Knowlege base

Native Microsoft Teams Call Recording Configuration

Article ID: 865
Last updated: 20 Nov, 2024

Requirements

  • Imagicle UCX Cloud Suite
  • Admin-level access to MS Teams PowerShell
  • Admin-level access to Microsoft Azure web portal, through a user with a valid Azure subscription. This is required to create new Azure Bot.
  • To verify if the user has an Azure subscription, follow this procedure:
    • log into https://portal.azure.com
    • click on Subscriptions
    • check that at least one subscription is included in the subscription list
    • If no subscriptions are available, it is possible to create a free one, even if a credit card is required. No charges are applied. Otherwise, it is possible to be added as a "contributor" on an existing subscription; to do so, the user managing the subscription must add this user as a contributor.
  • Working public URL to access Imagicle web portal:   https://<customer_name>-public.imagicle.cloud/
  • Imagicle specific Application ID URI to add in App Registration. The URI should be requested to Imagicle team
  • Imagicle specific URL to add in Azure Bot. The URI should be requested to Imagicle team

Configuration Overview

To allow the recording of MS Teams users' conversations, you must associate each user to a Recording Policy, in turns connected to an Azure BOT, in turns connected to an Azure Application (App Registrations).

To enable an MS Teams user to leverage Imagicle Call Recording, the following tasks should be accomplished:

  1. Add a custom domain
  2. Add an Azure Application (App Registrations)
  3. Send App Registration and custom domain data to Imagicle team
  4. Imagicle team confirms domain entry creation and returns a webhook URL.
  5. Define an Azure BOT (associated to above app)
  6. Define a Recording Policy (associated to above app)
  7. Associate above Recording Policy to all Call Recording users

Please bear in mind that Silence Suppression is not supported.

Configurations from MS Azure Web Portal

Azure App Registration

  • Please connect to https://portal.azure.com and login as Administrator
  • Select “App registrations” service and click on “New Registration”
  • Please compile the form as below sample, filling the Application name with “Imagicle Call Recording” and leaving all other data as default.

  • Hit "Register" to get the following resume page, including Application (client) and Directory (tenant) IDs.

  • Please take note NOW of above Application ID and Directory ID. They are required later on in this procedure.
  • From "Manage" left panel, click on "Certificates & secrets" to define a new "Client Secret"

Client Secret

  • Please click on “New client secret” and choose an expiration period. We suggest to apply the longest one (24 months) or "Never". 

  • Please take note NOW of Client Secret "Value", available once new Client Secret as been created. It is required later on in this procedure and it won't be displayed anymore in the future.

  • Please set a reminder for Client Secret, so you can generate a new Client Secret before it expires. Once Client Secret is expired, you can just create a second Client Secret by following same procedure. You can transmit new Client Secret Value to Imagicle team, who is going to apply it in Imagicle Cloud. Then you can remove expired Client Secret.

API Permissions

  • Within newly created App Registration, now you need to add permissions to leverage Microsoft Graph APIs. From "Manage" left panel, please click on "API permissions" to get the following window:

  • Click on "Add a permission" and select “Microsoft Graph”:

  • Now click on "Application permissions" and start searching for the following permissions:
    • Calls.AccessMedia.All
    • Calls.JoinGroupCall.All
    • User.Read.All
  • Tick each above permissions and finally hit "Add permissions"

  • Once Microsoft Graph permission has been added, you need to select “Grant admin consent for <Company_Name>” from rightmost pull-down menu. You get a confirmation pop-up, where you need to click "Yes"

  • The following screenshot sample shows the actual API permissions summary page, if the procedure has been accomplished in the correct way:

​ API Authorization

Note: This configuration is only required if you wish to enable recording controls on Imagicle Teams application, where a specific tab is displayed for this purpose.

To allow the Imagicle Teams Application to leverage SSO and on-demand recording, some API exposure roles must be set.

