Set up Calendar Interop

Allow Calendar users to see Exchange availability data

Next, set up Microsoft Exchange availability sharing to allow Google Calendar users to view availability information for Exchange calendar users.

If you’re using a Google Workspace domain with an alias, make sure you have set up your user alias domain correctly before continuing. For details, go to Decide whether to use a user alias domain.

Note: Calendar Interop now supports both Basic authentication for Exchange and OAuth 2.0 for Exchange Online (Office 365). Instructions for both authentication methods are included below.

Set up Exchange calendar availability sharing

Open all   |   Close all

Step 1: Set up your Exchange users
  1. Make sure each Exchange user has an Exchange account with an associated mailbox.
  2. Make sure each Exchange user satisfies one of the following requirements:

    Note: You also need to confirm each Exchange user doesn't have a personal Google Account using the domain name of your organization as it can create a conflicting account. Learn more about conflicting accounts.

Turn on full event detail lookups

To use full event detail lookups, check the calendar's visibility when you set up mailboxes. Make sure the calendar's visibility is set to at least limited event details (the default visibility is to expose free/busy information only). Then, the Exchange calendar event details are visible to Google Calendar users.

You can expose limited event details for an individual mailbox using the following command:

Set-MailboxFolderPermission -Identity ($Mailbox.Alias + ':\calendar') -User Default -AccessRights LimitedDetails

For all mailboxes, use this command:

ForEach ($Mailbox in @(Get-Mailbox -ResultSize Unlimited)) {Set-MailboxFolderPermission –Identity ($Mailbox.Alias+’:\calendar’) –User Default –AccessRights LimitedDetails}

Step 2: Turn on Exchange internet connectivity

If you're using Exchange Online, you probably don't need to make any changes, as it can accept connections from the internet by default.

Otherwise, on port 443, turn on inbound internet connectivity so Google Calendar can reach the Exchange server. This step requires a valid SSL certificate issued by a trusted public internet root Certificate Authority. For details on certificates in Exchange server, consult your Microsoft documentation.

If you’re blocking external incoming network traffic, add the following address ranges to your allowlist to permit requests originating from Calendar Interop.

If you use IPv4, add the following IP range to your allowlist: 74.125.88.0/27.

If you use IPv6, add the following IP blocks to your allowlist:

  • 2001:4860:4::/64
  • 2404:6800:4::/64
  • 2607:f8b0:4::/64
  • 2800:3f0:4::/64
  • 2a00:1450:4::/64
  • 2c0f:fb50:4::/64
Step 3: Create an Exchange role account

Create an Exchange role account with the Exchange recipient type set as a user mailbox account. For more information on Exchange recipient types, consult your Microsoft documentation.

The Exchange role account is only used for availability lookups. Google Calendar uses the account to authenticate with your Exchange server to find availability details of Exchange users. For events to be visible to Google Calendar users, events must be shared with this role account.

For details on creating user mailboxes in Exchange server, consult your Microsoft documentation.

Notes:

  • If you have an existing account that you use for organization-wide availability lookups from untrusted forests, you can reuse it.
  • (Basic authentication for Exchange only) To avoid service disruption, it's recommended you turn off password expiration for the role account.
Step 4: (OAuth 2.0 for Exchange Online only) Application set up in the Microsoft Azure portal

To use OAuth 2.0 as your authentication method (required for Exchange Online; not supported for on-premises Exchange), you need to apply several settings to your setup in the Microsoft Azure portal. Follow these steps to set up your instance.

  1. Register the application in the Azure portal by following these steps under ”Register an application” on the Microsoft site.

    Notes:

    • Leave the Supported account types and Redirect URI values at their default settings.
    • Save the Application (client) ID as you'll need it later to set up OAuth 2.0 authentication in Google Workspace.
  2. Add a client secret to set the application’s credentials by following these steps under "Add a client secret" on the Microsoft site.

    Note: The client secret expiration date range is limited to 2 years (24 months) or less. Microsoft recommends you set an expiration value of less than 12 months.

