How the Hybrid Calendar accesses user calendars
When you first set up the Hybrid Calendar, you need to grant it permission to access Office 365 on behalf of your users. Use an account that can authorize multi-tenant apps (like Global Administrator or Privileged Role Administrator) to grant the permission.
The Hybrid Calendar needs these permissions to do the following actions:
Permission |
Usage |
---|---|
Read and write calendars in all mailboxes. |
|
Sign in and read user profile. |
|
Read and write all user mailbox settings. |
|
Read domains. |
|
When the administrator grants permission for the Hybrid Calendar on behalf of the Office 365 tenant, Webex is notified. This permission enables the Hybrid Calendar to get access tokens from Azure Active Directory (Azure AD) using OAuth 2.0, to authenticate and access user calendars. The Webex cloud does not see or store the administrator login credentials at any point in the process. For more information, see https://docs.microsoft.com/en-us/graph/auth-v2-service.
The Hybrid Calendar uses the Microsoft Graph API to subscribe to changes in users’ calendars, receive notifications for changes made in subscribed users’ calendars, and update meeting invitations with scheduling information when the meeting location field contains keywords such as @webex or @meet, or the meeting body contains a supported video address. The Hybrid Calendar accesses only the calendars of the users that you enable for Hybrid Calendar in the Control Hub.
Webex App follows industry-standard best practices to securely store the Private Key for the application. All meeting details that the service stores are encrypted using Webex App end-to-end encryption. This ensures that only those who are invited to the meeting can see the details. For more information on Webex App encryption, see the Cisco Webex Security and Privacy white paper.
If needed, your Exchange administrator can revoke the Hybrid Calendar access to your Office 365 tenant user calendars from Enterprise Applications in the Azure AD management portal.