For connecting to Microsoft Office 365 calendars, we support an alternative authentication flow that allows Envoy to read and write resources on behalf of a Service Account with limited permissions.

For customers who want to limit Envoy Rooms access to selected room calendars, you can set up Rooms using a Service Account as described in this document.

The minimum access a service account requires to use Rooms:

  • The Cloud Application Administrator admin role used to view the room resource lists

  • Delegated permission to the room resources

This document describes how to set up an account like this for connecting to Rooms.

These steps need to be done prior to setting up Envoy Rooms in the Envoy Dashboard.

Note: Please note that granting permission to accounts as well as delegating room resources access in Microsoft Office 365 may take up to 48 hours to propagate.

Setting up Microsoft Office 365 service account and permissions

We recommend you create a dedicated account for Envoy Rooms.

There are two actions that need to be applied to the service account:

  1. Assignment of a base admin role to allow viewing the room resource lists

  2. Granting the service account access to room calendars

Service account

In order for the account to view room resource lists it needs some level of admin access.

There are four types of Administrator roles that provide this functionality. This service account should hold one of these Administrator Roles:

  • Cloud Application Administrator (this is the least privilege required for Rooms)

  • Application Administrator

  • Privileged Role Administrator

  • Global Administrator

In order to assign one of the above roles to the service account, this needs to be done by an administrator of your Microsoft Office 365 instance.

Grant the service account access to a room’s calendar

This service account will not have access to any calendars by default. An Exchange Administrator or Global Administrator within Microsoft Office 365 will need to grant the service account access to rooms calendars for the service account on a per-calendar basis. To do this:

  1. Login as an Exchange Administrator or Global Administrator Microsoft Office 365

  2. Navigate to Exchange in the admin center

https://admin.microsoft.com/Adminportal/Home?source=applauncher#/users#%2F

2. Find the room to be managed by Envoy Rooms and Click the pen icon to edit the resource

3. Add the service account to Full Access by clicking the + button

4. Click Save. It will look like this:

Setting up Envoy Rooms on the Dashboard

To connect the service account to Envoy Rooms, Navigate to the Settings under Rooms and click on the Connect O365 calendars individually to start the connection process.

Next accept the permission to grant Envoy Rooms access using the service account. Here are the permissions we ask for when using this method:

Note: As mentioned, it may take up to 48 hours for Microsoft Office 365 room delegations to take effect.

Did this answer your question?