Alle produkter
NOR / ENG
0

MS365-Service Account

This description takes you thru the steps needed to get your Microsoft 365 tenant ready for Stoltzen Metis.
Please follow the steps carefully and do noy skip any of the steps described unless they are marked as optional.

  1. Introduction

Stoltzen Metis is an Android application bundled with different Android based touch screen configurations. Stoltzen Metis communicates directly to the MS365 tenant by useing HTTPS interface protocol with TLS 1.2 Encryption.

  1. Prerequisites

The Stoltzen Metis application needs a service account that has rights to manage the resource calendars (Meeting room calendars) where you want to deploy Stoltzen Metis panels. Due to Microsoft throttling policy one account can only manage up to about 15 rooms. So please create one service account pr. 15 rooms that are to be managed by Stoltzen Metis panels.  More information on the Client throttling policy can be found here – EWS Throttling

Stoltzen Metis needs all of the rooms that are to be managed to be present in one or several room lists.
By default rooms are not organized in any lists, so if your exchange is not configured with room lists, please do so. See section 3. Create room lists for more information.

Note: Make sure that your meeting rooms resource mailboxes are configured correctly.
If they work properly with booking from different users in Outlook – it will work with Stoltzen Metis.

2.1 Communication Protocols

For Stoltzen Metis to work it needs HTTPS (port 443) communication to the Microsoft 365 environment.

The Android panel also needs to synchronize time and date with an NTP server. The Android OS is by default set to synchronize towards a Google NTP server, so NTP (port 123) must be open towards internet to make sure time and date are correct. The panels can also be configured to syncronize towards a specific NTP server.

3. Create a service account

Make sure that the service account does not have MFA (Multi factor authentication) enabled and that the account is not required to change password after a period of time.

Go to https://admin.microsoft.com/ and log on as your Microsoft 365 administrator.

  • Select “Active users” and click “Add a user”
  • Create a new user that will be the Service account.
    Make sure to set the password manually and untick that the user must change the password at first logon.  Click the “Next” button

The service account needs a mailbox and therefore a Microsoft 365 license that contains Exchange Online Plan 1 or 2.
(Minimum 365 Business Basic or 365 Enterprise E1)

  • Assign license and click “next” button.

No additional settings are needed (this is a regular user)

  • Click “next” then “Finish”.

4. Assign service account rights to the meeting rooms

Open the Exchange Online admin console and log in as administrator https://admin.exchange.microsoft.com/

  • Select “Resources” in the left menu, click the resource (room) you want to add the service account and click “Manage delegates”
  • Add the service account created in step 2.2 and set rights to “full access” then press save.

Repeat these steps for all the rescources (rooms) that are to be managed by Stoltzen Metis panel.

5. Create Room Lists

Stoltzen Metis will only be able to see rooms that are a member of a roomlist. If you do not have any roomlists you will need at least one for Stoltzen Metis to work. If you create a new room it needs to be added to a roomlist before it can be managed by Stoltzen Metis.

Note: If you are using MSgraph special characters like !#$%&’*+-/=?^_`{|}~ is not allowed in the roomlist email adress. Please check exsisting roomlist in scenarios where you have migrated from on premise Exchange to Office 365

Please note that changes made in Microsoft 365 environment (create/change/delete – rooms and roomlists) might take up to 48 hours before they are exposed to the MSgraph API. So if your changes is not available for Stoltzen Metis, be patient. (This issue is raised as a support issue with Microsoft, so hopefully it will be better)

Open the Exchange Online admin console and log in as administrator https://admin.exchange.microsoft.com/

  • Select “Groups” in the left menu, select “Add a group” set group type to “Distribution” and click “Next”
  • Give the roomlist a name and click “Next”
  • Set an email adress for the roomlist and click “next” and “Create Group”
  • Select the roomlist in the “Groups” overview.
    (Note, it might take a minute before the list you created will be visible, use the refresh button)
  • Click “View all and manage members” then add all rooms you want to be a member for this roomlist. Then click “Save Changes”

Please note that the roomlist currently is defined as a distribution list and needs to be converted to a roomlist.

5.1 Convert distribution list to room list

The conversion is done in Microsoft 365 Powershell. If you are not familiar with powershell this task might be a bit complicated.

To start powershell, right click the “Windows” logo in Windows 10 and select “Windows Powershell Admin” in the start menu.

Run the following command: Set-ExecutionPolicy RemoteSigned
Accept to change the excecution policy. (A)

Install the needed powershell modules for manageing Exchnage Online
Run the following command: Install-Module -Name ExchangeOnlineManagement

Connect Powershell to Exchange Online (Administrator user)
Run the following command: Connect-ExchangeOnline -UserPrincipalName admin.name@yourdomain.com
Log in with your credentials if needed.

Convert the distribution list to a room list
Run the command: Set-DistributionGroup -Identity “Your Distribution List Name” -RoomList

5.2. Optional – Add new rooms to roomlist

If you at a later stage need to add more rooms to the already created roomlist you can do so with by entering Powershell and log into your Office 365 tenant as as described in section 5.1, then run the following powershell command:

Add-DistributionGroupMember –Identity “Room list” -Member “Meeting Room”

6. Optional – Enable show meeting subject

By default, events scheduled in the meeting room calendars will show the name of the organizer instead of the actual event title.

This is a security feature and changing this behavior should be introduced with care. If your organization would like to save subject titles of meetings in the room calendar (So it can be shown on the Stoltzen Metis panel) This is easily fixed through Powershell command. Please note that all subjects of meetings booked will be visible for everyone unless the meeting is set to private.

To enable subject, run this powershell command: Get-Mailbox -RecipientTypeDetails RoomMailbox | Set-CalendarProcessing -AddOrganizerToSubject $false -DeleteSubject $false -DeleteComments $false -RemovePrivateProperty $false