Versions Compared

Old Version 28

changes.mady.by.user Christoph Witzemann

Saved on

compared with

New Version Current

changes.mady.by.user Christoph Witzemann

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Content

Table of Contents
minLevel1
maxLevel2
excludeContent

Introduction

Microsoft announced that Exchange Online (Office 365) - EWS will not be available anymore starting October 13th, 2020.

The Microsoft's recommendation is now to use Microsoft Graph. For Exchange On-Premise, EWS will stay the solution to use.

This documentation describes the steps required in order get ROOMZ access to the agenda of the meeting rooms using Microsoft Graph.

1️⃣ Overview

Application Permission are used to connect a 3rd party application to M365. We had in the past a documentation with giving the API full access (read & write) to all agendas (User and resources) and limited then the access by using a Mail-enabled security group. If you have this in place, and you had added a new resource the new resource in the ROOMZ Poral will be red, you will find the command under this page. But we recommand to use the new way (Role-Based Access Control (RBAC)) documented in this page, you will never need to add a command if you create a new resource, all will be updated from Microsoft. Another benefit of the current way is that the API himself has no Permission to all calendars, only to the scope created and contain all meeting room resources.

2️⃣ Register the ROOMZ Application

The first step consists of creating a ROOMZ application on Microsoft Azure in order to provide the access to the agendas.

a. Open Microsoft Azure Portal and log in with an administrator account.

b. Once logged, search for

...

Microsoft Entra ID:

...

c. On the left panel, search for App registrations:

...

d. Click on + New registration:

...

 

e. Specify the name of the application (e.g. ROOMZGraph) and the first option Account in this organizational directory only

...

 

f. Click on API permissions:

...

 

g. Should you have already a permission, you can remove it:

  • Image Modified

...

Then click on + Add a permission, and select Microsoft Graph:

...

...

Chose Application permissions:

...

...

In the list of permissions, select Calendars.ReadWrite: and then click Add permissions:

...

...

Click on Grant admin consent for your company:

...

...

Once accepted, it should look like the following:

...

 

h. Click on Certificates & secrets:

...

 

i. Click on + New client secret:

...

...

 

j. Define the wished expiry date. When the secret expires, you will have to renew it and adapt it in the ROOMZ Portal. Today, the longest possible period is 2 years (even when choosing the "Custom" option). We recommend defining the expiry to 24 months:

...

Info

In graphical mode, you are limited to a maximum of 2 years, as per Microsoft's recommendation. You can use the following command line to extend beyond 2 years (You need to modify the values in bold):

New-AzureADApplicationPasswordCredential -ObjectId YourObjectID -CustomKeyIdentifier Roomz -Value $secret -StartDate (Get-Date) -EndDate (Get-Date).AddYears(5)

k. Here you will find the Client Secret. This information will be required for the connector, you should copy it for example in your Notepad. It is important that you copy the Value of the client secret, and not the Secret ID

...

Info

Here is how you can renew the client secret: https://roomzio.atlassian.net/wiki/spaces/SUP/pages/429850625/Booking+System#How-to-renew-the-client-secret

l. When clicking now on Overview, you will find the Application (client) ID and the Directory (tenant) ID. The 2 values will also be required for the connector, please copy them too

...

...

 

The registration of the ROOMZ application is done.

...

3️⃣ Give the Application permission access to

...

the meetingrooms

With the previous configuration made before, the application is allowed to access the agenda of all resources and users of the organization.

ROOMZ only requires to have access to the agenda of the meeting rooms. For this reason, we recommend to execute the following PowerShell commands in order to restrict the access.

Tip

Hint: the following connection with the Exchange Admin Center must be executed using Edge or Internet Explorer

...

Install or start Exchange Online PowerShell Module. You can download it from the Exchange admin Center.
Once logged in, scroll down to Hybrid.
(Should you have any issue when downloading this file with Google Chrome, please try with Edge).

...

API has no access rights. We now need to give the API access to the meeting rooms.

The following commands have to be executed using Exchange Online PowerShell with admin rights. Once executed, it might take up to 15 minutes before being effective.

a. Execute the following command and connect to your

...

Microsoft365 using an admin account.

Code Block

...

languagepowershell

...

Connect-EXOPSSession

Create a Mail-enabled security group with the following command. Here the name of the group is RoomzResources. You have to replace the PrimarySmtpAddress with a valid domain name.

Code Block
New-DistributionGroup -Name RoomzResources -Alias RoomzResources -PrimarySmtpAddress RoomzResources@myorganization.com -Type security

Fill this group with all room mailboxes. Don't forget to change the name of RoomzResources should you have used another name:

...

