Pronestor Display needs information from Exchange. This guide shows you how you can integrate Pronestor Display with Exchange using Exchange Web Services (EWS) if you’re using Office 365 or Exchange Online and wants to authenticate using OAuth. You will need administrator rights in Pronestor Display and Azure Active Directory.
- Go to Azure Active Directory
- App Registrations
- New Application
- Note the Application (client) ID and Directory (tenant) ID, you will need them later in this guide.
- Click API Permissions
- Click “Add a permission”
- Choose "APIs my organization uses"
- Type "office 365 exchange" - and choose that in the list
- Click “Application Permissions”
- Select “full_access_as_app” (please see comment below on how to scope/limit this permission)
- Click “Add permission”
- Click “Grant Admin consent for Pronestor”
- Open Pronestor Display
- Go to “settings”
- Choose “Microsoft Exchange”
- Enable “Exchange Online” and “Use oAuth”
- Enter the “Application (client) ID” into “Application ID” field
- Enter the “Directory (tenant) ID” into “Directory ID” field
- Click “Save and test connection”
- Click “Create new certificate”
- Go back to Azure – find the application created
- Choose “Certificates and secrets”
- Choose “Upload certificate” and upload the generated certificate
Comments
1 comment
Scoping/limited the permission
Microsoft has released a new access policy, to restrict or deny access to a specific set of mailboxes by an application that uses APIs (Outlook REST, Microsoft Graph, or Exchange Web Services (EWS))
With this new policy – you can limit the permission type on the scope of users/resources you dictate.
For details on how to set “New-applicationaccesspolicy” please see https://docs.microsoft.com/en-us/powershell/module/exchange/new-applicationaccesspolicy?view=exchange-ps
Example of use:
The security group should ONLY contain the rooms used in Pronestor Display.
Steps:
New-ApplicationAccessPolicy -AccessRight RestrictAccess -AppId "xx-yy-zz" -PolicyScopeGroupId plannersecuritygroup@yourname.com -Description "Restrict this app to specific rooms only"
OBS!
Please sign in to leave a comment.