Skip to main content

Meeting Analytics for M365

Installing the Flowtrace Meeting Analytics for M365

P
Written by Petri Lehtonen
Updated over 3 weeks ago

Purpose:

This article outlines the steps when the installation is undertaken to ensure the technical integration of Flowtrace Meeting Analytics for M365. Additionally we show how you can configure mailbox controls to limit the scope where Flowtrace has data access.

Installation sequence:

Here's an outline of steps you should take.

  • Create an account with Flowtrace (using Microsoft SSO logged in user), and complete the onboarding process with Slack integration (contact our support if you use other IM tools like MS Teams)

  • When you navigate to Settings -> Integrations, you can initiate the M365 Integration

    • This step will establish the connection with Flowtrace Meeting Analytics for M365 Application - Client ID: 04f28283-dae0-4424-9381-6b72f8827e0c

    • Successful installation triggers first user directory data fetching and takes some time. We have seen up to 15 minutes for big directories.

  • Navigate to Settings -> User Management to validate the connection is established

Meeting Analytics for M365 Scopes:

Optional: Teams meetings

You can choose to integrate Flowtrace with Teams for video call statistics. This integration is based on following scopes:

  • OnlineMeetings.Read.All

  • OnlineMeetingArtifacts.Read.All

On top of the above scopes, the integration requires additional policy configuration.

Limiting the scope of the integration

There's a good reason to limit the scope of the integration to certain audience. Some of the common reasons are deploying our tools to a certain geographical or departmental audience, or limiting the POC/Pilot to a handful of people. We offer 2 ways to do this:

1) User directory API filtering using Distribution Group

This is easiest way for you and you maintain full control who is included in the analytics. Only thing required from you is to have a group with people in it who you want to include to the analysis. You then share the group's object ID with Flowtrace account manager and they will update the configuration accordingly. This group is used to filter the users who we use as our meeting processing.

Benefits: Easy, fast, and you remain in control who belongs to the audience

Cons: We have access to all of your users and do filtering on our side

2) Mailbox access filtering:

You can choose the apply restrictions on whose mailbox Flowtrace app has access to. Applying application policy restrictions for a set of mailboxes is done using Exchange's built in features.

Pros: You remain in control, and Flowtrace access is blocked as designed

Cons: Takes more effort, any change requires AD admin

There are multiple ways how you can achieve the restricted access, and here's a couple of Microsoft guidelines to configure these at your infrastructure:

  1. https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access

  2. https://learn.microsoft.com/en-us/exchange/permissions-exo/application-rbac

Here's the steps on how to create the necessary objects for Management Scope Policy filtering:

  1. Create a dynamic group to manage the mailbox access

  2. Create a management scope (New-ManagementScope) for the dynamic group with using (RecipientRestrictionFilter)

  3. Create a service principal (New-ServicePrincipal) for Flowtrace Enterprise App (Client ID: 04f28283-dae0-4424-9381-6b72f8827e0c)

  4. Bind the role to the service principal (ManagementRoleAssignment)

Here's an example screenshot on how you create the service principal to the Flowtrace app, which you can use to assign a role for the scope of your users.

Please contact our support for discussing alternative options if your infrastructure setup does not support Mailbox restrictions.

Did this answer your question?