Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

Prerequisites

For VSM to receive data from Microsoft Teams you will need an a VSM Virtual Collector Administeredadministered. Details on adding a VSM Virtual Collector can be found found here.

Azure Active Directory Configuration

...

  • New APP Registration
  • Assign right the appropriate API Permission to the new APP
  • Generate Shared secret Key

...

Directory > Directory.Read.All Permission

Reports > Reports.Read.All

ServiceHealth > ServiceHealth.Read.All

TeamMember > TeamMember.Read.All

TeamworkDevice > TeamWorkDevice.Read.All


Image Added

Image Added

Image Added


The following page will appear

Image RemovedImage Added


Click on the 'Grant admin consent' tab to grant permission for newly created Application

Image RemovedImage Added


Once Granted the following will be displayedImage Removed

Image Added

Authentication

There are two supported authentication methods for MS Teams data collection:

  • Shared Secret
  • Certificate

You can use whichever authentication you prefer, and you can change between the type of authentication method if required.

Generate Shared Secret

Navigate to and click on 'Certificates & secrets'

...

FieldValue
DescriptionEnter description for the client secret
Expires The maximum length is 24 months , make sure to renew the cient client secret when it expires otherwise VSM won't be able to retrieve MS Teams Calls information 

...

Take note of Secret Value and Secret ID as it will disappear when you navigate away from the page , The value in the field Value is the value that is going to be added to VSM in Shared Secret Field 

Certificate Authentication

For customers who want to use certificate authentication first they must create a certificate or obtain one from a trusted public authority, they need to make sure to have the private key exportable. 

Steps of how to create self signed certificate available here once you have the certificate to use follow these steps:

Navigate to and click on 'Certificates & secrets'

Image Added


Select Upload Certificate

Image Added


Browse the   (Public Key Certificate ) file we created earlier ( (.cer or .crt certificate)and click Add

Image Added


Once Uploaded, it will appear  under the App

Image Added

Update Azure Active Directory Settings

 For Azure AAD To Display identifiable user data data (like UPNs) Navigate to

Admin Center >> Settings >> Org Setting >> Reports >> Uncheck  'Display concealed user, group, and site names in all reports'

Image Added

Web Portal Configuration

Add Microsoft Teams

...

At the bottom of Manage Cloud Services click 'Add Services' 

A The 'Add Service' form will open which you can populate the Microsoft Teams details collected earlier in this document as per the table below

Select the Vendor Microsoft and Service Teams Cloud Service

, Select the Vendor 'Microsoft' and Service 'Teams Cloud Service'

Populate the 'Friendly Name' field with the name you wish VSM to use for this Teams Service.

Populate the Tenant ID, Application ID with the values obtained earlier in this process.

Shared Secret Authentication

Shared Secret field shall be populated with details collected earlier in this process. once populated click 'Add'

Image Added


Certificate Authentication

Select the 'Upload a Certificate' radio button, then click the 'Upload' button

Image Added

Then drag and drop the certificate file or click 'Select the certificate file' to browse and upload the required certificate.

Image Added

Then click the 'Upload' button

Image Added

If your certificate requires a password please enter it in the 'Certificate Password' field.

Image Added

Once the Certificate has uploaded click 'Add'Image Removed


Web Portal - Add Microsoft Teams Field Description

FieldValue
VendorMicrosoft
ServiceTeams Cloud Service
Friendly NameFriendly Name for MS Teams
Tenant Id

Directory (Tenant)ID displayed under the created Application 

Application Id

Application (client) ID displayed under the created Application 

Shared SecretThe value under Client Secret
CertificateClick 'Upload' to upload the private key certificate


Administration of Microsoft Teams in VSM is now complete. You can now optionally configure Line URI data.

Line URI data collection (Optional)

VSM has a facility to collect Line URI data and produce a daily document which contains all users and their associated information including Line URI details. The documents are produced daily at 01:20 UTC.

This document will contain the following fields for each Teams user: InterpretedUserType, DisplayName, Alias, UserPrincipalName, LineURI, Title, Office, City, StateOrProvince. These daily documents are located within 'Files and Folders > Teams Cloud Service'.

To setup data collection select the 'Line URI' tab when creating or editing the Teams Service in 'Manage Cloud Services'.

By default authentication for the Line URI data will be via the Application-based authentication already created, however this will need to have a specific role added to it as detailed below. The alternative to Application-based authentication is to authenticate with a specific user.

Application-based Authentication (Default)

Browse to Azure Portal AD https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade

In the search bar at the top search for 'Microsoft Entra roles and administrators' and then select it.

Image Added


In the search tool search for 'Teams', double click 'Teams  Communications Support Specialist'

Image Added

Click on 'Add Assignments'


Image Added


Search for the previously created App, then check the box next to it. Once done click the 'Add' button at the bottom


Image Added

Image Added

Service Account Authentication (optional)

If you do not wish to use the Application-based authentication a service account will need to be created in Azure AD which has the role of 'Teams  Communications Support Specialist', an existing account with this role can also be used.

In Azure AD click 'New User> Create new user'

Image Added


Populate the new user form, enter a password.

Image Added

Click the 'Assignments' tab, then click 'Add role'.

Image Added

Search the directory roles for 'Teams Communications Support Specialist' and check the box for this.

Image Added

Then click on 'Review +create'  at the bottom left of the screen.

Image Added

Azure AD setting are now complete.

VSM Configuration

Open VSM and navigate to 'Service Desk> Equipment Locations> (right click the Virtual location) >Manage Cloud Services'

Right click the Teams service you wish to add Line URI configuration for, then select 'Edit'.

If you used Application-based authentication simply check the 'Enable Line URI collection' box.

Image Added

If you opted for Service account authentication check the 'Enable Line URI collection' box, then move the radio button to 'Use Service Account' then populate the 'Account' and 'Credential' fields

Image Added


FieldValue
AccountUsername of the service account
CredentialPassword of the service account

Account SKU Id (optional)

If this field is blank, user data for all O365 SkuPartNumber's will be collected. If you wish to limit data collection to users of a specific O365 AccountName and SkuPartNumber then this field will need to be populated..

Note

This is a two part field made up of the ‘AccountName’ and the ‘SKUPartNumber’ in the format Accountname:SkuPartNumber. The AccountName is optional so you can just enter the SkuPartNumber if there is not more than one AccountName for the MS Teams Service


The AccountName and SkuProductNumber can be obtained by an Azure AD administrator for the business, they will need to have the Microsoft Graph PowerShell SDK installed:

Via Powershell run the command: Connect-Graph -scopes Organization.read.all

Image Added

Then run the command Get-MgSubcribedSku, the output of this command will provide you with the AccountName and the SkuPartNumber’s to choose from.

Image Added

Once complete click 'Save'


Site Mappings (Optional)

VMS has a feature that allows custom site names to be added to IP address ranges. Call records with participants in the mapped IP address range will be included under that Custom Site Name in the Microsoft Teams Call Summary dashlet (medium size and larger).

When in the Add or Edit screen for a Microsoft Teams Services select the 'Site Mappings' tab.

Image Added

Enter the IP address range by specifying the starting and ending IP addresses for a Custom Site Name. The format is nnn.nnn.nnn.nnn

  • A maximum of 6 unique Custom Site Names can be entered.
  • The Custom Site Name can be duplicated if multiple IP address ranges are required for a site.
  • Start and End IP address can be the same to allow viewing a single device such as a Microsoft Teams Room.

Once you have populated the fields for a site click the '+ ' button to add it to the list.

Image Added

One you have completed all sites, click the

...

'

...

Save' button.