Graph API Configuration for Microsoft 365 Exchange Online

You can enable users to check attendee availability and create meetings in Exchange from EMS applications. To do this, you can use an Azure App with the MS Graph API to connect EMS and Exchange Online.

If you already have an Azure App (for EMS Exchange Room Integration), an Azure administrator will only need to update the permissions on the app — see section Configuration of permissions in Azure Active Directory (AD).

ClosedRegister an application in Azure AD

  1. Sign in to portal.azure.com with the appropriate Azure Administrator account.
  2. Click Azure Active Directory in the menu.
  3. Under Manage, select App registrations.

  4. Select New registration.

  5. Enter a name.

  6. Set Supported account types for your scenario.

  7. Click Register.

ClosedConfigure permissions in Azure AD

  1. Select the previously created Azure App.

  2. Under Manage, click API Permissions.

  3. Select Add a permission.

  4. Select Microsoft Graph.

  5. Select Applications permissions.

  6. Select the following:
    1. Calendars.ReadWrite – used to manage meetings created from EMS on users’ calendars.

    2. People.Read.All – used to look up attendee availability from EMS applications.

    3. User.Read.All – used to look up user information.

  7. Click Add Permissions.

  8. Under Grant Consent, select Grant admin consent for your domain.

  9. Select Yes.

    The permissions appear in the list.

  10. Under Manage, click Certificates and Secrets.

  11. Select New Client Secret.

  12. Select an expiration window. We recommend that you select None.

  13. Click Save.

  14. Copy and make note of that value, since this is the only time it appears.

  15. From the Overview section, copy the Application ID and Tenant ID to add to the EMS configuration.

ClosedEnable the communication of EMS Exchange Integration Service with EMS Platform Services

  1. Navigate to your EMSPlatform/admin page.

  2. Sign in with a Web Administrator level Everyday User account.
  3. Navigate to Integrations.

  4. Select the PAM configuration client.

    If you don't see this option, make sure that you are using EMS version 220.2.2 or later and that the EMS Platform Services default.json file created by the installer is being used instead of a copy from previous versions.

  5. Click Reset Secret.

  6. Copy the value of the secret as it cannot be retrieved later.

  7. In the web.config file for the EMS Exchange Integration Web Service, enter the secret between the quotes for the value of this key: <add key="EmsPlatformSecret" value=""/>

ClosedConfigure the EMS Exchange Integration Web Service to use the Microsoft Graph API

  1. Navigate to the ExchangeIntegrationWebService/pamconfig.aspx page.
  2. On Provider, select EMS Platform.
  3. Select Use OAuth for Office 365 Exchange Web Services.
  4. In MS Graph Tenant ID, MS Graph App ID, and EMS Graph App Secret, enter the values from Azure Active Directory app that was configured for the integration.
  5. Click Save.
  6. Under System Administration > Settings > Parameters, go to the Desktop Client tab and find the parameter Enables Integration into MSGraph APIs and set the value to Yes.
  7. Select System Administration > Settings > Parameters > Desktop Client tab.
  8. In the Enables Integration into MSGraph APIs parameter, select Yes.
  9. To ensure the settings take effect, recycle application pools used by EMS on the web server.

The email address and password under Account Information is still necessary for the service to authenticate within EMS. This account is not used as a service account to EMS Exchange and does not require any impersonation or delegation permissions.

 

(missing or bad snippet)