Graph API for Office 365

Cronofy developed a new integration for connecting Office 365 calendars using Microsoft’s Graph API which was first made available in November 2021.

Microsoft’s Graph API provides two key benefits:

Cronofy can request more granular permissions than EWS, leading to less friction in administrator consent
Cronofy can use Teams conferencing as an integrated conferencing provider, with no additional end-user authorization required, in the same way Google Meet works for Google Calendars

Since 2021 we have offered it as an opt-in feature for existing API integrations, enabling it by default for new API integrations since February 2023, and making it the default for all applications from June 7, 2024.

We have connected to hundreds of thousands of calendars using Microsoft’s Graph API and have bought it up to the quality of all our other calendar integrations through that real-world usage.

Removal of EWS support for 365 calendars #

On September 19, 2023 Microsoft’s announcement “Retirement of Exchange Web Services in Exchange Online” detailed that they will start blocking Exchange Web Services (EWS) requests on October 1, 2026 for accounts hosted on 365. This will mean that any connections not using EWS by this point will stop working.

Microsoft also announced that ApplicationImpersonation will stop working on Microsoft 365 Exchange service accounts from February 2025 which will stop EWS Service Accounts from successfully syncing M365 calendars.

Microsoft’s Graph API is only available for tenants hosted on Office 365.

Support for on-premise and free-busy-only Exchange will continue through the use of Exchange Web Services (EWS).

It is only using EWS with Office 365 hosted calendars that Microsoft are removing support for.

Migrating existing EWS individual connections #

In order to see the protocol Cronofy is using to communicate with an Office 365 calendar, we now include a provider_protocol attribute on our UserInfo endpoint. This has a value of exchange_web_services or graph_api.

If the current protocol is exchange_web_services then there will also be a graph_api_migration_url parameter provided alongside which can be presented to the user so they can authorize access via Microsoft’s Graph API and seamlessly transition away from using Exchange Web Services (EWS).

This process works in much the same way as relinking someone’s calendar does. It only affects the link between Cronofy and the user’s calendar, with no impact on your connection as an integrator.

Migrating existing EWS Enterprise connections #

Customers can migrate using our EWS to Graph API migration flow which allows them to authorize their M365 tenant to our Graph API application. We will then migrate previously-authorized calendars over from the old EWS service account connection to the new Graph API connection. You can refer customers to our Migration from EWS to Graph API FAQ guide which provides the steps on how to migrate.

You can also verify which customers need to migrate by utilising the graph_migration_status column in the Application Service Account Authorizations Report, so that you can reach out to them to advise them on how to migrate. You can see more about this via our How to identify customers that need to migrate from EWS to Graph API?" FAQ guide.

Connecting via Enterprise Connect #

Enterprise Connect with Graph is simpler to configure for calendar administrators than Exchange Web Services. No service account on the Exchange side is needed. Instead, it works similarly to the Google Workspace integration

the administrator only needs to approve the connection using their admin account. Please see our Graph API documentation for calendar administrators here.

A Cronofy Service Account is still created for your application to interact with the organization, and you will still receive Cronofy Service Account credentials in the same way.

The Cronofy authorization flow for service accounts will create a Graph connection by default. The option to create an EWS-based connection still exists as a secondary option during the flow.

A Graph Service Account will return a new provider_name value of ms_graph_calendars when calling the UserInfo endpoint. Requesting delegated access to users’ or resources’ calendars through a Graph service account will switch over any existing profiles that are currently synchronizing via Exchange Web Services to use the Graph connection instead.

Parity with EWS #

Calendar profiles will still appear as having provider_name of exchange on a UserInfo endpoint response.

There are currently minor differences compared to EWS:

Event geolocation coordinates are returned with a slightly different degree of precision. This makes no real world difference, but you may receive push notifications that events have changed as a result.
Graph gives us richer information about calendars. Built-in national holidays calendars can now be detected as read-only, where they couldn’t before.

Last updated: June 6, 2024