Integrating AskCody and Microsoft Exchange comes with a few hard requirements and helpful recommendations. Learn about them here
Requirements
Azure Plan
Microsoft Azure has a wide variety of plans, which adapt to different organizational needs and requirements. In AskCody, we do not have requirements about specific Azure plans, however, to successfully integrate with your organization, the Azure plan of your choice should give your organization access to the Microsoft Exchange Admin Center, Active Directory and provide your users and organizational resources with valid Exchange Mailboxes.
Establishing a connection between Microsoft Exchange and AskCody
Using Basic Authentication
- Service Account with the ApplicationImpersonation role with full access to the mailboxes of the resources you will use with AskCody (users and meeting rooms). Learn more
- TLS 1.2 enabled and selected as the transfer protocol in Microsoft Exchange both for server, and client requests. This enables the follow the meeting intelligence that our Meeting Services and Visitor Management solutions are equipped with, making catering and service orders, and visitor lists to follow any eventual changes in meetings (such as reschedulings, or cancellations). Learn more
- Direct connection to your organization's Exchange Web Services (EWS). Some organizations have set up load balancers as part of an infrastructure that can prevent the communication between your Exchange environment and AskCody from flowing properly. For optimal performance, it is highly recommended to establish the connection directly to your organization's Exchange environment. All data in motion from AskCody is encrypted using 128-bit TLS 1.2+, so it always stays secure. Learn more
Using Modern Authentication
- Full mailbox access to the Askcody Application in Exchange granted by a Global Admin in Azure Active Directory. AskCody only accesses calendar mailboxes and the Exchange data needed for the products to perform accordingly. Personal mailboxes are not accessed, and their data is not processed by AskCody. Access to this data in further controlled in Data Processing Agreements between AskCody and the customer. Learn more
Automatic User Synchronization
Exchange Online
- Global administrator access to Azure Active Directory for the initial setup
- Grant the AskCody Application permission to read user's basic profiles in Azure Active Directory
- Security-enabled groups in Azure Active Directory
- Users setting up the synchronization need to exist in the organization's Azure Active Directory (relevant when hiring a third-party service provider to set up the user synchronization)
Learn more about the user synchronization with Azure Active Directory here
Exchange On-Prem
- AskCody Active Directory Forwarding Service (AADFS) running on an Exchange Server in your organization. AADFS requires no physical installation to run. Learn more
Add-Ins
The AskCody add-ins are available in two formats:
- Modern Add-ins
- VSTO Add-ins
Using Modern Add-ins
- Exchange version 2013, or higher
- Global Admin in Microsoft Exchange to deploy the add-ins
Learn more about deploying modern add-ins here
Using VSTO Add-ins
- Microsoft .NET Framework 4.5.2 Full
- Visual Studio 2010 Tools for Office Runtime
- Windows 10 (version 1809 - Redstone 5, or above)
Recommendations
- Application scoping: When using Basic Authentication, it is possible for Exchange Administrators to use Application Scoping, meaning create a custom management scope of users that the service account can impersonate.
By opting to use application scoping (management scope), the service account will then only be allowed to impersonate users within the specified scope. If no scope is specified, the service account will be granted the ApplicationImpersonation role over all users in an organization. Learn more
- Automate processing of booking requests: When adding room mailboxes to Exchange, we recommend enabling Automate Processing for the meeting room resource. For more information about Automate Processing, please go to TechNet. Automate Processing allows “meeting responses” to be sent to the user when a resource is booked. Automate Processing is required for all resource calendars because it will prevent double bookings or “conflicts”.
If Automate Processing isn't enabled, booking conflicts might happen, and booking confirmations and rejections would be handled manually.
- Setting up Booking Policies and Scheduling Permissions: Customizing the scheduling options and permissions allows you to control how your organization utilizes your resource calendars. A smart configuration of your scheduling options and permissions will eliminate potential user errors and align calendar booking with your business rules and procedures. Learn more