Enabling Exchange Online integration in Planner
This guide will help you configure Planner Cloud with integration to Exchange Online (O365), and finally how to distribute the Planner Outlook Add-in to users.
Pre-requisites:
You have a Planner cloud site and an initial login for setting to Planner.
You have permission on Azure to consent services in Planner to access Azure AD and Exchange Online
Steps in this guide:
Step 4: Deployment of Office Add-In
Each of the listed steps above is required and must be applied in the order listed.
Giving Planner permissions to access applications in Office 365
Permissions for Planner to access Azure AD will require 3 steps.
For a thorough description of the required permission set – please consult the appendix “Description of required Azure AD permissions” which you will find in the last section in this guide.
Calendar Service
Go to: Administration->Settings->Integration->Calendar Synchronization
Click “Connect” and follow the instructions flow in Azure AD consent with the required permissions.
Planner - Office 365 Add-In
Go to: Administration->Settings->Microsoft Graph
Click “Add Consent” – and follow the instructions flow in Azure to allow the consent.
Planner
Go to: Administration->Settings->Import Users
Click “New Import Job”
Fill in with a name – ex. “Azure AD”
Choose “Azure Active Directory (Admin Consent)”
Leave “Group filter prefix” blank. It can be used to limit the groups Pronestor searches for to optimize performance.
Toggle whether to import disabled accounts. Useful if you use shared calendars.
“Default location” – choose the default location for new users
“Default User Language” – choose the default language for new users
“Default company” – choose the default company for new users
Set “Login format” to “UserPrincipalName”
Click “Create”
Edit the “Azure AD” import job in the list
Click “Grant Consent” – and follow the instructions flow in Azure to allow the consent
Identifying Planner users and roles in Azure AD
Start with the user import and create a user import job as described in this guide:
Group linking
You need to link the Active Directory groups to Planner rights. This is handled inside Planner administration module.
Click “Settings”
Click “Import users”
Click "New Import job"
Set a name
Set Data source to "Azure Active Directory (Admin consent)"
Set Login format to "UserPrincipalName"
Click "Create"
Click "Grant Consent" (with Azure permissions)
Click Continue to linking for setting up the relation between groups in AD and Planner
Setup automatic scheduling
The import works, but you want it to run nightly to ensure it stays up to date
Click "Settings"
Click "Import users"
Find your import job
Click "Edit"
Click "General"
Click the grey box in front of "Enable automatic scheduling"
Pick a time and click "Save"
If you are in a Danish timezone, DO NOT choose 2:00 as the scheduled time. The scheduled time follows UTC time, and 2:00 UTC time is the time your site restarts during Danish summer-time. Your Azure integration is complete.
Enabling Single Sign On (SSO) via Entra ID
Planner integrates with Microsoft Entra ID, allowing you to log in your Entra ID users as users within your Planner account. This article walks through that set-up process.
Adding Planner as an Enterprise Application in Entra ID
Navigate to Microsoft Entra ID > Enterprise Applications > New Application > Create your own application. Name the application SIS Planner and click the Create button.
SSO Configuration
Now that your enterprise application has been created, the next step is to configure its SSO settings:
1. Copy the Application ID and save it. You’ll need to provide it at the final step of this guide.
2. Select “Set up single sign on”, then “SAML”.
3. Enter information for your Basic SAML Configuration.
You are required to enter the Identifier and Reply URL in this section. Modify the following URL before entering into both fields:
Click the Save button and then the Close button.
Select No, I’ll test later on the pop-up that appears next
Gathering info for Sign In Solutions
Copy the Microsoft Entra identifier
Copy the Application ID you saved earlier
Share the information with a Sign In Solutions representative via the following form:
We will complete the rest of the setup within Planner and let you know when complete. After this you will be able to sign in to your Planner account via SAML-based Sign-on.
Deployment of Office Add-in
Now deploy the O365 add-in for the users involved in testing.
Please be aware that the O365 add-in roll-out for all users should be done 24-36 hours prior to launch, as Microsoft may require 24 hours to complete it.
