Use Case - Tracking Extended User Presence via Azure Guest Accounts

Activate extended user presence tracking to improve call routing.

DEPRECATED USE CASE

As of the introduction of extended presence tracking via application permission, this use case is not supported anymore and will be removed soon. Please refer to Use Case - Tracking Extended User Presence via Application Permission instead.

ūü§Ē How to grant permission for extended user presence tracking via application permission?

The permission to track the extended user presence can be granted either by running provisioning script or clicking the grant link in Extensions Tenant Settings one:

Grant permission by running the provisioning script

‚úÖ Granting permission by running the provisioning script needs Tenant Administrator rights.

 

To grant the permission this way, run the provisioning script as a Tenant Administrator.

 
 

Grant permission with the grant link

  1. Go to  Extensions Tenant Settings.
  2. In section Presence Tracking, click the grant permission button. 

    ‚ģĎ This will ask you to sign in with your account. A green checkmark is shown if the permission was granted successfully:
 
 
 

In this use case, we explain how to track extended user presence. For this you need to invite Nimbus Guest Users to your tenant.

PRECONDITIONS

  • Nimbus Installation¬†is complete and at least one¬†Service is provisioned¬†on your tenant.
  • In extension you should know about the¬†Distribution Service Settings, accessible to you if you are Team Owner or Tenant Admin. ūüí° These settings define when¬†service calls are distributed to the users (team members) based on their MS Teams status (Away, DND, etc). More on this will explained below.
  • You require¬†Tenant Administrators¬†rights to access the Nimbus¬†Tenant Administration¬†> "Presence Tracking" section.
    • You also need Tenant Admin credentials to invite guest users within your Azure Portal.
 

ūü§Ē What is extended user presence and why guest accounts?

For an extended status presence such as "Busy → In a Call" or "Busy → In a Conference", these presence accounts are required to improve call routing. Without having guest users on your Tenant as means to check, Nimbus cannot see any extended user presence status.

ūü§Ē What happens after this setting is active?

When activating the presence tracking feature, call handling is handled according to the MS Teams status as follows:

Calls are delivered while Calls are NOT delivered while

Available

Busy*

Busy in a Meeting*

  • Away*
  • Busy in a call
  • in DND (Do Not Disturb)
  • Offline

ūüí° Note that Nimbus will adhere to¬†Distribution Service Settings, so ensure to check there if your calls are not delivered as expected.¬†
ūüí° Note that Nimbus can still forward calls when you are in the middle of doing an outbound calls via Teams, as your presence status will only change when you are in an established call.

ūüĒć Also refer to the related Microsoft Documentation:¬†User Presence States in Teams.

Guest User Details

‚úÖ Before you can use the extended presence feature you need to invite two guests users to your tenant. The steps are described below.

  1. Within the Nimbus UI > Tenant Administration > head to the "Presence Tracking" section
  2. Take note and mouse over the "Presence Account 1 & 2" user mail addresses to see their details. 
    ūüí° These accounts are¬†individual to your Nimbus cluster. Examples below have been blurred to prevent mistakes.
  3. Make sure to copy your individual presence account name, including the @ domain ending. The account details will be used in a step below. 
    Screenshot showing two individual presence accounts

Invite Guest Users

INC Invite Azure Guest Accounts

  1.  As Tenant Admin, log into your Azure Portal.
  2. Go to¬†Users > New Users and select ‚ÄúInvite external User‚ÄĚ.
     
  3. Invite both guest users 1&2 on your tenant. Add each of the previously copied email addresses (e.g. svr_nimbus_guest@onmicrosoft.com) and click Invite.
    ‚ģĎ A standard Azure invite mail will be sent out to Luware.

    ‚ėĚ Note that MFA (Multi Factor Authentication) needs to be disabled for these users. Otherwise, this feature will not work as the guest users cannot sign in to your tenant.
  4. Let your Customer Success Specialist know that the guest users have been invited.
  5. Please wait while steps are done in the background:
    1. Luware cloud operations team must accept the guest invitations. Please allow for some time for this to happen.
    2. Once successful, the "Account is not added as guest" message should disappear on your side in the Nimbus admin UI.
    3. If this is not the case, please get in contact with the Luware support.

