Calendar Sharing – Cross Tenant

So, I have successfully enabled Free/Busy Calendar Sharing across tenants between two organizations, but why are the users still not able to open up each others calendar?

The boring answer to this question is that you probably misunderstood how Free/Busy Calendar Sharing actually work.

Many users will try to open the calendar of other users by adding it to the list of their existing calendars in Outlook. Unfortunately this is NOT the functionality that comes with Free/Busy Calendar Sharing.
So when trying to add the calendar of a user from another Exchange organization, you will probably see something like this error message:

Couldn't open calendar

Couldn’t open calendar
“The calendar for the mailbox you chose can’t be opened. You may not have permission to open this calendar.”

What permission am I missing here? What is the permission that Free/Busy Calendar Sharing does not provide for us?

The answer is the correct MailboxFolderPermission set for the Calendar, like in this example:

Get-MailboxFolderPermission

In this example, user AllanD from the organization M365B502168 has shared his calendar with user AdeleV from organization EMS840558. The user did this himself, “manually”.

As we can see, the user get the prefix ExchangePublishedUser, as it is not an internal user in the organization, but exist on another tenant. Now, the only way to setup this permission, is by the user choosing to share the calendar with an external user themselves. It is NOT possible to set this permission as an admin. If we try to set this up on another user by using:

Add-MailboxFolderPermission -Identity AlexW@M365B502168.onmicrosoft.com:\calendar -User ExchangePublishedUser.AdeleV@EMS840558.onmicrosoft.com -AccessRights Reviewer

(Even without the prefix ExchangePublishedUser)
You will get an error message:

Mailboxfolderpermission

So logically the Free/Busy setup does not configure any MailboxFolderPermission for external users.

The statement I’ve got from Microsoft as of why it is like this, it that its not designed to work this way with Free/Busy, so they recommended to instruct the users on how to use the Free/Busy functionality as it is by design or to work out a workaround.
Since I still have left to come up with a good workaround, I would suggest that users receive training on how to:

  1. Use the Scheduling Assistant
  2. Share their calendar themselves

//xostmoen – Alexander Østmoen

Mandatory TLS in Exchange Online with PowerShell

This is the scenario, you want to enable forced TLS on all messages you send through Office 365 / Exchange Online with a partner Organization.
The quickest way to do this, is by PowerShell.

First, you create a new inbound connector.

New-InboundConnector -Name "Contoso Inbound Connector" -SenderDomains *.contoso.com -RequireTls $true

Second, you create a new outbound connector.

New-OutboundConnector -Name "Contoso Outbound Connector" -RecipientDomains *.contoso.com -TlsSettings CertificateValidation

This enables all the settings you need in Office 365 for requiring only use of TLS on all email messages between your organization and your partner organization.

Of course, the partner organization also need to set up this in their environment as well.

Important to note, it will take some time before this actually is activated in Office 365 after you have created the connectors. From my own experience, it will be working within 15 minutes.

You can test the setup by using tools from this webpage: http://www.checktls.com

//xostmoen – Alexander Østmoen