Enabling Exchange Online integration in Planner
This guide will help you configure Planner Cloud with integration to Exchange Online (O365), and finally how to distribute the Planner Outlook Add-in to users.
Pre-requisites:
You have a Planner cloud site and an initial login for setting to Planner.
You have permission on Azure to consent services in Planner to access Azure AD and Exchange Online
Steps in this guide:
Step 4: Deployment of Office Add-In
Each of the listed steps above is required and must be applied in the order listed.
Giving Planner permissions to access applications in Office 365
Permissions for Planner to access Azure AD will require 3 steps.
For a thorough description of the required permission set – please consult the appendix “Description of required Azure AD permissions” which you will find in the last section in this guide.
Calendar Service
Go to: Administration->Settings->Integration->Calendar Synchronization
Click “Connect” and follow the instructions flow in Azure AD consent with the required permissions.
Planner - Office 365 Add-In
Go to: Administration->Settings->Microsoft Graph
Click “Add Consent” – and follow the instructions flow in Azure to allow the consent.
Planner
Go to: Administration->Settings->Import Users
Click “New Import Job”
Fill in with a name – ex. “Azure AD”
Choose “Azure Active Directory (Admin Consent)”
Leave “Group filter prefix” blank. It can be used to limit the groups Pronestor searches for to optimize performance.
Toggle whether to import disabled accounts. Useful if you use shared calendars.
“Default location” – choose the default location for new users
“Default User Language” – choose the default language for new users
“Default company” – choose the default company for new users
Set “Login format” to “UserPrincipalName”
Click “Create”
Edit the “Azure AD” import job in the list
Click “Grant Consent” – and follow the instructions flow in Azure to allow the consent
Identifying Planner users and roles in Azure AD
Start with the user import and create a user import job as described in this guide:
Group linking
You need to link the Active Directory groups to Planner rights. This is handled inside Planner administration module.
Click “Settings”
Click “Import users”
Click "New Import job"
Set a name
Set Data source to "Azure Active Directory (Admin consent)"
Set Login format to "UserPrincipalName"
Click "Create"
Click "Grant Consent" (with Azure permissions)
Click Continue to linking for setting up the relation between groups in AD and Planner
Setup automatic scheduling
The import works, but you want it to run nightly to ensure it stays up to date
Click "Settings"
Click "Import users"
Find your import job
Click "Edit"
Click "General"
Click the grey box in front of "Enable automatic scheduling"
Pick a time and click "Save"
If you are in a Danish timezone, DO NOT choose 2:00 as the scheduled time. The scheduled time follows UTC time, and 2:00 UTC time is the time your site restarts during Danish summer-time. Your Azure integration is complete.
Enabling Single Sign On (SSO) via Azure AD
Set Planner as a trusted domain on your Azure
Note, this is essential for Single sign on, but if you don't need single sign on, you can skip this chapter and chapter "Set Application ID URI"
Login to your azure at https://portal.azure.com/
Scroll down and click "Custom domain names"
Click "+Add custom domain"
Type in your link. The link needs to be based on your Planner url.
Your link should be [customername].pronestor.com where [customername] is replaced with your customername.
Click "Add domain"
Then you get your Destination or points to address. Please copy it since you need to send it to [email protected] for verification.
Create an application
Login to your azure at https://portal.azure.com/
Click "App Registrations"
Click "+New registration"
Give the Application a name and choose single tenant and click register
Set Redirect URIs
Click "Add a Redirect URI"
Click "+Add a platform"
Click "Web"
Now you need to add a link. The link needs to be based on your Planner url.
Your link should be https://[customername].pronestor.com/Booking.NET/Login.mvc/Login where [customername] is replaced with your customername.
Then click "Configure"
Click "Add URI"
Here we add another URL that you need to build. Your link should be https://[customername].pronestor.com/Booking.NET/Login.mvc/RedeemAuthorizationCode where [customername] is replaced with your customername.
Then click "Save"
Set Application ID URI
Click "Add an Application ID URI"
Click "Set"
The link needs to be based on your Planner url. Your link should be https://[customername].pronestor.com/Booking.NET/Login.mvc/Login where [customername] is replaced with your customername.
