Set-CsTenantFederationConfiguration

Today I was fighting with Federation for Skype for Business in Office 365. This post is mainly to remind myself about the commands used next time I will have to do this.

To start with I had to login to Office 365. For that I started Powershell as administrator and used the following commands.

Import-Module SkypeOnlineConnector
$UserCredential = Get-Credential
$sfbSession = New-CsOnlineSession -Credential $UserCredential
Import-PSSession $sfbSession


Next I verified that the "Allowed domains" list were empty, just like I could also see in the GUI.


PS C:\WINDOWS\system32> Get-CsTenantFederationConfiguration

Identity                            : Global
AllowedDomains                      : AllowAllKnownDomains
BlockedDomains                      : {}
AllowFederatedUsers                 : True
AllowPublicUsers                    : True
TreatDiscoveredPartnersAsUnverified : False
SharedSipAddressSpace               : False

An empty "Allowed Domains" list.

Then I started to have some issues since the documentation around the following commands is not entierly correct. To add an allowed domain the command Set-CsTenantFederationConfiguration should be used. However, the AllowedDomains parameter is not listed in the examples on how to use the command, and the handy AllowedDomainsAsAList parameter is not documented at all. Set-CsTenantFederationConfiguration should be used in conjuction with New-CsEdgeDomainPattern so the working syntax for these two commands are as follows:


$x = New-CsEdgeDomainPattern -Domain "microsoft.com"
Set-CsTenantFederationConfiguration -AllowedDomainsAsAList @{Add=$x}


using these commands we can build a "list" or script with powershell commands.


$x = New-CsEdgeDomainPattern -Domain "cellip.se"
Set-CsTenantFederationConfiguration -AllowedDomainsAsAList @{Add=$x}
$x = New-CsEdgeDomainPattern -Domain "relevo.se"
Set-CsTenantFederationConfiguration -AllowedDomainsAsAList @{Add=$x}


And now Powershell, as well as the GUI is showing what I want.


PS C:\WINDOWS\system32> Get-CsTenantFederationConfiguration

Identity                            : Global
AllowedDomains                      : Domain=microsoft.com,Domain=cellip.se,Domain=relevo.se
BlockedDomains                      : {}
AllowFederatedUsers                 : True
AllowPublicUsers                    : True
TreatDiscoveredPartnersAsUnverified : False
SharedSipAddressSpace               : False

Don't hate - Federate!

Microsoft Techdays 2017 in Stockholm

Today I joined some 2000 computer nerds at Microsoft Techdays, the largest IT conference in Sweden. Besides meeting a lot of old and new friends I attended the following sessions which I have summarized here.

"The best road to a complete communications solution in the cloud."
(Bästa vägen till en komplett kommunikationslösning i molnet - this session was held in Swedish and auto translated by Office 36... me.)

Presented by Peter Klein - Tele2, Level 100

Start to analyze your organizations communication needs.

According to Microsoft / Tele2 some common needs are:

• Empower employees / Always connected with data in the cloud
• Engage customers / Customer focus in everything we do
• Optimize operations   
• Transform products     
• Embrace Collaboration / Collaboration culture
• Encourage Mobility / Activity based office

63% of Swedish organizations with more than 200 employees is using SFB
85% of these are using SFB primarily for meetings. (IT-bussen 2016)

Meetings
Skype for business - good to use during a meeting.
Microsoft Teams - to be used before, during and after a meeting.
(Scheduling, recording, transcription, translation, AI)
In the future AI will probably be used during meetings to ensure that people follow the agenda, collect action items and remind participants about them later on.

3% of Swedish organizations with more than 200 employees is using SFB as their primary telephone system. We are still using multiple systems and multiple devices, but the presence state or call logs are seldom unified over these systems. We want to show the same one number (which can be used for SMS as well) when calling out, no matter which system we use.

The SOF - Skype Operations Framework is changing into "Fast track for cloud voice".

The envisioning and design workshops remains in this program.
Map your colleagues to "roles" - depending on how are they communicating?
User adoption (get the users to use the solution!)

Why should you put your communications in the cloud?

• Evergreen telephony
• Focus on the core business
• Ease of administration
• Ease of support
• International deployment
• Integration with cloud applications

Why should you NOT put your communications in the cloud?

