Home » Microsoft Teams (Page 2)
Category Archives: Microsoft Teams
Working in the Cloud should be fast. But sometimes you just got to wait it out. One of the biggest pain points for me is the lag between licensing a user in Office 365 and Skype for Business Online to complete its back-end provisioning so I can actually start assigning policies and phone number etc.
This delay can range from a minimum of 30 minutes to 24 hours! There is nothing I can do to speed it up and the biggest challenge is providing a predictable experience to the end user. Typically, I want to license and then do something in Skype. With this delay, I am not going to sit around and keep checking when I can actually complete the task. I’m going to do other stuff.
The problem with this is that I am introducing a lag between the back-end ready state and bringing myself back to this task. This could lead to end user realising functionality before I have tailored it to their needs.
Skype Online applies to Microsoft Teams as well. So this is needed if you’re deploying Teams too. Skype for Business Online gives out two properties, assigned plan and provisioned plan. You can access these properties by calling the user object out of PowerShell. Assigned Plan is the core functionality we have given the user based on their Office 365 licenses and Provisioned Plan is the current plan that has been provisioned. There may / will be a drift between these 2 properties when a user is first licensed. This is what takes time to get into sync.
Having been tired of this problem, I created a script that monitors the license provision in Office 365 every 5 minutes, if all assigned Skype licenses return a success the script will continue to Skype Online and check the provisioned plan against these licenses. The script will continue to check the provisioned plan every 5 minutes until all assigned plans return a success. Upon which I can then add my in band configuration commands such as Grant-CsTeamsMeetingPolicy etc.
This now means all I need to do is enter the user’s UPN into the script and hit enter. Simply call the script from the PS window
.\SkypeProvisioningStatus.ps1 -upn firstname.lastname@example.org
Mark is an Independent Microsoft Teams Consultant with over 15 years experience in Microsoft Technology. Mark is the founder of Commsverse, a dedicated Microsoft Teams conference and former MVP. You can follow him on twitter @UnifiedVale
So you’ve got Microsoft Teams and you’ve got some calling plans. You don’t have enough to give every user one, so you come up with a business process that lets you be selective based on business justification. How do you integrate that business process to make it easy for IT and your users to follow?
Traditionally, you’d maybe make a shopping cart item in your service management portal and instruct the user to go there and place an order. On submission, it would trigger an approval process and may be even a provision on approval action. But what if you don’t have this expensive solution? What if you want to extract the value out of your Microsoft 365 subscription?
Well you can do this very easily and without too much hard work. In the following example I am using a simple online form that a user can submit and on submission, trigger a bunch of events that will ultimately lead to them being provisioned a phone number in Microsoft Teams.
For this exercise, we need the following components readily available of any Enterprise Subscription in Office 365
- Microsoft Forms – Used for the end user form
- Microsoft Flow – Used as a business process and conditional trigger / action solution (like IFTTT, but better)
- AzureAD – We need this for Azure Group Based Licensing (easier to manage)
In addition to these inclusive features of your Office 365 Subscription, we also need an Azure Subscription so we can use the benefits of Azure Automation Accounts. We use Automation Accounts to store Azure Runbooks which are scripts that are triggered by a job. We use Flow to trigger these jobs.
By the end of this article, you will have a basic, automated provisioning process template to build on. My job is to show you the way, and therefore devoid of any error checking, which in a production scenario you’d absolutely need.
The experience will be this:
- User will access request form online, complete and submit
- Request will be emailed to their manager who will then approve* or reject the request.
- On approval, the user will be licensed with the correct Office 365 licenses and automatically assigned a phone number from the Microsoft Cloud
- The user will get an e-mail upon completion confirming the action has been completed and their new phone number that has been allocated.
- *if the manager rejects, the user will get a rejection email
Creating Your Automation Account & Scripts
Head on over to the Azure Portal (https://portal.azure.com) and make sure that you have a valid subscription.
Go to Azure AD and create two AzureAD Security Groups (assume you know Azure Group Based Licensing):
- Teams Standard Phone User
- Teams International Phone User
In the standard user group assign the base O365 license e.g. E3 or E5 with Phone System and your domestic calling plan. In the international group assign the base license and your international calling plan, or communication credits.
Note down the Group Object ID of each of these groups. You’ll need them soon.
In the search bar type: automation accounts
This will take you to the Account page. Click the Add+ button and create an automation account (best to choose same data center location as your tenant)
Next, in the automation account you have just set up, click on the credentials blade and add a credential that will have the privileges to run your scripts. Give it a friendly name e.g. “Cred” (Change Scripts with correct name)
Now we need to load the required modules into the automation account. Open the modules blade and click on browse gallery
Search for the AzureAD Powershell Module
Add this module to your automation account. Next we need to load the SkypeOnline PS Module. This is not available in the gallery. Assuming you have this installed somewhere on your PC you will need to ZIP the contents of the SkypeOnlineConnector folder located in c:\program files\common files\skype for business online\modules folder.
Now that you have zipped this folder, upload it as a module to the modules blade in the automation account by clicking on Add a Module. You should see it become available after around 10 minutes.
Now click on the Runbooks blade and create 3 runbooks:
- For Licensing the User
- For Checking Provisioning Status of User
- For Provisioning the User
Make sure both runbooks are PowerShell runbooks
You should have 3 blank runbooks created now like this
Now load the scripts into each runbook.
Open the Licensing User and Paste the following code in, replace as necessary (remember those Azure AD Licensing Group GUIDs? You need them now).
Save the runbook and publish it.
Now open the ProvisionCheck runbook and paste the following code in. Again replace as necessary. This script basically checks Skype continuously until provisioning has completed. We need this to halt the number assignment until we can actually implement it.
Save the Runbook and Publish.
Finally Open the TeamsPhoneUser Runbook and paste the activation code in
Save the Runbook and Publish.
That’s it for Azure Automation, now the fun stuff can begin.
Create the Form
Head on over to Microsoft Forms (https://forms.microsoft.com) and create yourself a form. In my example here we have a simple form that asks the following questions:
- What is your sign in address (UPN)
- What Site Are You Normally At (Dropdown)
- Who is Your Manager
- Do you Need International Calls
- What is Your Justification Reason
My form looks like this:
How you create your form, and how you word your questions will affect the flow, so for this example I recommend that you use the same wording as I have.
Now for the Flow..
Creating the Flow
Ok now before we go into Flow and start doing stuff, lets just recap what we need to do. We need to do something on Form submission, so this is the entry point into the flow.
Next we need to get the contents of the form so we have some data to use. Without it we are stuffed.
We then need to invoke and approval workflow that gives someone the authority to approve or reject the request. Then on either action we need to carry out the approvers commands
One of two things are going to happen at this point. If the approve approves the request, the flow will kick off all the cool stuff and provision the user. If they reject, the requestor is going to get a rejection email.
Now go to Microsoft Flow and create a flow.
Add your entry point by adding an action and searching for Microsoft Forms. Select Forms, then select Triggers and select “When a new Response is Submitted. Then choose the form Id
Now we need to apply the flow actions to each submission. Add a action and search for “Apply to Each”, then Select the Output “List of Response Notifications”
Inside this control we are going to house all our actions. Now we need to get the form content, so we search for forms again and then choose “Get Response Details”. Select the Form Id and select the Response Id from the menu
Now add another action, search for “start and approval”. In this example its a single user approval (their manager). Compile the approval email as you need. You can insert values from the form for clarity to them, like this:
Note I used the Managers email field from the form as the assigned to address so that they get the email.