Fill in the link and click "Save"Appendix: Description of required Azure AD permissions
Deployment of Office Add-in
Now deploy the O365 add-in for the users involved in testing.
Please be aware that the O365 add-in roll-out for all users should be done 24-36 hours prior to launch, as Microsoft may require 24 hours to complete it.
Requirements for installation of add-ins
To complete this guide you need:
Microsoft Outlook for Office 365 or Microsoft Outlook Web for Office 365
SSO setup with your Cloud solution
Manifest file from your administrator
Planner with Full Exchange Integration
Our Microsoft Outlook Office 365 Pronestor add-in are not compatible with our VSTO add-in, remember to uninstall it before installing your outlook Office 365 Pronestor add-ins
How to roll out the add-in for all users
The Pronestor Office Add-in can be installed either by the users or centralized deployment on behalf of individual users, user groups, or the entire corporation.
If you are users are to install the add-in themselves - please follow the section "Manuel installation" below. If deployment is to happen centralized on behalf of multiple users - please follow the section "Centralized deployment of add-in".
Centralized deployment of add-in
Require O365 administrator permissions.
Open Microsoft 365 admin center in Office 365
Click settings in the left side menu and choose Integrated Apps
Choose "Add-ins" - in the top section where it refers to "Line of business apps"
Save manifest file from your Planner site [Administration → Settings → Other Settings]
Choose "Deploy add-in" - which will guide you on how to deploy the add-in to Outlook users in your organization
Select "Deploy custom add-in" and choose "Upload custom apps"
Choose "I have a FILE for the manifest file" and load the manifest the Pronestor add-in manifest
Click "Upload"
Please follow the rest of the steps onscreen to choose users who should have the add-in install
We do recommend following the recommendation by Microsoft - that is, choose a small set of users to validate the installation and distribution before, distributing it corporate-wide.
Please be aware that the deployment can take up to 24 hours for Microsoft to complete the distribution.
For further information on centralized deployment - please refer to the following guide from Microsoft
Appendix
Description of Required Azure AD Permissions
This appendix describes the Azure AD applications that need to be granted consent by a Azure AD tenant admin to function.
You will find a list of the requested scopes for each Azure AD application, along with an explanation for why each of them is needed.
Applications
Planner
Permission | Purpose |
Read all groups | This permission is used for reading all the Azure AD groups, which are then used in the import for mapping users from the correct Azure AD group into their respective Planner user group. |
Read all users’ profiles | This permission is used for reading users’ profiles (name, email etc.) when importing the users into their respective user group in Planner. |
Sign in and read user profile | This permission is always enabled when requesting admin consent and cannot be removed. |
Calendar Service
Permission | Purpose |
Read and write calendars in all mailboxes | This permission is needed for the service to read and write calendar events when synchronizing. |
Sign in and read user profile | This permission is always enabled when requesting admin consent and cannot be removed. |
Planner - Office 365 Add-In
This Azure AD application is used by Planner to provide functionality for the Office 365 Add-In which ensures that the Add-In can get events created in Office 365 with the Add-In, into Planner.
Permission | Purpose |
Read calendars in all mailboxes | This permission is used by the Office 365 Add-In (through Planner), to get a global unique identifier for a calendar event, ensuring that we can uniquely identify it across calendars in Office 365. |
Sign in and read user profile | This permission is always enabled when requesting admin consent and cannot be removed. |
Supported settings on Exchange meeting rooms
To ensure the communication between Planner and your Meeting rooms in Exchange, the following constraints/requirements must be ensured on the rooms in Exchange.
To see the full list supported settings for Exchange meeting rooms, check out THIS article.
Max 180 days for future reservations/appointments - which needs to be set for the Exchange resource on Exchange
Conflicts in Exchange resource calendars must be set to false
Infinite series not supported - an end date or limited recurrences must be set for the occurrence, otherwise Planner will decline the bookings in the Appointment
Hide Exchange resource in Outlook can be done via "Hide in GAL" in Exchange - which will prevent the resource from being looked up when not using the Planner Office Add-in