With Microsoft technology, Federation has become an overused phrase, taking on multiple meanings depending on the product:
- Identity Federation (ADFS)
- Federated Sharing (Exchange Calendars Free/Busy)
- Instant Message Federation (Lync Online)
One technical writer for Microsoft attempted to catalog the various uses of the term and I found it humorous that he failed to mention Lync federation but he got the other ones: http://www.ittakesateam.net/office-365-federation
I’m writing about Federated Calendar Sharing today because I have a customer who is interested in Sharing their free/busy information with another external organization.
So what is Federated Calendar Sharing? And how is it distinct from Internet Calendar sharing?
- “Federated Calendar Sharing enables authenticated access to users’ calendar data, and it is available only between Online and/or on-premises Exchange organizations who have established a Federation Trust with the Microsoft Federation Gateway, which acts as a broker between Federated organizations.
- In the case of both Federated Calendar Sharing and Internet Calendar Sharing, the on-premises or Online Exchange administrator can control with what level of granularity users are able to share calendar data (free/busy only, free/busy with titles/locations, or full calendar details). Administrators can define a Sharing Policy and apply that to the entire org, certain divisions, or even individual users. Within the scope of what the administrator has allowed, a user has the option to publish their data with even less granularity.” – The Exchange Team Blog
This blog article in particular was the most helpful from what I could find on configuring Federated Calendar sharing:
This article is referenced repeatedly as being the how-to guide to setup Federated sharing between an Office 365 tenant and an on-premise Exchange 2010 SP1 organization:
After following all the guides, I kept getting an error message “The attendee’s server couldn’t be found” (Error code: 5039).
Searching for this error resulted in multiple sources suggesting a change to the TargetSharingEpr value. For example:
This apparently shortcuts the lookups to avoid relying on AutoDiscover.
Set-OrganizationRelationship “To on-premise” -TargetSharingEpr externalEWSurl
The value of externalEWSurl is populated from the cmdlet Get-WebServicesVirtualDirectory | FT externalURL
Upon setting that value, the error changed to “You don’t have permission to see free/busy information for this attendee” (Error code:5037).
It turns out that certain environments do not support Federated Calendar If you are attempting to configure Federated Calendar Sharing with an organization that is configured with some users on-premise and other users in the cloud, you will not be able to get free/busy information from the cloud users.
“Exchange organizations that have both on-premises and cloud users If you configure federated sharing with another Exchange organization that is configured in a hybrid deployment with Microsoft Office 365, free/busy availability lookups for Office 365-based or remote users that have been moved to the cloud will fail. Because the organization relationship for your Exchange organization is with the remote on-premises Exchange organization, not the Office 365-based Exchange Online organization, the free/busy request can’t query the Office 365-based users. Exchange 2013doesn’t support functionality to proxy these availability requests through the on-premises organization to the Office 365 service.”
On a side note: Internet Calendar Sharing seems like it would be very useful work-around for this situation, along with scenarios where you want to share your free/busy calendar with friends and family. Configuration does not seem too complicated and involves four steps:
1. Configure the Web proxy URL for the Mailbox server.
2. Enable the publishing virtual directory for the Client Access server.
3. Create a sharing policy specifically for Internet calendar publishing. This policy allows users in your Exchange organization to invite other users who have Internet access to view limited calendar availability information by accessing a published URL.
4. The end-user logs into OWA or Outlook 2010 > Calendar > Publish to Internet
Microsoft created a compatibility matrix that introduces yet another term called “Full Calendar Sharing” which involves an end-user manually inviting another user from a trusted organization to view their calendar. So in other words, there are multiple levels of granularity that you can set this to, depending on the level of trust between the two organizations.