Configuring GoBright Room Booking with Office 365 integration

The following configuration of Office 365 is required to let GoBright communicate with the calendars in Office 365.

We assume you have the following already in your possession:

  • Administrator access to the Office 365 environment
  • Access to PowerShell

The configuration manual goes through the following steps:

  • Configuring the Azure AD Enterprise Application
  • Connect to Office 365 with PowerShell
  • Create the room calendars in Office 365
  • Allow the Service account access to the room mailboxes
  • Create a ‘Roomlist’ in Office 365
  • Configure the user's default access to the room mailboxes
  • Configure the behaviour of the room mailboxes
  • Creating rooms
1. Configure the Azure AD Enterprise Application

Start by following the steps in this article.

When all steps from that article are followed you are ready to go to step 2.

2. Connect to Office 365 with PowerShell

Connecting to Office 365 with PowerShell is the easiest way to execute several configuration commands.

For connecting to Office 365 with MFA support, Microsoft provides the EXO V3 module, published through the PowerShell gallery, which can be installed with the following steps:

  1. Start PowerShell as Administrator

    The GoBright platform enforces communication using TLS 1.2. Depending on the system you use this might nog happen automatically. See the code below and implement this in every PowerShell script that communicates with GoBright.

    Also add the $ErrorActionPreference to make sure it stops the script whenever an error occurs. Please don't forget to add the lines below in each of your scripts. 

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 
    $ErrorActionPreference = "Stop"
  2. Install the PowerShell gallery PowerShell module:
    • Execute the following commands in PowerShell (running as administrator)
    • Install the NuGet PackageProvider:
      Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
    • Configure PowerShellGallery as a trusted source:
      Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
    • Install the PowerShellGet module:
      Import-Module -Name PowerShellGet
  3. Install the EXO V3 (ExchangeOnlineManagement) module:
    Install-Module -Name ExchangeOnlineManagement -Force

    The '-Force' command makes sure that the latest version of the module is installed even when a previous installation exists.

  4. Close the PowerShell session
  5. Start a new PowerShell session

Now we can use the installed EXO V3 module to connect to Office 365:

  1. Start PowerShell as Administrator (make sure this is a new PowerShell session)
  2. Start connecting by logging in, use an account with the required permissions to manage your Office 365 environment:
    Connect-ExchangeOnline -UserPrincipalName you@yourdomain.com -ShowProgress $true
  3. When logged in, we are ready to proceed with the further configuration!
3. Impersonation

Impersonation must be configured because of throttling quota configurations of Office365. There are two levels of configuring this, please read the two options below.

Note: if you use Shared mailboxes, the service account needs to be added to those Shared mailboxes. For more information please read this article.

For more information on why impersonation is used, please refer to the following MSDN article.

Option 1: Only room mailboxes - maximum restriction

For the room calendar integration to work, it is necessary to give ‘impersonation’ rights to the service account, as described above. At minimum, you need impersonation access to the room mailboxes you want to integrate with. This way integration will be working correctly, and there will be no throttling limits from Office 365.

Execute the following command to be able to change the impersonation setting in Office 365:

Enable-OrganizationCustomization

First, create a management scope for the resource mailboxes by executing the following command:

New-ManagementScope -Name "GoBrightResourceMailboxes" -RecipientRestrictionFilter { RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "EquipmentMailbox" }

Secondly, apply the following command which assigns the created management scope to the service account, change the User parameter to the email address of the service account you’ve created:

New-ManagementRoleAssignment –Name "ResourceImpersonation" –Role ApplicationImpersonation –User gobright@yourdomain.com –CustomRecipientWriteScope "GoBrightResourceMailboxes"

Execute the following command to check if the permissions are given, change the RoleAssignee to the email address of the service account you’ve created. The result of the command should show at least one line with the service account.

Get-ManagementRoleAssignment -RoleAssignee gobright@yourdomain.com -Role ApplicationImpersonation -RoleAssigneeType user

 

Option 2: Full integration - maximum integration

To enable full integration with the calendar of the user (for integrated users in GoBright), it is necessary to give ‘impersonation’ rights to the service account.

A new booking on an integrated room will be done by creating an appointment in the calendar of the user and invite the room (when creating an appointment in GoBright). This way the user can easily change the booking later on, as the user is the organizer and the booking of the room will change automatically.

Execute the following command to be able to change the impersonation setting in Office 365:

Enable-OrganizationCustomization

Execute the following command, change the User parameter to the email address of the service account you’ve created:

New-ManagementRoleAssignment –Name:GoBrightImpersonation –Role:ApplicationImpersonation –User:gobright@yourdomain.com

Execute the following command to check if the permissions are given, change the RoleAssignee to the email address of the service account you’ve created. The result of the command should show at least 1 line with the service account.

Get-ManagementRoleAssignment -RoleAssignee gobright@yourdomain.com -Role ApplicationImpersonation -RoleAssigneeType user

With the steps above completed you should now have a service account with:

  • a mailbox
  • a non-expiring password
  • impersonation rights

Make sure you have the login credentials of the service account (email address and password) before you continue.

4. Create the room calendars in Office 365

With the steps below, you’re able to create rooms in your Office 365 environment. This will publish the rooms in Office 365, and give a calendar for each room.

If you already have room calendars in your Office 365 environment, then proceed with the next step, but make sure you have the e-mail addresses of the rooms, because you will need them later on.

