Configuring Exchange on-premises for One-Touch Join

This topic describes how to implement Pexip Infinity's One-Touch Join feature in a Microsoft Exchange on-premises environment, by using a service account authenticated using basic authentication to enable the One-Touch Join service to access calendars used for OTJ.

The process involves the following steps, described in detail in the sections that follow:

  1. Creating a service account for One-Touch Join. This service account will be used by One-Touch Join to read each room resource's calendar.

    This should be a different service account to that used for VMR Scheduling for Exchange, because the configuration will be different.

  2. Configuring Application Impersonation on the service account.

    For more information and guidelines on the use of application impersonation in Exchange, see Permitting the service account to access calendars.

  3. Enabling the authentication method used for the service account — either NTLMv2 or basic authentication.
  4. Configuring calendar processing within Exchange.
  5. Creating an associated Exchange integration on Pexip Infinity.

Prerequisites

Before you begin, ensure that the following configuration is complete:

  1. Ensure each physical room that will have a One-Touch Join endpoint in it has an associated room resource with an email address.
  2. Enable auto calendar processing for each room resource, so that the room will automatically accept meeting requests if it is available, and automatically decline an invitation if it is already booked.
  3. We recommend that if you are using Safe Links, you modify your Safe Links policy so that URLs are not rewritten in any meeting invitations sent to room resources used by One-Touch Join endpoints.
  4. Ensure you have access to your Exchange Admin Center (EAC) web interface, and access to Exchange Management PowerShell.
  5. If your Exchange server does not use a globally trusted certificate, you must upload a custom CA certificate.

Checking calendar processing settings

The following PowerShell command can be used to check calendar processing settings on all of the rooms in the Distribution Group that was created for One-Touch Join.

We recommend copying and saving this as a file and running it from within PowerShell.

Before running, ensure that you edit $otj_group_id = "otjrooms@example.com" to use the email of the Distribution Group used in your own deployment.

Copy to clipboard
$deleted_subjects = @()
$organizer_added = @()
$deleted_bodies = @()
$private_flag_reset = @()
$not_auto_accept = @()
$process_external = @()
$otj_group_id = "otjrooms@example.com"

Get-DistributionGroupMember -Identity $otj_group_id -ResultSize Unlimited | ForEach-Object {
    Write-Host "Checking room '$($_.name)'"
    $processing = Get-CalendarProcessing -Identity $_.name
    $pass = $true
    if ($processing.DeleteSubject) {
        Write-Host "WARNING: The room '$($_.name)' is deleting the meeting subject" -ForegroundColor Red
        $deleted_subjects += $_.name
        $pass = $false
    }
    if ($processing.AddOrganizerToSubject) {
        Write-Host "WARNING: The room '$($_.name)' is adding the organizer to the meeting subject" -ForegroundColor Red
        $organizer_added += $_.name
        $pass = $false
    }
    if ($processing.DeleteComments) {
        Write-Host "WARNING: The room '$($_.name)' is deleting the meeting body" -ForegroundColor Red
        $deleted_bodies += $_.name
        $pass = $false
    }
    if ($processing.RemovePrivateProperty) {
        Write-Host "WARNING: The room '$($_.name)' is clearing the private flag on meetings" -ForegroundColor Red
        $private_flag_reset += $_.name
        $pass = $false
    }
    if ($processing.AutomateProcessing -ne "AutoAccept") {
        Write-Host "WARNING: The room '$($_.name)' is not configured to Auto Accept. Processing='$($processing.AutomateProcessing)'" -ForegroundColor Red
        $not_auto_accept += $_.name
        $pass = $false
    }
    # Optional permission for allowing the external invites:
    if ($processing.ProcessExternalMeetingMessages) {
        Write-Host "The room '$($_.name)' is configured to process external (forwarded) meetings"
        $process_external += $_.name
    }
    if ($pass) {
        Write-Host "INFO: All checks passed for room '$($_.name)'" -ForegroundColor Green
    }
}

Write-Host "Summary:"
Write-Host "There are $($deleted_subjects.count) rooms deleting the meeting subject"
    if ($deleted_subjects) {
        Write-Host $deleted_subjects -Separator ", "
        Write-Host ""
}
Write-Host "There are $($organizer_added.count) rooms adding the organizer to the meeting subject"
    if ($organizer_added) {
        Write-Host $organizer_added -Separator ", "
        Write-Host ""
}
Write-Host "There are $($deleted_bodies.count) rooms deleting the meeting body"
    if ($deleted_bodies) {
        Write-Host $deleted_bodies -Separator ", "
        Write-Host ""
}
Write-Host "There are $($private_flag_reset.count) rooms clearing the private flag on meetings"
    if ($private_flag_reset) {
        Write-Host $private_flag_reset -Separator ", "
        Write-Host ""
}
Write-Host "There are $($not_auto_accept.count) rooms not configured to Auto Accept"
    if ($not_auto_accept) {
        Write-Host $not_auto_accept -Separator ", "
        Write-Host ""
}
Write-Host "There are $($process_external.count) rooms configured to process external (forwarded) meetings"
    if ($process_external) {
        Write-Host $process_external -Separator ", "
        Write-Host ""
}

Next steps

You must now configure the remainder of the One-Touch Join components on Pexip Infinity, as described in Configuring Pexip Infinity for One-Touch Join.