Skip to main content
CallTower Solutions Center

MS Teams Direct Routing - CallTower Service Account Implementation

 

After completing this how-to you will have an account to provide to your CallTower Implementation Manager or Support contact, or to directly populate in CallTower Connect. 

IMPORTANT NOTE:  This service account is only for Direct Routing customers. This does not apply to Operator Connect customers.

Step 1

Begin by Launching your Microsoft 365 Admin Center and browsing to the Users section.

clipboard_e4302e78fd078a3e69b1cdd34508302f3.png

Step 2

Then continue with by clicking on "Add a user" and fill out the form. You may use any Name required to signify the purpose of this account. We recommend generating a password with no fewer than 24 characters, you may use any of these 3rd party services to generate that password:

LastPass - https://www.lastpass.com/features/pa...#generatorTool
Norton - https://my.norton.com/extspa/passwor...r?path=pwd-gen
Avast - https://www.avast.com/en-us/random-password-generator#pc
BitWarden - https://bitwarden.com/password-generator/

1Password - https://1password.com/password-generator/
Dashlane - https://www.dashlane.com/features/password-generator
F-Secure - https://www.f-secure.com/us-en/home/free-tools/password-generator

clipboard_e01e36f68f4d350e76d54265c6bdc0bb2.png

Enter the Email Address of your Project Manager, Support Rep or Yourself as needed. Then Click Next.

Step 3

Select "Create user without product license" 

clipboard_eac953a956f660a73c6e04134bb687487.png

Then Click Next.

Step 4

Select "Admin center access"

Teams Communication Administrator

Domain Name Administrator (needed only for engineering activation process, adding direct routing FQDN's to the tenant)

User Administrator (needed only during implementation and engineering activation process, licensing activation accounts and resource accounts as needed)

 

use the "Show all by category" drop down to select the roles.

clipboard_ec0d0be65a3a202f27bec2038d51c9079.png

clipboard_e56d17d344cb5bd17a54204363c16a3c6.png

clipboard_ecbf6db3976b957ab41942d0b7ab25a87.png

clipboard_e1405a843d193dbb4a3fd638f32aa046f.png

clipboard_ed33dd6077abc98745ef0294cb1df12dd.png

Then Click Next.

IMPORTANT NOTE:  The "Domain Name Administrator" role and the "User Administrator" role is temporary. These roles should be removed after the service has been enabled. "Domain Name Administrator" role is only required to add the sub domains for access to CallTower SBC's. The "User Administrator" role is used to add activation users to those domains with the correct licensing. Once that process has completed only the "Teams Communication Administrator " role is required so that CallTower Connect can assign numbers to both Users and Resource Accounts.

Step 5

Review the final configuration of the service account.

clipboard_e8176bb033729f47047f6efe3e2714a07.png

If everything appears correctly click "Finish adding".

 

Copy any details you need to retain then click "Close"

Step 6

IMPORTANT NOTE: Check to make sure this service account is excluded from any Conditional Access Rules or MFA requirements. CallTower Connect, will be unable to process the required PowerShell to configure your tenant when MFA is enforced for the account. 

Adding A Named Location IP Range 

Edit section

Please note that these steps are only required if a service account has been requested by Calltower.

If a service account hasn’t been requested, these steps are not needed.

  1. Login to https://entra.microsoft.com or https://entra.microsoft.us for GCC High Customers
  2. Navigate to “Microsoft Entra ID”.  
  3. Select “Security” from the left-hand menu.    
  4. Select “Named locations”.  
  5. Towards the top of the page, you will see an option to add “IP ranges location”. Select this option.
  6. Enter a name, such as “Calltower IPs”.
  7. Click the “+” to add the first range “69.4.184.0/24” and then click “Add” once entered.
  8. Repeat step 7 to add the second range “205.196.174.0/24”.
  9. Click “Create” at the bottom right corner of the page.

clipboard_edf8ffbbf17235a6f68de47c0eeed2b6b.png

clipboard_e24c303b1c470ef850c93756bdbd61d17.png

 

Update your existing conditional access policies.

IMPORTANT NOTE: you will need to do this for any conditional access policy that blocks legacy authentication, requires MFA, or requires PC compliance

  1. Click on Conditional Access and click on the policies then select the policy
  2. Under the “Network” section select “Any network or location”.
  3. Change the “Configure” toggle to “Yes
  4. Select the option for “Selected networks and locations” and then select “none”.
  5. Under the “Select” section, add the previously created location with the Calltower IPs. and Save

exclusion.png

 

What's Next

Confirm you have at least one license available for activation of the SBC domains that will be added to the Tenant.

  • The licenses will need to include Teams. E1, E3, E5, F3, Business Basic-Premium, Teams Resource Account etc
  • The activation users will be created and removed during the setup process.

Next confirm with your CallTower Project Manager or Support Rep that they have received the username and password in email.

Information:

Connect automation will use the "Domain Name Administrator" role to add two domains to your tenant one for each SBC, the "User Administrator Role" is needed for after the domains are added.  An activation user will be created on each of those domains and given a license which includes Microsoft Teams. Once the activation users are in place Connect will be able to create the PSTN Gateways within the voice routing policy, at which point the activation users can be removed and the "Domain Name Administrator" role and "User Administrator" role will no longer be required.

Once you are no longer in Implementation you will have the ability to update this password as needed use the following link to find instructions on updating the service account password:

Updating the Password for a Direct Routing Service Account - CallTower Solutions Center (uc.solutions)

  • Was this article helpful?