Now we need a condition to decide what to do if we get an approval or rejection back. Add a action and search for “Condition”.
Add in the Response from the approval and what the expected value is e.g. “Approve”
Now you’ll get a Yes and No branch. The no is what to do if the response is not Approve. In this example, we are just going to send and email to the requestor.
In the No Branch add an action and search for “send email”. Fill out the email with the information you can pull from the submitted form e.g. the requestor UPN and any other information you want.
Step check, take a breather and when minimised you should now see this
Now for the Yes Branch.
The first thing we need to do is call our automation runbook for licensing the user with the appropriate requirements for calling. Add an action and search for “automation” choose Azure Automation and select Create a Job
Select your Azure Subscription, Resource Group and the Automation Account we created. Now select the Runbook LicenseUser. You should see it is asking for two input parameters. Choose the Email Address of the requestor from the form as the UPN and for International Calling the result from the International Calling Question in the Form, like this
The next step is we need to sit and wait for licensing and back end provisioning to complete before we can actually assign a number to the user. If we try now, it will fail. It can take up to 24 hours for this to work, so what do we do? This is where the second runbook comes in. It checks the users Skype and Teams licensing and back end provisioning repeatedly every 10 minutes until all the expected assigned plans have been provisioned. Only then will it return a value which we can then action on.
Create a new Azure Automation Job, doing the same as before, this time choosing the ProvisioningCheck Runbook
From this runbook, we are expecting something back and we need to tell Flow we are expecting something and what to do with it. Add an action and search for Azure Automation, choose “Get Job Output”. Here we are getting the job id of the previously submitted job so we can pull the output from it.
Now the putput from the job is in JSON format, so we need to tell flow to parse JSON. Add an action and search “Parse JSON”. The content will be the Content from the Azure Job and we need to tell flow content type and properties to expect in the content. In the schema enter the following.
We are expecting a JSON Object back, the “Status” is the property we are expecting back from the script and the content of that property is a string value.
Progress check. You should now have these actions under the Yes Branch
Now we need to add a condition. The condition is if the property “Status” is equal to “Ready” then go ahead and provision, If not send an email to IT Support telling them of a flow fail. Add this condition.
Now under the No Branch add a send email like before and this time send it to your IT Support desk
Now to the Yes branch, what do we want to do if the result is set to Ready?
Add an action and create a new Automation Job this time calling the TeamsPhone Provisioning Runbook and supplying the UPN and Location of the user from the form
Now again, we are expecting a result back from this job. It will contain the UPN of the user and the phone number we allocated them. So add another action to get the job output
Again, the format of the output is JSON, so we need to parse it to send an email to the requestor informing them of their new number. Add a parse json action and use the following schema
The last action we need to do is send an email to the requestor informing them that their request has been approved and completed. Add an email action and place the phone property in the email body like so
The complete flow should look like this
Seeing It All In Action
User can now go to the form and complete. On submission, their manager gets an approval email
As the manager I click Approve and I am told that my response has been submitted
In Flow I can see that my flow completed
If I check Azure Automation I can see my Runbook Jobs Completed
If I want I can click in to each one and see the output
If I go into the Teams Admin Center, I can see if the user has been provisioned with this number
The user will receive their email like this:
And that is it. Seems quite complex when you write in a blog, but its very straighforward and only takes a hour if that to set up (longest bit was writing the simple scripts).
Obviously you can take this as far as you want. But for a simple self service phone number assignment tool, it does the job!
Mark is an Independent Microsoft Teams Consultant with over 15 years experience in Microsoft Technology. Mark is the founder of Commsverse, a dedicated Microsoft Teams conference and former MVP. You can follow him on twitter @UnifiedVale
DISCLAIMER: This is not official guidance or professional endorsed by Microsoft or any other company. This information is purely a guide based on my own advice and opinion.
If you’ve come from a Skype for Business, or indeed any other background for that matter, you’re probably investigating your current options with regards to official certification in Microsoft Teams. Personally, I have been weighing up the different certifications and paths Microsoft offer that provide the most value to my career, or least how I perceive my career to evolve in the coming years. The following are my findings and advice, if you want to operate in the future of Intelligent Communications.
The first rock to turn over was understanding the exam paths. Microsoft are releasing new “role-based” certifications which are targeted to compliment the role you’re playing in your day-to-day work life. We also have the more common MCSE certification path.
I will say this immediately, it’s probably a waste of time, effort and money to concern yourself with an MCSE certification if you’re entering Microsoft certification today. MCSE’s in the UC space particularly are based on on-premises applications such as Skype for Business Server, which hold very little if anything towards Microsoft Teams. OK, knowing the heritage platform that could help you pick up Teams voice quicker, but is it worth the cert? In my opinion, no, just pick up a textbook, or do some online reading should suffice.
Microsoft appear to be pushing the role-based certifications, and the only “Expert” level certification that incorporates Microsoft Teams is the Microsoft 365 Enterprise Administrator Expert (EAE from now on) certification. I am not sure I like the certification name, because typically sysadmins do not deploy, but that could just be my insecurities. Anyway, not to distract.
To attain EAE you have a few journey options. I won’t go through them all, instead I will call out the ones I feel provide real benefit to Microsoft Teams.
MCSE: Productivity to EAE
If you have attained an MCSE in Productivity and it is still valid then you can attain EAE by taking the MS-100 and MS-101 exams
- MS-100 – Microsoft 365 Identity & Services
- MS-101 – Microsoft 365 Mobility & Security
This is the quickest route to achieving Microsoft 365 EAE if that is your ultimate goal. The 100 and 101 exams and learning material will help you understand the fundamental building blocks of which Microsoft Teams ins built on and how to securely manage deployments across BYOD and Company Devices. You’d Probably have enough background experience to deploy Teams effectively (Chat and Collaboration).
For those who want to deploy Teams Enterprise Voice, this requires some significant voice skills and knowledge. It’s not so much “how to connect teams to a SIP trunk” but how to integrate this into the workplace that is full of interesting and often out-dated voice technology. This is where many “have a go heroes will fail”.
Teams voice stack comes from Skype for Business. There is a standalone exam you can take (70-333) that will give you all the technical knowledge you’ll need to fully understand Teams voice. It is highly recommended you sit this exam because it will (and is) a fundamental requirement for any Microsoft Teams role that involves an Enterprise Voice deployment. Don’t take my word for it, see the job boards…
No Cert to EAE
This situation is a bit more interesting. People here will not have a legacy MCSE certification, so will need to start the new path from the beginning. From my perspective, there are two routes
- Microsoft 365 Teamwork Administrator
- Microsoft 365 Security Administrator Associate
Logically, you may think that taking option 1 is the best one, after all it is labelled Teamwork, so that must mean Teams right? To a degree you are correct and offers clear certification in deploying Teams.
MS-300 – Deploying Microsoft Teams exam fits the bill perfectly. However, you must attain two linked exam certifications to achieve the Microsoft 365 Teamwork Administrator, which is one of the per-requisite options to the EAE certification.
Microsoft 365 Teamwork Track
The companion exam / certification to make up the Teamwork Administrator, MS-301 is deploying SharePoint Server Hybrid. For many people coming from a UC background this certification is pretty useless and so alien to the heritage skill set, you’d sooner want to cheat your way through it in order to get to EAE. In order to achieve EAE in this track you need to complete the following exams:
- MS-300 – Deploying Microsoft Teams
- MS-301 – Deploying SharePoint Server Hybrid
- MS-100 – Microsoft 365 Identity & Services
- MS-101 – Microsoft 365 Mobility and Security
There is another, better and even shorter way.
