Skip to main content
CallTower Solutions Center

MS Teams Direct Routing - CallTower Service Account Implementation

  1. Last updated
  2. Save as PDF

 

After completing this how-to you will have an account to provide to your CallTower Implementation Manager or Support contact, or to directly populate in CallTower Connect. 

IMPORTANT NOTE:  For customers that will be provisioning users with phone numbers via CallTower Connect admin portal only, or GCCH customers where CallTower is performing the activation of services. This service account is only for Direct Routing customers. This does not apply to Operator Connect customers.

Step 1

Begin by Launching your Microsoft 365 Admin Center and browsing to the Users section.

clipboard_e4302e78fd078a3e69b1cdd34508302f3.png

Step 2

Then continue with by clicking on "Add a user" and fill out the form. You may use any Name required to signify the purpose of this account. We recommend generating a password with no fewer than 24 characters, you may use any of these 3rd party services to generate that password:

LastPass - https://www.lastpass.com/features/pa...#generatorTool
Norton - https://my.norton.com/extspa/passwor...r?path=pwd-gen
Avast - https://www.avast.com/en-us/random-password-generator#pc
BitWarden - https://bitwarden.com/password-generator/
1Password - https://1password.com/password-generator/
Dashlane - https://www.dashlane.com/features/password-generator
F-Secure - https://www.f-secure.com/us-en/home/free-tools/password-generator

clipboard_e01e36f68f4d350e76d54265c6bdc0bb2.png

Enter the Email Address of your Project Manager, Support Rep or Yourself as needed. Then Click Next.

Step 3

Select "Create user without product license" 

clipboard_eac953a956f660a73c6e04134bb687487.png

Then Click Next.

Step 4

IMPORTANT NOTE:  The "Teams Communication Administrator " role is required so that CallTower Connect can assign numbers to both Users and Resource Accounts. The "User Administrator" role is required for GCCH customers only and will allow CallTower to build and license Teams resource accounts for auto attendants and call queues.

Select "Admin center access"

Teams Communication Administrator

User Administrator  (GCCH customers where CallTower is performing the service activation, or pro services only)

Domain Name Administrator  (GCCH customers where CallTower is performing the service activation only) 

Tip: Use the "Show all by category" drop down to select the role.

clipboard_ec0d0be65a3a202f27bec2038d51c9079.png

clipboard_e56d17d344cb5bd17a54204363c16a3c6.png

clipboard_ecbf6db3976b957ab41942d0b7ab25a87.png

 

Then Click Next.

Step 5

Review the final configuration of the service account.

clipboard_e16d694032eb588da635a95a6f8a179ce.png

If everything appears correctly click "Finish adding".

Copy any details you need to retain then click "Close"

Step 6

IMPORTANT NOTE: Check to make sure this service account is excluded from any Conditional Access Rules or MFA requirements. CallTower Connect, will be unable to process the required PowerShell to configure your tenant when MFA is enforced for the account. 

Adding A Named Location IP Range 

Edit section

Please note that these steps are only required if a service account has been requested by Calltower.

If a service account hasn’t been requested, these steps are not needed.

  1. Login to https://entra.microsoft.com or https://entra.microsoft.us for GCC High Customers
  2. Navigate to “Microsoft Entra ID”.  
  3. Select “Security” from the left-hand menu.    
  4. Select “Named locations”.  
  5. Towards the top of the page, you will see an option to add “IP ranges location”. Select this option.
  6. Enter a name, such as “Calltower IPs”.
  7. Click the “+” to add the first range “69.4.184.0/24” and then click “Add” once entered.
  8. Repeat step 7 to add the second range “205.196.174.0/24”.
  9. Click “Create” at the bottom right corner of the page.

clipboard_edf8ffbbf17235a6f68de47c0eeed2b6b.png

clipboard_e24c303b1c470ef850c93756bdbd61d17.png

 

Update your existing conditional access policies.

IMPORTANT NOTE: you will need to do this for any conditional access policy that blocks legacy authentication, requires MFA, or requires PC compliance

  1. Click on Conditional Access and click on the policies then select the policy
  2. Under the “Network” section select “Any network or location”.
  3. Change the “Configure” toggle to “Yes
  4. Select the option for “Selected networks and locations” and then select “none”.
  5. Under the “Select” section, add the previously created location with the Calltower IPs. and Save

exclusion.png

 

What's Next

Confirm you have at least one license available for activation of the SBC domains that will be added to the Tenant.

  • The licenses will need to include Teams. E1, E3, E5, F3, Business Basic-Premium, Teams Resource Account etc
  • The activation users will be created and removed during the setup process.

Next confirm with your CallTower Project Manager or Support Rep that they have received the username and password in email.

Information:

Connect automation will use the "Domain Name Administrator" role to add two domains to your tenant one for each SBC, the "User Administrator Role" is needed for after the domains are added.  An activation user will be created on each of those domains and given a license which includes Microsoft Teams. Once the activation users are in place Connect will be able to create the PSTN Gateways within the voice routing policy, at which point the activation users can be removed and the "Domain Name Administrator" role and "User Administrator" role will no longer be required.

Once you are no longer in Implementation you will have the ability to update this password as needed use the following link to find instructions on updating the service account password:

Updating the Password for a Direct Routing Service Account - CallTower Solutions Center (uc.solutions)

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Reference
  2. Tags
    This page has no tags.