Setting up Application Impersonation
When using Enterprise Connect with on-premise Exchange or Office 365, we recommend configuring access by using a service account that has been granted the ApplicationImpersonation
role.
The ApplicationImpersonation
role allows service accounts to manage events on behalf of rooms and users, with fully auditable logs.
Step 1 #
In the Office 365 Admin portal, go to Permissions
Step 2 #
Go to admin roles and click the ‘+’ symbol
Step 3 #
Enter the information required
- Role name: ApplicationImpersonation
- Write scope: Default
Step 4 #
Click on the ‘+’ above Roles, and select ApplicationImpersonation
from the list. Click Add, then OK.
Step 5 #
Click on the ‘+’ above Members. Select your service account from the list, click Add, then OK.
Step 6 #
Click on Save, and you’re done!
Further information #
More information on configuring ApplicationImpersonation
from Microsoft can be found here, and if you require any further help, feel free to contact us at support@cronofy.com.
Sometimes, Exchange might not apply the ApplicationImpersonation role automatically, which can be detected by using the Microsoft Remote Connectivity Analyzer tool. If this happened to your Service Account, running the following command will resolve this issue:
New-ManagementRoleAssignment -name:impersonationAssignmentName -Role:ApplicationImpersonation -User:serviceAccount