-
Only Administrators with Protected Content permissions can perform mailbox recoveries.
-
Please thoroughly verify that all details of any intended recipient(s) of restored mailbox or mail items are correct.
- Mimecast bears no responsibility should the Administrator fail to send the recovered mailbox or mail items to the correct recipient.
This guide provides an overview of the Sync & Recover functionality available from the Mimecast Administration Console.
Introduction
Sync & Recover allows you to synchronize your users' mailbox folder structure, calendar content, and contacts from Exchange On-Premises or Microsoft 365 (Exchange) mailboxes with our archive. Once set up, synchronization starts automatically multiple times throughout the day. There is no exact synchronization timing, as each user's mailbox synchronization is balanced across that period. This prevents any undue server performance issues caused by everyone's mailbox being synchronized at once.
Once archived, a user's data is accessible to administrators with the appropriate permissions. They can:
- View the content.
- Browse and search folder structure.
- Export and restore the content (if this functionality is enabled on your account).
- Create a snapshot of a user's mailbox at a specific point in time, by configuring an existing sync task. This allows you to export or restore selected content, or download individual mailbox items from the snapshot. See the Sync & Recover - Creating Snapshots page for more information.
- While Sync & Recover is an administrator function, end users have access to archived email and familiar mailbox folder tree in one of the end-user applications.
- User contacts are only held for the duration stipulated by the retention period of the account. For example, if a contact is 14 years old from the date of creation and your retention period is 10 years it will be removed from the archive after 10 years. However, the metadata will be retained.
Prerequisites
- A Basic Administrator role in Mimecast.
- Global Administrator access in Microsoft 365.
- To manage a task's details, your logon must have permission to use the following menu items:
- Services | Exchange Sync & Recover
- Archive | Archive Search
See the Managing Administrator Roles page for further details.
Requirements
To use Sync & Recover:
- You must have a minimum of 58 days of retention available.
- If you wish to be able to view the contents of legacy messages in your users' mailboxes (e.g., those sent/received prior to archiving with us), then these must be archived with us. Speak to us if you have not yet ingested legacy data.
If you do not need to view the contents of legacy messages, you do not need to ingest legacy data, and you will see metadata only for them.
- Create a Connector.
Sync & Recover tasks need to be run against Active or Licensed mailboxes only. The tasks cannot be run against Alias or Proxy addresses.
Standalone Exchange Requirements
If you are using an on-premises Exchange Server deployment:
- Allow inbound HTTPS access from us to your organization's Exchange Web Services (/ews/exchange.asmx).
- Share your master mailbox's credentials with the Application Impersonation management role with us.
- Allow us to extract the folder tree and message metadata, by configuring impersonation rights to your organization's mailboxes. This requires you to provide us with the mailbox credentials of the user you wish us to use. See the Mimecast Synchronization Engine - Site Binding guide for your version of Exchange for full details.
Microsoft 365 Requirements
If you're using Microsoft 365, the following requirements apply. You must:
- Create a Connector to:
- Register Sync & Recover as a web application.
- Set up a secure trust relationship via OAuth 2.0
- Grant permissions to impersonate users over EWS.
- You will need to grant the following permissions, to complete setup:
MS Entra App Permission Common Name Application /Delegate Identifier Permission Description MS KB Permissions Reference full_access_as_app full_access_as_app 00000002-0000-0ff1-ce00-000000000000 Use Exchange Web Services (EWS) with full access to all mailboxes. N/A Domain.Read.All Read domains dbb9058a-0e50-45d7-ae91-66909b5d4664 Allows the app to read all domain properties without a signed-in user. Microsoft Graph permissions reference - Microsoft Graph | Microsoft Learn User.Read Sign in and read user profile e1fe6dd8-ba31-4d61-89e7-88639da4683d Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users. Microsoft Graph permissions reference - Microsoft Graph | Microsoft Learn
Migrating from the Mimecast Synchronization Engine
If you're synchronizing archive folders using the Mimecast Synchronization Engine (MSE), you can upgrade to this method without impacting your existing archive folder views, provided you follow the steps below.
The Connector being created in the following steps is for a pilot S&R group :
- Create a Connector. See the Managing Connectors page for further details.
- Create a new task with a test Sync & Recover group.
- Add some test users to the new test Sync & Recover group. These must not be users that are part of an MSE task group.
- Once you have completed testing and are ready to migrate:
-
- Create Sync & Recover tasks for each group.
- Disable the old Mimecast Synchronization Engine (MSE) tasks. See Mimecast Synchronization Engine - Exchange Tasks, Managing Exchange Tasks section.
If you don't disable your MSE tasks, you'll risk duplication or data loss in the Mimecast archive after you've started your Sync & Recover tasks, which cannot be reversed.
Comments
Please sign in to leave a comment.