To embed an Outlook / Exchange Calendar in WordPress for users that have an enterprise account in your Microsoft Entra ID / Azure AD, you need to update the static API Permissions for your registered application (= App registration) in Microsoft Entra ID / Azure AD.
Perform the following steps to update the API Permissions of the App registration in Microsoft Entra ID / Azure AD.
Go to WP Admin > WPO365 > Single Sign-on, scroll to the section Azure Active Directory and click the link View in Azure Portal to open the App registration’s Overview page in Azure Portal.
- Continue from the Overview page to API Permissions page.
- If you have selected then click + Add a permission and add the following permissions:
- Users as Calendar source: Microsoft Graph > Delegated permissions > Calendars.Read
- Groups as Calendar source: Microsoft Graph > Delegated permissions > Group.Read.All
A delegated permission such as Calendars.Read gives WPO365 permissions to read data from any group or user calendar in Exchange in a security-trimmed fashion. This means that WPO365 can only successfully request data from calendars where the user has been given access. If a user is not allowed to access the calendar, WPO365 will receive a response, indicating that items cannot be retrieved, and that access is forbidden.
- After you updated the API Permissions, you must still grant your consent as an administrator of your tenant, using the corresponding link-button.
In case the link to Grant admin consent … appears greyed out, it means that you do not have sufficient permissions. In that case you must ask a Global Administrator in your organization to grant admin consent instead.