Whitelisting the Microsoft Teams Bot App

Owned by Kiss, Mate
Sept 09, 2020
2 min read

In order to complete the steps below, you must have Global Administrator or Teams Service Administrator role.

The same Bot can be whitelisted in multiple Azure tenants, and can be used for multiple compliance policies.

The registration consists of the following steps:

Accessing the tenant via PowerShell

Separate Azure tenants for the recording provider (bot) and for the Teams environment to record

In the case when the recorded Teams environment and the recording bot are in separate Azure tenants, the following steps have to be done in the Teams tenant.

Step 1 - Download and install the Skype Bus Connector PowerShell module.

Step 2 - Open PowerShell as administrator.

Step 3 - Execute the following command:

Import-Module SkypeOnlineConnector

The next step depends on what kind of authentication method your Teams administrator account uses.

Step 4, If your Teams administrator account uses account name and password for authentication

Step 4a - Execute the following command:

$userCredential = get-Credential

Step 4b - A login prompt will show up. Provide the user credentials.

Step 4c - Execute the following command:

$teamsSession = New-CsOnlineSession -Credential $userCredential -Verbose

Step 4, If your Teams administrator account uses multi-factor authentication

Step 4a - Execute the following command:

$teamsSession = New-CsOnlineSessione

Step 4b - A login prompt will show up. Provide the user credentials.

Step 4c - MFA process starts. Complete the authentication.

 

Step 5 - Execute the following command:

Import-PSSession $teamsSession

Registering the bot as a Teams application

Step 6 - Execute the following command. At the <UPN> part, provide a unique UPN for the recording bot, for example, verbabot@contoso.com. Provide something at the <displayName> part, it can be anything. Replace the <botAppId> part with the application ID from the previous section (Creating the Microsoft Teams Recording Bot - Step 13).

New-CsOnlineApplicationInstance -UserPrincipalname <UPN> -DisplayName '<displayName>' -ApplicationId <botAppId>

Step 7 - In the command results, take note of the ObjectId. It will be needed later.

Step 8 - Execute the following command. Replace the <ObjectId> part with the ID from the results of the previous command.

Sync-CsOnlineApplicationInstance -ObjectId <ObjectId>

Step 9 (Optional - 2N recording) - If 2N recording will be configured, then repeat the steps 6-8 for the second bot registration also. Take a note of the second ObjectId.

Step 10 (Optional - 2N recording) - If 2N recording will be configured, then execute the following command. Replace the <ObjectId> part with the ID from the results of the previous command.

Set-CsTeamsComplianceRecordingApplication -Identity 'Tag:<PolicyName>/ba040aac-43ff-42c9-a4ca-03dbae845b2c' -ComplianceRecordingPairedApplications @(New-CsTeamsComplianceRecordingPairedApplication -Id '<ObjectId>')