Microsoft Office 365 provides institutions with a collection of enterprise-grade communication and productivity services. Depending on the license chosen, these services may include Exchange Online, SharePoint Online, OneNote, Lync Online, and Office Professional Plus.
Through their integration solutions, Brightspace and Microsoft Office 365 services (Email, Calendar, and more) improve how students and teachers interact online. Institutions can choose any of the integration solutions appropriate to their users.
Browser consideration for the Microsoft Office 365 widget
User sessions in the Microsoft Office 365 widget are saved on your Brightspace account and are not tied to your browser session. This avoids having to log in to Office 365 each time that you access Brightspace.
When logging in from your browser, the first email address that you use is saved in your cookies. Each subsequent login from your browser session uses this email address. It might be necessary to clear your cache or reset your browser session to log in to the widget using a different email address.
Set up integration for the Microsoft Office 365 widget
To set up your integration of the Microsoft Office 365 widget in Brightspace, you must complete several tasks, which are explained further in the following sections:
- Register Brightspace with Microsoft Azure.
- Enable Microsoft Office 365 in Brightspace.
- Configure Brightspace for the Microsoft Office 365 Plug-in.
- Add the widget to a course or home page.
Register Brightspace with Microsoft Azure
To access secured Microsoft Office 365 services in Brightspace, you need to grant your instance rights to access those services. This is done by registering Brightspace in a Microsoft Azure tenant and then configuring Brightspace with the resulting Client (Application) ID and Key. D2L recommends creating single-tenant instances instead of multi-tenant instances.
Before you begin, ensure that you have your Azure AD authentication information. This authentication information is a user name and password combination.
Refer to Integrating applications with Azure Active Directory for detailed information.
To grant your instance rights to access Microsoft Office 365 services, follow the steps outlined below. Note that this information is intended for those who understand how to navigate Azure cloud (Admin). Contact your System Administrator if you are unsure of how to follow these steps:
- Go to the Azure Portal and log in with your Office 365 credentials.
- Using the left pane, select More Services > Azure Active Directory.
- Select App Registrations.
- Select New Application Registration, and set an appropriate display name.
- Set the Application type to WebApp / API.
- Set the Sign-on URL to your Brightspace URL.
- Save the information, and make note of the ApplicationId that is generated, (this is required later in the process).
- From the application base page, click Settings, and select Required Permissions.
- Add the Office 365 SharePoint Online (Microsoft.SharePoint) API, and add the delegated permission Read user files.
- Add the Microsoft Graph API, and add the delegated permissions Read user calendars, and Read user mail.
- Select Microsoft Graph, click Grant Permissions, and click Yes.
- Select Office 365 SharePoint Online, click Grant Permissions, and click Yes.
- Select Windows Azure Active Directory, click Grant Permissions, and click Yes.
- From the application base page, select Reply URLs.
- Add /d2l/im/office365/authentication/authenticatereply to the end of your Brightspace URL.
- From the application base page, select Keys.
- Add an appropriate description, and pick a suitable expiry date.
Click Save, and observe the Key that displays under Value.
Copy the Key (it is not visible once this process is complete, and is required in the next steps).
Log in to Brightspace, select Admin Tools, and click Config Variable Browser.
Navigate to the d2l.Tools.Office365.ClientId configuration variable, and add The ApplicationID from step 8 as the Org Value.
Navigate to the d2l.Tools.Office365.ClientSecret configuration variable, and enter the Key you copied in step 20 as the Org Value.
Office 365 Mail, Calendar, and SharePoint Verification
After the Azure tenant is configured, the widget will only work if all of the services it is accessing are configured. The widget accesses Office 365 Mail, Calendar, and SharePoint, which must all be available when you sign in for the widget to work. User accounts can sometimes take time to set up these services, so it is important for a user to first verify that they can access them within Office 365.
The Office 365 widget makes client and server-side calls to the Microsoft Office 365 APIs to authenticate and retrieve user information from a user's email, calendar, and OneDrive account.
Note: These requests are determined by Microsoft and are subject to change if the APIs change.
The requests made on the client-side in the browser are:
The requests made on the server-side are:
The last URL for the SharePoint calls is returned to the Brightspace platform from the previous Microsoft calls. Each organization's tenant may be different, and each user's site path may be different. Refer to https://msdn.microsoft.com/en-us/office/office365/api/files-rest-operations for more information.