Step 2A: Evoko Home: Microsoft Entra Preparation

Section 1: Microsoft App Registration

By the end of this section you will have the [4] values you need to proceed with the Evoko Home configuration with Microsoft.

• Application (Client) ID 
• Directory (Tenant) ID 
• Secret Value  
• Object ID 

1. Log into the Microsoft Entra Admin Center with your Microsoft Admin Account.
2. Navigate to the Applications, then App Registrations
   • 
3. You will now register Evoko Home as an application in Entra.  Select the + New Registration option.
   • 
4. Enter a name for your application and select the register option.
   • 
5. Once the application is created, the summary page will appear.  Make a note of the Application (client) ID and Directory (tenant) ID as it will be needed later when connecting Evoko Home to Microsoft 365.
   • 
6. We will now configure the Client Secret by navigating to Certificates & Secrets
   • 
7. Select + New Client Secret
   • 
8. Enter the description you want in the newly opened window, and set the expiry time.  (Note that the secret should be valid for Evoko Home to work, once expired, meetings from Microsoft to Evoko will stop syncing so you will have to replace the expired client secret with a new one and re-authenticate again to Microsoft.). Press Add 
   • 
9. Copy down the Secret Value as this will be needed in a later step.
   • 
10. Now, navigate to Enterprise Apps in the left hand column and search for the app you created in the previous step.
    • 
11. Navigate to the App Properties to find the Object ID (this is different from the Object ID associated with the App Registrations page).  Save this Object ID along with the Application (client) ID and Directory (tenant) ID from the prior step as it will be needed for use with Exchange Powershell in the coming steps.
    • 
12. You now should have copied down the [4] values below.  If you have the [4] values you can proceed to the next next of Adding API Permissions 
    • Application (Client) ID 
    • Directory (Tenant) ID 
    • Secret Value  
    • Object ID

Section 2: Adding API Permissions

By the end of this guide you will have added the following [2] permissions to your registered Application:

• User.Read.All
• Group.Read.All

1. Navigate to API Permissions in the App Registration Page.
   • 
2. Click on + Add a Permission, then select Microsoft Graph.
   • 
3. Select Application Permission
   • 
4. This will open the list of permissions for application access.  Search for "User.Read" and mark User.Read.All and click Add Permission
   • 
5. ​​​​​​​Repeat the same steps again, but search for "Group.Read" and mark Group.Read.All and click Add Permission.
   • ​​​​​​​
6. ​​​​​​​Grant Admin Consent for your Organization.
   • 

Section 3: Create Groups

1. Navigate to Groups.
   • ​​​​​​​
2. ​​​​​​​Select New Group
   • ​​​​​​​
3. ​​​​​​​The group type should be Microsoft 365 and the member ship type is Assigned.  (You can select any name and description as you prefer).  Click Create.
   • 
4. Now you will add the Rooms you want to add to Evoko Home to this group.  To do do, search for the name of the group you created in the previous step and select the group.
   • 
5. Click on Members from the left side.
   • 
6. Select + Add Members
   • ​​​​​​​
7.  Select the Rooms you want to use with Evoko Home and Liso, to add them - press select.  In this exercise we will add [3] rooms.
   • 
8. Now the group is created, and the resources have been added.  Copy the resource group Object ID, this Object ID will be used later in the Service Principle Section.
   • 
9. Create Senders Group: Repeat the previous steps of Group Creation, instead of adding rooms, add a user that you want to use in Evoko Home for sending the email notifications.  (We recommend creating a dedicated user with a mailbox for this purpose).  Press Create when done.  You will see your user in the list.  
   • 
10. Collect the Object ID for the Senders Group as well, it will be needed later in the service principle creation section.
    • 

Section 4: Service Principle in Power shell

1. Connect to Exchange Online using Powershell.
   • Type: Set-ExecutionPolicy RemoteSigned and press enter on the keyboard.
     • ​​​​​​​
2.  ​​​​​​​​​​​​​​Type: Y and press enter on the keyboard.
   • ​​​​​​​Press Enter 
     • ​​​​​​​
3. Type: Connect-ExchangeOnline -UserPrincipalName user@domain.com (Replace your admin email with user@domain.com)
   • Press Enter
     • ​​​​​​​
4. Log into your Global Admin Account
   • 
5. When authenticated you should get a window that looks like this.
   • 
6. We will now create a Service Priniciple by running the below command.  You will replace the AppID with the AppID of your registered application for Evoko Home.  You will also replace the AppObjectId with the Enterprise AppObjectID from your registration.  The DisplayName can be anything you prefer.
   • New-ServicePrincipal -AppId <<AppId>> -ObjectId <<AppObjectId>> -DisplayName "Some Display Name"
     • ​​​​​​​Press Enter
       • ​​​​​​​
7. ​​​​​​​​​​​​​​Next we will create a management role assignment for the resources group.  You will replace the AppID with the AppID of your registered application for Evoko Home.  You will also replace the CalendarObjectID with the Calendars Group Object ID which was made in Step 7 in the previous section.
   • New-ManagementRoleAssignment -App <<AppId>> -Role "Application Calendars.ReadWrite"  -RecipientGroupScope <<CalendarObjectID>> 
     • Press Enter
       • 
8. Next we will create a management role assignment for the senders group.  You will replace the AppID with the AppID of your registered application for Evoko Home.  You will also replace the  SenderObjectID with the Senders Group Object ID which was made in Step 8 in the previous section.  
   • New-ManagementRoleAssignment -App <<AppId>> -Role "Application Mail.Send" -RecipientGroupScope <<SenderObjectID>>
     • ​​​​​​​Press Enter
       • ​​​​​​​
9. ​​​​​​​​​​​​​​​​​​​​​That's it!  You can now proceed to installing and configuring Evoko Home!​​​​​​​