Technical Documentation

Search for in-depth articles on Synergy SKY tools and technologies.

 

     

    Support > Guides > Calendar >
    Configure for Exchange with Graphic API (Microsoft 365)

    Configure for Exchange with Graph API (Microsoft 365)

     

    Introduction

    We strongly recommend Microsoft 365 customers configure Synergy SKY with Microsoft Graph API for Microsoft 365.

    In line with the end of support notification for EWS Basic Authentication, Microsoft has created a new authentication method known as Microsoft Graph. Microsoft Graph allows for increased performance towards the Microsoft Cloud. Over time, Microsoft has introduced OAuth 2.0 for authentication and authorization, which is more secure and reliable than Basic Authentication to access data.

    You can find additional information relating to Microsoft Graph here

    We have provided instructions on how to set up Microsoft Graph with Synergy SKY below.

     

    This guide will explain how to:

    • Select / Create ActOnBehalfOfEmail

    • Amend Calendar Permissions for the room(s) Calendar

    • Create an App Registration, Client Certificate & Secret

    • Add API Permissions

    • Copy the Client ID, Tenant ID and Client Secret to Synergy SKY

    Prerequisites

    Microsoft Azure

    You will need administrator privileges for your organization in the Azure portal.


    Optional step to secure the application to a security group


    Configuration Reference


    Step-by-Step Guide

    Creating/Selecting the Act on Behalf of email

    The Synergy SKY Act on Behalf of email is the email address that will be used to notify users of their meeting updates and progress. You are not required to create a new email account. It is possible to use an existing service email account that exists in your organization however if you would like to create a new service account, we have steps on how you can achieve this below:

    1. Log in to https://portal.azure.com

    2. Click on Azure Active Directory > Users

    3. Choose + New User. Type in the Username, Name and verify password settings and choose to save

      mceclip0.png

    Setting the Calendar Permissions

    We recommend running the following scripts with the following permissions on all of the rooms in Microsoft Exchange in order to unlock the full potential of the product:

    Set-CalendarProcessing room123@company.com -DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false -AddOrganizerToSubject $false -ProcessExternalMeetingMessages $true

    The embedded test tool in the JOIN Configurator can be used to verify most of these properties, and suggests PowerShell commands to configure the rooms according to our recommendations.

     

    Calendar Permissions properties

    The function of the various Exchange resource properties mentioned in the 'Setting the Calendar Permissions' section are explained in the table below.

     Property name  Function in Microsoft Exchange  Function in Synergy JOIN  Recommended Setting  Required
    DeleteComments

    The DeleteComments parameter specifies whether to remove or keep any text in the message body of incoming meeting requests.

    Valid input for this parameter is $true or $false.

    This parameter is used only on resource mailboxes where the AutomateProcessing parameter is set to AutoAccept.

    When set to $true, Exchange deletes the body of the meeting invitation when booking rooms.

    As the matching rules rely on reading content in the body of the email, this stops Regex and the Skype URI in Body rule from working in JOIN.

    $false Yes, so that your matching rules work correctly.
    DeleteSubject

    Specifies whether to remove or keep the subject of incoming meeting requests.

    Valid input for this parameter is $true or $false.

    The default value is $true.

    This parameter is used only on resource mailboxes where the AutomateProcessing parameter is set to AutoAccept.

    When set to $true, Exchange deletes the subject of the meeting which means JOIN does not display a meeting title on the touch panel of the video system.

    If you want the subject of the meeting to be hidden, you can select the Private flag when booking the meeting in Outlook, even if this property is set to $false.

    See also RemovePrivateProperty.

    $false Yes, if you want the meeting title to be displayed on the touch panel.
    RemovePrivateProperty

    The RemovePrivateProperty parameter specifies whether to clear the private flag for incoming meeting requests.

    Valid input for this parameter is $true or $false.

    The default value is $true.

    By default, the private flag for incoming meeting requests is cleared. To ensure the private flag that was sent by the organizer in the original request remains as specified, set this parameter to $false.

    When set to $true, Exchange removes the Private flag when a Room is booked as a resource in a meeting flagged as Private in Outlook. This means that the meeting title is visible to everyone for all meetings.

    By setting this property to $false you can hide the title on meetings that are booked as Private in Outlook, while showing the title of all other meetings.

    $false No.
    AddOrganizerToSubject

    The AddOrganizerToSubject parametors specifies whether to add the organizers name toe the subject line.

    Valid input for this parameter is $true or $false.

    The default value is $true.

    When set to $true, Exchange adds the organizers first name and last name to the subject line of the meeting.

