Step 1 - Log in to the Azure portal.
Step 2 - Search for App registrations in the search box on the top, then click on the App registrations link under the Services section.
(Alternatively, the App registrations can be also found by opening the hamburger menu in the upper right corner, then selecting the Azure Active Directory, then selecting App registrations in the left panel.)
Step 3 - Click on New Registration.
Step 4 - Provide a name for the App, then at the "Who can use this application or access this API?" section select the "Accounts in any organizational directory (Any Azure AD directory - Multitenant)" option.
Step 5 - Click Register.
Step 6 - Take a note of the Application (client) ID and the Directory (tenant) ID. They will be needed later.
Step 7 - Select the Certificates & secrets menu in the left panel.
Step 8 - Under the Client secrets section, click on the New Client Secret button.
Step 9 - Provide a Description, set when the secret Expires, then click on the Add button.
Step 10 - Take a note of the new Client secret. It will be needed later.
Step 11 - In the left panel, under the Manage section, click on the Authentication menu.
Step 12 - Under the Platform configuration sections, click on the Add a platform button.
Step 13 - In the right panel, select Web.
Step 14 - Provide a Redirect URI. It can be any website. Take a note of the URI provided, it will be needed later.
Step 15 - Click on the Configure button in the bottom.
Step 16 - In the left panel, under the Manage section, click on the API permissions menu.
Step 17 - Click on the Add a permission button.
Step 18 - Select Microsoft Graph, then select Application permissions.
Step 19 - Select the following permissions:
User.Read.All
Group.Read.All
Chat.Read.All
ChannelMessage.Read.All
ChannelMember.Read.All
Directory.Read.All
Files.Read.All
Sites.Read.All
Step 20 - Click on the Add permissions button.
Step 21 - Build the consent URL. The format is the following:
https://login.microsoftonline.com/{tenant_id}/adminconsent?client_id={microsoft_app_id}&state=12345&redirect_uri={redirect_uri}
Replace the {tenant_id} part with the Directory (tenant) ID and the {microsoft_app_id} part with the Application (client) ID from Step 6. Replace {redirect_uri} part with the URI from Step 14.
Step 22 - Copy the previously created consent URL into the browser, then hit enter. Log in with a Teams Service Admin or Global Admin user of the Azure tenant where the Teams environment to record resides. Click on the Accept button. The page will redirect to the webpage provided in the Redirect URI setting.
If the same App Registration will be used for Chat recording also, then the following form has to be sent:
https://aka.ms/teamsgraph/requestaccess
At the Data Retention setting select “It is obvious to any admin installing this app that it will make a copy of Microsoft Teams messages”. On the second page, leave the URLs empty.