|
| 1 | +--- |
| 2 | +title: Connect Azure Communications Gateway to Operator Connect or Teams Phone Mobile |
| 3 | +description: After deploying Azure Communications Gateway, you must configure it to connect to the Operator Connect and Teams Phone Mobile environments. |
| 4 | +author: rcdun |
| 5 | +ms.author: rdunstan |
| 6 | +ms.service: communications-gateway |
| 7 | +ms.topic: integration |
| 8 | +ms.date: 07/07/2023 |
| 9 | +ms.custom: |
| 10 | + - template-how-to-pattern |
| 11 | + - has-azure-ad-ps-ref |
| 12 | +--- |
| 13 | + |
| 14 | +# Connect to Operator Connect or Teams Phone Mobile |
| 15 | + |
| 16 | +After you have deployed Azure Communications Gateway, you need to connect it to the Microsoft Phone System and to your core network. You also need to onboard to the Operator Connect or Teams Phone Mobile environments. |
| 17 | + |
| 18 | +This article describes how to set up Azure Communications Gateway for Operator Connect and Teams Phone Mobile. When you have finished the steps in this article, you will be ready to [Prepare for live traffic](prepare-for-live-traffic-operator-connect.md) with Operator Connect, Teams Phone Mobile and Azure Communications Gateway. |
| 19 | + |
| 20 | +## Prerequisites |
| 21 | + |
| 22 | +You must have carried out all the steps in [Deploy Azure Communications Gateway](deploy.md). |
| 23 | + |
| 24 | +You must have access to a user account with the Azure Active Directory Global Admin role. |
| 25 | + |
| 26 | +## 1. Add the Project Synergy application to your Azure tenancy |
| 27 | + |
| 28 | +> [!NOTE] |
| 29 | +>This step and the next step ([2. Assign an Admin user to the Project Synergy application](#2-assign-an-admin-user-to-the-project-synergy-application)) set you up as an Operator in the Teams Phone Mobile (TPM) and Operator Connect (OC) environments. If you've already gone through onboarding, go to [3. Find the Object ID and Application ID for your Azure Communication Gateway resource](#3-find-the-object-id-and-application-id-for-your-azure-communication-gateway-resource). |
| 30 | +
|
| 31 | +The Operator Connect and Teams Phone Mobile programs require your Azure Active Directory tenant to contain a Microsoft application called Project Synergy. Operator Connect and Teams Phone Mobile inherit permissions and identities from your Azure Active Directory tenant through the Project Synergy application. The Project Synergy application also allows configuration of Operator Connect or Teams Phone Mobile and assigning users and groups to specific roles. |
| 32 | + |
| 33 | +To add the Project Synergy application: |
| 34 | + |
| 35 | +1. Check whether the Azure Active Directory (`AzureAD`) module is installed in PowerShell. Install it if necessary. |
| 36 | + 1. Open PowerShell. |
| 37 | + 1. Run the following command and check whether `AzureAD` appears in the output. |
| 38 | + ```azurepowershell |
| 39 | + Get-Module -ListAvailable |
| 40 | + ``` |
| 41 | + 1. If `AzureAD` doesn't appear in the output, install the module: |
| 42 | + 1. Close your current PowerShell window. |
| 43 | + 1. Open PowerShell as an admin. |
| 44 | + 1. Run the following command. |
| 45 | + ```azurepowershell |
| 46 | + Install-Module AzureAD |
| 47 | + ``` |
| 48 | + 1. Close your PowerShell admin window. |
| 49 | +1. Sign in to the [Azure portal](https://ms.portal.azure.com/) as an Azure Active Directory Global Admin. |
| 50 | +1. Select **Azure Active Directory**. |
| 51 | +1. Select **Properties**. |
| 52 | +1. Scroll down to the Tenant ID field. Your tenant ID is in the box. Make a note of your tenant ID. |
| 53 | +1. Open PowerShell. |
| 54 | +1. Run the following cmdlet, replacing *`<AADTenantID>`* with the tenant ID you noted down in step 5. |
| 55 | + ```azurepowershell |
| 56 | + Connect-AzureAD -TenantId "<AADTenantID>" |
