Introduction
We strongly recommend Microsoft 365 customers to configure Synergy SKY with Microsoft Graph API for Microsoft 365.
In line with end of support notification for EWS Basic Authentication, Microsoft have created a new authentication method known as Microsoft Graph. Microsoft Graph allows for increased performance towards the Microsoft Cloud. Over time, Microsoft have introduced OAuth 2.0 for authentication and authorization, which is a more secure and reliable than Basic Authentication to access data.
You can find additional information relating to Microsoft Graph here
We have provided instructions on how to set up Microsoft Graph with Synergy SKY below.
This guide will explain how to:
- Select / Create ActOnBehalfOfEmail
- Amend Calendar Permissions for the room(s) Calendar
- Create an App Registration, Client Certificate & Secret
- Add API Permissions
- Copy the Client ID, Tenant ID and Client Secret to Synergy SKY
Prerequisites
Microsoft Azure |
You will need administrator privileges for your organization in the Azure portal. |
- Optional step to secure the application to a security group:
https://docs.microsoft.com/en-us/powershell/module/exchange/new-applicationaccesspolicy?view=exchange-ps
Requirements
Set-CalendarProcessing room123@company.com -DeleteComments $false
Step by Step Guide
Creating a Service Account for Email Alerts
The Synergy SKY Act on Behalf of email is the email address that will be used to notify users of their meeting updates and progress. You are not required to create a new email account. It is possible to use an existing service email account that exists in your organization however if you would like to create a new service account, we have steps on how you can achieve this below:
- Log in to https://portal.azure.com
- Click on Azure Active Directory > Users
- Choose + New User. Type in the Username, Name and verify password settings and choose save
Configuring Microsoft Graph API
- Log In to https://portal.azure.com
- Click on Azure Active Directory
- Select App Registrations
- Click on New Registration
- Enter a name and click Register
- Copy the fields Application (client) ID and Directory (tenant) ID (these are to be used when configuring Synergy SKY)
- Click on Certificates & Secrets
- Click on New client secret, then give it a name and set it to 24 months (maximum). Click on Add
- Copy the 'Value'
Note: Copy the 'Value' field as shown below, not the 'Secret ID'. The value field is a 1 time copy - Click on API Permissions
- Click on Add a permission, Microsoft Graph, Application permissions.
Check:
- Calendar.ReadWrite (For Reading Resource Calendar and writing back any info needed, can be limited to Security group as outlined below)
- Mail.Send (For email alerts to UC admins, configured specifically in the Application)
- User.Read.All (For reading address book to add rooms)
- Click the Add permissions button
- Grant Consent: An admin account would need to login and click the “Grant admin consent” button
- Optional step to secure the application to a security group:
https://docs.microsoft.com/en-us/powershell/module/exchange/new-applicationaccesspolicy?view=exchange-ps
Configuring Microsoft Graph API in Synergy JOIN
Once you have completed the above setup in the Azure Active Directory, you will have to go to your Synergy SKY platform (Integration Settings) and create a Connection and paste in the Client ID, Tenant ID and Client Secret from your above configuration.
Click on Test Connections to make sure your configuration is correct. Then, add a new API integration and provide the Act on behalf of email and polling interval. Click Save and Save Changes. Setup is now complete.
Recommended calendar parameters
We recommend running the following scripts with the following permissions on all of the rooms in Microsoft Exchange in order to unlock the full potential of the product:
Set-CalendarProcessing room123@company.com -DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false -AddOrganizerToSubject $false -ProcessExternalMeetingMessages $true
The embedded test tool in the JOIN Configurator can be used to verify most of these properties, and suggests PowerShell commands to configure the rooms according to our recommendations.
Calendar Permissions properties
The function of the various Exchange resource properties mentioned in the 'Setting the Calendar Permissions' section are explained in the table below.
