MSExchangeGuru.com

Site mailbox feature was introduced with Exchange server 2013 release, which helps to facilitate the collaboration between SharePoint 2013 documents and Exchange emails which can be accessed using same client interface.

Site mailbox consist of SharePoint 2013 site, SharePoint 2013 site membership (owners and members), shared storage and a management interface that reports provisioning and lifespan requirements. As the site mailboxes tied with a corresponding SharePoint Site, the site members can drag and drop documents as well as email messages into the site mailbox’s Documents folder, which is placed within their Outlook client. Site members can also CC the Exchange 2013 site mailbox in order to record information, conversations and documents.

NOTE: To use Exchange 2013 site mailboxes, a company must have Outlook 2013, SharePoint 2013 and Exchange Server 2013 deployed.

Architecture of Site Mailboxes:

The Site mailboxes works as central storehouse for files, emails, documents and these can be accesses by the authorized members. In order to access these site mailboxes, Exchange Server 2013 and SharePoint 2013 must be deployed within the same Active Directory (AD) Forest.

• Mailboxes which access site mailboxes has to be placed on Exchange Server 2013
  
• Root Site Collection must be created on SharePoint
  
• All Sites linked to Site Mailboxes must be located on a SharePoint Server 2013. And each SharePoint Site may only be linked to a single Site Mailbox
  
• Exchange Web Services (EWS) Managed API must be installed on all SharePoint Server 2013 servers
  
• Outlook 2013 Professional PLUS must be installed on client computer
  
• Exchange Server to talk SharePoint: Exchange Server(s) must be granted rights on the SharePoint Server in order to communicate with Share point servers and configuration changes needs to be done for Exchange Server to support Site mailboxes.
  
• SharePoint to talk to Exchange Server: A partner Application needs to be configured on Exchange Server which contains the Auth Metadata information URL of the SharePoint server.
  
• A synchronization connection must be created on SharePoint to synchronize users and groups from AD into SharePoint
  

Functional Overview of Site Mailboxes:

When one project member files mail or documents using the Site Mailbox, any other project member can access the content from the Site Mailboxes located in their outlook client (Outlook 2013) as well as SharePoint Site.

NOTE: Site Mailboxes do not appear in Outlook Web App

 

        

• Exchange Server stores the email, providing users with the same message view for email conversations that they use every day for their own mailboxes. Meanwhile, SharePoint stores the documents, bringing document co-authoring and versioning to the table.
  
• Exchange Server synchronizes metadata from SharePoint to create the document view in Outlook (For example, document title, last modified date, last modified author, and size).
  
• Compliance policies are applied at the Site Mailbox level which are transparent to users
  
• A SharePoint farm points to exactly one Exchange forest where the Site Mailboxes will be provisioned. Multiple SharePoint farm can point to the same exchange forest.
  

Integration and Validation:

Integrate with SharePoint and Lync:  Exchange 2013 offers greater integration with Microsoft SharePoint 2013 and Microsoft Lync 2013 through site mailboxes and In-Place eDiscovery. Together, these products offer a suite of features that make scenarios such as enterprise eDiscovery and collaboration using site mailboxes possible.

• Exchange 2013 integrates with SharePoint 2013 to allow users to collaborate more effectively by using site mailboxes.
  
• Lync Server 2013 can archive content in Exchange 2013 and use Exchange 2013 as a contact store.
  
• Discovery Managers can perform In-Place eDiscovery and Hold searches across SharePoint 2013, Exchange 2013, and Lync 2013 data.
  
• OAuth authentication allows partner applications to authenticate as a service or impersonate users where required.
  

OAuth is a standard authorization protocol used by Websites and Web services to allow clients to access resources provided by a resource server without providing username and password.

Access Control Service (ACS)

Within an on-premises deployment, Exchange Server 2013, SharePoint Server 2013 and Lync Server 2013 do not require an authorization server to issue tokens. Each of these applications issue self-signed tokens to access resources provided by other application.

Exchange Server 2013 Setup creates a self-signed certificate with the friendly name Microsoft Exchange Server Auth Certificate. The certificate is replicated to all front-end servers in the Exchange Server 2013 organization. The certificate’s thumbprint is specified in Exchange Server 2013’s authorization configuration, along with its service name, a well-known GUID that represents on-premises Exchange Server 2013. Exchange Server uses the authorization configuration to publish its auth metadata document.

When Exchange Server 2013 receives an access request from a partner application via EWS, it parses the www-authenticate header of the https request, which contains the access token signed by the calling server using its private key. The auth module validates the access token using the partner application configuration. It then grants access to resources based on the RBAC permissions granted to the application. If the access token is on behalf of a user, the Role-based Access Control (RBAC) permissions granted to the user are checked.

For example, if a user performs an eDiscovery search using the eDiscovery Center in SharePoint Server 2013, Exchange Server checks whether the user is a member of the Discovery Management role group or has the Mailbox Search role assigned and the mailboxes being searched are within the scope of the RBAC role assignment.

Few commands to work with Site mailboxes for IT Admin:

Site mailbox provisioning (get/set/new/remove)

Set-SiteMailboxProvisioningPolicy

Set-OrganizationConfig –SiteMailboxCreationURL

Set-MailboxDatabase –IsExcludedFromProvisioning:$true

New-SiteMailbox –DisplayName –SharePointUrl

Test Oauth

Test-SiteMailbox –SharePointUrl –UseAppTokenOnly

Test-SiteMailbox –SharePointUrl –RequestorIdentity

Get sync status

Get-SiteMailboxDiagnostics –BypassOwnerCheck

Update-SiteMailbox – BypassOwnerCheck

Link/unlink

Set-SiteMailbox -SharePointUrl $null

Set-SiteMailbox -SharePointUrl http://MSEXchangeGuru.Local/Siteno1

Remove site mailboxes that are marked for deletion

Get-Mailbox MDEL:* | Remove-Mailbox

Get-Mailbox MDEL:* | ?{$_.RecipientTypeDetails -eq “ExchangeTeam”} |
Remove-Mailbox -Confirm:$false

Ratish Nair

Microsoft MVP | Exchange Server

Team @MSExchangeGuru

Posted February 18th, 2015 under Exchange 2013. RSS 2.0 feed. Leave a response, or trackback.