Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The MyTimetable calendar push integration is able to connect to a user's calendar using service accounts. This page describes how to create a service account and how to grant calendar permissions to this service account. MyTimetable will then be able to access calendars without explicit consent of a user.

...

  • Visit the Microsoft Azure Management Portal at https://portal.azure.comusing the credential of your Microsoft tenant that has the subscription to Office 365 you wish to use.
  • Click "Browse all" to browse all resources.
  • Click "Activity Directory". You will now be redirected to the classic Azure Management Portal.
  • Click the Active Directory you would like to manage.
  • Click "Add user" in the bottom bar.
  • Select "New user in your organisation" as type of user, and enter a username (e.g. sa-mytt-exch).
  • Enter a first name, last name and display name. Select "User" as role. Do not select "Enable Multi-Factor Authentication".
  • Click "Create" to assign a temporary password. Write down the password.
  • Logout from the Azure Management Portal.
  • Go to https://login.microsoftonline.com/
  • Login in using the account you have just created, and set a password for the service account.

...

Delegating calendar permissions to service account

Finally, we need to give the service account

...

xxx

Office 365

xxxdelegated calendar permissions on the mailboxes of the users.

Office 365

We are going to connect to Office 365 using Powershell. For this, we have to set up a remote Powershell session. First, we need to check if we are allowed to do so:

  • Check the current script execution policy
Code Block
languagepowershell
PS C:\> Get-ExecutionPolicy
Restricted
  • If we are not allowed to execute remote signed scripts, we have to change the execution policy. It might be required for Powershell to be started as Administrator.
Code Block
languagepowershell
PS C:\> Set-ExecutionPolicy RemoteSigned
Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose you to the security risks described in the about_Execution_Policies help topic at http://go.microsoft.com/fwlink/?LinkID=135170. Do you want to change the execution policy?
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): Y

Now we are able to start a remote Powershell session to Office 365:

  • Connect to Office 365 using your tenant admin account and import the Powershell session:
Code Block
languagepowershell
PS C:\> $O365Cred = Get-Credential
PS C:\> $O365Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $O365Cred -Authentication Basic -AllowRedirection
WARNING: Your connection has been redirected to the following URI:
"https://ps.outlook.com/PowerShell-LiveID?PSVersion=4.0 "
PS C:\> Import-PSSession $O365Session -AllowClobber
WARNING: The names of some imported commands from the module 'tmp_eiaj1j0m.dcw' include unapproved verbs that might
make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the
Verbose parameter. For a list of approved verbs, type Get-Verb.
ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Script     1.0        tmp_eiaj1j0m.dcw                    {Add-AvailabilityAddressSpace, Add-DistributionGroupMember...
  • Select the accounts you want to delegate and store them in an object. It is also possible to filter them on OU.
Code Block
languagepowershell
titleGet all mailboxes
 PS C:\> $mailboxes = Get-Mailbox -Resultsize Unlimited
Code Block
languagepowershell
titleGet mailboxes by OU
TODO

 

 

Exchange on-premises

xxxTODO