Quick Start

Once the Interaction Insights Service has been deployed by your Service Provider, you receive a Welcome email similar to the following including a URL link to the Quick Start wizard.

Copy 
Subject: Welcome! Your Interaction Recording Application is Ready 
 
Dear <End Customer Name> Team,
 
Congratulations! Your application deployment is complete and we're thrilled to inform you that you can now start utilizing Interaction Recording . To get started, follow these steps. 
 
*M365 Administrator permissions are required for each step*
 
1.    Create 2 AAD Groups in Azure Active Directory
o    Create two security groups in AAD.
1.    One group for users that will be targeted to be recorded. Assign associated users to this newly created group.  You can start by assigning one user to the group as a test user.
2.    One group for users that will access the recording. Assign associated users to this newly created group. (This is an optional step as a default administrator will have access to all of the recordings).
 
2.    Access & Configure Application - Follow 'Quick Start' Wizard
o    Access the app at https://qaming.ai-logix.net/.
o    Log in with one of the default administrator UPNs provided before the app was deployed: tania@customername.com.
 
Step 1: Click 'Connect M365' to Grant admin consent by clicking on each 'Grant Admin Consent' option to ensure proper access and operation of the app. Once completed click 'Finish' to return to Quick Start wizard.
 
Step 2: Click 'Configure Recording' to determine what calls to record, for how long to keep, and the group of the users to record.
1.    Under 'Configuration' tab review and if needed change call types to record or retention period.
2.    Under the 'Groups Mapping' tab add the AAD security group you created to be recorded.
3.    Under the 'MSFT Policy' tab make sure to download MSFT Compliance Policy script and execute the script. Click 'Finish' to finalize the recording profile and return to Quick Start wizard. 
 
Step 3: Click 'Configure Access' to set access permissions for call recordings and the system commonly known as Roles Based Access Control (RBAC). (Optional step, default administrator has full access).
1.    Under 'Permissions' set permissions for call recording access and system configuration. 
2.    Under the 'Groups Mapping' tab add the AAD security group you created to access the recordings.
3.    Click 'Finish' to finalize the Access profile. You will receive confirmation that you are ready to start recording. 
 
That's it! Your application is now set up for use and recording! See the admin guide here.
 
Test a Call with a Targeted User:  
•    Try out a test call with a targeted user to be recorded.
•    Check you have recording notifications with the recording banner presented in Microsoft Team during the call. End the call so the recording can be played back.  
•    Navigate and click on the 'Interactions' page in top left corner navigation panel in your application to see that the call is successfully recorded and can be played back. 
 
We're excited for you to explore the possibilities of Interaction Recording! If you have any questions or need assistance, feel free to reach out. 
 
Best Regards,
Nuera Team

The Quick Start provides a three-step wizard for setting up your Interaction Insights service:

Step 1: Establishes consents to secure connection with the customer's M365 platform for all managed Azure and Interaction Insights services.
Step 2: Sets up their Recording profiles including which calls may be recorded, retention and storage period, whether to enable call notifications and call filtering. Profiles are then assigned to one or more of the customers' AAD tenant groups, and in the last stage configure additional Microsoft Teams Call policies. Once you have completed the configuration, you must download and run the Recording Profile PowerShell script.
Step 3: Setup Role-based Access Control (RBAC) for determining who can access call recordings, create and modify profiles and configure global settings.
The Quick Start wizard must be performed by the customer M365 Administrator.
You can also click in the Icon pane to open this wizard (this icon disappears once you have completed the Onboarding). Click Connect to M365 to manage the consents.
Do the following:
1. Click Connect M365 to start the wizard.

Essential Recording Tenant

The table below describes the required consents and the Enterprise applications that are created on your M365 tenant.

Consent

Description

M365 Login

Provide the application permissions to authenticate users with your M365 tenant credentials. The application reroutes users to M365 for authentication (Azure Active Directory authentication-Microsoft OpenID Connect-Oauth 2).

The permissions are required for the SmarTAP application to authenticate users utilizing your tenant AAD authentication, and Microsoft Open ID Connect (Oauth 2) authentication. The permissions enable Live Platform to reroute users accessing the Live Platform application either from a browser or from the Live Platform Teams application (see row below) to be authenticated according to your organizational M365 policy. The Deployment generates the Enterprise application <LivePlatformSer verName>-auth. Youconsent to the following permissions:

email – View users; email address (Delegated)
offline_access – Maintain access to data you have given it access to (Delegated)
openid – Sign users in (Delegated)
profile – View users’ basic profile (Delegated)
User.Read – Sign in and read user profile (Delegated)
If you published the Teams app, the following permissions are added:
AppCatalog.Submit – Submit application packages to the catalog and cancel pending submissions.
AppCatalog.ReadWrite.All – Read and write to all app catalogs

Publish Teams Client App in your Teams Store

(Optional)

Add the application to users Teams Clients for access of the application within Microsoft Teams. Click the publish button to access the app within your Teams store using M365 Administrator permissions. In the store, you can set policies for installing and automatically pinning the application for specific groups are users.

