Requested only for Channel Management
| Table of Contents | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Process overview
Sphereshield Channel Management uses a service account that we refer to as “Compliance admin” or “Compliance officer”.
This account acts as a “liaison” between your Azure tenant and Sphereshield Channel Management software. This account must be set up correctly both in Azure and in the Sphereshield Channel Management admin portal as without this you won’t be able to utilize Channel Management.
While generally, we do not expect using Compliance Admin account to access the portal it is not prohibited. And sometimes is required as a troubleshooting step for some issues.
To set up the Compliance Admin account please follow both parts of the guide below.
Part 1
Create a compliance administrator user that has access to all teams
Create a new user in Office 365. This user name is arbitrary, but consider that it will appear as the content creator when moving posts and files.
Give the user a license that is valid for MS Teams.
This user must not have conditional access or Multi-Factor Authentication
Assign an admin role to the new user account such as the Teams Administrator privilege:
...
5.
| Info |
|---|
This user will have access to all teams as an owner. It should not have access to any team before configuring SphereShield. |
Part
...
Configuring Admin Portal Integration Azure AD
...
2
...
Configuring the Integration:
...
To allow the service authentication to Graph API you need to add the credentials to the SphereShield Admin Portal under do the following.
1- Go to Settings -> Cloud service integration
Make sure that the Office Checkbox and Teams Checkbox is ticked. And the Inspect All Users filed set to yes.
...
services integration and select the following services:
...
2- Complete the following settings:
Internal domain list: List of your Internal domains within your tenant.
| Info |
|---|
Groups to be inspected and Internal domain list are not relevant for CM, they will disappear once you enabled CM on step E. |
a- Native Application ID: 4bd3cb54-adb4-46e4-b454-16f87dac1182
b- Compliance Admin Authentication type: Using Credentials (if the compliance admin has no MFA enabled) or Using Access Token (if the compliance admin has MFA enabled).
c- Compliance Admin User: The UPN of the user you created above.
d- Compliance Admin Password: the password of the Compliance Admin user.
...
Make sure that the user has a license for teams and is not a member of any channel/team before configuring.
Enter your details in the relevant fields and enable Channel Management. Click
...
Setup compliance admin with conditional access
If you are using MFA for the Compliance Admin account, please follow these instructions:
Fill in the compliance admin user field with your compliance admin, then change the authentication type to “Using Access Token".
Click the “CONNECT” button. This will open a new Microsoft login window where you can use the Compliance Admin credentials and also the MFA.
Go back to the portal and save the changes.
...
E- Change the setting “Enable Channel Management For MS Teams” to Yesandclick "Save".
Then click on the " Test azure Azure API connection " to see if your connection is valid valid.
...
| Info |
|---|
|
To check 3- To verify that the credentials are correct, you must first save the configuration has to be saved first by clicking on the Save button and then clicking the check Check button:
...
4- Finally, you need to navigate to MS Teams ManagmentManagement and click on the “REFRESH TEAMS FROM API” button:
...