Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

The MyTimetable calendar push integration is able to connect to a user's calendar using service accounts. This page describes how to create a service account and how to grant calendar permissions to this service account. MyTimetable will then be able to access calendars without explicit consent of a user.

This page applies to both Microsoft Exchange (on-premises) and Microsoft Office 365.

Table of Contents

Office 365 / Azure AD prerequisites

The following installs are required when managing Office 365 / Azure AD through Powershell.

You must be a tenant admin on your Office 365 tenant to run the cmdlets.

Creating a service account

A service account is needed to access the user's mailboxes. An account can be created in your on-premises Active Directory, or in Azure AD.

On-premises Active Directory

Using Active Directory Users and Computers

  • Add a new user in the OU where you would like to place the service account.
  • Enter a username, for example "sa-mytt-exch@eveoh.onmicrosoft.com"

  • Enter a password for the service account and make sure the password does not expire. 

Using Powershell

  • Create a new AD user using the New-ADUser cmdlet. Replace the parameters to match your situation and preferences:
PS C:\> New-ADUser -Name "SAMyTTExch" -DisplayName "MyTimetable Exchange Service Account" -UserPrincipalName "sa-mytt-exch@eveoh.onmicrosoft.com" -AccountPassword (Read-Host -AsSecureString "Password") -PasswordNeverExpires $true -ChangePasswordAtLogon $false -CannotChangePassword $true -AccountExpirationDate 0 -Path "CN=Users,DC=dev,DC=eveoh,DC=local"
Password: *******

Azure AD

Using the Azure Management Portal

  • Visit the Microsoft Azure Management Portal at https://portal.azure.comusing the credential of your Microsoft tenant that has the subscription to Office 365 you wish to use.
  • Click "Browse all" to browse all resources.
  • Click "Activity Directory". You will now be redirected to the classic Azure Management Portal.
  • Click the Active Directory you would like to manage.
  • Click "Add user" in the bottom bar.
  • Select "New user in your organisation" as type of user, and enter a username (e.g. sa-mytt-exch).
  • Enter a first name, last name and display name. Select "User" as role. Do not select "Enable Multi-Factor Authentication".
  • Click "Create" to assign a temporary password. Write down the password.
  • Logout from the Azure Management Portal.
  • Go to https://login.microsoftonline.com/
  • Login in using the account you have just created, and set a password for the service account.

Using Powershell

Create a service account using the following Powershell command. Of course you can also create an account in the Azure Portal.

  • Open the Windows Azure Active Directory Powershell prompt
  • Connect to Microsoft Online Services using your tenant admin account:
PS C:\> Connect-MsolService
  • Create the service account. Replace the "UserPrincipalName" and "Password" parameters to match your situation and preferences:
PS C:\> New-MsolUser -DisplayName "MyTimetable Exchange Service Account" -UserPrincipalName "sa-mytt-exch@eveoh.onmicrosoft.com" -Password "xxx" -PasswordNeverExpires $true -StrongPasswordRequired $true

Assigning an Exchange Online license (Office 365 only)

The service account needs to have a Exchange Online license assigned.

This step is only required when using Microsoft Office 365

Using the Office 365 Admin portal

  • Open the Office 365 Admin portal.
  • Click "Users" -> "Active Users".
  • Click the service account you have just created.
  • In the right bar, find "Assigned license" and click "Edit".

  • Click the license you would like to assign. Make sure "Exchange Online" is checked.

Using Powershell

  • Open the Windows Azure Active Directory Powershell prompt
  • Connect to Microsoft Online Services using your tenant admin account:
PS C:\> Connect-MsolService
  • List your Office 365 plans. Pick the AccountSkuId you would like to use.
PS C:\> Get-MsolAccountSku
AccountSkuId                    ActiveUnits     WarningUnits    ConsumedUnits
------------                    -----------     ------------    -------------
Eveoh:DEVELOPERPACK             1               0               1
Eveoh:ENTERPRISEPACK            5               0               2
  • List all service plans that are included in your Office 365 plan. In this case, the EXCHANGE_S_ENTERPRISE service plan refers to Exchange Online.
PS C:\> Get-MsolAccountSku | Where-Object {$_.AccountSkuId -eq "Eveoh:ENTERPRISEPACK"} | ForEach-Object {$_.ServiceStatus}
ServicePlan                             ProvisioningStatus
-----------                             ------------------
INTUNE_O365                             PendingActivation
YAMMER_ENTERPRISE                       PendingInput
RMS_S_ENTERPRISE                        Success
OFFICESUBSCRIPTION                      Success
MCOSTANDARD                             Success
SHAREPOINTWAC                           Success
SHAREPOINTENTERPRISE                    Success
EXCHANGE_S_ENTERPRISE                   Success
  • We will now assign an Office 365 with only the Exchange Online service plan selected. Since we can only assign a plan and all service plans disabled, we first create a object reference that holds all disabled service plans. After that, we assign the license to the service account.
PS C:\> $O365Licences = New-MsolLicenseOptions -AccountSkuId Eveoh:ENTERPRISEPACK -DisabledPlans INTUNE_O365, YAMMER_ENTERPRISE, RMS_S_ENTERPRISE, OFFICESUBSCRIPTION, MCOSTANDARD, SHAREPOINTWAC, SHAREPOINTENTERPRISE
PS C:\> Set-MsolUserLicense -UserPrincipalName "sa-mytt-exch@eveoh.onmicrosoft.com" -AddLicenses "Eveoh:ENTERPRISEPACK" -LicenseOptions $O365Licences

Delegating calendar permissions to service account

xxx

Office 365

xxx

Exchange on-premises

xxx

  • No labels