Click on images to see them in full screen

Microsoft 365 Graph

From Door Tablet V8.5 the primary method for accessing Microsoft 365 Tenant is by using the Door Tablet for Microsoft Graph. To read about the platform please follow this link:

Key differences between the EWS and Graph implementation
Microsoft Graph is the next generation APIs for access to Microsoft 365. In due course support for EWS will end. Microsoft Graph provides many advantages and these apply to the Door Tablet access to the platform. The following points should be noted:

  1. Your existing Microsoft 365 Tenant is used
  2. Impersonation is not supported in Graph. When creating resources you will need to issue commands to grant your service account "Editor" right to the resource calendar
  3. Performance is enhanced with Graph - at all levels it appears faster compared to EWS
  4. All functionality offered by Door Tablet on EWS is available in Door Tablet on Graph
  5. Security is handled differently in Graph and initial administrative tasks are required to facilitate Door Tablet access to your Microsoft 365 Tenant
  6. Graph is in version 1.0 but appears to be very stable and is classed "Production Ready"

Enabling Door Tablet to Access your Microsoft 365 Tenant
Download and install Door Tablet 8.5 or later. Before you start on Door Tablet set-up, you need to register the Door Tablet application here: You will be required to sign in, use your Microsoft 365 account.

You will be greeted with the following dashboard:

On the Microsoft Azure dashboard, click on the "Azure Active Directory", from here choose the "App registrations" option and click on "New registration".

You can now name your application and choose the supported account types. You do not have to call it "Door Tablet" but we suggest you do.

After this, you should see an application (client) id on the dashboard.

Your application is now created.

Next, handle Authentication.

Type https://localhost. This URL will fail later, which is OK.

Note: if you use MFA or an ID management system such as Okta, OneID and the like, you need to bypass this for the Door Tablet service account. The communication between Door Tablet and MS 365 is a Server to Server communication that begins with authentication. That authentication must be performed hands-free and direct from our server to the target MS 365 server. All ID management solutions should allow you to bypass them for certain users.

Next: Client secrets
We will need to set up a client secret in order to generate a new password. See below:

From here you can add a new client secret and set the expiration date (if you wish).

Now copy your newly created secret. This will be needed in the Door Tablet system profile.

The final step here is to add permissions to the Application under Delegated Permissions:

To do this, click on the "API permissions" option found on the dashboard:

From here, you will need the five showing here:
  1. Calendars.ReadWrite.Shared
  2. Mail.Send
  3. People.Read.All
  4. User.ReadBasic.All
  5. User.Read.All
  6. Place.Read.All

Please note that Place.Read.All scope was added to Door Tablet from V9.7.

After adding the roles, your list should show this list of scopes:

You will now need to Grant admin consent for you organisation

After confirmation...

Enabling Access to your Resources Calendars
As mentioned before, Impersonation is not support in Graph. For this purpose you will need to grant the Service Account you use in Door Tablet "Editor" rights to the Calendar folder of your resources. To do this you will need to connect to Microsoft 365 as already described here Database 'Door Tablet HELP', View 'Help Documents', Document 'Office 365'. The command you need to issue for each resource is:
Add-MailboxFolderPermission <room-alias>:\Calendar -User <service-account-name> -AccessRights Editor
For example:
Add-MailboxFolderPermission Amsterdam:\Calendar -User doortablet -AccessRights Editor

Connecting the Door Tablet Server to Microsoft 365 over Graph
Before you connect using Graph, the Door Tablet setting record looks like this. Note: you can still test your connection, as before. Note: from this version of Door Tablet you no longer specify the path to Microsoft 365 server farms. Now click on the check box "Use Microsoft Graph Technology".

Once you click on the check box, perform the following, in the order shown:
  1. Copy and paste the Application ID from the Application you defined above
  2. Copy and paste the Application Password
  3. Click on the link to Admin-Authorise the application

When you click on the link the following pop-up will appear:

Once you click on "Accept", you will get this, which is OK:

Test your connection to Microsoft 365 using Graph
You are now ready to test your connection to Microsoft 365 using Graph Technology.
Note: the number of resources found when using Microsoft Graph will be different to when using Microsoft EWS. The reason for this is that in EWS, Door Tablet searches only resources in RoomLists. When using Graph the Door Tablet server scans all resources, irrespective of RoomLists.

Another way you can check your connection is by going onto the Microsoft graph explorer developer site, which can be found here:

You will need to sign in by using your Microsoft account. From here you can insert the following URL and press run query:$top=2500

From here you should see the rooms you've created appear in the response preview below. An example of this can be seen below:

Please note that the following permission is granted...

If your results come back blank, you might have not consented to some of the permissions needed. To check this on Graph explorer click on the modify permissions option and check that the following has been ticked:

Once this is done click on the modify permissions button on the bottom right side of the menu. This will save the new permissions, run the query again and you should receive a successful response.