Microsoft 365 Security Administrator Track
You could look at the Microsoft 365 Security Administrator Associate learning path. To attain the associate level, which is another feeder requirement option to enter the EAE exams requires you to site only one exam, MS-500. This certification is focused on Microsoft 365 security, which will inevitably help you understand and mitigate risks in deploying Microsoft Teams. In order to achieve EAE in this track you only need to sit the following:
- MS-500 – Microsoft 365 Security Administrator
- MS-100 – Microsoft 365 Identity & Services
- MS-101 – Microsoft 365 Mobility and Security
For those of you choosing this track, I would highly recommend also sitting MS-300 – Deploying Teams as a standalone exam. You won’t earn a certification credit, but you will demonstrate capability and proficiency in Microsoft Teams, as well as being more security focused, which can open doors to opportunities away from Teams specifically.
With any exam track, if you’re considering Teams Voice, please look into 70-333 Deploying Skype for Business Server 2015 Enterprise Voice for the deep voice knowledge you’re going to need to cope with diverse voice ecosystems.
For those wanting to focus on voice and video elements in Teams, you’ll need to expand your horizons away from Microsoft and consider partner certifications. Here are some that may be of interest to you:
- Audiocodes Certified Associate – SBC Essential Configuration
- Ribbon Certified Professional – SBC Implementation & Troubleshooting
- Pexip Certified Expert – Cloud Video Interop
- Polycom (Poly) Video Conferencing Certified Expert
- The SIP School Certified Associate (SSCA)
What will I be doing?
I will take advantage of my MCSE productivity and pursue EAE with the required exams. However, I plan to sit the Microsoft 365 Security Administrator exam to give me that breadth across the M365 stack.
I hope this helps you in your decision making. Its a free choice, it’s your career and I encourage you to follow your own path.
Mark is an Independent Microsoft Teams Consultant with over 15 years experience in Microsoft Technology. Mark is the founder of Commsverse, a dedicated Microsoft Teams conference and former MVP. You can follow him on twitter @UnifiedVale
You’ve probably heard about personas from the days of Lync, Skype for Business or even other UC technologies. If you have not, and are venturing out into the Microsoft Teams tech-scape, then Personas mean experience profiles.
These experience profiles are like configuration buckets that you create in an effort to approach a UC deployment in a consistent manner, ensuring your users receive a predictable experience based on their usage requirements.
Microsoft Teams offers users many more configurable options than any of its heritage predecessors, expanding away from UC specific and into the collaboration and extensible spaces.
Whilst all these features and options are great from a product offering perspective, it can cause real headaches for deployment teams trying to deliver capability to an organization. If you add up all the configurable options and every permutation of each option, you’ll realise that your persona list will reach the thousand mark very quickly. Obviously, this is no good for deployment strategies.
Persona’s used to be specifically assigned per individual use case, but with the inclusion of collaboration, we are now tasked with applying a persona to a team, and indeed several teams by proxy of the user being a member or owner. There is no easy formula to follow, collaboration is a fluid genre and the boundaries must be well defined to maximise the benefit whilst protecting intellectual property and organizational security.
Focusing on the user specifically for now, when we inspect the Teams user object we realise that there are only a handful of policies available that can effect a user’s Teams experience. These are:
- Messaging Policy
- Meeting Policy
- Calling Policy
- Upgrade Policy
These four policies govern the users core functionality in Teams, yet between them you can muster over 20 different experiences from them.
Trying to manage 20 core personas from an operational perspective is a nightmare, and not something that is sustainable. You need to focus these down to a handful of persona options, 5 at most, 4 better, 3 optimal.
You have to take the lead and understand the objectives that have laid in the foundations of the project. It is in your organization’s, it’s users and your project to ensure you arrive at the end state quickly, within budget and with as little friction as possible.
This is where your creators license comes in. If you sit and discuss each and every option with your organization, you will be designing bespoke personas on a departmental and even individual level. Your project will never get off the ground and even if it does, trying to implement that over tens of thousands of users is going to lead to mistakes. Even worse, neither you or the user may notice the mistake. You’ll have policies that overlap with functionality and mixing those together can have adverse effects which increases trouble tickets and contribute to negative feedback from users. It will be carnage at biblical scale.
It is important to sit down with departmental heads to gain an understanding of what they use, why they use it and what they need to make their jobs more efficient. Collect that information across multiple departments and use that collective data to figure out your persona requirements.
For instance, you may find that 7 out of 10 departments require screen sharing capability within meetings or peer-to-peer. If the percentage is over 70% then that requirement should become standard and offered out of the box in your personas. Configuring a baseline aimed at the majority not the few is an about turn in the normal deployment methodology I know, but we live in modern times and old ways just aren’t optimal these days.
Certain policy options such as allow external users to request control, or anonymous users can start a meeting are global business decisions that transcend every policy created. Therefore, you do not need a policy that allows or denies these with every permutation. Simply pick the setting that complies with the organization requirements and bake it into your base policies.
You may find that there are valid cases for more restrictive use based on your findings. For example, perhaps only 4 in 10 departments require the use of Video. So there would be a cases to have both a video on and video off meeting policy.
Your standard offering meeting policy would therefore be; allow meetings, allow screen share, disable video. Furthermore, you now only have 2 meeting policies to choose from in your personas instead of 3. Not much you say? But wait, what about other policies?
Another tip, when looking at departmental persona assignment, if more than 50% of the department falls into a persona of most privilege, then you should plan that the other 50% also get the same persona, even if your data shows that they can function on a more restrictive persona. Why? Its down to peer jealousy. Why has Jane got Video and I haven’t? Believe it or not, on the last Teams roll out I did, this type of feedback was the most common and caused the project to spend too much time reworking people so that they can feel equally treated. At the end of the day, you know that they are probably not going to use their additional feature that much, they may dabble, but most people revert to type after a few days. If they do, and they become a prolific user of the additional features, then you’ve transformed that user, and that is a massive win for the project and grade 1 justification for your existence!
It is a fair assumption that no one in Teams is going to want their Chat policy to be turned off, so therefore really this the decision here is whether you want to allow Giphy/Meme support or not. My personal opinion is we should allow them with moderation set to strict to avoid insensitive posts being sent. I don’t find Giphy’s offensive, or not for the workplace. Properly used can add sentiment to a conversation that could otherwise be confused between parties (avoid the i was only joking, I didn’t mean to offend comments). We had the same arguments when emoji’s came into UC chat, ohh they will be abused said the scaremongers, but now they are old school and accepted as an integral part of UC. Giphy’s are just emoji’s version 2019!
Now I still have two personas to choose from after making this decision. On with the next.
Now we are going to discuss the calling policy. This controls whether a user is allowed to make a P2P or Enterprise Voice Call. I’ve had many discussions about this policy with respect to whether we should block P2P audio or not as a persona offer. My personal view on this is to allow P2P out of the box. The excuses commonly used to disable it is the lack of peripheral distribution or project budget to cover headsets. However, although valid, we simply cannot think that blocking P2P audio is a solution to hardware distribution woes. Why? Every Teams user has the capability to join a Teams meeting, even if their meeting policy is AllOff. If they have to join their managers or execs meeting, they need a headset. Therefore the policy to prevent P2P is flawed and ineffective, although may help to reduce the impact it doesn’t warrant the block.
So now I have decided there really is going to be one calling policy offered to everyone, so my persona count is still 2.
