Home » Articles posted by Mark Vale (Page 3)

Author Archives: Mark Vale

The Importance of the Persona in Microsoft Teams

You’ve probably heard about personas from the days of Lync, Skype for Business or even other UC technologies. If you have not, and are venturing out into the Microsoft Teams tech-scape, then Personas mean experience profiles.

These experience profiles are like configuration buckets that you create in an effort to approach a UC deployment in a consistent manner, ensuring your users receive a predictable experience based on their usage requirements.

Microsoft Teams offers users many more configurable options than any of its heritage predecessors, expanding away from UC specific and into the collaboration and extensible spaces.

Whilst all these features and options are great from a product offering perspective, it can cause real headaches for deployment teams trying to deliver capability to an organization. If you add up all the configurable options and every permutation of each option, you’ll realise that your persona list will reach the thousand mark very quickly. Obviously, this is no good for deployment strategies.

Persona’s used to be specifically assigned per individual use case, but with the inclusion of collaboration, we are now tasked with applying a persona to a team, and indeed several teams by proxy of the user being a member or owner. There is no easy formula to follow, collaboration is a fluid genre and the boundaries must be well defined to maximise the benefit whilst protecting intellectual property and organizational security.

Focusing on the user specifically for now, when we inspect the Teams user object we realise that there are only a handful of policies available that can effect a user’s Teams experience. These are:

  • Messaging Policy
  • Meeting Policy
  • Calling Policy
  • Upgrade Policy

These four policies govern the users core functionality in Teams, yet between them you can muster over 20 different experiences from them.

Trying to manage 20 core personas from an operational perspective is a nightmare, and not something that is sustainable. You need to focus these down to a handful of persona options, 5 at most, 4 better, 3 optimal.

You have to take the lead and understand the objectives that have laid in the foundations of the project. It is in your organization’s, it’s users and your project to ensure you arrive at the end state quickly, within budget and with as little friction as possible.

This is where your creators license comes in. If you sit and discuss each and every option with your organization, you will be designing bespoke personas on a departmental and even individual level. Your project will never get off the ground and even if it does, trying to implement that over tens of thousands of users is going to lead to mistakes. Even worse, neither you or the user may notice the mistake. You’ll have policies that overlap with functionality and mixing those together can have adverse effects which increases trouble tickets and contribute to negative feedback from users. It will be carnage at biblical scale.

It is important to sit down with departmental heads to gain an understanding of what they use, why they use it and what they need to make their jobs more efficient. Collect that information across multiple departments and use that collective data to figure out your persona requirements.

For instance, you may find that 7 out of 10 departments require screen sharing capability within meetings or peer-to-peer. If the percentage is over 70% then that requirement should become standard and offered out of the box in your personas. Configuring a baseline aimed at the majority not the few is an about turn in the normal deployment methodology I know, but we live in modern times and old ways just aren’t optimal these days.

Certain policy options such as allow external users to request control, or anonymous users can start a meeting are global business decisions that transcend every policy created. Therefore, you do not need a policy that allows or denies these with every permutation. Simply pick the setting that complies with the organization requirements and bake it into your base policies.

You may find that there are valid cases for more restrictive use based on your findings. For example, perhaps only 4 in 10 departments require the use of Video. So there would be a cases to have both a video on and video off meeting policy.

Your standard offering meeting policy would therefore be; allow meetings, allow screen share, disable video. Furthermore, you now only have 2 meeting policies to choose from in your personas instead of 3. Not much you say? But wait, what about other policies?

Another tip, when looking at departmental persona assignment, if more than 50% of the department falls into a persona of most privilege, then you should plan that the other 50% also get the same persona, even if your data shows that they can function on a more restrictive persona. Why? Its down to peer jealousy. Why has Jane got Video and I haven’t? Believe it or not, on the last Teams roll out I did, this type of feedback was the most common and caused the project to spend too much time reworking people so that they can feel equally treated. At the end of the day, you know that they are probably not going to use their additional feature that much, they may dabble, but most people revert to type after a few days. If they do, and they become a prolific user of the additional features, then you’ve transformed that user, and that is a massive win for the project and grade 1 justification for your existence!

It is a fair assumption that no one in Teams is going to want their Chat policy to be turned off, so therefore really this the decision here is whether you want to allow Giphy/Meme support or not. My personal opinion is we should allow them with moderation set to strict to avoid insensitive posts being sent. I don’t find Giphy’s offensive, or not for the workplace. Properly used can add sentiment to a conversation that could otherwise be confused between parties (avoid the i was only joking, I didn’t mean to offend comments). We had the same arguments when emoji’s came into UC chat, ohh they will be abused said the scaremongers, but now they are old school and accepted as an integral part of UC. Giphy’s are just emoji’s version 2019!

Now I still have two personas to choose from after making this decision. On with the next.

Now we are going to discuss the calling policy. This controls whether a user is allowed to make a P2P or Enterprise Voice Call. I’ve had many discussions about this policy with respect to whether we should block P2P audio or not as a persona offer. My personal view on this is to allow P2P out of the box. The excuses commonly used to disable it is the lack of peripheral distribution or project budget to cover headsets. However, although valid, we simply cannot think that blocking P2P audio is a solution to hardware distribution woes. Why? Every Teams user has the capability to join a Teams meeting, even if their meeting policy is AllOff. If they have to join their managers or execs meeting, they need a headset. Therefore the policy to prevent P2P is flawed and ineffective, although may help to reduce the impact it doesn’t warrant the block.

So now I have decided there really is going to be one calling policy offered to everyone, so my persona count is still 2.

The last policy we are interested in is the upgrade policy and this determines the interop / coexistence mode applied to the user inheriting the persona. The likelihood here is that you’re going to have 3 upgrade modes, not including the tenant default. If you’re coming from Skype for Business, then probably your tenant mode will end up being sfbonly, at least until Teams is mainstream on your tenant as it preserves current state without causing untested havoc. The 3 that you’re going to have is SfBwithCollab, SfBWithMeetingsAndCollab and UpgradetoTeams.