Requirements for installation of add-ins
To complete this guide you need:
Microsoft Outlook for Office 365 or Microsoft Outlook Web for Office 365
SSO setup with your Cloud solution
Manifest file from your administrator
Planner with Full Exchange Integration
Our Microsoft Outlook Office 365 Pronestor add-in are not compatible with our VSTO add-in, remember to uninstall it before installing your outlook Office 365 Pronestor add-ins
How to roll out the add-in for all users
The Pronestor Office Add-in can be installed either by the users or centralized deployment on behalf of individual users, user groups, or the entire corporation.
If you are users are to install the add-in themselves - please follow the section "Manuel installation" below. If deployment is to happen centralized on behalf of multiple users - please follow the section "Centralized deployment of add-in".
Centralized deployment of add-in
Require O365 administrator permissions.
Open Microsoft 365 admin center in Office 365
Click settings in the left side menu and choose Integrated Apps
Choose "Add-ins" - in the top section where it refers to "Line of business apps"
Save manifest file from your Planner site [Administration → Settings → Other Settings]
Choose "Deploy add-in" - which will guide you on how to deploy the add-in to Outlook users in your organization
Select "Deploy custom add-in" and choose "Upload custom apps"
Choose "I have a FILE for the manifest file" and load the manifest the Pronestor add-in manifest
Click "Upload"
Please follow the rest of the steps onscreen to choose users who should have the add-in install
We do recommend following the recommendation by Microsoft - that is, choose a small set of users to validate the installation and distribution before, distributing it corporate-wide.
Please be aware that the deployment can take up to 24 hours for Microsoft to complete the distribution.
For further information on centralized deployment - please refer to the following guide from Microsoft
Appendix
Description of Required Azure AD Permissions
This appendix describes the Azure AD applications that need to be granted consent by a Azure AD tenant admin to function.
You will find a list of the requested scopes for each Azure AD application, along with an explanation for why each of them is needed.
Applications
Planner
Permission | Purpose |
Read all groups | This permission is used for reading all the Azure AD groups, which are then used in the import for mapping users from the correct Azure AD group into their respective Planner user group. |
Read all users’ profiles | This permission is used for reading users’ profiles (name, email etc.) when importing the users into their respective user group in Planner. |
Sign in and read user profile | This permission is always enabled when requesting admin consent and cannot be removed. |
Calendar Service
Permission | Purpose |
Read and write calendars in all mailboxes | This permission is needed for the service to read and write calendar events when synchronizing. |
Sign in and read user profile | This permission is always enabled when requesting admin consent and cannot be removed. |
Planner - Office 365 Add-In
This Azure AD application is used by Planner to provide functionality for the Office 365 Add-In which ensures that the Add-In can get events created in Office 365 with the Add-In, into Planner.
Permission | Purpose |
Read calendars in all mailboxes | This permission is used by the Office 365 Add-In (through Planner), to get a global unique identifier for a calendar event, ensuring that we can uniquely identify it across calendars in Office 365. |
Sign in and read user profile | This permission is always enabled when requesting admin consent and cannot be removed. |
Supported settings on Exchange meeting rooms
To ensure the communication between Planner and your Meeting rooms in Exchange, the following constraints/requirements must be ensured on the rooms in Exchange.
To see the full list supported settings for Exchange meeting rooms, check out THIS article.
Max 180 days for future reservations/appointments - which needs to be set for the Exchange resource on Exchange
Conflicts in Exchange resource calendars must be set to false
Infinite series not supported - an end date or limited recurrences must be set for the occurrence, otherwise Planner will decline the bookings in the Appointment
Optional settings on Exchange meeting rooms
You have the option to decide whether or not a meeting room (Exchange resource) is visible in Outlook.
Hiding the room in Outlook
If you set the room to “Hide in GAL” (Global Address List) in Exchange, it won’t show up when users search for it in Outlook. In the latest versions of Outlook, once a room is booked, its email address will appear in the meeting invite.Keeping the room visible
If you don’t hide it, users can easily find and book the room directly. Some organizations prefer to keep the room visible for a simpler booking experience.
No matter which option you choose, all bookings stay fully synchronized—whether they’re made through Outlook or in conjunction with our Outlook Add-in.