Configuring Office 365 using EWS for One-Touch Join

This topic describes how to implement Pexip Infinity's One-Touch Join feature in a Microsoft Office 365 environment, by using a service account authenticated using OAuth and the EWS API to enable the One-Touch Join service to access calendars used for OTJ.

The EWS API is being deprecated by Microsoft, after which any deployments that use the EWS API will no longer work. These deployments must be updated to use the Graph API to provide access to room resource mailboxes. This topic is intended as a reference only.

The process involves the following steps, described in detail in the sections that follow:

  1. Creating a service account for One-Touch Join. This service account will be used by One-Touch Join to read each room resource's calendar.

    This should be a different service account to any used for VMR Scheduling for Exchange, because the configuration will be different.

  2. Configuring Application Impersonation on the service account.

    For more information and guidelines on the use of application impersonation in Exchange, see Permitting the service account to access calendars.

  3. Configuring calendar processing within Exchange.
  4. Enabling OAuth authentication for the service account.
  5. Creating an associated Exchange integration on Pexip Infinity.


Before you begin, ensure that the following configuration is complete:

  1. Ensure each physical room that will have a One-Touch Join endpoint in it has an associated room resource with an email address.
  2. Enable auto calendar processing for each room resource, so that the room will automatically accept meeting requests if it is available, and automatically decline an invitation if it is already booked.
  3. We recommend that if you are using Safe Links, you modify your Safe Links policy so that URLs are not rewritten in any meeting invitations sent to room resources used by One-Touch Join endpoints.
  4. Ensure that you have a Microsoft license available for the service account; this is required for the service account to access Exchange.
  5. Ensure you have admin access to your Office 365 web interface, and access to the Microsoft Exchange Online and Azure Active Directory Modules for Windows PowerShell. (If you are connecting from your Windows PC for the first time, you may need to install these modules. See these Microsoft articles about connecting to Exchange online and Microsoft 365 with PowerShell for more information.)
  6. Ensure you have access to your Exchange Admin Center (EAC) web interface, and access to Exchange Management PowerShell.
  7. If your Exchange server does not use a globally trusted certificate, you must upload a custom CA certificate.

Next steps

You must now configure the remainder of the One-Touch Join components on Pexip Infinity, as described in Configuring Pexip Infinity for One-Touch Join.