====== Getting Started with Chipmunk ====== Welcome to the Chipmunk Setup Guide. Chipmunk is SmiKar Software’s intelligent offboarding solution for Microsoft 365. It automatically detects disabled Entra ID (Azure AD) accounts and securely archives the associated OneDrive, Exchange (emails), and Teams data to Azure Blob Storage. Chipmunk ensures no important user data is lost, helping you meet compliance, legal, and operational requirements with ease. [[https://www.smikar.com/chipmunk-automated-user-archiving/|Chipmunk Overview]] ===== What is Chipmunk? ===== Chipmunk is designed for IT administrators and businesses that want a simple, affordable, and automated way to archive Microsoft 365 user data once employees leave the organization. When a user account is disabled in Entra ID, the following is archived to your Azure Blob Storage Account: * Their **OneDrive** files are archived. * Their **Exchange** emails are archived. * Their **Microsoft Teams** chats and messages are archived. * Data is stored under your control in your Azure tenant. * Easy recovery options are available later if required. ===== Prerequisites ===== Before installing Chipmunk, you’ll need: * An **Azure Storage Account** (General Purpose v2) with a container named **chipmunkarchive**. * A **container-scoped SAS URL** for `chipmunkarchive` with **racwdl** permissions (Read, Add, Create, Write, Delete, List) and HTTPS-only access. * An **Azure AI (Cognitive Services)** resource with endpoint URL and API key. * A registered **Azure App** in **Entra ID** (Azure AD) with **admin-consented Microsoft Graph** application permissions and **Exchange Web Services** access. * An internal **VNet** and **subnet** for the Chipmunk appliance. * A **DNS name** pointing to the appliance IP address (A/AAAA record), matching the TLS certificate. * A **TLS certificate** in PEM format (certificate + full chain) and matching private key, with CN/SAN matching your DNS name. * (Optional) A static IP address (public or private) and corresponding DNS entry for reliable access. * An Entra ID group that grants admin access to Chipmunk (i.e. ChipmunkAdmins) ===== Prerequisites ===== Before installing Chipmunk, you’ll need: * **Azure Storage Account (General Purpose v2)** * Create a container named **chipmunkarchive**. * Generate a **container-scoped SAS URL** for ''chipmunkarchive'' with **racwdl** permissions (Read, Add, Create, Write, Delete, List) and HTTPS-only. * Example: https://<storageaccount>.blob.core.windows.net/chipmunkarchive?sp=racwdl&st=YYYY-MM-DDTHH:MM:SSZ&se=YYYY-MM-DDTHH:MM:SSZ&spr=https&sv=2024-11-04&sr=c&sig=<yoursassignature> * **Azure AI (Cognitive Services)** * An active resource in your region. * Provide the **Endpoint URL** (e.g., ''https://<your-ai-resource>.cognitiveservices.azure.com/'') and **API key**. * **Entra ID (Azure AD) App Registration** * Create or use an existing application registration. * Record your **Tenant ID**, **Application (client) ID**, and **Client secret**. * Assign the following **API permissions** and **grant admin consent**: * //Microsoft Graph — Application permissions// * AuditLog.Read.All * Calendars.Read * ChannelMessage.Read.All * Chat.Read.All * Chat.ReadBasic.All * Contacts.Read * Directory.Read.All * Files.Read.All * Files.ReadWrite.All * Group.Read.All * Mail.Read * Mail.Send * Sites.Read.All * Sites.ReadWrite.All * Team.ReadBasic.All * TeamMember.Read.All * TeamSettings.Read.All * TeamSettings.ReadWrite.All * User.Read.All * //Microsoft Graph — Delegated permission// * User.Read * //Office 365 Exchange Online — Application permission// * full_access_as_app (EWS; scope with an Application Access Policy if required) * **Networking** * Existing **VNet** and **Subnet** for the appliance. * **Static IP** (public or private) and matching **DNS A/AAAA** record. * DNS name must match the TLS certificate (e.g., ''chipmunk.yourcompany.local'' or ''chipmunk.yourcompany.com''). * **TLS Certificate** * **PEM** format (server certificate + intermediate chain) **and** matching **private key**. * CN/SAN must match the DNS name above. * **Email Notification Settings** //(optional but recommended)// * **From**: a valid mailbox in your tenant (e.g., ''chipmunk-alerts@yourcompany.com''). * **To**: operations/alerts mailbox (e.g., ''admin@yourcompany.com''). * **SMTP server**: ''smtp.office365.com'' * **SMTP port**: ''587'' (STARTTLS) or ''25'' if internal relay. ===== Using Chipmunk ===== The Chipmunk Dashboard allows you to: * Monitor ongoing backup operations. * View archived users and their associated data. * Search and restore archived files if needed. * View trends, usage, and backup success rates. All user data remains securely in your Azure environment — Chipmunk does not store your data externally. ===== Why Choose Chipmunk? ===== * Fully automated offboarding. * Archives OneDrive, Exchange, and Teams data. * Affordable licensing model. * Your data remains in your Azure tenant. * Scalable for small and large environments. * Simple setup and minimal management overhead. Chipmunk helps organizations meet compliance, legal hold, and operational continuity requirements while simplifying the Microsoft 365 offboarding process. ===== Need Help? ===== If you need assistance setting up your App Registration, Storage, or internal DNS for Chipmunk, refer to our step-by-step setup guides below: * [[software:chipmunk:setup:app_registration|App Registration & API Permissions]] * [[software:chipmunk:setup:storage_account|Azure Storage Setup]] * [[software:chipmunk:setup:certificate_dns|DNS & Certificate Configuration]] You can also contact our team at [[support@smikar.com]] for assistance. {{tag>chipmunk getting_started guide archive_offboarding azure}}