Table of Contents |
---|
...
Prerequisites
For VSM to receive data from Microsoft Teams you will need an a VSM Virtual Collector Administeredadministered. Details on adding a VSM Virtual Collector can be found found here.
Azure Active Directory Configuration
...
- New APP Registration
- Assign right the appropriate API Permission to the new APP
- Generate Shared secret Key
...
Directory > Directory.Read.All Permission
Reports > Reports.Read.All
ServiceHealth > ServiceHealth.Read.All
TeamMember > TeamMember.Read.All
TeamworkDevice > TeamWorkDevice.Read.All
The following page will appear
Click on the 'Grant admin consent' tab to grant permission for newly created Application
Once Granted the following will be displayed
Authentication
There are two supported authentication methods for MS Teams data collection:
- Shared Secret
- Certificate
You can use whichever authentication you prefer, and you can change between the type of authentication method if required.
Generate Shared Secret
Navigate to and click on 'Certificates & secrets'
...
Field | Value |
---|---|
Description | Enter description for the client secret |
Expires | The maximum length is 24 months , make sure to renew the cient client secret when it expires otherwise VSM won't be able to retrieve MS Teams Calls information |
...
Take note of Secret Value and Secret ID as it will disappear when you navigate away from the page , The value in the field Value is the value that is going to be added to VSM in Shared Secret Field
Certificate Authentication
For customers who want to use certificate authentication first they must create a certificate or obtain one from a trusted public authority, they need to make sure to have the private key exportable.
Steps of how to create self signed certificate available here once you have the certificate to use follow these steps:
Navigate to and click on 'Certificates & secrets'
Select Upload Certificate
Browse the (Public Key Certificate ) file we created earlier ( (.cer or .crt certificate)and click Add
Once Uploaded, it will appear under the App
Update Azure Active Directory Settings
For Azure AAD To Display identifiable user data data (like UPNs) Navigate to
Admin Center >> Settings >> Org Setting >> Reports >> Uncheck 'Display concealed user, group, and site names in all reports'
Web Portal Configuration
Add Microsoft Teams
...
At the bottom of Manage Cloud Services click 'Add Services'
A The 'Add Service' form will open which you can populate the Microsoft Teams details collected earlier in this document as per the table below
Select the Vendor Microsoft and Service Teams Cloud Service
, Select the Vendor 'Microsoft' and Service 'Teams Cloud Service'
Populate the 'Friendly Name' field with the name you wish VSM to use for this Teams Service.
Populate the Tenant ID, Application ID with the values obtained earlier in this process.
Shared Secret Authentication
Shared Secret field shall be populated with details collected earlier in this process. once populated click 'Add'
Certificate Authentication
Select the 'Upload a Certificate' radio button, then click the 'Upload' button
Then drag and drop the certificate file or click 'Select the certificate file' to browse and upload the required certificate.
Then click the 'Upload' button
If your certificate requires a password please enter it in the 'Certificate Password' field.
Once the Certificate has uploaded click 'Add'
Web Portal - Add Microsoft Teams Field Description
Field | Value |
---|---|
Vendor | Microsoft |
Service | Teams Cloud Service |
Friendly Name | Friendly Name for MS Teams |
Tenant Id | Directory (Tenant)ID displayed under the created Application |
Application Id | Application (client) ID displayed under the created Application |
Shared Secret | The value under Client Secret |
Certificate | Click 'Upload' to upload the private key certificate |
Administration of Microsoft Teams in VSM is now complete. You can now optionally configure Line URI data.
Line URI data collection (Optional)
VSM has a facility to collect Line URI data and produce a daily document which contains all users and their associated information including Line URI details. The documents are produced daily at 01:20 UTC.
This document will contain the following fields for each Teams user: InterpretedUserType, DisplayName, Alias, UserPrincipalName, LineURI, Title, Office, City, StateOrProvince. These daily documents are located within 'Files and Folders > Teams Cloud Service'.
To setup data collection select the 'Line URI' tab when creating or editing the Teams Service in 'Manage Cloud Services'.
By default authentication for the Line URI data will be via the Application-based authentication already created, however this will need to have a specific role added to it as detailed below. The alternative to Application-based authentication is to authenticate with a specific user.
Application-based Authentication (Default)
Browse to Azure Portal AD https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade
In the search bar at the top search for 'Microsoft Entra roles and administrators' and then select it.
In the search tool search for 'Teams', double click 'Teams Communications Support Specialist'
Click on 'Add Assignments'
Search for the previously created App, then check the box next to it. Once done click the 'Add' button at the bottom
Service Account Authentication (optional)
If you do not wish to use the Application-based authentication a service account will need to be created in Azure AD which has the role of 'Teams Communications Support Specialist', an existing account with this role can also be used.
In Azure AD click 'New User> Create new user'
Populate the new user form, enter a password.
Click the 'Assignments' tab, then click 'Add role'.
Search the directory roles for 'Teams Communications Support Specialist' and check the box for this.
Then click on 'Review +create' at the bottom left of the screen.
Azure AD setting are now complete.
VSM Configuration
Open VSM and navigate to 'Service Desk> Equipment Locations> (right click the Virtual location) >Manage Cloud Services'
Right click the Teams service you wish to add Line URI configuration for, then select 'Edit'.
If you used Application-based authentication simply check the 'Enable Line URI collection' box.
If you opted for Service account authentication check the 'Enable Line URI collection' box, then move the radio button to 'Use Service Account' then populate the 'Account' and 'Credential' fields
Field | Value |
---|---|
Account | Username of the service account |
Credential | Password of the service account |
Account SKU Id (optional)
If this field is blank, user data for all O365 SkuPartNumber's will be collected. If you wish to limit data collection to users of a specific O365 AccountName and SkuPartNumber then this field will need to be populated..
Note |
---|
This is a two part field made up of the ‘AccountName’ and the ‘SKUPartNumber’ in the format Accountname:SkuPartNumber. The AccountName is optional so you can just enter the SkuPartNumber if there is not more than one AccountName for the MS Teams Service |
The AccountName and SkuProductNumber can be obtained by an Azure AD administrator for the business, they will need to have the Microsoft Graph PowerShell SDK installed:
Via Powershell run the command: Connect-Graph -scopes Organization.read.all
Then run the command Get-MgSubcribedSku, the output of this command will provide you with the AccountName and the SkuPartNumber’s to choose from.
Once complete click 'Save'
Site Mappings (Optional)
VMS has a feature that allows custom site names to be added to IP address ranges. Call records with participants in the mapped IP address range will be included under that Custom Site Name in the Microsoft Teams Call Summary dashlet (medium size and larger).
When in the Add or Edit screen for a Microsoft Teams Services select the 'Site Mappings' tab.
Enter the IP address range by specifying the starting and ending IP addresses for a Custom Site Name. The format is nnn.nnn.nnn.nnn
- A maximum of 6 unique Custom Site Names can be entered.
- The Custom Site Name can be duplicated if multiple IP address ranges are required for a site.
- Start and End IP address can be the same to allow viewing a single device such as a Microsoft Teams Room.
Once you have populated the fields for a site click the '+ ' button to add it to the list.
One you have completed all sites, click the
...
'
...
Save' button.