1 person found this helpful
Hi Antal Augusteijn,
I'm pretty sure you/your team have already reviewed the connectorExchangeSE_AdministratorGuide.pdfv11.4.0.pdf
If not, here's the part that explains how to properly set up a technical user for the application impersonation on Exchange.
Synchronization with Exchange Online
connector SE uses Application Impersonation over EWS in order to access Exchange Server– therefore an ExchangeOnline Edition (e.g. Plan E1or Plan E3) is required, which includes this feature.See http://www.microsoft.com/en-us/office365/compare-plans.aspx for a comparison of the different plans (editions) of Exchange Online.
After creation of the impersonation account the role Application Impersonation can be granted to this user either via PowerShell18 or via GUI19. The URL of the Exchange Online Web Service is built like "https://" + <Server Name> + "/EWS/Exchange.asmx".You can see your <Server Name> when logging into Exchange Online using OWA in the options of your account.
Working with application impersonation in Exchange Online (http://msdn.microsoft.com/en-us/library/exchange/gg194012(v=exchg.140).aspx) for further details. See also http://exchws.wordpress.com/2011/12/13/activate-user-impersonation-in-office-365-for-exchange-online/
for further details.
In order to restrict the scope of the impersonation user to a group of users you can create a scope to which the impersonation role can be assigned and define the members of the scope. see also: Manage role groups in Exchange Online | Microsoft Docs