• Missing functionality
• Legal requirements
• Cost of migration
• Integrations that cannot be made

Announcing "Tele2 Connect 365" a cloud-to-cloud solution, that builds on the existing "Tele2 switch" cloud service.

Everything you need to know about Microsoft Teams and how Office 365 Groups are used.

Presented by Ståle Hansen - Cloudway.no, Level 400
(This session was held in Scandinavian "Skavlan" English.)

With Teams we can finally go email free - at least for selected projects. The persistent Teams chat can be an effective replacement for email.

Office 365 groups - a single identity across services - is both an Exchange group and an Azure AD group. The group used in Teams is an Office 365 group, but the group used for SharePoint is an Azure AD group. The SharePoint site is created when needed (when you store the first file) and not at the initial creation of the Team.

File sharing in the Channel chat and in the private chat is not the same, OneDrive for the private chat and SharePoint for the channel chat.

Where stuff is stored - note that there is no "Teams storage".

Teams does not introduce new ways of storing stuff, "only" a new way of consuming the data stored in Office 365.

Skype for business Online plan 2 is needed for interoperability with Teams.

Maximums (as of today):

• 500,000 teams in a single tenant
• 2,500 users in a team
• 250 teams per user
• 80 users in a meeting
• 20 users in a private chat

Office 365 for IT pros - an online book with lots of good information around Office 365 groups.

There are no PowerShell commands to control the behavior of the "Teams service" right now, but New-UnifiedGroup, Remove-UnifiedGroup and Get-UnifiedGrouplinks -LinkType member can be used to create, delete and check groups / teams.

It is possible to limit the creation of Teams to a specific group (like "helpdesk") in case you would like to limit the number of groups created.


There's a new App in town - Microsoft Teams Apps

Presented by Wictor Wilen

A Teams App is a service available in Microsoft Teams, in the right context, which could be made available through the Office Store.

A Teams App can be Tabs / Bots / Connectors / Compose Extensions.

• Tab is essentially an iframe.
• Bots are built using the bot framework
• Connectors push information or "interactive cards" into a channel
• Compose Extensions can augment data into the Teams Compose box.

A Teams app can be sideloaded (added) in the development version of a Teams client.


Skype for business becomes Teams - What does it mean to me?
Skype for business blir Teams - Vad betyder det för mig?

Presented by Martin Lidholm

Unified Communication might be renamed Intelligent Communication

Teams the first real front-end application for all Office 365 services.
Looking at Cisco Spark as well as Teams we see a strong trend to use a single application to consume several cloud services.

Two reasons for using Skype for business on-premises are Legal requirements or that you started early with Skype for business and have done custom integrations.
Is Skype for business 2019 going to be "the last" version of Skype for business?
No, this has not been communicated.
What will come in the 2019 version?
Support for new OS / SQL and cloud innovations that can be easily ported to the on-premises version.
Is Teams "based on" Skype consumer?
No, but it shares a new backend service with Skype consumer.

• Cloud PBX is being replaced by a new "Bring your own SIP Trunk" where customers could connect a SIP trunk straight to Office 365.
• The UCMA API or something similar is missing in Microsoft Teams, and it is not even in the roadmap at this time.
• Skype Room Systems will be adapted and work with Microsoft Teams to protect investments already done.
• Pexip and BlueJeans will develop solutions similar to Polycoms Real Connect for Office 365.
• Headsets and other devices that work well with Skype for business will work well with Teams as well.

The recently published public roadmap contains a lot of new things that is coming in the coming 9 months.

Skype for business Server 2015 prerequisites on Windows 2016

In June of 2017 the article "Server requirements for Skype for Business Server 2015" were updated to list Windows Server 2016 as an operating system "that will allow you to install and successfully use Skype for Business Server 2015."

This support requires Cumulative Update number 5 to be downloaded by the Skype for business Deployment tool as described in the article "How to install Skype for Business Server 2015 on Windows Server 2016". This article does not specify how to prepare the Windows 2016 Server before running setup.exe and downloading CU5. So, besides installing all available updates for Windows 2016 I used the following powershell command to add required components:

Add-WindowsFeature RSAT-ADDS, Web-Server, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, Web-Dyn-Compression, NET-WCF-HTTP-Activation45, Web-Asp-Net45, Web-Mgmt-Tools, Web-Scripting-Tools, Web-Mgmt-Compat, Windows-Identity-Foundation

After running the command above my "Add Roles and Features Wizard" looked like this:

And before running the Skype for business Control Panel I had to download and install Silverlight just as described in my article about "Skype for business Server 2015 prerequisites on Windows 2012 R2".

