Booking System Preparation: Microsoft 365
This article explains how to register the Evoko Home app with Microsoft 365. Note: You must be a Microsoft 365 Global Admin to complete this process.
During this process, you will generate several tokens within the Microsoft Entra Admin Center. As you complete these steps, it is important to record the values for the following as they will be used later during the system setup:
- Evoko Home Service Account
- Azure AD Application (Client) ID
- Azure AD Directory (Tenant) ID
- Azure AD Client Secret Value
- Enterprise App Object ID
- Resource Group Object ID
- Senders Group Object ID
Create an Evoko Home Service Account
-
Log into the Microsoft 365 Admin Center with your Microsoft account.
-
Navigate to Users in the sidebar, then Active Users.
-
Click Add A User to open the Add A User pane.
-
Enter a Display Name (e.g., "Evoko Home Service Account"), Username, and Password, then click Next.
-
Assign a product license for Exchange Online (Plan 1). This will allow the Service Account to access a mailbox, which is required for Evoko Home.
-
Click Next.
-
Skip the Optional Settings page by clicking next again.
-
Review the settings, then click Finish Adding. You will see a message that the account has been created successfully.
-
In an Incognito/InPrivate Window, log into outlook.office.com with the newly-created Service Account. This will create an Inbox for this account. It is important to complete this step before proceeding.
Create Rooms
Create one or more Rooms to allow booking in Evoko Home.
-
In the Microsoft 365 Admin Center, navigate to Resources in the sidebar (you may need to click ⋯ Show All), then Rooms & Equipment.
-
Click + Add Resource to open the Add Resource pane.
-
Set up a Room resource. Enter the Name and Email you would like to use for this room. Click Save.
-
You will see a message that the Room has been created successfully. Click Add Another Resource to add more rooms, or ✕ to close the pane.
Register the Evoko Home Azure AD application in Microsoft Entra
-
Log into the Microsoft Entra Admin Center with your Microsoft account.
-
Navigate to Applications in the sidebar, then App Registrations.
-
Click on + New Registration.
-
Enter a name for the application (e.g., "Evoko Home App") and click Register.
-
The Overview page will appear. Make a note of the Azure AD Application (Client) ID and Azure AD Directory (Tenant) ID.
-
Navigate to Certificates and Secrets.
-
Click on + New Client Secret.
-
Enter a description and expiration time. Note that a valid secret is required for Evoko Home to sync meetings with Microsoft 365; once expired, you will need to generate a new Client Secret and enter it in Evoko Home to re-authenticate. Click Add.
-
Make a note of the Azure AD Client Secret Value.
-
Navigate to Enterprise Applications in the sidebar. Search for the newly-created Azure AD Application and click on its name in the list.
-
Make a note of the Enterprise App Object ID.
Add API permissions to app
Use the following steps to grant the necessary permissions to the Evoko Home application in Microsoft Entra.
-
Navigate to Applications in the sidebar, then App Registrations.
-
Search for the newly-created Azure AD Application and click on its name in the list.
-
Navigate to API Permissions.
-
Click on + Add a Permission to open the Request API Permissions pane.
-
Click on Microsoft Graph, then click on Application Permissions.
-
In the list of permissions, search for "User.Read" and mark User.Read.All.
-
In the same list, search for "Group.Read" and mark Group.Read.All.
-
At the bottom of the pane, click Add Permissions.
-
Click ✓ Grant Admin Consent for your Organization.
Create Groups
Create the resource and sender groups used by the Evoko Home application.
-
Navigate to Groups in the sidebar, then Overview.
-
To create the Evoko Home Resource Group, click New Group.
-
Set the Group Type to Microsoft 365 and enter the Group Name (e.g., "Evoko Home Resource Group").
-
Under Members, click No Members Selected to open the Add Members pane.
-
Select the Rooms you want to add. At the bottom of the pane, click Select.
-
Click Create to create the Resource Group.
-
In the Overview section, make a note of the Resource Group Object ID.
-
To create the Evoko Home Senders Group, navigate again to Groups in the sidebar, then Overview, then click New Group.
-
Set the Group Type to Microsoft 365 and enter the Group Name (e.g., "Evoko Home Senders Group").
-
Under Members, click No Members Selected to open the Add Members pane.
-
Select the Evoko Home Service Account. At the bottom of the pane, click Select.
-
Click Create to create the Senders Group.
-
In the Overview section, make a note of the Senders Group Object ID.
Service Principal creation in PowerShell
In this section, you will register the Evoko Home application as a Service Principal in PowerShell.
- Install and load the Exchange Online PowerShell module if it is not already present:
Set-ExecutionPolicy RemoteSigned
Install-Module -Name ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement
- Connect to Exchange Online. Replace <UPN> with your Exchange Online account in user principal name format (e.g., admin@organization.onmicrosoft.com):
Connect-ExchangeOnline -UserPrincipalName <UPN>
- Create a service principal using the values gathered in the previous sections:
New-ServicePrincipal -AppId <Azure AD Application (Client) ID> -ObjectId <Enterprise App Object ID> -DisplayName "Evoko Home"
- Create a management role assignment for the Resource Group using the values gathered in the previous sections:
New-ManagementRoleAssignment -App <Enterprise App Object ID> -Role "Application Calendars.ReadWrite" -RecipientGroupScope <Resource Group Object ID>
- Create a management role assignment for the Senders Group using the values gathered in the previous sections:
New-ManagementRoleAssignment -App <Enterprise App Object ID> -Role "Application Mail.Send" -RecipientGroupScope <Senders Group Object ID>