TABLE OF CONTENTS

• Introduction
• Setting up morbit studio
  • Create your organisation
• Setting up a Microsoft Teams tenant
  • Register an app to use the Microsoft Graph API
    • Advanced Settings
    • Locking Discovery Settings
  • Connection Tests
  • CDRs
  • Data privacy – call anonymisation

Introduction

The morbit studio MS Teams module requires access to your Microsoft 365 (M365) tenant. In order to do this, you will need to register an application in Microsoft Entra (the new name for Azure AD) with access to the Microsoft Graph API and relevant permission roles.

Setting up morbit studio

Create your organisation

1. Login to the platform at https://studio.morbit.co.uk with the account provided to you
2. Select the System > Configuration menu item, then select ‘Add Organisation’ 
3. 
4. Provide the name of your company (or the one you will be managing if you are a service provider), select the license Type as ‘MS Teams’ or 'Full License' depending on your requirements. If in doubt, select 'Full License'.

Setting up a Microsoft Teams tenant

The morbit studio MS Teams module requires access to your Microsoft 365 (M365) tenant. To do this, you will need to register an application in Entra with access to the Microsoft Graph API and relevant permission roles.

Users of the MS Teams module are not required to deploy any morbit software on their local network. Our access into the service is via the Microsoft Graph API. This is diagrammed below:

Register an app to use the Microsoft Graph API

For further information on why we need certain API permissions, please read this document.

To register an app to use Microsoft Graph API:

1. Sign in to the Microsoft Entra Admin Center using administrative credentials.

As appropriate, you may use:

• The tenant admin account.
• A tenant user account with the Users can register applications setting enabled.
1. Select Identity > Applications > App registrations
2. 

3. Either choose New registration to create a new application or choose an existing application. (If you choose an existing application, skip the next step.)
4. In the Register an application pane, specify the following:
   • Name for the application: morbit
   • Supported account type: Accounts in this organizational directory only
5. Click Register to create the app.
6. From the Overview pane:
   • Copy/take a note of the Application (client) ID value (to be used later)
   • Copy/take a note of the Directory (tenant) ID value (to be used later)
   • Select API permissions.

7. From the API permissions pane, choose Add a permission > Microsoft APIs > Microsoft Graph.
8. Assign the following rights for Type: Application

9. When finished, choose Add permissions to save your changes.
10. Click the Grant admin consent for <your tenant name> button and confirm.
11. Select Certificates & secrets from the left pane:

12. Select the Certificates tab, then download the public certificate from this link: certificate
13. Click the Upload Certificate button, and select the certificate downloaded in the last step.
14. Load up morbit studio (https://studio.morbit.co.uk) and go to the Configuration page (via System).
15. Navigate to the Organisation you are setting this up for. In the Microsoft Teams Accounts section, click .
16. Complete the form with the details requested:
    • Description: i.e. the name of the M365 tenant
    • Tenant ID: this is the Directory (tenant) ID value in the application Summary page from step 6 above
    • Tenant: the MS Teams domain of the tenant
    • Client ID: this is the Application (client) ID value in the application Summary page from step 6 above
    • Authentication Type: Certificate
    • Certificate: select the certificate MS Teams Graph Certificate 2025

The tenant is now added into morbit studio. This process must be repeated for each new tenant being added.

Discovery

Once the tenant is added, you will be required to set the scope of the deployment. Open the tenant you’ve just created, add select the Discovery menu. This section will restrict the data uploaded to our service.

If you want all the MS Teams users and devices to be managed and viewable on the platform, just click Save. Otherwise, you can easily restrict the data received into morbit studio.

Examples:

• Where you only want MTR Pro and MTR Basic licensed registrations only displayed, For example, notUsers:
  • Set Licenses: Equals one of the following
  • Select boxes: MTR Pro, MTR Basic
• Where you only want the ‘Operations’ department registrations displayed.
  • Set Department¹: Equals one of the following
  • Set value: Operations
• Where you only want the London office registrations displayed.
  • Set City¹: Equals one of the following
  • Set value: London
• Where you only want registrations in the UK to be displayed.
  • Set Country¹: Equals one of the following
  • Set value: UK

¹ These values are based on the fields of the same name in Microsoft 365 admin center > Users > Active users > click the User Profile > Manage contact information. Depending on customer configuration, this might need changing in their own on-premise Active Directory, rather than in Microsoft 365.

Advanced Settings

Should a tenant need further refining than the current fields allow – such as a proof-of-concept deployment for a limited numbers of trialists - then you can expand the Advanced Settings section. We have picked two Active Directory fields that are unlikely to contain any existing values:

• Employee Type
• Fax Number

Utilising either one of these fields, you can assign an Active Directory value to the necessary MS Teams accounts, as an example, “morbit” in the Employee Type field. Using the same method as selecting a Department, City or Country, set the Employee Type field to Equals one of the following and the value to: morbit. Click Save. Pairing up these values in Active Directory and Morbit Studio as the same will ensure that only Registrations (Users) with the Employee Type of ‘morbit’ will appear in our system. Everything else will be ignored.

This method can be used in the same manner for the Fax Number field – it is a free text field and not restricted to numbers only.

Locking Discovery Settings

Should you want to ensure that nobody can change your Discovery settings, you can PIN code protect the settings to lock them from being changed. When enabled, the Discovery settings will only unlock when a unique 4-digit PIN code is applied. 

To enable this feature, click the Lock button in the top-right of the menu. Add the email addresses of the persons who will be sent an unlock PIN code and click the Lock button again.

o unlock the settings to be able to make changes, click the Unlock button and add the PIN code to complete the unlocking process.

Once the discovery section is completed, it may take 10 minutes to a couple of hours for data to populate into the platform. This is to be expected and varies depending on the size of the tenant.

Connection Tests

Included is the ability to validate your application settings from the section, Register an app to use the Microsoft Graph API. Click the Connection menu and select the option to Test All. A successful test will return all items with the value OK in the Status column (Call Subscriptions can take up to 15 minutes to be OK, this is normal and will resolve itself).

Should you get any errors like below, return to sections Pre-requisites for setup and Register an app to use the Microsoft Graph API and validate your settings. Once done, return to this section and Test All again.

CDRs

Occasionally, call data that is received from Microsoft might not contain any data due to a MS Teams issue. If that occurs, we will show any errors in the CDRs menu. This should be checked first when expected call information is missing.

Data privacy – call anonymisation

The platform allows you to anonymise the Caller names of 3^rd party companies and internal staff. To enable this on an organisation, you must set this in the Organisation menu.

Navigate to the company you want to set this for in the Organisation screen, then select the edit icon.

• Anonymise External Users – All external call participants will show as ‘External User’.
• Anonymise Internal Users – All internal Users not known to the solution (due to Discovery settings and filters) will show as ‘Internal User’. An example being an MTR-only deployment, where only the MTR names are shown.