Setting up Application Impersonation

When using Enterprise Connect with on-premise Exchange or Office 365, we recommend configuring access by using a service account that has been granted the ApplicationImpersonation role.

The ApplicationImpersonation role allows service accounts to manage events on behalf of rooms and users, with fully auditable logs.

Step 1 #

In the Office 365 Admin portal, go to Permissions

Step 2 #

Go to admin roles and click the ‘+’ symbol

Step 3 #

Enter the information required

  • Role name: ApplicationImpersonation
  • Write scope: Default

Step 4 #

Click on the ‘+’ above Roles, and select ApplicationImpersonation from the list. Click Add, then OK.

Step 5 #

Click on the ‘+’ above Members. Select your service account from the list, click Add, then OK.

Step 6 #

Click on Save, and you’re done!

Further information #

More information on configuring ApplicationImpersonation from Microsoft can be found here, and if you require any further help, feel free to contact us at

Sometimes, Exchange might not apply the ApplicationImpersonation role automatically, which can be detected by using the Microsoft Remote Connectivity Analyzer tool. If this happened to your Service Account, running the following command will resolve this issue:

New-ManagementRoleAssignment -name:impersonationAssignmentName -Role:ApplicationImpersonation -User:serviceAccount