Technical Documentation
Search for in-depth articles on Synergy SKY tools and technologies.

  • There are no suggestions because the search field is empty.
 

Support > Features > Microsoft Teams Lobby Auto Admit

Microsoft Teams Lobby Auto Admit

Overview

A safe and secure way to admit VTC rooms into Teams meetings.   
In the Synergy SKY Management Suite, video devices you control can be defined as either secure or unsecure / black- or whitelisted. Rooms marked as secure will then be able to bypass the lobby and get directly into the meeting.

 

Prerequisites

  • SUITE version: 31.10.6698 or later
  • Azure and Microsoft Teams admin rights
  • Service Account with Microsoft Teams User License with Multi-factor Authentication disabled
  • Username and Password for the service account

 

Azure Configuration

  1. In Azure navigate to Communication Services
  2. Click Create
  3. Select your Azure subscription, Resource Group, create Resource Name for this service and select data location.  If you do not have a Resource Group, you will need to create a new Resource group by clicking "Create New".

    Create Resource



  4. Once Azure has processed the request, navigate to Keys and copy Connection string you will require this later to use in SUITE.

    Keys

  5. A new App Registration is required with following API permissions:
    • Azure Communication Services
      API permission 1
      API permission 2
      1. Teams.ManageCalls
      2. Teams.ManageChats
    • Microsoft Graph
      1. OnlineMeetings.Read.All (Application Permission)
      2. openid (Delegated Permission)
      3. User.Read (Present by Default)
      4. User.Read.All (Application Permission)

      API permission 3

  6. Under Authentication section, ensure that "Allow public client flows" is turned on

    Advanced settings

  7. Create a new secret for the app registration, this will be required to add the new app registration to SUITE.
  8. Copy Application (client) ID and Directory (tenant) ID. Keep the secret, application ID and directory ID in temporary notepad to be used in SUITE.

    LobbyAutoAdmit

Microsoft Teams Policy

In order to apply/grant the policy access you need to add the App Registration to Global policy. To do this, you will need to have the Application (Client) ID or provide it to your Microsoft Teams Admin.

 

You can find Microsoft guide on installing the Microsoft Teams Module here.

 

To be able to set/add policies you will need to be able to run commands using MicrosoftTeams module in PowerShell.

  1. Import Microsoft Teams Module to be available in PowerShell by running the following command
    Import-Module MicrosoftTeams
  2. Connect to Microsoft Teams backend using:
    Connect-MicrosoftTeams
  3. You can double check if there are any pre-existing policy/apps assigned to Global or any other existing Policies by running:
    Get-CsApplicationAccessPolicy
  4. To add the new app registration for Microsoft Teams Lobby Auto Admit to function there are two options:
    1. If you have any application ID's listed in Global you will need to use an alternative method, as performing Grant-CsApplicationAccessPolicy will replace everything in Global with application ID's from the Policy you have applied to it. 

      1. Instead of creating you can add additional app registration to a policy by running the following:

        Set-CsApplicationAccessPolicy -Identity <your_access_policy> -AppIds @{Add="<applicationid>"}

        You can use this to add the new application ID directly to Global if you do not have any other application access policies but have previously granted applications directly to global.

      2. Adding the new application ID to an application access policy you will need to grant the application access policy to global by running the following:
        Grant-CsApplicationAccessPolicy -PolicyName <your_access_policy> -Global

    2. The following is only to be used when there is no other Application policies in place and need to create a new one.
      1. To create a new policy run the following command.
        New-CsApplicationAccessPolicy -Identity ssky_lobby -AppIds <applicationid>
      2. Then you need to grant the new policy at global level by running the following:
        Grant-CsApplicationAccessPolicy -PolicyName ssky_lobby -Global
      3. You can move to configuring SUITE to configure the new app registrations.

 

Configuring SUITE for Lobby Auto Admit

To add and enable Lobby Auto Admit in SUITE you need to do the following:


    1. Within Config Tool navigate to General Settings -> Integration Settings
    2. Add Connection
    3. Select MS Graph API
    4. Enter the details from LobbyAutoAdmit app registration and test connection.

      Edit connection

    5. Click Save
    6. Add API Integration
    7. From drop down select Teams Lobby and the Connection you have created

      teams lobby

    8. Enter the service account user (E-Mail), password and Connection string from Communication services.
    9. Test Connection, this will successfully test when earlier steps have been completed successfully.
    10. Click Save and Save Changes
    11. Navigate to Rooms as the name of the rooms in SUITE configuration will have to be updated.
    12. The Room Name has to match exactly how the room will be displayed.
      For example, a Webex Registered video system takes the workspace name. In the following example the name it will display in the meeting is "Endpoint Display Name".

      Endpoint display name

    13. Enable Lobby Bypass toggle.
    14. Repeat for all rooms that you would like to have this enabled for.
    15. Go to the respective video system(s) under video systems and ensure that the SIP URI is correct for the video system.
    16. Save Changes and deploy configuration.

Still in need of help?

Create a ticket