By definition of one of these modes, SfBwithCollab, we now realise that we need another meeting policy in Teams to turn all meeting options off for these users and a calling policy that turns off P2P. Now we have 3 meeting policies, 1 chat policy and 2 calling policies. Now I can build my persona offers to users

Collab Only – Chat Policy: Global; CallingPolicy: DisallowCalling; MeetingPolicy: AllOff; TeamUpgradePolicy:sfbwithcollab

SfBWithTeamsMeetings –
Chat Policy: Global; CallingPolicy: DisallowCalling; MeetingPolicy: Global; TeamUpgradePolicy:SfBWithCollabAndMeetings

SfBWithTeamsMeetingsAndVideo –
Chat Policy: Global; CallingPolicy: DisallowCalling; MeetingPolicy: AllOn; TeamUpgradePolicy: SfBWithCollabAndMeetings

TeamsStandard –
Chat Policy: Global; CallingPolicy: Global; MeetingPolicy: Global; TeamUpgradePolicy: UpgradeToTeams

TeamsVideo –
Chat Policy: Global; CallingPolicy: Global; MeetingPolicy: AllOn; TeamUpgradePolicy: UpgradeToTeams

I now have my 5 Teams personas I can assign users to. Its a manageable number so I can accurately predict each user’s experience and these can easily be baked into operational and MACD support. The project and organization is clear on what is going to be deployed and other Teams such as Change Management can accurately deliver training and first day support with confidence.

I cannot stress enough to instill the processes and implementation strategy engineered by the project into your BAU team and processes. If you don’t then very quickly your nice standardised deployment will quickly descend into configuration chaos that will be another huge project to clear up, and all this effort you’ve put in gone to waste.

As a result, your feedback rating rises, users are satisfied and it’s easier to adopt within the business.

Obviously, you need to perform your own analysis and persona design that reflects your organization’s needs, as with anything, your mileage may vary, but try to keep things concise and designed for the many out of the box rather than the few and you won’t go far wrong. Hope this helps.

Remove User From AzureAD Group Script

Just a quick post to share a simple PowerShell script that will allow administrators to remove a User from an AzureAD Group.

Script will prompt for the UPN of the user that you want to manage and produce a menu list of all their group memberships

Simply enter the number in the square brackets [] when prompted by the script

$user = Read-Host "Please enter the UPN of the user you want to remove"
$azureUser = Get-AzureADUser -ObjectId $user
$groupMembership = Get-AzureADUserMembership -ObjectId $azureUser.ObjectId
$x = 1
$groupArray = @()
ForEach($grp in $groupMembership){
Write-Host "[$($x)] - $($grp.DisplayName)"
$groupArray += New-Object -TypeName psobject -Property @{Id = $x; GroupId = $grp.ObjectId; GroupName = $grp.DisplayName}
$removeFromGroup = Read-Host "Please enter the ID of the Group you want to remove the user from"
$GroupId = $groupArray | where {$_.Id -eq $removeFromGroup}
Write-Host "Removing $($user) From Group $($GroupId.GroupName)" -ForegroundColor Yellow
$confirm = Read-Host "Are you sure you want to proceed (y/n)?"
if ($confirm -ieq "y"){
Remove-AzureADGroupMember -ObjectId $GroupId.GroupId -MemberId $azureUser.ObjectId
Write-Host "User $($user) has been removed from the group" -ForegroundColor Green
Write-Host "Process Cancelled, no changes have been made" -ForegroundColor Red

Skype for Business Address Book Failed in Resource Forest

I never thought I would be blogging about Skype for Business in 2019…. Oh Well! 🙂

I was contacted by a friend who had deployed an Audiocodes CloudBond appliance to one of their customers. They were experiencing issues with users not being able to search the address book service in Skype for Business.

The Audiocodes Cloudbond appliance deploys Skype for Business Standard Edition into its own domain. In order to connect users to it, an AD Forest trust is required between the Cloudbond and User AD Forest. Users are then synched from the User domain to the CloudBond domain.

This is a typical resource forest deployment.

Initial testing showed that when you ran Test-CsAddressBookService with the credentials of a Skype enabled user in the user forest, the result that came back was an IIS Error 500 Internal Server Error.

After much digging around proving that there was nothing wrong with Skype for Business itself, I decided to take a step back and troubleshoot authentication. I could see that the user could indeed authenticate in the resource forest, I could see the user authenticating against the IIS ABS website and the 500 error was coming from an IIS module

ModuleName="OCSABSModule", Notification="AUTHORIZE_REQUEST", HttpStatus="500", HttpReason="Internal Server Error", HttpSubStatus="0", ErrorCode="The operation completed successfully."

Checking the user permissions on the Skype server Local Security Policy I couldn’t see the user domain, domain users group in the Access this computer over the network setting in LSP / Local Policies / User Rights Assignment.

I thought I would check the local Users group on the server to see if it was listed there, and it wasn’t. After adding USERDOMAIN\Domain Users to the local Users group and rebooting the Skype Front End, users were allowed to search the address book service.

Test-CsAddressBookService -UserSipAddress "sip:a009602@domain.com" -UserCredential "a009602@domain.com" -TargetFqdn "rfsfb.sfb.domain.com" 
Target Fqdn : rfsfb.sfb.domain.com
Target Uri : https://rfsfb.sfb.domain.com:443/abs/handler
Result : Success
Latency : 00:00:19.1432698
Error Message :
Diagnosis :

And testing on the client:

Simple fix in the end, but not an easy one to find initially.

Microsoft Teams Error in SDP

I have been working on some calling problems with Microsoft Teams with a customer and thought I would share some information that could be quite useful in situations where you’re asked why this happens.

If you are working in an enterprise with restricted access to the Internet via a default gateway you’ll be paying particular attention to the Office 365 URLs and IP Ranges listed here

You’ll notice that for Microsoft Teams media in particular the IP and port requirements have reduced significantly to one optimization rule (Rule 11) that states UDP ports 3478-3481 should be allowed out through your default route to the address space leaving the remaining requirements to follow your normal internet egress, maybe a web proxy server.

Those keen eyed people will notice that the requirement for the 49152:59999 UDP Ports have been removed some time ago.

So what is the significance of this for Microsoft Teams? Well, the current publication means that Microsoft Teams will should always connect to the Media Relays in Azure in the address space rather than connect directly to the Media Processors which required the 49k-60k port range to be opened to an ever changing list of public IPs.

The rationale is just, in that it simplifies security requirements and the effect of relaying media via media relays in Azure to the Media Processors using the Microsoft streaming network is negligible.

