Overview of Scope and Permissions

The integration of Azure Enterprise Application with webCRM is designed to be secure and efficient, adhering to strict permission scopes while providing robust functionality for email and calendar management.

These scopes ensure that webCRM can interact with the required Microsoft services without granting excessive permissions, thus maintaining a secure environment.

Current Scopes

Exchange Access via EWS: https://outlook.office.com/EWS.AccessAsUser.All
- Allows webCRM to access Microsoft Exchange services, including calendars and emails.
Calendar Management via Microsoft Graph: https://graph.microsoft.com/Calendars.ReadWrite
- Used to create and manage calendar meetings, including those with Microsoft Teams links.
SharePoint Document Management: https://graph.microsoft.com/Files.ReadWrite.All
- This allows for an integration with SharePoint for document handling within webCRM.

Access Rights and Impersonation

No additional rights are automatically granted within webCRM or Exchange through these scopes. If the integration utilises impersonation, the connected account must be granted impersonation rights. Alternatively, individual users can log in with their own accounts without additional permissions.

Technical Details on Data Flow

Email Synchronization with EWS

webCRM utilizes the Exchange Web Services (EWS) protocol to interact with Outlook for email retrieval and management. This choice supports compatibility with both Office 365 and on-premise Exchange installations, providing a unified logic for email operations.

EWS Protocol Overview:

Learn More about EWS and Exchange Architecture

Calendar Synchronization

Calendar Event Creation

Meetings are created in Microsoft Exchange and the details are then pushed to webCRM. This process involves several key operations:

Syncing Calendar Updates:
- webCRM uses the SyncFolderItems operation from the WellKnownFolderName.Calendar to track and sync changes to a user’s calendar.
- Detailed SyncFolderItems Operation
Push Notifications Subscription:
- webCRM subscribes to push notifications for the calendar folder in Exchange.
- When a meeting is created, updated, or deleted, a notification is received.
- ExchangeService.SubscribeToPushNotifications Method
Meeting Creation from webCRM:
- The Save method on the Appointment class is used to create a meeting in Outlook.
- This triggers a push notification to which webCRM is subscribed, prompting it to sync the newly created appointment back to webCRM.
- Appointment.Save Method

Observations on Data Security

During the synchronization process, webCRM ensures that only the calendar information of the particular user account involved is accessed, mitigating the risk of exposing entire organizational calendars.