Hybrid Cisco-Microsoft Solution Set Up Steps -------------------------------------------- (For use with VOSS-Automate v21.4 PB1) .. note:: These set-up notes are intended for use with Customers currently using Cisco-VOSS HCS dialplans. The configuration can be adapted to work with Customers with CUCM clusters that do not have HCS Dialplans. Please discuss with VOSS-GlobalServices. .. note:: Microsoft changed the name of Azure Active Directory to Microsoft Entra ID in August 2023. Reference Documents / Workbooks: - MS-Teams-2-1-DPA_CFTs-MultiCountry-SYS-HCS-59Countries-01Feb2023.xlsx - MS-Teams-2-2-GsSmeTemplateDat--woSME-59Countries-01Feb2023.xlsx - MS-Teams-2-2-GsSmeTemplateDat--withSME-59Countries-01Feb2023.xlsx. (for ServiceProviders using Cisco SMEs) - See MS-Teams-2-3-Cisco-Microsoft-ConfigurationSet-VOSS--26Apr2023.xlsx - MS-Teams-2-4-Microsoft-Dialplan-VOSS-SettingExamples-30Sep2022.xlsx - MS-Teams-2-5-CallQueues-AutoAttendants-ResourceUsers-VOSS-SP-24June2022.xlsx - MS-Teams-CallFlows_v1.4.xlsx - MS-Teams-CallFlow-Diagrams_v2.0.pptx - MS-Teams-CallFwd-Diagrams_v1.2.pptx - Cisco-MS-Teams-HybridCallFlow-DialplanArchitecture_plus CallFlows_v1.4-15Feb2021.pptx - MS-Teams_CUCM_SIP_Normalization_Scripts-29Sep2022.xlsx (with examples of MS-AntiLoop_V0.12, MS-Agg_v0.2 and MS-Passthrough_V0.1) - VOSS Automate-MicrosoftAccessRequirements-plusScreenshots-30Oct2022.ppt PLATFORM SET-UP .................. 1. VOSS-Automate Platform Set-Up: - Confirm platform upgraded to v21.3 PB3 or higher. Preferably to v21.4 PB1 (available 29Mar 2023) - If using v 21.3PB3 - Ensure the following patches are also loaded. - EKB-13870 - EKB-14264 - EKB-13125 - EKB-14277 - EKB-14466/EKB-14548 - EKB-14222 - EKB-14486 - EKB-14621 - EKB-14565 - EKB-14760 - EKB-14564 - EKB-15454 - EKB-15667 - EKB-15702 - EKB-15553 - EKB-15787 - EKB-15800 - If using v 21.4 PB - Ensure the following patches are also loaded. (If not already loaded with v21.3 PB3) - EKB-15702 Also available as v21.4 PB1 patch - EKB-15553 Also available as v21.4 PB1 patch - EKB-15787 Also available as v21.4 PB1 patch - EKB-15800 Also available as v21.4 PB1 patch Also install MultiVendorService_UpdateEntitlementProfile_PWF_wConditional_Logic-21Dec2022.json Import - MultiVendorService_UpdateEntitlementProfile_PWF_wConditional_Logic-21Dec2022.json Update to MvsHybrid CleanUp logic to control choice of Entitlement Profiles when cleaning up Cisco-MS-Hybrid and MS-Only-Hybrid Entitlement Profiles will then be set by settings in Cisco-Only and No-Hybrid-Service Subscriber Profiles for Cisco-MS-Hybrid and MS-Only-Hybrid respectively (following Anti-Orphaning Cleanup) sys_hcs_data/MultivendorUsernameMappingMacros_FDP-20Feb2023.json Update to FDP to show username_macro_ms_365, username_macro_ms_teams, username_macro_cucm, username_macro_ldap MVS-EnhancedProvider_OperationsCustomerAdminAP-21-4-1-27April2023.json Further updates to 21.4PB1 Access Profiles 2. Set up Provider Admin accounts using the latest v21.4 PB1 role: Mvs-EnhancedProviderAdministrator-24-1-1 (See v21.4 PB1 Checklist for v21.4PB1 roles) This uses the following multi-vendor roles components: - Mvs-EnhancedProviderMenu - Mvs-EnhancedProviderAdminAP-21-4-1 - Mvs-EnhancedProviderAdmin-Home Login with _mvs accounts and update Global Settings > Enabled Services to set 'Enable Microsoft' and 'Enable Cisco/Microsoft Hybrid' to true Having reviewed MVS-EnhancedProviderAdmin-21-4-1 role, also review MVS-OperationsCustomerAdmin-21-4-1 role using: This uses the following multi-vendor roles components: - MVS-OperationsCustomerMenu - MVS-OperationsCustomerAdminAP-21-4-1 - MVS-OperationsCustomerAdmin-Home-LP MultiVendorFDP (Optional PB3 Enhancement) - Update default MultiVendorFDP to move Microsoft, and Hybrid panels higher up the dashboard. - Import - MultiVendorFDP-31Oct2022.json - v21.4 PB1 - no change required 3. Login with TDKAdmin account and bulkload (where not already loaded). (Loading Country-specific elements as required by the Service Provider) - MS-Teams-2-1-DPA_CFTs-MultiCountry-SYS-HCS-59Countries-01Feb2023.xlsx - MS_data_Macros - MS-Partition-CFTs - MS-CSS-CFTs - MS-RoutePatterns-CFTs - MS-TransPattern-CFTs - MS-CallingPartyTransform-CFTs - MS-RouteLists - MS-RD-CFTs - Check DPA Configuration templates are visible in Microsoft App Management > Cisco-MS-Teams Configuration > Cisco MS-Teams DPA CFTs Note: 06Oct2022 updates to MS-Teams-SNR-ISR-PT-TP_CFT, MS-Teams-DNPatterns-MS-Only-E164-CgPtyXForm-EmerDDI_CFT & MS-Teams-DNPatterns-Cisco-MS-E164-CgPtyXForm-EmerDDI_CFT, and MultiVendorService_Rd_CFT and MS-Teams-MultiVendorService_Rd_CFT - MS-Teams-2-2-GsSmeTemplateDat--woSME-59Countries-01Feb2023.xlsx - Load required set of country level 'Dialplan Addition Templates' for the Service Provider - Note: sys.hcs level settings are preloaded - Avoid loading the same template at both the sys.hcs and provider levels. (Note: EKB-13479 adds a change to prevent failures when DPA templates are duplicated at multiple levels) - Check DPA Templates are visible in Microsoft App Management > Cisco-MS-Teams Configuration > Cisco MS-Teams DPA Templates 4. Review macro setting for CustomPrefixMS-TeamsRD_MCR - Default setting is * - This is the prefix used when configuring SNR routing to Microsoft for Cisco-MS-Hybrid subscribers. - See updated CFTs: MS-Teams-SNR-ISR-PT-TP_CFT and MS-Teams-MultiVendorService_Rd_CFT 5. Set-up and Configure VOSS Powershell server(s) - Refer to comprehensive VOSS Online documentation for Microsoft Powershell server set up procedure - Ensure that the Microsoft Teams Powershell Module 4.3.0 is loaded. - Please check with VOSS on latest plans for supporting newer Microsoft Teams modules. v5.1.x planned for use with VOSS v21.4 PB2 - Run Powershell command 'Get-Module -ListAvailable -Name MicrosoftTeams' to check version. - Confirm the IP address and the WINRM user account and password for use by VOSS-Automate. - Also see VOSS PPT document: VOSS Automate-MicrosoftAccessRequirements-plusScreenshots-30October2022.ppt - For larger deployments, load-balanced pairs of Powershell servers can be deployed 6. Confirm that both VOSS-Automate and VOSS-Powershell servers have Internet facing DNS servers that can resolve Microsoft URLs. 7. Confirm IP address, username and password for Internet Proxy server, if used, for access by VOSS-Automate and VOSS-Powershell 8. Confirm data center routing access to the Microsoft Cloud to ensure that the VOSS-Automate and VOSS-Powershell servers will be able to connect to the Microsoft cloud through edge firewalls. - See https://learn.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide#skype-for-business-online-and-microsoft-teams 9. Clone 'IniUpdateCustomCFT' from sys to sys.hcs. - This ensures automated update of data/InternalNumberInventory fields when Cisco-Microsoft transactions are executed: - Set CFT fields as follows: - Description = {{ macro.INI_Description_From_Caller_Workflow }} - Extra2 = {{{ macro.INI_Extra2_From_Caller_Workflow }} - Extra4 = {{{ macro.INI_Extra4_From_Caller_Workflow }} - See MS-Teams-2-3-Cisco-Microsoft-ConfigurationSet-VOSS--09Feb2023 - Also see: SYS_HCS_IniUpdateCustomCFT-14Nov2022.json] - Look at data/Macros for Macro name starting with 'INI' to see how the INI settings have been configured by defaullt. These macros can be cloned and customized at the Provider or Customer Level if required 10. Review data/MultivendorUsernameMappingMacros to determine how VOSS-Automate maps MSOL and CSOL Users to data/User (and device/cucm/User) - With TDKAdmin account look at: data/MultivendorUsernameMappingMacros - MultiVendor_Username_Mapping_Macros_ServiceProvider-ServiceProvider-29Mar2023.xlsx. Also see: sys_hcs_data_MultivendorUsernameMappingMacros-29Mar2023.json - Set the Microsoft O365 (MSOLUser) mapping macros as follows: - {{ input.UserPrincipalName }} - (( data.User.username | email:input.UserPrincipalName != '' ))<{{ data.User.username | email:input.UserPrincipalName }}> - (( data.User.username | username_ms_365:input.UserPrincipalName != '' ))<{{ data.User.username | username_ms_365:input.UserPrincipalName }}> - (( data.User.username | username_ms_365:previous.UserPrincipalName != '' ))<{{ data.User.username | username_ms_365:previous.UserPrincipalName }}> - (( data.User.username | username_ms_teams:input.UserPrincipalName != '' ))<{{ data.User.username | username_ms_teams:input.UserPrincipalName }}> - (( data.User.username | username_ms_teams:previous.UserPrincipalName != '' ))<{{ data.User.username | username_ms_teams:previous.UserPrincipalName }}> - (( device.cucm.User.userid | userIdentity:input.UserPrincipalName != '' ))<{{ device.cucm.User.userid | userIdentity:input.UserPrincipalName }}> - (( device.cucm.User.userid | mailid:input.UserPrincipalName != '' ))<{{ device.cucm.User.userid | mailid:input.UserPrincipalName }}> - [OPTIONAL](( data.User.username | first_name:input.FirstName,last_name:input.LastName,user_type:End User,username_ms_365:null,username_ms_teams:null != '' ))<{{ data.User.username | first_name:input.FirstName,last_name:input.LastName,user_type:End User,username_ms_365:null,username_ms_teams:null }}> - [OPTIONAL](( data.User.username | first_name:input.FirstName,last_name:input.LastName,user_type:End User,username_ms_365:null,username_ms_teams:input.UserPrincipalName != '' ))<{{ data.User.username | first_name:input.FirstName,last_name:input.LastName,user_type:End User,username_ms_365:null,username_ms_teams:input.UserPrincipalName }}> - Set the Microsoft Teams (CsonlineUser) mapping macros as follows: - {{ input.UserPrincipalName }} - (( data.User.username | email:input.UserPrincipalName != '' ))<{{ data.User.username | email:input.UserPrincipalName }}> - (( data.User.username | username_ms_teams:input.UserPrincipalName != '' ))<{{ data.User.username | username_ms_teams:input.UserPrincipalName }}> - (( data.User.username | username_ms_teams:previous.UserPrincipalName != '' ))<{{ data.User.username | username_ms_teams:previous.UserPrincipalName }}> - (( data.User.username | username_ms_365:input.UserPrincipalName != '' ))<{{ data.User.username | username_ms_365:input.UserPrincipalName }}> - (( data.User.username | username_ms_365:previous.UserPrincipalName != '' ))<{{ data.User.username | username_ms_365:previous.UserPrincipalName }}> - (( device.cucm.User.userid | userIdentity:input.UserPrincipalName != '' ))<{{ device.cucm.User.userid | userIdentity:input.UserPrincipalName }}> - (( device.cucm.User.userid | mailid:input.UserPrincipalName != '' ))<{{ device.cucm.User.userid | mailid:input.UserPrincipalName }}> - [OPTIONAL](( data.User.username | display_name:input.DisplayName,user_type:End User,username_ms_365:null,username_ms_teams:null != '' ))<{{ data.User.username | display_name:input.DisplayName,user_type:End User,username_ms_365:null,username_ms_teams:null }}> - [OPTIONAL](( data.User.username | display_name:input.DisplayName,user_type:End User,username_ms_teams:null,username_ms_365:input.UserPrincipalName != '' ))<{{ data.User.username | display_name:input.DisplayName,user_type:End User,username_ms_teams:null,username_ms_365:input.UserPrincipalName }}> - The macros attempt to match MSOL and CSOL with existing data/Users in the following priority order: - data.User.username name match on MSOL/CSOL UserPrincipalName - data.User.email name match on MSOL/CSOL UserPrincipalName - data.Username.username_ms365 or data.Username.username_ms365 with MSOL/CSOL UserPrincipalName (current and previous (if the UPN has changed)) - device.cucm.useridentity match with MSOL/CSOL UserPrincipalName - device.cucm.mailid match with MSOL/CSOL UserPrincipalName Optionally - data.User.first_name,last_name match with MSOL FirstName,Lastname or CSOL DisplayName - data.User.username name match on UserPrincipalName - In the event that there are multiple users with the same FirstName and Lastname - the mapping will fail and show an error that multiple users withe same Firstname and Lastname have been found - If no match is found, then a new data/User will be created when the MSOL/CSOL users are synced in (using the first mapping rule in the list) (e.g. {{ input.UserPrincipalName }} ) - If there is a likelihood that there are a large number of users with the same Firstname and Lastname then consider removing FirstName and Lastname and DisplayName mapping rules Also set the Mapping Macros for CUCM Users to: - {{ input.userid }} - (( data.User.username | username_ms_365:input.userIdentity != '' ))<{{ data.User.username | username_ms_365:input.userIdentity }}> - (( data.User.username | username_ms_teams:input.userIdentity != '' ))<{{ data.User.username | username_ms_teams:input.userIdentity }}> - (( data.User.username | username_ms_365:input.mailid != '' ))<{{ data.User.username | username_ms_365:input.mailid }}> - (( data.User.username | username_ms_teams:input.mailid != '' ))<{{ data.User.username | username_ms_teams:input.mailid }}> - [OPTIONAL](( data.User.username | first_name:input.firstName,last_name:input.lastName,user_type:End User,sync_source:MS_365 != '' ))<{{ data.User.username | first_name:input.firstName,last_name:input.lastName,user_type:End User,sync_source:MS_365 }}> - [OPTIONAL](( data.User.username | first_name:input.firstName,last_name:input.lastName,user_type:End User,sync_source:MS_TEAMS != '' ))<{{ data.User.username | first_name:input.firstName,last_name:input.lastName,user_type:End User,sync_source:MS_TEAMS }}> - (( fn.is_none_or_empty input.userIdentity == false ))<{{ input.userIdentity }}> This is to cater for mapping of CUCM users to data/Users if the data/User has already been created following syncing from CSOL or MSOL users The mappings will attempt to map on CUCM userIdentity, CUCM MailID, or FirstName+LastName with an existing data/User. Optionally: The Firstname and Lastname Mapping will be blocked in the event the user if already marked as sync source CUCM (to prevent another CUCM User with same FirstName and Lastname being mapped to the same DataUser) In the event that there are multiple users with the same FirstName and Lastname - the mapping will fail and show and error that multiple users withe same Firstname and Lastname have been found/ Note: There is a global setting 'Update Username during datasync' which should be set to Yes so that the CUCM username should update the data/User on sync. Note: Set Global setting 'Map UPN from CUCM User Identity' to No. (This disables CSOL/MSOL user sync mapping if set to 'Yes') 11. Update Validation Macro - ValidateMicrosoftTeamsServices (v21.3 PB3 - only) - Change from: {# fn.one device.msteamsonline.CsOnlineUser.FeatureTypes | UserPrincipalName:macro.Multivendor_Validate_GetMsTeamsUsername | direction:full_tree #} - Change to: {# fn.one device.msteamsonline.CsOnlineUser.FeatureTypes | UserPrincipalName:macro.Multivendor_Validate_GetMsTeamsUsername #} (Required to support MSTeams PhoneSystem validation check when CsonlineUsers are at the Customer level). (Removes typo 'direction:full_tree'. Should have been blank or 'direction:fulltree') Note: This macro update is included in v21.4 - EKB-14773 12. Check MultiVendorService_Rd_CFT OwnerUserId setting ( (Not required for new v21.4 platforms) - Used by Cisco-MS-Hybris subscriber provisioning - Should be set to OwnerUserId = {{ pwf.cucmUsername }} - Should NOT be set to {{ snrUsername }}. (Old V4UCv19.3.4 value). (May not be an issue on newer VOSS-Automate v21.3 platforms) - May not be an issue on newer VOSS-Automate v21.4 platforms 13. Check relation/ValidateRule settings have Macro Evaluation Hierarchy set for 'Is Licensed' step. (For Service Providers deploying Cisco-MS-Hybrid Services) - Prevents triggering of Is Licensed rule when running HybridMultiVendorView with MSOL users at the Customer level) - See: relation_ValidationRules-view_HybridMultiVendorView-21Dec2022.json - Look for presence of Macro Evaluation Hierarchy = {{ data.BaseCustomerDAT.Hierarchy || direction:up }} - May not be an issue on newer VOSS-Automate v21.4 platforms 14. Manually update DPA Template - MS-Teams-Site-AutoAttendant-wOutbound-Pilot-Number - to use STR6 choice - {# fn.split Auto_Attendant_Pilot,: #} - Fixes typo in template file which currently