Graph API for Office 365

Cronofy developed a new integration for connecting Office 365 calendars using Microsoft’s Graph API which was first made available in November 2021.

Microsoft’s Graph API provides two key benefits:

Cronofy can request more granular permissions than EWS, leading to less friction in administrator consent
Cronofy can use Teams conferencing as an integrated conferencing provider, with no additional end-user authorization required, in the same way Google Meet works for Google Calendars

Since 2021 we have offered it as an opt-in feature for existing API integrations, enabling it by default for new API integrations since February 2023.

We have connected to hundreds of thousands of calendars using Microsoft’s Graph API and have bought it up to the quality of all our other calendar integrations through that real-world usage.

Removal of EWS support for 365 calendars #

On September 19, 2023 Microsoft’s announcement “Retirement of Exchange Web Services in Exchange Online” detailed that they will start blocking Exchange Web Services (EWS) requests on October 1, 2026 for accounts hosted on 365. This will mean that any connections not using EWS by this point will stop working.

In light of this, we will be changing Microsoft’s Graph API to become the default way of connecting to calendars hosted on Microsoft 365 from June 5, 2024, replacing Exchange Web Services (EWS).

Microsoft’s Graph API is only available for tenants hosted on Office 365.

Support for on-premise Exchange will continue through the use of Exchange Web Services (EWS).

It is only using EWS with Office 365 hosted calendars that Microsoft are removing support for.

We encourage integrators to enable the use of Microsoft’s Graph API for their applications ahead of this time. Wu will be providing support and guidance on how to transition all existing EWS connections over to Graph well ahead of the October 1, 2026 deadline.

Enabling Graph for your application #

To enable the feature, visit the Features section for your application in the Cronofy developer dashboard.

Connecting via Individual Connect #

After the feature is enabled, Individual Connect authorization attempts for Office 365 will use Graph instead of EWS. The only user-facing change is that the Microsoft authorization flow will present a different (less permissive) set of scopes.

If you have existing profiles connected, you can go through the authorization flow again for them, and they’ll be switched over. If you disable the feature, the same steps will switch a profile back to synchronizing via EWS.

Migrating existing EWS individual connections #

In order to see the protocol Cronofy is using to communicate with an Office 365 calendar, we now include a provider_protocol attribute on our UserInfo endpoint. This has a value of exchange_web_services or graph_api.

If the current protocol is exchange_web_services then there will also be a graph_api_migration_url parameter provided alongside which can be presented to the user so they can authorize access via Microsoft’s Graph API and seamlessly transition away from using Exchange Web Services (EWS).

This process works in much the same way as relinking someone’s calendar does. It only affects the link between Cronofy and the user’s calendar, with no impact on your connection as an integrator.

Connecting via Enterprise Connect #

Enterprise Connect with Graph is simpler to configure for calendar administrators than Exchange Web Services. No service account on the Exchange side is needed. Instead, it works similarly to the Google Workspace integration

the administrator only needs to approve the connection using their admin account. Please see our Graph API documentation for calendar administrators here.

A Cronofy Service Account is still created for your application to interact with the organization, and you will still receive Cronofy Service Account credentials in the same way.

Once the Graph API feature is enabled, the Cronofy authorization flow for service accounts will create a Graph connection by default. The option to create an EWS-based connection still exists as a secondary option during the flow.

A Graph Service Account will return a new provider_name value of ms_graph_calendars when calling the UserInfo endpoint. Requesting delegated access to users’ or resources’ calendars through a Graph service account will switch over any existing profiles that are currently synchronizing via Exchange Web Services to use the Graph connection instead.

Connecting specific organizations #

You may wish to connect specific organizations via Graph Enterprise Connect without opting-in your entire application to the feature.

To do this, you can pass an additional query string value of provider_name=ms_graph_calendars to the authorization URL, which will force a Graph connection, even if the opt-in feature is not enabled.

Parity with EWS #

Calendar profiles will still appear as having provider_name of exchange on a UserInfo endpoint response.

There are currently minor differences compared to EWS:

Event geolocation coordinates are returned with a slightly different degree of precision. This makes no real world difference, but you may receive push notifications that events have changed as a result.
Graph gives us richer information about calendars. Built-in national holidays calendars can now be detected as read-only, where they couldn’t before.