Grant application impersonation permission to the service account
For the
BlackBerry Push Notifications
service to monitor mailboxes for updates, the BlackBerry Push Notifications
service account must have impersonation permissions.- Complete one of the following actions to apply Application Impersonation permissions to the service account:Grant application impersonation permissionsStepsMicrosoft 365using the Exchange Administration Center console
- Sign in to https://admin.exchange.microsoft.com/.
- ClickRoles > Admin roles.
- ClickAdd role group.
- Type a name for the role.
- In theWrite scopedrop-down list, clickDefault.
- ClickNext.
- In the Search field, search for theApplicationImpersonationrole. Click the checkbox next to the role.
- ClickNext.
- In the text field, type the member name or the service account that will process the notifications.
- ClickNext.
- ClickAdd role group.
- ClickDone.
On-premisesMicrosoft Exchangeusing the Exchange Administration Center- In a browser window, typehttps://<and sign in with a valid account.url_to_on-premises_client_access_server>/ecp
- Clickpermissions.
- Click .
- Type a name and description for the role group.
- In theRolessection, click . ClickApplicationImpersonation > add > OK.
- In theMemberssection, click . Click an account to add and then clickadd > OK.
UsingMicrosoft Exchange Management Shell- OpenMicrosoft Exchange Management Shell.
- TypeNew-ManagementRoleAssignment -Name:<. For example,ImpersonationAssignmentName> -Role:ApplicationImpersonation -User:<ServiceAccount>New-ManagementRoleAssignment -Name:BlackBerryAppImpersonation -Role:ApplicationImpersonation -User:BEMSAdmin.
For more information on how to restrict Application Impersonation rights to specific users, organizational units, or security groups, visit the MSDN Library to see How to: Configure impersonation.