MS Teams Direct Routing - CallTower Service Account Implementation
After completing this how-to you will have an account to provide to your CallTower Implementation Manager or Support contact, or to directly populate in CallTower Connect.
IMPORTANT NOTE: For customers that will be provisioning users with phone numbers via CallTower Connect admin portal only, or GCCH customers where CallTower is performing the activation of services. This service account is only for Direct Routing customers. This does not apply to Operator Connect customers.
Step 1
Begin by Launching your Microsoft 365 Admin Center and browsing to the Users section.
Step 2
Then continue with by clicking on "Add a user" and fill out the form. You may use any Name required to signify the purpose of this account. We recommend generating a password with no fewer than 24 characters, you may use any of these 3rd party services to generate that password:
LastPass - https://www.lastpass.com/features/pa...#generatorTool
Norton - https://my.norton.com/extspa/passwor...r?path=pwd-gen
Avast - https://www.avast.com/en-us/random-password-generator#pc
BitWarden - https://bitwarden.com/password-generator/
1Password - https://1password.com/password-generator/
Dashlane - https://www.dashlane.com/features/password-generator
F-Secure - https://www.f-secure.com/us-en/home/free-tools/password-generator
Enter the Email Address of your Project Manager, Support Rep or Yourself as needed. Then Click Next.
Step 3
Select "Create user without product license"
Then Click Next.
Step 4
IMPORTANT NOTE: The "Teams Communication Administrator " role is required so that CallTower Connect can assign numbers to both Users and Resource Accounts. The "User Administrator" role is required for GCCH customers only and will allow CallTower to build and license Teams resource accounts for auto attendants and call queues.
Select "Admin center access"
Teams Communication Administrator
User Administrator (GCCH customers where CallTower is performing the service activation, or pro services only)
Domain Name Administrator (GCCH customers where CallTower is performing the service activation only)
Tip: Use the "Show all by category" drop down to select the role.
Then Click Next.
Step 5
Review the final configuration of the service account.
If everything appears correctly click "Finish adding".
Copy any details you need to retain then click "Close"
Step 6
IMPORTANT NOTE: Check to make sure this service account is excluded from any Conditional Access Rules or MFA requirements. CallTower Connect, will be unable to process the required PowerShell to configure your tenant when MFA is enforced for the account.
Adding A Named Location IP Range
Please note that these steps are only required if a service account has been requested by Calltower.
If a service account hasn’t been requested, these steps are not needed.
- Login to https://entra.microsoft.com or https://entra.microsoft.us for GCC High Customers
- Navigate to “Microsoft Entra ID”.
- Select “Security” from the left-hand menu.
- Select “Named locations”.
- Towards the top of the page, you will see an option to add “IP ranges location”. Select this option.
- Enter a name, such as “Calltower IPs”.
- Click the “+” to add the first range “69.4.184.0/24” and then click “Add” once entered.
- Repeat step 7 to add the second range “205.196.174.0/24”.
- Click “Create” at the bottom right corner of the page.
Update your existing conditional access policies.
IMPORTANT NOTE: you will need to do this for any conditional access policy that blocks legacy authentication, requires MFA, or requires PC compliance
- Click on Conditional Access and click on the policies then select the policy
- Under the “Network” section select “Any network or location”.
- Change the “Configure” toggle to “Yes”
- Select the option for “Selected networks and locations” and then select “none”.
- Under the “Select” section, add the previously created location with the Calltower IPs. and Save
What's Next
Confirm you have at least one license available for activation of the SBC domains that will be added to the Tenant.
- The licenses will need to include Teams. E1, E3, E5, F3, Business Basic-Premium, Teams Resource Account etc
- The activation users will be created and removed during the setup process.
Next confirm with your CallTower Project Manager or Support Rep that they have received the username and password in email.
Information:
Connect automation will use the "Domain Name Administrator" role to add two domains to your tenant one for each SBC, the "User Administrator Role" is needed for after the domains are added. An activation user will be created on each of those domains and given a license which includes Microsoft Teams. Once the activation users are in place Connect will be able to create the PSTN Gateways within the voice routing policy, at which point the activation users can be removed and the "Domain Name Administrator" role and "User Administrator" role will no longer be required.
Once you are no longer in Implementation you will have the ability to update this password as needed use the following link to find instructions on updating the service account password: