Prerequisites
For VSM to receive data from Microsoft Teams you will need a VSM Virtual Collector administered. Details on adding a VSM Virtual Collector can be found here.
Azure Active Directory Configuration
VSM uses Graph API to collect data from Microsoft Teams, the following information is required to add Microsoft Teams to VSM:
- Tenant ID
- Application ID
- Shared Secret
In order to obtain the required fields the following steps need to be executed on the Tenant Azure AD
- New APP Registration
- Assign the appropriate API Permission to the new APP
- Generate Shared secret Key
All steps from this point forward require the AAD (Azure Active Directory) user permissions
New App Registration
Browse to Azure Portal AD https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade
Navigate to and click on 'App Registrations'
Click New registration
Enter Application Registration Details using the following table.
Application Registration Table
Field | Value |
---|---|
Name | Enter the name you want to give to your application |
Supported Account Type | Choose Accounts in this organizational directory only (Virsae Group Limited only - Single tenant) |
Redirect URI | Leave Blank |
After creating the Application take note of Application (Client) ID and Directory (tenant) ID
Assign API Permission to the New APP
Navigate to and click on 'API Permissions'
Click Add a permission
Click on Microsoft Graph
Choose Application Permissions
Choose the following Permissions
Call Records >CallRecords.Read.All permission
Directory > Directory.Read.All Permission
Reports > Reports.Read.All
ServiceHealth > ServiceHealth.Read.All
TeamMember > TeamMember.Read.All
TeamworkDevice > TeamWorkDevice.Read.All
The following page will appear
Click on the 'Grant admin consent' tab to grant permission for newly created Application
Once Granted the following will be displayed
Authentication
There are two supported authentication methods for MS Teams data collection:
- Shared Secret
- Certificate
You can use whichever authentication you prefer, and you can change between the type of authentication method if required.
Generate Shared Secret
Navigate to and click on 'Certificates & secrets'
Click New client secret
Enter Client Secret Information using the following table.
Client Secret Table
Field | Value |
---|---|
Description | Enter description for the client secret |
Expires | The maximum length is 24 months , make sure to renew the client secret when it expires otherwise VSM won't be able to retrieve MS Teams Calls information |
Take note of Secret Value and Secret ID as it will disappear when you navigate away from the page , The value in the field Value is the value that is going to be added to VSM in Shared Secret Field
Certificate Authentication
For customers who want to use certificate authentication first they must create a certificate or obtain one from a trusted public authority, they need to make sure to have the private key exportable.
Steps of how to create self signed certificate available here once you have the certificate to use follow these steps:
Navigate to and click on 'Certificates & secrets'
Select Upload Certificate
Browse the (Public Key Certificate ) file we created earlier ( (.cer or .crt certificate)and click Add
Once Uploaded, it will appear under the App
Update Azure Active Directory Settings
For Azure AAD To Display identifiable user data data (like UPNs) Navigate to
Admin Center >> Settings >> Org Setting >> Reports >> Uncheck 'Display concealed user, group, and site names in all reports'
Web Portal Configuration
Add Microsoft Teams
Log in to the VSM web portal using your VSM credentials and password.
For your customer, select Service Desk > Equipment Locations Right-click on the Equipment Location (Virtual Collector) and select Manage Cloud Services
At the bottom of Manage Cloud Services click 'Add Services'
The 'Add Service' form will open, Select the Vendor 'Microsoft' and Service 'Teams Cloud Service'
Populate the 'Friendly Name' field with the name you wish VSM to use for this Teams Service.
Populate the Tenant ID, Application ID with the values obtained earlier in this process.
Shared Secret Authentication
Shared Secret field shall be populated with details collected earlier in this process. once populated click 'Add'
Certificate Authentication
Select the 'Upload a Certificate' radio button, then click the 'Upload' button
Then drag and drop the certificate file or click 'Select the certificate file' to browse and upload the required certificate.
Then click the 'Upload' button
If your certificate requires a password please enter it in the 'Certificate Password' field.
Once the Certificate has uploaded click 'Add'
Web Portal - Add Microsoft Teams Field Description
Field | Value |
---|---|
Vendor | Microsoft |
Service | Teams Cloud Service |
Friendly Name | Friendly Name for MS Teams |
Tenant Id | Directory (Tenant)ID displayed under the created Application |
Application Id | Application (client) ID displayed under the created Application |
Shared Secret | The value under Client Secret |
Certificate | Click 'Upload' to upload the private key certificate |
Administration of Microsoft Teams in VSM is now complete. You can now optionally configure Line URI data.
Line URI data collection (Optional)
VSM has a facility to collect and provide a daily document which contains all users and their associated information including Line URI details.
This document will contain the following fields for each Teams user: InterpretedUserType, DisplayName, Alias, UserPrincipalName, LineURI, Title, Office, City, StateOrProvince. These daily documents are located within 'Files and Folders > Teams Cloud Service'.
To setup data collection select the 'Line URI' tab when creating or editing the Teams Service in 'Manage Cloud Services'
A service account will need to be created in Azure AD which has the role of 'Teams Administrator', an existing account with this role can also be used:
Create service account
In Azure AD click 'New User> Create new user'
Populate the new user form, enter a password.
Click the 'Assignments' tab, then click 'Add role'.
Search the directory doles for 'Teams Administrator' and check the box for this.
Then click on 'Review +create' at the bottom left of the screen.
Azure AD setting are now complete.
VSM Configuration
Open VSM and navigate to 'Service Desk> Equipment Locations> (right click the Virtual location) >Manage Cloud Services'
Right click the Teams service you wish to add Line URI configuration for, then select 'Edit'. Select the 'Line URI' tab and populate the following fields:
Field | Value |
---|---|
Account | Username of the service account |
Credential | Password of the service account |
Account SKU Id (optional) | If this field is blank user data for all O365 SKU's will be collected. If you wish to limit data collection to users of a specific O365 SKU enter it here. |
Once complete click 'Save'