sets the choices vaiue to "c". - This should be: {# fn.split Auto_Attendant_Pilot,: #} - See MS-Teams-Site-AutoAttendant-wOutbound-Pilot-Number-23Jan2023.json - May not be an issue on newer VOSS-Automate v21.4 PB1 platforms 15. Check data/Brownfield - MoveINIe164MultiVendor_BF (Not required for new platforms) - If there is a duplicate entry at the sys.hcs level as well as the sys level, then delete or re-name the sys.hcs entry. - This is to avoid a failure with MultiVendorMove when moving Cisco-MS-Hybrid (including INI, E164 and line move) 16. Update msgraph/MsolUser and msteamsonline/Csonline User blacklists - See EKB-15454 Planned for inclusion in v21.4 PB2. (Avoids unwanted sync updates) - Add to data/Settings blacklist for device/msgraph/MsolUser : - Licenses, DisplayLicenses - Add to data/Settings blacklist for device/msteamsonline/CsOnlineUser : - HostingProvider, SipProxyAddress, TeamsUpgradeNotificationsEnabled, SipAddress, InterpretedUserType, UserCallingSettings, TeamsUpgradePolicy 17. Activate Multivendor_UsernameUpdate_EVT. - EKB-15363 - Update Relation/User: Add step to update Cisco-MS DPA configuration when username is changed (Hybrid Users) - Already in the Core v21.3 PB3 but not activated. Ensures DPA template naming are updated if the username is changed - Note-ensure EKB-15800 has been installed 18. Review/Update PULL_SYNC_DELETE_THRESHOLD macros - To protect against accidental deletion or purge of Microsoft services 19. Load MS-Teams_MSOL_CSOL_Move_BF_VIEW adaptation - Import MS-Teams_MSOL_CSOL_Move_BF_VIEW-17Mar2023.json (if not already loaded) - Provides workflow function for moving MSOL and CSOL users to sites. (Largely for VOSS-Migrate use) Customer Set-up for Cisco-Microsoft Operations ................................................. 1. GUI load (or bulkload) the Customer MS Teams base settings Microsoft App Management > Cisco-MS-Teams Configuration > Cisco-MS-Teams Customer Configuration (relation/MS-Teams-REL) - This triggers the base-level configuration of the MS-Teams dialplan into each of the specified Call-Managers as well as all the associated settings for configuring the Direct Routing SBC Trunks. - Includes use of pre-loaded MS-AntiLoop_V0.11 Script for use by CUCM-to-SBC SIP trunk setup - The following base dialplan elements are loaded into each cluster: - Route Partitions, CSSs - CuXX-MS-Teams-StartANumberMatch-PT - CuXX-MS-Teams-Inbound-PT - CuXX-MS-Teams-noFONet-PT - CuXX-MS-Teams-IncomingANumber-PT - CuXX-MS-Teams-AnumLookup-PT - CuXX-MS-Teams-Inbound-CSS - CuXX-MS-Teams-IncomingAnumber-CSS - CuXX-MS-Teams-AnumLookup-CSS - Trunk: Region, Location, DevicePool,SIP Profile, SIP Security Profile, SIP Trunk, RouteGroup, RouteList - CuXX-MS-Teams-Region - CuXX-MS-Teams-Location - CuXX-MS-Teams-DevicePool - CuXX-MS-Teams-SIPProfile - CuXX-MS-Teams-SIPSecurityProfile - CuXX-MS-Teams-SIPTrunk - CuXX-MS-Teams-SIPTrunk - CuXX-MS-Teams-RouteGroup - CuXX-MS-Teams-RouteList - Note need to update CuXX-MS-Teams-SIP Trunk Destination IP Address to connect to SBC Gateway. Review MS-AntiLoop_v0.11 SIP Normalization settings or newer version with VOSS-GS - Note please contact VOSS-Global Services if a Cisco SME cluster is being used to connect between the Microsoft Tenant and multiple CUCM Leaf Clusters. (This is also supported with extra configuration steps) 2. GUI (or bulkload) the MS-Teams Country Dialplan Support for the required countries on each CUCM cluster. Microsoft App Management > Cisco-MS-Teams Configuration > Cisco MS-Teams DPA Configuration - Note: ensure that the HCS Sites with the required countries have already been loaded as the MS-Teams Country Dialplan support is dependent on the HCS Country dialplan pre-existing. - e.g. - Template Name - MS-Teams-CountryDialplan-DEU - Name: CuXXX-MS-Teams-CountryDialplan-DEU-on-["172.30.1.100"] - Description: Cu226-MS-Teams-CountryDialplan-DEU on VOSS-RDG-CL1 - CUCM: ["172.30.1.100", "8443", "hcs.CS-P.VOSS-OPS.VOSS"] - This loads required Partitions, CSSs, RoutePatterns and Translation Patterns for