How to add twitter to your Microsoft Teams channel

I am a fan of twitter and I am really happy that I now can add twitter feeds to my channels in Microsoft Teams. Would you like to do that to? This is how.

1. Open the "Connectors" window from the channel properties (not the Team properties)

2. Find Twitter in the list of connectors and click "Add" (twice.)

3. Enter a twitter account to be used by the connector, and specify which twitter accounts and hashtags you would like to follow. Also specify the frequency at which you would like to receive new tweets, click "Save" and close the Connectors window.

4. Now you should see a post confirming that new tweets will be posted to the channel.

5. Sit back and wait for the tweets to roll in!

Hope you will enjoy looking at tweets and discussing them in your team! Please follow me on twitter at @mkressmark

Ignite 2017 An overview of Microsoft Teams architecture

On demand recording available here.

Microsoft Teams is designed for the cloud to be agile at massive scale to amplify the value of Office 365.

Teams are clients utilizing Teams services, Office 365 services, the Skype infrastructure and Azure. A "Team" in Microsoft Teams consist of a modern group (Office 365 group), a SharePoint site and a set of "Channels".

If you get a message and have not used Teams in the last 60 to 90 minutes you will get an email about it. If you paste a URL into a Teams channel the URL preview service will display a preview so that people will see what it is before clicking it.

Data at rest resides in your region based on your tenant affinity, and this will shift to even more local in country storage in the future.

The conversations are stored in memory when sent - for speed, but also in Azure (blob, tables, queues) and in Exchange. Files used in a team/channel conversation are stored in SharePoint. Teams utilizes O365 Information Protection tools so that features like eDiscovery, Legal hold and Retention policies can be used on the stored data.

You can invite guests, and revoke access to guests through the AD token in the tenant that represents the guest. If you need to block the option of creating a Team in Teams, you can block the option of creating groups in AD.


Questions and Answers

Giving someone guest access - will this not give access to all the underlying infrastructure, what about access rights and licensing?
Yes, the guest is a guest in the "Azure AD" tenant, not only in Teams (licensing not answered.)

Is the meeting scheduling process quicker than in Skype for Business if we try to create like 1000s of meetings?
Yes/No, the scheduling is done using the Exchange Online calendar.

Will Teams work with Skype for Business on-premises?
Yes, they can run side-by-side.

What about Teams "replacing" Skype for business?
A lot of the core capabilities are already there. Certain things like data residency, broadcast meetings and non-persistent chat is not in Teams yet, however we will see a lot of activities during next year to bring feature parity (and better) between the products. A gradual move of users to Teams will take place and have already started.

Files stored in Onedrive for business - in who's Onedrive?
In 1-on-1 chats files will stored in Onedrive for business and permissions automatically assigned to the peer you are chatting with.

Will it be possible to programmatically create teams?
Yes, the ability to create teams, add members etc, is on the roadmap. (coming this year.)

How about delegation?
It is not availble now, but is coming.

Can we configure the set of connectors available to the users?
Yes.

Can we support naming conventions when creating teams?
Teams will honor the naming conventions used for groups (available, but not in all tenants just yet.)

Will the Teams calendaring feature work with Exchange Online vNext?
Yes.

Are there plans to replace the Onedrive storage with something else?
No, not at this point.

What happens if we move a mailbox from on-premises to online?
The data will merge.

Can we have individual permissions per Channel?
This is a big ask from customers and is "in process", so soon yes.

Can we migrate a Team from on tenant to another?
No, not at this point.

Can we define retention policies for chats and for team conversations?
Yes, this is being worked on right now and released soon.

Will Teams have to be changed in order for customers to adhere to the new EU GDPR rules?
Teams will support GDPR requirements when it must be enforced in May 2018 (as well as all of Office 365.)

Can we use the conferencing hardware for Skype room systems in Teams?
Yes, this is coming during next year.

How does authentication in the desktop client use?
Standard Azure authentication is used.

Is the number of people allowed in a team going to be increased?
Yes, the current limit of 999 persons per team will be increased very soon.

In a 1-to-1 chat, is messages from both participants stored in both users mailboxes?
Yes, and for guests in the cloud storage.

