Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
In order to complete the steps below, you must have Application Administrator or Global administrator role in Azure.
The registration consists of the following steps:
Table of Contents |
---|
If Chat recording and Voice recording will be used at the same time for Microsoft Teams, then a single app can be used for both. In that case, use the configuration steps described in the Registering the Microsoft Teams Bot in Azure article.
Creating an App Registration
Step 1 - Log in to the Azure portal.
Step 2 - Search for App registrations in the search box on the top, then click on the App registrations link under the Services section.
(Alternatively, the App registrations can be also found by opening the hamburger menu in the upper right corner, then selecting the Azure Active Directory, then selecting App registrations in the left panel.)
Step 3 - Click on New Registration.
Step 4 - Provide a name for the App, then at the "Who can use this application or access this API?" section select the "Accounts in any organizational directory (Any Azure AD directory - Multitenant)" option.
Step 5 - Click Register.
Step 6 - Take a note of the Application (client) ID and the Directory (tenant) ID. They will be needed later.
Image Modified
Step 7 - Select the Certificates & secrets menu in the left panel.
Step 8 - Under the Client secrets section, click on the New Client Secret button.
Step 9 - Provide a Description, set when the secret Expires, then click on the Add button.
Step 10 - Take a note of the new Client secret. It will be needed later.
Step 11 - In the left panel, under the Manage section, click on the Authentication menu.
Step 12 - Under the Platform configuration sections, click on the Add a platform button.
Step 13 - In the right panel, select Web.
Step 14 - Provide a Redirect URI. It can be any website. Take a note of the URI provided, it will be needed later.
Step 15 - Click on the Configure button in the bottom.
Configuring permissions to the App
Step 16 - In the left panel, under the Manage section, click on the API permissions menu.
Step 17 - Click on the Add a permission button.
Step 18 - Select Microsoft Graph, then select Application permissions.
Step 19 - Select the following permissions:
User.Read.All
Group.Read.All
Chat.Read.All
ChannelMessage.Read.All
ChannelMember.Read.All
Directory.Read.All
Files.Read.All
Sites.Read.All
Step 20 - Click on the Add permissions button.
Granting admin consent to the permissions
Warning | ||
---|---|---|
| ||
In the case when the recorded Teams environment and the recording bot are in separate Azure tenants, the following steps have to be done using the Tenant ID of the Azure tenant where the Teams environment to record resides, and also using a user that has the Teams Service Admin or Global Admin role in that tenant. In order to gather the Tenant ID for Step 29, you have to log in to the Azure portal of that tenant, then go to the Azure Active Directory. Multi-Tenant configuration:If the same bot is being used in multiple tenants, then the following steps have to be done for each tenants using the guidelines above. |
Step 21 - Build the consent URL. The format is the following:
Code Block |
---|
https://login.microsoftonline.com/{tenant_id}/adminconsent?client_id={microsoft_app_id}&state=12345&redirect_uri={redirect_uri} |
Replace the {tenant_id} part with the Directory (tenant) ID and the {microsoft_app_id} part with the Application (client) ID from Step 6. Replace {redirect_uri} part with the URI from Step 14.
Step 22 - Copy the previously created consent URL into the browser, then hit enter. Log in with a Teams Service Admin or Global Admin user of the Azure tenant where the Teams environment to record resides. Click on the Accept button. The page will redirect to the webpage provided in the Redirect URI setting.
Protected API Access for Chat Recording
If the same App Registration will be used for Chat recording also, then the following form has to be sent:
https://aka.ms/teamsgraph/requestaccess
At the Data Retention setting select “It is obvious to any admin installing this app that it will make a copy of Microsoft Teams messages”. On the second page, leave the URLs empty.
Panel | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||
The Microsoft Teams Bot can be also registered using Azure CLI and PowerShell commands. Step 1 - Download and install the Azure CLI. Step 2 - Open PowerShell and log in to Azure using the az login command. For example:
Step 3 - Create the App registration using the az ad app create command. Provide an App secret also. When it is done, take a note of the App Id; it will be needed in the later commands, in Verba configuration, and in the Teams recording policy.
Step 4 (Optional) - Assign an user to the App registration as owner using the az ad app owner add command:
Step 5 - Add permissions to the App registration using the az ad app permission add command:
Step 6 - Grant admin consent using the az ad app permission admin-consent command:
Step 7 - The protected API access has to be requested. See Protected API Access for Chat Recording section at the bottom |