Connecting Dash to Microsoft 365 through an Enterprise Application is recommended for most organizations. The setup procedure must be performed by a global administrator in your Microsoft 365 organization. If this is not possible, then you can connect Dash to a service account instead.
Once you have set up your meeting rooms, you will need give Dash access to your Microsoft 365 organization by creating an app registration. A global administrator needs to complete the steps below to create the application, grant it the necessary permissions, and share its credentials with you.
Create a new App registration:
In the App registration section of the Exchange admin center.
Select New registration. Give the registration a useful name (such as 'Dash').
When asked who can use or access this API, select "Accounts in this organizational directory only" and click Register. You do not need to enter a redirect URI.
Add the correct permissions:
You should now be on the overview page of your new app registration. Click on API Permissions in the left-hand navigation menu, and then click Add a permission.
Click on Microsoft Graph then click on Application permissions, and add the following 4 permissions:
When you have added the permissions, your table should look like the illustration, with all permissions being of type 'Application'. If any of them are type 'Delegated' you should remove them and re-add them as 'Application' permissions.
When you have finished adding all the permissions, click Grant admin consent for [your organization] and click Yes. You can find a detailed explanation of how Dash uses each of these permissions at the end of this page.
Generate the client-secret:
Click on Certificates & secrets in the left-hand navigation menu, and then make sure that the Client secrets tab is selected. Click New client secret. Enter a descriptive name (such as "Dash display devices") and choose an expiry time. Make sure to copy the client secret's value, as it will only be available now.
When choosing the expiry time, it is important to be aware that you will need to create a new client secret and set it in Dash when the one you are creating now expires.
Copy the credentials:
Making sure you have noted down the client secret, select the Overview page in the left-hand navigation menu. You should see a number of fields listed in the Essentials section.
Copy the Application (client) ID and Directory (tenant) ID and give them to the person setting up Dash, along with the client secret.
Once you have completed the sharing steps above, you can connect your Microsoft 365 account to Dash. Open Dash and go to Settings (the cog icon in the bottom right of the main display). If this is your first time using Dash, you will be asked to choose a calendar service immediately. If you have used Dash before you should see the name of the calendar service you are currently connected to, and a Change button. Click Change.
You should see a list of calendar services to choose from (Microsoft 365, Google, and your device calendar). Select Microsoft 365 or Microsoft Account and then select "Enterprise Application". On the next screen, enter the credentials you obtained above into the app. It can be helpful to send the credentials electronically to the device first, and then copy+paste them into the fields.
Once you have entered the credentials, click Next and Dash will connect to your Microsoft 365 account and will give you a list of your organization's meeting rooms. For more information on getting Dash set up, please see our Quick start guide.
Dash requires several permissions to function. Below is a list of each permission, and the reason each is required:
Calendars.readWrite - Dash uses this to read your meeting events, create room bookings, and extend or cancel meetings. It is also used to create the meeting in the organizer's calendar, if you allow your users to set the organizer in meetings booked from the display.
Place.Read.All - This is required in order for Dash to discover your room/equipment mailboxes
Organization.Read.All (optional) - Dash displays your organization name on the connection screen to help you identify which account Dash is connected to. If this permission is not granted, Dash will not show the name of the organization you are connected to.
User.Read.All (optional) - Dash uses this permission to search your user directory when setting the organizer for meetings or adding attendees. It is also used to read the default timezone for the meeting room calendar, so that booked meetings show up in the correct timezone for your room. If this permission is not granted, users booking from the display will not be able to set the organizer or add attendees to their meetings. The timezone of meetings booked will be set to the display device's local timezone.
Dash devices communicate directly with Microsoft 365, so none of your sensitive information is shared with us or our servers. The credential information is safely stored in your device's secure storage.
Important: Administrators can configure an application access policy to limit Dash's access to specific mailboxes and not to all the mailboxes in the organization, even if Dash has been granted the application permissions above.