Configure Automate for Microsoft Services#

Overview#

When using Automate with Microsoft (as a single or multiple vendor deployment scenario), you’ll need to pre-configure several settings in VOSS Automate before importing Microsoft users, licenses, policies, and dialplans.

Note

  • Automate v21.2 introduced sync with flow through provisioning for Microsoft users. In 21.3, this feature extends the functionality to users synced in from LDAP and CUCM (Call Manager).

  • Only Add is supported for syncs with flow through provisioning. Update and delete are not supported since the requirements may differ depending on the customer scenario.

  • For details on the generic flow through provisioning feature (which includes Microsoft, LDAP, or CUCM users), see Setting up Flow Through Provisioning

The flowchart sets out the initial configuration of Automate for Microsoft services.

Prerequisites:

@startuml 'Configure VOSS Automate for Microsoft Services Flowchart !include style.iuml start :[[../src/user/concepts-hierarchy.html Configure the hierarchy setup]]; note right * Create customers for tenant setup * [[../src/user/concepts-site-defaults-doc-templates.html CUSTOMER_TEMPLATE SDD]] created end note :[[../src/user/concepts-global-settings.html Configure Global Settings]]; note right * Enable Microsoft * Enforce HCS Dialplan Rules:No end note :[[../src/user/concepts-role-based-access.html Configure Role Based Access Controls]]; note right * [[../src/user/create-a-user.html Add MS admin users]] * [[../src/user/role-management.html Add MS roles]], [[../src/user/tasks-menu-layout.html menu layout]] end note :[[../src/user/concepts-SMTP-server.html Configure SMTP server]]; note right: Allows emails to user in QAS :[[../src/user/microsoft/voss-msft-conn-params.html Configure Microsoft Tenant Connection Parameters]]; -> Tenant data syncs on save; :[[../src/user/concepts-network-device-list.html Configure Network Device Lists (NDL)]]; note right: Add NDL with Tenant details if (Using Flow-through?) then (NO) :Sync; note left Creates default * Syncs * Schedules end note -> Customer level; fork :[[../src/user/ms-tenant-dialplan.html Tenant Dialplan]]; stop fork again :[[../src/user/ms-teams-policies.html Policies]]; stop fork again :[[../src/user/concepts-ms-licenses.html Licenses]]; stop fork again :MS Users; end fork else (YES) :[[../src/user/concepts-sync-with-flow-through-for-microsoft.html Sync with Flow Through]]; stop endif :[[../src/user/concepts-user-move-for-microsoft.html Configure and Move Microsoft Users to Sites]]; @enduml

Related Topics

Automate and Microsoft Configuration and Sync Workflow Steps#

The high-level workflow for the steps in the flowchart are as follows:

  1. Log in to Automate as a provider admin.

  2. Add customers.

  3. Go to Customizations > Global Settings to enable Microsoft:

    • On the Enabled Services tab, enable Microsoft services.

    • If you have a Microsoft-only environment, on the Number Inventory tab, set the following to No (False): Enforce HCS Dialplan Rules

      Note

      HSC dialplan is relevant only when using Cisco (in a single vendor or multi vendor installation).

  4. Configure role-based access controls to apply to users on import:

    Note

    Automate allows an admin user to set up pre-defined role-based configuration, which will be applied to users on import. This allows users to be auto-provisioned on import, with the correct services, lines, policies, and licenses.

    When preparing for import, you’ll need to create the admin users, service profiles, user roles, and role-based menu layouts (to hide or display functionality for different categories of users). For example, you can assign a Microsoft-only user role (MicrosoftOnlyRole) in a Microsoft-only scenario.

  5. Configure a tenant, one for each customer. See Configure Microsoft Tenant Connection Parameters

    Note

    The tenant configuration defines how Automate connects to the Microsoft Cloud to allow syncing of data between Automate and Microsoft Azure, Microsoft 365, Microsoft Teams, and Microsoft Exchange. Saving the tenant creates the default syncs and schedules.

  6. Configure the network device lists (NDLs), which are required for creating the sites. See Network Device Lists (NDLs)

  7. Go to the tenant configuration screen, then, choose a sync option:

    • Click Action > Sync All to run a full pull sync (syncs in the tenant dialplan, policies, licenses, and Microsoft users to the customer level).

    • Click Action > Sync New Users to sync in new or updated users only (add new users, or update existing users).

      For Sync New Users:

      New users are synced in for the following models:

      • device/msgraph/MsolUser

      • device/msteamsonline/CsOnlineUser

      • device/msteamsonline/ApplicationInstance

      Existing users are updated (add, modify, delete) for the following models:

      • device/msgraph/MsolUser

      • device/msteamsonline/CsOnlineUser

    Note

    If you’re using flow through provisioning for Microsoft users, additional steps are required before running the initial sync. See Sync with Flow Through for Microsoft

    You will need to enable the Sync New Users sync method initially (if you’ve upgraded to 21.3-PB1). To do this, save the tenant instance on this screen first so that the necessary data sync instances are created. These data syncs can be identified by the name format: SyncMSTeamsOnlineUsers__<tenant>, with Update and Remove operations disabled by default.