However, when starting a Teams conference or indeed a PSTN call, Microsoft Teams seems to discover the Media Processor IP and attempt to connect to it by default. Notice here that does not appear in the Office 365 IP addresses, but we are most definitely connected to it.

Microsoft Teams Meeting with Direct Connection to Media Processors

In an unrestricted environment such as where this traffic was generated from this is not an issue, but it is at odds with the Microsoft recommended optimizations for Microsoft Teams as stated before.

If we now block these destination ports and try to connect to the same Microsoft Teams meeting we can see that Teams cannot connect to the Media Processors as the firewall prevents it. It then falls back to Media Relay and connects via 3478-3481 UDP ports as per the documented optimizations

Media Connected to Media Relay

So what is the impact? Well, in reality there is no real impact to users or the way Microsoft Teams works. There may be a slight (almost unnoticeable) delay in media connection as Teams fails back to relay and maybe marginally more network chatter to set the call up. It would be nice that if it is preferred that connectivity must always be via relay IP that Teams should be prevented from discovering Media Processor IPs in SDP just to extract that extra little bit of performance.

However, when security teams come to you and say that they’ve notice connection attempts to these high ports, then you can inform them that this is expected behaviour and doesn’t need to be investigated further.

Microsoft Teams 10 Points to Consider before Deploying

We all want to use Microsoft Teams, but don’t rush it out to your business. Instead take a breath and consider your options. Here is my 10 tips to mull over before sliding that license button.

1. Why What When How?

As with every new technology introduction, start with why? Why are you looking at Microsoft Teams? What do you hope Microsoft Teams will bring to your organization? What are your objectives? What do you need to achieve your goals? When do you think you really require it? How do you expect your employees to use it?

Until you can answer these basic questions then you are not ready. It is all too easy in cloud commoditised to just slide the license to active and throw it out and hope for viral take up. But with Microsoft Teams, as good as it is, if you do this then you’re setting yourself up for a world of pain down the line. Compliance and information security, I can think of off the top of my head as the most important consideration when allowing your employees to collaborate. Not only with external users, but also internally as well. Should your production line workers be able to join a Team that discusses their redundancies, or be able to access a shared file link that shows the director’s bonuses for the financial year? Probably not, and without proper consideration and planning from the outset it is going to be difficult for you to control when these situations arise, least not the embarrassment of IT having not considered this in their deployment of course.

2. Don’t Assume

Don’t assume that just because you’ve enabled Microsoft Teams that your users will use it. Prising their hands away from their shadow IT or your legacy system is going to be the most difficult challenge you will face. Remember, techies love tech, so they will be enthusiastic about the move and uptake will be easier. However, normal users are more sceptical and negative towards change because as they see it, what they are using currently is muscle memory and they have learnt to work with it and around it. Have a plan to tackle user adoption early on. Do not leave it as an afterthought or Microsoft Teams will struggle to get off the ground.

When I speak to companies about adoption, the most common go to method of communication with users is e-mail. Personally, I find e-mail the least attractive proposition in an adoption strategy. If I receive an email that is loaded with information and looks daunting, it’s lost my concentration before my eyes have moved off the subject line. The best media for adoption awareness is without doubt video! Creating corporate videos talking and showing the benefits of Microsoft Teams is far more interesting and engaging than reading a boring email. Videos should be short, to the point and easy to follow, free of jargon. Spending the money on professional videos is money well spent.

Then it’s about the distribution method. You could email out a short “Take a look at What is Coming” mail with the video embedded, or the most effective distribution method is a post on your corporate social channel from the CEO. You’ll find that more employees will engage in that form of distribution than any other medium you choose.

However, it is not just about awareness, it’s also about training. Don’t assume that everyone will get Teams. Remember, they are used to performing tasks in a specific way and used to the way features are worded. These change and there is confusion. Make sure your training program includes how to videos, drop in sessions, virtual surgeries that users can jump in to ask questions etc.

3. Don’t Expect Teams to Solve All Your Problems

Remember, Microsoft Teams is a fledgling product. It has a long way to go still and as a result some features you may expect to be there, may not be. Should you wait for that one specific feature to come out before rolling out Teams? I would suggest not. There is far more value in having Teams in your organization without this feature than with it. Your awaited feature completes Teams for you, it does not define it.

You should take time in getting to know what Teams can do for your organization, work out its pro’s and cons for your situation and then decide on how you are going to augment Teams into your workforce and business processes. Use it as an early adopter technique to build a robust and reliable collaboration and communication tool that has long term benefits to your business. Remember, it is not a race. Rushed projects always fail. This may mean that you will have Teams alongside other similar systems for a period of time. This is not always a negative. This allows your workforce to transition at a manageable pace without real impacting and disruptive change. It also gives you time to focus on key scenarios more closely and without masses of expense. If you’re trying to transform your entire organization over a 6 to 12 month period, then you’re going to need a lot of people to help you. Whereas, concentrating on deploying a good base product that provides instant benefit on top of current systems to users, and then working with each department to transition reduces your body count and increases quality and of course adoption long term.

Teams will not automatically fix your broken processes, or poor communication or whatever challenges you currently face. Technology alone cannot do this and circling back to the previous paragraph this can only be done with focus and direction. Putting Teams alongside other systems allows your users to continue BAU while you help them fix their problems showing how Teams when used effectively can assist in achieving those fixes. It’s about promoting possibilities.

4. Coexistence is Critical

Unless you are a sub 50 seat company, switching overnight to Teams from your old system is not going to be possible. Of course, big bang is the easiest way of switching platforms for the target system but it is often not well received by users and causes 100% disruption immediately. In order for a successful deployment of Teams, you need a coexistence strategy, and this doesn’t just extend to the UC element of Teams, but also Collaboration as well. All of a sudden, you’ll have almost limitless document stores across multiple Teams that your business hasn’t fully understood how to maintain source authority or consistency. For instance, imagine a design document being stored in a file share. A user moves it to Teams, then copies it to their One Drive then copies it to another Team and then shares that with another user who copies it to their One Drive. How do you maintain control? Through proper education and eDiscovery searches for duplicated documents etc. but that needs to be planned. UC is perhaps the most critical, you’re rarely going to be able to move everyone over to Teams in one go, especially if they have voice capabilities. How migrated users and legacy users interact is a critical element to get right. Coexistence only really exists between Skype for Business and Teams where in certain modes and certain conditions it is possible for conversations to pass between the two systems natively.

