The MyTimetable calendar push integration is able to connect to a user's calendar using service accounts. This page describes how to create a service account and how to grant calendar permissions to this service account. MyTimetable will then be able to access calendars without explicit consent of a user.
This page applies to both Microsoft Exchange (on-premises) and Microsoft Office 365.
Table of Contents
Office 365 / Azure AD prerequisites
The following installs are required when managing Office 365 / Azure AD through Powershell.
The Microsoft Online Service Sign-in Assistant for IT Professionals RTW.
The Azure AD Module for Windows PowerShell:
You must be a tenant admin on your Office 365 tenant to run the cmdlets.
Creating a service account
A service account is needed to access the user's mailboxes. An account can be created in your on-premises Active Directory, or in Azure AD.
On-premises Active Directory
Using Active Directory Users and Computers
- Add a new user in the OU where you would like to place the service account.
- Enter a username, for example "sa-mytt-exch@eveoh.onmicrosoft.com"
- Enter a password for the service account and make sure the password does not expire.
Using Powershell
- Create a new AD user using the New-ADUser cmdlet. Replace the parameters to match your situation and preferences:
PS C:\> New-ADUser -Name "SAMyTTExch" -DisplayName "MyTimetable Exchange Service Account" -UserPrincipalName "sa-mytt-exch@eveoh.onmicrosoft.com" -AccountPassword (Read-Host -AsSecureString "Password") -PasswordNeverExpires $true -ChangePasswordAtLogon $false -CannotChangePassword $true -AccountExpirationDate 0 -Path "CN=Users,DC=dev,DC=eveoh,DC=local" Password: *******
Azure AD
Using the Azure Management Portal
- Visit the Microsoft Azure Management Portal at https://portal.azure.com, using the credential of your Microsoft tenant that has the subscription to Office 365 you wish to use.
- Click "Browse all" to browse all resources.
- Click "Activity Directory". You will now be redirected to the classic Azure Management Portal.
- Click the Active Directory you would like to manage.
- Click "Add user" in the bottom bar.
- Select "New user in your organisation" as type of user, and enter a username (e.g. sa-mytt-exch).
- Enter a first name, last name and display name. Select "User" as role. Do not select "Enable Multi-Factor Authentication".
- Click "Create" to assign a temporary password. Write down the password.
- Logout from the Azure Management Portal.
- Go to https://login.microsoftonline.com/
- Login in using the account you have just created, and set a password for the service account.
Using Powershell
Create a service account using the following Powershell command. Of course you can also create an account in the Azure Portal.
- Open the Windows Azure Active Directory Powershell prompt
- Connect to Microsoft Online Services using your tenant admin account:
PS C:\> Connect-MsolService
- Create the service account. Replace the "UserPrincipalName" and "Password" parameters to match your situation and preferences:
PS C:\> New-MsolUser -DisplayName "MyTimetable Exchange Service Account" -UserPrincipalName "sa-mytt-exch@eveoh.onmicrosoft.com" -Password "xxx" -PasswordNeverExpires $true -StrongPasswordRequired $true
Assigning an Exchange Online license (Office 365 only)
The service account needs to have a Exchange Online license assigned.
This step is only required when using Microsoft Office 365
Using the Office 365 Admin portal
- Open the Office 365 Admin portal.
- Click "Users" -> "Active Users".
- Click the service account you have just created.
- In the right bar, find "Assigned license" and click "Edit".
- Click the license you would like to assign. Make sure "Exchange Online" is checked.
Using Powershell
- Open the Windows Azure Active Directory Powershell prompt
- Connect to Microsoft Online Services using your tenant admin account:
PS C:\> Connect-MsolService
- List your Office 365 plans. Pick the AccountSkuId you would like to use.
PS C:\> Get-MsolAccountSku AccountSkuId ActiveUnits WarningUnits ConsumedUnits ------------ ----------- ------------ ------------- Eveoh:DEVELOPERPACK 1 0 1 Eveoh:ENTERPRISEPACK 5 0 2
- List all service plans that are included in your Office 365 plan. In this case, the EXCHANGE_S_ENTERPRISE service plan refers to Exchange Online.
PS C:\> Get-MsolAccountSku | Where-Object {$_.AccountSkuId -eq "Eveoh:ENTERPRISEPACK"} | ForEach-Object {$_.ServiceStatus}
ServicePlan ProvisioningStatus
----------- ------------------
INTUNE_O365 PendingActivation
YAMMER_ENTERPRISE PendingInput
RMS_S_ENTERPRISE Success
OFFICESUBSCRIPTION Success
MCOSTANDARD Success
SHAREPOINTWAC Success
SHAREPOINTENTERPRISE Success
EXCHANGE_S_ENTERPRISE Success
- We will now assign an Office 365 license with only the Exchange Online service plan selected. Since we can only assign a plan and all service plans disabled, we first create a object reference that holds all disabled service plans. After that, we assign the license to the service account.
PS C:\> $O365Licences = New-MsolLicenseOptions -AccountSkuId Eveoh:ENTERPRISEPACK -DisabledPlans INTUNE_O365, YAMMER_ENTERPRISE, RMS_S_ENTERPRISE, OFFICESUBSCRIPTION, MCOSTANDARD, SHAREPOINTWAC, SHAREPOINTENTERPRISE PS C:\> Set-MsolUserLicense -UserPrincipalName "sa-mytt-exch@eveoh.onmicrosoft.com" -AddLicenses "Eveoh:ENTERPRISEPACK" -LicenseOptions $O365Licences
Delegating calendar permissions to service account
xxx
Office 365
xxx
Exchange on-premises
xxx