How do I Setup an Exchange Impersonation Service Account?

       Creating an Exchange Service Account using Impersonation

 

Step 1: Create the Service Account

 

Open the Exchange Admin Center and click on ‘recipients’ in the navigation panel. You should see something similar to the screenshot below.

Click the + and select the ‘User mailbox’ option to create the new service account.

Select the ‘New user’ option and complete the form below.

Once the form is completed click the ‘Save’ button and we’re on to Step 2.

 

Step 2: Configure Impersonation

 

Open the Exchange Admin Center and select the ‘permissions’ node as show in the screenshot below.

Click the + to add a new Role Group. Enter a value for Name and Description. Leave the ‘Write scope’ value set to ‘Default’.

Click the + under ‘Roles’ and add ‘ApplicationImpersonation’ as shown below. Click ‘OK’ once it has been added to the list.

Click the + under ‘Members’ and add the service account you created in Step 1. Click ‘OK’ once it has been added to the list.  Note that unless “all users” or the service account are added to the manged group, the configuration will fail.  This is because when you add a service account, it tests its ability to impersonate by testing against itself.

After completing the form click the ‘Save’ button and the new Role Group should be added to your list.