Azure and Teams Configuration

Azure and Teams Configuration Steps

This topic contains detailed configuration guidelines to enable call recording for MS Teams:

Step	Reference	Description
1	Select Deployment Assets	Select the appropriate deployment assets based on the client installation requirements.
2	Define the Cloud Service VM Details	Define the Cloud Service VM size and local storage info.
3	Provision the Microsoft Azure Subscription	Create and configure the resources required in a Microsoft Azure Subscription.
4	Configure Microsoft Teams	Configure Microsoft Teams for the Uniphore Compliance Bot.
5	Configure a Paired Bot	Configure a resilient system (optional).
6	Recording Policy	Assign the recording policy to Active Directory objects.

Note

These configuration steps:

Cover pre-requisite installation/configuration steps prior to a Uniphore engineer install of the U‑Capture MS Teams integration, and provide for general Azure/Teams configuration updates (if needed).
Should be performed by a suitably qualified Azure/Teams engineer/administrator only. Uniphore recommends this is performed as an assisted/supervised install with a Uniphore engineer, please contact your Uniphore representative to discuss options.
Illustrate use of Microsoft admin tools and processes. These are subject to regular changes from Microsoft and although the configuration steps covered here will be maintained to ensure the correct process is followed, there may be some differences present.

Select Deployment Assets

The U‑Capture / MS Teams installation requires the following deployment assets – available from the Uniphore SFTP site.

File Type	Description
`.json`	Template configuration file for the Compliance Bot. Select the `appsettings.realtimeaudio.json` file which configures the bot to use Real Time Audio (RTA), using Web Sockets. Rename the file to `appsettings.remote.json`
`.cspkg`	The Azure Cloud Service package files for the Compliance Bot. Each package represents different sizes of Cloud Service deployment (see below) select the file you need based on the client installation requirements. The filenames indicate the Cloud Service VM Size and the bot version: `ComplianceRecordingBot_{vm-size}_{bot-version}.cspkg`
`.cscfg`	The `ServiceConfiguration.ClientExtendedSupport.cscfg` Azure Cloud Service configuration file for the Compliance Bot. Templated to allow easy update. The one file can be used for all installations.
`.csdef`	The `ServiceDefinition.csdef` Azure Cloud Service resource definition file. Templated to allow easy update. The one file can be used for all installations.

`vm-size` Property	VM Size in Azure	CPUs	Memory	Channels	Type
Standard_D2_v2	Standard D2 v2 VM	2	7 GB	Up to 200	General Purpose
Standard_D3_v2	Standard D3 v2 VM	4	14 GB	Up to 750	General Purpose
Standard_D5_v2	Standard D5 v2 VM	16	56 GB	Up to 1500	General Purpose

Define the Cloud Service VM Details

Edit the ServiceDefinition.csdef file and configure the following settings:

Setting	Value/Description
`[WorkerRole]vmsize`	Cloud service VM size – set to `Standard_D2_v2`, `Standard_D3_v2`, or `Standard_D5_v2` as appropriate.
`LocalStorage]name`	Set to `CallData`
`LocalStorage]sizeInMB`	Local storage size, in MB: If `Standard_D2_v2` is selected, set to `80000` If `Standard_D2_v3` is selected, set to `180000` If `Standard_D5_v2` is selected set to `720000`

Provision the Microsoft Azure Subscription

The Uniphore Compliance Bot is intended to operate in Microsoft Azure – to start, go to the Azure Portal and perform each of the following steps in order.

Step	Reference
1	Register Resource Providers
2	Create a Resource Group for the Bot
3	Create a Key Vault
4	Upload/Import Certificate to the Key Vault
5	Create an Application Insights Resource
6	Create the Azure Bot
7	Configure the Bot
8	Create a Client Secret
9	Set API Permissions
10	Create a Storage Account
11	Create a Virtual Network
12	Create a Public IP Address
13	Update the Remaining Configuration Properties
14	Upload the Bot Configuration File
15	Create the Azure Extended Cloud Service

Register Resource Providers

The Uniphore Compliance Bot requires the following Resource Providers to be registered in your subscription (Azure Cloud Services Extended Support):

Microsoft.Compute
Microsoft.BotService

To ensure that these are correctly registered, or to register them within the portal, go to the Subscriptions blade. This can be found by searching for Subscriptions in the Search resources, services and docs search bar at the top and selecting the Subscriptions service.

