Tuesday, October 26, 2021

Microsoft Bookings behind the scenes

Microsoft Bookings is a scheduling tool that provides effective ways to manage your services and schedule appointments for your customers with just a few clicks. Bookings is integrated with your Office 365 calendar to help your customers quickly find available times and avoid double-booking. 

Please note that in order to use Microsoft Bookings it must be enabled for your tenant. Here you can find detailed information to enable Microsoft Bookings.   

Once Bookings is enabled on the tenant, users can start using it.  

If you are new to Bookings please visit this link for Frequently Asked Questions on Microsoft Bookings

 

Demystifying the process 

Let’s spend some time covering what actually happens in the backend when a user creates a Bookings calendar, specifically: 

  • Where the data is stored 
  • How Admins can track/audit events and usage 

 

Where the data is stored: 

Bookings calendar data and other information is stored in the Scheduling mailbox in Exchange Online. This might lead you to wonder what a Scheduling mailbox is, and when is it created? 

 

A scheduling mailbox is the mailbox that gets automatically created in Exchange Online as soon as a user creates a Bookings calendar in Office 365. Scheduling mailbox is where all the relevant information/data about Bookings calendar is stored. This includes 

  • Business information, logo, and working hours added when the booking calendar was created 
  • Relevant staff and services added when the booking calendar was created 
  • All bookings and appointments added to the booking calendar once it was created. 

 

Note- Once the booking calendar/scheduling mailbox is deleted this data is permanently lost and cannot be retrieved. 

 

How Admins can track/audit events and usage  

An Admin can use the below command to list the scheduling mailboxes in your tenant/organization. 

 

Hitesh_sharma_0-1635269366895.png

 

To list the scheduling mailboxes with users who have full access to it you can use the below command; 

Get-Mailbox -RecipientTypeDetails SchedulingMailbox -ResultSize:Unlimited | Get-MailboxPermission |Select-Object Identity,User,AccessRights | Where-Object {($_.user -like '*@*')} 

When a user creates the Bookings calendar, they will receive an email notification like below and a similar kind of notification will be sent to all users who will be added as staff members for this Bookings calendar. 

Hitesh_sharma_1-1635269366902.png

 

 

 

However, if you have enabled “Require Staff Approval” setting at the tenant level than employees added as staff in a bookings calendars will also get an Approve/Reject link in the email notification they receive. 

 

Hitesh_sharma_2-1635269366906.png

 

 

 

This setting is available in the Microsoft 365 admin center under Settings > Org Settings > Bookings. 

 

An Admin can also track the creation of Bookings calendar/Scheduling mailbox using Exchange admin audit logs (look for the New-Schedulingmailbox in the logs and it will also have the name of the user who created it) as shown below. 

 

Hitesh_sharma_3-1635269366903.png

 

 

You can also use the following PowerShell command to fetch these logs; 

Search-AdminAuditLog -Cmdlets New-SchedulingMailbox -StartDate (Get-Date "MM/DD/YYYY ").ToUniversalTime() -EndDate (Get-Date "MM/DD/YYYY").ToUniversalTime() 

Refer the following article for detailed information on Exchange admin audit logs - https://docs.microsoft.com/en-us/exchange/security-and-compliance/exchange-auditing-reports/view-administrator-audit-log 

 

You will notice a corresponding user object created with the name of the booking calendar under Active Users in Ofiice365 Admin center. This new mystery user is simply the new bookings calendar.   

Hitesh_sharma_4-1635269366904.png

 

 

As there is an object being created in O365 directory you will also see the event in Azure audit logs, you will find it was initiated by Microsoft Substrate management which is responsible for provisioning corresponding user objects for the scheduling mailbox that got created for Bookings calendar. 

This can be surprising or might seem like a security concern to several administrators when performing audits for their org/tenant as it shows a mystery user being created without their knowledge, hopefully this mystery will now be solved. 

 

Hitesh_sharma_5-1635269366905.png

 

 

For more details on such unknown actors in Azure audit reports, please refer to the following article- 

https://docs.microsoft.com/en-us/troubleshoot/azure/active-directory/unknown-actors-in-audit-reports 

 

To summarize:  

  • When a user creates a Bookings calendar a scheduling mailbox is created 
  • The data is stored in the scheduling mailbox 
  • Admins can use a series of commands or look at Exchange audit logs to track these events  

We hope you found this information helpful when working with Microsoft Bookings. 

 

Also wanted to thank Bookings engineering team for there review and valuable inputs.

 

Hitesh Sharma

Posted at https://sl.advdat.com/3pFzb7S