With VTX VPBX Teams Presence Synchronisation, you can use the best of both VTX VPBX and MS Teams features syncing the "Rich Presence" status between Teams and VTX VPBX. I.e it means that call status and presence status ( "busy", "in a meeting", "presenting", "do not disturb") status are sync bidirectionally.

This feature could be used with or without the combination of VTX Teams Virtual service.

Introduction[edit | edit source]

• History: Since the upgrade of VTX VoIP platform to version 7 in late 2022, VTX VoIP platform does have an OpenAPI interface that allows to interact with other external tools. An a dedicated integrated framework has been developed to easily sync VTX and Teams Rich Presence

• How it works: We do have VTX and Teams APIs talking to each other to exchange real time information about presence status. A restricted API account needs to be created on both platforms to have them being able to talk to each other. Then, we only have to link each VPBX user with his Teams Email address to start the presence sync.

• What does it do : Sync VTX/Teams Rich Presence status in real time. Allowing not to be bothered by a Teams Call when on a "normal" VoIP call, or the other way around. Here are a few simple use cases

1. Teams->C5: Be visible as "presenting" on VoIP platform while sharing screen in a Teams Call
2. Teams->C5: Be visible as "in a meeting" on VoIP plarform while in a Teams Meeting in calendar
3. C5->Teams: Be seen as busy in Teams while on the "normal" phone

Setup Process Overview[edit | edit source]

Here is the process that will allow you to setup the service

1. Follow requirements below VoIP:VTX VPBX Teams Presence Synchronisation#Requirements
2. Perform Azure AD setup ( create Application + API User + Certificate )
3. Perform VTX C5 Setup ( Link Credentials + Certificate)
4. Setup VTX/Teams User mapping

"VTX VPBX Teams Presence Synchronisation" value added features[edit | edit source]

• Sync Rich Presence Status between VTX VPBX and MS Teams to benefit from both world without being visible as available when it is not the case

Requirements[edit | edit source]

You will find below all the needed requirements to use VTX VPBX Teams Presence Synchronisation Service

1. a VTX VPBX Service
2. A Microsoft 365 domain and accounts
3. A Microsoft Azure Portal Admin account

Azure AD Setup Part 1[edit | edit source]

Create an Azure App Registration[edit | edit source]

• Problematic: We would like to create an Azure App Registration named "VTX MS365 Presence Sync" to sync VoIP Platform and Azure ( that we will restrict to presence status sync only afterwards)
• Solution: Follow procedure below

1. Connect to https://portal.azure.com/ with an Admin Account of the domain you wish to sync presence status with the VoIP platform
2. Select the "Azure Active Directory" service in the list ( if not visible, click on the "More service" option or search for it )
3. Open the "App registrations" and create a new Registration in https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps
   1. Name = "VTX MS365 Presence Sync c<CUSTOMERNUMBER>" ( ex: "VTX MS365 Presence Sync c429080" because 429080 is my VTX Test customer number)
   2. Set App as "Single tenant" access
   3. Click the "Register" button
4. Copy the value of "Directory (tenant) ID" in a notepad that will be required later (info n°1)
5. Copy the value of "Application (client) ID" in a notepad that will be required later (info n°2)

Azure AD - App Registration - Create App

Azure AD - App Registration - Copy Directory and APP Id

Create a Client Secret[edit | edit source]

The value if the secret only appears twice, you will need to create a new secret if you loose it

The secret is valid for a mixed amount of time, API authentication will fail once it expires, so you will need to create a new one and push it in VTX Kiosk menu on renewal.