Choose the desired subscription from the list and then find the Resource Providers section under the Settings heading.

Use the Filter by name... option at the top of the list and ensure the resource providers mentioned above are registered. If they’re not registered, select them and click the Register button to add them to the subscription.

If they don’t exist in the list, then the subscription type isn't capable of hosting the Uniphore Compliance Bot.

Create a Resource Group for the Bot

Use the Search bar to locate the Resource groups service from the portal, and create a new Resource Group with an appropriate name.

Ensure it's located in the same region as the Microsoft 365 tenant and that you have the correct Subscription selected.

Create a Key Vault

Create a Key Vault for the Resource Group (Azure Key Vault is a cloud service that provides a secure store for keys, secrets, and certificates.) – find the Key Vault service using the Search bar and create a new Key Vault with the following properties (note that all other settings can be left with their default values):

Property	Value/Description
Subscription	The Azure Subscription where the Key Vault will be created.
Resource group	The Resource Group created previously.
Region	As with the Resource Group, ensure this is located in the same region as the Microsoft Teams tenant.
Pricing tier	Select Standard.
Key vault name	A unique name (within the subscription) for the Key Vault.
Enable Access to	Ensure Azure Virtual Machines for deployment is checked.

Upload/Import Certificate to the Key Vault

Once the Key Vault resource has been created, navigate to that resource and go to the Certificates section.

Click on the Generate/Import button to start the certificate upload wizard.
On the Create a certificate screen, set the following:
Method of Certification Creation – select Import.
Certificate Name – enter a unique name for the certificate. The name must only contain alphanumeric characters and dashes.
Upload Certificate File – select the pfx certificate file to upload.
Password – if you’re uploading a password protected certificate file, provide the password here. Otherwise, leave it blank.
When you’re ready, click the Create button. Once the certificate is uploaded successfully it will be listed under the Certificates section with a status of Enabled.
Copy the Thumbprint value for the newly uploaded certificate and save for later.

Once created, update the following configuration file values:

Property	File	Path	Value
ServiceCertThumbprint	ServiceConfiguration. ClientExtendedSupport. cscfg	Role/ ConfigurationSettings/ ServiceCertThumbprint	Thumbprint
Name	ServiceConfiguration. ClientExtendedSupport. cscfg	Role/Certificates/ Certificate	Certificate Name
thumbprint	ServiceConfiguration. ClientExtendedSupport. cscfg	Role/Certificates/ Certificate	Thumbprint

Property

File

Path

Value

ServiceCertThumbprint

ServiceConfiguration.

ClientExtendedSupport.

cscfg

Role/

ConfigurationSettings/

ServiceCertThumbprint

Thumbprint

Name

ServiceConfiguration.

ClientExtendedSupport.

cscfg

Role/Certificates/

Certificate

Certificate Name

thumbprint

ServiceConfiguration.

ClientExtendedSupport.

cscfg

Role/Certificates/

Certificate

Thumbprint

Create an Application Insights Resource

Application Insights is an Azure cloud service that handles logging and analytics for Azure services (and more). Using the Search bar to locate the Application Insight service in the portal, create a new Application Insights resource with the following properties (all other settings can be left with their default values).

Property	Value/Description
Subscription	The Azure Subscription associated with this resource – select Microsoft Teams.
Resource Group	The Resource Group created previously.
Name	A unique name (within the subscription) for the Application Insights resource.
Region	Use the same region as the Microsoft Teams tenant.
Resource Mode	Select Workspace based.
Workspace > Subscription	Select Microsoft Teams.
Log Analytics Workspace	Select DefaultWorkspace…

Once complete, review the created Application Insights resource, and make a note of the associated Instrumentation Key.
Navigate to API Access and click Create API Key.
1. Make a note of the Application ID for the Application Insights resource.
2. Enter a description, select Read Telemetry, and click Generate key.
3. Make a note of the API key.

