MS Teams Calling Integration and Security in webex
Flow diagrams illustrating high-level architectural patterns within Microsoft Teams Calling as well as the official security statements
MS Teams Call Integration and Security
Deployment
Notes
There is a Webex Call Plugin included in the MS Teams Client.
As a Cisco service, the Bot/App Service is used exclusively for the integration of MS Teams with the Webex Call Plugin for the MS Teams workspace.
Every user must authorize the app before he or she can use the integration.
There are a few graph APIs that the plugin must call each time the user goes to the Call tab in order to show speed dials, etc. This can be done using the back-end service.
Microsoft Graph APIs are called
-
https://graph.microsoft.com/v1.0/me/extensions/{extensionId}
-
https://graph.microsoft.com/v1.0/me
-
https://graph.microsoft.com/v1.0/me/contacts
-
https://graph.microsoft.com/v1.0/me/contacts/{contactId}
-
https://graph.microsoft.com/v1.0/users/{userId}
-
https://graph.microsoft.com/v1.0/users
-
https://graph.microsoft.com/beta/me/chats/{chatId}/members
The Graph API Call fails if the user does not authorize due to the fact that there is no valid token to call the APIs on behalf of the back-end service.
Log files and databases are not used to store any information about users.
When a Webex call is made using Teams, Cisco Cloud communicates with the app using HTTPS.
Permissions
In order for the app to function properly, the following permissions must be granted:
There are a number of API permissions associated with these permissions.
The following links provide more detailed information about Microsoft Graph permissions, including a full explanation of the permission strings used in Microsoft Graph, and can be found at https://docs.microsoft.com/en-us/graph/permissions-reference.html.
Table 1. API Permissions
Permission Name | Reason |
---|---|
ChannelMember.Read.All | Find out who is using 1:1 calling in the channel you are on by reading the members of that channel |
Chat.ReadBasic | If you are in a 1:1 conversation with a user, you can read the names and members of their chat threads. |
Contacts.Read | When dialing or adding speed dials, it is important to read user contacts in order to display user contacts |
offline_access | Whenever the user selects a tab, they will not be prompted to reauthorize each time they do so |
User.Read | If you would like to know more about the current user, sign in and read their profile |
User.Read.All | Obtain the avatars, details, and speed dials of each user by reading their full profile on the website |
User.ReadWrite | Allowing users to save their speed dials to their user profile by reading and writing |