However, for most who use other UC platforms coexistence doesn’t exist in the technology. This means that users, even the ones using Teams will still need access to the old system for legacy communication. This creates a confusion with the users, especially if legacy users are licensed for Skype for Business Online as part of E3 for example, they turn up in address book searches, messages get missed and it becomes largely a nightmare.

For these customers and scenarios, it is easier to deploy Teams with Chat Only capability so that everyone can use Teams to communicate. It is better, in my opinion at least, that in these situations you role out Teams with the minimum functionality needed to support the only critical workload at that moment in Teams, chat. A single chat space is a must. If you try and deliver Teams with full features including voice etc in one hit to people, then you’re going to drive longer projects and as a result longer duration that users have to put up with having to use Teams to chat to Jane, but Google Hangouts to chat to Jack etc.

5. Changing Things Take Time

One particular frustration of mine and something I wasn’t prepared for when I first looked at Teams in anger was the delay between and admin changing a user’s account and not only the affected user seeing that change, but the rest of the users within the organization too. In SfB we are used to inband changes being made within 15 to 20 minutes. In Teams this can be as long as 3 days! This makes execution, especially in deployment a nightmare, and even more so when a user is being moved from SfB online to Teams.

Let me give you an example of what I mean. Jane is using Skype for Business Online. She is in SfBOnly mode and must now move to Teams. I change her interop mode to UpgradeToTeams and grant her Teams meeting, calling and chat policies.

The SfB client realises the user has been moved to Teams within 30 minutes. Jane signs into Teams for the first time. She realises her calling button for telephone calls has not appeared. Calls IT and they say, yes this is normal, it may take 24 hours. So now Jane is without calling capability for 24 hours. No ideal, it’s an outage. Ok this does not happen all the time, but I have seen it happen more times than I feel comfortable with.

But the real issue is this. Jane has been chatting with Jack while she was using Skype. But Jack was using Teams. Jack sees Jane in the Teams client as a Skype contact and that’s where the conversation history and thread is. Jane has now moved to Teams. But Jack’s client hasn’t realised this and is still trying to send a message to Jane’s Skype account and this fails. Jack has to search for Jane again in hope that Teams realises that she has migrated and start a new conversation. This can take 3 days to work as Jack’s client uses cached data and the cache doesn’t refresh as often as you need it to.

Now consider a greenfield deployment of user Emily. Emily uses Google Hangouts. Emily is scheduled to become a Teams user tomorrow. When you license Emily it can take up to 24 hours for all systems to become license aware and provision Emily’s account. So that means, post license you’ll not be able to change Emily’s interop mode to Teams Only is the tenant default is SfB Only until SfB Online has finished enabling her account. After that, Emily is still subject to the risk of the calling button appearing late, especially if she is going to be using direct routing.

In the experience I have the only way I have been able to have some sort of consistency and control is to start the deployment of Emily 3 days before she is scheduled to use it. The penalty for this is that she becomes searchable to others in the GAL ahead of time.

6. Forget SCCM for Deploying Teams

If you use a desktop software deployment solution like SCCM, you’ll be thinking that you can use this to control the deployment of the Teams client. Whilst this is true, you can deploy Teams by MSI or EXE via SCCM, you cannot stop a user from downloading the client and installing it themselves even with restricting local admin rights. This is because the Teams client is installed directly into the users app data folder which runs under the user context.

Personally, I don’t see an issue with this, but some organizations are concerned about unmanaged software distribution that they cannot control.

In my opinion you would want users to download and install the client themselves. You’re not preventing anything by trying to restrict it because they can login to Teams via their browser and get pretty much parity functionality (minus a few UC features). So, if they want the desktop client, then let them. It makes IT’s life easier and encourages users to use the platform.

7. Consider Your Groups

At the core, Teams Team structure is built on top of Office 365 Groups. Therefore, the settings you apply to Office 365 Groups at admin level effect Microsoft Teams. Similarly, if you want a group to behave in a certain way for Teams, for instance, you may want a naming convention, then remember this applies to all Office 365 Groups in your tenant and that means these changes are effective across the entire suite, Exchange, Yammer etc.

Another common restriction on not so much groups but more Azure AD guest invitations is administrators tend not to permit Azure AD guest invites coming from Azure AD members. This means that Group / Team owners and members of that Team will not be able to invite guest users to their Team. In Azure AD there is a guest inviter role, and you can add privileged users to that role. This allows them in Azure AD to generate a guest invitation to an external user, but Teams is not aware of this role, so they are unable to use the Teams client to invite a guest member.

The recommended approach is to allow Azure AD members to create guest invites. However, if you use SharePoint, then use the SharePoint site controls to restrict guest access to these SharePoint sites outside of Teams, thus protecting your data. The same goes with Yammer.

8. Guest Domain Approval & Federated Domains

Out of the Azure AD box any user can invite any external user to a guest AD account in their tenant. This is used for guest access in Teams. You may want to consider restricting this privilege to certain approved external domains so that people cannot add in users from unauthorised sources. In Azure AD there is a white/black list where you can specify domains you want to allow or block. You have to choose your schema, are you going to whitelist, which means everyone is blocked by default unless the domain is in the list, or blacklist, which means everyone is allowed by default unless the domain is in the list.

Most organizations go for the whitelist option as it offers the most protection.

Adding a domain to this list is separate to federated domains. Federated domains are controlled within the Teams Admin Console and works completely independently to the Azure AD whitelist.

Federation is for 1:1 conversations in Teams with an external user from another domain. You cannot use federated domains as a control for guest access in Teams. Guest access is completely different in terms of use case, so do not get these mixed up.

9. Be Prepared for Stuff You Don’t know

Teams offers a lot of app integration with 3rd party providers through the app store, as well as with other Office 365 apps such as planner. Suddenly you will have gone from a UC engineer to having to help and support users who have added apps into their Team that they thought they needed but don’t know how to use it. As it is in Teams, naturally users will think it’s down to you to help them.

Now there is no way to control 3rd party app integration. In my opinion it is needed even if it is a short-term measure to ease businesses over the Teams line and encourage them into the ecosystem.

Most organizations are worried about what data is stored in these 3rd party apps, where they are stored and how the business can control it.

