What is Graph API?

Graph API is Microsoft's new interface for accessing office 365 Calendars, Mail, Profiles and other enterprise information. Graph API also uses the Microsoft Modern Authentication which enables application access without requiring to store user IDs or passwords. This will allow your administrator's to grant access to Quicklaunch, rather than Quicklaunch storing user IDs and passwords.


Graph API is the replacement for Exchange Web Services  - for more information see this article:

https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-april-2020-update/ba-p/1275508 


To understand more of what information Quicklaunch accesses, please see: What Corporate Information Does Quicklaunch Access?



Contents

  1. Three Options for Connecting Quicklaunch to Graph API
  2. Prerequisites
  3. Setup Graph API using App Consent
  4. Setup Graph API with Customer Secret
  5. Setup Graph API with Customer Certificate
  6. Setting up Multiple Conference Rooms
  7. Restricting Access only to Conference Room Accounts




1. Three Options for Connecting Quicklaunch to Graph API


Graph App Consent (most common setup)


This uses the Quicklaunch App Registration to connect to your Enterprise's Calendar, Mail and user profiles.  It is the simplest to setup but does require wide open access to your enterprise's calendar, mail and user profiles.  Using policies, this access can be limited to just the room accounts.


Graph Customer Secret (advanced)


In this option, you set up your own Azure App Registration and use it to connect Quicklaunch to Graph API.  This takes more effort to setup, but will allow very fined grained security control over the information exposed to Quicklaunch.  It requires your app registration and secret to be entered into Quicklaunch.    You can use one App Registration for the enterprise, or a division or even for each room.  Your choice.


Note: this option is unsupported by UCW and requires advanced skills in Azure, if you are not fluent in Azure and app registration, we offer configuration services to help you set up your environment.


Graph Customer Certificate (advanced)


In this option, you set up your own Azure App Registration and use it to connect Quicklaunch to Graph API.  This takes more effort to setup, but will allow very fined grained security control over the information exposed to Quicklaunch.  Thiis option requires creating a certificate on the conference room computer.  The certificate eliminates the requirement for an app secret.  You can use one App Registration for the enterprise, or a division or even for each room.  Your choice.


Note: this option this option is unsupported by UCW and requires advanced skills in Azure and certificate management, if you are not fluent in Azure and app registration, we offer configuration services to help you set up your environment.


2. Prerequisites

In order to setup Quicklaunch with Graph API you will require an Azure administrator.  The administrator is required to give permissions to Quicklaunch, and optionally set up the App registration and Certificate.


To see what information Quicklaunch accesses, see: https://quicklaunch.ucworkspace.com/en/support/solutions/articles/3000099719-what-corporate-information-does-quicklaunch-access


3. Setup Graph API using App Consent

See this article https://quicklaunch.ucworkspace.com/en/support/solutions/articles/3000101638-setup-graph-api-using-app-consent


4. Setup Graph API with Customer Secret


See this article: https://quicklaunch.ucworkspace.com/en/support/solutions/articles/3000101640-setup-graph-api-using-graph-customer-secret


5. Setup Graph API with Customer Certificate


See this article: https://quicklaunch.ucworkspace.com/en/support/solutions/articles/3000101646-setup-graph-api-with-customer-certificate


6. Setting up Multiple Conference Rooms



7. Revoking Quicklaunch Access to your Enterprise

  1. Have the Azure Admin, sign into the Azure portal
  2. Go to "Enterprise Applications"
  3. Select the Quicklaunch application
  4. Click on Properties
  5. Click on Delete
  6. Restart Quicklaunch on the conference room computer.





8. Restricting Access only to Conference Room Accounts


You may not want Quicklaunch to have access to all calendars in your enterprise.  Note this option is unsupported by UCW and  requires advanced Azure skills. See the following FAQ on how to limit access to only conference room accounts using policies.   Limiting Quicklaunch Graph API Calendar Access