Create the Azure Bot

In the Azure Portal, find Azure Bot using the search bar or use Create a resource on the Home page – click Create to create a bot with the following properties:

Property	Value/Description
Bot Handle	The name of the bot – this will be needed this later.
Subscription	The Azure Subscription where the bot will be created.
Resource group	The Resource Group created previously.
Pricing tier	Set to Free. Note that at the time of writing, the bot does not send messages.
Type of app	Set to Multi Tenant.
Creation type	Set to Create new Microsoft App ID.

Once created, update the following configuration file values (find the auto-created bot in the App Registration section in Azure for the required details):

Property	Referred to as	File	Path
Display name	Bot Name	appsettings.remote.json	Host/Service/ BotName
Microsoft App ID	App ID	appsettings.remote.json	Host/Service/BotId
Application Insights Instrumentation Key	Application Insights Instrumentation Key or App Insights Key	ServiceConfiguration. ClientExtendedSupport. cscfg	APPINSIGHTS_ INSTRUMENTATIONKEY

Property

Referred to as

File

Path

Display name

Bot Name

appsettings.remote.json

Host/Service/

BotName

Microsoft App ID

App ID

appsettings.remote.json

Host/Service/BotId

Application Insights Instrumentation Key

Application Insights Instrumentation Key or App Insights Key

ServiceConfiguration.

ClientExtendedSupport.

cscfg

APPINSIGHTS_

INSTRUMENTATIONKEY

Configure the Bot

Further configuration of this bot is detailed in the Microsoft “Registering a Calling Bot” guide. However, there are some differences, so all of the steps are listed below.

Note

For this stage the CNAME record must be known, although it doesn’t need to be created at this point.

In the Azure bot page created previously, click on Channels in the Settings menu.

From there you can select Microsoft Teams from the list of available channels. Once loaded, go to the Calling tab and make sure the Enable calling option is checked and the Webhook (for calling) text-box contains the following value:

https://{cname}.{your-domain}/api/calling

Property	Value/Description
Enable calling	Checked.
Webhook (for calling)	https://{cname}.{your-domain}/api/calling Note In the linked Microsoft sample documentation, the endpoint is configured with https://{your-domain}/api/calls, whereas the correct endpoint should end with `calling`.

Create a Client Secret

To create a new client secret:

In your Azure bot instance, click Configuration in the Settings menu.
Locate the Microsoft App ID (Manage) textbox and click the Manage link. This will take you to the Certificates & secrets section.

Click the New client secret button and enter the following information:

Property	Value/ Description
Description	The friendly name of the client secret, for example Uniphore Compliance Recording Bot
Expires	Set to the maximum available timeframe (24 months, at the time of writing).

When you’re ready click Add, but do not navigate away from the blade.
Note
The created secret value is shown only at this stage and will not be visible again.
Once created, update the following configuration file values:
Property
Referred to as
File
Path
Client secret
Bot Secret
appsettings.remote.json
Host/Service/BotSecret

Property	Referred to as	File	Path
Client secret	Bot Secret	appsettings.remote.json	Host/Service/BotSecret

Set API Permissions

This step provides the Compliance Bot with permission to call the Microsoft Graph service enabling the call recording features.

Under the API permissions section, click the Add a permission button and select Microsoft Graph from the list of APIs.

Select Application permissions and select each of the permissions shown below (this can be done as a single operation).

Once selected, click the Add permissions button to add the selected permissions to the applications list. After the permissions have been added, click the Grant admin consent button and confirm the permissions. This will be slightly different for each instance as it includes the name of the organisation in the title.

Section	Permission
Calls	Calls.AccessMedia.All Calls.Initiate.All Calls.InitiateGroupCall.All Calls.JoinGroupCall.All Calls.JoinGroupCallAsGuest.All
OnlineMeetings	OnlineMeetings.Read.All OnlineMeetings.ReadWrite.All
User	User.Read.All
Calendars	Calendars.Read

Create a Storage Account

To create the storage account within your Resource Group, use the search bar to find Storage Accounts – once the blade has opened, create a new storage account with the following properties (all other settings can be left with their default values):

Property	Value/Description
Subscription	Select the subscription used to create the Resource Group.
Resource group	Select the resource group created previously.
Storage account name	The DNS friendly name of the storage account. The Storage account name must be lowercase, and must not contain any spaces/special characters. In this instance, it must also be between 3 and 24 characters.
Location	Use the same location as the Microsoft Teams tenant.
Performance	Set to Standard – the default.
Redundancy	Set to Locally-redundant storage (LRS) – currently the bot does not failover to a remote location.

