Tenant health
Live + last 7 days vs trailing 30-day baseline Β· updated 12 min ago
π Calling
Healthy
0
πΉ Camera video
Healthy
0
π
Meetings
Degraded
0
π₯οΈ Screen share (VBSS)
Degraded
0
ποΈ App sharing
Healthy
0
π’ Rooms
Healthy
0
Overall quality score
0/100
Awaiting callRecords
Users monitored (7d)
0
Rooms monitored (7d)
0
Shared devices monitored (7d)
0
Rate-my-call
4.2β
βΌ 0.3 Β· top token βEchoβ Γ41
Call quality distribution
CQD stream classification Β· awaiting callRecords
- β Good0.0% Β· 0
- β Poor0.0% Β· 0
- β Unclassified0.0% Β· 0
Where is the problem?
Poor streams by attributed cause Β· 7 days
Awaiting data0
Top affected entities
Worst poor-rate first
| Entity | Type | Poor rate | Status | Top cause |
|---|---|---|---|---|
| Awaiting data | Tenant | 0% | Healthy | None |
Status thresholds: Critical β₯20% poor rate Β· Degraded 5β19% Β· Healthy <5%
Scoped monitoring diagnostics will appear here.
Recent quality events
Last 5 calls with issues Β· Most recent first
Awaiting data
Recent events render from poor media streams in the active callRecords payload.
28-day quality heatmap
Quality rate by day
Tenant Settings
Contoso Β· VIP groups, sites, Graph permissions, notifications, privacy and billing
Network and Sites
Graph Permissions
Notifications
Privacy and AI
π Network topology
Upload subnet-to-site mapping (matches CQD building data format). Maps call records to physical locations for site-level analysis.
CSV format:
Subnet,SiteName,BuildingName,City,CountryNo network topology uploaded. Upload a CSV to enable site-level analysis in the Issue Explorer.
Future uploads
Additional data sets planned for enrichment.
Data set
Format
Status
πΆ Wi-Fi APs / BSSIDs
CSV (vendor-exported)
Coming soon
Connected data sources
Architecture reference data for the Microsoft sources used by CQL
| Source | Status | Last sync |
|---|---|---|
| Teams call records | Connected | Live, change notifications (< 1 min lag) |
| Presence | Connected | On demand per VIP detail page |
| Service health | Connected | Polled every 15 min |
| Directory and Groups | Connected | Delta sync every 5 min |
| Intune managed devices | Connected | On roster sync |
| Azure OpenAI | Connected | On demand narrative generation |
Stack is intentionally locked to Microsoft Graph, Microsoft Intune and Azure OpenAI. ServiceNow, Cisco DNA, Zscaler, NetBox and Aruba remain out of scope.
Data governance and retention
Reference policies for uploaded and derived data
- Storage regionUK South, tenant-isolated, encrypted at rest (CMK)
- Used forEnrichment of your tenant call records only, never shared cross-tenant
- RetentionActive until superseded, archived versions kept 90 days for rollback
- Audit logAll uploads logged with user, timestamp and file hash
- Right to deletionHard-delete on demand, purged from analytics within 24h
- ComplianceSOC 2 Type II, ISO 27001, UK GDPR DPA available on request
Microsoft Graph application permissions
Reference list for the Graph permissions required by CQL
Permission
Purpose
Status
CallRecords.Read.All
Call quality telemetry ingestion
Granted
GroupMember.Read.All
VIP roster sync
Granted
User.Read.All
User context and org structure
Granted
Calendars.Read
Predictive risk, scoped via app access policy
Scoped
Presence.Read.All
Live VIP presence
Granted
ServiceHealth.Read.All
Microsoft 365 service health correlation
Granted
ServiceMessage.Read.All
Service announcements and message center
Granted
DeviceManagementManagedDevices.Read.All
Intune device context
Granted
DeviceManagementConfiguration.Read.All
Change correlation for Intune policies
Granted
AuditLog.Read.All
Sign-in correlation and audit lookups
Pending consent
Directory.Read.All
Org chart for blast radius scoring
Granted
Sourced from
/servicePrincipals/{id}/oauth2PermissionGrants and /appRoleAssignedTo. CQL never writes. Re-consent is performed in Entra by a Global Administrator.Notifications
Coming soon
Notification channels and routing rules will be available in a future update. CQL will support Teams channel webhooks, Teams chat messages and email via Microsoft Graph.
Azure OpenAI region and retention
AI model configuration for this tenant
Region pin
- Prompt logging Β· No PII leaves your tenant regionOff
- Retention Β· Configurable30 days
- Model Β· Standard 20K TPMgpt-4.1-mini
Privacy and visibility
Data visibility controls for this tenant
- Call content, transcripts, messagesNever read
Show meeting subjects in UI
When off, the UI shows the meeting ID only. Subjects are still fetched for AI prompts.
Enable audit log export
Representative front-end control until audit export settings are wired
Mask VIP names for non-admins
Names render as initials only for viewer-role accounts
- AI data sharingNone. Not used for training.
- Tenant data isolationPostgreSQL RLS + EF query filter
- Encryption in transitTLS 1.2+