10. Do Your Devices Work with Teams?

If you want the full Teams experience, then you’re going to need to buy Teams devices. The chances are you’re invested in Skype for Business devices and are going to be wondering how they perform with Teams.

Headsets currently have a few troubles with Teams, but they are getting there. This is more about control by the user than them simply not working. For instance, a headset may have its own mute button, but when pressed Teams does not understand that the headset has muted so the mute button is still inactive. Mute still works in this scenario, but users can get confused as to why they are talking but no one can hear them if they’ve muted a while ago via headset but the client still showing them as not. It’s more of an experience thing.

If you’ve invested in 3PIP handsets (Polycom VVX for example) then you are going to be able to use these with Teams through native interop from the Office 365 cloud. At the moment the experience is quite good, and you can do most of what you need to do on a phone without too much trouble. However, they will not work with device management within the Teams Admin Console, for that, you need Teams native devices. Furthermore, it is likely that additional functionality will come to native Teams handsets and 3PIP will become the new LPE and eventually be retired.

Meeting Room devices, if you have SRS version 2 or Surface Hub devices then after an update these systems can be used in Teams meetings as VC endpoints. Anything older then you are going to need interop services. Currently, there are 3 providers, Pexip, Polycom and Blue Jeans. All three have SaaS offerings with their cloud hosted video interop (CVI), but Pexip offers on-premises interop together with distributed interop that can benefit customers with large foot prints of VC rooms more options than cloud based offerings.

Enable Call Park for Microsoft Teams

Microsoft have released Call Park for Microsoft Teams. This feature allows the recipient to place the call in a special kind of holding pattern. As the name suggests, this is more like parking your car. You choose a space, park it, go about your business, come back to the space, pick your car up. Except with call park, the person picking up the call may not necessarily be you.

Call Park is used as a call treatment strategy whereby you cannot service the caller’s request, but some other member of your team or organisation can. Perhaps you have tried transferring the call, but couldn’t get through to the person you intended. Don’t want to constantly bounce the caller from failed transfer to failed transfer? Then call park is the solution for that.

It is different from call hold in that it frees up your line to accept other calls, or more likely, allow you to call around to inform people that you have a call that needs their attention.

Teams offers more options in finding a person to assist by the call handler than standard UC platforms. The handler can choose to target specific people and send them a chat to say I’ve got a call for you, to messaging a group of people and even notifying an entire Team. Ultimately call park is for situations whereby the call can be answered by any member of a specific department, rather than a specific person.

When a call is parked, Teams notifies the person who parked the call of a retrieval code. They can pass this code on to others who will then be able to retrieve that call and connect to the caller.

As with everything, the person picking up the call must be enabled for phone system and using either calling plans, or direct routing in order to successfully use this feature.

Call Park is not enabled by default. You have two options. You can either enable the Global Call Park policy, or create a custom Call Park policy and assign that to specific users. Perhaps a good use case for needing call park features is reception or personal assistants etc.

Call Park can only be enabled via PowerShell currently. To do this connect to Skype for Business Online PowerShell and run the following command to enable on the Global Policy

Set-CsTeamsCallParkPolicy -Identity Global -AllowCallPark $true

To create custom policy first create the policy using

New-CsTeamsCallParkPolicy -Identity MyCallParkPolicy -AllowCallPark $true

Then assign that policy to required users

Grant-CsTeamsCallParkPolicy -Identity User@domain.com -PolicyName MyCallParkPolicy

Once assigned it can take up to 24 hours to take effect. Once done, the user will see a new option in the call control when receiving a call.

When clicked, the caller will be placed into a conference and hear hold music, while the handler will get notified of the retrieval code in Teams

Press the copy button to copy the code to your clipboard and make a mental note of it. You can now press the X close button.

Next you send this code to the person or department you want the call to be picked up by with an appropriate message. This can be chat, email, voice or whatever your chosen medium is.

The person who is going to pick up the call will need to go to the calling app in Teams and select the Speed Dial page where they will see a new button called Unpark

This user must also be enabled for call park in Teams.

Once clicked, enter the unpark code e.g. 11 in my case and press unpark

You will then be connected to the caller.

If the call has not been picked up after approx. 6 minutes, the caller will automatically be transferred back to you

End The Working From Home vs Office Debate. It is Pointless!

For what seems to be an eternity, we in IT seem to be transfixed by the “Working from Home” is better than “Working from the Office” debate. We have argued over and over like politicians in the House of Commons over Brexit. The simple truth is, it’s a pointless argument that yields no actual result.

Personally, I think the debate is ill-founded on principles that bear no meaning towards working life. This debate takes many forms and in recent times over the past year or so been encapsulated in the “Productivity” form. It seems to have got caught up in the reasoning for using Cloud technology, most particularly Microsoft Teams. When you cut away the hype and fluff, you’ll realise this argument actually could have started way back in the early 2000’s. Back then, you could have worked from home to some degree by using VPN connectivity to save your documents, webmail / IMAP / POP to get your e-mail. Granted this experience compared to today would be somewhat basic and some would actually struggle to cope but the essence of being able to work from home existed irrefutably for some people.

Fast forward to the age of Cloud where technology and in particular communications enable you to work more effectively anywhere it is becoming difficult to always understand the boundary between work and home.

This argument over WFH vs WFO is being promoted as an excuse to adopt technology such as Microsoft Teams more so these days than ever before and it’s distracting from the true value of these technologies, creating tangent arguments that actually have zero impact on what you are trying to achieve in the first place.

The argument should not be about whether it is more productive to work from home over the office, but how this technology empowers your business and more importantly your employees to conduct business in a collectively more efficient manner.

I don’t see Microsoft Teams as Productivity tool. If I did, then I would assume incorrectly that by using Microsoft Teams I am by default going to be more productive as a result.

Microsoft Teams to me is an empowerment tool. It gives me the critical features I need to function in my job at my finger tips on any device I choose from mobile to desktop. It doesn’t matter to me where I am, if I have connectivity and a device to hand it means that most probably I can complete a task being asked of me, regardless of where I am.

I am empowered having this capability in my pocket. It means I don’t need to worry that I left customer site 7 minutes before this phone call, or that someone forgot to ask me a question before I left, I can just reach my phone, laptop or whatever, access what I need and complete a task that would have normally meant waiting until the morning.

You could confuse that with productivity, but it is different. Empowerment comes by having access to the capability that may assist you in being productive. Productivity is the decision you make to use that moment in time for your benefit.

