Loading
Feature Disruption - Service Cloud VoiceRead More
Feature degradation | Gmail Email delivery failureRead More
Sales Productivity
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Set Up a Microsoft Exchange Service Account to Communicate with Lightning Sync

            You are here:

            1. Salesforce Help
            2. Docs
            3. Seller Productivity

            Set Up a Microsoft Exchange Service Account to Communicate with Lightning Sync

            To set up Lightning Sync using a service account, create an Exchange service account with impersonation rights for the mailbox of each Lightning Sync user.

            Required Editions

            Available to sync records from: Salesforce Classic, Lightning Experience, and the Salesforce mobile app
            Available to set up from: Salesforce Classic and Lightning Experience
            Available in: Professional, Enterprise, Performance, Unlimited, and Developer Editions with Sales Cloud, Service Cloud, and Lightning Platform
            User Permissions Needed
            To set up a service account to communicate with Lightning Sync: Administrative access to your company’s Exchange server
            Important
            Important

            Starting in Winter ‘21, Lightning Sync isn’t available to new Salesforce customers. Use Einstein Activity Capture to sync events, contacts, and emails between your connected account and Salesforce.

            If you have Lightning Sync, use the migration tool to move to Einstein Activity Capture before Lightning Sync retires in April 2027.

            If you use Lightning Sync with Microsoft Office 365 and Exchange Web Service (EWS) as your authentication method, complete your migration by August 2026 to avoid service disruption. In October 2026, Microsoft retires EWS for Microsoft 365 and replaces it with Microsoft Graph API. After migrating to Einstein Activity Capture, upgrade to the Microsoft Graph authentication method. See Upgrade Microsoft Office 365 Authentication Method to Microsoft Graph in Einstein Activity Capture.

            This change affects all orgs except those using Government Cloud.

            Important
            Important Microsoft is retiring Basic Authentication for Exchange Online. When Microsoft blocks Basic Authentication in your Microsoft tenant, Lightning Sync can’t sync contacts and events for customers who have selected service account as their Lightning Sync connection method. See Lightning Sync Service Account Connection Method Availability for Customers on Microsoft Office 365.

            Before setting up an Exchange Service account, make sure you’ve enabled the appropriate Exchange server settings to set up Lightning Sync.

            To set up an Exchange service account, work with your Exchange admin to complete these steps on your Exchange server.

            Watch a Demo:

            Note
            Note For more support, visit Microsoft®’s support website, search for the keywords mentioned here, and follow the instructions intended for your Exchange version.
            1. Create an Exchange user with a mailbox that acts as the service account. You use this email address later to configure Exchange impersonation for the service account.
            2. Using Exchange Management Shell, enter the commands that enable service account impersonation for your version of Exchange. If you receive a pipeline error message, wait a few minutes and reenter the command to let your server process the requests.
              If you’re using Exchange 2019, 2016, or 2013, complete these extra steps.
              1. Enable the Active Directory extended permission for ms-Exch-EPI-Impersonation on all Client Access servers. 
                Get-ExchangeServer | where {$_IsClientAccessServer -eq $TRUE} | ForEach-Object {Add-ADPermission -Identity $_.distinguishedname -User (Get-User -Identity <EnterExchangeSyncServiceAccountEmailAddress> | select-object).identity -extendedRight ms-Exch-EPI-Impersonation}
              2. Enable the Active Directory extended rights for ms-Exch-EPI-May-Impersonate to let your service account impersonate all accounts on your Exchange server. Set a filter later that lets you limit the users the service account syncs with Salesforce. 
                Get-MailboxDatabase | ForEach-Object {Add-ADPermission -Identity $_.distinguishedname -User <EnterExchangeSyncServiceAccountAddress> -ExtendedRights ms-Exch-EPI-May-Impersonate}
            3. Using Exchange Management Shell, enter these commands to configure your service account to impersonate the group of users who you want to sync with Lightning Sync.
              1. Create a management scope to define a filter that groups the Exchange users who sync with Lightning Sync. For example, if you want only sales reps to sync, and their Exchange mailboxes have the same value Sales for the filterable property Department, enter Department -eq 'Sales' in place of <ChooseRecipientFilter>. 
                New-ManagementScope -Name:<ChooseExchangeSyncScopeName> -RecipientRestrictionFilter:{<ChooseRecipientFilter>}
              2. Create a management role assignment that restricts the service account to impersonate only the users you defined in the management scope. 
                New-ManagementRoleAssignment -Name:<ChooseExchangeSyncRoleAssignmentName> -Role:ApplicationImpersonation -User:<EnterExchangeSyncServiceAccountAddress> -CustomRecipientWriteScope:<EnterExchangeSyncScopeName>
             
            Loading
            Salesforce Help | Article