TO CONFIGURE CALENDAR SYNCHRONIZATION FOR MICROSOFT EXCHANGE IN OFFICE365 USING OAUTH2 AUTHENTICATION
Make sure that you have Administrator access rights and can access the Azure Active Directory admin centre.
Configure a Monitor user:
1. Verify that you have a public DNS record pointing to the exchange server from the public Internet, for example by resolving yourdomain.com.
2. Verify that the enterprise firewall is configured to allow inbound HTTPS connections, using TCP port 443 from all Service Nodes, resolved from system DNS domain of the Service Provider, to all Exchange Servers deployed for the users in the organization.
3. Access the Windows PowerShell of the Exchange Server and prepare a password string to be used to create a monitor user with the password <yourPassword>. This command creates a secure string that will be used later in the script:
First, set up the password securely with the command:
$Password = "yourPassword" | ConvertTo-SecureString -AsPlainText -Force
4. Run the command below to set up the user <Monitor>, using the password string created in the prior step. This command creates a new user and enables a mailbox. The command to enable an existing user would be Enable-Mailbox:
New-Mailbox -Name "Monitor" -Alias "Monitor"
-OrganizationalUnit 'domain/Users'
-UserPrincipalName monitor@yourdomain.com
-SamAccountName "monitor" -FirstName "yourFirstName"-LastName "Monitor"
-Password $Password -ResetPasswordOnNextLogon $false
-Database "yourStorageGroupyourDatabase"
5. Grant the Monitor user Fullaccess rights:
Get-Mailbox -ResultSize Unlimited | Add-MailboxPermission -User "Monitor"
-Accessright Fullaccess -InheritanceType all
Also, calendar rights of the monitor user has to be configured on a per-user basis. A
script will be created to iterate through all users and avoid a lot of tedious and repetitive rights management. The example below assumes that the monitor user is called "Monitor":
1. Get the mailbox of your monitor-user:
$User = Get-Mailbox Monitor
2. Create a variable with the mailboxes to be administered by using:
$Mailboxes = Get-Mailbox -ResultSize Unlimited
3. Set rights on every mailbox in the variable by using. Please keep in mind that the Calendar folder will be named differently in translated editions of Microsoft Exchange Server:
$Mailboxes | ForEach-Object { Add-MailboxFolderPermission $_":\Calendar" -User $User.identity -AccessRights Reviewer }
To configure the calendar synchronization to use OAuth2-based authentication, you need to give permission to the exchange synchronization application for it to be able to read the users' calendars:
1. Sign in to https://portal.azure.com
2. Go to the Azure Active Directory.
3. Navigate to App registrations.
4. Choose New registration and name the new application, for example, Exchange calendar synchronization and then click Register button.
5. Note the Application (client) ID and the Directory (tenant) ID.
6. Navigate to Certificates & secrets.
7. Choose New client secret and name the secret, for example, Exchange calendar synchronization secret and enter the required expiry time.
8. Copy the generated Client secret’s Value to a safe place. The secret together with the Application (client) ID and Directory (tenant) ID will need to be entered in the Calendar Connector setting page when configuring the connector.
9. Navigate to API permissions.
10. Choose Add a permission and then select Microsoft Graph.
11. Select Application permissions and then choose Calendars.Read.
12. Select Grant admin consent for {your company}.
13. Follow the instruction on the new window.
14. Wait for Status in the Configured Permissions window to turn green.