    Important:
    • If the client secret expires, calendar availability lookups from Google Calendar to Exchange Online will stop working. To avoid this scenario, you need to periodically reconfigure it. Consider setting up a recurring reminder.
    • Save your secret value as you'll need it later to set up OAuth 2.0 authentication in Google Workspace. Copy the value now as it's never displayed again after you leave this page.
  3. Add API permissions to your registered application by following these steps under "Add permissions to access your web API" on the Microsoft site.

    Notes:

    1. On the “Request API permissions” page, click the “APIs my organization uses” tab and search for "Office 365 Exchange Online".
    2. Click "Office 365 Exchange Online"and thenApplication permissions”.
    3. Check the “full_access_as_app” box to set the application permissions.
  4. Click the admin consent button for your tenant so the permissions take effect.

Locate the OAuth 2.0 token endpoint (v2)

Besides the Application (client) ID and the client secret, you also need to know your OAuth 2.0 token endpoint. The endpoint looks like this:

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token

where {tenant} is either the friendly domain name of the Azure Active Directory tenant or the tenant's GUID identifier.

To find the token endpoint, follow these steps on the Microsoft site.

Note: Save the OAuth 2.0 token endpoint (v2) as you'll need it later to set up OAuth 2.0 authentication in Google Workspace.

Step 5: Set up the Admin console

Tip: To view previous changes to the Calendar Interop settings, click the Audit log link.

  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. From the Admin console Home page, go to Appsand thenGoogle Workspace and thenCalendar.
  3. Click Calendar Interop management.
  4. Check the Enable Interoperability for Calendar box.
  5. Under Type, select Exchange Web Services (EWS).
  6. Under Exchange Web Services URL, enter the URL of the default Exchange Web Services server endpoint associated with your Exchange server. It's the same Exchange server where you created the role account.

    Notes:

    • Typically, your server’s EWS server URL is most likely https://<Exchange server hostname>/EWS/Exchange.asmx.
    • If you're using Exchange Online, your EWS server URL is most likely https://outlook.office365.com/EWS/Exchange.asmx. Consult your Microsoft documentation for more information.
    • To verify the URL for an on-premises Exchange server, run the following command in Exchange PowerShell:
      Get-WebServicesVirtualDirectory | Select name, *url* | fl
    • If the result set returns multiple URLs, use the ExternalUrl field in the command.
    • If you have multiple Exchange servers under the same domain (for example, you're using a hybrid Exchange/Exchange Online environment) and you want Calendar users to view availability of Exchange users in your entire environment, make sure the EWS server URL is from a server that can access availability for all Exchange users. If you would like to add multiple Exchange servers under different domains, go to step 10.
  7. Under Exchange Role Account, enter the primary SMTP address of the Exchange role account in the username@domain.com format.
  8. Select your authentication method: Basic authentication or OAuth 2.0 client credentials.
  9. Do one of the following actions.
    • When using Basic authentication for Exchange, follow these steps:
      1. Click Enter Password and enter the password for the Exchange role account.
      2. Reenter the password to confirm.
    • When using OAuth 2.0 for Exchange Online, follow these steps:
      1. Under Token endpoint URL, enter the OAuth 2.0 token endpoint URL from your Azure tenant. Learn more
      2. Under Application (client) ID, enter the Application ID assigned to your app during app registration.
      3. Under Client secret, enter the value from the client secret assigned to your app during app registration.
  10. (Optional) To add more Exchange endpoints, follow these steps:
    1. Under Additional Exchange endpoints, click Add New.
    2. Repeat steps 6–9 for each additional endpoint you’d like to add.

      Each new endpoint must have a unique domain not already used by a previously added endpoint (for example, if your organization has multiple subsidiaries or if you want to share calendar availability between trusted external partners).

  11. (Optional) Select the level of detail to share:
    • Check the Show event details box to view event details (title, location, etc.) from Exchange and Calendar.
    • Check the Room booking box to schedule Exchange rooms from Calendar. Note that for it to work, you must also follow the setup steps under Allow Calendar users to book Exchange resources.
    • All Exchange endpoints respect the shared level of details.
  12. Click Save

Next step

Allow Exchange users to see Calendar availability data


Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue

Search
Clear search
Close search
Google apps
Main menu
Search Help Center
true
73010
false