After Installing the Connector you can connect and create a Data Source for data in Microsoft Exchange.

Setting Up a Data Source

Complete the following steps to connect to the data:

1. Under Connect | To a Server, click More....
2. Select the data source called Microsoft Exchange by CData.
3. Enter the information required for the connection.
4. Click Sign In.
5. If necessary, select a Database and Schema to discover what tables and views are available.

Using the Connection Builder

The connector makes the most common connection properties available directly in Tableau. However, it can be difficult to use if you need to use more advanced settings or need to troubleshoot connection issues. The connector includes a separate connection builder that allows you to create and test connections outside of Tableau.

There are two ways to access the connection builder:

• On Windows, use a shortcut called Connection Builder in the Start menu, under the CData Tableau Connector for Microsoft Exchange folder.
• You can also start the connection builder by going to the driver install directory and running the .jar file in the lib directory.

In the connection builder, you can set values for connection properties and click Test Connection to validate that they work. You can also use the Copy to Clipboard button to save the connection string. This connection string can be given to the Connection String option included in the connector connection window in Tableau.

Connecting to Microsoft Exchange

There are two schemas available for connecting to Exchange:

• Exchange Web Services (EWS), which is no longer being updated but is still available for both Exchange OnPremise and Exchange Online.
  Note: Microsoft recommends that Exchange Online users switch to Microsoft Graph.
• Microsoft Graph

For a look at the data model for each of these schemas, see "Data Model".

To switch between EWS and Microsoft Graph, set Schema to either EWS or MSGraph.

Exchange Online users who still want to use EWS should set Schema to EWS and the Platform to Exchange_Online.

Exchange OnPremise

Microsoft Exchange OnPremise defaults set User, Password, and AuthScheme to support Basic authentication. However, OnPremise also supports authentication via Windows (NTLM), Kerberos (described below) and deletation.

Exchange Online

Exchange Online supports authentication via OAuth, as described below. (Azure AD and Azure Service Principal also use custom OAuth applications for authentication.)

If you are connecting to Exchange Online platform through EWS, set AuthScheme to AzureAD, AzureServicePrincipal, or AzureMSI.

If you connect to Exchange Online through Microsoft Graph, set Schema to MSGraph. When Schema is set to MSGraph, the Platform is ignored.

Authenticating to Microsoft Exchange

Microsoft Exchange supports authentication using OAuth (Azure AD and Azure Service Principal), Managed Service Identity (MSI), or Kerberos.

OAuth

Azure AD and Azure Service Principal both require OAuth-based authentication.

Azure AD

Azure AD is Microsoft’s multi-tenant, cloud-based directory and identity management service. It is user-based authentication that requires that you set AuthScheme to AzureAD.

Microsoft Exchange provides embedded OAuth credentials that simplify connection from a Desktop application . To connect from a Web application, you must create a custom OAuth application, as described in Creating a Custom OAuth Application.

To connect via OAuth from all authentication flows, you must set AuthScheme to OAuth.

The following subsections describe how to authenticate to Microsoft Exchange from all applicable auth flows. For information about how to create a custom OAuth application, and why you might want to create one even for auth flows that already have embedded OAuth credentials, see Creating a Custom OAuth Application. For a complete list of connection string properties available in Microsoft Exchange, see Connection.

Desktop Applications

CData provides an embedded OAuth application that simplifies authentication at the desktop; that is, in situations where the user is using a local server not connected to the internet.

You can also authenticate from the desktop via a custom OAuth application, which you configure and register at the Microsoft Exchange console. For further information, see Creating a Custom OAuth Application.

Before you connect, set the following variables:

• InitiateOAuth: GETANDREFRESH. Used to automatically get and refresh the OAuthAccessToken. CData provides an embedded OAuth application that simplifies authentication at the desktop; that is, in situations where the user is using a local server not connected to the internet.

  You can also authenticate from the desktop via a custom OAuth application, which you configure and register at the Microsoft Exchange console. For further information, see Creating a Custom OAuth Application.

• Custom Azure AD applications only:
  • OAuthClientId: The client Id assigned when you registered your custom OAuth application.
  • OAuthClientSecret: The client secret assigned when you registered your custom OAuth application.
  • CallbackURL: The redirect URI defined when you registered your custom OAuth application.

When you connect, the connector opens the Microsoft Exchange'sOAuth endpoint in your default browser. Log in and grant permissions to the application. The connector then completes the OAuth process:

1. Extracts the access token from the callback URL and authenticates requests.
2. Obtains a new access token when the old one expires.
3. Saves OAuth values in OAuthSettingsLocation. These values persist across connections.

When the access token expires, the connector refreshes it automatically.

Azure Service Principal

Azure Service Principal is role-based application-based authentication. This means that authentication is done per application, rather than per user. All tasks taken by the application are executed without a default user context, but based on the assigned roles. The application access to the resources is controlled through the assigned roles' permissions.

For information about how to set up Azure Service Principal authentication, see Creating a Custom OAuth Application.

Authenticating via Client Secret

OAuth supports the use of client credentials to authenticate. In a client credentials OAuth flow, credentials are created for the authenticating application itself. The auth flow acts just like the usual auth flow except that there is no prompt for an associated user to provide credentials. All tasks accepted by the application are executed outside of the context of a default user.

Note: Since the embedded OAuth credentials authenticate on a per-user basis, you cannot use them in a client OAuth flow. You must always create a custom OAuth application to use client credentials.

Authentication via client credentials requires the use of a custom OAuth application. For further information, see Creating a Custom OAuth Application.

After you set these parameters, you are ready to connect.

• AuthScheme: AzureServicePrincipal.
• InitiateOAuth: GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken.
• AzureTenant: The tenant you wish to connect to.
• OAuthGrantType: CLIENT.
• OAuthClientId: The client Id in your application settings.
• OAuthClientSecret: The client secret in your application settings.

Authentication with client credentials takes place automatically, just like any other connection, except that no window opens to prompt the user to log in. Because there is no user context, there is no need for a browser popup. Connections are made and handled internally.

Managed Service Identity (MSI)

If you are running Microsoft Exchange on an Azure VM and want to leverage MSI to connect, set AuthScheme to AzureMSI.

User-Managed Identities

To obtain a token for a managed identity, use the OAuthClientId property to specify the managed identity's "client_id".

When your VM has multiple user-assigned managed identities, you must also specify OAuthClientId.

Kerberos

Authenticating to Microsoft Exchange via Kerberos requires you to define authentication properties and to choose how Kerberos should retrieve authentication tickets.

To authenticate to Microsoft Exchange using Kerberos, set these properties:

• hive.server2.authentication: Kerberos.
• AuthScheme: NEGOTIATE.
• KerberosKDC: The host name or IP Address of your Kerberos KDC machine.
• KerberosRealm: The realm of the Microsoft Exchange Kerberos principal. Find this value immediately after the '@' symbol of the principal value.
• KerberosSPN: The service and host of the Microsoft Exchange Kerberos Principal. Find this value just before the '@' symbol of the principal value.

For further information on how to use Kerberos in an Microsoft Exchange environment, see Using Kerberos.

Next Step

See Using the Connector to create data visualizations.