Overview
If your organization uses Microsoft Exchange On-Premise in a hybrid environment, you can still easily connect Bliro with Microsoft Single Sign-On (SSO) and Outlook calendar integration.
This guide explains step-by-step how to set up Bliro in a hybrid Exchange environment — a combination of on-premise Exchange Server and Exchange Online / Entra ID (Azure AD).
With this setup, you’ll achieve:
Sign in to Bliro using your Microsoft account
Access to Outlook calendars via Microsoft Graph
Secure authentication with Multi-Factor Authentication (MFA)
Prerequisites
Before you begin, make sure the following requirements are met:
Exchange Hybrid Setup
Your environment uses the Exchange Hybrid Configuration Wizard (HCW) to connect Exchange On-Premise with Exchange Online.
This allows user mailboxes to be hosted in the cloud while local systems (e.g., printers, scanners, or internal services) can still send via an on-prem SMTP relay.
Entra ID (formerly Azure AD)
Your local Active Directory (AD) is synchronized with Entra ID using Azure AD Connect or Entra Connect Sync.
This means that user accounts exist in Entra ID, can sign in there, and MFA can be enabled through Entra ID if desired.
Admin Rights in Entra ID
You need an account with sufficient permissions to:
Create app registrations
Grant API permissions for calendar data
Manage user access to the Bliro app
Step-by-Step Setup
1. Enable Microsoft Sign-In in Bliro
Open the Bliro Admin Dashboard → Integrations → SSO / Microsoft
Click “Connect with Microsoft”
Sign in using an Entra ID admin account
Accept the requested permissions:
openid, email, profile → for sign-in
Calendars.Read → for Outlook calendar integration
After successful setup, Bliro will automatically appear as an Enterprise Application in your Entra ID tenant.
2. Enable Outlook Calendar Integration
Bliro uses the Microsoft Graph API for all calendar functions.
This means that even in hybrid environments, calendar access happens via Exchange Online — not directly on On-Premise mailboxes.
Scenario A – Mailboxes already in Exchange Online
No further action is required.Bliro can directly access calendar data via Microsoft Graph.
Scenario B – Mailboxes still On-Premise
For users with local mailboxes, there are two possible options:
Option 1: Migrate Individual Mailboxes
Migrate the mailboxes of employees who should use Bliro to Exchange Online.
Advantages:
Full support for the Microsoft Graph API
No additional configuration required
Access to calendar data through the cloud
Recommendation:
This option is the only way to use Bliro’s calendar features fully.
Option 2: Hybrid Modern Authentication (HMA)
If migration is not yet possible, you can enable Hybrid Modern Authentication (HMA) to allow modern authentication (OAuth / MFA) for on-prem mailboxes.
Minimum Version Requirements:
Exchange Server 2016 CU21 or
Exchange Server 2019 CU10
Command in Exchange Management Shell:
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
This allows users to authenticate using their Microsoft (Entra ID) account.
Important:
Hybrid Modern Auth only affects authentication — not data access.
The Microsoft Graph API cannot access on-prem Exchange mailboxes, even if HMA is enabled.
Conclusion
In a hybrid Exchange environment, Bliro can easily integrate with Entra ID (Azure AD) for SSO.
However, Outlook calendar integration via Microsoft Graph only works if user mailboxes are hosted in Exchange Online.
In summary:
Microsoft SSO sign-in works in all hybrid scenarios
Calendar integration via Microsoft Graph only works with cloud mailboxes
On-prem mailboxes must be migrated to make calendar data available in Bliro
Hybrid Modern Auth is optional for MFA and modern sign-in, but does not replace migration