Once created, go to the Access keys section and under key1 copy the Connection string property and the name of the storage account ready for use in configuring the Collector.

Once created, update the following configuration file values:

Property	Referred to as	File	Path
ConnectionString	Connection String	`ServiceConfiguration.` `ClientExtendedSupport.` `cscfg`	`AzureStorage__` `ConnectionString`
ConnectionString	Connection String	`ServiceConfiguration.` `ClientExtendedSupport.` `cscfg`	`Microsoft.WindowsAzure.` `Plugins.Diagnostics.` `ConnectionString`

Property

Referred to as

File

Path

ConnectionString

Connection String

ServiceConfiguration.

ClientExtendedSupport.

cscfg

AzureStorage__

ConnectionString

ConnectionString

Connection String

ServiceConfiguration.

ClientExtendedSupport.

cscfg

Microsoft.WindowsAzure.

Plugins.Diagnostics.

ConnectionString

Create a Virtual Network

An Azure Virtual Network (VNet) resource is the fundamental building block for a private network in Azure. To create a virtual network within your Resource Group, select + Create a resource > Networking > Virtual network, and set the following properties (all other settings can be left with their default values).

Property	Value/Description
Subscription	The Azure Subscription where the network will be created.
Resource group	The Resource Group created previously.
Name	A unique name (within the subscription) for the network.
Region	As with the Resource Group, ensure this is located in the same region as the Microsoft Teams tenant.
Subnet name	Set to `bot-net`

Once created, update the following configuration file values:

Property	File	Path	Value
name	ServiceConfiguration. ClientExtendedSupport.cscfg	NetworkConfiguration/ VirtualNetworkSite	Name of the Virtual Network.
name	ServiceConfiguration. ClientExtendedSupport.cscfg	NetworkConfiguration/ AddressAssignments/ InstanceAddress/ Subnets/Subnet	Name of the Subnet name (`bot-net`).

Property

File

Path

Value

name

ServiceConfiguration.

ClientExtendedSupport.cscfg

NetworkConfiguration/

VirtualNetworkSite

Name of the Virtual Network.

name

ServiceConfiguration.

ClientExtendedSupport.cscfg

NetworkConfiguration/

AddressAssignments/

InstanceAddress/

Subnets/Subnet

Name of the Subnet name

(bot-net).

Create a Public IP Address

Create a public IP address under the same resource group as the other resources – set the following properties (all other settings can be left with their default values):

Property	Value
IP Version	Select IPv4
SKU	Select Basic
Name	A unique name (within the subscription) for the IP address.
Routing Preference	Set to Microsoft network
IP address assignment	Set to Dynamic
DNS name label	DNS name of the bot (a public name for the bot to prefix the domain).
Subscription	Select the subscription used to create the Resource Group.
Resource Group	Select the Resource Group created previously.
Location	As with the Resource Group, ensure this is located in the same region as the Microsoft Teams tenant.

Once created you will notice that an Alias record has been added to your DNS Zone for this IP address.

Update the Remaining Configuration Properties

Go to the Azure Active Directory section in the Azure Portal associated with the Teams Tenant (you can also use https://aad.portal.azure.com/). Find the Tenant Id under Tenant Information and update the following appsettings.remote.json configuration file values:

