllowClobber

# Set permissions for Barracuda service account for all mailboxes on O365
Get-Mailbox -ResultSize unlimited | Add-MailboxPermission -User $serviceAccount -AccessRights fullaccess -InheritanceType all -Automapping $false

Note: as newly created accounts will not inherit the newly set permissions unless access grants are triggered, this script should be set to run as a scheduled task; in which case, the plain-text password credential method should be converted to XML creds (I have that snippet somewhere on this site) and saved to a local directory for subsequent execution.

Leave a Reply

Your email address will not be published. Required fields are marked *