Whitelisting the Microsoft Teams Bot App

Owned by Kiss, Mate
Last updated: Feb 27, 2024 by Zszugyi
2 min read

In order to complete the steps below, you must have Global Administrator role.

The same Bot can be whitelisted in multiple Microsoft Entra (formerly Azure AD) tenants, and can be used for multiple compliance policies.

The registration consists of the following steps:

Prerequisites

Step 1 - Download and install PowerShell 5.1.

Step 2 - Open PowerShell as administrator.

Step 3 - Set the security protocol to TLS 1.2 with the following command:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Step 4 - Install the NuGet package provider module by running the following command:

Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force

Step 5 - Install the Microsoft Teams module by running the following command:

Install-Module MicrosoftTeams

Accessing the tenant via PowerShell

Separate Azure tenants for the recording provider (bot) and for the Teams environment to record

In the case when the recorded Teams environment and the recording bot are in separate Microsoft Entra tenants, the following steps have to be done in the Teams tenant.

Step 1 - Open PowerShell as administrator.

Step 2 - Execute the following command:

Update-Module MicrosoftTeams

Step 3 - Execute the following command:

Connect-MicrosoftTeams

Step 4 - A login prompt will show up. Provide the user credentials.

Registering the bot as a Teams application

Step 5 - Execute the following command. At the <UPN> part, provide a unique UPN for the recording bot, for example, verbabot@contoso.com. Provide something at the <displayName> part, it can be anything. Replace the <botAppId> part with the application ID from the previous section (Creating the Microsoft Teams Recording Bot - Step 13).

New-CsOnlineApplicationInstance -UserPrincipalname <UPN> -DisplayName '<displayName>' -ApplicationId <botAppId>

Step 6 - In the command results, take note of the ObjectId. It will be needed later.

Step 7 - Execute the following command. Replace the <ObjectId> part with the ID from the results of the previous command.

Sync-CsOnlineApplicationInstance -ObjectId <ObjectId>

Step 8 (Optional - 2N recording) - If 2N recording will be configured, then repeat the steps 5-7 for the second bot registration also. Take a note of the second ObjectId.