Configuring Office 365 for integration

The following configuration of Office 365 is needed to let BrightBooking communicate with the calendars in Office 365.

We assume you have the following already in your possession:

  • Administrator access to the Office 365 environment
  • Access to PowerShell

The configuration manual goes through the following steps:

  • Connect to Office 365 with PowerShell
  • Create a service account in Office 365
  • Create the room calendars in Office 365
  • Allow the Service account access to the room mailboxes
  • Create a ‘Roomlist’ in Office 365
  • Configure the users default access to the room mailboxes
  • Configure the behavior of the room mailboxes

Connect to Office 365 with PowerShell

Connecting to Office 365 with PowerShell, is the easiest way to execute the several configuration commands.

  • Start PowerShell as Administrator
  • Set the Execution Policy in PowerShell in:
    Set-ExecutionPolicy RemoteSigned
  • Get the login credentials:
    $UserCredential = Get-Credential


    A login dialog will appear, enter your administrator credentials:

    The account your using needs permissions in Exchange Online. Default only Global Administrators have Organisation Management permissions in Office 365/Exchange Online.
  • Now actually connect with Office 365:
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
  • Import all Exchange cmdlets in your session:
    Import-PSSession $Session

Create a service account in Office 365

BrightBooking needs a service account to get access to the calendars, to be able to synchronize the room calendars.

Execute the following commands via the PowerShell session.

Execute the following command to be able to enter the password of the service account your creating:

$password = Read-Host "Enter password for the service account" -AsSecureString

Now execute the following command to create the service account, please change the UserPrincipalName to your own name/domain:

New-Mailbox -MicrosoftOnlineServicesID brightbooking@yourdomain.com -Alias 'BrightBooking' -Name BrightBooking -Password $password -FirstName 'BrightBooking' -DisplayName 'BrightBooking' -ResetPasswordOnNextLogon $false

If needed you can set a specific ‘Exchange Database’ via the -Database parameter, and set the Organizational Unit via the -OrganizationalUnit parameter. The example command above presumes the default Exchange Database and Organizational Unit.

Now check if the service account is created correctly by executing the following command. The result of the command should show the mailbox of the newly created service account, if no mailbox shows up, you probably should link a license to the mailbox in the Office Admin Center. Execute the following command, replace the Identity parameter to the email address of the service account:

Get-Mailbox -Identity brightbooking@yourdomain.com

Now set the service account to have a never expiring password:

Set-MsolUser -UserPrincipalName brightbooking@yourdomain.com -PasswordNeverExpires $true

To enable full integration with the calendar of the user (for integrated users in BrightBooking), it is necessary to give ‘impersonation’ rights to the service account. This way a new booking on an integrated room will be done by creating an appointment in the calendar of the user and invite the room. This way when the user cancels or changes the meeting, the booking of the room will change automatically. Execute the following command to be able to change the impersonation setting in Office 365:

Enable-OrganizationCustomization

Execute the following command, change the User parameter to the email address of the service account you’ve created:

New-ManagementRoleAssignment –Name:BrightBookingImpersonation –Role:ApplicationImpersonation –User:brightbooking@yourdomain.com

Execute the following command to check if the permissions are given, change the RoleAssignee to the email address of the service account you’ve created. The result of the command should show at least 1 line with the service account.

Get-ManagementRoleAssignment -RoleAssignee brightbooking@yourdomain.com -Role ApplicationImpersonation -RoleAssigneeType user

The service account is now created:

  • As an account with a mailbox
  • With a non-expiring password
  • With impersonation rights

Please write down the following, as you will need them later in the BrightBooking portal:

  • The login credentials of the service account (email address and password)

Create the room calendars in Office 365

With the steps below you’re able to create rooms in your Office 365 environment. This will publish the rooms in Office 365, and give a calendar in for each room.

If you already have room calendars in your Office 365 environment, then proceed with the next step, but make sure you have the e-mail addresses of the rooms, because you will need them later on.

Execute the following commands via the PowerShell session.

Execute the following command, change the MicrosoftOnlineServicesID to the room email address you would like, and supply a correct Name, DisplayName and Password for this room:

New-Mailbox -EnableRoomMailboxAccount $true -Room -MicrosoftOnlineServicesID room1@yourdomain.com -Name Room1 -DisplayName 'Room 1' -RoomMailboxPassword (ConvertTo-SecureString -String YourPasswordHere -AsPlainText -Force)

If needed you can set the Organizational Unit via the -OrganizationalUnit parameter. The example command above presumes the default Organizational Unit.