Country standard and emergency calling support 3. GUI load (or bulkload) 'Blocking' Route Partitions into each Leaf Cluster (where not already loaded at the add customer HCS Dialplan schema step). (Used when pre-provisioning MS-Teams Service with DirectRouting set to false in Microsoft Site Default Settings) - Used when pre-provisioning MS-Teams Service with DirectRouting set to false in Microsoft Site Default Settings - CuXX-ISR-BLOCKED-PT. (Should be cloned from CuXX-ISR-PT) 4. Clone, or Bulkload additional MS-Teams SNR Translation Patterns, if required. The base-build loads *8! Translation patterns automatically. Extra patterns e.g *0! and \+44! need to be added for DN ranges that do not start with 8 or where E164 numbers are used for DNs. - See *8! TPs in CuXXX-PreISR-PT 5. GUI (or bulkload) the Microsoft Tenant settings for MS-Graph, Microsoft Teams and (MS-Exchange connectivity) - Follow detailed instructions in VOSS Online documentation to set up MSGraph and MS-Teams and Exchange access accounts - If Internet Proxies are used for Automate to connect to the Internet set up the Internet Proxy settings in the format: ``https://username:password@host:port/`` - Required Microsoft Tenant settings: | Name: -Azure-MSTeams-Exchange | Description: Graph API & MS Teams Powershell connection settings - | | MS-Teams Host: IP Address or FQDN of Powershell server (or Load Balancer) | MS-Teams UserName: e.g. WSMan-svc | MS-Teams Password: ************* | | Internet Proxy Username: e.g. proxyuser | Internet Proxy Password: ************* | | MS-Teams TeamsAdmin Username: e.g. voss_teams_admin@.onmicrosoft.com. configured with a Microsoft Teams Administrator role (MFA access must be disabled) | MS-Teams Teams Admin Password: ************* | | MS-365 Client ID: From Microsoft Entra ID portal | MS-365 Tenant ID: From Microsoft Entra ID portal | MS-365 Client Secret: From Microsoft Entra ID portal | alternatively | MS-365 Certificate Thumbprint: From Microsoft Entra ID portal | VOSS-Automate Public Certificate: Created in VOSS-Automate: Administration & Audit Tools > Certificate Management e.g.["gs-r10-microsoft-uk", "hcs.CS-P"] | | MS365 Proxy: No longer required (leave blank) | MS 365 Secure Proxy (if used): ``https://username:password@host:port/``, e.g. ``https://proxyuser:P@ssw0rd!!@172.30.40.210:3128/`` | | MS365 Page Size: e.g. 799 | | MS-Exchange Thumbprint: From Microsoft Entra ID portal - Run Test Connection on the Microsoft Tenant to confirm VOSS-Automate to MSGraph, MSTeams and MSExchange. 6. Update Customer Leaf-Cluster NDLs to include settings for: - Microsoft Teams Online Connection - ["-Azure-MSTeams-Exchange", "hcs.."] - Microsoft 365 Connection - ["-Azure-MSTeams-Exchange", "hcs.."] - Microsoft Exchange Online Connection - ["-Azure-MSTeams-Exchange", "hcs.."] 7. Add Extra Entitlement Profiles at the Customer Level for use by Hybrid Subscribers, e.g. Alongside: - -NoService-EP - -Basic-EP - -Entry-EP - -Foundation-EP - -Standard-EP - -Premium-EP - -WebexApp-EP Add: - -Premium-MS-Teams-EP - -VOSS-MS-Only-Teams-EP - See MS-Teams-2-3-Cisco-Microsoft-ConfigurationSet-VOSS--26Apr2023.xlsx 8. Load Customer-level Subscriber Profiles, cloned from the sys.hcs level and configured with Customer level Entitlement Profiles: - Cisco-No-Services - Cisco-Only - Cisco-MS-Hybrid Keeps Cisco Services - MS-Only-Hybrid-wCisco Keeps Cisco Services - MS-Only-Hybrid Deletes all Cisco Services - No-Hybrid-Service (using by anti-orphaning CleanUp workflow) - MS-EntVoice (if required) - MS-Only-No-EntVoice (if required) - See MS-Teams-2-3-Cisco-Microsoft-ConfigurationSet-VOSS--26Apr2023.xlsx - Ensure Cisco-Only and No-Hybrid-Service Subscriber have the required Entitlement Profiles when the MVSHybrid Clean Workflows are run 9. Review Customer Administrators and Divisional Administrators roles to use enhanced MultiVendor Menus, APs, LPs (Or create new customer-level roles) 10. Review MS-365, MS-Teams and MS-Exchange DataSyncs loaded automatically when the Microsoft Tenant settings are