Azure Registration Process
    • 13 Feb 2024
    • 4 Minutes to read
    • Contributors
    • Dark
    • PDF

    Azure Registration Process

    • Dark
    • PDF

    Article Summary


    Nectar provides diagnostics and analytics of your organization’s voice and video sessions in Microsoft Teams. In order for Nectar to receive telemetry from your Microsoft Office 365 tenant, our application must be authorized by your organization in Azure. This document will guide you through the steps to obtain authorization information that you will then need to provide to Nectar. This step-by-step guide will assist with accessing your Azure account, registering the Nectar app, requesting API permissions, creating your Client Secret or certificate and, finally, explicitly granting Nectar’s application permission to receive data from Microsoft’s Graph API.

    There are two ways to accomplish these steps:

    • Automatically, using a PowerShell script
    • Manually, via the Azure Portal

    Script-Based Configuration

    The PowerShell script is provided for your convenience only. It is not supported and Nectar Corporation will not be responsible for any issues caused by running this script. Use at your own risk.

    Download the below PowerShell script to a computer with PowerShell installed (Windows or Linux-based). 

    Open a PowerShell prompt and run the following:


    By default, the script will run with the following settings:

    • Application Display Name: Nectar DXP Cloud Connector
    • App Secret Validity Period: 10 years
    The script will create the application using a client secret. If you wish to use a certificate, perform the steps manually.

    If you want to change the defaults, run the script with the following parameters:

    • AppName - The display name to use for the application
    • SecretDuration - The length of time in years that the secret should be valid
    .\NectarAzureAppRegistration.ps1 -AppName 'Nectar Application' -SecretDuration 2

    This example will create the Azure App with the name Nectar Application with a secret duration of 2 year.

    Manual Configuration

    Access Azure Account

    1. Enter the following URL into your browser:
    2. Search for “App registrations” and select App registrations.

    Register App

    1. Select New registration
    2. Enter the user-facing display name you wish to use for the Nectar application. For support purposes, it is suggested to use 'Nectar Cloud Connector', as it will assist support personnel in identifying the correct application during troubleshooting.
    3. Select the appropriate Supported account type for your organization. For most customers, Accounts in this organizational directory only is the appropriate selection.
    4. Select the Register button.
    5. Make note of the Application (client) ID and the Directory (tenant) ID. You will need to send this information to Nectar.

    Request API Permissions

    1. Select View API permissions.
    2. Select Add a permission.
    3. Select Microsoft Graph.
    4. Select Application permissions.
    5. Expand the CallRecords selection.
    6. Click the CallRecords.Read.All checkbox.
    7. Scroll down and expand the GroupMember selection.
    8. Click the GroupMember.Read.All checkbox.
    9. Scroll down and expand the User selection.
    10. Click the User.Read.All checkbox. Alternatively, select the User.ReadBasic.All checkbox. This provides access to a limited subset of user information without adversely affecting the usability of Nectar DXP.
      A special note regarding Entra ID user information gathering
      Nectar DXP gathers Entra ID (formerly Azure AD) user information mainly to enrich the UI by showing the user name, work address, email address, phone number and user photo in calls/conferences. This can be helpful when support personnel have to contact a user while troubleshooting an issue. Most of these attributes are available via the User.ReadBasic.All permission (with the exception of work address and phone number). Additional attributes available via User.Read.All are useful for organizations who want access to the full set of user attributes without having to use other tools.

      We also use Entra ID information such as the email address to make it possible to synchronize user objects between different platforms. For instance, if a customer has both Teams and Zoom, we link the user accounts using a common email address. This allows Nectar DXP to show both Teams and Zoom calls for a given user at the same time.

      We gather Entra ID group information (via GroupMember.Read.All) for some reports that can focus on a specific group of users. Without group information, Nectar DXP will be unable to provide such functionality. The reports themselves will still work but filtering by group will not be available.

      Nectar DXP can function without access to Entra ID user information. Without it, multi-platform user syncing will not function and viewing individual user will show much less information about the user. We will still get the user display name from the Teams call record, which means that searching for an individual user will still work. 
    11. OPTIONAL - Scroll up and expand the TeamworkDevice selection.
    12. Click the TeamworkDevice.Read.All checkbox
    13. Select Add Permissions.
    14. Select Grant admin consent for Nectar Cloud Connector.
    15. When the pop-up window appears asking if you wish to grant consent, click Yes.

    You should now see a green check in your status column as depicted below. If you opted to grant access for Teamwork Devices, you should see this as well (but isn't shown in the below example).

    Add the Client Secret or Certificate

    You have the option of using a Client Secret or a certificate for securing access to the application. The client secret option is faster and simpler, but the certificate option is more secure. 

    Option A - Add a Client Secret

    1. Select the Certificates & secrets option in the left-hand pane, click on Client secrets, then click on New client secret.
    2. Select the proper expiration option for your client secret and click the Add button. Nectar suggests selecting '12 months' or '24 months' to avoid call record retrieval interruption upon secret expiration. It is your responsibility to keep track and renew the secret and notify Nectar of the change.
    3. When your Client Secret value populates, click on Copy to clipboard.
    4. Make note of the appID, Directory/TenantID and Client Secret and send to Nectar.

    Option B - Add a Certificate

    Using a certificate is more secure than a client secret, because it requires that both sides of the communication (Azure and Nectar DXP) have access to the appropriate private and public portions of a unique certificate. In an Azure application, the Azure side stores the certificate, while Nectar DXP stores the private key. Communications are only possible when both sides match. 

    1. When you are ready, contact your Nectar representative to obtain the certificate to be used in the application. It will be provided in a .PEM format. 
    2. Select the Certificates & secrets option in the left-hand pane, click on Certificates then click on Upload Certificate.
    3. Upload the certificate and click Add.
    4. Verify the certificate details, make note of the appID and Directory/TenantID and send to Nectar. 

    Was this article helpful?

    Changing your password will log you out immediately. Use the new password to log back in.
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.

    Eddy, a super-smart generative AI, opening up ways to have tailored queries and responses