An impersonation account is a service account used by applications to log-on to your exchange and access the required contacts and/or appointments in your user's mailboxes. An impersonation account is any account which has been granted a set of permissions which allow it to 'Impersonate' another account. An impersonation account can be any account with a mailbox.


In order to set up an impersonation account, you need to be an Office 365 administrator.  The process is:


a. Create a new user account (or you can use an existing account)

b. Grant your account the "ApplicationImpersonation" role from the Office 365 Exchange Admin Center 
 

To add a user account 

  1. Sign in to Office 365 with your credentials 
  2. Go to the Office 365 admin center by selecting the app launcher icon Office 365 app launcher icon in the upper-left and choosing Admin. 
 
User-added image 
3. On the left expand USERS and in the middle click on Add new users under Users and Groups 

  

4. On the Create new user account, populate the necessary fields.  
  

5. Uncheck the box for Make this user change their password with Outlook Web App on next login. and click on Create 

 
 
 
Granting Impersonation rights to your User Account
 
Now that you have a user account, you can assign the "ApplicationImpersonation" role to it so it can act as an impersonation account for other user's mailboxes. 


In our example we have created an account called 'Sync Agent'.


1. In your Office 365 admin center, select Admin / Exchange



  

2. Under Permissions, click on admin roles 



 
3. Select the plus sign above the table to create a new Role group 



 
4. On the New Role group pop up window, type in a name in the Name field 



 
5. Hit the plus sign below the Roles:  area and select ApplicationImpersonation in the list under DISPLAY NAME then click the add - > button and then click OK 


 

 
6. Under the Members: section click on the plus sign and select the user that you wish to grant Impersonation rights to (we have selected user 'syncAgent'). 
 
7. Select the  add - >  button and then click OK 
 
 

8. Your form should look something like this  



  9. You have successfully created your impersonation account. So the username: SyncAgent will act as your impersonation account to impersonate other user's mailboxes.

 
Note:
To check that the correct user has the ApplicationImpersonation role, in the Permissions window, in the Exchange Admin Center (EAC) highlight the name of the Role you created which in our example it would be Exchange sync role group and in the right hand pane observe the Assigned Role and Members 
 
The validity of the role applied and the permissions of the user can be tested using the Microsoft Remote Connectivity Analyzer