The MyTimetable calendar push integration is able to connect to a user's calendar using service accounts. This page describes how to create a service account and how to grant calendar permissions to this service account. MyTimetable will then be able to access calendars without explicit consent of a user.
...
Code Block |
---|
|
PS C:\> New-ADUser -Name "SAMyTTExch" -DisplayName "MyTimetable Exchange Service Account" -UserPrincipalName "sa-mytt-exch@eveohexch@dev.onmicrosofteveoh.comlocal" -AccountPassword (Read-Host -AsSecureString "Password") -PasswordNeverExpires $true -ChangePasswordAtLogon $false -CannotChangePassword $true -AccountExpirationDate $null -Enabled 0$true -Path "CN=Users,DC=dev,DC=eveoh,DC=local"
Password: ******* |
...
- Visit the Microsoft Azure Management Portal at https://portal.azure.com, using the credential of your Microsoft tenant that has the subscription to Office 365 you wish to use.
- Click "Browse all" to browse all resources.
- Click "Activity Directory". You will now be redirected to the classic Azure Management Portal.
- Click the Active Directory you would like to manage.
- Click "Add user" in the bottom bar.
- Select "New user in your organisation" as type of user, and enter a username (e.g. sa-mytt-exch).
- Enter a first name, last name and display name. Select "User" as role. Do not select "Enable Multi-Factor Authentication".
- Click "Create" to assign a temporary password. Write down the password.
- Logout from the Azure Management Portal.
- Go to https://login.microsoftonline.com/
- Login in using the account you have just created, and set a password for the service account.
...
Code Block |
---|
|
PS C:\> $O365Licences = New-MsolLicenseOptions -AccountSkuId Eveoh:ENTERPRISEPACK -DisabledPlans INTUNE_O365, YAMMER_ENTERPRISE, RMS_S_ENTERPRISE, OFFICESUBSCRIPTION, MCOSTANDARD, SHAREPOINTWAC, SHAREPOINTENTERPRISE
PS C:\> Set-MsolUserLicense -UserPrincipalName "sa-mytt-exch@eveoh.onmicrosoft.com" -AddLicenses "Eveoh:ENTERPRISEPACK" -LicenseOptions $O365Licences |
Creating a service account security group
In Active Directory, it is recommended to create a security group containing the previously created service account. Microsoft throttles the number of requests allowed to Exchange Web Services on a per account basis. By using multiple service accounts, we are able to scale up the number of requests to EWS. In the next step, we will delegate calendar permissions to a security group, instead to one or multiple service accounts.
On-premises Active Directory
Using Active Directory Users and Computers
- Add a new group in the OU where you would like to place the security group:
Image Added
- Add the service account to the security group:
Image Added
Using Powershell
- Create a new AD security group using the New-ADUser cmdlet. Replace the parameters to match your situation and preferences:
Code Block |
---|
|
PS C:\> New-ADGroup -Path "CN=Users,DC=dev,DC=eveoh,DC=local" -Name "Service Accounts MyTimetable Exchange" -GroupScope Global -Description "Service Accounts MyTimetable Exchange" |
- Add the service account to the security group:
Code Block |
---|
|
PS C:\> Add-ADGroupMember -Identity "CN=Service Accounts MyTimetable Exchange,CN=Users,DC=dev,DC=eveoh,DC=local" -Members "CN=SAMyTTExch,CN=Users,DC=dev,DC=eveoh,DC=local" |
Azure AD
Using the Azure Management Portal
- Visit the Microsoft Azure Management Portal at https://portal.azure.com, using the credential of your Microsoft tenant that has the subscription to Office 365 you wish to use.
- Click "Browse all" to browse all resources.
- Click "Activity Directory". You will now be redirected to the classic Azure Management Portal.
- Click the Active Directory you would like to manage.
- Click "Groups" in the top menu bar.
- Click "Add group" in the bottom bar.
- Enter a name for the group, e.g. 'Service Accounts MyTimetable Exchange'.
- Click the newly created security group.
- Click "Add members" in the bottom bar.
- Add the service account you have just created.
Using Powershell
- Open the Windows Azure Active Directory Powershell prompt
- Connect to Microsoft Online Services using your tenant admin account:
Code Block |
---|
|
PS C:\> Connect-MsolService |
- Create the security group in the Active Directory. We will use the ObjectId in the final step.
Code Block |
---|
|
PS C:\> New-MsolGroup -DisplayName "Service Accounts MyTimetable Exchange" -Description "Service Accounts MyTimetable Exchange"
ObjectId DisplayName GroupType Description
-------- ----------- --------- -----------
9283c3b6-5817-4ecb-94e1-dfaf007ef8f4 Service Accounts MyTime... Security Service Accounts MyTime... |
- Get the ObjectId of the service account:
Code Block |
---|
|
PS C:\> Get-MsolUser -UserPrincipalName "sa-mytt-exch@eveoh.onmicrosoft.com" | select -ExpandProperty ObjectId
Guid
----
f1df171f-a1dd-423f-ac27-631a752ae001 |
- Add the service account to the security group:
Code Block |
---|
|
PS C:\> Add-MsolGroupMember -GroupMemberObjectId f1df171f-a1dd-423f-ac27-631a752ae001 -GroupObjectId 9283c3b6-5817-4ecb-94e1-dfaf007ef8f4 |
Delegating calendar permissions to service account
...