Grant Delegated Permissions

ūüí° This step can be done in parallel to the previous steps. Once granted, either of the presence accounts will make use of these permissions and no further actions are required on your side.

Copy & paste URL from the "Grant Permissions" area into your browser. This link must be opened by logged-in a Tenant Administrator in order to work.

ūü§Ē Which permissions are granted to these users?¬†Refer to Nimbus¬†Required App Permissions¬†>¬†"Presence Tracking"


Results:

  • Once granted, the¬†"Permission is not granted"¬†note should disappear in the admin UI.
  • You can now enable the¬†"Track Presence Over Guest account"¬†feature and test the status tracking via the "Test UPN" field.

Adjust Your Service Settings

ūüí° With all previous "track presence" steps successfully performed, Nimbus is now able to distinguish between busy states.

✅  We recommend to check your Service Settings > Distribution > Conversations Distribution tab and have converations "Distributed to the user" even while busy. Nimbus will automatically detect if an existing Nimbus service call is already handled by that user and re-route incoming calls accordingly.

Secure Workaround for MFA

INC Secure Workaround for MFA

In some cases Nimbus will require you to invite Guest Accounts to support extended features on your Tenant. We realize that not using MFA for presence accounts is a big limitation. If your IT policy mandates MFA on all accounts, there is a workaround that whitelists IP ranges. To circumvent this problem you can use the following workaround:

  • Add trusted Locations with the Nimbus Server IP Addresses (Switzerland)
  • Add a conditional access policy to limit the access to the given trusted location.

Learn more…

Add Trusted Location

  1. Go to Named locations within Azure Portal (https://portal.azure.com)
  2. Add a new IP ranges location
  3. Enter a Name and add the IP addresses for the location and check the Mark as trusted location option
  4. Add all IP addresses for the location (see table below)

    and click on Create

Add a conditional access policy

  1. Go to the Azure portal (https://portal.azure.com)
  2. Switch to Conditional Access and select Policies
  3. Select an existing you want to change or create a new policy and configure the Condition section to add your trusted location as excluded from the MFA policy

Nimbus Cluster IPs

Switzerland North 01
20.250.90.30
20.250.90.31
20.250.90.136
4.226.36.167
Switzerland North 02
4.226.11.105
20.250.216.126
4.226.25.247
4.226.26.8
Germany West Central 01
20.52.208.117
20.52.208.209
20.170.103.21
20.52.209.237
Germany West Central 02
98.67.132.41
98.67.225.28
98.67.132.74
98.67.132.61
United Kingdom South 01
20.49.226.93
20.49.226.86
20.49.226.126
4.159.33.63
Nimbus Cluster IPs provided by Microsoft (Status 14/05/2024):

Caution: These IPs are configured by Microsoft and can be changed without prior notice.

 
 

Troubleshooting

Error  Description Solution

Unknown Error (XX0000) 

Enhanced Presence has been enabled, Guest Accounts have been added, Permissions have been approved, Multi-Factor Authentication has been disabled for the Guest Accounts.

However, the following error message appears when trying to check the status of users: 

Solution A: Change global collaboration settings

  1. Head to In Azure Portal > Users > User Settings > External Users > Manage External Collaboration Settings.
  2. Set the "Guest User Access Restrictions" to either "Most inclusive" or "Limited access" 

This is a global setting and applies to all (future) guest accounts. If you do not want to change this, consider solution B below.

 
 
 

Solution B: Change individual user role assignment

Since the External Collaboration Settings are a global setting, you may not want to relax these rules just for one application. Instead you can just assign a special role to the guest accounts.

  1. Head to In Azure Portal > Users > Nimbus Guest Account > Assigned roles > Add assignments.
  2. In the "Membership" Tab, assign the "Directory Readers" role to the Luware Guest Account(s).
  3. In the "Settings" Tab, ensure the assignment is "Active" and "Permanently assigned"
 
 

After the setting is changed, it may take up to an hour for the Nimbus Enterprise App to properly read the users' presence data.

 

Table of Contents