Microsoft Graph Presence Source Configuration

Warning: The MS Graph Presence APIs are still in BETA at Microsoft.

Please note, if Microsoft decides to change this part of the Graph API, Anywhere365 might no longer be able to retrieve presence.

Introduction

The Microsoft Graph Presence Source (hereafter 'presence source') enables the UCCUCC stands for Unified Contact Center and consists of a queue that can be handled by Agents. Each UCC has its own settings, interactive voice response questions and Agents with specific skills. Agents can be member of, or sign up to, one or more UCCs. to use Teams user presences. It makes use of the Microsoft Graph Communications Presence APIs. Read more about Presence Resource Type at Microsoft Documentation.

The UCC will poll the presence each 500ms with a maximum of 100 users at a time. For UCCs with large amounts of agents, it is possible to add multiple API accounts. For example when 500 unique agents are configured in the UCC (service wide) 3 accounts are needed to have the presence of all users polled every second.

 

Prerequisites

 

Account requirements

The accounts to retrieve presence must be Azure Active Directory user accounts, these accounts will be able to retrieve presence from users that arein the same tenant. When subscribing users across different tenants, at least one account is needed from each tenant. The accounts do not need any permissions as they are granted globally by tenant admin, nor do they need any licenses. Simply create an new user account without licenses.

To grant admin consent for the Anywhere365 UCC Presence Source, simply replace {tenant-id} with your tenant ID in the following URL and launch it in a web browser. After the admin consent is granted, you will be able to sign in with non-admin user accounts in the presence source

Example https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id=99077b9e-cb11-4fb7-b493-fbc6907245e6

Note It is also possible to configure an app registration within the tenant itself, this is explained below.

Make sure to create dedicated accounts in the Azure Tenant as the API limits are account specific (see FAQ for API limits).

 

Password policy

When the password of an account changes, the tokens of the account will also expire. Make sure to set a password policy that will never expire passwords. Also make sure that the password isn't changed while in use by MS Graph Presence Provider. To ensure safety, make sure to use a long and safe password.

 

UCC cache policy

When the complete cache of a UCC is removed, the tokens of the account will also be removed and a new device token must be granted access to start collecting presence information again. This can be prevented by not removed the following folder:

%programdata%\Anywhere365\Core\Service\<servicename>\cache\_presence-provider-msgraph

 

Basic Configuration

Note Making changes in the presence sources are not reflected immediately and a UCC restart is required. In a future UCC Service version the changes will be applied directly after saving the config file.

Configure the Presence Source

In the config.xml of the UCC service, add the following configuration as child node to the <PresenceProvider> element. Make sure to choose a unique ID and set the correct Tenant ID. The WSP tenant is used in the following sample.

<MsGraphPresenceSource enabled="true">

<Accounts>

<Account Id="my-presence-account1" TenantId="4119dd4d-e455-4535-9d45-b3535f584cad" />

</Accounts>

</MsGraphPresenceSource>

This will enable the MsGraphPresenceSource inside the UCC. However after starting the UCC the provider is not authenticated to retrieve presence. Open the UCC logs and search for the following line:

MsGraphPresenceSource GraphPresenceManager::Graph API needs authentication for account with ID 'my-presence-account1' (tenant: 4119dd4d-e455-4535-9d45-b3535f584cad). Please login on the following w

Note The Presence Source needs at least 1 authorized account per tenant in order to start. Be aware that when you add an extra tenant, the Presence Source will not start until a user account in that tenant is authorized. Config changes are not applied until the UCC Service has restarted. In a future UCC Service version (probably 8.2) the changes will be applied directly after saving the config file.

 

Multiple accounts

To configure multiple accounts, simply add more <Account> elements to the <Accounts> node. Make sure you create a unique Id for each account. The Id can be any string value. Note that the Id is visible in the logs. You have to login to each account configured as described above.

Multiple tenants

It is also possible to use multiple tenants. For example given there is an Azure tenant with 10 users and another Azure tenant with 25 users. Both tenants have to be added in the config as an Account. Always make sure to login with a user from the same tenant.

 

App registration

 

Use a different App registration

By default an app registration of WSP is used to authenticate the user with. If there is any scenario where another app registration must be used, follow the following steps:

  • In Azure Active Directory create a new app registration

  • On the API Permissions tab, add the following delegated Graph API permissions

    • Directory.Read.All

    • User.ReadBasic.All

    • Presence.Read.All

  • The Directory.Read.All permission needs Admin consent, so grant the admin consent using the button. In the API permissions view.

    • Only a tenant administrator can grant the admin consent

  • On the Authentication tab

    • Add a new platform, choose type = web and enter a valid URL (https)

    • Set multiple tenant access on (optional if you only have one tenant)

    • Under advanced settings, set Treat application as a public client to Yes

  • From the overview page, copy the Application ID

In the config.xml modify the <Account> element and add the ClientId attribute. Set its value to the copied Application ID. Do this for every account that needs to use this app registration.

<Account Id="my-presence-account1" ClientId="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" TenantId="4119dd4d-e455-4535-9d45-b3535f584cad" />

 

Add Teams users as agents

To use Teams presence

Teams users are matched by their User Principal Name (UPNIn Windows Active Directory, a User Principal Name (UPN) is the name of a system user in an email address format. A UPN (for example: john.doe@domain.com) consists of the user name (logon name), separator (the @ symbol), and domain name (UPN suffix).). In most cases this is the e-mail address of the user. The UCC will create a Teams UPN field in the SharePoint list. The field can be added to the overview page with 'Modify view' button. When the field is not empty, this presence source will be selected over any other presence source. So if the Attendant presence source is desired, make sure this field is left blank.

To use Teams presence, fill in the Teams UPN field with the desired UPN of the user.

To use other presence sources

This presence source has the highest priority over other presence sources, but only when the Teams UPN SharePoint field is populated. This is also the case when this presence source is disabled. The UCC will raise errors that Graph Presence source is not enabled.

 

Related Topics

Additional Configuration Core

Using Microsoft Teams client with Anywhere365