Grant application impersonation permission to the service account

For the

BlackBerry Push Notifications

service to monitor mailboxes for updates, the

BlackBerry Push Notifications

service account, must have impersonation permissions.

Complete one of the following actions to apply Application Impersonation permissions to the service account:

Grant application impersonation permissions	Steps
Microsoft Office 365 using the Exchange Administration Center console	Sign in to https://admin.exchange.microsoft.com/. Click Roles > Admin roles . Click Add role group . Type a name for the role. In the Write scope drop-down list, click Default . Click Next . In the Search field, search for the ApplicationImpersonation role. Click the checkbox next to the role. Click Next . In the text field, type the member name or the service account that will process the notifications. Click Next . Click Add role group . Click Done .
On-premises Microsoft Exchange using the Exchange Administration Center	In a browser window, type https://<`url_to_on-premises_client_access_server`>/ecp and sign in with a valid account. Click permissions . Click . Type a name and description for the role group. In the Roles section, click . Click ApplicationImpersonation > add > OK . In the Members section, click . Click an account to add and then click add > OK .
Using Microsoft Exchange Management Shell	Open Microsoft Exchange Management Shell . Type New-ManagementRoleAssignment -Name:<`ImpersonationAssignmentName`> -Role:ApplicationImpersonation -User:<`ServiceAccount`> . For example, New-ManagementRoleAssignment -Name:BlackBerryAppImpersonation -Role:ApplicationImpersonation -User:BEMSAdmin . For more information on how to restrict Application Impersonation rights to specific users, organizational units, or security groups, visit the MSDN Library to see How to: Configure impersonation.

Section:

Prerequisites: BlackBerry Push Notifications service