Articles in this section

Troubleshooting your Office 365 integration (Access Policy)

Avatar
Calendar Support Team
  • Updated
Follow

Prerequisites:

Understanding Office 365’s Access Policies:

  • Office 365 inherits a set of access controls from Exchange Web Services grouped under the EwsApplicationAccessPolicy, which allows you to whitelist or blacklist specific user agents from accessing Exchange Web Services.
  • This helps to achieve a more granular set of controls than the ability to deny access to all third-party apps in Azure Active Directory.
  • This access control list will allow or deny an application making a request to Exchange Web Services based on its User-Agent header.
  • You can set access policies for Block List and Allow List
    • Block Lists (EwsBlockList).  A Block List denies access to a specific User Agent (or third-party service) attempting to connect to your tenant.
    • Allow Lists (EwsAllowList). The more complex way of securing your tenant is to create a whitelist, and only allow specific agents (Outlook, Skype, Teams, Calendar, Etc.) access to your tenant. Any application that has not been explicitly allowed access on the whitelist will be denied.
 

Steps:

  1. Connecting to PowerShell.
    If you haven’t done so before, here’s a quick snippet for connecting to PowerShell.

    PS> $UserCredential = Get-Credential
PS> $O365Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $userCredential -Authentication Basic –AllowRedirection
PS> Import-PSSession $O365Session –AllowClobber -DisableNameChecking

  2. Verify the existing access policy method.

    PS> Get-OrganizationConfig | select EwsApplicationAccessPolicy
  3. Update your policy to allow Calendar.com.  This is based on the output from the previous step:
    1. If the Access policy is set to EnforceAllowList:

      1. view your current EWS Allow List.

        PS> Get-OrganizationConfig | select -ExpandProperty EWSAllowList

      2. If Calendar.com‘s user agent is not whitelisted, then run:

        PS> Set-OrganizationConfig -EwsAllowList @{add='calendar.com'}
  4.  OR, If Access policy is set to EnforceBlockList:

    1. view your current EWS Block List

      PS> Get-OrganizationConfig | select -ExpandProperty EWSBlockList

    2. If Calendar.com’s user agent is blocklisted, then run:

      PS> Set-OrganizationConfig -EwsBlockList @{remove='calendar.com'}
 
That’s it!
These settings may take a few minutes (up to an hour) to propagate.
 

Related articles

Comments

0 comments

Article is closed for comments.