Setting up Application Impersonation
When using Enterprise Connect with on-premise Exchange or Office 365, we recommend configuring access by using a service account that has been granted the
ApplicationImpersonation role allows service accounts to manage events on behalf of rooms and users, with fully auditable logs.
Step 1 #
In the Office 365 Admin portal, go to Permissions
Step 2 #
Go to admin roles click the ‘+’ symbol
Step 3 #
Enter the information required
- Role name: ApplicationImpersonation
- Write scope: Default
Step 4 #
Click on the ‘+’ above Roles, and select
ApplicationImpersonation from the list. Click Add, then OK.
Step 5 #
Click on the ‘+’ above Members. Select your service account from the list, click Add, then OK.
Step 6 #
Click on Save, and you’re done!
Further information #
More information on configuring
ApplicationImpersonation from Microsoft can be found here, and if you require any further help, feel free to contact us at firstname.lastname@example.org.
Sometimes, Exchange might not apply the ApplicationImpersonation role automatically, which can be detected by using the Microsoft Remote Connectivity Analyzer tool. If this happened to your Service Account, running the following command will resolve this issue:
New-ManagementRoleAssignment -name:impersonationAssignmentName -Role:ApplicationImpersonation -User:serviceAccount