  • Within Imagicle Call Recording App Registration, please click on "Expose an API" from left panel:

  • Populate "Application ID URI" with the API URI provided by Imagicle team.
  • Then click on "Add a scope" to pop-up relevant window on the right side:

  • In above panel:
    • Complete the scope name by : Recording.ReadWrite.All (2) 
    • Change value of who can consent to : Admins and Users (3) 
    • Change Admin consent display name and description to a value you want explaining the goal of the scope (4 and 5) 
    • Validate by clicking on "Add scope" button (6)
  • Now click on "Add a client Application":

  • The following panel pops-up on the right side:

Azure BOT

  • Please access to Microsoft Azure web portal as Administrator and search for Azure Bot from top search box, then click on the link available under the Marketplace section. See below:

  • Once selected, you need to create a new BOT by hitting "Create an Azure Bot" option. Please bear in mind that it is required a specific license subscription for this purpose and you might be required to enter a credit card number as pro-forma. No charges are applied to credit card account:

  • Please fill the following fields:
    • Bot handle: Unique name for recorder BOT ⇒ imagicle-call-recording-bot
    • Subscription: leave default value
    • Resource group: create a new group "imagicle-resource-group", if none is available
    • Pricing tier: Standard plan
    • Microsoft App ID: tick "Use existing app registration"
    • Existing app id: Paste here previously copied "Application ID" saved during App creation
    • Existing app password: Paste here previously copied "Client Secret" value, saved during Client Secret creation
  • Now hit  “Review + create” and double check all displayed data:

  • If otherwise you get the following error message, please hit "Previous" and review the Location you specified in Imagicle Resource group:

  • If data is correct, click on “Create”. You get below summary page, if the Bot deployment has been correctly accomplished:

Provide collected data to Imagicle Team

Before proceeding with the configuration, it is time to transfer the following collected data to Imagicle:

  • Customer name, as configured in public web URL
  • Bot name (case sensitive)
  • Application (Client) ID
  • Directory (Tenant) ID
  • Secret Value

Imagicle applies configuration in own Cloud and returns you a Webhook URL to be used within below procedure.

Connect Bot to MS Teams Channel

  • Newly defined Bot is the native MS Teams interface that Imagicle Call Recording is using to collect recording streams from MS Teams clients. To achieve this goal, new Bot must be associated to MS Teams client by using a "Channel".
  • Search for Bot Services in the search box on the top, then click on the Bot Services link under "Services" section. Alternatively, Bot Services can be also found by opening top-right pull-down menu, then selecting All services ⇒ AI + machine learning option.

  • Select the previously defined imagicle-call-recording-bot
  • In below screenshot sample, "Channels" option is selected, pointing to Microsoft Teams channel:

  • Once MS Teams channel is selected, a new configuration window appears, where you must select "Calling" tab:

  • Please tick "Enable calling" flag and add a the Webhook URL acquired from Imagicle team.
  • Hit "Save" and accept Terms of Service by clicking on "Agree":

Configurations from MS Teams PowerShell

If not yet done, please install MS Teams PowerShell module by issuing the following commands from PowerShell running as Administrator:

Install-Module MicrosoftTeams -MaximumVersion 5.3.0 -Repository PSGallery
Import-Module MicrosoftTeams
Connect-MicrosoftTeams

Please enter Tenant Admin account credentials, when requested.

NOTE: if the install command above fails because of another version of Microsoft Teams module already installed, you first need to uninstall it executing the following command:

Uninstall-InstalledModule MicrosoftTeams

Recording Policy Creation

  • Recording Policy is a group of rule policies which is assigned to each MS Teams user. The Recording Policy described in this paragraph allows a Call Recording user to record any conversation involving own MS-Teams client.
  • First of all, please enter the following PowerShell command:
New-CsOnlineApplicationInstance -UserPrincipalName <imagicle_call_recording@tenant.com> -DisplayName "Imagicle Call Recording" -ApplicationId <app-id>
  • UserPrincipalName should be a new unique UPN within the Tenant. As a guideline, Imagicle suggests to enter a username like "imagicle_call_recording". You can't use an existing UPN associated to an MS Teams user.
  • ApplicationId corresponds to previously copied "Application ID" saved during App creation
  • Command output is similar to below sample:

