# Provisioning for Exchange Online ### Overview The Veza integration for Exchange Server enables email account creation for users during onboarding workflows. This integration requires the VezaProvisioner service to be installed on your Exchange Server before enabling in Veza. | Action Type | Description | Supported | | ---------------------- | ------------------------------------------------------ | --------- | | `CREATE_EMAIL` | Creates an email account for a user in Exchange Server | ✅ | | `SYNC_IDENTITIES` | Synchronizes identity attributes between systems | ❌ | | `MANAGE_RELATIONSHIPS` | Controls entitlements such as group memberships | ❌ | | `DEPROVISION_IDENTITY` | Safely removes or disables access for identities | ❌ | See [Supported Actions](#supported-actions) for details. ### Enabling provisioning #### Prerequisites 1. Administrative access in Veza to configure the integration 2. An existing [Exchange Server integration](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations/exchange-online) in Veza with at least one successful extraction 3. A service account with permissions to create and manage email accounts in Exchange Server 4. The VezaProvisioner service must be installed and configured on your Exchange Server — see [Infrastructure Setup](#infrastructure-setup) below #### Configuration Steps To enable the integration: 1. In Veza, go to the **Integrations** overview 2. Search for your Exchange Server integration 3. Complete the following configuration fields if not already set: | Field | Description | | ------------------------ | ------------------------------------------------------------- | | **Insight Point** | Select if using an Insight Point to access Exchange Server | | **Name** | Friendly name for the integration | | **Instance URL** | `https:///VezaProvisioner` | | **Username** | Domain username with required Exchange permissions | | **Password** | Password for the account | | **PowerShell Path** | Path to PowerShell.exe (from Infrastructure Setup step 1) | | **Remote Exchange Path** | Path to RemoteExchange.ps1 (from Infrastructure Setup step 1) | 4. Check the box to **Enable usage for Provisioning** 5. Save the configuration To verify the configuration: 1. Open **Lifecycle Management** > **Integrations** 2. Search for the integration and click to view details 3. In the **Properties** panel, verify **Lifecycle Management Enabled** is active #### Infrastructure Setup The VezaProvisioner service must be installed on your Exchange Server before the integration can create email accounts. Complete the following steps on the Exchange Server host. **1. Locate Exchange Management Shell Paths** 1. Find the Exchange Management Shell shortcut in the Start Menu 2. Right-click > **More** > **Open File Location** ![Locate "Exchange Management Shell shortcut](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-438762c3d71d8b9901fad1157d4e1621f90faf35%2Fexchange-server-01.png?alt=media) 3. Right-click the shortcut icon > **Properties** ![View shortcut properties](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-78e6a6df95d49841463e33f8a62629bd3f685552%2Fexchange-server-02.png?alt=media) 4. Copy the Target field value ![Copy shortcut target](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-32207bc727e91f03291be33fda6dfb475922eac2%2Fexchange-server-03.png?alt=media) 5. Note the two important paths from the target: * PowerShell Path: (e.g., `C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe`) * Remote Exchange Path: (e.g., `C:\Program Files\Microsoft\Exchange Server\V15\bin\RemoteExchange.ps1`) **2. Create Application Pool in IIS** 1. Open IIS Manager and create a new application pool ![Create Application Pool](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-bcffdd1b6c8558429e71be7023850a953875be4d%2Fexchange-server-04.png?alt=media) 2. Name the application pool ![Name Application Pool](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-65597936021c90ad40d9c6a8739f8e792f9bfa1d%2Fexchange-server-05.png?alt=media) 3. Configure the application pool: * Right-click > **Advanced Settings** ![Configure Application Pool](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-45d39e35cd34736d15a760f2e9c477773acef420%2Fexchange-server-06.png?alt=media) * Under Process Model, set the Identity ![Add Application Pool Identity](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-fc1c5ebb1700c2f1485051399f93acf2cf6713c1%2Fexchange-server-07.png?alt=media) **3. Configure IIS Application** 1. Add the application to "Default Web Site" ![Add Application to Application Pool](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-7ef544e30937cdb648f8327802689c2230d0b270%2Fexchange-server-08.png?alt=media) 2. Configure the application: * Set alias to `VezaProvisioner` * Select the application pool created above ![Configure Application](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-44d99a3aaf2ce0b56bc1a0a34ada67545f975537%2Fexchange-server-09.png?alt=media) 3. Configure authentication: ![Configure Authentication](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-25e764435dcd31c3a2f0fc1a0a76d09e536c94aa%2Fexchange-server-10.png?alt=media) * Disable Anonymous Authentication * Enable Basic Authentication ![Authentication Settings](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-8f4d0d61f585fbba916f610d16703ab2c6a8a2ac%2Fexchange-server-11.png?alt=media) **4. Install Veza Provisioner** Install the `VezaProvisioner.msi` installer provided by Veza support on the Exchange Server. This component handles email address creation for users provisioned in Active Directory. ### Supported Actions #### Create Email Creates an email account for a user in Exchange Server: * **Entity Type:** Exchange Server User * **User must exist in Active Directory** before an email account can be created | Attribute | Required | Type | Description | | ---------- | -------- | ------ | ------------------------------------ | | `identity` | Yes | String | The user's Active Directory identity | | `alias` | No | String | Email alias to assign to the user | **Use cases:** * Create email accounts for new employees during onboarding * Assign email aliases to users --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations/exchange-online/provisioning.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.