This article will cover the process of preparing M365 using Graph for Humly Control Panel integration.
Note:
M365 Global Admin permissions are required to complete the preparation.
Creating Resource Mailboxes in Microsoft 365
Tip:
This step is optional; you can skip it if you have already created the resource mailboxes.
The Humly Control Panel synchronizes calendar data from resource mailboxes, ensuring that meeting details are displayed on Humly Room Displays (HRD) and Humly Booking Devices (HBD) located outside meeting rooms or mounted on desks.
To create a resource mailbox, follow the steps below:
1. Go to https://admin.exchange.microsoft.com/and login with your admin account.
From the Exchange admin center, navigate Recipient and click Resources. Press Add a room resource.
2. Enter the Room Name and specify the resource account's Email address. You can also add other room settings here. When finished, press Create.
If you want to create more resources, repeat the steps.
It is highly recommended to configure the resource rooms with the below cmdlet using PowerShell:
Unfortunately, there is no way to do this from the graphical admin interface
This command will remove the organizer from being the subject/title of meetings and ensure that private meetings from M365 stay private in Humly.
Set-CalendarProcessing <room1@domain.com> -AddOrganizerToSubject $False -DeleteComments $False -DeleteSubject $False -RemovePrivateProperty $false
Application Registration and API Permissions
You can prepare the Microsoft 365 backend for Humly Control Panel integration using one of the following methods.
- Unscoped Application Permission (Simpler)
This straightforward approach grants application-wide permissions to all resources and users. It is easy to implement using only the Microsoft Entra Admin Center, making it suitable for quick setups or scenarios where scoping is not a concern. - Scoped Application Permissions (Advanced)
This more advanced approach restricts permissions to specific resources by scoping them to groups you create. It involves combining the Microsoft Entra Admin Center for initial setup with PowerShell commands to apply scoping, providing greater control and enhanced security for organizations with complex requirements.
If you want to use the Scoped Application Permission, please follow the instructions and details in this link.
Advanced MS Graph Setup
Tip:
You can transition from Wide Application Permissions to Scoped Application Permissions at any time if you decide to implement Scoped Permissions in the future.
Unscoped Application Permission
Please follow the steps below to complete the application registration and configuration of API permissions.
You can also check the recording for a step-by-step demo.
1. Application Registration
Log in to the Microsoft Entra admin center. To register the HCP application in Azure, navigate to App Registrations to open the application registration blade, then select New Registration.
Select the name for your application and click Register.
2. App ID and Tenant ID
Once the application is created, the summary page should appear; make a note of the Application (client) ID and Directory (tenant) ID, as it will be needed later when connecting the Humly Control Panel to Microsoft 365
Note:
The SSO setup is optional; if you are not planning to use SSO with the Humly control panel, you can skip this step.
If you want to allow login using single sign-on SSO, you should whitelist your Humly Control Panel URL in the application; you can do this by heading to Authentication, then clicking Add a Platform and selecting Single-page application.
Type in your cloud URL or on-prem URL followed by /sso/redirect, and click Configure.
Examples below
Examples for the Single-page application redirect URI:
https://XXXXX.humly.cloud/sso/redirect (Replace XXXXX with your cloud ID)
https://localhost:3002/sso/redirect
https://hcp-server-url:3002/sso/redirect (Replace hcp-server-URL with your server FQDN )
If you plan to use the User Groups to Restrict Single Sign-On, please check out the required configuration in this document.
Configure the Client secret by clicking on Certificates & secrets and then clicking New Client Secret In the newly opened blade, enter the description you want and set the expiry according to your policy.
Copy the client's secret value and make a note of it, as this will be needed when setting up the Humly Control Panel.
Please note that the secret should be valid for HCP to work. Once it expires, meetings from Microsoft to the Humly control panel will stop syncing, so you will have to replace the expired client secret with a new one and reauthenticate to Microsoft once again.
Important:
- Humly integration supports only the client's secret Value. Secret ID is not supported and will give you an error when trying to connect.
- HCP will stop syncing with Microsoft 365 once the secret key expires. Make sure you select the correct expiry time and renew the key before it expires.
- Go to the App registration, select API permissions setting, click the Add a permission button, and then select Microsoft Graph.
- In the permission selection page, select Application Permission, which will open the list of application access permissions. Search for and checkmark "User.Read.All" then click Add permission.
- Repeat the same step, searching for and checking mark "Group.Read.All". Then click Add permissions.
- Repeat the same step, searching for and checking mark "Calendars.ReadWrite". Then click Add permissions.
- Repeat the same step to add the final API, searching for and checking the mark "Mail.Send". Then click Add permissions.
- Finally, Grant the admin consent for the application.
You should now be able to proceed to the next step of installing and configuring the Humly Control Panel.