NOTE! this guide uses basic authentication and is NOT suitable for exchange online / office 365.
Planner can be integrated with your Exchange environment so that your meetings are synchronized. This is done with a service account that has the right application impersonation in Exchange.
We don't directly support this, as it is done in Exchange and not in Sign In Workspace (SiW), but we have gathered some knowledge and frequently asked questions to help you set it up, as well as some links to guides on the internet.
If you want to know more about how Planner and Exchange works and why the service account needs application impersonation rights, please see this guide instead: https://helpdesk.pronestor.com/hc/en-us/articles/360028374592-Application-impersonation-rights-in-exchange-for-Pronestor-
Table of contents
- What does the service account need?
- How to check whether the service account has the correct access
- Microsofts Guides
- Third party guides
- Administrative rights in your Exchange
- That your exchange is NOT exchange online / office 365
What does the service account need?
For Planner, the service account needs to have application impersonation rights on all users and all meeting rooms connected to Planner.
The Exchange service account must have a mailbox and the primary email address for that account must be the original one and not an alias.
If you want, you can limit the scope of the account to just the users who book the meeting rooms through outlook, the users who use Planner, and the meeting rooms you have imported. It is important that the service account has application impersonation rights towards all users who book the meeting rooms, or you will risk double bookings.
How to check whether the service account has the correct access
You can check whether the service account has the correct access by running a script in PowerShell. This has to be done on your Exchange server.
Get-ManagementRoleAssignment -roleassignee "email@example.com" -role applicationimpersonation
The results of the script. The "firstname.lastname@example.org" has the application impersonation rights. The "UserWithoutRights@pronestor.com" is a regular employee without application impersonation rights. If your account has application impersonation, the response of the script will show you the role applicationimpersonation.
New-ManagementRoleAssignment -Name PronestorServiceGroup -Role applicationImpersonation -User email@example.com
Here are some very helpful third-party guides we found. Please note that SiW is not responsible for the content of these guides.
Please sign in to leave a comment.