Configuring Microsoft Teams Meetings

Before Vault CRM admins configure this functionality, Microsoft Global Administrators must grant tenant wide consent to the Vault CRM App in the Azure tenant from the Vault CRM-hosted webpage.

This allows the app to do the following:

  • Create, read, update and delete events in all calendars the user has permission to access. This includes delegate and shared calendars. Required for Integrating My Schedule and Microsoft Outlook Calendars.
  • Read users’ primary email addresses
  • Read and create online meetings on behalf of the signed-in user. Required for Configuring Microsoft Teams Meetings.
  • Read online meeting artifacts on behalf of the signed-in user. Required for Configuring Microsoft Teams Meetings.
  • Create groups and read all group properties and memberships on behalf of the signed-in user. Required for Configuring Microsoft Teams Meetings and Microsoft OneNote for Service Center.
  • Read, share, and modify OneNote notebooks the signed-in user has access to in the organization. Required for Microsoft OneNote for Service Center.
  • Create, read, update, and delete mail a user has permission to access, including their own and shared mail
  • See and update the data you gave it access to, even when users are not currently using the app
  • See basic user profile information when the user signs in with their work or another account
  • Read the full set of profile properties, reports, and managers of other users in the organization, on behalf of the signed-in user

Ensure the Vault CRM Graph API integration is granted the following permissions:

  • User.Read
  • Calendars.ReadWrite
  • Calendars.ReadWrite.Shared
  • OnlineMeetingArtifact.Read.All
  • OnlineMeetings.ReadWrite
  • Group.ReadWrite.All
  • Notes.ReadWrite.All
  • Mail.ReadWrite.Shared
  • offline_access
  • openid
  • profile
  • email

Multiple Vault CRM Vaults can connect to the same Microsoft tenant.

Granting tenant wide consent enables Vault CRM to request information through the Microsoft Graph API, but it does not provide access to Microsoft Office 365 information. The Vault CRM Microsoft Integration uses Microsoft's best practices for authorization (authZ), authentication (OpenId Connect over OAuth 2), data in transit (HTTPS and TLS 1.2+ encryption) and data at rest. Only Microsoft has access to user credentials.

For more control over the integration from the Microsoft side, admins can assign the application to specific users or groups of users, instead of granting access to all users. For more information on assigning applications to Microsoft groups, see Microsoft's Manage users and groups assignment documentation.

Configuring the Microsoft Teams Integration in Vault CRM

Testing the Microsoft Teams Integration