| 57 | + New-AzureADServicePrincipal -AppId eb63d611-525e-4a31-abd7-0cb33f679599 -DisplayName "Operator Connect" |
| 58 | + ``` |
| 59 | +
|
| 60 | +## 2. Assign an Admin user to the Project Synergy application |
| 61 | +
|
| 62 | +The user who sets up Azure Communications Gateway needs to have the Admin user role in the Project Synergy application. Assign them this role in the Azure portal. |
| 63 | +
|
| 64 | +1. In the Azure portal, navigate to **Enterprise applications** using the left-hand side menu. Alternatively, you can search for it in the search bar; it's under the **Services** subheading. |
| 65 | +1. Set the **Application type** filter to **All applications** using the drop-down menu. |
| 66 | +1. Select **Apply**. |
| 67 | +1. Search for **Project Synergy** using the search bar. The application should appear. |
| 68 | +1. Select your **Project Synergy** application. |
| 69 | +1. Select **Users and groups** from the left hand side menu. |
| 70 | +1. Select **Add user/group**. |
| 71 | +1. Specify the user you want to use for setting up Azure Communications Gateway and give them the **Admin** role. |
| 72 | +
|
| 73 | +## 3. Find the Object ID and Application ID for your Azure Communication Gateway resource |
| 74 | +
|
| 75 | +Each Azure Communications Gateway resource automatically receives a [system-assigned managed identity](../active-directory/managed-identities-azure-resources/overview.md), which Azure Communications Gateway uses to connect to the Operator Connect environment. You need to find the Object ID and Application ID of the managed identity, so that you can connect Azure Communications Gateway to the Operator Connect or Teams Phone Mobile environment in [4. Set up application roles for Azure Communications Gateway](#4-set-up-application-roles-for-azure-communications-gateway) and [7. Add the Application ID for Azure Communications Gateway to Operator Connect](#7-add-the-application-id-for-azure-communications-gateway-to-operator-connect). |
| 76 | +
|
| 77 | +1. Sign in to the [Azure portal](https://azure.microsoft.com/). |
| 78 | +1. In the search bar at the top of the page, search for your Communications Gateway resource. |
| 79 | +1. Select your Communications Gateway resource. |
| 80 | +1. Select **Identity**. |
| 81 | +1. In **System assigned**, copy the **Object (principal) ID**. |
| 82 | +1. Search for the value of **Object (principal) ID** with the search bar. You should see an enterprise application with that value under the **Azure Active Directory** subheading. You might need to select **Continue searching in Azure Active Directory** to find it. |
| 83 | +1. Make a note of the **Object (principal) ID**. |
| 84 | +1. Select the enterprise application. |
| 85 | +1. Check that the **Object ID** matches the **Object (principal) ID** value that you copied. |
| 86 | +1. Make a note of the **Application ID**. |
| 87 | +
|
| 88 | +## 4. Set up application roles for Azure Communications Gateway |
| 89 | +
|
| 90 | +Azure Communications Gateway contains services that need to access the Operator Connect API on your behalf. To enable this access, you must grant specific application roles to the system-assigned managed identity for Azure Communications Gateway under the Project Synergy Enterprise Application. You created the Project Synergy Enterprise Application in [1. Add the Project Synergy application to your Azure tenancy](#1-add-the-project-synergy-application-to-your-azure-tenancy). |
| 91 | +
|
| 92 | +> [!IMPORTANT] |
| 93 | +> Granting permissions has two parts: configuring the system-assigned managed identity for Azure Communications Gateway with the appropriate roles (this step) and adding the application ID of the managed identity to the Operator Connect or Teams Phone Mobile environment. You'll add the application ID to the Operator Connect or Teams Phone Mobile environment later, in [7. Add the Application ID for Azure Communications Gateway to Operator Connect](#7-add-the-application-id-for-azure-communications-gateway-to-operator-connect). |
