For the AirWatch server to start issuing the PowerShell commands, you must set up a PowerShell Admin User account on Office 365 or the Exchange Server. This user account is a service account that must also have specific roles associated to it for AirWatch to operate.
Create an Office 365 Service Account
You must create the service account to associate with the service account all your user mailbox accounts that require protection.
To create user mailboxes in Exchange 2016, refer https://technet.microsoft.com/en-us/library/jj991919(v=exchg.160).aspx.
To create user mailboxes in Exchange 2013, refer https://technet.microsoft.com/en-IN/library/jj991919(v=exchg.150).aspx.
To create a service account in Office 365:
- Log in to your Office 365 as an administrator.
- Navigate to Office 365 admin center > USERS > Active Users.
- To add a new user, select the " +" icon. The create new user account page appears.
- On the create new user account page:
- Enter the first name, last name, display name, user name, and your email domain.
- Select Type password and enter the password for the service account.
- Deselect the Make this person change their password the next time they sign in check box.
- Enter the email address of the recipient to whom the password must be sent. Select Create.
- Select Close.
An Office 365 license is assigned to the service account. The service account does not require an Office 365 license to be assigned to it. You can remove the assigned license by editing the license.
- Select your service account from the Active users list.
- Select Edit next to the Assigned License. The Assigned License page appears.
- Deselect the check box for the assigned license. Select Save.
Assign Roles to the Office 365 Service Account
After you create a service account, use the Exchange Admin Center to create specialized roles for the service account. These roles provide AirWatch all the permissions required to operate.
You can also create custom roles for Exchange 2013 and Exchange 2016 service accounts using the Exchange Admin Center.
To assign roles to the service account:
- Navigate to Exchange Admin Center > Permissions> admin roles.
- To create a new role group, select the " +" icon. The new role group page appears.
- Enter the details.
Settings Descriptions Name Enter the name for the role. Description Enter the description for the role. Write Scope Select Default from the drop-down menu. Roles Add Mail recipients, Organization Client Access, and Recipient Policiesas the roles.
- Save the settings.
If you are an AirWatch SaaS and an Office 365 user, your configuration is complete. The remaining steps are applicable for on-premise Exchange and AirWatch configurations.
Assign Roles to the Exchange 2010 Service Account
For Exchange 2010, you can set up a PowerShell Admin User on Exchange Management Console through the Administration tab. Use permissions that can set up the PowerShell Admin user roles.
To configure the PowerShell admin user on Exchange console:
- Navigate to Toolbox and access the Role Based Access Control User Editor in the Exchange Management Console.
- Once the Internet browser opens, enter in the credentials (domain or user and password) of the Exchange administrator with relevant permissions. Signing in as the Exchange administrator creates a test role group and the roles associated to this group.
- Select New to create a new role group.
- Add the relevant roles; Mail Recipients, Organization Client Access, and Recipient Policies. Then, select Save to create a new role group specific to AirWatch PowerShell Integration.