The last policy we are interested in is the upgrade policy and this determines the interop / coexistence mode applied to the user inheriting the persona. The likelihood here is that you’re going to have 3 upgrade modes, not including the tenant default. If you’re coming from Skype for Business, then probably your tenant mode will end up being sfbonly, at least until Teams is mainstream on your tenant as it preserves current state without causing untested havoc. The 3 that you’re going to have is SfBwithCollab, SfBWithMeetingsAndCollab and UpgradetoTeams.
By definition of one of these modes, SfBwithCollab, we now realise that we need another meeting policy in Teams to turn all meeting options off for these users and a calling policy that turns off P2P. Now we have 3 meeting policies, 1 chat policy and 2 calling policies. Now I can build my persona offers to users
Collab Only – Chat Policy: Global; CallingPolicy: DisallowCalling; MeetingPolicy: AllOff; TeamUpgradePolicy:sfbwithcollab
Chat Policy: Global; CallingPolicy: DisallowCalling; MeetingPolicy: Global; TeamUpgradePolicy:SfBWithCollabAndMeetings
Chat Policy: Global; CallingPolicy: DisallowCalling; MeetingPolicy: AllOn; TeamUpgradePolicy: SfBWithCollabAndMeetings
Chat Policy: Global; CallingPolicy: Global; MeetingPolicy: Global; TeamUpgradePolicy: UpgradeToTeams
Chat Policy: Global; CallingPolicy: Global; MeetingPolicy: AllOn; TeamUpgradePolicy: UpgradeToTeams
I now have my 5 Teams personas I can assign users to. Its a manageable number so I can accurately predict each user’s experience and these can easily be baked into operational and MACD support. The project and organization is clear on what is going to be deployed and other Teams such as Change Management can accurately deliver training and first day support with confidence.
I cannot stress enough to instill the processes and implementation strategy engineered by the project into your BAU team and processes. If you don’t then very quickly your nice standardised deployment will quickly descend into configuration chaos that will be another huge project to clear up, and all this effort you’ve put in gone to waste.
As a result, your feedback rating rises, users are satisfied and it’s easier to adopt within the business.
Obviously, you need to perform your own analysis and persona design that reflects your organization’s needs, as with anything, your mileage may vary, but try to keep things concise and designed for the many out of the box rather than the few and you won’t go far wrong. Hope this helps.
I have been working on some calling problems with Microsoft Teams with a customer and thought I would share some information that could be quite useful in situations where you’re asked why this happens.
If you are working in an enterprise with restricted access to the Internet via a default gateway you’ll be paying particular attention to the Office 365 URLs and IP Ranges listed here
You’ll notice that for Microsoft Teams media in particular the IP and port requirements have reduced significantly to one optimization rule (Rule 11) that states UDP ports 3478-3481 should be allowed out through your default route to the 18.104.22.168/14 address space leaving the remaining requirements to follow your normal internet egress, maybe a web proxy server.
Those keen eyed people will notice that the requirement for the 49152:59999 UDP Ports have been removed some time ago.
So what is the significance of this for Microsoft Teams? Well, the current publication means that Microsoft Teams will
should always connect to the Media Relays in Azure in the 22.214.171.124 address space rather than connect directly to the Media Processors which required the 49k-60k port range to be opened to an ever changing list of public IPs.
The rationale is just, in that it simplifies security requirements and the effect of relaying media via media relays in Azure to the Media Processors using the Microsoft streaming network is negligible.
However, when starting a Teams conference or indeed a PSTN call, Microsoft Teams seems to discover the Media Processor IP and attempt to connect to it by default. Notice here that 126.96.36.199 does not appear in the Office 365 IP addresses, but we are most definitely connected to it.
In an unrestricted environment such as where this traffic was generated from this is not an issue, but it is at odds with the Microsoft recommended optimizations for Microsoft Teams as stated before.
If we now block these destination ports and try to connect to the same Microsoft Teams meeting we can see that Teams cannot connect to the Media Processors as the firewall prevents it. It then falls back to Media Relay and connects via 3478-3481 UDP ports as per the documented optimizations
So what is the impact? Well, in reality there is no real impact to users or the way Microsoft Teams works. There may be a slight (almost unnoticeable) delay in media connection as Teams fails back to relay and maybe marginally more network chatter to set the call up. It would be nice that if it is preferred that connectivity must always be via relay IP that Teams should be prevented from discovering Media Processor IPs in SDP just to extract that extra little bit of performance.
However, when security teams come to you and say that they’ve notice connection attempts to these high ports, then you can inform them that this is expected behaviour and doesn’t need to be investigated further.
We all want to use Microsoft Teams, but don’t rush it out to your business. Instead take a breath and consider your options. Here is my 10 tips to mull over before sliding that license button.
1. Why What When How?
As with every new technology introduction, start with why? Why are you looking at Microsoft Teams? What do you hope Microsoft Teams will bring to your organization? What are your objectives? What do you need to achieve your goals? When do you think you really require it? How do you expect your employees to use it?
Until you can answer these basic questions then you are not ready. It is all too easy in cloud commoditised to just slide the license to active and throw it out and hope for viral take up. But with Microsoft Teams, as good as it is, if you do this then you’re setting yourself up for a world of pain down the line. Compliance and information security, I can think of off the top of my head as the most important consideration when allowing your employees to collaborate. Not only with external users, but also internally as well. Should your production line workers be able to join a Team that discusses their redundancies, or be able to access a shared file link that shows the director’s bonuses for the financial year? Probably not, and without proper consideration and planning from the outset it is going to be difficult for you to control when these situations arise, least not the embarrassment of IT having not considered this in their deployment of course.
2. Don’t Assume
Don’t assume that just because you’ve enabled Microsoft Teams that your users will use it. Prising their hands away from their shadow IT or your legacy system is going to be the most difficult challenge you will face. Remember, techies love tech, so they will be enthusiastic about the move and uptake will be easier. However, normal users are more sceptical and negative towards change because as they see it, what they are using currently is muscle memory and they have learnt to work with it and around it. Have a plan to tackle user adoption early on. Do not leave it as an afterthought or Microsoft Teams will struggle to get off the ground.
When I speak to companies about adoption, the most common go to method of communication with users is e-mail. Personally, I find e-mail the least attractive proposition in an adoption strategy. If I receive an email that is loaded with information and looks daunting, it’s lost my concentration before my eyes have moved off the subject line. The best media for adoption awareness is without doubt video! Creating corporate videos talking and showing the benefits of Microsoft Teams is far more interesting and engaging than reading a boring email. Videos should be short, to the point and easy to follow, free of jargon. Spending the money on professional videos is money well spent.
Then it’s about the distribution method. You could email out a short “Take a look at What is Coming” mail with the video embedded, or the most effective distribution method is a post on your corporate social channel from the CEO. You’ll find that more employees will engage in that form of distribution than any other medium you choose.
However, it is not just about awareness, it’s also about training. Don’t assume that everyone will get Teams. Remember, they are used to performing tasks in a specific way and used to the way features are worded. These change and there is confusion. Make sure your training program includes how to videos, drop in sessions, virtual surgeries that users can jump in to ask questions etc.
3. Don’t Expect Teams to Solve All Your Problems
Remember, Microsoft Teams is a fledgling product. It has a long way to go still and as a result some features you may expect to be there, may not be. Should you wait for that one specific feature to come out before rolling out Teams? I would suggest not. There is far more value in having Teams in your organization without this feature than with it. Your awaited feature completes Teams for you, it does not define it.
