Skip to main content

Preparing your Office 365 calendar

Learn how to connect Envoy Rooms <> O365 via Service Account

Updated over 5 months ago

Assign account permissions

The first step is to assign the service account permissions to allow Envoy Rooms access to Outlook calendars. The required permissions are presented somewhat differently in the Entra views. By granting your service account admin permissions, the Envoy Rooms service will be able to access a subset of those permissions to communicate with your calendar.

These are the admin roles that grant the proper permissions to Envoy Rooms:

The service account needs these corresponding permissions to be able to access the calendars as Rooms. Per Microsoft, only Admin roles can delegate access to the Places.Read.All scope, so your service account needs to be an admin to grant Envoy Rooms this scope.

In addition to Places.Read.All scope, Envoy rooms needs Calendar.ReadWrite.Shared and offline_access.

Envoy Rooms does not have access to any scopes beyond those explicitly outlined during configuration, and the app itself will not have full admin permissions.

Configuration:

  1. Open up the Microsoft Entra admin portal as a Global Administrator: https://entra.microsoft.com/

  2. Open the Entra service page, then navigate to the Users > All Users page.

  3. From the Users panel select the new service account. You’ll be using an existing user in your O365 tenant.

  4. In the Assigned roles view, add the following assignments - note it typically takes a few seconds for an assigned attribute to appear as set:

    1. Cloud Application Administrator

    2. Application Administrator

    3. Privileged Role Administrator

    4. Global Administrator


Delegate access to the service account

  1. Navigate to Exchange in the admin center (you might need to click Show all to see Exchange)

  2. Find the room to be managed by Envoy Rooms and click the room to edit the resource

  3. Click Edit under "Read and Manage (Full Access)"

  4. Add the service account to Full Access by clicking "Add members"

Setting up Envoy Rooms on the Dashboard

Please make sure you log in as the service account before connecting the calendar to Envoy.

Delegate Access can take up to 2 days to propagate on Microsoft Exchange

  1. Connect the service account to Envoy Rooms.

Permissions we ask for when using this method:

Related Articles
Connecting your calendar
About Envoy Rooms
Preparing your Google calendar
Did this answer your question?