.. _voss-msft-conn-params: Configure Microsoft Tenant Connection Parameters --------------------------------------------------- .. _21.2|VOSS-873: .. _21.3|VOSS-891: .. _21.3|EKB-10448: .. _21.3-PB2|EKB-13056: This procedure configures the following connections: * From VOSS Automate to the PowerShell Proxy * Between the PowerShell Proxy and the tenant * The Graph API connection between VOSS Automate and the tenant .. rubric:: Prerequisites: You will need: * The FQDN or IP address of a single-node PowerShell Proxy, or the FQDN corresponding to your load balancer’s virtual IP address. See :ref:`pshell-proxy-setup` * The credentials for the local service account you created on the PowerShell Proxy * Proxy authentication credentials (if the outbound Internet Proxy requires authentication) * The credentials for the Microsoft Teams tenant service account. See :ref:`create-ms-teams-service-acc`. * The Client ID, Tenant ID, and, for authentication for MS Graph, the client secret and/or the certificate created when registering VOSS Automate as an application object with Azure Active Directory. See :ref:`register-voss-app-in-azure`. * If you're using VOSS Automate to manage Microsoft Exchange online, you will need the certificate authentication thumbprint you generated on the Azure portal for Microsoft Exchange. See :ref:`register-voss-app-in-azure`. .. rubric:: To add and configure the Microsoft Tenant 1. Log in to the VOSS Automate Admin Portal as a Provider Administrator. .. note:: By default, the Provider administrator role is the only role that has the ability to create Tenant connections). 2. Add the Microsoft tenant: 1. Go to (default menus) **Apps Management > Microsoft Tenant**. #. Click **Add**. #. Choose the hierarchy level where you wish to add the tenant. Typically, this is at Customer level. #. Enter a name and a description for the tenant. .. image:: /src/images/MSFT_9826a5e55cbbb72f.png 3. Add the PowerShell Proxy connection parameters: 1. Locate the **Microsoft Teams Powershell** section. 2. In the **Host** field, enter the FQDN or IP address of a single-node PowerShell Proxy, or the FQDN corresponding to your load balancer's virtual IP address. .. note:: For details around the local hosts file and the TrustedHosts WinRM configuration, see :ref:`pshell-proxy-setup`. 3. In the **Username** field and **Password** field, enter the credentials for the local service account you created on the PowerShell Proxy. .. image:: /src/images/MSFT_4bb781f700428752.png 4. Configure the outbound internet Proxy: 1. Locate the **Microsoft Teams HTTP Proxy** fields. 2. If you have an outbound Internet Proxy deployed between the PowerShell Proxy and the public Internet, select the **Use HTTP Proxy** checkbox. .. note:: If there is no outbound Internet Proxy deployed between the PowerShell and the public internet, leave both checkboxes unchecked, and leave the **Username** and **Password** fields blank. Continue to the next step. 3. If the outbound Internet proxy requires authentication, select the **Use HTTP Proxy Authentication** checkbox, and enter the Proxy authentication credentials in the **Username** / **Password** fields. .. note:: You will have already provisioned the outbound Internet Proxy's IP address (or FQDN) and port number when you set up the PowerShell Proxy. See :ref:`pshell-proxy-setup`, and note the caveat regarding proxy authentication in :ref:`pshell-proxy-setup-deploy-topol`. .. image:: /src/images/MSFT_45c85ed09e92f23b.png 5. Add the Microsoft Teams Tenant service account credentials: 1. Locate the **Microsoft Teams** fields. 2. In the **Admin Username** and **Admin Password** fields, enter the credentials for the Microsoft Teams tenant service account. .. note:: You created this account earlier. See :ref:`create-ms-teams-service-acc`. 6. Configure the Azure Active Directory application registration parameters: 1. Locate the client secret value you stored previously. .. note:: You would have obtained and stored this client secret when registering your VOSS Automate application. See :ref:`register-voss-app-in-azure`. 