Skip to main content
All CollectionsCommunications Sources
Implementing Microsoft Teams Voice & Meetings capture
Implementing Microsoft Teams Voice & Meetings capture

How to configure Microsoft Teams compliance recording capture

Updated over 3 months ago

MCO eComms service includes a recording bot leveraging the compliance recording capabilities of Microsoft Teams. Configuring capture of Teams calls and meetings requires enabling a compliance based recording policy associated to at least one user within the Microsoft Entra ID Tenant.

After that is done, an MCO eComms account administrator will need to configure the Microsoft Teams Voice & Meetings integration settings to connect the app to your recording policy configuration in Microsoft Teams.

The last step ensuring covered users are mapped to their Microsoft Teams V&M identities. These may be the same as those used by Teams Chat or, some users, may have multiple identities associated with them.

Setting up Compliance Recording Policy

Configuring Microsoft Teams Voice & Meetings integration

Mapping covered Users

For more information, please see the Introduction to Teams recording article from Microsoft. The relevant content involves "Third-party Compliance recording".

Setting up Compliance Recording Policy

A compliance recording policy is used to define which users will be recorded, using which third party recorder. Setup requires the user of Powershell.

The Microsoft Entra Id tenant will require at least one user allocated for the bot to be used. This can be an existing user or a new one can be created e.g. for testing.

Prerequisites

  • PowerShell (5.1, comes with Windows) as Administrator

  • PowerShell execution policy of at least RemoteSigned

  • PowerShell Module (MicrosoftTeams or SkypeForBusiness)

  • Microsoft Entra Id administrator user role

Throughout this Documentation we will use the MicrosoftTeams PowerShell Module.
You can also use the SkypeForBusiness Module, either one works. The relevant Commands are available in both Modules.

Connect to the MicrosoftTeams Powershell Module

You will use the Microsoft Entra Id administrator for all commands. To connect to MicrosoftTeam Powershell Module:

  1. Run PowerShell (as admin)

    • Click the Windows Start menu button and type PowerShell.

    • Open the Context Menu (right click) of the Windows PowerShell entry and select Run as Administrator.

  2. In an elevated (Run as Admin) PowerShell Terminal enable execution using Set-PsExecutionPolicy.

    Set-PsExecutionPolicy RemoteSigned

  3. Install the module:

    Install-Module MicrosoftTeams

    Or if it is already installed, update the module:

    Update-Module MicrosoftTeams

  4. Activate the module

    Import-Module MicrosoftTeams

  5. Sign in with your Azure credentials (Microsoft Entra ID administrator).

    Connect-MicrosoftTeams

For additional information see Microsoft Teams documentation Install the Microsoft Teams PowerShell Module and sign in with your Azure Credentials

Setup a Compliance Policy for Teams

While connected as the Microsoft Entra ID administrator to the Activated MicrosoftTeams Module, the next steps setup the recording policy.

The following are required to create a policy in Teams:

  • An Application Instance (Microsoft Entra ID Resource)

  • A Recording Policy (the actual compliance policy)

  • A Recording Application (A link between the policy and the application)

Create the Application Instance

Using the New-CsOnlineApplicationInstance Powershell command, create an application instance in Microsoft Entra ID.

New-CsOnlineApplicationInstance `
 -UserPrincipalName <email of the generated microsoft entra id resource> `
 -DisplayName <a name for the generated microsoft entra id resource> `
 -ApplicationId 82da7f37-355e-4430-a678-1ff49f539458

The ApplicationId 82da7f37-355e-4430-a678-1ff49f539458 is the designated recorder application id provided by MCO.

After executing the above command the ObjectId should be displayed. It can also be retrieved using the following command.

Get-CsOnlineApplicationInstance -DisplayName <the name you provided>

You will now have to Synchronize this Application Instance into the Agent Provisioning Service.

Sync-CsOnlineApplicationInstance `
 -ObjectId <the object id of the Application Instance> ` 
 -ApplicationId 82da7f37-355e-4430-a678-1ff49f539458

Create the policy

Create the recording to be applied to users for the use of the recording application with the New-CsTeamsComplianceRecordingPolicy command.

New-CsTeamsComplianceRecordingPolicy `
 -Identity <provide a name for your policy> `
 -Enabled $true

With this, you will just have a policy with a unique Identity.


You can already assign this policy to users, but it will not do anything, because it does not have any Recording Applications assigned to it yet.

Create the Recording Application

Create the recording application associating the recording policy just created with the application instance using New-CsTeamsComplianceRecordingApplication.