You should take time in getting to know what Teams can do for your organization, work out its pro’s and cons for your situation and then decide on how you are going to augment Teams into your workforce and business processes. Use it as an early adopter technique to build a robust and reliable collaboration and communication tool that has long term benefits to your business. Remember, it is not a race. Rushed projects always fail. This may mean that you will have Teams alongside other similar systems for a period of time. This is not always a negative. This allows your workforce to transition at a manageable pace without real impacting and disruptive change. It also gives you time to focus on key scenarios more closely and without masses of expense. If you’re trying to transform your entire organization over a 6 to 12 month period, then you’re going to need a lot of people to help you. Whereas, concentrating on deploying a good base product that provides instant benefit on top of current systems to users, and then working with each department to transition reduces your body count and increases quality and of course adoption long term.
Teams will not automatically fix your broken processes, or poor communication or whatever challenges you currently face. Technology alone cannot do this and circling back to the previous paragraph this can only be done with focus and direction. Putting Teams alongside other systems allows your users to continue BAU while you help them fix their problems showing how Teams when used effectively can assist in achieving those fixes. It’s about promoting possibilities.
4. Coexistence is Critical
Unless you are a sub 50 seat company, switching overnight to Teams from your old system is not going to be possible. Of course, big bang is the easiest way of switching platforms for the target system but it is often not well received by users and causes 100% disruption immediately. In order for a successful deployment of Teams, you need a coexistence strategy, and this doesn’t just extend to the UC element of Teams, but also Collaboration as well. All of a sudden, you’ll have almost limitless document stores across multiple Teams that your business hasn’t fully understood how to maintain source authority or consistency. For instance, imagine a design document being stored in a file share. A user moves it to Teams, then copies it to their One Drive then copies it to another Team and then shares that with another user who copies it to their One Drive. How do you maintain control? Through proper education and eDiscovery searches for duplicated documents etc. but that needs to be planned. UC is perhaps the most critical, you’re rarely going to be able to move everyone over to Teams in one go, especially if they have voice capabilities. How migrated users and legacy users interact is a critical element to get right. Coexistence only really exists between Skype for Business and Teams where in certain modes and certain conditions it is possible for conversations to pass between the two systems natively.
However, for most who use other UC platforms coexistence doesn’t exist in the technology. This means that users, even the ones using Teams will still need access to the old system for legacy communication. This creates a confusion with the users, especially if legacy users are licensed for Skype for Business Online as part of E3 for example, they turn up in address book searches, messages get missed and it becomes largely a nightmare.
For these customers and scenarios, it is easier to deploy Teams with Chat Only capability so that everyone can use Teams to communicate. It is better, in my opinion at least, that in these situations you role out Teams with the minimum functionality needed to support the only critical workload at that moment in Teams, chat. A single chat space is a must. If you try and deliver Teams with full features including voice etc in one hit to people, then you’re going to drive longer projects and as a result longer duration that users have to put up with having to use Teams to chat to Jane, but Google Hangouts to chat to Jack etc.
5. Changing Things Take Time
One particular frustration of mine and something I wasn’t prepared for when I first looked at Teams in anger was the delay between and admin changing a user’s account and not only the affected user seeing that change, but the rest of the users within the organization too. In SfB we are used to inband changes being made within 15 to 20 minutes. In Teams this can be as long as 3 days! This makes execution, especially in deployment a nightmare, and even more so when a user is being moved from SfB online to Teams.
Let me give you an example of what I mean. Jane is using Skype for Business Online. She is in SfBOnly mode and must now move to Teams. I change her interop mode to UpgradeToTeams and grant her Teams meeting, calling and chat policies.
The SfB client realises the user has been moved to Teams within 30 minutes. Jane signs into Teams for the first time. She realises her calling button for telephone calls has not appeared. Calls IT and they say, yes this is normal, it may take 24 hours. So now Jane is without calling capability for 24 hours. No ideal, it’s an outage. Ok this does not happen all the time, but I have seen it happen more times than I feel comfortable with.
But the real issue is this. Jane has been chatting with Jack while she was using Skype. But Jack was using Teams. Jack sees Jane in the Teams client as a Skype contact and that’s where the conversation history and thread is. Jane has now moved to Teams. But Jack’s client hasn’t realised this and is still trying to send a message to Jane’s Skype account and this fails. Jack has to search for Jane again in hope that Teams realises that she has migrated and start a new conversation. This can take 3 days to work as Jack’s client uses cached data and the cache doesn’t refresh as often as you need it to.
Now consider a greenfield deployment of user Emily. Emily uses Google Hangouts. Emily is scheduled to become a Teams user tomorrow. When you license Emily it can take up to 24 hours for all systems to become license aware and provision Emily’s account. So that means, post license you’ll not be able to change Emily’s interop mode to Teams Only is the tenant default is SfB Only until SfB Online has finished enabling her account. After that, Emily is still subject to the risk of the calling button appearing late, especially if she is going to be using direct routing.
In the experience I have the only way I have been able to have some sort of consistency and control is to start the deployment of Emily 3 days before she is scheduled to use it. The penalty for this is that she becomes searchable to others in the GAL ahead of time.
6. Forget SCCM for Deploying Teams
If you use a desktop software deployment solution like SCCM, you’ll be thinking that you can use this to control the deployment of the Teams client. Whilst this is true, you can deploy Teams by MSI or EXE via SCCM, you cannot stop a user from downloading the client and installing it themselves even with restricting local admin rights. This is because the Teams client is installed directly into the users app data folder which runs under the user context.
Personally, I don’t see an issue with this, but some organizations are concerned about unmanaged software distribution that they cannot control.
In my opinion you would want users to download and install the client themselves. You’re not preventing anything by trying to restrict it because they can login to Teams via their browser and get pretty much parity functionality (minus a few UC features). So, if they want the desktop client, then let them. It makes IT’s life easier and encourages users to use the platform.
7. Consider Your Groups
At the core, Teams Team structure is built on top of Office 365 Groups. Therefore, the settings you apply to Office 365 Groups at admin level effect Microsoft Teams. Similarly, if you want a group to behave in a certain way for Teams, for instance, you may want a naming convention, then remember this applies to all Office 365 Groups in your tenant and that means these changes are effective across the entire suite, Exchange, Yammer etc.
Another common restriction on not so much groups but more Azure AD guest invitations is administrators tend not to permit Azure AD guest invites coming from Azure AD members. This means that Group / Team owners and members of that Team will not be able to invite guest users to their Team. In Azure AD there is a guest inviter role, and you can add privileged users to that role. This allows them in Azure AD to generate a guest invitation to an external user, but Teams is not aware of this role, so they are unable to use the Teams client to invite a guest member.
The recommended approach is to allow Azure AD members to create guest invites. However, if you use SharePoint, then use the SharePoint site controls to restrict guest access to these SharePoint sites outside of Teams, thus protecting your data. The same goes with Yammer.
8. Guest Domain Approval & Federated Domains
Out of the Azure AD box any user can invite any external user to a guest AD account in their tenant. This is used for guest access in Teams. You may want to consider restricting this privilege to certain approved external domains so that people cannot add in users from unauthorised sources. In Azure AD there is a white/black list where you can specify domains you want to allow or block. You have to choose your schema, are you going to whitelist, which means everyone is blocked by default unless the domain is in the list, or blacklist, which means everyone is allowed by default unless the domain is in the list.
Most organizations go for the whitelist option as it offers the most protection.
Adding a domain to this list is separate to federated domains. Federated domains are controlled within the Teams Admin Console and works completely independently to the Azure AD whitelist.
9. Be Prepared for Stuff You Don’t know
Teams offers a lot of app integration with 3rd party providers through the app store, as well as with other Office 365 apps such as planner. Suddenly you will have gone from a UC engineer to having to help and support users who have added apps into their Team that they thought they needed but don’t know how to use it. As it is in Teams, naturally users will think it’s down to you to help them.
Now there is no way to control 3rd party app integration. In my opinion it is needed even if it is a short-term measure to ease businesses over the Teams line and encourage them into the ecosystem.
Most organizations are worried about what data is stored in these 3rd party apps, where they are stored and how the business can control it.
10. Do Your Devices Work with Teams?
If you want the full Teams experience, then you’re going to need to buy Teams devices. The chances are you’re invested in Skype for Business devices and are going to be wondering how they perform with Teams.
Headsets currently have a few troubles with Teams, but they are getting there. This is more about control by the user than them simply not working. For instance, a headset may have its own mute button, but when pressed Teams does not understand that the headset has muted so the mute button is still inactive. Mute still works in this scenario, but users can get confused as to why they are talking but no one can hear them if they’ve muted a while ago via headset but the client still showing them as not. It’s more of an experience thing.
If you’ve invested in 3PIP handsets (Polycom VVX for example) then you are going to be able to use these with Teams through native interop from the Office 365 cloud. At the moment the experience is quite good, and you can do most of what you need to do on a phone without too much trouble. However, they will not work with device management within the Teams Admin Console, for that, you need Teams native devices. Furthermore, it is likely that additional functionality will come to native Teams handsets and 3PIP will become the new LPE and eventually be retired.
Meeting Room devices, if you have SRS version 2 or Surface Hub devices then after an update these systems can be used in Teams meetings as VC endpoints. Anything older then you are going to need interop services. Currently, there are 3 providers, Pexip, Polycom and Blue Jeans. All three have SaaS offerings with their cloud hosted video interop (CVI), but Pexip offers on-premises interop together with distributed interop that can benefit customers with large foot prints of VC rooms more options than cloud based offerings.
Microsoft have released Call Park for Microsoft Teams. This feature allows the recipient to place the call in a special kind of holding pattern. As the name suggests, this is more like parking your car. You choose a space, park it, go about your business, come back to the space, pick your car up. Except with call park, the person picking up the call may not necessarily be you.
Call Park is used as a call treatment strategy whereby you cannot service the caller’s request, but some other member of your team or organisation can. Perhaps you have tried transferring the call, but couldn’t get through to the person you intended. Don’t want to constantly bounce the caller from failed transfer to failed transfer? Then call park is the solution for that.
It is different from call hold in that it frees up your line to accept other calls, or more likely, allow you to call around to inform people that you have a call that needs their attention.
Teams offers more options in finding a person to assist by the call handler than standard UC platforms. The handler can choose to target specific people and send them a chat to say I’ve got a call for you, to messaging a group of people and even notifying an entire Team. Ultimately call park is for situations whereby the call can be answered by any member of a specific department, rather than a specific person.
When a call is parked, Teams notifies the person who parked the call of a retrieval code. They can pass this code on to others who will then be able to retrieve that call and connect to the caller.
As with everything, the person picking up the call must be enabled for phone system and using either calling plans, or direct routing in order to successfully use this feature.
Call Park is not enabled by default. You have two options. You can either enable the Global Call Park policy, or create a custom Call Park policy and assign that to specific users. Perhaps a good use case for needing call park features is reception or personal assistants etc.
Call Park can only be enabled via PowerShell currently. To do this connect to Skype for Business Online PowerShell and run the following command to enable on the Global Policy
Set-CsTeamsCallParkPolicy -Identity Global -AllowCallPark $true
To create custom policy first create the policy using
New-CsTeamsCallParkPolicy -Identity MyCallParkPolicy -AllowCallPark $true
Then assign that policy to required users
Grant-CsTeamsCallParkPolicy -Identity User@domain.com -PolicyName MyCallParkPolicy
Once assigned it can take up to 24 hours to take effect. Once done, the user will see a new option in the call control when receiving a call.
When clicked, the caller will be placed into a conference and hear hold music, while the handler will get notified of the retrieval code in Teams
Press the copy button to copy the code to your clipboard and make a mental note of it. You can now press the X close button.
Next you send this code to the person or department you want the call to be picked up by with an appropriate message. This can be chat, email, voice or whatever your chosen medium is.
The person who is going to pick up the call will need to go to the calling app in Teams and select the Speed Dial page where they will see a new button called Unpark
This user must also be enabled for call park in Teams.
Once clicked, enter the unpark code e.g. 11 in my case and press unpark
You will then be connected to the caller.
If the call has not been picked up after approx. 6 minutes, the caller will automatically be transferred back to you
For what seems to be an eternity, we in IT seem to be transfixed by the “Working from Home” is better than “Working from the Office” debate. We have argued over and over like politicians in the House of Commons over Brexit. The simple truth is, it’s a pointless argument that yields no actual result.
Personally, I think the debate is ill-founded on principles that bear no meaning towards working life. This debate takes many forms and in recent times over the past year or so been encapsulated in the “Productivity” form. It seems to have got caught up in the reasoning for using Cloud technology, most particularly Microsoft Teams. When you cut away the hype and fluff, you’ll realise this argument actually could have started way back in the early 2000’s. Back then, you could have worked from home to some degree by using VPN connectivity to save your documents, webmail / IMAP / POP to get your e-mail. Granted this experience compared to today would be somewhat basic and some would actually struggle to cope but the essence of being able to work from home existed irrefutably for some people.
Fast forward to the age of Cloud where technology and in particular communications enable you to work more effectively anywhere it is becoming difficult to always understand the boundary between work and home.
This argument over WFH vs WFO is being promoted as an excuse to adopt technology such as Microsoft Teams more so these days than ever before and it’s distracting from the true value of these technologies, creating tangent arguments that actually have zero impact on what you are trying to achieve in the first place.
The argument should not be about whether it is more productive to work from home over the office, but how this technology empowers your business and more importantly your employees to conduct business in a collectively more efficient manner.
I don’t see Microsoft Teams as Productivity tool. If I did, then I would assume incorrectly that by using Microsoft Teams I am by default going to be more productive as a result.
Microsoft Teams to me is an empowerment tool. It gives me the critical features I need to function in my job at my finger tips on any device I choose from mobile to desktop. It doesn’t matter to me where I am, if I have connectivity and a device to hand it means that most probably I can complete a task being asked of me, regardless of where I am.
I am empowered having this capability in my pocket. It means I don’t need to worry that I left customer site 7 minutes before this phone call, or that someone forgot to ask me a question before I left, I can just reach my phone, laptop or whatever, access what I need and complete a task that would have normally meant waiting until the morning.
You could confuse that with productivity, but it is different. Empowerment comes by having access to the capability that may assist you in being productive. Productivity is the decision you make to use that moment in time for your benefit.
In the above scenario, I was empowered because I have access to Microsoft Teams. I made a personal decision to use that moment in time to action a work related task. That decision was me choosing to direct my efforts towards a work related task and that can be seen as productive use of time towards work.
That said, equally I could have chosen to catch up on Narcos on Netflix whilst sitting on a train and I will deal with that request tomorrow. This is equally productive use of my time because I know getting home I wouldn’t be able to watch it. The fact I chose a different path for that moment of time other than work related, does not make me an unproductive person.
And this is why I believe productivity cannot be measured laterally across your workforce.
The real argument between WFH over WFO is down to lifestyle of your employee. Lets not beat around the bush.
My current role, the Office is 2 hours away from my home. I go to the Office 3 times a week. Each of those days I am up at 5am, in the car by 5.45am and in the Office by 8am. I work until 4pm and by the time I am home it is nearer 7pm. Just in time to give my 11 month old her night time bottle, put her to bed, then read my 4 year old a bedtime story, then say Hi to the Mrs, then have Dinner, take the dog for a walk and then go to bed.