Property name | Function in Microsoft Exchange | Function in Synergy JOIN | Recommended Setting | Required |
---|---|---|---|---|
DeleteComments |
The DeleteComments parameter specifies whether to remove or keep any text in the message body of incoming meeting requests. Valid input for this parameter is $true or $false. This parameter is used only on resource mailboxes where the AutomateProcessing parameter is set to AutoAccept. |
When set to $true, Exchange deletes the body of the meeting invitation when booking rooms. As the matching rules rely on reading content in the body of the email, this stops Regex and the Skype URI in Body rule from working in JOIN. |
$false | Yes, so that your matching rules work correctly. |
DeleteSubject |
Specifies whether to remove or keep the subject of incoming meeting requests. Valid input for this parameter is $true or $false. The default value is $true. This parameter is used only on resource mailboxes where the AutomateProcessing parameter is set to AutoAccept. |
When set to $true, Exchange deletes the subject of the meeting which means JOIN does not display a meeting title on the touch panel of the video system. If you want the subject of the meeting to be hidden, you can select the Private flag when booking the meeting in Outlook, even if this property is set to $false. See also RemovePrivateProperty. |
$false | Yes, if you want the meeting title to be displayed on the touch panel. |
RemovePrivateProperty |
The RemovePrivateProperty parameter specifies whether to clear the private flag for incoming meeting requests. Valid input for this parameter is $true or $false. The default value is $true. By default, the private flag for incoming meeting requests is cleared. To ensure the private flag that was sent by the organizer in the original request remains as specified, set this parameter to $false. |
When set to $true, Exchange removes the Private flag when a Room is booked as a resource in a meeting flagged as Private in Outlook. This means that the meeting title is visible to everyone for all meetings. By setting this property to $false you can hide the title on meetings that are booked as Private in Outlook, while showing the title of all other meetings. |
$false | No. |
AddOrganizerToSubject |
The AddOrganizerToSubject parametors specifies whether to add the organizers name toe the subject line. Valid input for this parameter is $true or $false. The default value is $true. |
When set to $true, Exchange adds the organizers first name and last name to the subject line of the meeting. If you do not want to display the meeting name, at minimum we recommend to set this field to $true |
$false | Yes, if you want to hide the meeting title on the touch panel. |
ProcessExternalMeetingMessages |
The ProcessExternalMeetingMessages parameter specifies whether to process meeting requests that originate outside the Exchange organization. Valid input for this parameter is $true or $false. The default value is $false. By default, meeting requests that originate outside of the organization are rejected. |
When set to $false, Exchange will not allow external users to book Rooms resources. However, a room is booked on behalf of the organizer if a user forwards an invite into a room. This setting must therefore be set to $true to allow internal users to forward invitations to external Skype meetings into their meeting rooms, so that they can benefit from easy calling into external Skype meetings. Note: Administrators can still avoid external users booking their rooms directly by using an internal domain in the room’s alias (e.g. meetingroom@synergysky.local) |
$true | Yes, so that forwarding invites from external users works correctly. |
AutomateProcessing |
The AutomateProcessing parameter enables or disables calendar processing on the mailbox. This parameter takes the following values:
The default value on a resource mailbox is AutoAccept. The default value on a user mailbox is AutoUpdate, but you can't change the value on a user mailbox. |
Meetings that are booked in Room resources are stored as Tentative unless this setting is set to AutoAccept. Tentative meetings are not processed by JOIN, as you can book multiple tentative meetings within the same time interval in one resource. |
AutoAccept | Yes. |
AllRequestInPolicy AllRequestOutOfPolicy RequestInPolicy RequestOutOfPolicy |
These parameters specify whether to allow users to submit policy requests. Valid input for these parameters are $true or $false. The default value is $false. |
Meetings booked in Room resources that are configured with either of these properties that require meetings to be approved by a delegate, will not be processed by JOIN until they are approved. This will lead to a significant delay for the meeting organizers, and is therefore not recommended. |
$false | Recommended: configure so that approval is not required. |
Configurable Options for Graph API
Graph API provides the ability to customize how Synergy SKY is collecting information from your Exchange environment. These values are to be changed in the advanced settings page (not visible the menu).
CalendarSyncWindowSizeDays:
Specifies how many days in the future Synergy SKY can collect meeting information. Note that this setting does not apply to recurring meetings. When a recurring meeting is detected by Synergy SKY, the entire series is synced and provided with OBTP information.
CalendarSyncWindowRefreshIntervalDays:
Specifies how often Synergy SKY should re-sync its database with the room calendar.