Workflow: Configure Microsoft Azure components for Teams capture

Configure Azure to create a capture infrastructure and provision the Microsoft Teams tenant for capturing interactions. From creating a virtual network with subnets and a virtual machine for the capture installation to assigning a recording policy to employees, this workflow walks you through the procedures.

Before you begin 

  • To access all required resources and items for a recording bot deployment, you must have at least a Contributor role on the Azure subscription. An Admin role is required to grant admin consent for the permissions.

  • Determine whether your deployment includes the Azure Application Gateway.

For settings not explicitly documented, keep the default values.

Workflow 

  1. Create a virtual network with subnets

    Your Azure subscription includes a virtual network (Azure VNet). Before you create any VMs, divide your VNet into subnets as needed. If you plan to use an Azure Application Gateway, you must divide the VNet into one subnet for the VMs and a separate subnet for the gateway.

  2. Create a VM

    Each VM that will host a Verint MS Teams Recording Bot Adapter needs to have a public IP address in Azure (ILPIP) and a CNAME record. The CNAME record belongs to the domain of your Microsoft tenant that is pointing to this public IP address. When a virtual machine is created, one Network Security Group (firewall) is automatically created and attached to the VM. You need to open the required ports on this Network Security Group.

  3. Configure the VM network interface

    Add port forwarding in Azure.

  4. Install Microsoft Teams Module

    Make sure you have the required version of PowerShell, .NET Framework, and Microsoft Teams Module running on the Azure tenant that will host the Verint Recorder.

  5. Open ports and add certificate to the VM

    For the Verint Recorder to connect securely to the Azure Microsoft Teams Bot Service, open the required inbound ports on the VM's firewall and import the cryptographic service provider (CSP) SSL certificate.

  6. Create a DNS entry

    Create a DNS CNAME entry in the domain for which the cryptographic service provider (CSP) SSL certificate is issued, such as teamsbot.verint.com.

  7. Create an Azure Bot

     

    An Azure Bot Service is required for Verint Recorder to capture an MS Teams interaction. Create a multi-tenant Azure BOT to support one Azure tenant for the Verint recorder and one or more Azure tenants for customer contact centers.

    For a solution with redundancy, you must register two bots under the same Microsoft tenant (Service Provider or Customer Microsoft Teams tenant.) Follow this procedure for the main bot channel and for the backup bot channel.

    For a solution without redundancy: the recording bot must be registered either in the Service Provider (VCS Hosted) or Customer Microsoft Teams tenant. The Verint Recorder accesses and integrates to Microsoft Teams using standard, supported integration patterns. Microsoft Graph API and Microsoft Local Media SDK are used.

  8. Grant admin consent for the permissions

    All assigned permissions need admin consent in the Team tenant.

  9. Create Enterprise application

    For the Verint MS Teams Bot to record, you must first create an online enterprise application and assign that application to a compliance policy in Azure Active Directory on the Azure tenant that hosts the Verint Recorder. Take note of the Object ID that you get.

  10. Assign the bot to a recording policy 

    To have the recording bot active in Teams, you need to add it to a recording policy and assign the policy to users.

  11. Optional: Remove restrictions from Recording Policy

    By default, the recording policy is created in compliance mode. Compliance mode means that users cannot establish calls when the recorder cannot capture said calls. Remove these restrictions using this procedure.

  12. Optional: Add an application access policy

    The Application Access Policy authorizes the bot to retrieve additional meeting information, such as the meeting title, on behalf of users.

  13. Set up the Microsoft Teams integration as a host provider

    If you are setting up a multi-tenant environment, configure the Microsoft Teams integration as a host provider.

  14. Revert recording for a tenant

    Optional: Add an application access policyIf you need to stop a Microsoft Tenant from recording, run the following commands in the order provided, then remove the application instance.

  15. Optional Workflow: Configure the Application Gateway

    If your deployment includes use of the Application Gateway for load balancing, complete the configuration with this flow.