Setting Up Zoom Rooms with Office 365 Follow

Overview

When a calendar resource is integrated with a Zoom Room, the room’s TV display, controller, and Scheduling Display show the meetings scheduled for the room. Members of your organization can schedule a meeting in a Zoom Room by inviting the room to the meeting. Conference rooms are assigned as a calendar resource through a calendar service. Authorizing Zoom to have access to calendar resources enables users to start and join meetings in the room using one touch.

Before you can add a calendar service for Zoom Rooms, an Office 365 administrator must create a dedicated user in Office 365 to manage calendars, create or locate a calendar resource for each Zoom Room, and then configure the user and resource using either impersonation or delegate access.

After the Office 365 administrator completes all steps in each section, they will then use the credentials of the dedicated user to provide authorization for the Zoom Rooms in your account to use the calendar service and all of its calendar resources.

Note: If using OAuth 2.0 Authentication, the token will expire after 90 days, and will need to be re-authorized. 

This article goes over:

Prerequisites

  • An Office 365 Administrator Account with permission to create a new user
  • The ability to create and manage calendars for rooms
  • Admin Access for Windows Powershell

Instructions

Create a dedicated user for Zoom to access Office 365 calendars

  1. Sign in to Office 365 as an admin.

  2. Add a user in your Office 365 account.
    See the Microsoft documentation Add users to Office 365 for instructions.
    Example: if your domain is mycompany.com, and you add a user with the User Name of zoomroomadmin, the email address will be zoomroomadmin@mycompany.com
  3. Make note of the email address and password.
  4. Proceed to the next section to Create or locate a calendar resource for each room.

Create or locate a calendar resource for each room

  1. Log in to ECP as an admin.
  2. Go to Recipients > Resources.
  3. Click on the plus (+) sign if you need to add a room.
    Zoom recommends that you use a prefix (such as ZR) for each room or choose your own method for easily locating the Zoom Rooms.
  4. Make note of the display name and email address of each calendar resource.
  5. Proceed to the next section to link the user and resources to Zoom, via App-Level Impersonation or using Full Delegate Access

Setting Up Access Permissions

Enabling Application Impersonation in ECP

  1. Log in to ECP as an admin.
  2. Click permissions.
  3. Select Discovery Management, then click Edit.
  4. Under Roles, click Add (+)..
  5. Select ApplicationImpersonation and click add.
  6. Click OK.
  7. Click Save in Discovery Management.
  8. Office 365 will now start updating the organization settings.

Update Role Management and Assignments 

  1. Start Windows PowerShell using the “Run as administrator” option.
    Note: This option is available when you right-click the Windows Powershell app without launching it.
  2. Enter the following command:
    $UserCredential = Get-Credential
  3. Enter the Office 365 administrator username/password in the dialog box.
    Make sure that this account has permissions for both “Organization Management” and “Recipient Management”.
  4. Prepare the session by running the following command:
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
    Note: If you are in China, the command you enter is slightly different. Enter the following:
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://partner.outlook.cn/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
  5. Connect the session using the following command.
    Import-PSSession $Session
  6. If you see a message that begins “If you see an error like “Import-PSSession: Files cannot be loaded…”, enter the following command:
    Set-ExecutionPolicy Unrestricted
    Note: that this command will fail if you are not running Windows Powershell as an Administrator, as required in Step 1.
  7. Run the following command to create a new Management role.
    New-ManagementRoleAssignment -Role:ApplicationImpersonation -User: "DedicatedUser"
    Note: For DedicatedUser, enter the mailbox address of the Dedicated Service Account User.
  8. Run the following command to create the permission scope.
    New-ManagementScope -Name "ResourceMailboxes" -RecipientRestrictionFilter {RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "EquipmentMailbox"}
  9. Run the following command to create a relationship between the account and the scope.
    New-ManagementRoleAssignment –Name "ResourceImpersonation" –Role ApplicationImpersonation –User "DedicatedUser" –CustomRecipientWriteScope "ResourceMailboxes"
    Note: For DedicatedUser, enter the mailbox address of the Dedicated Service Account User.

Add Resource Calendars to Dedicated User

  1. Login in as the dedicated user in Outlook Web.
  2. Go to Calendars. 
  3. Click Import Calendar.
  4. Click From Directory
  5. Search for the Resource's Mailbox Address.
  6. Click Add.

Delegate rooms to the dedicated user

  1. Log in to ECP as an admin

  2. Go to Recipients > Resources

  3. Double click the name of a room.

  4. Click mailbox delegation.

  5. Next to Send As, click the plus (+) sign.

  6. Select the dedicated user and click add->.

  7. Click OK. 

  8. Scroll down to Full Access and click on the plus (+) sign.

  9. Select the dedicated user and click add->

  10. Click OK. 

  11. Click Save.

  12. Repeat steps 3-11 for each room.

  13. Proceed to the next section to Enable the dedicated user to edit the Zoom Rooms calendars.

Enable the dedicated user to edit the Zoom Rooms calendars

  1. Sign in to https://login.microsoftonline.com with the dedicated user’s email (such as zoomroomadmin@mycompany.com)
  2. Open the dedicated user's "Calendar" and from the top navigation, click the dedicated user’s name to open a drop down menu.
  3. Choose "Open another mailbox..."

