Setting Up Zoom Rooms with Office 365
It is possible to display the meetings scheduled for the Zoom Room on a TV display, the room’s controller, and the Scheduling Display in the event of an integrated calendar resource. A calendar service is used to assign conference rooms as specific calendar resources. A Zoom Room can then be scheduled by inviting a calendar resource from your organization to the meeting. Users will be able to start and join meetings in the room by authorizing Zoom to access calendar resources.
Before you can enable calendar support for Zoom Rooms, an Office 365 administrator will need to create a dedicated service account user in Office 365 and configure that user’s access settings, create or locate an individual calendar resource for each Zoom Room, and then set the impersonation or delegation settings for both the service account user and the calendar resource.
The Office 365 administrator will then use the credentials of the dedicated user in your account to grant permission for Zoom Rooms to use the calendar service and all resources and applications in your account after they have completed all the steps in each section.
This article covers:
- How to create a dedicated user for Zoom to access Office 365 calendars
- How to create or locate a calendar resource for each room
- How to set up access permissions
- Installing the Microsoft Exchange Online v2 Powershell Module
- Choosing between App-level Impersonation and Full Delegate Access
- App-level Impersonation
- Full Delegate Access
- How to update the calendar resource settings using Windows PowerShell
- How to add the Calendar Service to Zoom
Prerequisites for setting up Zoom Rooms with Office 365
- Dedicated service account users may be created and permissions may be assigned by an Office 365 administrator account
- Room resources can be viewed, created, and managed via an Office 365 admin account
- For Windows 10 or newer, or Windows Server 2016 or newer, admin access to Windows PowerShell
How to create a dedicated service account user for Zoom to access Office 365 calendars
- Log in as an administrator to Office 365.
- Integrate a user into your Office 365 account. Instructions can be found in the Microsoft documentation Add users to Office 365.
Note: - An Office 365 mailbox must be associated with the dedicated service account user.
- Write down the dedicated account user’s email address and password.
- To create or find a calendar resource for each room, proceed to the next section of the task.
How to create or locate a calendar resource for each room
- You can access the admin center (EAC) of Microsoft Exchange by logging in as an administrator.
- Click Recipients in the navigation menu and then Resources in the drop-down menu.
- You can add additional rooms by clicking on the plus (+) sign at the top of the screen.
If you want to make it easier for users to search for Zoom Rooms enabled conference rooms, Zoom recommends using a prefix (such as ZR) for each room. However, you can use another method if you wish. - Write down the display name as well as the e-mail address of each calendar resource.
- You can either use App-Level Impersonation or Full Delegate Access to connect the user and the resources to Zoom, after which you continue with the next step.
How to set up access permissions
Installing the Microsoft Exchange Online v2 Powershell Module
Microsoft Exchange Online v2 Powershell Module (AKA “EXO V2”) is used in these instructions. The instructions contained here are an excerpt from Microsoft’s Install and maintain the EXO V2 module page.
- Use the Run as administrator option to launch Windows PowerShell.
Note: - Windows PowerShell can be launched by right-clicking the app without launching it.
- Run the following command to prepare to install the EXO V2 module:
Install-EXO-Module execute-execution policies remote-signed - Y is required for the change to take effect
- Execute the following command to install the EXO V2 module:
Installation of the Exchange Online Management module with the options Name -Name CurrentUser -Scope CurrentUser
Note: - Select Y if you would like to accept the installation of the Microsoft NuGet provider so that the installation of the EXO V2 module can be facilitated.
- During installation of the EXO V2 module from the Microsoft PowerShell Gallery repository (“PSGallery”) you may receive a message stating that the repository is untrusted. If that is the case and PowerShell asks you to accept the installation, enter Y to accept.
- Do not close PowerShell until you are finished with the installation.
Choosing between App-level Impersonation and Full Delegate Access
Generally speaking, Zoom recommends that you use app-level impersonation in order to achieve optimal performance. This configuration method requires much less effort on the part of the administrator in order to configure and maintain, especially when you consider the scale of the application in question. Despite the fact that it still remains an option, the setup and maintenance of full Delegate Access is somewhat more difficult.
App-level Impersonation
Update role management and assignments
- Use the “Run as administrator” option to launch Windows PowerShell.
Note: - If you do not launch Windows PowerShell, this option is available when you right-click the app.
- Please enter the following command:
Connection to Exchange Online with UserPrincipalName *UPN
Note: - If *UPN> does not contain an email address, then it can be changed to the user principal name of the Office 365 administrator (normally stored in the username field).
- In the dialog box, enter the Office 365 administrator username and password.
It is important that this account has both Organization Management permissions and Receiver Management permissions. - Create a new manager role by using the following command:
- A role assignment to the “DedicatedUser” role, with the role: ApplicationImpersonation.
Note: - The Dedicated Service Account User’s email address should be substituted for the DedicatedUser text.
- If you would like to create a new Management Scope restricting it to calendar resources (of the kinds “RoomMailbox” and “EquipmentMailbox”) then execute the following command:
The following configuration would be useful in case you want to create a new management scope. -Name “ResourceMailboxes” -RecipientRestrictionFilter “[RecipientTypeDetails -eq “RoomMailbox” -or RecipientTypeDetails -eq “EquipmentMailbox” -or Name -eq “DedicatedUser”].
Note: - The user’s email address should replace the text DedicatedUser.
- To associate the new Management role with the dedicated service account user, the new Management scope, and the dedicated service account user, execute the following command:
In NewManagementRoleAssignment, set the role name to ResourceImpersonation and the role ApplicationImpersonation to DedicatedUser with CustomRecipientWriteScope to ResourceMailboxes.
