Microsoft 365 Admin account
- An Microsoft 365 Admin account is required if you have Exchange rooms.
- The Microsoft 365 Admin account must grant consent for Condeco to use User.Read and Calendars.ReadWrite.All (see table below).
- It is a limitation of Exchange that Microsoft 365 Admin account can only grant consent for all calendars, however, the service account can be restricted to only read room calendars.
Clicking Accept to the Microsoft permissions popup during the onboard process grants the following access to the Condeco Token Provider application using Microsoft Graph:
|EWS.AccessAsUser.All||Access mailboxes as the signed-in user via Exchange Web Services||Application||This permission is required by the service account having impersonation rights to access mailboxes on behalf of a user.|
|Calendars.ReadWrite.All||Read and write calendars in all mailboxes.||Application||This permission is required to create room subscriptions to get notifications of changes in Exchange mailboxes.|
|User.Read||Sign in and read users profile.||Delegated||This permission is required to log in for AAD user.|
Thanks for your feedback.