| 94 | +
|
| 95 | +Do the following steps in the tenant that contains your Project Synergy application. |
| 96 | +
|
| 97 | +1. Check whether the Azure Active Directory (`AzureAD`) module is installed in PowerShell. Install it if necessary. |
| 98 | + 1. Open PowerShell. |
| 99 | + 1. Run the following command and check whether `AzureAD` appears in the output. |
| 100 | + ```azurepowershell |
| 101 | + Get-Module -ListAvailable |
| 102 | + ``` |
| 103 | + 1. If `AzureAD` doesn't appear in the output, install the module: |
| 104 | + 1. Close your current PowerShell window. |
| 105 | + 1. Open PowerShell as an admin. |
| 106 | + 1. Run the following command. |
| 107 | + ```azurepowershell |
| 108 | + Install-Module AzureAD |
| 109 | + ``` |
| 110 | + 1. Close your PowerShell admin window. |
| 111 | +1. Sign in to the [Azure portal](https://ms.portal.azure.com/) as an Azure Active Directory Global Admin. |
| 112 | +1. Select **Azure Active Directory**. |
| 113 | +1. Select **Properties**. |
| 114 | +1. Scroll down to the Tenant ID field. Your tenant ID is in the box. Make a note of your tenant ID. |
| 115 | +1. Open PowerShell. |
| 116 | +1. Run the following cmdlet, replacing *`<AADTenantID>`* with the tenant ID you noted down in step 5. |
| 117 | + ```azurepowershell |
| 118 | + Connect-AzureAD -TenantId "<AADTenantID>" |
| 119 | + ``` |
| 120 | +1. Run the following cmdlet, replacing *`<CommunicationsGatewayObjectID>`* with the Object ID you noted down in [3. Find the Object ID and Application ID for your Azure Communication Gateway resource](#3-find-the-object-id-and-application-id-for-your-azure-communication-gateway-resource). |
| 121 | + ```azurepowershell |
| 122 | + $commGwayObjectId = "<CommunicationsGatewayObjectID>" |
| 123 | + ``` |
| 124 | +1. Run the following PowerShell commands. These commands add the following roles for Azure Communications Gateway: `TrunkManagement.Read`, `TrunkManagement.Write`, `partnerSettings.Read`, `NumberManagement.Read`, `NumberManagement.Write`, `Data.Read`, `Data.Write`. |
| 125 | + ```azurepowershell |
| 126 | + # Get the Service Principal ID for Project Synergy (Operator Connect) |
| 127 | + $projectSynergyApplicationId = "eb63d611-525e-4a31-abd7-0cb33f679599" |
| 128 | + $projectSynergyEnterpriseApplication = Get-AzureADServicePrincipal -Filter "AppId eq '$projectSynergyApplicationId'" |
| 129 | + $projectSynergyObjectId = $projectSynergyEnterpriseApplication.ObjectId |
| 130 | + |
| 131 | + # Required Operator Connect - Project Synergy Roles |
| 132 | + $trunkManagementRead = "72129ccd-8886-42db-a63c-2647b61635c1" |
| 133 | + $trunkManagementWrite = "e907ba07-8ad0-40be-8d72-c18a0b3c156b" |
| 134 | + $partnerSettingsRead = "d6b0de4a-aab5-4261-be1b-0e1800746fb2" |
| 135 | + $numberManagementRead = "130ecbe2-d1e6-4bbd-9a8d-9a7a909b876e" |
| 136 | + $numberManagementWrite = "752b4e79-4b85-4e33-a6ef-5949f0d7d553" |
| 137 | + $dataRead = "eb63d611-525e-4a31-abd7-0cb33f679599" |
| 138 | + $dataWrite = "98d32f93-eaa7-4657-b443-090c23e69f27" |
| 139 | + |
| 140 | + $requiredRoles = $trunkManagementRead, $trunkManagementWrite, $partnerSettingsRead, $numberManagementRead, $numberManagementWrite, $dataRead, $dataWrite |
| 141 | + |
| 142 | + foreach ($role in $requiredRoles) { |
| 143 | + # Assign the relevant Role to the managed identity for the Azure Communications Gateway resource |
| 144 | + New-AzureADServiceAppRoleAssignment -ObjectId $commGwayObjectId -PrincipalId $commGwayObjectId -ResourceId $projectSynergyObjectId -Id $role |
| 145 | + } |
| 146 | + |
| 147 | + ``` |
| 148 | +
|
| 149 | +## 5. Provide additional information to your onboarding team |
| 150 | +
|
| 151 | +> [!NOTE] |
| 152 | +>This step is required to set you up as an Operator in the Teams Phone Mobile (TPM) and Operator Connect (OC) environments. Skip this step if you have already onboarded to TPM or OC. |
| 153 | +
|
| 154 | +Before your onboarding team can finish onboarding you to the Operator Connect and/or Teams Phone Mobile environments, you need to provide them with some additional information. |
| 155 | +
|
| 156 | +1. Wait for your onboarding team to provide you with a form to collect the additional information. |
| 157 | +1. Complete the form and give it to your onboarding team. |
| 158 | +1. Wait for your onboarding team to confirm that the onboarding process is complete. |
| 159 | +
|
| 160 | +If you don't already have an onboarding team, contact [email protected], providing your Azure subscription ID and contact details. |
| 161 | +
|
| 162 | +## 6. Test your Operator Connect portal access |
| 163 | +
|
| 164 | +> [!IMPORTANT] |
| 165 | +> Before testing your Operator Connect portal access, wait for your onboarding team to confirm that the onboarding process is complete. |
| 166 | +
|
| 167 | +Go to the [Operator Connect homepage](https://operatorconnect.microsoft.com/) and check that you're able to sign in. |
| 168 | +
|
| 169 | +## 7. Add the Application ID for Azure Communications Gateway to Operator Connect |
| 170 | +
|
| 171 | +You must enable the Azure Communications Gateway application within the Operator Connect or Teams Phone Mobile environment. Enabling the application allows Azure Communications Gateway to use the roles that you set up in [4. Set up application roles for Azure Communications Gateway](#4-set-up-application-roles-for-azure-communications-gateway). |
| 172 | +
|
| 173 | +To enable the application, add the Application ID of the system-assigned managed identity representing Azure Communications Gateway to your Operator Connect or Teams Phone Mobile environment. You found this ID in [3. Find the Object ID and Application ID for your Azure Communication Gateway resource](#3-find-the-object-id-and-application-id-for-your-azure-communication-gateway-resource). |
| 174 | +
|
| 175 | +1. Log into the [Operator Connect portal](https://operatorconnect.microsoft.com/operator/configuration). |
| 176 | +1. Add a new **Application Id**, using the Application ID that you found. |
| 177 | +
|
| 178 | +## 8. Register your deployment's domain name in Active Directory |
| 179 | +
|
| 180 | +Microsoft Teams only sends traffic to domains that you've confirmed that you own. Your Azure Communications Gateway deployment automatically receives an autogenerated fully qualified domain name (FQDN). You need to add this domain name to your Active Directory tenant as a custom domain name, share the details with your onboarding team and then verify the domain name. This process confirms that you own the domain. |
| 181 | +
|
| 182 | +1. Navigate to the **Overview** of your Azure Communications Gateway resource and select **Properties**. Find the field named **Domain**. This name is your deployment's domain name. |
| 183 | +1. Complete the following procedure: [Add your custom domain name to Azure AD](../active-directory/fundamentals/add-custom-domain.md#add-your-custom-domain-name-to-azure-ad). |
| 184 | +1. Share your DNS TXT record information with your onboarding team. Wait for your onboarding team to confirm that the DNS TXT record has been configured correctly. |
| 185 | +1. Complete the following procedure: [Verify your custom domain name](../active-directory/fundamentals/add-custom-domain.md#verify-your-custom-domain-name). |
| 186 | +
|
| 187 | +## Next step |
| 188 | +
|
| 189 | +> [!div class="nextstepaction"] |
| 190 | +> [Prepare for live traffic with Operator Connect and Teams Phone Mobile](prepare-for-live-traffic-operator-connect.md) |
0 commit comments