Publishing the app makes it available for users in the tenant organization within Teams store. Each user needs to add the application from their Teams admin center in order to access it from Teams.

Read Azure Active Directory Users and Groups

Provide the application permissions to read AAD groups and users from your M365 tenant to enable the groups' targeted users for recording and access to the application. Deployment of Live Platform generates the Enterprise application <LivePlatformServerName>-aad. Youconsent to the following permissions:

User.Read.All – Read all users’ full profiles (Application)
GroupMember.Read.All – Read all group memberships (Application)

Recording Calls (Teams Bot consent to join calls)

Provide the applications' Teams Bot with permissions to join your Tenant's Teams calls to record the calls' info and media. The calls-app permissions are required for the Live Platform Bot application to join your Teams’ tenant calls and to receive the media to be recorded. Deployment of Live Platform generates the Enterprise application <LivePlatformServerName>-hue. Youconsent to the following permissions:

Calls.JoinGroupCall.All - Join group calls and meetings as an app (Application)
Calls.AccessMedia.All - Access media streams in a call as an app (Application)

Redundant Recording Calls (Second Teams Bot consent to join calls)

Provide the application's Redundant Teams Bot with permissions to join your tenant's Teams calls to record the calls' info and media. The calls-app permissions are required for the Live Platform Bot application to join your Teams’ tenant calls and to receive the media to be recorded. Deployment of Live Platform generates the Enterprise application <LivePlatformServerName>-hue-paired. Youconsent to the following permissions:

Calls.JoinGroupCall.All - Join group calls and meetings as an app (Application)
Calls.AccessMedia.All - Access media streams in a call as an app (Application)

This consent is required in the event where a Pro User license has been configured for the service.
1. Click the Grant Admin Consent link for the M365 login.
2. Choose the Global admin account of your Live Platform tenant.

3. Click Accept.

4. Repeat the process for each permission.

The final action to publish the Teams Client App in your Teams Store is optional.

Tenant with Essentials license

For Pro Users with capabilities for Double Recording with Paired Bot users, an additional consent is required for the Second Teams Bot.

Tenant with Pro License

5. Click Configure Recording Profile.

6. Configure Recording Profile (see Adding Recording Profiles).

The Recording Notifications field is only displayed when enabled by the Service Provider when adding the service. In addition, the customer must sign a consent waiver.

7. Click Next to continue.
8. Assign Azure group to the profile; log in to the Azure portal for your tenant to confirm which group you wish to associate with the profile. Start typing the name of the group, and then click Add Group.

If you later add or remove group members, you must perform synchronization operation (see Synchronizing Recording Profiles).

Once assigned, the confirmation message below is displayed.

9. Click Next to continue.

10. Configure the following MSFT Policies:
Disconnect Calls when Recorder Unavailable: Calls are disconnected when recording functionality is not available.
Disable Compliance Recording Audio Notifications: Disable Microsoft Teams Recording banner notifications.
11. Click the Download Configuration Script link to download the Recording Profile script.

12. Open PowerShell console and run the following policy:
Copy 
Set-ExecutionPolicy -ExecutionPolicy Bypass

The following message may appear in the console if the above command is not run.

13. Run the script create<RecordingProfileName>-dd-m-yyyy.ps1 as Administrator. Once running, you are prompted to enter the credentials of the Azure customer tenant account.

The M365 tenant administrator running the script must have 'Teams Administrator' permissions.

14. Enter Admin credentials of your customer tenant and authenticate the tenant using the Microsoft Authenticator when prompted.

The script supports Multifactor authentication.

Once the script has successfully completed, a confirmation message is displayed in the PowerShell console as shown below.

15. Return to the wizard. Notice that Step 1 and Step 2 have completed. Proceed to Step 3.

16. Click Configure Access.
17. Configure the Access Profile (see Adding an Access Profile).

In the example above, an access profile has been assigned with maximum permissions to access all calls and perform all available configuration actions in the Web interface.

18. Click Next.

19. Assign Groups: Start typing the name of the AAD group to assign, the group name is validated and then displayed; click Add Group.

The Access Profile group assignments are synchronized automatically with your M365 platform.

20. Click Finish; the following confirmation message is displayed indicating successful completion of the wizard.