    If you do not want to display the meeting name, at minimum we recommend to set this field to $true

    $false Yes, if you want to hide the meeting title on the touch panel.
    ProcessExternalMeetingMessages

    The ProcessExternalMeetingMessages parameter specifies whether to process meeting requests that originate outside the Exchange organization.

    Valid input for this parameter is $true or $false.

    The default value is $false.

    By default, meeting requests that originate outside of the organization are rejected.

    When set to $false, Exchange will not allow external users to book Rooms resources.

    However, a room is booked on behalf of the organizer if a user forwards an invite into a room. This setting must therefore be set to $true to allow internal users to forward invitations to external Skype meetings into their meeting rooms, so that they can benefit from easy calling into external Skype meetings.

    Note: Administrators can still avoid external users booking their rooms directly by using an internal domain in the room’s alias (e.g. meetingroom@synergysky.local)

    $true Yes, so that forwarding invites from external users works correctly.
    AutomateProcessing

    The AutomateProcessing parameter enables or disables calendar processing on the mailbox.

    This parameter takes the following values:

    • None Both the resource booking attendant and the Calendar Attendant are disabled on the mailbox.
    • AutoUpdate Only the Calendar Attendant processes meeting requests and responses.
    • AutoAccept Both the Calendar Attendant and resource booking attendant are enabled on the mailbox. This means that the Calendar Attendant updates the calendar, and then the resource booking assistant accepts the meeting based upon the policies.

    The default value on a resource mailbox is AutoAccept.

    The default value on a user mailbox is AutoUpdate, but you can't change the value on a user mailbox.

    Meetings that are booked in Room resources are stored as Tentative unless this setting is set to AutoAccept.

    Tentative meetings are not processed by JOIN, as you can book multiple tentative meetings within the same time interval in one resource.

    AutoAccept Yes.

    AllRequestInPolicy

    AllRequestOutOfPolicy

    RequestInPolicy

    RequestOutOfPolicy

    These parameters specify whether to allow users to submit policy requests.

    Valid input for these parameters are $true or $false.

    The default value is $false.

    Meetings booked in Room resources that are configured with either of these properties that require meetings to be approved by a delegate, will not be processed by JOIN until they are approved.

    This will lead to a significant delay for the meeting organizers, and is therefore not recommended.

    $false Recommended: configure so that approval is not required.

     

    Configuring Microsoft Graph API
    • Log In to https://portal.azure.com

    • Click on Azure Active Directory

    • Select App Registrations

      mceclip4.png

    • Click on New Registration

    • Enter a name and click Register

      mceclip5.png

    mceclip6.png

    • Copy the fields Application (client) ID and Directory (tenant) ID (these are to be used when configuring Synergy SKY)

    mceclip21.png

    • Click on Certificates & Secrets

    mceclip8.png

    • Click on New client secret, then give it a name and set it to 24 months (maximum). Click on Add

    mceclip9.png

    • Copy the 'Value'
      Note: Copy the 'Value' field as shown below, not the 'Secret ID'.   The value field is a 1 time copy

      mceclip10.png


    • Click on API Permissions

    mceclip11.png

    • Click on Add a permission, Microsoft Graph, Application permissions.

    mceclip12.png

    mceclip14.pngmceclip15.pngCheck:

    • Calendar.ReadWrite (For Reading Resource Calendar and writing back any info needed, can be limited to Security group as outlined below)

    mceclip16.png

    • Mail.Send (For email alerts to UC admins, configured specifically in the Application)

    mceclip17.png

    • User.Read.All (For reading address book to add rooms)

    mceclip18.png

    • Click the Add permissions button

    mceclip19.png

    • Grant Consent: An admin account would need to login and click the “Grant admin consent” button

    mceclip20.png


    Configuring Microsoft Graph API in Synergy JOIN

    Once you have completed the above setup in the Azure Active Directory, you will have to go to your Synergy SKY platform (Integration Settings) and create a Connection and paste in the Client ID, Tenant ID and Client Secret from your above configuration.

    mceclip5.png

    Click on Test Connections to make sure your configuration is correct. Then, add a new API integration and provide the Act on behalf of email and polling interval. Click Save and Save Changes. Setup is now complete.

    mceclip6.png

     

    Configurable Options for Graph API

    Graph API provides the ability to customize how Synergy SKY is collecting information from your Exchange environment. These values are to be changed on the advanced settings page (not visible in the menu).

    mceclip7.png

    CalendarSyncWindowSizeDays:

    Specifies how many days in the future Synergy SKY can collect meeting information. Note that this setting does not apply to recurring meetings. When a recurring meeting is detected by Synergy SKY, the entire series is synced and provided with OBTP information.

     

    CalendarSyncWindowRefreshIntervalDays:

    Specifies how often Synergy SKY should re-sync its database with the room calendar.

    Still in need of help?

    Create a ticket