Using Impersonation with Exchange & Office 365
Forensic Email Collector allows you to acquire end-user mailboxes using centralized credentials. This makes it possible to preserve emails from a large number of custodians in an organization without having to track each user down for authentication. FEC provides two options for Exchange / O365:
1. Delegation (you can read more about delegation here)
The following article from the MSDN archive summarizes the differences between delegation and impersonation:
Perhaps the most important distinction is that delegate access is configured at the mailbox level. That is, the centralized account is given 'full access' rights to the target mailboxes. If a new mailbox is created, it needs to be configured for delegate access.
On the other hand, impersonation is configured once by creating a service account and giving it the ApplicationImpersonation role as follows:
1. Visit the Exchange Admin Center
2. Create a new service account
3. Create a new role group
4. Add the ApplicationImpersonation role to the role group
5. Add the service account you created in #2 above to the new role group
When acquiring target mailboxes in FEC, you can activate impersonation as follows:
1. Enter the target email address (i.e., the email address of the end user).
2. On the connection settings page, enter the credentials of the service account.
3. Check the Use Impersonation checkbox. If you do not check the checkbox, FEC will use delegation instead.
4. If you plan to use OAuth authentication, check the Use OAuth 2.0 checkbox and authenticate as the service account.