Connect-ExchangeOnline
Note

If you encounter an error while executing the above command, please click below this message and follow the instructions.

Expand
titleTo resolve errors related to the 'Connect-ExchangeOnline' command:

Install or start Exchange Online PowerShell Module. You can install the Module directly in the PowerShell on your Computer:

  1. Update your PowerShell to the latest version by using the following commands:

    Code Block
    winget install --id Microsoft.Powershell --source winget

    Please note that if you had PowerShell V5 before the new PowerShell V7 will be a new app on your PC, we recommend using the version 7.x.
    If you have troubles updating your PowerShell with the winget, please visit the following page of Microsoft and try another way: https://learn.microsoft.com/en-us/powershell/scripting/install/installing-powershell-on-windows?WT.mc_id=THOMASMAURER-blog-thmaure&view=powershell-7.3#winget

  2. Now you can install the Module by the following commands:

    Code Block
    Install-Module -Name ExchangeOnlineManagement

    If you get an error message like the following, you have to allow PowerShell to run scripts:

    Image Added
    Code Block
    Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine

    After the installation, we recommend to set the policy again to “restricted”:

    Code Block
    Set-ExecutionPolicy -ExecutionPolicy restricted -Scope LocalMachine

  3. You need to import the module :

    Code Block
    Import-Module ExchangeOnlineManagement

b. Enable organization customization, if it is already enabled you will get an error message.

Code Block
Enable-OrganizationCustomization

c. Create a new management scope containing all the meeting rooms, replace “RoomzRessources” if you want a different name for the scope:

Code Block
New-ManagementScope -Name "RoomzResources" -RecipientRestrictionFilter {RecipientTypeDetails -eq "RoomMailbox"}

...

d.1 Create a Service Principal for the API. Replace myAppID with Application (client) ID and myObjectID with the Object ID of the Enterprise application:
 Note
Please be aware that the Object ID in the Enterprise application is not the same then in the App Registration!
On the overview page of the app registration, click on “Managed application in…” to get to the Enterprise application.
...
d.2 Create the Service Principal
 Code Block
New-ServicePrincipal -AppId myappId -ServiceId myObjectId -DisplayName "ROOMZ ServicePrincipal"
e. Allow the Application the access to the scope created above. Replace the myAppId with the Application (client) ID
...
 . Replace RoomzResources with the name of the 
...
scope you created.
 Code Block
New-
...
ManagementRoleAssignment -
...
App myappId  -
...
Role 
...
In order to reduce the propagation time required by Microsoft Azure, this command can accelerate the process:
 Code Block
languagepowershell
Update-DistributionGroupMember RoomzResources
...
Thanks to this, the application is now restricted to access only the agenda of the group RoomzResources, containing only meeting rooms. Should you create new meeting rooms, please re-execute the command on point 4.
"Application Calendars.ReadWrite" -CustomResourceScope "RoomzResources"
f. The configuration of the Booking System is now done, please have a look to the next section. To be able to show meeting Title on the ROOMZ Displays.
...
4️⃣ Meeting Title & Private Flag
By default, when a user is sending an invitation for reserving a meeting room, Exchange will only store the name of the organizer in the agenda of the meeting room. The meeting's title and the private flag are not stored.
...
If you want to show the meeting title, the following PowerShell command has to be executed for each room. When the meeting is considered as 'private', the title of the meeting will be replaced by 'Reserved' on the ROOMZ Display. NOTE : Once executed, this command will only be effective for the new meetings. When new meeting rooms are created, this command has to be executed again.
(Adapt the parameter "myRoom@myorganization.fr" to the email address of the desired meeting room)
 Code Block
languagepowershell
Set-CalendarProcessing -Identity "myRoom@myorganization.fr"-AddOrganizerToSubject $false -DeleteSubject $false -RemovePrivateProperty $false
The following command allows applying the parameter to all rooms :
 Code Block
languagepowershell
Get-Mailbox| where {$_.RecipientTypeDetails -eq "RoomMailbox"} | Set-CalendarProcessing -AddOrganizerToSubject $false -DeleteSubject $false -RemovePrivateProperty $false
 Panel
panelIconIdatlassian-warning
panelIcon:warning:
bgColor#FFFAE6
Once executed, this command will only be effective for the new meetings. When new meeting rooms are created, this command has to be executed again.
Make sure to activate “Show meetings titles” in the Room option set menu. From default, the titles are deactivated: 
...
The title of the future upcoming meetings will then be correctly shown on the device:
...
When a meeting is private, the display will show the information as follows :  
...