  • Please take note of "ObjectId" and "TenantId". They are required later on in this procedure.
  • "New-CsOnlineApplicationInstance" command might fail with an error (read here for more details). Please make sure the user is associated to an online MS-Teams tenant.
  • Please proceed by issuing the following commands, replacing red parameters according to your own data:
Sync-CsOnlineApplicationInstance -ObjectId <object-id> -ApplicationId <app-id>
  • object-id is the ObjectId of the Online Application Instance obtained at the previous step.
  • ApplicationId corresponds to previously copied "Application ID" saved during App creation
New-CsTeamsComplianceRecordingPolicy -Identity <Recording-policy-imagicle>
  • Recording-policy-imagicle is the actual name assigned to new Recording Policy, to be used in following PS commands.
Set-CsTeamsComplianceRecordingPolicy -Identity <Recording-policy-imagicle> -Description "Imagicle Recorder CRP" -Enabled $true -ComplianceRecordingApplications @(New-CsTeamsComplianceRecordingApplication -Parent <Recording-policy-imagicle> -Id <object-id> -RequiredBeforeMeetingJoin 0 -RequiredBeforeCallEstablishment 0 -RequiredDuringMeeting 0 -RequiredDuringCall 0)
  • Recording-policy-imagicle is the actual name assigned to new Recording Policy, to be used in following PS commands
  • Recording-policy-description "Imagicle Recorder CRP".
  • object-id is the ObjectId of the Online Application Instance obtained at the previous step.
  • Please wait few seconds and then execute the following command to display new Recording Policy data summary:
Get-CsTeamsComplianceRecordingPolicy Recording-policy-imagicle

  • Now it's time to assign newly defined Recording Policy to a single Call Recording user, by executing the following command, including user's UPN, as many times as the number of users to enable:
Grant-CsTeamsComplianceRecordingPolicy -Identity <user@tenant.com> -PolicyName recording-policy-imagicle
  • Pay attention: user's UPN in MS Teams is case-sensitive!
  • If you wish to disable the audio prompt to notify remote party about ongoing audio recording, please execute the following command:
Set-CsTeamsComplianceRecordingPolicy -Identity <user@tenant.com> -DisableComplianceRecordingAudioNotificationForCalls $true
  • Once done, you can double check proper Recording Policy association to a user by issuing the following command:
Get-CsOnlineUser <user@tenant.com> | ft sipaddress, tenantid, TeamsComplianceRecordingPolicy

Pay attention: if you need to create a valid Recording Policy to be used for both Imagicle Call Recording AND Attendant Console, please refer to this KB article.

Configurations from Imagicle UCX Cloud Platform web portal

  • Please access to Imagicle web portal as Administrator and create a local "service" user account with Call Recording "Complete management" permissions (level 10) and System's "Complete users management" permissions (level 9). This account is used to retrieve recording audio streams from MS-Teams cloud.
  • Please remember to configure an actual named user account as "catch-all" user for those recordings without assignee. This setting is available here: Call Recording ⇒ Global Settings ⇒ Settings ⇒ Pilot numbers ⇒ Actions on recordings without assignee. More info available in this KB article.
  • Please set "PBX username" field with same value of "email" field, in each Imagicle recording-enabled user.

Provide Service Account credentials to Imagicle Team

Please transmit this data to Imagicle:

  • Username and password of local "service" user, manually defined from Imagicle web portal.

Troubleshooting

If calls are not recorded, likely something went wrong in BOT configuration. You can easily test proper BOT association to MS Teams user by directly calling it from MS Teams client itself. If BOT doesn't answer the call, it means BOT is misconfigured.

To call BOT, just select "Calls" tab in MS Teams client and search for it by App's “Display name”, as shown in below screenshot:

If BOT correctly answers the call and calls are still not recorded, then please double check Recording Policy and make sure it is correctly associated to the user.

Other useful commands

  • To list all users enabled for call recording, that is, having the compliance recording policy applied (named 'Recording-policy-imagicle' in the example below):
Get-CsOnlineUser -Filter {TeamsComplianceRecordingPolicy -eq "Recording-policy-imagicle"} | Select UserPrincipalName 
  • To disable a user for call recording, removing the assigned compliance recording policy:
Grant-CsTeamsComplianceRecordingPolicy -Identity user@tenant.com -PolicyName $null

Article ID: 865
Last updated: 20 Nov, 2024
Revision: 43
Views: 2057
Print Export to PDF Subscribe Share
This article was:  
Prev   Next
Administration Guide     User Guides