Property	Path/Description
EnableAzureBlobLogs*	Bot/EnableAzureBlobLogs If set to `true` logging is written to Azure storage. Note that log files will need to be manually deleted at regular intervals. If not specified, the default value is `false`.
EnableHttpLogging*	Bot/EnableHttpLogging If set to `true` the http requests received by the bot are included in the logging. If not specified, the default value is `false`.
MinimumLogLevel*	Bot/MinimumLogLevel Determines the detail included in the logging. In order of detail (low to high) optional levels include: `None`, `Trace`, `Debug`, `Information`, `Warning`, `Error`, and `Critical`. Note Logging has an impact on performance and should be left on `Warning` or lower. If not specified, the default value is `Warning`.
RecordingStatusBannerDisabled	Bot/RecordingStatusBannerDisabled If set to `true` the recording status banner (within Teams) is prevented from displaying. Note This setting may not apply outside of the organisation that the bot covers, especially if there are conflicting settings for displaying the banner. If not specified, the default is `false`.
Client CNAME	Host/ClientUrl This is the client's URL (https), the CNAME pointing to the Azure DNS.
Azure DNS	Host/AzureUrl This is the URL of the Cloud Service (http), ending in cloudapp.azure.net.
Tenant Id	Host/Service/TenantId
Username**	WebSockets/Username This is used when authenticating from the Collector. Make a note of the username as it will be required to complete the installation.
Password**	WebSockets/Password This is used when authenticating from the Collector. Make a note of the password as it will be required to complete the installation. This value will be encrypted on first-run.

* The logs are always written to Application Insights, if EnableAzureBlobLogs is set to true then the logs are also written to Azure storage (blob storage).

** If these values need to be changed in the future, a corresponding change needs to be made on the Collector – please contact Uniphore for support.

Upload the Bot Configuration File

Upload the appsettings.remote.json Compliance Bot configuration file that was updated in the previous steps. Go to the Azure Storage account created previously and select the Storage browser (preview) option from the menu. Right click the BLOB CONTAINERS node, select + Add container and enter the following options:

Property	Value/Description
Name	Set to config – note that this is a case sensitive property.
Public access level	Set to Private (no anonymous access)

Select the newly created config container and click the Upload button from the toolbar. In the Upload dialogue box enter/select the appsettings.remote.json file and click Upload.

Create the Azure Extended Cloud Service

To create the Compliance Bot, a new Azure Cloud Service must be created. Use the search bar to find Cloud services (extended support) – once the blade has opened, click the + Create button and enter the following details:

Property	Value/Description
Subscription	Select the subscription used to create the Resource Group.
Resource group	Select the Resource Group created previously.
Cloud service name	DNS name label used in the creation of the Public IP Address.
Region	Use the same location as the Microsoft Teams tenant.
Storage account	Use the storage account created previously.
Upload a package (.cspkg)	Upload the bot installation .cspkg package of the correct VM size.
Upload a configuration (.cscfg)	Upload the ServiceConfiguration.ClientExtendedSupport.cscfg Azure Cloud Service configuration file for the Compliance Bot.
Upload a service definition (.csdef)	Upload the ServiceDefinition.csdef Azure Cloud Service resource definition file.
Public IP Address	Select the Public IP address created previously.
Key Vault	Select the Key Vault created previously. Note that the list of certificates will be updated and Status should change to Found.

Click the Create and Validate button – if all the settings are correct the validation should be successful. Click the Create button to deploy the cloud service.

Once complete, in the Overview section, wait for the role instance(s) to start. When complete, the Status column will change to Running. The Uniphore Compliance Bot is now ready.

Note

The CNAME created should be the same as the one used during the bot configuration, where the value used was defined as:

https://{cname}.{your-domain}/api/calling

Configure Microsoft Teams

To provision the Uniphore Compliance Bot within MS Teams and configure policies:

Authenticate with PowerShell.
Create a new Recording Application instance – this will create the application instance required to connect the Compliance Bot with the Microsoft Teams tenant.
Assign permissions.
Synchronise the Recording Application instance from Azure Active Directory to the Agent Provisioning Service.
Create a new Recording Policy.
Assign the Recording Policy to the Recording Application.

These steps are all detailed in the Microsoft Teams Recording Policy documentation, but are also covered here for clarity.

Note

Similar to the Microsoft Azure Portal, Microsoft PowerShell commands and processes may change. Although the configuration steps covered here will be maintained to ensure the correct process is followed, there may be some differences present.
If you wish to implement a “Paired Bot” solution to provide an Active/Active or Active/Standby resiliency model, see "Configure a Paired Bot" for further guidance before executing any MS Teams PowerShell commands against the bot.

