16.2.Teams archive System settings
General Teams archive system settings are available on the System settings page. To configure these settings, navigate to Teams Archive ⇒ Settings ⇒ System settings on the ribbon:
a) Database settings
Select the Teams archive database, that you have previously configured on Teams Archive ⇒ Settings ⇒ Databases page (in our case it is database “MNEtestDB”), from the dropdown list. This selected database will be used by the provisioning job. The provisioning job will store here the metadata during the synchronization process. Teams archive registration is described in this section.
b) Client application settings
In this part, the connection with the Microsoft Teams application is established. Application ID and Directory ID are automatically generated during the App registration on Azure portal, Client secret can be manually generated in section Certificates & secrets after the application is registered.
Permission type has two options in the dropdown list:
- Application – this permission type allows you to connect to the Teams endpoint of the Graph API without providing the username and password. To grant this permission type, it is necessary to contact Microsoft. SharePoint account is used to connect to the SharePoint – as the files of the Teams are stored in SharePoint.
The application registered on Azure portal is used to access the Teams infrastructure, like teams, channels etc. By default, this application cannot be used to read channel messages, as it requires the application to have special permissions approved by Microsoft. If the registered application does not have such permissions, you should enter the credentials (username and password) of a user who can access all the teams that are going to be archived.
- Delegated – If you do not have the application permission type, you can specify the user who is able to access all teams with this option. The superuser must also be the owner of all teams to be archived. You can use the Teams account to connect to the SharePoint as well, but you have the option to specify explicit credentials for SharePoint access if necessary. With this permission type, the private channels will be archived only if the specified user is a member of that channel.
SharePoint access
There are two options:
- Use the Teams app credentials – pick this option if the SharePoint related permissions and client certificate are added to the Teams app registered on Azure portal
- Use explicit SharePoint app credentials – pick this option if the SharePoint related permissions are registered in a separate app
SharePoint application ID: Application ID of the registered SharePoint app, this needs to be filled in in case Use explicit SharePoint app credentials is selected in the previous step
Certificate file: .pfx file, which contains the private and public key of the certificate. Must be the same certificate as the .cer file that has been uploaded to Azure during app registration. The app can be registered by using this PowerShell script too.
Certificate password: the password for the .pfx file
It is also possible and recommended to test the connection by clicking on the Test button.
c) Retention settings
The date, from which the retention of the items will be calculated, can be selected here. Choose the setting to be applied from the dropdown list.
d) Private chat archiving
contentACCESS gives you the possibility to archive private Teams chat messages too. If you want to allow the system to do so, check the Allow private chat archiving checkbox and set the following:
Chat archive database: Select an already configured connection from the dropdown list. Here the metadata will be stored. For further information on how to set database connections, please refer to section Databases.
Chat archive storage: Choose an already configured storage from the dropdown list. The processed binaries will be stored here. For more information on how to set storages check section Storages above.
Chat archiv index zone: Set the Index zone that will be assigned to the items by the archiving job.
Under Exchange server type and Exchange server interface version select the type and version of the server, where your email provider is running. This is used to access all chat data.
In case of the user having/using a German cloud (dedicated and isolated Microsoft Azure version for Germany), Germany must be selected in the Region dropdown list.
In case that the predefined settings for O365 don’t match your expectation and/or needs, it is possible to select the Custom option from the Region dropdown list and specify your own values.
Choose whether you want to Use impersonation or not. By default, this checkbox is turned off. If it is turned on, the Teams chat archive will use Impersonation instead of Delegation (more information in this section).
Impersonation allows the superuser account to impersonate any other user’s account and access their data.
If the O365 user has “desktopless” license, his account can’t be used for impersonation. The problem is that EWS access is disabled for such user (he is unable to connect to EWS).
Select one EWS authentication mode from the dropdown list. There are 2 options: Basic and Modern. Basic authentication is older and less secure method. Modern authentication is more secure and complex and requires the app (Teams archive in this case) to be registered on Azure portal. How to register it and gain the necessary IDs and client secret is described in this section.
Further enter the applicable Username and Password to connect to the Exchange (use explicit credentials or log in under service-credentials). We recommend running a test connection via the Test connection button.
Do not forget to Save your settings.