Execute the following commands via the PowerShell session.

Execute the following command, change the MicrosoftOnlineServicesID to the room email address you would like, and supply a correct Name, DisplayName, and Password for this room:

New-Mailbox -EnableRoomMailboxAccount $true -Room -MicrosoftOnlineServicesID room1@yourdomain.com -Name Room1 -DisplayName 'Room 1' -RoomMailboxPassword (ConvertTo-SecureString -String YourPasswordHere -AsPlainText -Force)

If needed you can set the Organizational Unit via the -OrganizationalUnit parameter. The example command above presumes the default Organizational Unit.

Execute this command for each room you would like to create.

5. Allow the Service account access to the room mailboxes

The service account needs FullAccess rights to the room mailbox, so it can use the room mailbox.

Execute the following commands via the PowerShell session.

Execute the following command, change the Identity to the room email address and change User to the email address of the service account:

Get-User -Identity room1@yourdomain.com | Add-MailboxPermission -User gobright@yourdomain.com -AccessRights FullAccess

Execute this command for each room you would like to create.

Please note: Generally speaking it will take 15 to 30 minutes for this to be processed, but this can add up to 2 hours, Office 365 will not give you any indication of when this is processed. If you proceed when this is not active in Office 365, some functionality in GoBright will not work properly (e.g. changing/saving a room, extend/stop a meeting, etc.)


Please double check and make sure that the room mailboxes you are trying to integrate are not hidden in the Global Address List on Exchange. This can cause validation errors, that the objects IDs are not available in the external system

6. Create a ‘Roomlist’ in Office 365

To get the room mailboxes easily published, you should create one or more ‘Distribution Groups’ of the type ‘Roomlist’.
You might want to create multiple ‘roomlists’, for example per building, per floor, etc.

It is possible to skip this step, but then you will need to manually create the rooms in GoBright , instead of synchronizing them.

Execute the following commands via the PowerShell session.

First, create the Roomlist, change the Name if you want to give a different name to the roomlist:

New-DistributionGroup -Name 'GoBright Rooms' –RoomList

Now add each room mailbox with the following command, change the Identity to the name of the list, and change the Member to the email address of the room:

Add-DistributionGroupMember -Identity 'GoBright Rooms' -Member room1@yourdomain.com

Execute this command for each room mailbox, so each room mailbox is added to the list.

Note: when you have more then 100 rooms in your roomlist Microsoft advises to create multiple roomlists: Roomlist Microsoft article

7. Configure the user's default access to the room mailboxes

Now the access of the users to the room mailboxes should be configured.

Execute the following commands via the PowerShell session.

With the following command you set the default access for each room mailbox to ‘read only, with limited details’, this usually is best, so users cannot change directly in the room mailbox. Change the value of Identity to the email address of the room.

Set-MailboxFolderPermission -Identity room1@yourdomain.com:\Calendar -User Default -AccessRights LimitedDetails

Note: the folder name ‘Calendar’ is dependant to the culture settings of the room mailbox, so ‘Calendar’ also might be some translated value like ‘Agenda’. The command will fail with an error message if you’re using the wrong folder name.

Execute the following command to get the folder name (e.g. when the command above fails):

Get-MailboxFolderStatistics -Identity room1@yourdomain.com | Where-Object {$_.FolderType -eq "Calendar"} | Select Name,FolderType,Identity
8. Configure the behavior of the room mailboxes

The default behaviour of a room mailbox changes the subject of the appointment and removes the private flag if it’s set. Via the following command, the room mailbox is configured to automatically process (accept/decline) meeting requests and keeps the data of the meeting in place.

Execute the following command via the PowerShell session.

Configure the behaviour of the room mailbox, change the Identity parameter to the email address to the email address of the room:

Set-CalendarProcessing -Identity room1@yourdomain.com -AutomateProcessing AutoAccept -DeleteSubject $False -DeleteComments $False -AddOrganizerToSubject $False -RemovePrivateProperty $False

Execute this command for each room mailbox.

When needed, you can change this best-practice to get different behaviour. The following parameters are the most important:

  • AutomateProcessing: AutoAccept will make the room mailbox process meetings automatically (accept/decline). It’s also possible to do this manually, via the value ‘None’ (more info), but this also means you will have to process cancellations manually.
  • DeleteSubject: By keeping the original subject, we’re able to show the subject in the portal, app, and displays. This is possible via the value $False. If you use the value $True, the subject will be deleted by the room mailbox.
  • DeleteComments: When DeleteComments is set to $True, the content of the comment in your calendar item will not be pushed to the GoBright portal and app. If set to $False, all content of your comment will be pushed to the GoBright portal and app. Keep in mind that only the first 500 characters will be shown due to a restriction of Microsoft.
  • AddOrganizerToSubject: The room mailbox is able to add the name of the organizer to the subject, but this can get confusing. By using the value $False this is disabled.
  • RemovePrivateProperty: The room mailbox removes the private property from the incoming meeting. By using the value $False, the meeting will keep its private flag.

For more details about Mailbox settings, read this Microsoft article.

9. Install the GoBright Outlook Add-in (optional)

Follow the steps in this article to continue.

10. Install the GoBright Teams Plugin (optional)

Follow the steps in this article to continue.

11. Configure Rooms

Follow the steps in this article to continue.

10 out of 10 found this helpful