• OAuth authentication is not supported for on-premise Exchange/NTLM.
  • Switching from OAuth to Basic authentication is not supported. Once a room or screen has been authenticated to OAuth it cannot be moved back to Basic authentication.
  • Bulk OAuth authentication is not supported.
  • If a screen is inactive for more than 90 days (approx.) without connectivity, it will need to be re-authenticated.


Does a screen need to be authenticated again if deactivated and reactivated?

Yes, follow the steps for Authenticating a meeting room screen for OAuth.

Does OAuth authentication support on-premise Exchange?

No. On-premise Exchange environments must use NTLM or Basic/Negotiate authentication.

What access is agreed to during the meeting room screen authentication process?

When you accept the Microsoft permissions request during the meeting room screen authentication process, you consent for access to the room mailboxes as the signed-in user via Exchange Web Services (EWS), and for Graph API to sign in and read the room user profile.

User consent granted for OAuth authentication

Learn more about providing consent for Microsoft 365 accounts at Microsoft

What is the lifetime of the access token?

Unless otherwise configured by the AD admin, the default lifetime of the access token is 3599 seconds.

What happens when the token expires?

When the access token has expired and the screen attempts an operation with Exchange, it will receive the 401 (not authorized) error. A new token is fetched and the operation completed.

What happens if the service account is deleted, locked or the password changed/expired?

All screens using the service account must re-authenticate. Follow the steps for Authenticating a meeting room screen for OAuth.

What happens if the email address of the Exchange room changes?

All screens will show as unauthenticated in the Device Hub. Follow the steps for Authenticating a meeting room screen for OAuth to apply the new email address.

Can OAuth authentication be performed in bulk?

No, unfortunately, bulk authentication is not possible.

What happens if an incorrect mailbox is entered during the authentication process?

Authentication will fail and the portal displays the error ‘The last authentication attempt failed due to access token received of different resource’.


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Please do not use this for support questions.
Condeco Support

Post Comment