VOSS Automate Microsoft Connection Parameters

In this section we will provision the connections from VOSS Automate to the PowerShell Proxy, and from the PowerShell Proxy and your tenant. We will also provision the Graph API connection between VOSS Automate and the tenant.

  1. Sign into VOSS Automate as a Provider Administrator (the only role that, by default, has the ability to create Tenant connections).

  2. Go to (default menus) Apps Management > Microsoft Tenant.

  3. Click the Add icon and select the hierarchy level where you wish to add the tenant. This will typically be at the customer level.

  4. Enter a name and a description for this tenant.

    Next steps: Provision the PowerShell Proxy connection parameters.

../../../_images/MSFT_9826a5e55cbbb72f.png

Provision the PowerShell Proxy Connection Parameters

  1. On the Microsoft Tenant page, locate the Microsoft Teams Powershell fields.

  2. In the Host field enter the FQDN or IP address of a single-node PowerShell Proxy, or the FQDN corresponding to your load balancer’s virtual IP address.

    Note

    Refer to the notes regarding the local hosts file and the TrustedHosts WinRM configuration in the VOSS Automate PowerShell Proxy Configuration section above.

  3. In the Username and Password fields enter the credentials for the local service account you created on the PowerShell Proxy.

    Next steps: Provision the outbound internet proxy configuration.

../../../_images/MSFT_4bb781f700428752.png

Provision the Outbound Internet Proxy Configuration

  1. On the Microsoft Tenant page, locate the Microsoft Teams HTTP Proxy fields.

    If there is no outbound Internet proxy deployed between the PowerShell Proxy and the public Internet, leave both checkboxes unchecked, and the Username and Password fields blank. Continue with the next step.

  2. If there is an outbound Internet Proxy deployed between the PowerShell Proxy and the public Internet, select the Use HTTP Proxy checkbox.

  3. If the outbound Internet proxy requires authentication, select the Use HTTP Proxy Authentication checkbox, and enter the proxy authentication credentials in the Username and Password fields.

    Note

    You will have already provisioned the outbound Internet proxy’s IP address (or FQDN) and port number when you set up the PowerShell Proxy. Refer to the VOSS Automate PowerShell Proxy Configuration section above. Also please note the caveat regarding proxy authentication in the Deployment Topology Options section above.

../../../_images/MSFT_45c85ed09e92f23b.png

Next steps

Provision the Microsoft Teams Tenant Service Account Credentials

  1. On the Microsoft Tenant page, locate the Microsoft Teams fields.

  2. In the Admin Username and Admin Password fields, enter the credentials for the Microsoft Teams tenant service account.

    You created this account earlier. See Create Service Account for Microsoft Teams Management via PowerShell.

Next Steps

Provision the Azure Active Directory Application Registration Parameters

In the Azure Active Directory Tenant Setup for VOSS Automate Application Registration section above you registered your VOSS Automate application. You should have captured the “Secret” value at that time.

If you did not capture your Client ID and Tenant ID, you can do so at any time from the Azure AD portal.

In this section, you will need to:

  • Obtain Client ID and Tenant ID from the Azure AD Portal

  • Add Microsoft 365 Details to the Microsoft Tenant

Obtain Client ID and Tenant ID from the Azure AD Portal

  1. Sign into the Azure portal using your Global Administrator credentials.

  2. Go to Azure Active Directory.

  3. Under Manage select App registrations.

  4. Select your VOSS Automate application.

    ../../../_images/MSFT_56ea55920a3fb822.png
  5. Under Essentials you will find the Client ID and Tenant ID values that you enter into the VOSS Automate tenant setup page.

    ../../../_images/MSFT_bba07a0e548633b0.png

Next steps: Add Microsoft 365 details to the Microsoft tenant.

Add Microsoft 365 Details to the Microsoft Tenant

Now fill out the Microsoft 365 details on the Microsoft Tenant page:

  1. On the Microsoft Tenant page in VOSS Automate, locate the Microsoft 365 field.

  2. Enter the Client ID, Tenant ID, and Secret in their respective fields.

    ../../../_images/MSFT_98f16dd5a528eb57.png
  3. Click Save.

Next Steps

  • If you’re using VOSS Automate to manage Microsoft Exchange online, provision the Exchange Online application certificate thumbprint.

Provision the Exchange Online Application Certificate Thumbprint

At this step you’ll add the certificate authentication thumbprint generated on the Azure portal for Microsoft Exchange. You would have installed this certificate on the PowerShell proxy server and configured it in the application registration.

Note

The certificate thumbprint is the encrypted password required for an authenticated connection to the Microsoft Cloud Exchange portal. Connecting to Microsoft Exchange is required to sync in the Microsoft Exchange objects (mailboxes, shared mailboxes, rooms, and distribution lists).

To add the certificate thumbprint for Exchange to the Microsoft tenant:

  1. Log in to VOSS Automate.

  2. Go to Apps Management > Microsoft Tenant.

  3. Locate the Microsoft Exchange fields.

  4. Are you using VOSS Automate to manage Exchange Online?

    • No. Clear the Enable Microsoft Exchange checkbox. Go to step 5.

    • Yes.

      • Select Enable Microsoft Exchange.

      • In the Certificate Thumbprint field, paste the certificate thumbprint you obtained earlier.

        Note

        You obtained the certificate thumbprint when logged into the PowerShell proxy to register the VOSS Automate application with Azure Active Directory. See Azure Active Directory Tenant Setup for VOSS Automate Application Registration.

        The certificate thumbprint was created on the proxy and uploaded to the Azure portal. When generating PowerShell scripts to manage Microsoft Exchange Online, VOSS Automate includes this thumbprint so that the PowerShell proxy can use the corresponding certificate to authenticate with Microsoft Exchange Online.

  5. Click Save.

../../../_images/ms-tenant-exchange.png

Next Steps

  • Test your Microsoft tenant connections. See Test Tenant Connection

  • Perform a sync from the Microsoft tenant to import Microsoft users, tenant dial plan, licenses, and policies to the customer level.

    For Microsoft Exchange, ensure that instances for all 4 device models (User mailboxes, Shared Mailboxes, Room Mailboxes, and Distribution Mailboxes) are synced in at the level were the tenant exists.

  • Configure the customer-wide site defaults doc (SDD), CUSTOMER_TEMPLATE. See Site Defaults Doc Templates.

  • Add network device lists (NDLs) with Microsoft 365 and Microsoft Teams tenant details. NDLs are required when adding sites. See Add a Network Device List.

  • Create sites.

  • Run the overbuild. See: Overbuild for Microsoft.

  • Go to VOSS Automate Configuration and Sync

Test Tenant Connection

Verify that VOSS Automate can connect to the Microsoft Teams tenant using PowerShell, and to Azure Active Directory using the Microsoft Graph API.

  1. In the VOSS Automate Admin Portal, go to (default menus) Apps Management > Microsoft Tenant.

  2. In the tenant list view, select the tenant.

  3. Click Test Connection.

Related Topics