.. _VOSS-Automate-configuration-and-sync-for-microsoft:

Configure VOSS Automate for Microsoft Services
----------------------------------------------------

.. _21.1|VOSS-847:
.. _21.3-PB1|VOSS-1072|EKB-12847:
.. _21.3-PB1|VOSS-1072|EKB-12791:


Overview 
...............

When using VOSS Automate with Microsoft (as a single or multiple vendor deployment scenario), you'll need 
to pre-configure several settings in VOSS Automate before importing Microsoft users, licenses, policies, and 
dialplans. 

.. note:: 

   * VOSS Automate v21.2 introduced sync with flow through provisioning for Microsoft users. In 21.3, 
     this feature extends the functionality to users synced in from LDAP and CUCM (Call Manager).

   * Only *Add* is supported for syncs with flow through provisioning. Update and delete are 
     not supported since the requirements may differ depending on the customer scenario.

   * For details on the generic flow through provisioning feature (which includes Microsoft, LDAP, or 
     CUCM users), see :ref:`flow-through-provisioning`


The flowchart sets out the initial configuration of VOSS Automate for Microsoft services. 


.. index:: Flowchart;Configure VOSS Automate for Microsoft Services


.. rubric:: Prerequisites:  

* :ref:`ms-quick-start-step1`
* :ref:`ms-quick-start-step2`


.. include:: configuration-and-sync-for-microsoft.uml


.. rubric:: Related Topics

* 
  .. raw:: latex

     Microsoft Overview in the Core Feature Guide

  .. raw:: html
  
     <a href="concepts-microsoft-overview.html">Microsoft Overview</a> 

* 
  .. raw:: latex

     Sync with Flow Through in the Core Feature Guide

  .. raw:: html
  
     <a href="concepts-sync-with-flow-through-for-microsoft.html">Sync with Flow Through</a> 

* Move users to the sites. See :ref:`user-move-for-microsoft`
* :ref:`flow-through-provisioning`




VOSS Automate and Microsoft Configuration and Sync Workflow Steps 
......................................................................

The high-level workflow for the steps in the flowchart are as follows:  

1. Log in to VOSS Automate as a provider admin. 
2. Add customers.   

#. Go to **Customizations > Global Settings** to enable Microsoft:  

   * On the **Enabled Services** tab, enable Microsoft services. 
   * If you have a Microsoft-only environment, on the **Number 
     Inventory** tab, set the following to *No* (False): **Enforce HCS Dialplan Rules** 
    
     .. note:: 
       
       HSC dialplan is relevant only when using Cisco (in a single vendor or multi vendor installation).  

#. Configure role-based access controls to apply to users on import: 
   
   .. note:: 
      
      VOSS Automate allows an admin user to set up pre-defined role-based configuration, which will 
      be applied to users on import. This allows users to be auto-provisioned on import, with the 
      correct services, lines, policies, and licenses. 
  
      When preparing for import, you'll need to create the admin users, service profiles, user 
      roles, and role-based menu layouts (to hide or display 
      functionality for different categories of users). For example, you can assign a Microsoft-only 
      user role (``MicrosoftOnlyRole``) in a Microsoft-only scenario. 
 
      * Add an admin user. See :ref:`create-a-user`.
      * Configure menu layouts, See :ref:`create-a-menu-layout`.
      * Add user roles, and choose menu layouts for the roles. See :ref:`role-management`.
      * Configure a SMTP server, if required. See :ref:`SMTP-server`.

#. Configure a tenant, one for each customer. See :ref:`voss-msft-conn-params`

   .. note:: 
      
      The tenant configuration defines how VOSS Automate connects to the Microsoft Cloud to allow syncing of 
      data between VOSS Automate and Microsoft Azure, Microsoft 365, Microsoft Teams, and Microsoft Exchange. 
      Saving the tenant creates the default syncs and schedules.

#. Configure the network device lists (NDLs), which are required for creating the sites. See :ref:`configure-network-device-list`

#. Go to the tenant configuration screen, and click **Action > Sync All** to run a full pull sync. 

   The tenant dialplan, policies, licenses, and Microsoft users are synced to the customer level. 

   .. note:: 

      * If you're using flow through provisioning for Microsoft users, additional steps are required 
        before running the initial sync. See :ref:`sync-with-flow-through-for-microsoft`
      * From release 21.3-PB1, an **Action > Sync New Users** option is available to *only import the users*
        to be added from the following models:

        * ``device/msgraph/MsolUser``
        * ``device/msteamsonline/CsOnlineUser``
        * ``device/msteamsonline/ApplicationInstance``

        In order for this sync method to be enabled initially after upgrade to 21.3-PB1, save the tenant
        instance on this screen first so that the necessary data sync instances are created.
        These data syncs can be identified by the name format: ``SyncMSTeamsOnlineUsers__<tenant>``,
        with **Update** and **Remove** operations are disabled by default.