Execute this command for each room you would like to create.

Allow the Service account access to the room mailboxes

The service account needs FullAccess rights to the room mailbox, so it can use the room mailbox.

Execute the following commands via the PowerShell session.

Execute the following command, change the Identity to the room email address and change User toe the email addres of the service account:

Get-User -Identity room1@yourdomain.com | Add-MailboxPermission -User brightbooking@yourdomain.com -AccessRights FullAccess

Execute this command for each room you would like to create.

Please note: Generally speaking it will take 15 to 30 minutes for this to be processed, but this can add up to 2 hours, Office 365 will not give you any indication of when this is processed. If you proceed when this is not active in Office 365, some functionality in BrightBooking will not work properly (e.g. changing/saving a room, extend/stop a meeting, etc.)

Create a ‘Roomlist’ in Office 365

To get the room mailboxes easily published, you should create one or more ‘Distribution Groups’ of the type ‘Roomlist’.
You might want to create multiple ‘roomlists’, for example per building, per floor, etc.

It is possible to skip this step, but then you will need to manually create the rooms in BrightBooking, instead of synchronise them.

Execute the following commands via the PowerShell session.

First create the Roomlist, change the Name if you want to give a different name to the roomlist:

New-DistributionGroup -Name 'BrightBooking Rooms' –RoomList

Now add each room mailbox with the following command, change the Identity to the name of the list, and change the Member to the email address of the room:

Add-DistributionGroupMember -Identity 'BrightBooking Rooms' -Member room1@yourdomain.com

Execute this command for each room mailbox, so each room mailbox is added to the list.

Configure the users default access to the room mailboxes

Now the access of the users to the room mailboxes should be configured.

Execute the following commands via the PowerShell session.

With the following command you set the default access for each room mailbox to ‘read only, with limited details’, this usually is best, so users cannot change directly in the room mailbox. Change the value of Identity to the email address of the room.

Set-MailboxFolderPermission -Identity room1@yourdomain.com:\Calendar -User Default -AccessRights LimitedDetails

Note: the foldername ‘Calendar’ is dependant to the culture settings of the room mailbox, so ‘Calendar’ also might be some translated value like ‘Agenda’. The command will fail with an errormessage if you’re using the wrong foldername.

Execute the following command to get the foldername (e.g. when the command above fails):

Get-MailboxFolderStatistics -Identity room1@yourdomain.com | Where-Object {$_.FolderType -eq "Calendar"} | Select Name,FolderType,Identity

Configure the behavior of the room mailboxes

The default behaviour of a room mailbox changes the subject of the appointment, and removes the private flag if it’s set. Via the following command the room mailbox is configured to automatically process (accept/decline) meeting requests, and keeps the data of the meeting in place.

Execute the following command via the PowerShell session.

Configure the behavior of the room mailbox, change the Identity parameter to the email address to the email address of the room:

Set-CalendarProcessing -Identity room1@yourdomain.com -AutomateProcessing AutoAccept -DeleteSubject $False -DeleteComments $False -AddOrganizerToSubject $False -RemovePrivateProperty $False

Execute this command for each room mailbox.

When needed, you can change this best-practice to get different behaviour. The following parameters are the most important:

  • AutomateProcessing: AutoAccept will make the room mailbox process meetings automatically (accept/decline). It’s also possible to do this manually, via the value ‘None’ (more info), but this also means you will have to process cancellations manually.
  • DeleteSubject: By keeping the original subject, we’re able to show the subject in the portal, app and displays. This is possible via the value $False. If you use the value $True, the subject will be deleted by the room mailbox.
  • DeleteComments: By keeping the comments, we’re able to show the subject in the portal and app. This is possible via the value $False. If you use the value $True, the comments will be deleted by the room mailbox.
  • AddOrganizerToSubject: The room mailbox is able to add the name of the organizer to the subject, but this can get confusing. By using the value $False this is disabled.
  • RemovePrivateProperty: The room mailbox removes the private property from the incoming meeting. By using the value $False, the meeting will keep it’s private flag.

Next...

Now you are ready to configure the 'integration' in the BrightBooking portal, and create the rooms in BrightBooking.

2 out of 2 found this helpful