Quicklaunch reads and updates a variety of calendar and profile information. The list below itemizes the information accessed and if it can be disabled in Quicklaunch settings. This applies to all access mechanisms: Exchange Web Services (EWS), Graph API or Google API.
CAUTION: this is an advanced setup and is not supported by UC Workspace. Setting up Graph API using your own app registration requires a solid understanding of Azure Active Directory and Azure App Registration. UC workspace can help with your Azure setup through our paid configuration services.
| Type of Information | Can be disabled in Quicklaunch? | Type of Access |
| Name, email and photo of meeting organizer | show organizer image can be disabled | read |
| Calendar items for the room account or change user (details, attendees, organizer, start time), attachments | details & subject can be disabled | read |
| Add the room account to the calendar item (in change user, add the room to the meeting) | add | |
| Send email using the room account or change user account | Send emails can be disabled | call |
| Update organizer's calendar with add participants | Add participant can be disabled | update |
| Update organizer's calendar when meeting is extended | Impersonation can disabled | update |
| Create a new calendar item in room account/user account with book room | Book room can be disabled | add |
| Remove room account calendar item for meeting check in | Meeting Check in can be disabled | delete |
Graph API Specific Permissions
CAUTION: this is an advanced setup and is not supported by UC Workspace. Setting up Graph API using your own app registration requires a solid understanding of Azure Active Directory and Azure App Registration. UC workspace can help with your Azure setup through our paid configuration services.
| Permission | Specific Use | Type of Access | Can be restricted |
| Read and write calendar in all mailboxes (application) | In order to access the room account calendar in Graph API we need this permission. | read and update | It can be restricted through policies to a limited group of accounts |
| Send mail as a user (delegated) | During change user to send email on behalf of the logged in user or to send email as the room account | call | Can be removed by using a Graph Customer Secret/Certificate and does not use change user |
| Read all users basic profiles (delegated) | Get meeting organizer information for change user | read | Can be removed by using a Graph Customer Secret/Certificate and does not use change user |
| Full Access to Users Calendars (delegated) | Gain access to the signed in user calendar with change user | read and update | Can be removed by using a Graph Customer Secret/Certificate and does not use change user |
| Sign in and read user profile (delgated) | Read profile of signed in changed user | read | Can be removed by using a Graph Customer Secret/Certificate and does not use change user |
| Read all user's profiles (application) | Get meeting organizer information. | read | It can be restricted through policies to a limited group of accounts. |
| Send mail as any user (application) | Send email on behalf of the room account. | call | It can be restricted through policies to a limited group of accounts. |
To configure Azure AD setting for Quicklaunch for Customer Secret/Certificate see the following page: Setting up Graph API
Note: Accessible accounts can be further constrained using the New-ApplicationAccessPolicy in Powershell