Enabling Exchange Online integration in Planner
This guide will help you configure Planner Cloud with integration to Exchange Online (O365), and finally how to distribute the Planner Outlook Add-in to users.
Pre-requisites:
You have a Planner cloud site and an initial login for setting to Planner.
You have permission on Azure to consent services in Planner to access Azure AD and Exchange Online
Steps in this guide:
Step 1: Giving Planner permissions to access applications in Office 365
Step 2: Identifying Planner users and roles in Azure AD
Step 3: Enabling Single Sign On (SSO) via Azure AD
Each of the listed steps above is required and must be applied in the order listed.
Setting up Planner's Azure AD access
Permissions for Planner to access Azure AD will require 3 steps:
Consult the appendix "Description of required Azure AD permissions" in the last section of this guide for a thorough description of the required permission set.
Access the Calendar Service by navigating to: Administration->Settings->Integration->Calendar Synchronization
Click “Connect” and follow the instructions flow in Azure AD consent with the required permissions.
Planner - Office 365 Add-In
Go to: Administration->Settings->Microsoft Graph
Instructions for Azure and Planner
Click “Add Consent” and follow the instructions flow in Azure to allow the consent.
Planner
Go to: Administration->Settings->Import Users
Click “New Import Job”
Fill in with a name – ex. “Azure AD”
Choose “Azure Active Directory (Admin Consent)”
Leave “Group filter prefix” blank. It can be used to limit the groups Pronestor searches for to optimize performance.
Toggle whether to import disabled accounts. Useful if you use shared calendars.
“Default location” – choose the default location for new users
“Default User Language” – choose the default language for new users
“Default company” – choose the default company for new users
Set “Login format” to “UserPrincipalName”
Click “Create”
Edit the “Azure AD” import job in the list
Click “Grant Consent” and follow the instructions flow in Azure to allow the consent
Azure User Import and Setup Guide
Start with the user import and create a user import job as described in this guide:
Group linking
You need to link the Active Directory groups to Planner rights. This is handled inside Planner administration module.
Click “Settings”
Click “Import users”
Click "New Import job"
Set a name
Set Data source to "Azure Active Directory (Admin consent)"
Set Login format to "UserPrincipalName"
Click "Create"
Click "Grant Consent" (with Azure permissions)
Setup automatic scheduling
The import works, but you want it to run nightly to ensure it stays up to date
Click "Settings"
Click "Import users"
Find your import job
Click "Edit"
Click "General"
Click the grey box in front of "Enable automatic scheduling"
Pick a time and click "Save"
If you are in a Danish timezone, DON'T choose 2:00 as the scheduled time. The scheduled time follows UTC time, and 2:00 UTC time is the time your site restarts during Danish summer-time. Your Azure integration is complete.
Enabling Single Sign On (SSO) via Azure AD
Set Planner as a trusted domain on your Azure
Scroll down and click "Custom domain names"
Click "+Add custom domain"
Type in your link. The link needs to be based on your Planner url. In the picture I used guidedemo.tryingplanner.com but your link should be [customername].pronestor.com where [customername] is replaced with your customername.
Click "Add domain"
Get your Destination or points to address. Please copy it since you need to send it to [email protected] for verification.
Create an application
Click "App Registrations"
Click "+New registration"
Give the Application a name and choose single tenant and click register
Set Redirect URIs
Click "Add a Redirect URI"
Click "+Add a platform"
Click "Web"
Now you need to add a link. The link needs to be based on your Planner url. In the picture I used https://guidedemo.tryingplanner.com/Booking.NET/Login.mvc/Login but your link should be https://[customername].pronestor.com/Booking.NET/Login.mvc/Login where [customername] is replaced with your customername.
Then click "Configure"
Click "Add URI"
Here we add another URL that you need to build. The link needs to be based on your Planner url. In the picture I used https://guidedemo.tryingplanner.com/Booking.NET/Login.mvc/RedeemAuthorizationCode but your link should be https://[customername].pronestor.com/Booking.NET/Login.mvc/RedeemAuthorizationCode where [customername] is replaced with your customername.
Then click "Save"
Set Application ID URI
Click "Add an Application ID URI"
Click "Set"
Setting up the link
The link needs to be based on your Planner url. In the picture I used https://guidedemo.tryingplanner.com/Booking.NET/Login.mvc/Login but your link should be https://[customername].pronestor.com/Booking.NET/Login.mvc/Login where [customername] is replaced with your customername.
Follow these steps:
Fill in the link and click "Save
Appendix: Description of required Azure AD permissions
This appendix describes the Azure AD applications that need to be granted consent by a Azure AD tenant admin to function.
You will find a list of the requested scopes for each Azure AD application, along with an explanation for why each of them is needed.
Applications
Planner
Calendar Service
Planner - Office 365 Add-In
Supported settings on Exchange meeting rooms
To ensure the communication between Planner and Exchange your Meeting rooms in Exchange, the following constraints/requirements must be ensured on the rooms in Exchange.
Max 180 days for future reservations/appointments - which needs to be set for the Exchange resource on Exchange
Conflicts in Exchange resource calendars must be set to false
Infinite series not supported - an end date or limited recurrences must be set for the occurrence, otherwise Planner will decline the bookings in the Appointment
Hide Exchange resource in Outlook can be done via "Hide in GAL" in Exchange - which will prevent the resource from being looked up when not using the Planner Office Add-in