Authenticate with PowerShell

Open a PowerShell for Windows session and enter the following commands:

#Ensure correct modules are installed
Install-Module PowerShellGet -Force -AllowClobber
Install-Module MicrosoftTeams 

#To check your MicrosoftTeams version:
Get-Module -Name MicrosoftTeams -ListAvailable

# Ensure you session has correction permissions
Set-ExecutionPolicy -ExecutionPolicy Unrestricted

Import-Module MicrosoftTeams

By default, the PowerShell Gallery (PSGallery) is not configured as a trusted repository for PowerShellGet. The first time you use the PSGallery, you'll see the following message:

Untrusted repository

You are installing the modules from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet.

Are you sure you want to install the modules from 'PSGallery'?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "N"):

Then authenticate with Microsoft Teams:

Connect-MicrosoftTeams

Note

The account should have permission to create and modify users and policies.

Create a New Recording Application instance

This will create the application instance required to hook the bot up to the Microsoft Teams tenant. The output of this command will include an ObjectId, save this value.

New-CsOnlineApplicationInstance -UserPrincipalname "{Application-Instance-UPN}" 
-DisplayName "{Display-Name}" -ApplicationId "{Application-Id}"

Parameter	Description
`Application-Instance-UPN`	This should be a new UPN that represents this bot. Do not reuse accounts here and ensure you’re using the correct email client domain, for example, `rcbot@domain.onmicrosoft.com` Note The UPN must end with `.onmicrosoft.com`
`Display-Name`	A friendly name for the bot installation.
`Application-Id`	The `Bot ID` created earlier.

Assign permissions

Synchronize the Recording Application instance

This will synchronize the application instance from Azure Active Directory into the Agent Provisioning Service.

Sync-CsOnlineApplicationInstance -ObjectId "{ApplicationInstance-Object-Id}"

Parameter	Description
`ApplicationInstance-Object-Id`	This is the `ObjectId` from the previous step.

Create a new Recording Policy

This section will create the policy that enables recording for Users and/or Groups.

New-CsTeamsComplianceRecordingPolicy -Identity "{Identity}" -Enabled $true 
-Description "{Description}"

Parameter	Description
`Identity`	It's important that this value does not contain any spaces. A valid identity would be `TeamsRecordingPolicy`
`Description`	A friendly name used for human readable output.

Assign the Recording Policy to the Recording Application

Here we will instantiate an instance of the previously created application and assign it to the new policy.

Set-CsTeamsComplianceRecordingPolicy -Identity "{Identity}" 
-ComplianceRecordingApplications @(New-CsTeamsComplianceRecordingApplication 
-Id "{Object-ID}" -Parent "{Identity}")

Parameter	Description
`Identity`	This is the `Identity` created above, e.g. `TeamsRecordingPolicy`. Note that this value is used twice on this command.
`Object-ID`	The `ObjectId` result from creating the application instance – you can also get this ID by executing `Get-CsOnlineApplicationInstance`

Optional - Update the Compliance Recording Application

We can configure the bot to refuse to connect calls if the bot is unavailable, using the following command:

Set-CsTeamsComplianceRecordingApplication -Identity "{Identity}" 
-RequiredBeforeCallEstablishment $true | $false 
-RequiredBeforeMeetingJoin $true | $false -RequiredDuringCall $true | $false 
-RequiredDuringMeeting $true | $false

Parameter	Description
`Identity`	This is the `Identity`, which can be returned from `Get-CsOnlineApplicationInstance` e.g. `Tag:TeamsRecordingPolicy/{GUID}`
`RequiredBefore CallEstablishment`	Set this Boolean value to `$true` to “require” that a bot is connected for every peer to peer call (user can't connected if the bot is unavailable).
`RequiredBeforeMeetingJoin`	Set this Boolean value to `$true` to “require” that a bot is connected for every meeting (user can't connected if the bot is unavailable).
`RequiredDuringCall`	Set this Boolean value to `$true` to “require” that the user be disconnected from a peer to peer call if the bot becomes unavailable.
`RequiredDuringMeeting`	Set this Boolean value to `$true` to “require” that the user be disconnected from a meeting if the bot becomes unavailable.

Configure a Paired Bot

To implement a “Paired Bot” solution to provide Active/Active or Active/Standby resiliency:

These steps are all detailed in the Microsoft Teams Compliance Recording documentation , but are also covered here for clarity.

