Free/Busy Exchange Integration - Technical

1. Feature Purpose (System-Level)

The Free/Busy Exchange Integration provides read-only access to attendee availability from Microsoft 365 (Exchange Online), allowing the system to surface scheduling conflicts and display only available time slots. The integration retrieves free/busy states (Free, Busy, Tentative, Out of Office) but does not read event titles, descriptions, or attendee details.

2. High-Level Flow (System Behavior)

The integration operates in two phases:
Setup Phase:
    Event Cadence provides a unique, account-specific URL that the customer uses to grant consent for accessing their Free/Busy status
    Microsoft 365 administrator or service account grants Cadence permission to access free/busy data
    Cadence securely stores encrypted tokens and uses refresh tokens to maintain long-term access
    Event Cadence verifies the connection and enables the Free/Busy integration in the customer's account
Scheduling Phase:
    Internal user creates appointment and adds attendees
    Cadence uses the stored access token to read free/busy ranges from Microsoft Graph when scheduling appointments
    Conflicting Outlook events appear as "Outlook Event" blocks
    The "Ask Customer" feature only displays available time slots

3. System Diagrams

System Architecture


This element (diagram) isn't supported, or may require an update to be displayed. You can try to refresh the app.

Dependency Map


This element (diagram) isn't supported, or may require an update to be displayed. You can try to refresh the app.

Processing Flow

This element (diagram) isn't supported, or may require an update to be displayed. You can try to refresh the app.

4. Key Components and Data Objects

Platform Components

  • Exchange Integration Service: Microservice hosted at  exchangeintegration.eventcadence.com  for OAuth flow and token management
  • CadenceWeb: Web interface for appointment management with availability viewing
  • CadenceAdmin: Administrative interface for appointment configuration and connectivity status checking
  • CadenceBackend: Central backend service handling appointment logic and free/busy queries
  • Mobile Applications: CadenceIOS and CadenceAndroid for mobile appointment access

Data Objects

  • Appointment Records: Core appointment data with attendees, times, and conflict status
  • Free/Busy Status: Retrieved states including Free, Busy, Tentative, Out of Office
  • Access Tokens: AES-encrypted tokens stored securely with refresh token support
  • Connectivity Status: Integration health monitoring data

Authentication Models

Two authentication options are supported:
    Delegated Administrator Authentication: A Microsoft 365 administrator with sufficient privileges authorizes Cadence to read users' free/busy information
    Service Account Authentication: A dedicated service account configured in the customer's Microsoft 365 tenant with organization-level permission to read calendar free/busy data

Permissions Requested

When authenticating, the Microsoft consent screen displays the following permissions:
  • Maintain access to data you've given it access to → offline_access
  • Sign you in and read your profile → openid, profile
  • Read your calendars →  Calendars.Read  or Calendars.Read.Shared

5. Dependencies and Constraints

External Dependencies

  • Microsoft Graph API: Primary interface for retrieving free/busy data from Exchange Online
  • Office 365 / Exchange Online: Source system for calendar availability data
  • OAuth 2.0 Authentication: Microsoft identity platform for authorization flow

Operational Constraints

Conflict Detection Logic:
  • All-day Outlook events are ignored
  • Outlook Meetings that are 6+ hours in duration are ignored
  • Tentative times in Outlook integration do not display as a conflict
Required Attendees: When internal attendees marked as Required, the system will only present times when all required attendees have no conflicts

Security and Compliance

  • Tokens are AES-encrypted and stored securely
  • Only the minimum required permissions are requested
  • Access is read-only and limited to free/busy states
  • Compliant with Microsoft 365 data protection and Cadence ISO 27001 standards
  • Details of Outlook events are not visible for anyone, including the Calendar item name, attendees, locations, etc. This integration only provides a free or busy status

Ongoing Maintenance Requirements

The integration is designed to operate continuously once authorized, with no recurring maintenance tasks required from the customer on a daily, weekly, or quarterly basis.

Ongoing Operation

After the initial setup:
  • The system automatically uses stored access tokens to read free/busy ranges from Microsoft Graph
  • The integration maintains access through refresh tokens without requiring IT intervention