Requested only for Channel Management
Process overview
Sphereshield Channel Management uses a service account that we refer to as “Compliance admin” or “Compliance officer”.
This account acts as a “liaison” between your Azure tenant and Sphereshield Channel Management software. This account must be set up correctly both in Azure and in the Sphereshield Channel Management admin portal as without this you won’t be able to utilize Channel Management.
While generally, we do not expect using Compliance Admin account to access the portal it is not prohibited. And sometimes is required as a troubleshooting step for some issues.
To set up the Compliance Admin account please follow both parts of the guide below.
Part 1
Create a compliance administrator user that has access to all teams
Create a new user in Office 365. This user name is arbitrary, but consider that it will appear as the content creator when moving posts and files.
Give the user a license that is valid for MS Teams.
This user must not have conditional access or Multi-Factor Authentication
Assign an admin role to the new user account such as the Teams Administrator privilege:
5. This user will have access to all teams as an owner. It should not have access to any team before configuring SphereShield.
Part 2
Configuring Admin Portal Integration Azure AD
This step can be done only after receiving access to your service portal from AGAT support by email. This is typically done up to 2 business days from receiving payment or a Purchase Order |
Configuring the Integration:
Login to the Channel Management Portal with the link sent by AGAT.
To allow the service authentication to Graph API you need to do the following.
1- Go to Settings -> Cloud service integration and select the following services:
2- Complete the following settings:
Native Application ID: 4bd3cb54-adb4-46e4-b454-16f87dac1182
Compliance Admin User: The UPN of the user you created above.
Compliance Admin Password: the password of the Compliance Admin user.
3- Make sure that the user has a license for teams and is not a member of any channel/team before configuring.
4- Change the setting “Enable Channel Management For MS Teams” to Yes and click "Save".
Then click on the " Test Azure API connection " to see if your connection is valid
5- To check that the credentials are correct, the configuration has to be saved first by clicking on the Save button and then clicking the Check button:
6- If you are using MFA for the compliance admin account, please follow these instructions:
Fill out the compliance admin user filed with your compliance admin, then change the authentication type to “Using Access Token”.
Click on the “CONNECT” button and that will open a new Microsoft login window where you can use the compliance admin credentials and also the MFA.
Go back to the portal and save the changes.
7- Finally, you need to navigate to MS Teams Management and click on the “REFRESH TEAMS FROM API” button:
Please wait until you receive this message and then you should be able to see all of your Teams/Channels: