Why Integration with Microsoft 365 Requires Admin Login: A Comprehensive Guide for DoorDesk Users

At DoorDesk, we strive to make workplace management seamless and efficient. One of the key integrations we offer is with Microsoft 365, enabling features such as calendar syncing, meeting scheduling, and Teams integration. However, integrating Microsoft 365 requires the global admin of your Microsoft tenant to log in and provide consent.

Understandably, this can raise questions and concerns about security and necessity. This blog will explain why admin login is required, address common concerns, and reassure you about the security of the process.

What is Microsoft 365 Integration?

Microsoft 365 integration allows DoorDesk to access specific data and features within your Microsoft account. These include:

• Calendar Syncing: Automatically manage bookings and appointments in Outlook.
• Meeting Room Scheduling: Schedule and manage room availability using shared calendars.
• Microsoft Teams Integration: Create Teams meetings directly from DoorDesk.

To enable these features, DoorDesk requires access to specific Microsoft 365 APIs via the Microsoft Graph API.

Why Does Microsoft 365 Integration Require Admin Login?

1. Granting Permissions to Access Organizational Data

Microsoft uses the OAuth 2.0 protocol for secure integrations. Admin login is required to:

• Grant organization-wide permissions to the app.
• Allow the app to access specific resources like shared calendars, Teams data, or organizational users.

Without admin-level access, DoorDesk cannot interact with shared resources or implement organization-wide features.

2. Accessing Shared Organizational Resources

Certain Microsoft 365 features are shared across your organization, such as:

• Room booking calendars.
• Shared Teams channels.
• Organizational policies and settings.

These shared resources are managed centrally, so only a global admin can authorize access.

3. Compliance with Microsoft’s Security Policies

Microsoft requires global admin consent for apps requesting certain permissions, such as:

• Calendars.ReadWrite: To manage shared calendars.
• OnlineMeetings.ReadWrite: To create Teams meetings.
• Group.ReadWrite.All: To access shared groups or Teams.

This ensures that only authorized apps can access sensitive organizational data.

4. Centralized Control Over Permissions

Admin login ensures that your organization retains centralized control over which apps have access to your Microsoft 365 environment. The admin can:

• Review the exact permissions DoorDesk requests before granting access.
• Revoke permissions at any time via the Azure Portal.

Addressing Common Security Concerns

We understand that requiring admin login for integration may raise security concerns. Here's how we ensure the process is secure:

1. DoorDesk Does Not Store Your Admin Credentials

When you log in, your credentials are entered directly on Microsoft’s secure login page. DoorDesk never sees or stores your email or password.

2. OAuth Tokens, Not Passwords

Once you grant access, Microsoft provides DoorDesk with a secure token to interact with its APIs. This token is limited to the permissions you approve and does not expose your credentials.

3. Transparent Permissions

The admin can review the exact permissions requested during the consent process. For example:

• Access calendars to manage meeting room bookings.
• Create Teams meetings for scheduling.

4. Revocable Access

You remain in control at all times. If you decide to stop using DoorDesk, you can revoke its access via the Azure Portal:

1. Go to Azure Active Directory > Enterprise Applications.
2. Select DoorDesk and click Remove Access.

5. Compliance with Industry Standards

DoorDesk follows industry standards for data security, including:

• GDPR compliance for data protection.
• ISO certifications for security management.
• Use of SSL encryption for all communications.

Benefits of Admin-Approved Integration

Despite requiring admin consent, the benefits of Microsoft 365 integration far outweigh the concerns:

1. Seamless Calendar and Teams Integration

• Automatically sync meeting room bookings with Outlook calendars.
• Create and manage Teams meetings directly from DoorDesk.

2. Improved Productivity

• Save time by automating meeting room scheduling and reducing conflicts.
• Enable employees to focus on work instead of administrative tasks.

3. Centralized Management

• Ensure all meeting rooms, shared spaces, and Teams channels are managed from a single platform.

4. Enhanced Security

By requiring admin consent, Microsoft ensures that only authorized apps can access your organizational data.

Frequently Asked Questions

1. Why can’t I use a non-admin account?

Non-admin accounts lack the necessary permissions to grant organization-wide access. For example, only admins can allow apps to access shared calendars or manage Teams channels.

2. Can I use a service account instead?

Yes! If you’re concerned about using a global admin account, you can create a dedicated service account in Azure AD with limited permissions for DoorDesk integration.

3. What if we stop using DoorDesk?

You can revoke DoorDesk’s access at any time through the Azure Portal.

Conclusion

Requiring an admin login for Microsoft 365 integration ensures that DoorDesk operates securely and effectively within your organization. It provides centralized control, transparency, and adherence to Microsoft’s security policies.

At DoorDesk, we are committed to providing a secure and seamless integration experience. If you have additional questions or concerns, feel free to contact our support team.

By understanding the reasons behind admin login requirements and the measures we take to ensure security, we hope you feel confident integrating DoorDesk with Microsoft 365.