Note

Similar to the Microsoft Azure Portal, Microsoft PowerShell commands and processes may change. Although the configuration steps covered here will be maintained to ensure the correct process is followed, there may be some differences present.

Assumptions

You’ve already installed an additional Microsoft Teams Compliance Bot as detailed in Provision the Microsoft Azure Subscription. The first bot will be known as the “primary bot”.
No MS Teams PowerShell commands should be executed against the bot. If you have run any of PowerShell commands against the bot, please delete/remove the created items by using the appropriate Remove-CsXXX commands.
If you’ve created a User Principal for this bot, only delete the UPN from the Users section of the Active Directory Portal. The UPN is created as part of the New-CsOnlineApplicationInstance commandlet.
Finally, ensure you’ve started a PowerShell session connected to your MS Teams Tenant and have the appropriate permissions.

Create the Recording Application Instance

This will create the application instance required to hook the bot up to the Microsoft Teams tenant.

New-CsOnlineApplicationInstance -UserPrincipalname "{Application-Instance-UPN}" 
-DisplayName "{Display-Name}" -ApplicationId "{Application-Id}"

Parameter	Description
`Application-Instance-UPN`	This should be a new UPN that represents this bot. Do not reuse accounts here. For example, `rcbot@domain.onmicrosoft.com` (note that the UPN must end with `.onmicrosoft.com`).
`Display-Name`	A friendly name for the bot installation.
`Application-Id`	The `Bot ID` obtained earlier.

The output of this command will include an ObjectId, save this value.

We need to ensure the new application instance has been correctly synchronised, so call the following using the ObjectId displayed in the last command:

Sync-CsOnlineApplicationInstance -ObjectId {Object-Id}

Parameter	Description
`Object-Id`	This is the `ObjectId` from the previous step.

Pair the Recording Application Instance

Now we’ll pair the newly created application instance with the application created with the primary bot. Execute the following command and copy the appropriate Identity:

Get-CsTeamsComplianceRecordingApplication

Here’s an example output:

Identity                              : Tag:redBoxRecordingPolicy/4a8b8286-ba…
Priority                              : 0
ComplianceRecordingPairedApplications : {}
Id                                    : 4a8b8286-bab2-4588-9642-6a31744fd5e6
RequiredBeforeMeetingJoin             : True
RequiredBeforeCallEstablishment       : True
RequiredDuringMeeting                 : True
RequiredDuringCall                    : True
ConcurrentInvitationCount             : 1

From this example, we would copy the Identity property which is set to:

Tag:redBoxRecordingPolicy/4a8b8286-ba… and the {Id} property which is set to:

4a8b8286-bab2-4588-9642-6a31744fd5e6. We’ll refer to the Id property as the SourceId.

Next we‘ll execute a series of commands to create the paired application and associate with our existing application and finally synchronise both the source and newly paired application.

# Create the new paired application and update the original.
Set-CsTeamsComplianceRecordingApplication -Identity {Identity} 
-ComplianceRecordingPairedApplications 
@(New-CsTeamsComplianceRecordingPairedApplication -Id {ObjectId}) 
# Synchronise both the new and original application instances.
Sync-CsOnlineApplicationInstance -ObjectId  {ObjectId}
Sync-CsOnlineApplicationInstance -ObjectId  {SourceId}

Parameter	Description
`Identity`	This is the `Identity` property from the original application instance.
`Object-Id`	This is the `ObjectId` from the new application instance.
`Source-Id`	This is the `ObjectId` from the original application instance.

Verify the Paired Application

Finally, we‘ll verify that the application has been correctly created and updated by executing the following command:

Get-CsTeamsComplianceRecordingApplication | where {$_.Id -eq {SourceId}}

Parameter	Description
`Source-Id`	This is the `ObjectId` from the original application instance.

The output from here should now include the updated source application, where the ComplianceRecordingPairedApplications property has a new Id in the array:

Identity                              : Tag:redBoxRecordingPolicy/4a8b8286-ba…
Priority                              : 0
ComplianceRecordingPairedApplications : {Id=4a8b6175-cac3-1555-6642-5a31733cc4d7}
Id                                    : 4a8b8286-bab2-4588-9642-6a31744fd5e6
RequiredBeforeMeetingJoin             : True
RequiredBeforeCallEstablishment       : True
RequiredDuringMeeting                 : True
RequiredDuringCall                    : True
ConcurrentInvitationCount             : 1

Recording Policy

Assign the recording policy to Active Directory objects as required:

To a specific Active Directory User.
To an Active Directory Group.
To Active Directory Users based on a query.
To all users in Active Directory.