loaded. - SyncMS365__-Azure-MSTeams-Exchange - SyncMS365Users__-Azure-MSTeams-Exchange - SyncMSTeamsOnline__-Azure-MSTeams-Exchange - SyncMSTeamsOnlineUsers__-Azure-MSTeams-Exchange - SyncMSExchangeOnline__-Azure-MSTeams-Exchange - PurgeMS365__-Azure-MSTeams-Exchange - PurgeMSTeamsOnline__-Azure-MSTeams-Exchange - PurgeMSExchangeOnline__-Azure-MSTeams-Exchange - IMPORTANT: (21.3.PB3) Update MS365 Syncs to include MSGraph-MSOL-MIF_wLicence_SKU_ID-EQ-SEVEN-LICENSES. This restricts O365 user syncs to only sync in 'licensed users' - IMPORTANT: (21.4 PB1-onwards) Update MS365 Syncs to include MSGraph-MSOL-MIF_wLicence This restricts O365 user syncs to only sync in 'licensed users' - For MsGraph and MSTeams syncs ensure that 'Quick Import' is set to True. 11. Add additional 'Anti-Orphaning' Sync workflows to MSOL User, CSOL User and CUCM User workflows: - These workflows 'clean-up hybrid DPA dialplan, user settings, and number inventory when users are deleted from AD / MS-365 or have all their Microsoft licenses removed - HybridMVS_O365UserDeletionPWF pre-execution synchronous Look for SyncMS365__ and SyncMS365Users__ - HybridMVS_MSTeamsUserDeletionPWF pre-execution synchronous Look for SyncMSTeamsOnline__ and Look for SyncMSTeamsOnlineUsers__ - HybridMVS_CUCMUserDeletionPWF post-execution synchronous (Optional) Look for all scheduled syncs that Delete CUCM Users - HybridMVS_MS_TeamsUserUpdatePWF post-execution synchronous Look for SyncMSTeamsOnline__ and Look for SyncMSTeamsOnlineUsers__ 10. Review MS-365, MS-Teams and MS-Exchange Schedules loaded automatically when Microsoft Tenant is loaded. - ScheduleMS365__-Azure-MSTeams-Exchange - ScheduleMSTeamsOnline__-Azure-MSTeams-Exchange" - ScheduleMSTeamsOnlineTargetUserSync__-Azure-MSTeams-Exchange. (This can be deactivated for Cisco-Microsoft operations where License management is deactivated) - ScheduleMSExchangeOnline__-Azure-MSTeams-Exchange 11. Consider running initial MS365, MSTeams and MSExchange syncs using Model Instance Filters and ModelTypeLists to limit initial sync volumes when connecting to large Customers - Can use a ModelInstanceFilter to filter on list of individual UPNs, or users in a country. e.g - MSGraph-MSOL-MIF_wLicence_SKU_ID-EQ-SEVEN-LICENSES-AND-UK - -MSGraph-MSOL-MIF-w_4UserUPNs - -MSTeams-CSOL-MIF-w-CountryOrRegionDisplayName-USA - -MSTeams-CSOL-MIF-w_4UserUPNs - Can use ModelTypeLists to create syncs for specific Microsoft elements. e.g - MS-Teams-msgraph_MsolUsers_Licenses_MTL - MS-Teams-msgraph_Msol_Licenses_MTL - MS-Teams-msgraph_MsolUser_MTL - MS-Teams-msteamsonline_CsOnlineUser_MTL - MS-Teams-msteamsonline_Dialplan_MTL - MS-Teams-msteamsonline_TeamsPolicies_MTL - MS-Teams-msteamsonline_CsCallQueue_AA_MTL 12. Coordinate with your Microsoft Tenant dialplan specialists to configure the required Microsoft dialplan to route Microsoft calls via the SBC to the Cisco CallManagers: - The design of the Microsoft dialplan settings will need to vary depending on the network topology of the customer, number of countries, number of CUCM clusters, number of SBCs - It is assumed that the Service Provider will be responsible for configuring their selected Session Border Controller (e.g. AudioCodes, Oracle, Metaswitch, Ribbon) and for connectivity between the SBC and the Microsoft Tenant and the CUCM SIP Trunks. - See MS-Teams-2-4-Microsoft-Dialplan-VOSS-SettingExamples-30Sep2022 for example Microsoft dialplan settings that can be bulk loaded into the Microsoft tenant - Minimum set of dialplan settings: (with VOSS reference examples used with Audiocodes SBC) - CsOnlinePstnGateway: drsip.voss-solutions.com - Tenant Dialplan: DP-UnitedKingdom, DP-UnitedStatesOfAmerica,DP-Belgium, DP-Denmark, DP-France, DP-Netherlands, etc - CsOnlinePstnUsage: VOSS-RDG-P-CoS, VOSS-RDG-P-DirectoryNumber - CsOnlineVoiceRoute: VOSS-RDG-P-CoS, VOSS-RDG-P-DirectoryNumber, VOSS-RDG-P-ShortCode - CsOnlineVoiceRoutingPolicy: VOSS-RDG-P-CoS 13. Bulk Modify existing site default settings to include additional Microsoft teams settings. - See