New-CsTeamsComplianceRecordingApplication `
 -Parent <Recording Policy Name> `
 -Id <Application Instance Object Id>

The Parent is the Parameter Identity from the New-CsTeamsComlianceRecordingPolicy in the prior step.

The Id is the Object ID of the Object created with New-CsOnlineApplicationInstance.

When complete, you now have:

  1. Assigned an Application in your own Entra (Application Instance),

  2. which points to an application on an external Entra (Application Id that was assigned to Application Instance),

  3. to a Teams Compliance Policy (by using its name)

Use the policy

To be able to use the Policy, you will need to assign the policy to Users or Groups. The following options provide alternative ways to assign the policy within your organization using the Grant-CsTeamsComplianceRecordingPolicy command.

NOTE: It may take a few minutes and logged in users need a new access token (logout and login again) before the recording policy takes effect.

Option 1: Assign the Policy to a tenant

To assign the policy to all users of your tenant, use the Global option.

Grant-CsTeamsComplianceRecordingPolicy `
 -Global `
 -PolicyName <Recording Policy Name>

This assigns the policy, of the name given in earlier steps, to all users of your tenant.

Option 2: Assign the Policy to a user

To assign the policy to specific users, use the following option:

Grant-CsTeamsComplianceRecordingPolicy `
 -Identity <User Principal Name> `
 -PolicyName <Recording Policy Name>

This assigns the policy to the user specified by its user principal name(UPN). The UPN is often also the email address of the user, but it does not have to be. The upn of a user can be found in the user overview of the Microsoft Entra Admin Center.

To verify if the policy was successfully assigned, you can run:

Get-CsOnlineUser <User Principal Name> | ft sipaddress, tenantid, TeamsComplianceRecordingPolicy


If the policy has been assigned successfully the output should look similar to:

SipAddress TenantId TeamsComplianceRecordingPolicy ---------- -------- ------------------------------ sip: 00000000- <Recording Policy Name>

Option 3: Assign the Policy to a group

The most common way to assign policies is through groups. To assign using a group, use the following:

Grant-CsTeamsComplianceRecordingPolicy `
 -Group <Group Object Id> `
 -PolicyName <Recording Policy Name>

This assigns the policy to all users of the group specified by the object id of the group. Groups can be security groups and Microsoft 365 groups, the object id of a group can be found in the group overview of the Microsft Entra Admin Center.

Remove Recording Policy Assignment

Removing a recording policy Assignment is very similar to assigning a recording policy. Passing $null as the PolicyName parameter will remove a recording policy.

Remove policy

You can list all configured policies using the following command:

Get-CsTeamsComplianceRecordingPolicy

Then use the Remove-CsTeamsComplianceRecordingPolicy command to remove the policy.

Remove-CsTeamsComplianceRecordingPolicy -Identity <Policy Name>

Optional

Optionally, you can also remove the other configuration entities, like CsOnlineApplicationInstance. The underlying user principal will have to be removed through directory operations on the Entra.

Configuring Microsoft Teams Voice & Meetings integration

MCO eComms uses a Microsoft app to connect your Teams environment to your eComms instance. The name of this app is “MCO eComms Teams Archiver”.

Integration settings

  1. Open the UI and go to Integrations > menu. Click on the ellipsis.

  2. Click Connect.

    You should be prompted to select the Microsoft account that you would like to use to install the eComms app.

  3. You should get a confirmation message asking you to acknowledge connecting eComms with your Teams environment. This may prompt you to enter credentials to your Azure environment that has the role of Application Administrator or Cloud Application Administrator. This will automatically add the MCO eComms application to your Azure enterprise.

Mapping covered Users

The specific users that you would like to start archiving and monitoring their Teams meetings will need to be specified in eComms.

  1. Go to Settings > Users.

  2. You will need to select the edit button on the far right on the users that you will want to monitor. You will need to add “Teams V&M” and their teams email to the “Sources list”. To do this select the “Edit” button in the “Sources” section of the user’s profile.

  3. Once saved this user Teams chat messages will start archiving and, if wanted, start being monitored with their already chosen policies. Please note multiple emails can be entered for a single user. (please note that the same users must also be included in the Microsoft Teams policy as well)

Related Articles
Implementing Microsoft Teams Chat (Legacy)
Microsoft Teams Chat
Implementing Microsoft Teams Chat
Implementing Microsoft Teams Chat (R&A)
Microsoft Teams Voice & Meetings
Did this answer your question?