Monitoring Microsoft Teams call quality (CQD) via Azure Functions
Using Azure Functions removes the requirement for opening or reverse proxying data from Microsoft to your internal Splunk Heavy Forwarder, Splunk will pull the data from Azure Storage Queue and Microsoft Graph.
Audio/Video/Desktop Sharing
Steps to monitor audio/video call quality via the Microsoft Graph API
-
AzureAD tenant (customer) sets up Application Registration with the needed API permissions.
- Azure Functions subscribes to events when audio/video calls are done via https://graph.microsoft.com/beta/subscriptions (Re-subscribes every 1 day)
-
Events gets send to the Azure Functions endpoint from Microsoft when calls are done and audio/video quality data is available. (½ to 6 hours delay depending on load on Microsoft Teams servers)
- UXM connects to Azure Storage Queue every 60 seconds and receives conference IDs with updates and fetches the information from Microsoft Graph.
Required firewall openings for On-Premise systems
Following urls need to be accessible on port 443 from On-Premise Search Head and Heavy Forwarder where Teams app is installed.
- https://graph.microsoft.com
- https://login.microsoftonline.com
- https://*.queue.core.windows.net
Each deployed Dev, PreProd, Prod Storage Account with have it's own unique name.
AzureAD - Application Registration
To allow UXM to query the Office 365 Management API's and Teams Call details, an Azure app registration needs to be created.
-
Login to the Azure Portal at https://portal.azure.com/
-
Select Azure Active Directory from the menu
-
Select "App registrations"
-
Select "New registration"
-
Enter a name for your registration (For example UXM - Teams Graph API) and set to only support "Accounts in this organizational directory only"
-
Select "API Permissions"
-
Select "Add a permission"
-
Select "Microsoft Graph" and add the required permissions below:
-
Add required permissions:
- Microsoft Graph - CallRecords.Read.All (Application)
- Microsoft Graph - User.Read.All (Application) - Needed to lookup extra user information.
- Microsoft Graph - TeamworkDevice.Read.All (Application) - Needed to lookup Team Rooms Device information.
-
Select "Grant admin consent for your tenant"
-
Select "Certificates & Secrets" from the side menu
-
Select "New client secret"
Enter name and expires date, you will have to update the Client Secret Key in the Azure Resource Group and UXM when it expires.
Press "Add" and copy out the key to a secure location and store it for setup in Azure Functions and UXM Teams Add-on.
-
Select Overview from the app registration side menu
Copy the Application (client) ID and Directory (tenant) ID and store it for setup in Azure Functions and UXM Teams Add-on.
Setup Azure Functions
-
Create custom deployment
Use following url to create the custom deployment: https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fuxmapp%2Fazure-functions-splunk%2Fmaster%2Fgraph%2Fdeploy%2FazureDeploy.json
- Resource Group: Create new resource group following your organizations naming convention, for example azure-rg-uxm-customername
- App Name: uxm-customername-teams
- Github Repo URL: https://github.com/uxmapp/azure-functions-splunk.git
- Github Repo Branch: master
- Tenant ID: Tenant ID from application registration
- Client ID: Client ID from application registration
- Client Secret: Client Secret from application registration
- Click "Review + create" and create to deploy the solution.
Wait for the deployment to finish - Go to the resource group and open the Function app.
- Select the Functions and create-subscription
Note: only callRecords subscriptions are created in this release.
- In the Overview section, click Get Function Url
- Copy the URL and paste it in a new browser tab
Note: you may receive a timeout when executing this function for the first time. In this event, refresh your browser. The reason for this is the
create-subscription
function makes a call to thesubscription-webhook
function which may not be running yet.The result has to be "successfully created subscription":
To list subscriptions, execute thelist-subscriptions
function.To delete a subscription, copy the subscription's ID to the
delete-subscription
function.
Example:https://FUNCTION-APP.azurewebsites.net/api/delete-subscription?code=CODE&subscriptionId=SUBSCRIPTION_ID
- Get Storage Queue appkey which is needed in the Splunk setup.
Open the Storage Accunt and select Access Keys.
Select Show Keys and copy out the Connection string key1 and store it for the Splunk app setup.
Setup Splunk apps
Install the UXM version of Teams Add-on, it splits the JSON stream events into separate Splunk events.
-
Download Teams TA_UXM_MS_Teams_YYY.MM.DD.tar.gz app and install in UXM:
-
Restart Splunk.
-
Create Configuration under "Microsoft Teams Add-on For Splunk" app and Configuration tab
- Account name: Teams account name
- Application (client) ID: Client ID from application registration (Also called Application ID)
- Client Secret: Client Secret from application registration
- Press Add
-
Goto Logging and press Save
Splunk will complain in log files if no default logging level is set, enure it's set to WARNING.
-
Create Teams Call Record enumerater
Goto Input -> Create New Input.
This input connects to Azure Storage Queue and receives ConferenceID's with data updates and requests data for them.
- Name: teams_tenantName_call_record_azure_storage_queue
- Interval: 60 (How often the script executes and requests ConferenceID's received on Storage Queue)
- Index: Store under uxmapp_response or uxmapp_customerName_response or custom index, (The `getIndexTeams` macro under uxmapp can be changed to support custom indexes)
- Global Account: Use Account created under Configuration
- Tenant ID: Use customers Tenant ID provided.
- Connection String: Use key1 "Connection String" from the Azure Storage Access Keys, it should be readable and start with the text: DefaultEndpointsProtocol:*.
- Query Graph User Fields: Specify fields to query for the caller/callee in current TenantID. (Leave empty if User.Read.All API permissing isen't granted)
-
Access Tag: Select field to use as access tag for later limiting Splunk user roles access to the data.
Checking for errors
Splunk
You can check the _internal index to see if any errors occurs while setting up subscription, webhook and requesting the Teams data.
index="_internal" source="*ta_uxm_ms_teams*"
Azure
The Notification Queue is created after the first conference data is received from Microsoft, you can check if there is any messages in the queue:
The Azure Functions contains log files from each invocation and can be used for troubleshooting if no calls are received:
Upgrading Azure Function deployment
The Azure Function deployment can be redeployed with newest version from git by opening the Functions app -> Deployment Center and pressing Sync.
To upgrade nodejs version and runtime version goto the Function app -> Settings -> Configuration and select the "General Settings" tab, upgrade nodejs version to 14 or 16.
Goto Function runtime settings and select runtime version 4, press Save afterwards and test that the function list-subscriptions work.