MS-Teams-2-3-Cisco-Microsoft-ConfigurationSet-VOSS--09Feb2023.xlsx Workbook. - Export Site names and use in the Modify Site Defaults worksheet to update site defaults without impacting other Cisco-related site specific settings - Consider turning on Microsoft move rule which can automove MSOL and CSOL users to sites where there is a match between the User site and the VOSS site name - Note: If Microsoft Tenant Dialplans have NOT been added to the Site Defaults then Cisco-Microsoft transactions will be blocked by VOSS-Automate Validation rules. i.e. The SiteDefaults settings can be used to control which sites can have Microsoft services 14. For sites with Local Breakout, first check that the HCS site has been been full configured with a SIP local gateway and that this has been associated with the VOSS-Automate site. - Navigate to the site, and GUI (or bulkload) the MS-Teams-LBOCountryDialplan template ( Microsoft App Management > Cisco-MS-Teams Configuration > Cisco MS-Teams DPA Configuration) - e.g. MS-Teams-LBOCountryDialplan-GBR 15. Hybrid Cisco-Microsoft Support Customer Checklist: - Check data/MultivendorUsernameMapping macros are appropriate for Customer User/MSOL/CSOL mapping requirements - Check IniUpdateCustomCFT has been updated at the Provider /Customer level to control required InternalNumberInventory settings - Check Cisco-MS-Teams Customer Configuration (Base Configuration) loaded - CuXX-ISR-BLOCKED-PT loaded. - Check Cisco MS-Teams DPA Configuration: - MS-Teams-IncomingCSS - MS-Teams-BaseDialplan - MS-Teams-CountryDialplan-. (for required set of countries) - MS-Teams-LBOCountryDialplan (loaded individually for LBO sites if required) - Check Additional SNR DN Routing Translation Patterns loaded (for DN Ranges not starting with 8) - Check MS-Teams Leaf-Cluster Trunks / Route Groups / RouteLists fully configured to connect to Microsoft Tenant SBC - Check Microsoft Tenant 'Test Connection successful with connectivity to MSGraph, MSTeams (and MSExchange) - Check Network Device List settings updated with MSGraph, MSTeams and MSExchange 'MicrosoftTenant' name configuration settings - Check Microsoft Tenant Dialplan and Policies configured, and connected to Service Provider's SBC. - Check upgraded Customer-level and Division-level 'MVSEnhanced' roles loaded and assigned to administrators - Check SiteDefaultDoc settings modified with required MicrosoftTeam dialplan and policy settings - Check MSGraph, MSTeams and MS-Exchange syncs executed and daily sync schedules set up - Check MIF filter configured on MSOL User syncs to restrict to Licensed Users and Quick Import set to True on syncs. - Check Anti-Orphaning work-flows added to MSOL, CSOL and CUCM User syncs TESTING -Test MSOL and CSOL Users synced in and provisioned with Cisco-MS-Hybrid and MS-Only-Services in pilot sites using HybridMultiVendorView menu. -Test CallQueues and AutoAttendants loaded in pilot sites - (See Example loader - MS-Teams-2-5-CallQueues-AutoAttendants-ResourceUsers-VOSS-SP-24June2022.xlsx) -Test call flows with Test User accounts Additional Steps When Using SME Cluster between multiple Leaf Clusters and Microsoft Tenant. - Use modified DPA templates for DP Patterns and CQ and AA patterns in: MS-Teams-2-2-GsSmeTemplateDat--withSME-59Countries-01Feb2023.xlsx - Load CuXX-SME-MS-Teams-ANI-BLOCKED-Route-PT on the SME cluster - Install SME cluster and configure in VOSS-Automate with a separate customer SME NDL. - Bulkload SME dialplan configuration - see reference VOSS example: VOSS-SME-Cisco-MS-Teams-DialplanConfig-27Nov2020.xlsx (and other examples from VOSS Global Services) - In VOSS-Automate: Cisco Dialplan Management > SME Dialplan Additions > SME Definition - configure SME definition to include - AddBaseSMEConfig-Empty' template - Leafcluster Routing: e.g. - ["172.30.1.100", "8443", "hcs.CS-P.VOSS-OPS.VOSS"] = Cu226-SME-to-VS-RDG-CL1-MS-Teams-RL - ["10.5.25.199", "8443", "hcs.CS-P.VOSS-OPS.VOSS"] = Cu226-SME-to-VS-RCH-CL1-MS-Teams-RL - ["10.120.1.13", "8443", "hcs.CS-P.VOSS-OPS.VOSS"] = Cu226-SME-to-VS-CPT-CL1-MS-Teams-RL