2. Locate your Client ID and Tenant ID, which you specified in the Azure AD portal. If you need to obtain the Client ID and Tenant ID from the Azure Portal now: * Use your Global Administrator credentials to sign in to the `Azure portal `_ . * Go to **Azure Active Directory > Manage > App registrations**. * Select your VOSS Automate application. .. image:: /src/images/MSFT_56ea55920a3fb822.png * Locate the **Client ID** and **Tenant ID** values under **Essentials**. .. image:: /src/images/MSFT_bba07a0e548633b0.png 7. Add Microsoft 365 details to the Microsoft tenant: 1. Locate the **Microsoft 365** fields. 2. Enter the **Client ID** and **Tenant ID** values. 3. If you're using client secret authentication, copy the secret value into the **Secret** field. .. image:: /src/images/MSFT_98f16dd5a528eb57.png 4. If you're using certificate authentication: * Paste the certificate thumbprint obtained from Azure into the **Certificate Thumbprint** field. * From the **Certificate** drop-down, choose the certificate previously created in the Admin Portal. .. note:: * You uploaded the public key for this locally stored certificate to Azure. The thumbprint added in the Microsoft 365 tenant parameter is generated in Azure when the public key file is uploaded to Azure. * Certificate authentication only if a client secret is not provided. 8. If you're using VOSS Automate to manage Microsoft Exchange online, provision the Exchange Online application certificate thumbprint. .. note:: The certificate authentication thumbprint is generated on the **Azure** portal for Microsoft Exchange. You would have installed this certificate on the PowerShell proxy server and configured it in the application registration. The certificate thumbprint is the encrypted password required for an authenticated connection to the Microsoft Cloud Exchange portal. Connecting to Microsoft Exchange is required to sync in the Microsoft Exchange objects (mailboxes, shared mailboxes, rooms, and distribution lists). 1. Locate the **Microsoft Exchange** fields. 2. Select **Enable Microsoft Exchange**. 3. In the **Certificate Thumbprint** field, paste the certificate thumbprint you obtained earlier. .. note:: You obtained the certificate thumbprint when logged into the PowerShell proxy to register the VOSS Automate application with Azure Active Directory. See :ref:`register-voss-app-in-azure`. The certificate thumbprint was created on the proxy and uploaded to the Azure portal. When generating PowerShell scripts to manage Microsoft Exchange Online, VOSS Automate includes this thumbprint so that the PowerShell proxy can use the corresponding certificate to authenticate with Microsoft Exchange Online. .. image:: /src/images/ms-tenant-exchange.png 9. Click **Save**. 10. Test your Microsoft tenant connection. You will be prompted to confirm the test. .. note:: In this step you will verify that VOSS Automate can connect to the Microsoft Teams tenant using PowerShell, and to Azure Active Directory using the Microsoft Graph API. 1. On the **Microsoft Tenant** page, choose the relevant tenant. 2. Click **Test Connection**. .. rubric:: Next Steps * Verify that no changes are needed in user name mapping macros prior to sync. High level administrators with access to the ``data/MultivendorUsernameMappingMacros`` model instances should carry out this task. * Perform a sync from the Microsoft tenant to import Microsoft users, tenant dial plan, licenses, and policies to the customer level. You will be prompted to confirm the syncs. For Microsoft Exchange, ensure that instances for all 4 device models (User mailboxes, Shared Mailboxes, Room Mailboxes, and Distribution Mailboxes) are synced in at the level were the tenant exists. * Configure the customer-wide site defaults doc (SDD), ``CUSTOMER_TEMPLATE``. See :ref:`site-defaults-doc-templates`. * Add network device lists (NDLs) with Microsoft 365 and Microsoft Teams tenant details. NDLs are required when adding sites. See :ref:`configure_network_device_list`. * Create sites. * Run the overbuild. See: :ref:`overbuild-msft`. * Go to :ref:`VOSS-Automate-configuration-and-sync-for-microsoft` .. rubric:: Related Topics * .. raw:: latex Microsoft Overview in the Core Feature Guide .. raw:: html Microsoft Overview