Loading…

Exchange and Office 365

Connection flow of data

Connecting Exchange to LeftClick Digital Signage or RoomGuide can be done for on-premise solutions as well as Cloud Exchange and Office 365.

In the LeftClick administration portal you can configure the displays to work with the required credentials and connect to the Exchange back end. Note that the LeftClick CMS does not connect to the Exchange back end directly, but the Digital Signage player or RoomGuide panels connect to the back end themselves.

This way you can apply network restrictions/exceptions based on the internal requirements of the network. Both solutions are HTTP proxy aware and the proxy can restrict certain data flows. In the picture on the side you can see two solutions of the data flow but they can be mixed depending on the desired network configuration.
For a complete network flow you can read it on this page: Technical configuration.

Connection flow of data
(Example flow of data)

On-premise Exchange Web Services

Connecting to Microsoft Exchange in the case of a hosted Exchange or on premise Exchange installation can be achieved by using Exchange Web Services

You need to create a functional/service account that can be used by the devices to connect to Exchange. This can be one account for all devices or a account per device. This decision might depend on you internal security requirements but both are supported.

The function/service account needs to have calendar rights on the resource mailboxes and also needs its own mailbox. If no mailbox is assigned, the account can't access any Exchange features.

The mailbox calendar rights can be set with the PowerShell or CloudShell:

Add-MailboxFolderPermission Identity roomname@domain.com:\Calendar User "functional-account@domain.com" AccessRights PublishingEditor

Note that it might be useful to disable password expiration and select a strong password that can last for some time. Do not include special characters like: "\" or "$" of double quotes. If a special character is required we suggest to use "!" or "/" or "@". But a password of 32 characters of alphanumeric characters in lower and upper case would normally be sufficient and safe to use.

Microsoft 365 via the Microsoft Graph API

LeftClick also supports the new Microsoft Graph API to access Office 365. This API supports Modern Authentication and is the recommended way for other applications to access Microsoft 365.

When using the Microsoft Graph API, you need to set up permissions differently. In the image on the side (click to enlarge) you can see that you grant permissions for the LeftClick Web Services app.

There also needs to be a functional/service account that will allow for the retrieval of RoomLists (see below) and sending emails from the devices and this account will be connected to the app. The functionality of sending emails will be described below.

Microsoft 365 via the Microsoft Graph API
(App registration permissions)

Sending emails

The RoomGuide interface has support for sending emails. These emails are used for example for:

  • Catering support
    • Per RoomGuide you can define what subjects are needed
    • More coffee
    • More thee
    • etc..
  • Room support
    • Same as the Catering
    • Projector issue
    • Room too hot
    • etc..

Note even when you don't want to send email, the functional/service account will be still necessary.

Roomlist

LeftClick also supports RoomLists. These are collections of rooms identified by a single email address. This provides a easy and more compact way to specify the alternative rooms for a RoomGuide panel or the rooms to show in the overview on a Digital Signage player.

Creating a RoomList from the PowerShell can be done as follows:

$RoomAlias = Get-Mailbox -RecipientTypeDetails RoomMailbox -Filter {Office -eq 'HQ'} | select -ExpandProperty Alias
New-DistributionGroup -RoomList -Name 'HQ' -Members $RoomAlias

Missing or incorrect subject name

If you only see the organizer name as the subject on the RoomGuides that can have 2 issues.

  • The room is configured to add the organizer to the subject
  • The functional/service account (in case of EWS) has insufficient permissions

You can disable this using the PowerShell:

Set-CalendarProcessing  Identity roomname@domain.com -AddOrganizerToSubject $false -DeleteSubject $false -DeleteComments $false -RemovePrivateProperty $false

Modify the command to fit your personal needs. For more documentation, see Calendar Processing.

Overriding room names

Sometimes the room is or should be named differently than you want to show on the RoomGuide or a Digital Signage player. When you want to override the display name in the LeftClick CMS, use the standard email address format with your custom name.

For example, use : My Custom Room Name <meetingroom@domain.com> instead of just meetingroom@domain.com to override the name.

Privacy and security

The ability to access calendar data from LeftClick managed devices can raise some questions about privacy and security. For this and many other reasons LeftClick is ISO27001 and NEN7510 certified. With this certification we grantee that we treat you information in a secure way.

Our privacy statement and update policy can be found here.

Our ISO and NEN certificates can be downloaded here:
* ISO72001
* NEN7510

The certification is not just our data center but covers:

  • LeftClick B.V. (the company)
  • Software development
  • Hardware development
  • Hardware production
  • Data center (located in the EEA)

Regular penetration testing on all of these areas are part of our process to keep our products secure and updated.

To be able to grantee this security level LeftClick develops hardware that will match the software needs, measures like SecureBoot and disk encryption are needed in case of a device gets in the wrong hands.

Feel free to contact us if there are questions about this area.

Privacy and security