Configure Microsoft Tenant Connection Parameters¶
This procedure configures the following connections:
From VOSS Automate to the PowerShell Proxy
Between the PowerShell Proxy and the tenant
The Graph API connection between VOSS Automate and the tenant
Prerequisites:
You will need:
The FQDN or IP address of a single-node PowerShell Proxy, or the FQDN corresponding to your load balancer’s virtual IP address. See PowerShell Proxy Setup
The credentials for the local service account you created on the PowerShell Proxy
Proxy authentication credentials (if the outbound Internet Proxy requires authentication)
The credentials for the Microsoft Teams tenant service account. See Create Microsoft Teams Service Account on Azure.
The Client ID, Tenant ID, and, for authentication for MS Graph, the client secret and/or the certificate created when registering VOSS Automate as an application object with Azure Active Directory. See VOSS Automate App Registration in Azure.
If you’re using VOSS Automate to manage Microsoft Exchange online, you will need the certificate authentication thumbprint you generated on the Azure portal for Microsoft Exchange. See VOSS Automate App Registration in Azure.
To add and configure the Microsoft Tenant
Log in to the VOSS Automate Admin Portal as a Provider Administrator.
Note
By default, the Provider administrator role is the only role that has the ability to create Tenant connections).
Add the Microsoft tenant:
Go to (default menus) Apps Management > Microsoft Tenant.
Click Add.
Choose the hierarchy level where you wish to add the tenant. Typically, this is at Customer level.
Enter a name and a description for the tenant.
Add the PowerShell Proxy connection parameters:
Locate the Microsoft Teams Powershell section.
In the Host field, enter the FQDN or IP address of a single-node PowerShell Proxy, or the FQDN corresponding to your load balancer’s virtual IP address.
Note
For details around the local hosts file and the TrustedHosts WinRM configuration, see PowerShell Proxy Setup.
In the Username field and Password field, enter the credentials for the local service account you created on the PowerShell Proxy.
Configure the outbound internet Proxy:
Locate the Microsoft Teams HTTP Proxy fields.
If you have an outbound Internet Proxy deployed between the PowerShell Proxy and the public Internet, select the Use HTTP Proxy checkbox.
Note
If there is no outbound Internet Proxy deployed between the PowerShell and the public internet, leave both checkboxes unchecked, and leave the Username and Password fields blank. Continue to the next step.
If the outbound Internet proxy requires authentication, select the Use HTTP Proxy Authentication checkbox, and enter the Proxy authentication credentials in the Username / Password fields.
Note
You will have already provisioned the outbound Internet Proxy’s IP address (or FQDN) and port number when you set up the PowerShell Proxy. See PowerShell Proxy Setup, and note the caveat regarding proxy authentication in PowerShell Proxy Deployment Topologies.
Add the Microsoft Teams Tenant service account credentials:
Locate the Microsoft Teams fields.
In the Admin Username and Admin Password fields, enter the credentials for the Microsoft Teams tenant service account.
Note
You created this account earlier. See Create Microsoft Teams Service Account on Azure.
Configure the Azure Active Directory application registration parameters:
Locate the client secret value you stored previously.
Note
You would have obtained and stored this client secret when registering your VOSS Automate application. See VOSS Automate App Registration in Azure.
Locate your Client ID and Tenant ID, which you specified in the Azure AD portal.
If you need to obtain the Client ID and Tenant ID from the Azure Portal now:
Use your Global Administrator credentials to sign in to the Azure portal .
Go to Azure Active Directory > Manage > App registrations.
Select your VOSS Automate application.
Locate the Client ID and Tenant ID values under Essentials.
Add Microsoft 365 details to the Microsoft tenant:
Locate the Microsoft 365 fields.
Enter the Client ID and Tenant ID values.
If you’re using client secret authentication, copy the secret value into the Secret field.
If you’re using certificate authentication:
Paste the certificate thumbprint obtained from Azure into the Certificate Thumbprint field.
From the Certificate drop-down, choose the certificate previously created in the Admin Portal.
Note
You uploaded the public key for this locally stored certificate to Azure. The thumbprint added in the Microsoft 365 tenant parameter is generated in Azure when the public key file is uploaded to Azure.
Certificate authentication only if a client secret is not provided.
If you’re using VOSS Automate to manage Microsoft Exchange online, provision the Exchange Online application certificate thumbprint.
Note
The certificate authentication thumbprint is generated on the Azure portal for Microsoft Exchange. You would have installed this certificate on the PowerShell proxy server and configured it in the application registration.
The certificate thumbprint is the encrypted password required for an authenticated connection to the Microsoft Cloud Exchange portal. Connecting to Microsoft Exchange is required to sync in the Microsoft Exchange objects (mailboxes, shared mailboxes, rooms, and distribution lists).
Locate the Microsoft Exchange fields.
Select Enable Microsoft Exchange.
In the Certificate Thumbprint field, paste the certificate thumbprint you obtained earlier.
Note
You obtained the certificate thumbprint when logged into the PowerShell proxy to register the VOSS Automate application with Azure Active Directory. See VOSS Automate App Registration in Azure.
The certificate thumbprint was created on the proxy and uploaded to the Azure portal. When generating PowerShell scripts to manage Microsoft Exchange Online, VOSS Automate includes this thumbprint so that the PowerShell proxy can use the corresponding certificate to authenticate with Microsoft Exchange Online.
Click Save.
Test your Microsoft tenant connection. You will be prompted to confirm the test.
Note
In this step you will verify that VOSS Automate can connect to the Microsoft Teams tenant using PowerShell, and to Azure Active Directory using the Microsoft Graph API.
On the Microsoft Tenant page, choose the relevant tenant.
Click Test Connection.
Next Steps
Verify that no changes are needed in user name mapping macros prior to sync. High level administrators with access to the
data/MultivendorUsernameMappingMacros
model instances should carry out this task.Perform a sync from the Microsoft tenant to import Microsoft users, tenant dial plan, licenses, and policies to the customer level. You will be prompted to confirm the syncs.
For Microsoft Exchange, ensure that instances for all 4 device models (User mailboxes, Shared Mailboxes, Room Mailboxes, and Distribution Mailboxes) are synced in at the level were the tenant exists.
Configure the customer-wide site defaults doc (SDD),
CUSTOMER_TEMPLATE
. See Site Defaults Doc Templates.Add network device lists (NDLs) with Microsoft 365 and Microsoft Teams tenant details. NDLs are required when adding sites. See Add a Network Device List (NDL).
Create sites.
Run the overbuild. See: Overbuild for Microsoft.
Related Topics