Available in Quicklaunch 4.0.680.0


Why?

Quicklaunch uses Microsoft's Exchange Web Services (EWS) to access calendars, mail and user profiles.  However, Microsoft will be retiring Basic Authentication for EWS for access to Office 365 in 2021 and will be replacing it with their new Graph API.


Graph API is Microsoft's new interface for accessing office 365 Calendars, Mail, Profiles and other enterprise information. Graph API also uses the Microsoft Modern Authentication which enables application access without requiring to store user IDs or passwords. This will allow your administrator's to grant access to Quicklaunch, rather than Quicklaunch storing user IDs and passwords.


For more info about the retiring of Microsoft Basic Authentication for EWS, please see: https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-april-2020-update/ba-p/1275508 

   


Contents

1.Planning


2. Setting Up a New Installation of Quicklaunch with Graph API

1a) New Installation of Quicklaunch and you have never Granted Access

1b) New Install of Quicklaunch and you have previously Granted Access to Quicklaunch


3. Migrating Existing Conference Room from EWS to Graph API

2a) Existing Installation of Quicklaunch and you have never Granted Access

2b) Existing Installation of Quicklaunch and you have previously Granted Access


4. Setting up Multiple Conference Rooms


5. Revoking Quicklaunch Access to your Enterprise


6. Restricting Access only to Conference Room Accounts





1. Planning

Moving to Graph API with Quicklaunch is pretty straightforward.  In Quicklaunch settings, the Account login is set to use "Graph - App Consent", and then your enterprise administrator grants access to Quicklaunch.  From then on, Quicklaunch will use your organization's Tenant ID to access your enterprise information.


One Quicklaunch is granted access once, the same Tenant ID can be used on all your other installations of Quicklaunch without requiring an administrator to grant access each time.


To see what information Quicklaunch accesses, see: https://quicklaunch.ucworkspace.com/en/support/solutions/articles/3000099719-what-corporate-information-does-quicklaunch-access


Quicklaunch's access to the enterprise information can be limited to a group of the conference room accounts by using and Exchange Application Access policy.




2. Setting Up a New Installation of Quicklaunch with Graph API

2a) New Installation of Quicklaunch and you have never Granted Access

  1. Install Quicklaunch on a fresh computer
  2. The Quicklaunch Setup Wizard will start
  3. Run through the Wizard
  4. For the account, select Exchange
  5. Select Graph - App Consent
  6. Click on "Grant Access to Quicklaunch"
  7. Have your enterprise administrator sign into Azure
  8. Click "Accept" to accept the permissions for Quicklaunch
  9. Your enterprise tenant ID will them be put into Quicklaunch
  10. Enter the room account calendar email, click verify
  11. Click on next and complete the installation

















2b) New Install of Quicklaunch and you have previously Granted Access to Quicklaunch


  1. Get your enterprise tenant ID from Azure -> Active Directory -> Info
  2. Install Quicklaunch on a fresh computer
  3. The Quicklaunch Setup Wizard will start
  4. Run through the Wizard
  5. For the account, select Exchange
  6. Select "Graph - App Consent"
  7. Enter your tenant ID in the space provided
  8. Enter your room account calendar email, click verify
  9. Click next and finish with the setup wizard







3. Migrating Existing Conference Room from EWS to Graph API

3a) Existing Installation of Quicklaunch and you have never Granted Access

  1. This must be done by an administrator who has Azure Tenant Admin rights
  2. In Quicklaunch, go to settings -> Accounts
  3. Enter the room accounts user ID
  4. Under the desired domain, change the account authentication settings to Graph - App Consent
  5. Click on "Grant Access to Quicklaunch"
  6. Have your enterprise administrator sign into Azure
  7. Click "Accept" to accept the permissions for Quicklaunch
  8. Your enterprise tenant ID will then be put into Quicklaunch
  9. Click on next and complete the installation




3b) Existing Installation of Quicklaunch and you have previously Granted Access

  1. Get your enterprise tenant ID from Azure -> Active Directory -> Info
  2. In Quicklaunch, go to Settings -> Accounts
  3. Enter the room account user ID
  4. Under the desired domain, change the account authentication settings to "Graph - App Consent"
  5. Enter your tenant ID in the space provided
  6. Click on Save






4. Setting up Multiple Conference Rooms


  1. On a test computer, setup Quicklaunch with Graph as outlined above
  2. Make appropriate individual room changes use the Settings File Generator (see: https://quicklaunch.ucworkspace.com/en/support/solutions/articles/3000091266-bulk-creation-of-quicklaunch-settings-files-with-the-quicklaunch-settings-file-generator )
  3. NOTE: with Graph API you do not need to have a RoomAccountPassword 
  4. Deploy to all conference room computers (see: https://quicklaunch.ucworkspace.com/en/support/solutions/articles/3000099291-how-to-preload-quicklaunch-with-a-settings-file- )



5. Revoking Quicklaunch Access to your Enterprise

  1. In Azure portal, sign in with a tenant admin account
  2. Go to "Enterprise Applications"
  3. Select the Quicklaunch application
  4. Click on Properties
  5. Click on Delete
  6. Restart Quicklaunch on the conference room computer.





6. Restricting Access only to Conference Room Accounts

You may not want Quicklaunch to have access to all calendars in your enterprise.  See the following FAQ on how to limit access to only conference room accounts.   Limiting Quicklaunch Graph API Calendar Access