| Table of Contents |
|---|
General information
BeneVoice Voice for Windows allows your organizations users to synchronize calendar data from Microsoft Exchange server.
BeneVoice Voice for Windows supports two different authentication methods:
...
Users need to use the authentication method supported by your organization’s Exchange server. By default BeneVoice Voice for Windows tries to automatically discover the appropriate method to authenticate. In some cases, like when using older Exchange on-premise servers, the automatic discover might not work and user needs to manually select the authentication method in the Exchange calendar settings in BeneVoice Voice for Windows.
Application migration
Application settings are preserved between version updates so if your organization is updating from BeneDesk old versions of Voice for Windows to BeneVoice for Windows and user has been using the Exchange calendar then the settings should be in the same condition after the update. This means also if you are going to move using the modern authentication and user has had the Exchange settings selected then user needs to change the Exchange calendar settings so that the modern authentication will be in use. Preferred way is to close the Additional settings in the Exchange calendar settings. This will set the Exchange settings in automatic discovery mode and will in most scenarios default to modern authentication.
...
This authentication method that is supported only for the Exchange Online (O365) and Exchange Hybrid on-premise use provides support for users to login with work or school accounts that are tied to the organizations AzureAD directory. With this authentication method the application will receive a authentication token that will be used for the Exchange Web Services connection. Authentication tokens default expire time is 1 hour and it will be refreshed during the application use, but depending on the usage policy set in the organizations AzureAD tenant, users might need to login again if the token gets expired or revoked. When user exits the BeneVoice Voice for Windows, the authentication token will be stored in the local token cache, meaning that next time the application is started the authentication token will be read from the token cache and user is automatically authenticated if the token is still valid. If authentication token is not valid anymore a login screen will be prompted for the user. When user logs out from the BeneVoice Voice for Windows then the token cache that stores the authentication token will be cleared. Effectively meaning that user needs to login again to the Exchange calendar. Modern authentication is implemented using the Microsoft Authentication (MSAL) library.
Setting up Azure tenant for Modern authentication
Application consent
BeneVoice Voice for Windows application needs to be added and consented into the AzureAD tenant when using the modern authentication method. The method for consenting the application into tenant will depend on how the AzureAD Enterprise Applications user consent settings are set.
...
AzureAD Global administrator can consent the application with following ways to the organizations tenant.
Login with the BeneVoice Voice for Windows to the Exchange calendar using your AzureAD Global administrator credentials. The login process will then ask for you to consent the application and the application will be added to the tenants Enterprise Applications. During the consent process you can also select 'Consent of behalf your organization' which means that the application will be consented for the whole organization and not just your admin credentials. If this is selected then the organizations users will not be asked to consent the application anymore.
...
Login with web browser using your AzureAD Global administrator credentials. The login process will then ask for you to consent the application and the application will be added to the tenants Enterprise Applications. For this you will need to know your tenantId where to add the application. The web browser link is as follow https://login.microsoftonline.com/{tenantId}/adminconsent?client_id={appId} where {tenantId} is your AzureAD tenant where the application will be added and {appId} is the BeneVoice Voice for Windows application. After the consent you might see a redirection error page. This is expected because BeneVoice Voice for Windows is configured as a desktop application and not as a web application.
BeneVoice Voice for Windows appId is 7cb1d12a-cffb-425a-8074-0da451d1efed
You might have to make additional configuration in the AzureAD tenant to consent the application for organization users if you did not select 'Consent of behalf your organization' during the login process or it was not available to be selected.
...
During the application consent BeneVoice Voice for Windows will ask the following permissions
...