    This will open a Microsoft pop-up dialog window.
  4. Enter the name of the calendar resource you created in Section 2.

    This will open the calendar resource mailbox.
  5. Click on the calendar in the bottom left hand corner of the navigation pane for the calendar resource.
  6. Right click Calendar under "My Calendars" and choose Sharing Permissions.

    This will open the Share this calendar: Calendar dialog
  7. Enter the email for the dedicated user, choose Can edit from the menu, and then click Share.
  8. Open the mailbox for the dedicated user, and accept the invitation from the calendar resource.

    This opens the Calendar tab.
  9. Ensure that you see the Zoom Room calendar resource listed on the left side of the page under Other Calendars > People's Calendars.
  10. Proceed to the next section to Update the calendar resource settings using Windows Powershell.

 

Update the calendar resource settings using Windows Powershell

    1. Start Windows PowerShell using the “Run as administrator” option.
      This option is available when you right-click the Windows Powershell app without launching it.
    2. Enter following command:
      $UserCredential = Get-Credential
    3. Enter the Office 365 administrator username/password in the dialog box.
      Make sure that this account has permissions for both “Organization Management” and “Recipient Management”.
    4. Prepare the session by running the following command:
      $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

      Note: If you are in China, the command you enter is slightly different. enter the following
      $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://partner.outlook.cn/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
    5. Connect the session using the following command.
      Import-PSSession $Session
    6. If you see a message that begins “If you see error like “Import-PSSession : Files cannot be loaded…”, enter the following command:
      Set-ExecutionPolicy Unrestricted
      Note that this command will fail if you are not running Windows Powershell as an Administrator, as required in Step 1.
    7. Check the settings for the calendar resource with following command, changing the value for “room_name” to the actual room name value.
      Get-CalendarProcessing-Identity"room_name"Format-ListIdentity,DeleteComments,DeleteSubject,AddOrganizerToSubject,RemovePrivateProperty
    8. Verify the responses for the following values:
      "DeleteSubject", "AddOrganizerToSubject", "DeleteComments", and "RemovePrivateProperty",
      In most cases, these values are set to True.
      Identity              : portertest.com/Users/room_name
      DeleteSubject : True
      AddOrganizerToSubject : True
      DeleteComments : True
      RemovePrivateProperty : True
    9. Change the settings for the room with following command, changing the value for “room_name” to the actual room name value.
      Set-CalendarProcessing -Identity "room_name" -AddOrganizerToSubject $false -OrganizerInfo $true -DeleteAttachments $true -DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
      After running these commands, the following settings will be set:
      Identity              : portertest.com/Users/room_name
      DeleteSubject : False
      AddOrganizerToSubject : False
      DeleteComments : False
      RemovePrivateProperty : False
      Notes:
      • If you do not want to show the Calendar topic, change DeleteSubject $false to DeleteSubject $true
      • If you see an error such as “The operation couldn't be performed because object 'Room' couldn't be found on 'zoomwithus.onmicrosoft.com'.”, that means the scope of the role group that grants you permission to run the cmdlet does not include the user/room. Make sure you are logged in with an admin account, as required in Step 3.
      • If you see an error such as “Set-CalendarProcessing command not found”, make sure the administrator account you used to log in to PowerShell has permissions in “Organization Management” and “Recipient Management”, as required in Step 3.
    10. Check the settings for the room after changing the settings, with the following command, changing the value for “room_name” to the actual room name value.
      Get-CalendarProcessing -Identity "room_name" | Format-List identity,deletesubject,addorganizertosubject,DeleteComments,RemovePrivateProperty
    11. Verify that the responses for the following values have been changed to False:
      "DeleteSubject", "AddOrganizerToSubject", "DeleteComments" and "RemovePrivatePropoerty"
      Identity              : portertest.com/Users/room_name
      DeleteSubject : False
      AddOrganizerToSubject : False
      DeleteComments : False
      RemovePrivateProperty : False
    12. Repeat Steps 7-11 for each calendar, changing only the room name in each command.
    13. Disconnect the session with the following command:
      Remove-PSSession $Session
    14. Close Windows Powershell.

 

 

Adding the Calendar Service to Zoom

  1. Sign in to the Zoom web portal as a Zoom Rooms administrator.
  2. Choose Calendar Integration, and then click Add Calendar Service.
    The Add a Calendar Service dialog displays.
  3. Click Office 365.
  4. Choose to Authorize with EWS or Authorize with OAuth 2.0. If you would like to know more about these options see this documentation from Microsoft.
    • If you chose to Authorize with EWS, type the email address and password of the dedicated user for the calendar service, as well as the EWS URL.
    • If you chose to Authorize with OAuth 2.0, enter the EWS URL.
  5. Under Account Permission Type, select App-level Impersonation or Full Access Delegate depending on which permission setup used above.
  6. Click Authorize
    Note: If using OAuth 2.0, and Office 365 users can consent to enterprise applications accessing company data on their behalf is disabled in Account Settings, this option will need to be enabled in the settings, or enabled for the Zoom app in Azure.
  7. The Calendar Integration page shows the calendar service that you added.

Note: See Add a Zoom Room for information on configuring a calendar resource with a Zoom Room.

Was this article helpful?