The Microsoft Global Administrator must be the one to register the enterprise, grant permissions, and finalize changes for the end users.
You will start with the receipt of the Invitation which will be sent to the email address of the person with Microsoft Enterprise Global Admin credentials. The Invitation Email will look as below:
The Global Administrator completes signup by selecting Complete in the email and then logging in with Microsoft Enterprise Global Administrator credentials
Once you have clicked the COMPLETE button you will be authenticated with Microsoft OAUTH login. You need to login and grant permissions using the credentials of the Microsoft Enterprise Global Admin.
TeleVoIPs Teams Integration performs certain limited tasks with the Microsoft Global Administrators' consent. These allow for automated provisioning via PowerShell of Direct Routing, User Calling activation and Teams Application setup in Microsoft.
The initial request when the Microsoft Enterprise Global Administrator is asked for permission looks like this:
The integration requires the Microsoft Global Admin to grant the Permissions that are shown above and explained below. With the Consent selected, delegated authorization can be granted to other Microsoft users in the tenant. Specifically, to users that have the role of Teams Service Admin and Skype for Business Admin.
Permission flow is as follows:
- During Enterprise signup Global Admin credentials are required for the first sign in to the EPP (Registration - pictured above).
- The EPP will ask for the following permissions that require Microsoft Global Admin consent before they can be used by non-Global Admin Users:
Permissions | Purpose |
|---|---|
| Access Microsoft Teams and Skype for Business data as the signed in user | Allows the app to have the same access to information in the directory as the signed-in user. |
| Read and write directory data | Allows the app to read and write data in your organization's directory, such as users, and groups. It does not allow the app to delete users or groups, or reset user passwords. |
| Access the directory as you | Allows the app to read the organization and related resources, on behalf of the signed-in user. Related resources include things like subscribed SKUs and tenant branding information. |
| Manage your installed Teams apps | Allow the app to install and delete the Teams Application (Azure Enterprise Application) you build to extend the PBX into Teams. |
| Read organization information | Allows the app to read the organization and related resources, on behalf of the signed-in user. related resources include things like subscribed SKUs and tenant branding information |
| Read and write all users' full profiles | Allows the app to read and write the organization and related resources, on behalf of the signed-in user. Related resources include things like subscribed SKUs and tenant branding information. |
| Maintain access to data you have given it access to | Allows the permission to access data to persist beyond the current login session. |
| Full access to the Skype Remote Powershell | Allow the application full access to the Skype Remote Powershell Azure services to provision Direct Routing and Teams Users on behalf of the signed-in user. |
After this initial set of permissions is granted the Microsoft Global Admin will be prompted to log in again. A second set of application Permissions will appear:
| Read all users' full profiles | Allows the app to read user profiles without a signed in user. |
| Sign in and read user profile | Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users. |
After permissions are granted you will end up on the Teams integration portal dashboard.
On the initial login to the integration Portal, the Enterprise Administrator will be redirected to the User Group Sync page to perform a “User/Group Sync” so that the Users will be populated with the intended user groups. See User Groups Sync for complete instructions.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article