Summary

The Hybrid Calendar provides a rich collaboration experience between Cisco Webex Meetings and Webex App with Office 365, for users and rooms.

Currently, the integration provides the following major features:

  1. Provide end users the ability to schedule a collaboration meeting with any calendar client connected to Office 365 without having to install plug-ins or extensions. Just type a keyword into the Location field (for example, @webex or @meet) or put a SIP URI or meeting address into the meeting body.

  2. Show a meetings list in users' Webex App applications—desktop, mobile, and hard endpoints.

  3. Pop up a notification with a Join button, also known as One Button to Push (OBTP).

  4. Update a user’s Webex App presence status when the user sets up automatic replies in Office 365 (sometimes referred to as out-of-office status).

This article gives an overview of how the cloud-based Hybrid Calendar Service integrates the Office 365 cloud with the Webex cloud to provide these features.

For similar overviews of the other Hybrid Calendar Service integrations, see the following articles:

For the latest feature and deployment information, see https:/​/​www.cisco.com/​go/​hybrid-services-calendar.

Data handling

The Calendar Service receives meeting details from the calendar system and parses the meeting location and body for URIs and URLs that can be used to join the meetings. The service uses other information, such as start and end time and invitees, to populate the meetings list in the Webex App app and on certain devices, and to provide One Button to Push (OBTP). At no point does the service store or send unencrypted sensitive data such as meeting description, meeting body, or email addresses of invitees. That data is sent encrypted to the Webex cloud (and stored there in encrypted form) for the purposes of providing the meetings list and OBTP.

For data encryption, the Calendar Service uses the same Webex cloud encryption service that the Webex App app uses. As such, key management is provided either by the cloud Key Management Server (KMS), or, if you choose to deploy Hybrid Data Security, by your own on-premises KMS. (For more details, see the Webex App Security Paper.)

Office 365 tenant support

Note the following considerations for your Office 365 tenant:

  • We currently only support a single Office 365 tenant per Cisco Webex organization.

  • We only support the Worldwide instance of Office 365. (Other instances which we do not support include USGovDoD, USGovGCCHigh, China and Germany.)

  • Although your tenant may use Multi-Geo Capabilities in Office 365 to store data in a chosen geography, Cisco Webex stores data according to its own data residency specifications based on the country designated for the customer organization. For more information, see https://www.cisco.com/go/webex-teams-locality.

Authentication and authorization during deployment

The Hybrid Calendar Service uses Microsoft Graph Authorization to access users' calendars within an organization.

Application authentication process

During provisioning, the Global administrator of the Office 365 tenant grants the permissions that the Hybrid Calendar Service requires for the functionality that it provides.

Provisioning grants the Hybrid Calendar Service the following required permissions:

Permission

Usage

Read and write calendars in all mailboxes.

  • Update the meeting text with the join details.

Sign in and read user profile.

  • Required for the other permissions listed. The Hybrid Calendar Service does not use it directly.

Read and write all user mailbox settings.

  • Determine the user's language for localization purposes.

  • Read out-of-office status.

  • Set out-of-office status (reserved for future use.)

Read domains.

Reserved for future use.

In Cisco Webex Control Hub, only administrators with privileged access can set up the Hybrid Calendar Service for a customer's organization. The provisioning process requires authentication and consent by a Global administrator for the Office 365 tenant to which your users belong.

The flow includes the following high-level steps:

  1. The administrator signs in to the Cisco Webex Control Hub and starts the Hybrid Calendar Service with Office 365 setup.

  2. The Hybrid Calendar Service redirects the browser to the Office 365 cloud for authentication and consent.

  3. The Global administrator for the Office 365 tenant signs in.

    Once signed in, the administrator sees the application permission details (vendor name, necessary permissions, and so on).

  4. The administrator agrees to give access to the Hybrid Services application for user calendars.

  5. The administrator can enter a test email address, then confirms the permissions.

  6. Depending on the results of the test, the administrator gets an updated success or failure indication.

Provisioning process

Hybrid Calendar Service in the Microsoft Azure portal

Once you have authorized the Hybrid Calendar Service to access your Office 365 tenant, you can see it in the enterprise applications list in the Microsoft Azure Active Directory admin center.

Click the service name, Webex Calendar Service, to see the permissions that have been granted to the service.

Limit the application scope to specific mailboxes

When you set up the Hybrid Calendar Service, we request authorization for the entire organization. Microsoft Azure allows you to limit the scope to specific mailboxes either before or after provisioning.

Use the Microsoft documentation to limit the scope. For example, see https://docs.microsoft.com/en-us/graph/auth-limit-mailbox-access for steps to limit the scope before provisioning the Hybrid Calendar Service.

Ongoing operations

The Calendar Service uses the Microsoft Graph API to access Office 365 calendar events. This API supports a broad range of operations with Office 365. However, the Calendar Service only uses a subset of commands that are related to calendar use cases.

Table 1. Operations currently used by Hybrid Calendar Services

Graph operation

Usage

POST /users/{id | userPrincipalName}/calendar/events

Add an event or meeting to a user's calendar.

GET /users/{id | userPrincipalName}/events/{id}

Retrieve details about a single event in a user's calendar.

GET /users/{id | userPrincipalName}/calendar/events/{id}/instances? startDateTime={start_datetime}&endDateTime={end_datetime}

Get the occurrences of a recurring meeting for a specified time range.

GET /users/{id | userPrincipalName}/calendar/events

Retrieve details about events in a user's calendar folder.

POST /subscriptions

Subscribe for notifications on changes to a user's calendar.

GET /users/{id|userPrincipalName}/mailboxSettings

Get a user's locale and out-of-office status.

DELETE /subscriptions/{id}

Unsubscribe from notifications on changes to a user's calendar.

PATCH /users/{id | userPrincipalName}/calendar/events/{id}

Update properties of calendar events (including join information and extended properties) in addition to other fields pertaining to the meeting.

POST /users/{id|userPrincipalName}/calendar/getSchedule

Displays the user availability and free/busy status for a specified time range.

DELETE /users/{id | userPrincipalName}/calendar/events/{id}

Deletes an event from a calendar.

POST /users/{id | userPrincipalName}/calendar/events/{id}/{accept | decline | tentativelyAccept}

Allows the user to accept/decline/tentatively-accept the status for a meeting.