logo

Please wait...

Connect your Door Displays to O365/Exchange Using Delegate Access

The direct method to connect to a resource to Microsoft O365 or Exchange is described here. It’s very straightforward and should work for 90% of business environments. It needs a visit in the O365/Exchange directory where resources are listed and delivers the credentials needed by the door display solution. Reset the password and you’re done. The average skilled Administrator should be able to do this within 5-10 minutes.

In some business environments the way of directly connecting to resource calendars is not preferred. This could be due to enterprise IT policy or other restrcitions. For example, hosted O365 products only allow a subset of functionalty for configuring meeting rooms. If you cannot access the “native” user interface of O365, you won’t be able to create a password for a meeting room. Let’s look a the alternative method of delegate access. To put in simple words, we connect either to a service account or to a shared mailbox that has been granted “access rights” for multiple meeting rooms. The creation of this account and the assignment of rights takes place in the O365/Exchange Admin Center (EAC).

 

Method 1: Service Account

Create a Service Account
  1. Open Exchange Admin Center (EAC) as an administrator.
  2. Go to Users > Active users and click Add a user.

  1. In the new user dialog, enter details of your new user.

    1. This step might require the purchase of a license. Activate the users license and then click Add.

Assign delegate rights to access the events of the resource calendar

The next step is required to grant the permission to edit the calendar events

  1. In the EAC, select recipients and resources.

  1. If you haven’t created a resource yet then click add and read here to create a resource. Select an existing resource and click edit if your resources are already set up.
  2. In the Edit Room Mailbox dialog, select mailbox delegation, scroll down to Full Access and click Add.

  1. Select the service account you created.

  1. Click Add and press Ok. You’ll see the new element in the Edit Room Mailbox dialog.

  1. Click Save.

Resolve “The caller has not assigned any of the RBAC roles requested in the management role header”

The second step is to fullfill another criteria of the RBAC (role based access control) concept. The service_account user needs to be assigned a specific admin role.

  1. Open Exchange Admin Center (EAC) as an administrator to fix the RBAC warning issue.
  2. In the EAC, go to Permissions> Admin roles, select the Discovery Management role group and click Edit.

  1. On the Role Group page, in the Members section, click Add.

  1. In the Select Members dialog, select a user or group and click Add. Finish with OK.

  1. Back on the Role Group page, click Save.
  2. Go to Permissions> Admin roles, select Discovery Management role group. In the details pane on the right, verify that the added user is shown in Members

 

How to assign “MailboxSearchApplication role in eDiscovery management”

The third step is to allow the service_account user to search for resources.

  1. In the EAC, go to Permissions > Admin roles, select Discovery Management and click Edit
  2. On the Role Group page, in the Roles section, click Add
  3. In the Select a Role dialog, select MailboxSearchApplication and click Add. Finish with OK.

  1. Back on the Role Group page, click Save.
  2. In the EAC, go to Permissions> Admin roles, and select the Discovery Management role group. In the details pane, verify that the added role is shown under Assigned Roles

 

Method 2: Shared Mailbox

Create a shared mailbox

The first step is required to grant the permission to edit the calendar events.

  1. Open Exchange Admin Center (EAC) as an administrator
  2. Select recipients and shared, then click Add.

  1. In the New shared mailbox dialog, enter the required name and email address and then click Save. In Users, add your administror user here. It’s not needed to add all your meeting room users.

 

Assign delegate rights to access the events/meetings of the resource/room
  1. In the EAC, select recipients and resources.

  1. If you haven’t created a resource yet then click add and read here to create a resource. Select an existing resource and click edit if your resources are already set up.
  2. In the Edit Room Mailbox dialog, select mailbox delegation, scroll down to Full Access and click Add.

  1. Select the account you created in step 2.
  2. Click Add and press Ok. You’ll see the new element as a result in the Edit Room Mailbox dialog.

  1. Click Save.

 

Resolve “The caller has not assigned any of the RBAC roles requested in the management role header”

The second step is to fullfill another criteria of the RBAC (role based access control) concept. The shared mailbox user needs to be assigned a specific admin role.

  1. Open Exchange Admin Center (EAC) as an administrator to fix the RBAC (role based access control) issue
  2. In the EAC, go to PermissionsAdmin roles, select the Discovery Management role group and click Edit.

  1. On the Role Group page, in the Members section, click Add.

  1. In the Select Members dialog, select a user or group and click Add. Finish with OK.

  1. Back on the Role Group page, click Save.
  2. Go to PermissionsAdmin roles, select Discovery Management role group. In the details pane on the right, verify that the added user is shown in Members

 

How to assign “MailboxSearchApplication role in eDiscovery management”

The third step is to allow the shared mailbox delegate user to search for resources.

  1. In the EAC, go to Permissions > Admin roles, select Discovery Management and click Edit
  2. On the Role Group page, in the Roles section, click Add
  3. In the Select a Role dialog, select MailboxSearchApplication and click Add. Finish with OK.

  1. Back on the Role Group page, click Save.
  2. In the EAC, go to PermissionsAdmin roles, and select the Discovery Management role group. In the details pane, verify that the added role is shown under Assigned Roles


For more information please visit these links:

https://docs.microsoft.com/en-us/exchange/client-developer/exchange-web-services/delegate-access-and-ews-in-exchange

https://docs.microsoft.com/en-us/Exchange/policy-and-compliance/ediscovery/assign-permissions?view=exchserver-2019

https://gsexdev.blogspot.com/2012/11/using-ediscovery-to-search-mailboxes.html

Leave a Comments

Your email is safe with us.
*
*