On the 2 days I don’t go to the Office, I get up at 6:30am, have breakfast with my Kids, get them dressed, have a bit of a play, take the eldest to nursery. Sit down at my desk at home for 8:30am with a coffee and in my comfy pants and slippers. Break at 1pm, have lunch with my wife, go back to it, finish at 4:30pm pick eldest up from nursery, sit down as a family for dinner, have a relaxing evening.
The amount of work I do at home within working hours vs the office is more or less the same because I have the tools to do my job regardless of location.
I admit, I prefer working from home over the office because it suits me. It makes my life less stressful and I can balance my time better with the family, they see more of me and I am generally less tired.
I will say on the balance of my time as a whole work and pleasure I am more productive when WFH because I am given the time to be. By productive I mean the hours I save not having to travel to the office I can use better towards benefiting my family rather than hours lost to asphalt and brake lights.
So yes, I agree I am more productive at home overall. It does not mean I produce more bytes sitting at my desk at home vs my desk at the office, which some seem to think this is all about.
That said, there are people that want to come to the office as that’s where they work best. Some may not have dedicated home office space, their home life may be that hectic that coming to the office is the only way they can get stuff done.
Other times it is better to conduct work activities face to face. Even with video and digital whiteboarding, sometimes it cannot replace real human interaction.
How as a business / employer can you measure that as tangible outputs across each working habit? You can’t because it is beyond measurements. You can’t say that Jane is a better employee than Dave because she works from home, or indeed the other way around.
However, if you calculate in employee welfare and retention as a result of encouraging flexible working, then the tangible output from that is you may retain skilled staff making your business platform more stable and experienced which allows you to grow more efficiently as a result.
So WFH for me I see as a personal well being benefit. It doesn’t automatically make me more work-productive that when I am in the Office. In fact if I look at the activities I do in the Office vs at home then on balance stuff tends to happen quicker in the office because I can look the person in the eye and get a decision in a moment. Whereas at home I would probably have to first find that person on Teams, send a chat, arrange a meeting to get the decision.
Instead of the debate over which working strategy is best, cancel the debate it really doesn’t matter.
Instead your goals when deploying technology is all about empowerment to your users and business that gives you increased flexibility to conduct business in ways that perhaps before were harder to achieve.
This of course is my opinion. You don’t have to agree with it, you may have your own and that is fine. In fact it proves my point at the beginning of this post that it really doesn’t matter, because at the end of the day every one is different and what works for one, won’t for another. And if that is the case, how can you enforce that through your workforce? You can’t! All you can do is empower your employees to be as effective as they can be with as much flexibility as you can afford for mutual benefits.
Microsoft Teams, your employee communication and collaboration empowerment tool! 🙂
Once upon a time there was a group of people sitting together at a canteen table eating their lunch. Not a word was spoken, until one of them looked up from their phone and noticed that the person sitting next to them was using a blue app to message someone. They look at the person sitting the other side of them and noticed that they were using a blurple app to message someone. They sat and thought for a moment “Hmm… one is using a blue app, the other a blurple which one should I use? ”
They finished their lunch and went back to their desk. They then whispered to the person sitting next to them “Hey I’ve got a great idea! At lunch I saw two people using apps to chat to their friends. We need an app to do that. What if we made an app that we could chat securely in where messages are encrypted? And if we can create groups as well we can have group chats. Maybe we can do video calls too that would be fun! and Oh yeah perhaps we can maybe share files or locations maybe?” Their buddy agreed “We should build that app, it’s a killer idea!”.
Fast forward a few dev months and their work is done, they have this app. Oh now we need to test it? I know the best place for this one said..
After a short test period and a few more dev cycles their app was free of bugs so they took it to their manager. “Hey Boss!” one said. “We have been working on this cool new app and want to show it to you, we think its going to be epic!”. The boss sits back in their chair and says “OK, sell it to me”.
PowerPoint loads their polished deck they’ve been working hard on for a week. “We’ve built this new app that you can chat in and chat in groups or 1 on 1″… “Hold On!” says the boss, “stop! you mean I have been paying you for 6 months and you’ve created a chat app? Didn’t you know we already have this? It’s called Microsoft Teams!”
“Is that the blurple app some people use?” asks one.
“YES!” says the boss. “Microsoft Teams is our collaboration platform for enterprises. It allows our users to chat to each other 1 to 1 using any device mobile or desktop, Mac or Windows. Users can call and do video and have meetings and conferences”.
“Ah, but we have the new concept of groups in our app” says one of the creators.
“Teams has Teams. Anyone can create a Team a team is like a group. where groups of users can chat, call, meet and collaborate on documents together in a secure virtual space” says the boss.
“Oh, our app only allows groups of users to chat, call and share files” says the other creator. “But, we are different as we are mobile only and our app is for instant and random chats between users that can quickly change topic and dimension. We aren’t trying to force collaboration because not everyone wants to collaborate all the time, they may just want to chat. Plus this Teams app you mention by the way you describe it seems to be very narrow focused to a concentrated circle of users. We want our users to be able to chat to anyone without restriction and discuss a wide variety of topics that can be answered by the larger community”.
“But we have Yammer for that” says the Boss. “Yammer is our social platform where you can join interesting groups and ask questions to the wider community, or get involved with conversations replying to group messages. Users can announce important information, share files and other content and also send a private message too”.
“Right….” says one creator. They both pause for a moment, look at each other with sweat starting to trickle down the side of their faces, when the boss pipes up and says “Don’t worry! Iet’s take it to our marketing department and get their feedback!”
A week later, the marketing team come back to them and say “We love it! We have this concept of inner loop and outer loop that we’ve been using to differentiate Teams from Yammer and when and why you’d choose one over the other. It looks a bit straightforward, we need some diversity, so we think this app can fit in this story and we’ve created a new loop. It’s called the open loop. This is where your app will be positioned”.
both the creators and the boss look at each other bemused, but collectively nod their heads. “So what is this loop thing you’re talking about?” one asks.
“well the inner loop we refer to is a bunch of people you work with closely day to day and have regular and purposeful conversations with and need to collaborate together to create something cool, like this app you’ve made. You 3 are a good example of an inner loop. The outer loop is when you want to reach out to your workforce peers and have open discussions about business related topics that may not be sensitive or require answers from people outside your immediate group or inner loop. We use this when you have a question you need answering, but you don’t know who to reach out to in a 1 to 1 conversation, so posting it on an open board allows you to get your answer quickly and more importantly it is probably going to be the right answer, and now you’ve made that connection you never had before
Now the open loop we’ve created for you this is for when the topic is neither fit for inner or outer loop. Its for you to communicate and coordinate across your value chain in a dynamic mobile first manner”.
The boss turns around and says “I get the inie outie loopie thing, but what you just said makes no sense, can you simplify it?”
“Sure!” says the marketing team. “Basically, its just to allow random chats between people in the organization, you know if you need to ask a spontaneous question to a colleague and they’re not online in Teams then you can use this to send them a message. Or if you’re organising a staff party you can create a group and organise it within your group. You know, conversations that probably have limited if no structure or longevity to them”.
“Got it!” says the boss, “So its WhatsApp for Office 365?”
“Yes, you got it!” says the marketing team.
“Today we proudly announce the availability of Kaizala, a mobile first chat and group messaging app for your enterprise”….
