Prerequisites for connecting Amazon Q Business to Microsoft Exchange - Amazon Q Business

Prerequisites for connecting Amazon Q Business to Microsoft Exchange

In Microsoft Exchange, make sure you have:

  • Created a Microsoft Exchange account in Office 365.

  • Copied your Microsoft 365 tenant ID. You can find your tenant ID in the Properties of your Azure Active Directory Portal. For more information, see Find your Microsoft 365 tenant ID on the Microsoft website.

  • Configured an OAuth 2.0 credential token containing a client ID and client secret.

  • Added the following permissions for the connector application:

    Microsoft Graph Office 365 Exchange Online
    • Mail.Read (Application)

    • Mail.ReadBasic (Application)

    • Mail.ReadBasic.All (Application)

    • Calendars.Read (Application)

    • User.Read.All Application)

    • Contacts.Read (Application)

    • Notes.Read.All (Application)

    • Directory.Read.All (Application)

    • EWS.AccessAsUser.All (Delegated)

    full_access_as_app (Application)

In your AWS account, make sure you have:

  • Created an IAM role for your data source and, if using the Amazon Q API, noted the ARN of the IAM role.

  • Stored your Microsoft Exchange authentication credentials in an AWS Secrets Manager secret and, if using the Amazon Q API, noted the ARN of the secret.

    Note

    If you’re a console user, you can create the IAM role and Secrets Manager secret as part of configuring your Amazon Q application on the console.

For a list of things to consider while configuring your data source, see Data source connector configuration best practices.