• Information: To authenticate an access to the App, we 1st create a "secret" key, we will create a certificate to enhance security even more in next sections
• Problematic: Within the "VTX MS365 Presence Sync" App, create a "Client secret"
• Solution: Follow procedure below

1. Within the "VTX MS365 Presence Sync cXXXXX" app, go in the Certificates & secrets menu
2. Go in the "Client secrets" Tab
3. Click on "+ New client secret"
   1. Set Description = "MS365 Presence Client Secret cXXXXX"
   2. Set Expires = Maximum 730 days ( 24 months )
   3. Click the "Add" Button
4. Copy now the "Value" of the secret in a notepad and store the value for later use (info n°3)
5. Copy also the expiration date of the secret (info n°4)

Azure AD - App Registration - Client secret Generation

Create API user MS365-Presence-Sync-cXXXXX[edit | edit source]

• Information: We need to create an API user that does not require any additional license. We set it up with restricted access to only allow bi-directional Rich Presence Sync for this user
• Problematic: Create an API user
• Solution: Follow procedure below

1. Connect to Azure Portal user list https://portal.azure.com/#view/Microsoft_AAD_UsersAndTenants/UserManagementMenuBlade/~/AllUsers
2. Click the "+ New user" button
   1. Set User name = MS365-Presence-Sync-cXXXXX @ "YOUR DOMAIN" and store information in notepad (info n°5)
   2. Set Display Name = MS365 Presence Sync API User cXXXXX
   3. Create and Store Complex Password and store information in notepad (info n°6)
   4. Set the user as "Global Reader" for the time being

Azure AD - Create User MS365-Presence-Sync

API Authentication - Allow public client flows[edit | edit source]

• Problematic: We need to allow public access to the App Registration "VTX MS365 Presence Sync" to be able to access it from the VTX VoIP platform
• Solution: Follow procedure below

1. Go back in the app registration https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps
2. Select "VTX MS365 Presence Sync cXXXXX" app
3. Go in "Authentication" menu
4. In "Advanced settings", set "Allow public client flows" = Yes
5. Click the "Save" button

Azure AD - Allow public client flows

API Permissions - All access to Presence Information in Read/Write mode[edit | edit source]

• Problematic: We need to restrict the app API permissions to Read/Write mode to presence data only
• Solution: Follow procedure below

1. Go back in the app registration https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps
2. Select "VTX MS365 Presence Sync cXXXXX" app
3. Go in the "API permissions" menu
4. Delete the "User.Read" default permission that is not needed
5. Click the "Add a permission" button
   1. Select "Microsoft Graph"
   2. Select "Delegated permissions"
   3. Search and enable the permission "Presence.Read.All"
   4. Click the "Add permissions" button
6. Click the "Add a permission" button
   1. Select "Microsoft Graph"
   2. Select "Application permissions"
   3. Search and enable the permission "User.Read.All" and "Presence.ReadWrite.All"
   4. Click the "Add permissions" button
7. Click the "Grant admin consent" in which you all the app to have access to this presence data
8. If all OK, it should be setup like the screenshot below

Azure AD - App Registration API Permissions

Gather all needed information[edit | edit source]

• Information: If you have have followed all steps above, you would have the following information
  • Directory (tenant) ID
  • Application (client) ID
  • Client secret value
  • Client Secret expiry date (optional)
  • API user
  • API user password

VTX Kiosk Setup[edit | edit source]

Enter API Credentials and Get VoIP platform certificate[edit | edit source]

This is the section that is not ready yet, in the meantime, we need to exchange the information with VTX with a secure channel

• Problematic: Enter Azure API credentials and get the VoIP Platform certificate to upload in Azure AD
• Solution: Follow procedure below

1. VTX will send you a secured way to send all the credentials above ( pending to allow you to do it directly in VTX Kiosk Selfcare Portal )
2. VTX will send you back a certificate to upload in Azure AD for API authentication to be used in next section

Azure AD Setup Part 2[edit | edit source]

Upload VoIP Platform Certificate API[edit | edit source]

• Problematic: Upload the VoIP Platform API certificate to Azure
• Solution: Follow procedure below

1. Get the vtx-api-certificate-cXXXXXX.pem from VTX
2. Connect to Azure AD, App Registration like before https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps
3. Go in the setup of "VTX MS365 Presence Sync cxxx" App registration
4. Go in the "Certificate & secrets"
5. Go in the "Certificates" tab
6. Click an Upload Certificate
   1. Browse the certificate on your PC retrieved in previous section
   2. Add comment "MS Teams Cert from VTX for cXXXXX"
   3. Click the "Add" button

Azure AD - App registration - Upload API VoIP Certificate