Authenticate Microsoft Teams with Microsoft Azure

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read

    • Set up authentication with Microsoft Azure to connect Microsoft Teams with Workplace Reservation Management application.

    Before you begin

    Role required: Azure Active Directory administrator

    About this task

    In order for Workplace Reservation Management to be able to generate Microsoft Teams meeting link and get the recordings, via Microsoft Graph API, permissions must be added.

    Procedure

    1. Log in to the Microsoft Azure portal.
    2. Navigate to Azure Services > Azure Active Directory > Manage > App registrations.
    3. Optional: If you do not have an app registration, select New registration.
      1. On the form, enter the Name of the registration.
      2. Select the Supported account types of your choice.
      3. Optional: Specify the Redirect URL.
        Specify the following details:
        1. Select the platform as Web.
        2. Enter the URL in the following format: https://<instance-Name>.service-now.com/oauth_redirect.do
    4. If you already have an app registration, select the app registration.
      1. Navigate to Manage > Authentication.
      2. Navigate to Add a platform > Web applications > Web.
      3. On the Configure Web form, fill the fields.
        Table 1. Configure web form
        Field Description
        Redirect URL Enter a URL in the format: https://[instance].service-now.com/oauth_redirect.do
        Implicit grant Check Access tokens, and ID tokens
      4. Select Configure.
    5. Add a client secret.
      1. Navigate to Manage > Certificates and secrets.
      2. Select New client secret
      3. In the Description field, enter a short description about the secret.
      4. Under Expires, select an expiry.
      5. Select Add.
      6. After adding, in the Client secrets section, copy the value by clicking Copy to clipboard.
    6. Add a permission.
      1. Navigate to Manage > API permissions.
      2. Select Add a permission.
      3. Select Microsoft Graph.
      4. Select Application permissions.
        Table 2. Application permissions
        Permission name Description Required to
        User.Read.All Read all users profiles Create virtual meeting link
        OnlineMeetings.ReadWrite.All Read and create online meetings Create virtual meeting link
        Directory.Read.All Read directory data Create virtual meeting link
        Chat.Read.All Read all chat messages
        Note:

        This is optional and is required only to retrieve meeting recordings.

        		 Retrieve meeting recording
      5. Select Chat.Read.All, Directory.Read.All OnlineMeetings.ReadWrite.All and User.Read.All.
        Note:
        Select Chat.Read.All to retrieve the meeting recordings.
      6. Select Add permissions.
      7. On the Configured permissions screen, select Grant admin consent for ServiceNow.
      8. Select Yes.
        A confirmation message is displayed that admin consent is granted for the requested permissions.
    7. Configure application access policy and allow applications to access online meetings.
      1. Open the Windows' PowerShell as an administrator to run scripts.
      2. Identify the app's application (client) ID and the user IDs of the users on whose behalf the app is authorized to access online meetings.
      3. Connect to Skype for Business PowerShell with an administrator account.
      4. Create an application access policy containing a list of app IDs.
        Run the following cmdlet, replacing the Identity, AppIds, and Description (optional) arguments.
        New-CsApplicationAccessPolicy -Identity Test-policy -AppIds "ddb80e06-92f3-4978-bc22-a0eee85e6a9e", "ccb80e06-92f3-4978-bc22-a0eee85e6a9e", "bbb80e06-92f3-4978-bc22-a0eee85e6a9e" -Description "description here"
      5. Grant the policy to the user to allow the app IDs contained in the policy to access online meetings on behalf of the granted user.
        Run the following cmdlet, replacing the PolicyName and Identity arguments.
        Grant-CsApplicationAccessPolicy -PolicyName Test-policy -Identity "748d2cbb-\
3b55-40ed-8c34-2eae5932b22a"
      6. Optional: Grant the policy to the whole tenant (Applies to users who don’t have an application access policy assigned).
        Run the following cmdlet, replacing the PolicyName argument.
        Grant-CsApplicationAccessPolicy -PolicyName Test-policy -Global
      Note:
      All employees who can create or update reservations must be included in the application access policy.

    Result

    The Microsoft Teams is set up with Microsoft Azure.

    Note:
    For more information about allowing applications to access online meetings, see Microsoft documentation.