I write this in humour of course but I hope it’s made the point. When Kaizala was released I was sceptical as to why Microsoft saw fit to create basically a WhatsApp clone. Whilst I have heard good reports about the app I fear it has an uphill struggle to up seat WhatsApp usage for business communication.
I can see why this has been attempted. People taking potentially sensitive conversations away from corporate systems to WhatsApp even sharing documents etc. and that is a real concern for some businesses who are fighting hard to maintain compliance and control.
I can also see that trying to encourage adoption of apps like Teams and Yammer as alternative platforms to WhatsApp have their limitations and user experience issues for when you just want to send a message and this makes adoption a struggle.
At least with WhatsApp I can scroll my phone address book find the person I want and tap away. In these other apps, its slower in that i have to search and wait for a match etc. They do the job but the experience can be a turn off, so people revert to what is easiest. Its really easy to use, simple and does the job it’s meant for and that’s why people love it.
People think that well WhatsApp is encrypted so its an acceptable platform to talk business and share business documents on and this perception is built from not fully understanding legalities and compliance and control.
So I feel Kaizala is a “If we can’t beat em, join em” app that’s been created to try and unify all business communication under one single controlled and compliant system in Office 365 whereby users are happy they have the tools they want to use at their disposal and the freedom to communicate in the sphere they see fit, but the company maintains overall control and compliance and greatly reduce their attack surface for hackers or unintentional data breaches because someone sent the company financials to the wrong WhatsApp contact…
If you’re like me then getting your hands on video conferencing scenarios is like your nan’s birthday. It comes around once a year and you spend two months trying to figure out what to get for a present. I am not ashamed to state that video is not my strong point especially where interoperability is, it’s just that the opportunities that have come my way have been more centered on enterprise voice than video interop.
Recently, I tried to fill that gap a bit and went on some Pexip training to see how this stuff is done. I don’t know why but I always thought it was more difficult than it turns out to be. Really the only thing different between voice and video is how the codecs behave, the architecture and protocols are fundamentally similar to voice and somehow I knew that, I just thought it was more difficult than it was.
So at a basic level of understanding we have a device in a room, it does video conference stuff and we need to be able to join this device to another device on another platform that is also doing some video stuff but differently and we need some glue in the middle to make that happen. Enter, Video Interop.
Why can’t these devices just connect? I mean video is video right?
Well to answer than the answer is pretty much no. Remember Blu-ray and HD-DVD? They both are capable of digitally storing a movie but you need a special player to play either Blu-ray or HD-DVD. The same can be said for video conferencing. Each system generally offers the same functionality and delivers the same output, but invariably you need dedicated and vendor specific hardware to use it. What if you wanted to loan your Blu-ray copy of The Fifth Element to your friend who had a HD-DVD player? You can, but they would have to go to the store and buy a blu-ray player…
Of course, I am speaking generally, and HD-DVD never took off, but the point is valid. This is the problem in video conferencing world where you have some gear in your meeting rooms that you want to use inside a Microsoft Teams meeting. How do you get this stuff to work?
The first problem we have to understand is the Microsoft Teams meeting architecture. Fundamentally, this is a H.264 video meeting space which means that any endpoint wanting to use video inside a Teams meeting has to be capable of sending and receiving H.264 video streams.
The second problem is that the Microsoft Teams client is dedicated to the Microsoft Teams meeting ecosystem, meaning that unlike Skype for Business, it is incapable of joining a meeting space hosted by another platform.
The third problem is that your video conferencing endpoint is probably either using h323 or a variant of H.264 that Teams doesn’t understand.
The fourth problem is that Microsoft Teams doesn’t use SIP in the meeting context, so even if your video conferencing endpoint uses SIP, you still have an interop problem to solve.
So your organization is moving its meeting space to Microsoft Teams. How do we solve this problem? Cloud Video Interop (CVI)
Firstly, you need a product to act as a middle man, that is able to ingest the signaling protocol and video codec supported by your video conferencing endpoint and convert it into a Teams compatible signal and codec, send it to the Teams MCU and vice versa. There are 3 products on the market for this right now and they are Pexip, Polycom Real Connect or BlueJeans.
Whichever product you choose, one thing is consistent across all three products. The Microsoft Teams connector (the server that connects the systems transcoding servers to Microsoft Teams) must be installed in Microsoft Azure. The rest can be anywhere, but this connector cannot live anywhere else due to Microsoft certification requirements.
The question now becomes are you going for a SaaS CVI or On-Prem / Private Cloud CVI?
This post is not going to argue which one you should choose, but consider the impacts of the decision you’re about to make.
If you’re going with a SaaS solution, this of course is a faster route to delivery and the benefits of OPEX subscriptions means that within a short period of time the high level objective is achieved. However, one thing to be very conscious about is understanding the architecture and limitations of the SaaS product you have bought into.
The biggest considerations is understanding how interop works. To do this is down to how meetings are organized. If you’re using Microsoft Teams, the meeting space will always be held within Microsoft Teams and an Office 365 datacenter. This could be in the same datacenter as your tenant, or it could be in some other. However, that generally doesn’t matter too much because the Microsoft internal network for Office 365 and Azure is super efficient it almost becomes a moot point. The most important note is that it is Microsoft hosting the meeting.
So now your video conference endpoints need to join a Teams meeting. They do not actually join directly. In any interop scenario, they will register to your interop service and that will spin up it’s own conference of a kind that the video endpoint will join. The interop service will then connect it’s conference to the Microsoft Teams meeting via the Teams connector in Azure. Transcoding happens on the interop service not the connector.
The next point when considering SaaS is the datacenter location of their transcoding and connector services. There is little point in signing up to a service that has one global point of presence the other side of the world to your video endpoint or tenant because that would introduce some massive latency, packet loss and jitter issues, which is generally considered bad for video and voice.
If the SaaS solution has sufficient global coverage, then maybe it still is a viable solution to consider, if your internet links are optimized with this service in mind.
The other option is to use an on-prem solution, or private cloud where you can control the media path more optimally. Generally speaking, it is better to perform transcoding locally than in the cloud and sending H.264SVC streams over the internet is preferred as its considered more tolerant to network impairments, but with data connections being better than what they used to be, the performance gap is reducing.
With solutions that use distributed interop, on-prem can be really efficient in scenarios whereby you have multiple video conferencing endpoints wanting to join the same Teams meeting but from all over the world. In this scenario you can have internal transcoding servers located geographically closest to each of the video endpoints. Each endpoint would connect to the closest transcoding server to them, media between endpoints would then switch locally across your LAN & WAN whilst only sending the required media to the Teams conference so that users joined in by the Teams client can interact and participate.
So on-prem can from an architectural perspective be more appealing in multi-endpoint scenarios and where SaaS doesn’t have the coverage it needs, but comes with the costs of hardware, which for video isn’t going to be cheap entry level server, but a mid to high powered performance server at least 5 figures per server.
In summary, there is no real definitive outcome as to what you should do. Financially it makes sense to look towards SaaS interop with Teams and as we know these days financial incentives tend to win the race. But this does come at a cost that is usually paid in reduced user experience if poorly implemented. For out and out performance, on-prem still wins the race and is the most optimal solution money can buy, but you have to have the money in the 1st place.
I’ll finish with a suggestive approach for you to consider. If your company are light users of video conferencing suites and your persona investigation has proved that device usage will reduce even further with the implementation of Microsoft Teams, then you’d probably want to consider SaaS as your primary solution for CVI.
If, however, your organization are heavy video conferencing users and this is to continue or increase with the implementation of Microsoft Teams, then you’d probably want to consider an On-Prem solution first over a SaaS.