Will it be possible to integrate an existing SharePoint site with a team?
Yes, a tab can be added and point to a specific SharePoint site.

Is voicemail available in Teams?
Yes.

Can we verify that different Data residency requirements for a Team with people from 5 different countries are met?
Data residency is done per tenant.

Can Teams use on-premises or a hybrid SharePoint for the Teams site?
No, Teams work with SharePoint Online only.

Will I be able to sign-in to two different tenants from the Teams client?
No, not right now, but the guest access concept will change over time, and something similar to the current Skype for business federation will come.

Can we audit failed access attempts to a team, or private channels?
Not now, good feedback.

Will media flow peer-to-peer in a Teams call?
Yes, if not blocked by firewalls.

In a Teams meeting will one or several MCUs be used?
A single "Home MCU" will run/mix the meeting.

Will there be APIs or ways to programmatically control a Teams MCU/meeting?
There are "hooks" available, and more of this is on the roadmap.

Are there plans for an on-premises version of Teams?
No.

What are the plans for CCE-like functionality for Teams?
The plans are to certify SBCs to connect directly to the cloud voice solution, so an on-premises SIP Trunk could be connected to the colud. CCE will not be needed in the future.

Ignite 2017 Collaborate in a chat-based workspace with Microsoft Teams

We see a shift from individual productivity towards team based productivity. The presentation featured a long demo of Microsoft Teams. The following features were presented:

• Member / Owner
• Teams & Channels
• Files
• Integrated OneNote with ink support
• Tabs
• Meetings
• Guest Access

The customer Dentsu Aegis Network talked about their journey with Microsoft Teams.

Links

Teams Roadmap   
Product help  
Known issues   
Product Ideas   
Teams Dev Hub
Community


Questions and Answers

How about Channels with different membership than the parent team?
This "shared channel" concept is being worked on.

How can we control the provisioning / creation of Teams?
There are Office 365 policies on who can create groups, a group = a team behind the scenes.

What happens when a user that created a team is terminated?
Policies for archiving and in place hold will still apply, and there is an option to promote another user to become the new owner of a team.

Can we track how many teams and channels are created?
Yes, this will be exposed in the Admin center later on.

Can we re-brand the Teams client?
No, but there is the concept of themes.

How about clientless meeting join?
It is coming in teams, but not there yet.

Which browsers are supported?
Most of them except for Safari.

Can we allow non-Azure AD accounts as guests in teams?
No, this is being worked on, but no time plan can be given at this time.

Ignite 2017 Demystifying internet connectivity to Skype for Business Online and Microsoft Teams

On demand recording available here.

Microsoft runs a high-quality network around the globe to provide services to customers. This Network is closer than you might think, and it means that only little of the traffic actually uses the public Internet.

This article describes the network in greater detail:
How Microsoft builds its fast and reliable global network

And recently Microsoft announced a new nice addition to this network:
A cable stretching 4,000 miles between the US and Spain is the key to a high-speed future

Audio & video is realtime traffic and must be handled different from emails / web browser traffic. The stateless UDP protocol is used for realtime traffic, if a packet is lost there is no point resending it.

Most networks were designed when we had all services on-premises. Now we moved many services online, and we need to reconsider how we do networking.

The network has peering with more than 2500 ISPs around the world in more than 130 locations.

The ideal scenario is a local internet breakout in every office, and not a central breakout point. The analogy used is, "the faster you can get on the freeway the faster you will reach your destination." Identify Office 365 traffic, use local DNS resolution and egress as close to the user as possible.

What kind of performance measures do we need to get a good experience?
In short:

To make a short story long:
Media Quality and Network Connectivity Performance in Skype for Business Online

How can we check these metrics?
Use the Skype for Business Network Assessment Tool.This tool has been a part of the Skype Operations Framework and I have covered it earlier in this blog.

QoS is always a good idea even if our servers now are online, it will have a good impact on peer-to-peer traffic.


Questions and Answers

What about VPNs?
Use split tunneling.

The proxy pac file must contain all Office 365 URLs / FQDNs, but the firewall is allowing/blocking locations based on IP addresses.
How do we match URLs / FQDNs to IP address automatically, to update both pac file and firewall?
This is a challenge.

What ports are Teams using for realtime audio / video?
Teams are using the same destination ports as Skype for business online.