Setting up Application Impersonation

When using Enterprise Connect with on-premise Exchange or Office 365, we recommend configuring access by using a service account that has been granted the ApplicationImpersonation role.

The ApplicationImpersonation role allows service accounts to manage events on behalf of rooms and users, with fully auditable logs.

Step 1 #

Navigate to the Exchange Admin portal.

Step 2 #

Click the ‘Add role group’ button.

Step 3 #

Enter the information required

• Role name: ApplicationImpersonation
• Write scope: Default

Then click ‘Next’.

Step 4 #

Search for ApplicationImpersonation, and check this Role from the list. Then click ‘Next’.

Step 5 #

Search for your service account. Select your service account from the list. Then click ‘Next’.

Step 6 #

Check the details are correct on the summary page. Click on ‘Add role group’, and you’re done!

Further information #

More information on configuring ApplicationImpersonation from Microsoft can be found here, and if you require any further help, feel free to contact us at support@cronofy.com.

Sometimes, Exchange might not apply the ApplicationImpersonation role automatically, which can be detected by using the Microsoft Remote Connectivity Analyzer tool. If this happened to your Service Account, running the following command will resolve this issue:

New-ManagementRoleAssignment -name:impersonationAssignmentName -Role:ApplicationImpersonation -User:serviceAccount