Our platform is 100% dependent on the permissions that are assigned to your account in Office365. As the platform grows with new features we will time to time require different permissions. Below are the current minimum permissions used as of today.
In this article:
Allows you to view your Teams phone system users & make changes:
Skype for Business Administrator
Teams Communications Admin
User Permissions to manage the portal
Permissions to create & view global phone contacts
Exchange Mail Recipient Creation
Exchange Mail Recipient
Logging in when your account is 2-Factor Authenticated
We must enable the portal to bypass Multi-Factor Authentication (MFA). This is because the Microsoft Teams API currently does not support two factor authentication at this time. Making this change will ONLY effect the MFA behaviour for our portal an NO where else.
Note: In the future when MFA is supported, then we will update you.
There are two scenarios that you need to review to decide what scenario fits your business.
Scenario 1: You are NOT using Azure Premium licenses, but the free built in security for Office 365.
Scenario 2: You are using Azure Premium licenses and Conditional policies for more granular security.
Check and Type in the IP, so that it is trusted when any user accesses the web portal.
It is recommended to setup conditional access policy from the Azure Active Directory UI via the following steps:
1. First we want disable the free portal setting for the user as this overwrites any settings in Azure. Make sure none of your users who will log into the portal, have this Muliti-Factor Auth Status enabled.
2. Sign in to Azure AD portal with the admin account.
3. Click Azure Active Directory > Security >Named Locations >click "+" to create a New IP range locations.
4. Click Azure Active Directory > Security >Named Locations >Conditional Access >click "+" to create a New policy.
5. Type the name of the policy.
6. Under Assignments > Users and groups, select the specific users who need to sign into the portal.
7. Select Cloud apps or actions, and make sure "All cloud apps" is selected.
8. In the Conditions tab, click Locations > switch to Yes under Configure, then under exclude, select Selected locations > MFA Trusted IPs.
Include: Any Location
Exclude: Selected locations
Enable user for Telephony
The user will require a Microsoft License ( Pick one of any of the following) :
- Microsoft 365 Business Basic
- Microsoft 365 Business Standard
- Microsoft 365 Business Advanced
All of the licenses above require a Microsoft Phone System License per user (about $11) except the E5 license already includes this.