Installation and Configuration of Intune-Exchange Connector

Posted on by

This blog will clearly explains how to leverage Microsoft Intune for any customers whose user’s mailboxes are purely in an On-Premises Exchange Server Environment. (Used Exchange 2016 and Windows Server 2016 to write this blog)

First, we need to make sure that the version of our on premises exchange server is supported for integration with Intune. For integration we will have to install and configure Intune-Exchange Connector which is also called as an Active Sync Connector.

This connector will help to connect the on premises exchange environment with Intune which is Microsoft cloud so that Admins can manage user’s mobile devices from Intune Portal

Pre-Requisites for Intune-Exchange Connector Installation;

  1. Intune-Exchange connector can be installed on any of the below servers not supported on any Server Core installation.
    1. Windows Server 2008 SP2 64-bit
    2. Windows Server 2008 R2
    3. Windows Server 2012
    4. Windows Server 2012 R2
    5. Windows Server 2016
  2. To Install this Intune Exchange connector we should have exchange 2010 SP1 or later but recommended is Exchange 2013 or later for better features and experience.
  3. Port 80 and 443 should be allowed by the Firewall. Internet access should be allowed.
  4. Intune standalone subscription (Conditional Access is not available in Intune Standalone plan) or Azure AD premium Subscription.
  5. The computer on which you install the connector requires a 1.6 GHz CPU with 2 GB of RAM and 10 GB of free disk space.
  6. Before you can use the connector to connect Intune to your Exchange Server, you must set up Active Directory Synchronization, so that your local users and security groups are synchronized with Cloud.
  7. A full installation of Microsoft .NET Framework 4.5 and Windows PowerShell 2.0 must be installed on the computer that hosts the connector in most of the cases they comes with server installation by default, Just validate it before proceeding.
  8. The computer on which you install the connector must be in a domain that has a trust relationship to the domain that hosts your Exchange Server.
  9. Also, this connector can be installed on any CAS servers but it is always recommended to have it on a dedicated server so that it would be easy to manage.
  10. Create a service account which will be used for this connector setup.
  11. Create a new exchange RBAC admin group with any name as per your convenience to recognise and make sure that the below roles are added and also newly created service account in the previous step should be added as the member of this group. In my case I created a group called WindowsIntuneExchangeConnectorGroupRole as shown below;
    1. ExchangeServersRole
    2. OrganizationClientAccessRole
    3. ReceipientPoliciesRole
    4. MailRecipientsRole

12. The user who performs all these steps should have admin privileges on that machine

13. Setup the Mobile Device Management Authority to Intune,

Log into Azure Portal>Choose All services > Intune>Mobile Device Management Authority setting>Under Mobile Device Management Authority, choose your MDM authority from the following options:

  • Intune MDM Authority
  • Configuration Manager MDM Authority
  • None
Screenshot of Intune set mobile device management authority screen

14. Please make sure that “Internet Explorer Enhanced Security Configuration” is Turned OFF under server manager as shown in the screen shot or else it will cause lot of issues to configure the connector.

INSTALLATION AND CONFIGUATION OF INTUNE EXCHANGE CONNECTOR

Downloaded the Exchange connector from the Azure Portal.

Microsoft Intune>>On-Premises>>Exchange ActiveSync Connectors>>Download the connector

Run the exe file as an Administrator

Click on NEXT

Click on INSTALL

Click on FINISH

Now Launch the Installed connector as an Administrator

Enter the details of the CAS server(FQDN of any CAS server), SVC account details which was created for this connector purpose and on the next page Enter global administrator credentials of Intune.

Once it is finished successfully then, below screen will pop up.

To see the installed connector, go to Microsoft Intune>>On-Premises>>Exchange ActiveSync Connectors

Now, there is a connectivity setup between Intune and On-Premises Exchange environment. User’s mobile devices can be controlled or managed through Microsoft Intune portal.