Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

In order to complete the steps below, you must have Application Administrator or Global administrator role in Azure.

The registration consists of the following steps:

If Chat recording and Voice recording will be used at the same time for Microsoft Teams, then a single app can be used for both. In that case, use the configuration steps described in the Registering the Microsoft Teams Bot in Azure article.

Creating an App Registration

Step 1 - Log in to the Azure portal.

Step 2 - Search for App registrations in the search box on the top, then click on the App registrations link under the Services section.

(Alternatively, the App registrations can be also found by opening the hamburger menu in the upper right corner, then selecting the Azure Active Directory, then selecting App registrations in the left panel.)

Step 3 - Click on New Registration.

Step 4 - Provide a name for the App, then at the "Who can use this application or access this API?" section select the "Accounts in any organizational directory (Any Azure AD directory - Multitenant)" option.

Step 5 - Click Register.

Step 6 - Take a note of the Application (client) ID and the Directory (tenant) ID. They will be needed later.

Step 7 - Select the Certificates & secrets menu in the left panel.

Step 8 - Under the Client secrets section, click on the New Client Secret button.

Step 9 - Provide a Description, set when the secret Expires, then click on the Add button.

Step 10 - Take a note of the new Client secret. It will be needed later.

Step 11 - In the left panel, under the Manage section, click on the Authentication menu.

Step 12 - Under the Platform configuration sections, click on the Add a platform button.

Step 13 - In the right panel, select Web.

Step 14 - Provide a Redirect URI. It can be any website. Take a note of the URI provided, it will be needed later.

Step 15 - Click on the Configure button in the bottom.

Configuring permissions to the App

Step 16 - In the left panel, under the Manage section, click on the API permissions menu.

Step 17 - Click on the Add a permission button.

Step 18 - Select Microsoft Graph, then select Application permissions.

Step 19 - Select the following permissions:

    • User.Read.All

    • Group.Read.All

    • Chat.Read.All

    • ChannelMessage.Read.All

    • ChannelMember.Read.All

    • Directory.Read.All

    • Files.Read.All

    • Sites.Read.All

Step 20 - Click on the Add permissions button.

Granting admin consent to the permissions

Separate Azure tenants for the recording provider (App) and for the Teams environment to record

In the case when the recorded Teams environment and the recording bot are in separate Azure tenants, the following steps have to be done using the Tenant ID of the Azure tenant where the Teams environment to record resides, and also using a user that has the Teams Service Admin or Global Admin role in that tenant. In order to gather the Tenant ID for Step 29, you have to log in to the Azure portal of that tenant, then go to the Azure Active Directory.

Multi-Tenant configuration:

If the same bot is being used in multiple tenants, then the following steps have to be done for each tenants using the guidelines above.

Step 21 - Build the consent URL. The format is the following:

https://login.microsoftonline.com/{tenant_id}/adminconsent?client_id={microsoft_app_id}&state=12345&redirect_uri={redirect_uri}

Replace the {tenant_id} part with the Directory (tenant) ID and the {microsoft_app_id} part with the Application (client) ID from Step 6. Replace {redirect_uri} part with the URI from Step 14.

Step 22 - Copy the previously created consent URL into the browser, then hit enter. Log in with a Teams Service Admin or Global Admin user of the Azure tenant where the Teams environment to record resides. Click on the Accept button. The page will redirect to the webpage provided in the Redirect URI setting.

Registering the App using Azure CLI and PowerShell

 The Microsoft Teams Bot can be also registered using Azure CLI and PowerShell commands.

Step 1 - Download and install the Azure CLI.

Step 2 - Open PowerShell and log in to Azure using the az login command. For example:


az login -u "[user_UPN]" -p "[password]"

Step 3 - Create the App registration using the az ad app create command. Provide an App secret also. When it is done, take a note of the App Id; it will be needed in the later commands, in Verba configuration, and in the Teams recording policy.


$app = az ad app create --display-name "[app_display_name]" --available-to-other-tenants --reply-urls "https://www.verba.com" --password "[app_secret]" --credential-description "[app_secret_description]" --end-date [app_secret_validity_in_years] | ConvertFrom-Json
$appID = $app.appId
echo $appID

Step 4 (Optional) - Assign an user to the App registration as owner using the az ad app owner add command:


az ad app owner add --id $appID --owner-object-id "[user_object_id]"

Step 5 - Add permissions to the App registration using the az ad app permission add command:


az ad app permission add --id $appID --api 00000003-0000-0000-c000-000000000000 --api-permissions 3b55498e-47ec-484f-8136-9013221c06a9=Role 5b567255-7703-4780-807c-7be8301ae99b=Role 7b2449af-6ccd-4f4d-9f78-e550c193f0d1=Role 6b7d71aa-70aa-4810-a8d9-5d9fb2830017=Role df021288-bdef-4463-88db-98f22de89214=Role

Step 6 - Grant admin consent using the az ad app permission admin-consent command:


az ad app permission admin-consent --id $appID

Step 7 - The protected API access has to be requested. See Protected API Access for Chat Recording section at the bottom

  • No labels