In the above scenario, I was empowered because I have access to Microsoft Teams. I made a personal decision to use that moment in time to action a work related task. That decision was me choosing to direct my efforts towards a work related task and that can be seen as productive use of time towards work.

That said, equally I could have chosen to catch up on Narcos on Netflix whilst sitting on a train and I will deal with that request tomorrow. This is equally productive use of my time because I know getting home I wouldn’t be able to watch it. The fact I chose a different path for that moment of time other than work related, does not make me an unproductive person.

And this is why I believe productivity cannot be measured laterally across your workforce.

The real argument between WFH over WFO is down to lifestyle of your employee. Lets not beat around the bush.

My current role, the Office is 2 hours away from my home. I go to the Office 3 times a week. Each of those days I am up at 5am, in the car by 5.45am and in the Office by 8am. I work until 4pm and by the time I am home it is nearer 7pm. Just in time to give my 11 month old her night time bottle, put her to bed, then read my 4 year old a bedtime story, then say Hi to the Mrs, then have Dinner, take the dog for a walk and then go to bed.

On the 2 days I don’t go to the Office, I get up at 6:30am, have breakfast with my Kids, get them dressed, have a bit of a play, take the eldest to nursery. Sit down at my desk at home for 8:30am with a coffee and in my comfy pants and slippers. Break at 1pm, have lunch with my wife, go back to it, finish at 4:30pm pick eldest up from nursery, sit down as a family for dinner, have a relaxing evening.

The amount of work I do at home within working hours vs the office is more or less the same because I have the tools to do my job regardless of location.

I admit, I prefer working from home over the office because it suits me. It makes my life less stressful and I can balance my time better with the family, they see more of me and I am generally less tired.

I will say on the balance of my time as a whole work and pleasure I am more productive when WFH because I am given the time to be. By productive I mean the hours I save not having to travel to the office I can use better towards benefiting my family rather than hours lost to asphalt and brake lights.

So yes, I agree I am more productive at home overall. It does not mean I produce more bytes sitting at my desk at home vs my desk at the office, which some seem to think this is all about.

That said, there are people that want to come to the office as that’s where they work best. Some may not have dedicated home office space, their home life may be that hectic that coming to the office is the only way they can get stuff done.

Other times it is better to conduct work activities face to face. Even with video and digital whiteboarding, sometimes it cannot replace real human interaction.

How as a business / employer can you measure that as tangible outputs across each working habit? You can’t because it is beyond measurements. You can’t say that Jane is a better employee than Dave because she works from home, or indeed the other way around.

However, if you calculate in employee welfare and retention as a result of encouraging flexible working, then the tangible output from that is you may retain skilled staff making your business platform more stable and experienced which allows you to grow more efficiently as a result.

So WFH for me I see as a personal well being benefit. It doesn’t automatically make me more work-productive that when I am in the Office. In fact if I look at the activities I do in the Office vs at home then on balance stuff tends to happen quicker in the office because I can look the person in the eye and get a decision in a moment. Whereas at home I would probably have to first find that person on Teams, send a chat, arrange a meeting to get the decision.

Instead of the debate over which working strategy is best, cancel the debate it really doesn’t matter.

Instead your goals when deploying technology is all about empowerment to your users and business that gives you increased flexibility to conduct business in ways that perhaps before were harder to achieve.

This of course is my opinion. You don’t have to agree with it, you may have your own and that is fine. In fact it proves my point at the beginning of this post that it really doesn’t matter, because at the end of the day every one is different and what works for one, won’t for another. And if that is the case, how can you enforce that through your workforce? You can’t! All you can do is empower your employees to be as effective as they can be with as much flexibility as you can afford for mutual benefits.

Microsoft Teams, your employee communication and collaboration empowerment tool! 🙂





Once upon a Time In Microsoft there was Teams, Yammer and Kaizala

Once upon a time there was a group of people sitting together at a canteen table eating their lunch. Not a word was spoken, until one of them looked up from their phone and noticed that the person sitting next to them was using a blue app to message someone. They look at the person sitting the other side of them and noticed that they were using a blurple app to message someone. They sat and thought for a moment “Hmm… one is using a blue app, the other a blurple which one should I use? ”

They finished their lunch and went back to their desk. They then whispered to the person sitting next to them “Hey I’ve got a great idea! At lunch I saw two people using apps to chat to their friends. We need an app to do that. What if we made an app that we could chat securely in where messages are encrypted? And if we can create groups as well we can have group chats. Maybe we can do video calls too that would be fun! and Oh yeah perhaps we can maybe share files or locations maybe?” Their buddy agreed “We should build that app, it’s a killer idea!”.

Fast forward a few dev months and their work is done, they have this app. Oh now we need to test it? I know the best place for this one said..

After a short test period and a few more dev cycles their app was free of bugs so they took it to their manager. “Hey Boss!” one said. “We have been working on this cool new app and want to show it to you, we think its going to be epic!”. The boss sits back in their chair and says “OK, sell it to me”.

PowerPoint loads their polished deck they’ve been working hard on for a week. “We’ve built this new app that you can chat in and chat in groups or 1 on 1″… “Hold On!” says the boss, “stop! you mean I have been paying you for 6 months and you’ve created a chat app? Didn’t you know we already have this? It’s called Microsoft Teams!”

“Is that the blurple app some people use?” asks one.

“YES!” says the boss. “Microsoft Teams is our collaboration platform for enterprises. It allows our users to chat to each other 1 to 1 using any device mobile or desktop, Mac or Windows. Users can call and do video and have meetings and conferences”.

“Ah, but we have the new concept of groups in our app” says one of the creators.

“Teams has Teams. Anyone can create a Team a team is like a group. where groups of users can chat, call, meet and collaborate on documents together in a secure virtual space” says the boss.

“Oh, our app only allows groups of users to chat, call and share files” says the other creator. “But, we are different as we are mobile only and our app is for instant and random chats between users that can quickly change topic and dimension. We aren’t trying to force collaboration because not everyone wants to collaborate all the time, they may just want to chat. Plus this Teams app you mention by the way you describe it seems to be very narrow focused to a concentrated circle of users. We want our users to be able to chat to anyone without restriction and discuss a wide variety of topics that can be answered by the larger community”.

