返回
-
标题
Configuring UCA 8.8.3 to connect to O365 -
说明
This is a guide that users must follow when configuring UCA 8.8.3 to connect to Exchange Online / O365 using EXO V3
After the deprecation of Remote PowerShell (RPS), this version of UC Analytics will be able to collect data from Exchange Online environments. -
原因
Deprecation of Remote PowerShell (RPS) -
解决办法
After upgrading to UC Analytics 8.8.3 and applying the two hotfixes, the version should read 8.8.3.28
Once the application has been upgraded, there are a few additional steps that need to be completed:- Azure App Registration
- PowerShell Modules
- Target Environment Settings
- Collection Settings
To register the UC Analytics application
1. Sign in the Microsoft Azure portal. (You must have global admin rights to register an application.)
2. Search for App registrations in the search box at the top.
OR
In the left navigation pane, click the Azure Active Directory service, click App registrations and click New registration.
3. On the Register an application page, enter the application registration information:
•Name: Enter a name for the application. For example, UC Analytics.
•Supported account types: Select Accounts in any organizational directory (Any Azure AD directory - Multi tenant)
4. Click Register.
5. The application is registered in the Microsoft Azure portal and the Application (client) ID is displayed.
6. Copy this ID and use it later to set the Azure Application ID in the Target Environments page.
7. Under Manage in the left section, click Authentication.
8. Click Yes for Default client type and click Save.
9. Next, proceed to create a secret for the new app. To achieve this, click on the Certificates & Secrets option. Popup will appear.
10. In the popup that appears, click on the New client secret link in the Client Secrets section in the right panel.
11. Once the new secret is successfully created, a key Value will be generated for it as depicted. Make a note of this key in notepad.
12. Next, proceed to grant permissions to the Microsoft Graph app, so it can pull the desired metrics. For this, click on the API permissions option in the left panel. This will invoke a page in the right panel, click on the Add a permission link.
13. Click on Microsoft Graph in the Request API Permissions window that appears.
14. Click on Application permissions. When the Permission tree appears do the following:
• Expand the Application and select Application.Read.All options.
• Expand the Application and select Application.ReadWrite.All options
• Expand the Calendars and select Calendars.Read(Application) options.
• Expand the Calendars and select Calendars.Read.Shared (Delegated) options.
• Expand the Calendars and select Calendars.Read (Delegated) options.
• Expand the Contacts and select Contacts.Read options.
• Expand the Directory and select Directory.Read.All options.
• Expand the Domain and select Domain.Read.All options.
• Expand the Group and select Group.Read.All options.
• Expand the Mail and select Mail.Read options
• Expand the MailboxSettings and select MailboxSettings.Read options.
• Expand the OnlineMeetings and select OnlineMeetings.Read.All options.
• Expand the Organisation and select Organisation.Read.All options.
• Expand the User and select User.Read (Application) options.
• Expand the User and select User.Read (Delegated) options.
15. Finally, click on Add permissions to add the chosen permission.
16. When the screen appears, click on Grant admin consent for to grant admin consent to the permissions requested
17. Go back to Microsoft Graph in the Request API Permissions window.
18. Click on Delegated permissions.
19. When permission tree appears, do the below step for PowerShell graph calls:
20. Expand the User node and select User.Read option.
21. Finally click on Add permissions to add the chosen permission.
We have to grant an AzureAD Directory Role to our application Service Principal.
22. With the Azure AD blade selected go to Roles and administrators and select Exchange Administrator confirming with the Add Assignment button.
The target and O365 native environment consists of new UI. We need to add Azure Application ID, Tenant ID(GUID) and Azure Secret created to Azure portal for certificate creation for both OAuth and MFA.
23. In Roles and administrators and select Compliance Administrator . Repeat the same steps as above Exchange Administrator.
24. Search application by GUID and select it in Select Member window.
25. Add assignments page Add the application.
26. It is mandatory to install Graph Module in PowerShell as UCA supports PowerShell 5.1. Use the command Install-Module Microsoft.Graph since there is a limitation. This is required to run the hybrid environment in both Oauth and MFA. Certificate is mandatory as specified above.
PowerShell Modules
It is recommended to remove previous versions of the following PowerShell modules prior to installing the newer versions.
The following PowerShell modules must be installed on the UC Analytics server.
ExchangeOnlineManagement: Install-Module -Name ExchangeOnlineManagement -MaximumVersion 3.4
AzureAD: Install-Module -Name AzureAD
Microsoft Graph: Install-Module -Name Microsoft.Graph
MSOnline: Install-Module -Name MSOnline
Target Environment Settings
Target Environments should be updated to reflect the following fields from the Azure App:- Application ID
- Azure Tenant ID
- Secret (Value)
Collections that will be gathering data from Exchange Online (Native/Hybrid) will need to be reconfigured to use EXO V3.
At this point, UC Analytics collections should start collecting data. If there are any errors, please contact our technical support team for further assistance.