These steps are covered in the Microsoft Teams Recording Policy documentation, but are also covered here for clarity. Note that, similar to the Microsoft Azure Portal, Microsoft PowerShell commands and processes may change. Although the config steps covered here will be maintained to ensure the correct process is followed, there may be some differences present.

Assign the Policy to a Single User

Grant-CsTeamsComplianceRecordingPolicy -Identity "{User-Principal-Name}" 
-PolicyName "{Policy-Identity}"

Property	Description
`User-Principal-Name`	The name of the user to assign, e.g. `terry-towelling@fabrics.com`
`Policy-Identity`	This is the name of the policy created in the previous stages.

Assign the Policy to Users in a Department

Get-CsOnlineUser -Filter {Department -eq "{Department-Name}"} | 
Grant-CsTeamsComplianceRecordingPolicy -PolicyName "{Policy-Identity}"

Property	Description
`Department-Name`	The name of the department, as it appears in Active Directory.
`Policy-Identity`	This is the name of the policy created in the previous stages.

Assign the Policy to All Existing Users

Get-CsOnlineUser | Grant-CsTeamsComplianceRecordingPolicy 
-PolicyName "{Policy-Identity}"

Property	Description
`Policy-Identity`	This is the name of the policy created in the previous stages.

Assign as a Global Policy

All new users will be assigned the policy.

Grant-CsTeamsComplianceRecordingPolicy -PolicyName "{Policy-Identity}" -Global

Property	Description
`Policy-Identity`	This is the name of the policy created in the previous stages.

Unassign Users From a Policy

Grant-CsTeamsComplianceRecordingPolicy -Identity "{User-Principal-Name}" -PolicyName $null

Property	Description
`User-Principal-Name`	The name of the user to unassign, e.g. `terry-towelling@fabrics.com`

Disable or Enable a Policy

During testing or verification stages it can be useful to disable and re-enable the policy at a global level. To do so, execute the following command:

Set-CsTeamsComplianceRecordingPolicy -Identity "{Policy-Identity}" 
-Enabled {Enabled-State}

Property	Description
`Policy-Identity`	This is the name of the policy created in the previous stages.
`Enabled-State`	`$false` to disable the policy, or `$true` to enable it.

Complete the Install and Configuration

As stated previously, the configuration steps detailed in this guide are intended to provide pre-requisite install/configuration steps prior to a Uniphore engineer install of the U‑Capture MS Teams integration. In order to complete the MS Teams integration, please contact your Uniphore representative to arrange an engineer installation to complete the process.

In this section:

Uniphore Customer Portal

Azure and Teams Configuration

Azure and Teams Configuration Steps

Note

Select Deployment Assets

Define the Cloud Service VM Details

Provision the Microsoft Azure Subscription

Register Resource Providers

Create a Resource Group for the Bot

Create a Key Vault

Upload/Import Certificate to the Key Vault

Create an Application Insights Resource

Create the Azure Bot

Configure the Bot

Note

Note

Create a Client Secret

Note

Set API Permissions

Create a Storage Account

Create a Virtual Network

Create a Public IP Address

Update the Remaining Configuration Properties

Note

Note

Upload the Bot Configuration File

Create the Azure Extended Cloud Service

Note

Configure Microsoft Teams

Note

Authenticate with PowerShell

Note

Create a New Recording Application instance

Note

Assign permissions

Synchronize the Recording Application instance

Create a new Recording Policy

Assign the Recording Policy to the Recording Application

Optional - Update the Compliance Recording Application

Configure a Paired Bot

Note

Assumptions

Create the Recording Application Instance

Pair the Recording Application Instance

Verify the Paired Application

Recording Policy

Assign the Policy to a Single User

Assign the Policy to Users in a Department

Assign the Policy to All Existing Users

Assign as a Global Policy

Unassign Users From a Policy

Disable or Enable a Policy

Complete the Install and Configuration

Search results