Connecting Exchange to LeftClick Digital Signage or RoomGuide can be done for on-premises solutions as well as for the online (cloud) solution on Microsoft 365. In the case of Microsoft 365, you first need to link a Microsoft 365 account to the LWS portal (see also this page. Then, you can create slides (such as RoomGuide) which will use the credentials of the linked account to access the calendars.
In the LeftClick administration portal you can configure the displays to work with the required credentials and connect to the Exchange back-end. Note that the LeftClick CMS does not connect to the Exchange back-end directly, but the Digital Signage player or RoomGuide panels connect to the back-end themselves.
This way you can apply network restrictions/exceptions based on the internal requirements of the network. Both solutions are HTTP proxy aware and the proxy can restrict certain data flows. In the picture on the side you can see two solutions of the data flow but they can be mixed depending on the desired network configuration. For a complete network flow you can read it on this page: Technical configuration.
Connecting to Microsoft Exchange in the case of a hosted Exchange or on-premises Exchange installation can be achieved by using Exchange Web Services (EWS).
You need to create a functional/service account that can be used by the devices to connect to Exchange. This can be one account for all devices or an account per device. This decision might depend on you internal security requirements but both are supported.
The functional/service account needs to have calendar rights on the resource mailboxes and also needs its own mailbox. If no mailbox is assigned, the account can't access any Exchange features.
The mailbox calendar rights can be set with the PowerShell or CloudShell:
Add-MailboxFolderPermission -Identity roomname@domain.com:\Calendar -User "functional-account@domain.com" -AccessRights PublishingEditor
Depending on the calendar name the folder could be different and not the default Calendar. You can list the calendars of the user with this command:
Get-MailboxFolderStatistics roomname@domain.com -FolderScope Calendar
Note that it might be useful to disable password expiration and select a strong password that can last for some time. Do not include special characters like: "\" or "$" of double quotes. If a special character is required we suggest to use "!" or "/" or "@". But a password of 32 characters of alphanumeric characters in lower and upper case would normally be sufficient and safe to use.
LeftClick also supports the Microsoft Graph API. This API supports Modern Authentication and is the recommended way for other applications to access Microsoft 365.
When using the Microsoft Graph API, you need to set up permissions differently. In the image on the side (click to enlarge) you can see that you grant permissions for the LeftClick Web Services app.
There needs to be a functional/service account in Microsoft 365 that is associated with the account in LeftClick Web Services that plans and configures the application. To set up this link, see this page to connect the “Microsoft 365 for RoomGuide” provider to the relevant account.
This functional/service account will also allow for the retrieval of RoomLists (see below) and sending emails from the devices. The functionality of sending emails will also be described below.
Note: The service account needs a active Microsoft 365 Office License that includes Exchange. Without it can't perform any actions and will generate “permission denied” errors for the application.
The RoomGuide interface has support for sending emails. These emails are used for example for:
Note even when you don't want to send email, the functional/service account will be still necessary.
LeftClick also supports room lists. These are collections of rooms identified by a single email address. This provides a easy and more compact way to specify the alternative rooms for a RoomGuide panel or the rooms to show in the overview on a Digital Signage player.
Creating a room list from the PowerShell can be done as follows:
$RoomAlias = Get-Mailbox -RecipientTypeDetails RoomMailbox -Filter {Office -eq 'HQ'} | select -ExpandProperty Alias
New-DistributionGroup -RoomList -Name 'HQ' -Members $RoomAlias
Sometimes the room is or should be named differently than you want to show on the RoomGuide or a Digital Signage player. When you want to override the display name in the LeftClick CMS, use the standard email address format with your custom name.
For example, use : My Custom Room Name <meetingroom@domain.com> instead of just meetingroom@domain.com to override the name.
We consider room properties to be its capacity, its location details (city, building, floor, etc.) and the IT facilities present in the room.
When using on-premise EWS, it is currently not possible for our connector to retrieve these properties. As a result, you need to enter these properties manually when creating a slide, for example to be able to show a capacity indicator for a room in RoomGuide.
In the case of Microsoft 365 Exchange, the connector does automatically retrieve the properties from the room. (A room is called a "Place" in Exchange.) To configure the properties of the room, you can use PowerShell:
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline -UserPrincipalName admin@room.domain
Set-Place -Identity roomname@domain.com -Capacity 8 -Building 'HQ' -City 'Some Town' -CountryOrRegion 'NL' -Floor 1 -DisplayDeviceName 'Some SmartBoard' -AudioDeviceName 'SomeBrand VC device' -VideoDeviceName 'SomeBrand VC device'
All these properties are optional (capacity, location, devices). Note that the connector will add a Teams meeting for each created reservation if the room has an audio or video device automatically. This allows for example external users to join ad hoc reservations made by RoomGuide.
If you only see the organizer name as the subject on the RoomGuides that can have 2 issues.
You can disable this using the PowerShell:
Set-CalendarProcessing –Identity roomname@domain.com -AddOrganizerToSubject $false -DeleteSubject $false -DeleteComments $false -RemovePrivateProperty $false
Modify the command to fit your personal needs. For more documentation, see Calendar Processing.
The ability to access calendar data from LeftClick managed devices can raise some questions about privacy and security. For this and many other reasons LeftClick is ISO27001 and NEN7510 certified. With this certification we grantee that we treat you information in a secure way.
Our privacy statement and update policy can be found here.
Our ISO and NEN certificates can be downloaded here: * ISO72001 * NEN7510
The certification is not just our data center but covers:
Regular penetration testing on all of these areas are part of our process to keep our products secure and updated.
To be able to grantee this security level LeftClick develops hardware that will match the software needs, measures like SecureBoot and disk encryption are needed in case of a device gets in the wrong hands.
Feel free to contact us if there are questions about this area.
When the user adds a slide in DigitalSignage that uses Exchange, the system tries to make a preview of it. To do this, a player located in our data center will start and use the provided credentials to access the data. If any restrictions are in place such that the account can only be used from your company location the preview will fail. Once the slide reaches the player, and the connector is started from your company location, the connection is allowed and will succeed.
Also, our portal continuously renews all Modern Authentication tokens on a weekly basis to prevent them from becoming invalid. Once renewed, a slide preview update will be triggered that will use the tokens.
Our services run on the infrastructure at Amazon (AWS) in the primary zone Ireland (Dublin) and backup zone Germany (Frankfurt). So, if you see login attempts from the IP ranges related to these AWS locations, then this was our infrastructure.
Note that these attempts to renew invalid tokens might raise a security flag. If this happens, please update the appropriate slides with the right credentials or update the Modern Authentication connection with our portal by going to your profile, select the "Logins" tab, remove the connection with the name "Microsoft 365 for ..." and try to add it again.