Skip to main content


Eptura Knowledge Center

Microsoft 365 admin account

About Condeco and the Microsoft 365 admin account

  • A Microsoft 365 admin account is required if you have Exchange rooms.
  • The Microsoft 365 admin account must grant consent for Condeco to use User.Read and Calendars.ReadWrite (see table below).
  • It is a limitation of Exchange that the Microsoft 365 admin account can only grant consent for all calendars, however, the Microsoft 365 service account can be restricted to only read room calendars.

Permissions required

Clicking Accept to the Microsoft permissions popup during the onboard process grants the following access to the Condeco Token Provider application using Microsoft Graph:

Permission Required Description Type Reason
EWS.AccessAsUser.All Access mailboxes as the signed-in user via Exchange Web Services Application This permission is required by the service account having impersonation rights to access mailboxes on behalf of a user.
Calendars.ReadWrite Read and write calendars in all mailboxes. Application This permission is required to create room subscriptions to get notifications of changes in Exchange mailboxes.
User.Read Sign in and read users profile. Delegated This permission is required to log in for AAD user.

Currently, Microsoft does not provide separate permissions for user and room calendars so you must provide Condeco access to all calendars, however, Condeco will only subscribe to the room calendars that are mapped in Condeco.

Exchange Sync home