Microsoft Office 365 provides institutions with a collection of enterprise-grade communication and productivity services. Depending on the license chosen, these services may include Exchange Online, SharePoint Online, OneNote, Lync Online, and Office Professional Plus.
Through their integration solutions, Brightspace and Microsoft Office 365 services (Email, Calendar, and more) improve how students and teachers interact online. Institutions can choose any of the integration solutions appropriate to their users.
Browser consideration for the Microsoft Office 365 widget
User sessions in the Microsoft Office 365 widget are saved on your Brightspace account and are not tied to your browser session. This avoids having to log in to Office 365 each time that you access Brightspace.
When logging in from your browser, the first email address that you use is saved in your cookies. Each subsequent login from your browser session uses this email address. It might be necessary to clear your cache or reset your browser session to log in to the widget using a different email address.
Set up integration for the Microsoft Office 365 widget
To set up your integration of the Microsoft Office 365 widget in Brightspace, you must complete several tasks, which are explained further in the following sections:
- Register Brightspace with Microsoft Azure.
- Enable Microsoft Office 365 in Brightspace.
- Configure Brightspace for the Microsoft Office 365 Plug-in.
- Add the widget to a course or home page.
Register Brightspace with Microsoft Azure
To access secured Microsoft Office 365 services in Brightspace, you need to grant your instance rights to access those services. This is done by registering Brightspace in a Microsoft Azure tenant and then configuring Brightspace with the resulting Client (Application) ID and Key. D2L recommends creating single-tenant instances instead of multi-tenant instances.
Before you begin, ensure that you have your Azure AD authentication information. This authentication information is a user name and password combination.
Refer to Quickstart: Register an application with the Microsoft identity platform for detailed information.
To grant your instance rights to access Microsoft Office 365 services, follow the steps outlined below. Note that this information is intended for those who understand how to navigate Azure cloud (Admin). Contact your System Administrator if you are unsure of how to follow these steps:
- Go to the Azure Portal and log in with your Office 365 credentials.
- In the left pane, select More Services > Azure Active Directory.
- Select App Registrations.
- Select New Registration, and enter an appropriate display name.
- Set the Application type to WebApp / API.
- Set the Redirect URI to your Brightspace Learning Environment URL.
- Click Register, and make note of the ApplicationId that is generated, (this is required later in the process).
- Return to the Authentication screen. Verify the redirect URI. Under the Implicit grant and hybrid flows section, select the check boxes for Access tokens (used for implicit flows) and ID tokens (used for implicit and hybrid flows).
- Click Save.
- Click on the API Permissions page. Select Add a permission.
- Add the Office 365 SharePoint Online (Microsoft.SharePoint) API, and add the delegated permission MyFiles > Read user files. Then click Add permission.
- Add the Microsoft Graph API, and add the delegated permissions Calendars > Read user calendars, Mail > Read user mail, and User > Sign in and read user profile. Click Add permission after each permission selected.
- Ensure that the Grant admin consent for students is selected.
Click Yes.
- From the Authentication page, under Redirect URIs, select Add URI.
- Add /d2l/im/office365/authentication/authenticatereply to the end of your Brightspace Learning Environment URL.
- From the Certificates & secrets page, select New client secret.
- Add an appropriate description, and pick a suitable expiry date. The maximum value is two years.
-
Click Add, and observe the Key that displays under Value.
-
Copy the Value. (it is not visible once this process is complete, and is required in the next steps).
-
Log in to Brightspace, select Admin Tools, and click Config Variable Browser.
-
Navigate to the d2l.Tools.Office365.ClientId configuration variable, and add the ApplicationID from step 7 as the Org Value.
-
Navigate to the d2l.Tools.Office365.ClientSecret configuration variable, and enter the Value you copied in step 19 as the Org Value. Note that the same value needs to be entered in each textbox.
Office 365 Mail, Calendar, and SharePoint Verification
After the Azure tenant is configured, the widget will only work if all of the services it is accessing are configured. The widget accesses Office 365 Mail, Calendar, and SharePoint, which must all be available when you sign in for the widget to work. User accounts can sometimes take time to set up these services, so it is important for a user to first verify that they can access them within Office 365.
API Calls
The Office 365 widget makes client and server-side calls to the Microsoft Office 365 APIs to authenticate and retrieve user information from a user's email, calendar, and OneDrive account.
Note: These requests are determined by Microsoft and are subject to change if the APIs change.
Client-side
The requests made on the client-side in the browser are:
Server-side
The requests made on the server-side are:
The last URL for the SharePoint calls is returned to the Brightspace platform from the previous Microsoft calls. Each organization's tenant may be different, and each user's site path may be different. Refer to https://msdn.microsoft.com/en-us/office/office365/api/files-rest-operations for more information.