Note: - Please enter your dedicated service account user’s email address in place of DedicatedUser.
Full Delegate Access
Delegate rooms to the dedicated service account user
- Use the “Run as administrator” option to launch Windows PowerShell.
Note: - During a right-click on the PowerShell app, you will find this option.
- Type the following command:
Connection to Exchange Online -UserPrincipalName *UPN
Note: - The USPN parameter should be set to the user principal name (in most cases that is a form of an email address) of the Office 365 administrator.
- The dialog box will ask for the Office 365 administrator username and password.
The following information should be added to both the “Organization Management” and “Recipient Management” permissions of this account. - Dedicated service account users are granted full access to a calendar resource by executing the following command:
Then add the permissions you need to the mailbox: -Identity CalendarResource -User DedicatedUser -AccessRights FullAccess
Note: - The Dedicated Service Account User’s email address should be entered in place of DedicatedUser. Substitute the email address of a calendar resource for CalendarResource.
- Dedicated service account users should execute the following command to gain access to a calendar resource:
-Identity CalendarResource:/Calendar -User DedicatedUser -AccessRights Editor -SharingPermissionFlags DelegateAdding the following permissions will grant the user the folder permission:
Note: - DedicatedUser should be replaced with the email address of the Dedicated Service Account User in place of DedicatedUser. CalendarResource can be replaced with an email address of a calendar resource (but the text “:/Calendar” should remain in place; example: conferenceroom@contoso.com:\Calendar).
- For each calendar resource, repeat steps 4-5.
- You will need to use Windows PowerShell to update the calendar resource settings in the next section.
How to update the calendar resource settings using Windows PowerShell
You must update some calendar resource settings in Zoom Rooms in order for Zoom meetings to display the calendar information and generate a single click join button.
- Use the “Run as administrator” option in Windows PowerShell to start it.
Note: - You have the option to open Windows PowerShell as an administrator whenever you right-click the tool without launching it.
- Simply enter these commands to open Windows PowerShell.
Connection to Exchange Online with UserPrincipalName *UPN
Note: - If you are an Office 365 administrator, make sure that your value for UPN is the Office 365 administrator’s email address (which usually appears in the form of an email address).
- You will then see a dialog box asking for the Office 365 administrator username and password.
You should also enable recipient management permissions for this account. - Execute the following command to display the settings for the calendar resource:Get-CalendarProcessing -Identity CalendarResource | Format-List Identity,DeleteComments,DeleteSubject,AddOrganizerToSubject,RemovePrivateProperty,DeleteAttachments
Note: - Substitute an email address for the text CalendarResource.
- The data returned is as follows:
The “Delete Subject” command, the “AddOrganizerToSubject” command, the “DeleteComments” command, and the “RemovePrivateProperty” command.
This value is set to True most of the time.
Identity : - user.portertest.com/room_name
DeleteSubject: - Yes
AddOrganizerToSubject : - Yes
DeleteComments : - Yes
RemovePrivateProperty : - Yes
Delete Attachments : - Yes
- The following command will change the settings of the room:
The following commands will cause the calendar processing to be setup -IDENTITY CalendarResource -AddOrganizerToSubject $false -OrganizerInfo $true -DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
Notes: - Put the email address of a calendar resource in place of the text CalendarResource.
- The DeleteSubject command does this automatically and if you don’t want to show a Calendar topic, simply change the value of $false to $true
- It can also prevent the operation from being performed because the object ‘Room’ is not available on the domain ‘[domain].onmicrosoft.com’. This error means that you need to configure the scope of the role group that grants you permission to run the cmdlet to include the user/room. Also, make sure you are using an admin account, as specified in Step 3.
- Please note that the administrator account that you are using to log in to PowerShell must have permissions to “Organization Management” and “Recipient Management” functions if you see an error message such as “Set-CalendarProcessing command not found”.
- Run the following command to verify the changes to the room after they have been made:
The following commands are used to get calendar processing: -Identity CalendarResource — Format-List identity –DeleteSubject | AddOrganizerToSubject | DeleteComments | RemovePrivate Property
Note: - Substitute the email address of a calendar resource for the text CalendarResource.
You will now be able to:
Identity : - http://www.domain.com/Users/CalendarResource
DeleteSubject : - No
AddOrganizerToSubject : - No
DeleteComments : - No
RemovePrivateProperty : - No
- To change only the CalendarResource in each command, repeat steps 4-7 for each calendar.
- Click “Disconnect” to end the session:
ExchangeOnline-Disconnect - End Windows PowerShell.
How to add the Calendar Service to Zoom
- As a Zoom Rooms administrator, sign into the Zoom web portal.
- Click Add Calendar Service, then select Calendar Integration.
A dialog box appears asking for the service to be added. - Select Office 365.
- Microsoft Exchange Web Services (EWS) is automatically used for the integration. When all Zoom Rooms are version 5.9.0 or higher in your account, you may also opt to use Microsoft Graph API. If you like to know more about Microsoft Graph API, you can visit the Microsoft documentation.
Note: - Please enter an alternative EWS URL if necessary
- Under Account Permission Type, select App-level Impersonation or Full Access Delegate depending on which permission setup you used above.
- Click Authorize.
Note: - This option will need to be enabled in Office 365 settings if Office 365 users can consent to enterprise apps accessing company data on their behalf is disabled in Account Settings. Zoom app users will also need to enable this in Azure settings.
- This is displayed on the Calendar Integration page.
Note:
You can configure a calendar resource with a Zoom Room by visiting Add a Zoom Room.