16.2.Teams archive System settings
General Teams archive system settings are available on the System settings page. To configure these settings, navigate to Teams Archive ⇒ Settings ⇒ System settings on the ribbon:
a) Database settings
Select the Teams archive database, that you have previously configured on Teams Archive ⇒ Settings ⇒ Databases page (in our case it is database “MNEtestDB”), from the dropdown list. The provisioning job will use this selected database. The provisioning job will store the metadata here during the synchronization process.
b) Client application settings
In this part, the connection with the Microsoft Teams application is established. Application ID and Directory ID are automatically generated during the App registration on Azure portal, Client secret can be manually generated in section Certificates & secrets after the application is registered. Teams archive registration is described in this section.
Permission type has two options in the dropdown list:
- Application – this permission type allows you to connect to the Teams endpoint of the Graph API without providing the username and password. To grant this permission type, it is necessary to contact Microsoft. Read the How to request access to Microsoft Protected API chapter in this manual for more information.
SharePoint account is used to connect to SharePoint – as the files of the Teams are stored in SharePoint.The application registered on Azure portal is used to access the Teams infrastructure, like teams, channels, etc. By default, this application cannot be used to read channel messages, as it requires the application to have special permissions approved by Microsoft. If the registered application does not have such permissions, you should enter the credentials (username and password) of a user who can access all the teams that are going to be archived.
- Delegated – If you do not have the application permission type, you can specify the user who is able to access all teams with this option. The superuser must also be the owner of all teams to be archived. You can use the Teams account to connect to the SharePoint as well, but you have the option to specify explicit credentials for SharePoint access if necessary. With this permission type, the private channels will be archived only if the specified user is a member of that channel.
SharePoint access
There are two options:
- Use the Teams app credentials – pick this option if the SharePoint related permissions and client certificate are added to the Teams app registered on Azure portal
- Use explicit SharePoint app credentials – pick this option if the SharePoint related permissions are registered in a separate app
SharePoint application ID: Application ID of the registered SharePoint app, this needs to be filled in in case Use explicit SharePoint app credentials is selected in the previous step
Certificate file: .pfx file, which contains the private and public key of the certificate. Must be the same certificate as the .cer file that has been uploaded to Azure during app registration. The app can be registered by using this PowerShell script too.
Certificate password: the password for the .pfx file
It is also possible and recommended to test the connection by clicking on the Test button.
c) Retention settings
The date, from which the retention of the items will be calculated, can be selected here. Choose the setting to be applied from the dropdown list. There are three types of retention reference dates:
- Creation date – the date when the item was originally created. If you select ‘Creation date’ as the retention reference date, the retention period will be calculated starting from when the item was first made
- Modification date – the date when the item was last modified or updated. Selecting ‘Modification date’ means the retention period will begin from the last time the item was edited or changed
- Most recent date – this date refers to the most recent significant date associated with the item, which could be either the creation date or the last modification date, depending on which is later. Using ‘Most recent date’ as the retention reference means that the retention period will be calculated from the latest relevant activity on the item
d) Private chat archiving
contentACCESS gives you the possibility to archive private Teams chat messages too. If you want to allow the system to do so, check the Allow private chat archiving checkbox and set the following:
Chat archive database: Select an already configured connection from the dropdown list. Here the metadata will be stored. For further information on how to set database connections, please refer to section Databases.
Chat archive storage: Choose an already configured storage from the dropdown list. The processed binaries will be stored here. For more information on how to set storages check section Storages above.
Chat archiv index zone: Set the Index zone that will be assigned to the items by the archiving job.
Under Exchange server type and Exchange server interface version select the type and version of the server, where your email provider is running. This is used to access all chat data.
In case of the user having/using a German cloud (dedicated and isolated Microsoft Azure version for Germany), Germany must be selected in the Region dropdown list.
In case that the predefined settings for Microsoft 365 don’t match your expectation and/or needs, it is possible to select the Custom option from the Region dropdown list and specify your own values.
Choose whether you want to Use impersonation or not. By default, this checkbox is turned off. If it is turned on, the Teams chat archive will use Impersonation instead of Delegation (more information in this section).
Impersonation allows the superuser account to impersonate any other user’s account and access their data.
If the Microsoft 365 user has “desktopless” license, his account can’t be used for impersonation. The problem is that EWS access is disabled for such user (he is unable to connect to EWS).
Select one EWS authentication mode from the dropdown list. There are 2 options: Basic and Modern. Basic authentication is older and less secure method. Modern authentication is more secure and complex and requires the app (Teams archive in this case) to be registered on Azure portal. How to register it and gain the necessary IDs and client secret is described in this section.
Further enter the applicable Username and Password to connect to the Exchange (use explicit credentials or log in under service-credentials). We recommend running a test connection via the Test connection button.
Do not forget to Save your settings.