Best practices for server-side synchronization

Consider the following when planning and deploying server-side synchronization.

Best practices for configuring server-side synchronization

If you want to use one set of credentials to process emails with Outlook or Exchange

Using one account to process email to all mailboxes is easier to maintain but requires using an account that has access to all mailboxes in Outlook or Exchange. The account must have impersonation rights on Exchange. If that single account is compromised, all mailboxes using that account are compromised. Use the following settings in your email server profile (Settings > Email Configuration > Email Server Profiles to use a single account for email processing.

Settings	Recommendation
Incoming Connection
Authenticate Using	Credentials Specified in Email Server Profile
User Name	The administrator’s user name
Password	The administrator’s password
Use Impersonation	Yes
Use same settings for Outgoing	Yes

Delegation (Use Impersonation = No) is not supported for syncing Appointments, Contacts, and Tasks.

If you want to use individual credentials to process emails with Outlook or Exchange

An alternative to a single account to process emails is using individual accounts. This method requires more maintenance effort but does not focus security on a single account. If you want each user account to synchronize with Outlook or Exchange and you’re not using the Microsoft Exchange Online email server profile, use the following settings (Settings > Email Configuration > Email Server Profiles).

Settings	Recommendation
Incoming Connection
Authenticate Using	Credentials Specified by a User or Queue
Use Impersonation	No
Use same settings for Outgoing	Yes

Set the following in each user mailbox.

Settings	Recommendation
Credentials
Allow to Use Credentials for Email Processing	Yes
User Name	The user name for the mailbox
Password	The password for the mailbox

See also

Server-side synchronization Troubleshooting server-side synchronization