Send Email link to Customer Admin account
You can access the Invitation wizard to automatically create the new Application registration by sending an email to the M365 customer administrator account containing the secure link to open the Invitation wizard.
Ensure that the Application Administrator admin role is assigned to the customer tenant M365 admin (User Principal Name-UPN) that you configure in the step below.
| ➢ | Do the following: |
| 1. | In the Operation Center Services page, from the Add Service drop-down, select Direct Routing. |
| 2. | Choose the relevant customer. |
| 3. | Click Add New Tenant. |
| 4. | Enter Full Name of Service – Free Text. |
| 5. | Enter Unique Short Name of Service - Define a unique name for the new service. |
The name should comply with the following rules:
| ● | The string should be 3-15 characters long |
| ● | The following characters cannot be used: \ / : * ? " < > |audit |
| ● | Can contain letters (lower/UPPER case), Numbers and special characters are allowed, however cannot contain the dot (.) or blank spaces. |
| ● | Unique name per Service |
| 6. | Select the relevant license type Hosted Essentials+ or Hosted Pro license Type. |
| 7. | Select the number of licensed users. A maximum of 500 users can be configured per service. |
| 8. | Select the check box Send link to IT administrator for authentication, enter the email address of the Tenant service admin, and the click Next. |
| 9. | An email link similar to the following is sent to the M365 customer tenant administrator. |
| 10. | Click Create New App Registration. |
| 11. | Enter the customer M365 admin (User Principal Name-UPN) with Application Administrator permissions. |
| 12. | Do one of the following: |
| ● | Copy the code and then click the URL link below it. |
| ● | Click Copy code and open page in new tab. |
| 13. | Click Next or enter code if you clicked the ....device/login link above. |
| 14. | Enter credentials of the Admin account of the M365 tenant. |
| 15. | Click Continue. |
| 16. | Close the dialog. A confirmation message is displayed that the connection has been successfully established. |
| 17. | Enter the name of the Application Registration. The name should comply with the following rules: |
| ● | The string should be 3-15 characters long |
| ● | The following characters cannot be used: \ / : * ? " < > |audit |
| ● | Can contain letters (lower/UPPER case), Numbers and special characters are allowed, however cannot contain the dot (.) or blank spaces. |
| ● | Unique name per Service (check regarding ) |
| 18. | Open the Onboarding wizard (Direct Routing > Add Service). |
| 19. | Click Pending Invitations. |
| 20. | Click Add. Notice that the new registration details are displayed. |
| 21. | Click Next. The tenant credentials are validated. |
| 22. | Click Next. |
| 23. | Complete the Onboarding wizard to create the service (see Onboarding with Hosted Essentials + and Onboarding with Hosted Pro). |
| 24. | Open the Service portal for the new service (Direct Routing > Edit Service). |
| 25. | Navigate to the Microsoft 365 Settings page (Configuration > M365 Configuration). |
Both the Client Secret Days Until Expire field is displayed (if set for the first time) and the User Name field is filled with the Admin tenant user who authenticated the registration .
| 26. | Click Validate Authentication to validate the credentials of the tenant service with the App Registration. |
| 27. | If you created a QOE application registration for enabling QOE Integration with Microsoft Teams, enter the details of the Application registration (see Add Microsoft Teams Device (Direct Routing). |
| 28. | Open the Azure portal and in the Navigation pane, select App Registrations. |
| 29. | Search for your new Token Application Registration. |
| 30. | In the Navigation pane, select Manage > Certificates & Secrets. |
| 31. | Copy the secret value to notepad. |
| ● | Copy the value immediately to notepad as it hashed after a short time. |
| ● | If you use the Application registration to create additional services, a new secret should be created for each new service. |
| 32. | In the Navigation pane, select Manage > API permissions. View the new permissions created by the automatic script. |
| 33. | For UMP-365 versions prior to 8.0.517.221, you must add the permissions GroupMember.Read.All and RoleManagement.Read.Directory. Do the following: |
| a. | Click + Add a permission and then select Microsoft Graph. |
| b. | Select Application permissions. |
| c. | Type GroupMember.Read.All, select it and then click Add permissions. This permission is required if your application with Administrative Units uses the following cmdlets: *-CsGroupPolicyAssignment and *-CsGroupPolicyPackageAssignment. |
| d. | Repeat the above steps for permission RoleManagement.Read.Directory. This permissions is required for all Entra applications to verify association with an Administrative Unit. |
| e. | Grant admin consent for the new permissions. |
All permissions are granted.
| 34. | In the search box in the Menu bar, type Microsoft Entra Roles and administrators. |
| 35. | Search for the specific roles to add or remove according to the table in Create Application Registration Automatically using Invitation Wizard. |