“But we have Yammer for that” says the Boss. “Yammer is our social platform where you can join interesting groups and ask questions to the wider community, or get involved with conversations replying to group messages. Users can announce important information, share files and other content and also send a private message too”.

“Right….” says one creator. They both pause for a moment, look at each other with sweat starting to trickle down the side of their faces, when the boss pipes up and says “Don’t worry! Iet’s take it to our marketing department and get their feedback!”

A week later, the marketing team come back to them and say “We love it! We have this concept of inner loop and outer loop that we’ve been using to differentiate Teams from Yammer and when and why you’d choose one over the other. It looks a bit straightforward, we need some diversity, so we think this app can fit in this story and we’ve created a new loop. It’s called the open loop. This is where your app will be positioned”.

both the creators and the boss look at each other bemused, but collectively nod their heads. “So what is this loop thing you’re talking about?” one asks.

“well the inner loop we refer to is a bunch of people you work with closely day to day and have regular and purposeful conversations with and need to collaborate together to create something cool, like this app you’ve made. You 3 are a good example of an inner loop. The outer loop is when you want to reach out to your workforce peers and have open discussions about business related topics that may not be sensitive or require answers from people outside your immediate group or inner loop. We use this when you have a question you need answering, but you don’t know who to reach out to in a 1 to 1 conversation, so posting it on an open board allows you to get your answer quickly and more importantly it is probably going to be the right answer, and now you’ve made that connection you never had before

Now the open loop we’ve created for you this is for when the topic is neither fit for inner or outer loop. Its for you to communicate and coordinate across your value chain in a dynamic mobile first manner”.

The boss turns around and says “I get the inie outie loopie thing, but what you just said makes no sense, can you simplify it?”

“Sure!” says the marketing team. “Basically, its just to allow random chats between people in the organization, you know if you need to ask a spontaneous question to a colleague and they’re not online in Teams then you can use this to send them a message. Or if you’re organising a staff party you can create a group and organise it within your group. You know, conversations that probably have limited if no structure or longevity to them”.

“Got it!” says the boss, “So its WhatsApp for Office 365?”

“Yes, you got it!” says the marketing team.

“Today we proudly announce the availability of Kaizala, a mobile first chat and group messaging app for your enterprise”….

I write this in humour of course but I hope it’s made the point. When Kaizala was released I was sceptical as to why Microsoft saw fit to create basically a WhatsApp clone. Whilst I have heard good reports about the app I fear it has an uphill struggle to up seat WhatsApp usage for business communication.

I can see why this has been attempted. People taking potentially sensitive conversations away from corporate systems to WhatsApp even sharing documents etc. and that is a real concern for some businesses who are fighting hard to maintain compliance and control.

I can also see that trying to encourage adoption of apps like Teams and Yammer as alternative platforms to WhatsApp have their limitations and user experience issues for when you just want to send a message and this makes adoption a struggle.

At least with WhatsApp I can scroll my phone address book find the person I want and tap away. In these other apps, its slower in that i have to search and wait for a match etc. They do the job but the experience can be a turn off, so people revert to what is easiest. Its really easy to use, simple and does the job it’s meant for and that’s why people love it.

People think that well WhatsApp is encrypted so its an acceptable platform to talk business and share business documents on and this perception is built from not fully understanding legalities and compliance and control.

So I feel Kaizala is a “If we can’t beat em, join em” app that’s been created to try and unify all business communication under one single controlled and compliant system in Office 365 whereby users are happy they have the tools they want to use at their disposal and the freedom to communicate in the sphere they see fit, but the company maintains overall control and compliance and greatly reduce their attack surface for hackers or unintentional data breaches because someone sent the company financials to the wrong WhatsApp contact…

Evaluating Cloud Video Interop (CVI) Architectures with Microsoft Teams

If you’re like me then getting your hands on video conferencing scenarios is like your nan’s birthday. It comes around once a year and you spend two months trying to figure out what to get for a present. I am not ashamed to state that video is not my strong point especially where interoperability is, it’s just that the opportunities that have come my way have been more centered on enterprise voice than video interop.

Recently, I tried to fill that gap a bit and went on some Pexip training to see how this stuff is done. I don’t know why but I always thought it was more difficult than it turns out to be. Really the only thing different between voice and video is how the codecs behave, the architecture and protocols are fundamentally similar to voice and somehow I knew that, I just thought it was more difficult than it was. 

So at a basic level of understanding we have a device in a room, it does video conference stuff and we need to be able to join this device to another device on another platform that is also doing some video stuff but differently and we need some glue in the middle to make that happen. Enter, Video Interop.

Why can’t these devices just connect? I mean video is video right?

Well to answer than the answer is pretty much no. Remember Blu-ray and HD-DVD? They both are capable of digitally storing a movie but you need a special player to play either Blu-ray or HD-DVD. The same can be said for video conferencing. Each system generally offers the same functionality and delivers the same output, but invariably you need dedicated and vendor specific hardware to use it. What if you wanted to loan your Blu-ray copy of The Fifth Element to your friend who had a HD-DVD player? You can, but they would have to go to the store and buy a blu-ray player…

Of course, I am speaking generally, and HD-DVD never took off, but the point is valid. This is the problem in video conferencing world where you have some gear in your meeting rooms that you want to use inside a Microsoft Teams meeting. How do you get this stuff to work?

The first problem we have to understand is the Microsoft Teams meeting architecture. Fundamentally, this is a H.264 video meeting space which means that any endpoint wanting to use video inside a Teams meeting has to be capable of sending and receiving H.264 video streams.

The second problem is that the Microsoft Teams client is dedicated to the Microsoft Teams meeting ecosystem, meaning that unlike Skype for Business, it is incapable of joining a meeting space hosted by another platform.

The third problem is that your video conferencing endpoint is probably either using h323 or a variant of H.264 that Teams doesn’t understand.

The fourth problem is that Microsoft Teams doesn’t use SIP in the meeting context, so even if your video conferencing endpoint uses SIP, you still have an interop problem to solve.

So your organization is moving its meeting space to Microsoft Teams. How do we solve this problem? Cloud Video Interop (CVI)

Firstly, you need a product to act as a middle man, that is able to ingest the signaling protocol and video codec supported by your video conferencing endpoint and convert it into a Teams compatible signal and codec, send it to the Teams MCU and vice versa. There are 3 products on the market for this right now and they are Pexip, Polycom Real Connect or BlueJeans.

