Skip to main content
CallTower Solutions Center

MS Teams Direct Routing - CallTower Service Account Implementation


After completing this how-to you will have an account to provide to your CallTower Implementation Manager or Support contact, or to directly populate in CallTower Connect. 

First Step

Begin by Launching your Microsoft 365 Admin Center and browsing to the Users section.


Second Step

Then continue with by clicking on "Add a user" and fill out the form. You may use any Name required to signify the purpose of this account. We recommend generating a password with new fewer then 24 characters, you may use any of these 3rd party services to generate that password:

LastPass -
Norton -
Avast -
BitWarden -

1Password -
Dashlane -
F-Secure -


Enter the Email Address of your Project Manager, Support Rep or Yourself as needed. Then Click Next.

Third Step

Select "Create user without product license" 


Then Click Next.

Fourth Step

Select "Admin center access" then select the following roles:

Teams Administrator 
Skype for Business Administrator
User Administrator (needed only during implementation and engineering activation process, licensing activation accounts and resouce accounts as needed)
Domain Name Administrator (needed only for engineering activation process, adding direct routing FQDN's to the tenat)

use the "Show all by category" drop down to find (Domain Name Administrator) and (Skype for Business Administrator)





Then Click Next.

  Important Note:  The "Domain Name Administrator" role is temporary and this role should be removed after the service has been enabled. "Domain Name Administrator" role is only required to add the sub domains for access to CallTower SBC's. The "User Administration" role is used to add activation users to those domains with the correct licensing. Once that process has completed only the "Teams Administrator " and "Skype for Business Administrator" roles are required so that CallTower Connect can assign numbers to both users and resource accounts.

Fifth Step

Review the final configuration of the service account.


If everything appears correctly click "Finish adding".


Copy any details you need to retain then click "Close"

IMPORTANT NOTE: Check to make sure this service account is excluded from any Conditional Access Rules or MFA requirements. CallTower Connect, Will be unable to process the required PowerShell to configure your tenant when MFA is enforced for the account. 

  • CallTower Datacenter IP Addresses for MFA Exclusions: and

What's Next

Confirm you have Two available licenses available for activation of the SBC domains that will be added to the Tenant.

  • The licenses will need to include Teams. E1, E3, E5, F3, Business Basic-Premium. Teams Exploratory, etc
  • The activation users will be created and removed during the automated process.

Next confirm with your CallTower Project Manager or Support Rep that they have received the username and password in email.


Connect automation will use the "Domain Name Administrator" role to add two domains to your tenant one for each SBC, the "User Administrator Role" is needed for after the domains are added.  An activation user will be created on each of those domains and given a license which includes Microsoft Teams. Once the activation users are in place Connect will be able to create the PSTN Gateways within the voice routing policy, at which point the activation users can be removed and the "Domain Name Administrator" role and "User Administrator" role will no longer be required.

Once you are no longer in Implementation you will have the ability to update this password as needed use the following link to find instructions on updating the service account password:

Updating the Password for a Direct Routing Service Account - CallTower Solutions Center (

  • Was this article helpful?