Whichever product you choose, one thing is consistent across all three products. The Microsoft Teams connector (the server that connects the systems transcoding servers to Microsoft Teams) must be installed in Microsoft Azure. The rest can be anywhere, but this connector cannot live anywhere else due to Microsoft certification requirements.

The question now becomes are you going for a SaaS CVI or On-Prem / Private Cloud CVI?

This post is not going to argue which one you should choose, but consider the impacts of the decision you’re about to make.

If you’re going with a SaaS solution, this of course is a faster route to delivery and the benefits of OPEX subscriptions means that within a short period of time the high level objective is achieved. However, one thing to be very conscious about is understanding the architecture and limitations of the SaaS product you have bought into.

The biggest considerations is understanding how interop works. To do this is down to how meetings are organized. If you’re using Microsoft Teams, the meeting space will always be held within Microsoft Teams and an Office 365 datacenter. This could be in the same datacenter as your tenant, or it could be in some other. However, that generally doesn’t matter too much because the Microsoft internal network for Office 365 and Azure is super efficient it almost becomes a moot point. The most important note is that it is Microsoft hosting the meeting.

So now your video conference endpoints need to join a Teams meeting. They do not actually join directly. In any interop scenario, they will register to your interop service and that will spin up it’s own conference of a kind that the video endpoint will join. The interop service will then connect it’s conference to the Microsoft Teams meeting via the Teams connector in Azure. Transcoding happens on the interop service not the connector. 

The next point when considering SaaS is the datacenter location of their transcoding and connector services. There is little point in signing up to a service that has one global point of presence the other side of the world to your video endpoint or tenant because that would introduce some massive latency, packet loss and jitter issues, which is generally considered bad for video and voice.

If the SaaS solution has sufficient global coverage, then maybe it still is a viable solution to consider, if your internet links are optimized with this service in mind.

The other option is to use an on-prem solution, or private cloud where you can control the media path more optimally. Generally speaking, it is better to perform transcoding locally than in the cloud and sending H.264SVC streams over the internet is preferred as its considered more tolerant to network impairments, but with data connections being better than what they used to be, the performance gap is reducing. 

With solutions that use distributed interop, on-prem can be really efficient in scenarios whereby you have multiple video conferencing endpoints wanting to join the same Teams meeting but from all over the world. In this scenario you can have internal transcoding servers located geographically closest to each of the video endpoints. Each endpoint would connect to the closest transcoding server to them, media between endpoints would then switch locally across your LAN & WAN whilst only sending the required media to the Teams conference so that users joined in by the Teams client can interact and participate. 

So on-prem can from an architectural perspective be more appealing in multi-endpoint scenarios and where SaaS doesn’t have the coverage it needs, but comes with the costs of hardware, which for video isn’t going to be cheap entry level server, but a mid to high powered performance server at least 5 figures per server.

In summary, there is no real definitive outcome as to what you should do. Financially it makes sense to look towards SaaS interop with Teams and as we know these days financial incentives tend to win the race. But this does come at a cost that is usually paid in reduced user experience if poorly implemented. For out and out performance, on-prem still wins the race and is the most optimal solution money can buy, but you have to have the money in the 1st place.

I’ll finish with a suggestive approach for you to consider. If your company are light users of video conferencing suites and your persona investigation has proved that device usage will reduce even further with the implementation of Microsoft Teams, then you’d probably want to consider SaaS as your primary solution for CVI.

If, however, your organization are heavy video conferencing users and this is to continue or increase with the implementation of Microsoft Teams, then you’d probably want to consider an On-Prem solution first over a SaaS.

Microsoft Teams CoExistence & Interop With Skype for Business

If you are thinking of introducing Microsoft Teams into your organization and you are currently using Skype for Business, then you will undoubtedly be wondering how these two distinctly different but similar apps interact. In this post, I hope to take a simpler approach to the Microsoft article to help explain the supported scenarios and where you may trip up if not careful.

Interop and coexistence when you have are 100% Skype for Business Online is pretty well established now and as long as you follow the rules of engagement, there shouldn’t be any issues. However, if you have an on-premises Lync or Skype for Business deployment, then things are a little more complicated if you want the users to use Teams as well.

Technically speaking right now, if your user is homed on-premises Skype for Business and is using Teams, this is not currently a supported scenario, although it may work to some degree, the likelihood of weird things happening is high. This is a scenario that will become supported in the near future though, so watch out!

There are a few things you need to do in order to get interop working between a Teams user and a Skype for Business on-premises user. First of all and most important, you must have Azure AD Connect deployed and syncing accounts to AzureAD. Within that sync you must make sure that you are syncing the attribute msRTCSIP-DeploymentLocator. This is so Skype for Business Online can properly detect your on-premises deployment.

Secondly, you must configure your Skype for Business on-premises deployment for hybrid with Skype for Business Online.


In fact, even if you as an organization are not moving to Teams and sticking with Skype for Business On-Premises, you must configure this if you want to continue to federate with partner organizations who are moving to Microsoft Teams!!

Now if you want to allow your users to use Microsoft Teams, you must first move them from your Skype for Business On-Premises to Online if your intention is to move them completely to Microsoft Teams. This will shorten in an upcoming CU for SfB 2015.

With hybrid configured your on-premises homed users can use Microsoft Teams in Islands mode, but will not be able to use Microsoft Teams to federate with external users, they must continue to use Skype for Business for that.  Furthermore they can only use Microsoft Teams to chat and call other internal users who are also using Microsoft Teams in islands or Teams only mode. They cannot use Teams to IM a Skype for Business internal user, they must continue to use Skype for Business for that.

A further note on federation, regardless of on-prem or online if the Teams user initiates a federated chat or call and the partner is in islands mode, the chat and call land in the partner’s SfB client, not Teams!

Skype for Business on-premises users cannot use Microsoft Teams for any phone system features, including direct routing or calling plans as they must be in Teams Only mode for these features.

However, Skype for Business on-premises users can use the Microsoft Teams Meeting features and Dial-in Conferencing should they wish (coming soon). Even though Microsoft say this is a Server 2019 feature, there is no dependency for on-premises software version for this to work.

To try and put this together as a quick reference I have put together the flows as a picture below

Hope this helps to keep clarity when working out what should and shouldn’t happen.



%d bloggers like this: