Home » Skype for Business

Category Archives: Skype for Business

Skype for Business Mobile Autodiscover Gotcha When Moving to Microsoft Teams

On a migration recently we moved a bunch of users from Skype for Business On-Premises to Microsoft Teams Only, leaving behind Enterprise Voice users for the time being.

During this interop period it is required that both EV and Teams users can join Skype for Business meetings hosted by the remaining on-prem users until such time as Teams meetings take over.

After moving several users, reports came in that Teams Only people could not sign in to Skype for Business using the mobile app to join a Skype meeting, but where able to sign-in using the Skype desktop client.

The message received on the mobile client

Troubleshooting the issue with the old Lync Connectivity Analyzer suggested that something wasn’t quite right with the authentication process via the autodiscover web service

Autodiscover: SendRequest(): the URL https://lyncdiscover.commsverse.com/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=commsverse.com?sipuri=John.Smith@commsverse.com couldn’t be connected.  Complete HTTP headers:\r\n Pragma: no-cache

I decided that I would run CLS Logging and trace the authentication, so from a Front End

Start-CsClsLogging -Pools FEPOOLA.commsverse.com -Duration 00.00:02 -Scenario Authentication

I attempted to sign in from mobile to capture some logs.

Searching the logs, top tip to reduce the export size, always specify the URI you are interested in, it makes following the log much, much easier!

Search-CsClsLogging -Pools FEPOOLA.commsverse.com -OutputFilePath c:\temp\mobile.log -Uri "john.smith@commsverse.com" -MatchAny

Opening the log in snooper and following it line by line I found that authentication passed, but the FE could not find the hosting provider for the user.

(0000000001B0CB29)Could not find hosting provider for hosted user. User: john.smith@commsverse.com

So Next step was to check the hosting provider for Skype for Business Online

Get-CsHostingProvider -Identity SkypeforBusinessOnline
Identity                  : SkypeforBusinessOnline
Name                      : SkypeforBusinessOnline
ProxyFqdn                 : sipfed.online.lync.com
VerificationLevel         : UseSourceVerification
Enabled                   : True
EnabledSharedAddressSpace : True
HostsOCSUsers             : True
IsLocal                   : False
AutodiscoverUrl           :

Missing was the Autodiscover URL for Skype Online, so setting that on the hosting provider as follows

Set-CsHostingProvider -Identity SkypeforBusinessOnline -AutodiscoverUrl https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root

Forcing replication of the CMS and then trying to sign in again fixed the issue and Teams Only users are able to sign in to Skype for Business Online using their mobile app successfully.

The reason why the desktop client was unaffected is because it looks up the _Sip SRV DNS record for the access edge location and redirection was happening properly through SIP registration.

So make sure you set the Autodiscover URL in your Hosting Provider for SfB Online if you want mobile sign in for those legacy meetings!

Tranching Users Ready For Your Microsoft Teams Migration

If you are planning on migrating your users from another system, perhaps Skype for Business or indeed a 3rd party system, the question of how to do this gets more complicated to answer as the numbers of users you have to deal with increases.

Consider the scenario where you have a large Skype for Business deployment of tens of thousands of users. There will be a number of users with a persona that can be easily migrated to Teams e.g. chat and meetings. Others will be more complicated and require more thought, voice users for instance.

Doing moves from Skype to Teams using PowerShell is a must, but when you are moving hundreds, or thousands of users in multiple threads and shells to the cloud at scale and speed, how do you keep track of your progress, and more importantly ensure that you are moving the correct users?

The answer invariably means tranching your users offline in some kind of Excel file. To ease the burden of this manual task I have created a simple script to tranche users based on a full export from your Skype for Business deployment.

Step 1 – Export your users to csv files

You can export your users to one csv file by running this command

Get-CsUser | Export-Csv c:\temp\allusers.csv -NoTypeInformation

Alternatively, you can export by whatever chunking condition you want, e.g. users by pool

$pools = Get-CsPool | Where {$_.Service -like "*Registrar*"} | Select Fqdn
ForEach ($pool in $pools){
    Get-CsUser | Where {$_.RegistrarPool -eq $pool.fqdn} | Export-Csv "c:\temp\$($pool.fqdn).csv" -NoTypeInformation
}

Step 2 – Edit the Tranching Script

The default behaviour of the tranching script is to tranche all users that do not have Enterprise Voice Enabled. You can make your own filter by editing the line (31)

$validUsers = $importFile | Where {$_.<column name to filter on> -<condition> <value>}

Step 3 – Run the Script

Run the script from PowerShell to parse the source files extracted in Step 1. The script will ask you the location of those files as an input parameter e.g. c:\temp\.

The script will collect all csv files in that directory and parse them as per your condition filter. By default, it will create csv files in output folders in blocks of 250 users per file. You can then use these files to migrate to Teams using multiple shell windows, users and servers.

If you want to change the number of users per tranche, edit the script and change the following variable

$blockSize = <your number here> default is 250

The script can be found below

 #Tranching Users by Source File

$sourceDir = Read-Host "Please set the working directory of where the Source Files are"

$filesToProcess = Get-Childitem $sourceDir | Where {$_.Extension -eq "csv"}

ForEach ($sourceFile in $filesToProcess){

    Set-Location $sourceDir

    $importFile = Import-Csv $sourceFile.Name

    #create output dir

    $folderName = ($sourceFile.Name).split('.') | Select -First 1

        try{

        New-Item -ItemType Directory -Name $folderName -Force

        }catch{

        }

    Set-Location ".\$($folderName)"

    # Filter users that are not EV enabled

    $validUsers = $importFile | Where {$_.EnterpriseVoiceEnabled -eq $False}

    $countUsers = ($validUsers).count

    Write-Host "There are $($countUsers) users found to be tranched" -ForegroundColor Yellow

    # Set Pagination

    $blockSize = 250

    # Create Tranches

    $startPos = 0

    $counter = 1

        While($startPos -lt $countUsers){

                $validUsers | Select-Object -Skip $startPos -First $blockSize | Export-Csv "MigrationBlock_$($counter).csv" -NoTypeInformation -Force

                $startPos += $blockSize

                $counter++

                Write-Host "Tranching next Block Starting at Row $($startPos)" -ForegroundColor Yellow

    }

}

    Write-Host "Finished Tranching Users" -ForegroundColor Green 

Data Inaccuracy Blocks Voice Deployments with Microsoft Teams

Time and time again I come across the same old issue when customers want to use Skype for Business or Microsoft Teams for voice and they want to retire their old PBXs. That is data quality issues!

The same can be said for customers who are green and want to “light up” calling in Teams from their existing Office 365 data.

What data am I talking about? Well, the most important piece of data is the telephone number. This should be simple, but often it is not. You’d be surprised that although the end user of that phone number knows it, the majority of the systems and administration staff (IT, HR etc.) don’t.

Typically, there will be several directories used as the data source, we have AD, HR databases, PBX phonebooks, Printed Cards, or books on walls, people’s personal contacts, post-it notes. The list goes on. Yet when you look at all these data points you’ll realise that the number for Mary Smith is different across these data sources.

You see, in the PBX and VoIP world, the phone number is not personal to the user assigned it. The number is personal to the device the user is using. Think of it as a tenant and landlord situation. The mortgage company (in this case the PBX) deals with the landlord to make sure that they keep on paying their bill (the phone), while the tenant (the end user) lives in the house. Tenants change, as do people using the phone, but the landlord doesn’t tell the mortgage company because they don’t care, its information they do not need to keep the system running as designed.

What usually happens in organistions is that when a user moves, the next person just takes on the phone and number on the desk. There probably won’t even be a IT ticket for it, just the Manager saying, ah yes, use that phone.

As time goes by, change by change the data that was once accurate drifts more into irrelevance. Fundamentally, the system works, but when you come to the point of moving away from it, then you realise how much of a pickle you have found yourself in.

If you are moving to another VoIP system, then of course, it’s easier, but still trash in, trash out if you do not address the data issue. However, with a Unified Communications platform that ties a user to several communication identities e.g. E-Mail, SIP Address, Phone Number in one platform, it is absolutely necessary that you know that each of these identities is accurate for that user.

Take a situation I found myself in many times. The customer supplies the data file from their HR database of users to migrate. They affirm to me that this is the most up to date, most accurate data source to base a migration off. We analyse the VoIP system to find the relationships between the stations, set up hunt groups, shared Line appearances, team call groups etc all ready to go, and then we enable the users we believe are the owners of that number for Teams / Skype. Job done, lets all go back to the hotel for some Pizza!

The following day feeling all positive and enthusiastic because the night before went so well, we get to site. 9:45am, there is a service ticket, I am not receiving calls. 9:50am Why am I getting John’s calls, I am Matt? 09:51am Why are some phones randomly ringing together in the office?

All of a sudden we are hauled into a crisis meeting and hastily roll back the migration. The customer labels the migration a failure and offloads on to us.

The reality is quite different, the migration was a success, the process and steps worked end to end. The problem of course was the data that was supplied into the process at the beginning.

Experience has taught me that pre-project / migration data cleansing is absolutely necessary. A lot of companies will not factor that in to their migration project and when asked will be very resistant to remediation. But if it is not done, then moving to Teams will be a very poor experience.

To fix the problem, you must first understand how it has been created in the first place. Here are some of the most common factors that I have come across

  • User leaves and service ticket as part of the off-boarding process is not assigned to telecoms for decomissioning of the station assigned to the user
  • User moves within same department and number change happens without IT involvement
  • Issue with the execution of the off-boarding process where the telecoms admin does not update the station profile
  • There is no relation to users in the PBX configuration for a station by design because admins don’t want the problem of maintaining relationships to names
  • AD admins when disabling the account for (x time to infinity) do not remove the number from the telephone attributes in the object

Moving to Unified Communications enforces change to these processes and they must be enforced otherwise the business will grind to a halt. With Teams et al you cannot simply get around a miss assignment of a number, because the system will route the call straight back to the person who has been assigned that in the UC platform, regardless of any external factor that disagrees with it.

How do you fix these as a project?

Well, you have three choices that you can make with your customer

  1. The best solution is to remediate the problems at source and give you a good start of migration success. This will involve surveying the users and asking them to confirm their phone number to you. Once confirmed, you’ll need to update the source systems, but AD will be the most important one as that is what Teams will use moving forward
  2. Fix forward and move with a dataset that you collectively agree based on business analysis is the most accurate knowing that their will be problems and having a process in place to resolve those
  3. Implement green field and give as many users as the business can sustain new phone numbers and manage through change and awareness.

All options require you to keep at least AD up to date. Giving new phone numbers to users is not as taboo as people make it out to be. It can be managed if it is known ahead of migration. Some may have to keep their number, but if 80% of users could function with new numbers with no business operation impact, your migration complexity has just reduced to 20%. This means that the customer can start taking advantage of Teams for voice quicker whilst the complex scenarios are worked on.

I have run successful migrations in the past where number change has been managed through advanced communications and instructions with a clear date where the old number will cease to operate. One technique is to get the user to record a voicemail greeting to say on this date my number will change to.. as well as email footer updates etc. Its not that hard and it is more convenient to the user than IT trying to ensure quality through compromised data and getting it wrong.

Once decided on the model, ensure that operationally you fix the processes to ensure that AD is updated with MACD changes. Teams / Skype contact cards will use phone numbers (including mobile) that are extracted from the telephone attributes on the user’s object. These are synced to AzureAD and any inaccuracies will also be present there.

My closing statement here is that enabling Teams voice is really easy as long as you embrace and face the problem of data quality head on before you plan migrations. If you ignore it or dismiss it’s importance, then believe me you will feel pain at a level you have never experienced before. Untangling spaghetti is hard enough, it’s even harder when it is boiling hot!

 

Microsoft Teams & Skype for Business Online Back-end Provisioning Monitor Script

Working in the Cloud should be fast. But sometimes you just got to wait it out. One of the biggest pain points for me is the lag between licensing a user in Office 365 and Skype for Business Online to complete its back-end provisioning so I can actually start assigning policies and phone number etc.

This delay can range from a minimum of 30 minutes to 24 hours! There is nothing I can do to speed it up and the biggest challenge is providing a predictable experience to the end user. Typically, I want to license and then do something in Skype. With this delay, I am not going to sit around and keep checking when I can actually complete the task. I’m going to do other stuff.

The problem with this is that I am introducing a lag between the back-end ready state and bringing myself back to this task. This could lead to end user realising functionality before I have tailored it to their needs.

Skype Online applies to Microsoft Teams as well. So this is needed if you’re deploying Teams too. Skype for Business Online gives out two properties, assigned plan and provisioned plan. You can access these properties by calling the user object out of PowerShell. Assigned Plan is the core functionality we have given the user based on their Office 365 licenses and Provisioned Plan is the current plan that has been provisioned. There may / will be a drift between these 2 properties when a user is first licensed. This is what takes time to get into sync.

Having been tired of this problem, I created a script that monitors the license provision in Office 365 every 5 minutes, if all assigned Skype licenses return a success the script will continue to Skype Online and check the provisioned plan against these licenses. The script will continue to check the provisioned plan every 5 minutes until all assigned plans return a success. Upon which I can then add my in band configuration commands such as Grant-CsTeamsMeetingPolicy etc.

This now means all I need to do is enter the user’s UPN into the script and hit enter. Simply call the script from the PS window

 .\SkypeProvisioningStatus.ps1 -upn user@mvc-labs.com

Skype for Business Address Book Failed in Resource Forest

I never thought I would be blogging about Skype for Business in 2019…. Oh Well! 🙂

I was contacted by a friend who had deployed an Audiocodes CloudBond appliance to one of their customers. They were experiencing issues with users not being able to search the address book service in Skype for Business.

The Audiocodes Cloudbond appliance deploys Skype for Business Standard Edition into its own domain. In order to connect users to it, an AD Forest trust is required between the Cloudbond and User AD Forest. Users are then synched from the User domain to the CloudBond domain.

This is a typical resource forest deployment.

Initial testing showed that when you ran Test-CsAddressBookService with the credentials of a Skype enabled user in the user forest, the result that came back was an IIS Error 500 Internal Server Error.

After much digging around proving that there was nothing wrong with Skype for Business itself, I decided to take a step back and troubleshoot authentication. I could see that the user could indeed authenticate in the resource forest, I could see the user authenticating against the IIS ABS website and the 500 error was coming from an IIS module

ModuleName="OCSABSModule", Notification="AUTHORIZE_REQUEST", HttpStatus="500", HttpReason="Internal Server Error", HttpSubStatus="0", ErrorCode="The operation completed successfully."

Checking the user permissions on the Skype server Local Security Policy I couldn’t see the user domain, domain users group in the Access this computer over the network setting in LSP / Local Policies / User Rights Assignment.

I thought I would check the local Users group on the server to see if it was listed there, and it wasn’t. After adding USERDOMAIN\Domain Users to the local Users group and rebooting the Skype Front End, users were allowed to search the address book service.

Test-CsAddressBookService -UserSipAddress "sip:a009602@domain.com" -UserCredential "a009602@domain.com" -TargetFqdn "rfsfb.sfb.domain.com" 
Target Fqdn : rfsfb.sfb.domain.com
Target Uri : https://rfsfb.sfb.domain.com:443/abs/handler
Result : Success
Latency : 00:00:19.1432698
Error Message :
Diagnosis :

And testing on the client:

Simple fix in the end, but not an easy one to find initially.

Skype for Business 2019 Now GA WHEY!

So without much fan fare or fuss, Microsoft’s latest version of Skype for Business Server officially entered General Availability this week. Yes 2019 is officially launched alongside Office 2019, Exchange Server 2019 and SharePoint Server 2019.

It was somewhat of a damp squib event with very little song or dance on the twittiverse from both Microsoft themselves and MVPs. An official Microsoft blog limped up on Tech Community to make the announcement like Lewis Hamilton stepping up to the 3rd place podium at the US F1 Grand Prix knowing he and his team were out performed by Ferrari.

However, unlike Lewis, where he is still undoubtedly the current world’s best at what he does and another year at the top is almost as certain as night follows day, the same it seems cannot be said about Skype for Business Server 2019.

And this is no surprise really

Sure, Skype for Business 2019 comes with some useful enhancements for some customers who are on their cloud journey, like leveraging cloud voicemail, ability to collocate on-prem CDR and QoE data in the cloud so they can report through one pane of glass across all their hybrid estate, the ability to use Cloud Auto Attendant (quietly renamed from Organizational Auto Attendant), Ability to use Cloud hosted meeting and of course in built TLS 1.2 support. But for many others, this seems like Microsoft are doing it their way and making sure that the next jump customers take will be their cloud for UC and Enterprise Voice. Que this song..

While this is commendable and trail blazing it doesn’t suit all and some (including many I know personally) will not take the message in a positive way. Instead, they’ll receive the message more like this…

Putting feelings aside now, let’s look at the reasons as to why you would want to upgrade to Server 2019.

One thing Skype admins are going to have to watch out for is if their messaging team decide their strategic direction is to implement Exchange Online or Exchange Server 2019. If this is the case, then you’re probably going to be forced into an upgrade since Exchange 2019 lacks voicemail facilities and Exchange Online will soon follow suit. As of now, Skype for Business 2015 does not support Azure voicemail, the system preferred and used by Microsoft Teams.

You may be running Windows Server 2012 or even 2008 R2 base OS on your Skype for Business Server 2015 nodes and with 2012 especially entering extended support, combine that with SQL 2012 as well then you may choose to upgrade your servers to Server 2016 or even more recent 2019 to protect you on OS support. This may be a good time to future proof your on-prem deployment to 2019 if your cloud journey is not expected to finish by 2020.

Another actually quite valuable reason to upgrade is the ability for on-prem users to leverage cloud audio conferencing and meetings. Offloading your meeting capability to the cloud could potentially improve capacity and performance whilst extending availability and coverage you struggled with in the past. By using Microsoft global dial in capability and their global network this could actually be very advantageous to some customers over what they have today. Will it lead to cost saving?  Not sure, that depends on your situation.

One thing is abundantly clear though, Microsoft want you in Teams and they are doing everything they can to make that happen. Why? We have to look at the migration path from 2015 to 2019.

No in place upgrade, which was a welcome addition to 2015 that pleased a lot of customers because they could reuse their 2 or 3 year old servers and extract the ROI they projected from them. Now we have to go back to side by side and the hardware requirement has almost doubled in some areas e.g. RAM from 32GB to 64GB (thank god it wasn’t 256GB like was originally floated around the DLs).

Couple the new hardware with you now need Server 2016 at a minimum to install 2019 and your Wintel team may yet to be at the point of being able to support the image which could be challenging and make the project stretch further than originally budgeted.

The most shocking and inexcusable omission from 2019 is that it no longer supports SQL mirroring. When I questioned this, the response was that most organizations wanting HA will have SQL Enterprise Licensing. I have to say I have done many deployments over tens of thousands of seats with HA and only may be 3 had enterprise licensing for SQL. The average enterprise cannot afford that licensing model and use Standard. So now if you want 2019 and you want HA for your databases then your only option is SQL Always On and that comes with Enterprise. Yes Standard allows you one database in a AOAG, and that would make your XDS database highly available but not others like LIS or your back end pool databases which basically means its irrelevant to the cause.

Now take into account that pretty much all admin diagnostic tools are deprecated e.g. snooper being the biggest means that debugging and tracing issues with your deployment just got a lot harder. Why would you deploy it if you cannot support it?

So to me 2019 right now is expensive and that may make customers who were hesitant or ignorant to the cloud look more closely at their options. One thing is for sure, 2019 is now a stepping stone to the cloud more so that 2015 and the cloud is where the focus is right now. Could 2019 be the last on-prem version we see? Certainly seems that way right now.

However, it is not all doom and gloom. Yes SfB Server ends mainstream support in 2020, but it is still officially supported until 2025 in extended support, so now you can protect against Windows 2012 R2 exiting mainstream as of the 9th October 2018 and move to Server 2016 with a fraction of the investment it would take for 2019 and protect your business for another 6 years. Subject of course to the Exchange problem, but there are solutions out there that can be used.

Should we all protest at Redmond? Probably not. if we are sensible we would have seen the direction this was moving towards even before Teams was conceived, we knew the end game and it now appears closer than ever. The sooner people accept that the better because now you’ve a decision to make, adopt the Microsoft way forward which still has an incredible amount of value in the cloud or evaluate other solutions that fit more closely with your business needs.

Cloud maybe for everyone, or just some, whichever cloud (public or private) you choose it should be a free choice. This will probably be my last Skype for Business specific post because the organizations I work with today are all focused on moving towards Microsoft Teams.  I just wanted to give a balanced opinion on this version that both personalities can take away something of value from it.

Microsoft Voicemail Just Got Expensive For Some

Well Skype for Business Server 2019 got released in Public Preview alongside Exchange and Sharepoint distros this week and there has been lots of noise about feature removals and quiet squeaks about feature additions.

It comes as no surprise really as Microsoft turns the cloud up to eleven and trail blaze into a seemingly cloud only model of subscription based services. The 2019 releases of the application packages that defined Microsoft as a software company have got people in a downer. It’s the first time in my history where I have witnessed the complete lack of enthusiasm towards a new product release from Microsoft. And although quite sad, I also have come to accept that on-prem is just not strategic enough anymore.

Although Skype for Business 2019 has removed features considered no longer relevant for 2020 onward, it has improved the integration between on-prem and cloud which is aimed at unlocking those blockers that customers have where cloud communications are concerned.

This of course assumes that every customer of Microsoft will want to use at least “some cloud”.

For these customers 2019 makes sense at the surface by allowing them to use Call Queues, OrgAA instead of response groups, use Azure voicemail, Teams for Group Chat and send their QoE statistics to the cloud and use Microsoft’s compute for reporting.

But all of this requires may require that the user is licensed for a cloud offering. At the very least they are going to need Skype for Business Online Plan 2 and Phone System. Licensing that an on-premises user never needed to have potentially.

Add into the mix that 2019 requires new hardware of increased specification, reliance on Windows Server 2016 and SQL 2016 Enterprise if you want HA on your CMS as mirroring has gone. Skype for Business 2019 is a really expensive update for customers vs feature offering without cloud.

The fact the cloud reduces hardware and licensing requirements for on-prem features like persistent chat, SQL data analysis and reporting is true, but I am not convinced that this has a monetary saving.

Of course, if you are that company, who is willing to leverage the cloud offerings for your users then it probably makes more sense for you to jump in to the cloud with both feet and migrate from 2015 to native cloud, whether that is Skype for Business Online first or straight to Teams.

One thing for sure, there really has to be a compelling reason to want to update from Skype for Business Server 2015 to 2019 at this moment. There will be a day where you will have to do something due to EOL of 2015, but that could make you look towards other solutions if Microsoft cloud and 2019 are not viable alternatives for you.

2019 for businesses who just will not go to the cloud because of the data at rest complexities and risk management will really have to consider their options. 2019 for them probably feels like Microsoft are alienating and penalizing them for not doing it the Microsoft way and using cloud or hybrid.

One thing 2019 will do though is force the hand and this is a high risk strategy or so it seems right now.

However, perhaps the biggest news and impact to customers is the drop of Unified Messaging from Exchange 2019. This affects not just Skype for Business server users but also the thousands of other 3rd party VoIP users out there. For 3rd party users who rely on UM for their voicemail this is a huge issue that isn’t just limited to Exchange 2019 server, but online also.

I know customers who have retired their Cisco Unity solution in favour of both on-prem and online UM to have that integration with the users mailbox. UM used to be free and inclusive in the user license for Exchange and now customers will need to look at other providers for voicemail and go back to the year 2006 before the days of UM.

Perhaps voicemail is old fashioned?

Perhaps this move by Microsoft is going to question the importance of voicemail in general. Is voicemail old fashioned? Should we care about it? I must admit that I rarely listen to voicemails even in Teams and I don’t even have it enabled on my landline. Is voicemail just a courtesy service that society just expects to have, but in reality serves very little purpose?

Personally when I want to call someone it is because I need to speak to them about something that is “in the moment” topical. If they didn’t answer I would either email them to ask the question, or find someone else who can service my query. I’d only leave a voicemail if I knew they were the only person that could answer my question and I knew that they would probably pick the voicemail up quicker than an email (friday afternoon for instance) and I needed an answer urgently.

In addition, today, most people have a mobile phone anyway, and the more savvy users would have configured simultaneous ringing anyway so the chances of hitting a user’s voicemail service is reduced. Plus with no answer, you’re probably going to hit the mobile service voicemail anyway.

When I think of it, do I personally care if I have no voicemail? No I don’t, I could quite happily live without it. Voicemails to me are like unwanted spam anyway.

But there will be customers out there that still require voicemail and those who do will probably be using some kind of call center service that should have its own voicemail capability anyway. Or there will be just users who think they need it just because they’ve always had it. The fact the last time they had a voicemail was 3 years ago doesn’t come into that decision making process lol 🙂

But anyway if you’re a 3rd party voip user now using Exchange UM in any flavour then you have a problem to solve if you want to maintain this service.

In short, Microsoft have a solution for you. If you want Microsoft Voicemail, then move to Microsoft Teams or Skype for Business 2019 or both! Alternatively, and most probably the default position would be to seek alternative solutions from your current voip provider. Then you have to factor in costs for hardware, software licensing and probably 6 years of lapsed unpaid support to get you current with them.

For Skype for Business server users, you’re pretty safe. Lync 2013 and Skype for Business 2015 users you can continue to use Exchange UM for as long as your messaging team allow you to keep 2013 – 2016 UM servers around. Skype for Business 2019 users can use the same or use Azure Voicemail.

As a said before, Azure voicemail requires a SfB Online and Phone System license so voicemail that used to be free and a value added service has now become a $7 a month per user service.

[Update] Clarification was received by Roy Kuntz from Microsoft who is in charge of the Voicemail direction which states the following:

For On-Prem Skype for Business users, cloud voicemail will be provided at no cost. The only requirement is that an Office 365 tenant exists with at least a Skype for Business Plan 2 or Teams license subscription on the tenant. This triggers the back end systems for configuration to allow the voicemail service for the tenant. All that is needed is AAD Connect and accounts synchronized. No Exchange or Skype for Business hybrid required. For those tenants without a Teams or SfBO subscription, a trial license can be obtained. When expired, Microsoft are issuing some promo codes available when in Public Preview.

In summary, start questioning your usage of voicemail before deciding that this is super critical for you and you go and spend a ton of cash on providing that service when the time comes. You probably have 1-3 years depending on whether you use Exchange Online or On-Prem to do something, so don’t panic too much yet.

 

The Cloud Leads the Way to Disable TLS 1.0/1.1–Goodbye Lync Phone Edition

Microsoft announced that they will be turning off TLS 1.0 and 1.1 encryption on Office 365 on 31st October 2018. This should not come as a shock surprise to anyone after the POODLE and BEAST vulnerabilities exposed throughout 2011 and 2014. But what does that mean for you and your devices?

From a Skype world perspective, it means that your Lync Phone Edition devices, the CX3000 and CX500/600 phones will no longer register with Skype for Business Online on 1st Nov 2018. There is no workaround, there is no workaround or firmware update coming, the devices will simply stop working and will be useless to you. Initially a lot of people may gasp in disbelief that they have to replace their estate with new 3PIP phones. But in reality these LPE devices are now pushing 9 to 10 years old. They are really at the end of their functional working life and any smart business with a refresh program should already be well on their way with replacement to more modern devices.

This only affects devices registered to Skype for Business Online. If you are an on-prem consumer of Server and the account is hosted on-prem and you haven’t disabled TLS 1.0 and 1.1, these devices will continue to work for you. But should you be following the Cloud’s lead and disabling TLS 1.0 and 1.1 on-prem too?

The answer at the moment is probably not. Unless there has been an update in the latest Server CU and I haven’t checked this out, if you disable TLS 1.0 and 1.2 on-prem today, then you’re going to get back-end SQL replication problems as this relies on 1.1 and 1.2 is not supported. So for the mean time at least, on-prem is stuck with TLS 1.0 and 1.1.

But why are we moving away from 1.0 and 1.1?

So POODLE man-in-the-middle attack exposed a vulnerability to impersonate the server in a client to server communication in SSL v3.0 and watch in plaintext the exchanges between client and server. Although this predominately an SSL v3.0 vulnerability some TLS 1.0/1.1 clients are also at risk if they accept incorrect padding structure after decryption.

BEAST is a know MiTM attack similar to POODLE that exposes a vulnerability in the implementation of the Cipher Blocking Chain mode in TLS 1.0 protocol. This is a plaintext attack that is generated client side that injects packets into the TLS stream to guess the initialization vector. This was a common browser based attack.

There are more vulnerabilities in these protocols that have led to NIST declaring that these protocols are no longer approved for protecting information. And this is the reason why TLS 1.0 and 1.1 is being disabled for Office 365. As Office 365 is certified by various compliance standards, of which PCI is one, PCI compliance states that TLS 1.0 and 1.1 are no longer acceptable protocols to secure transmission of data between cloud and client.

Again this change is affecting all of Office 365, of which LPE is just one affected service. It doesn’t mean that your on-prem environment has to stop supporting legacy protocols, just that communication between your devices and Office 365 has to use TLS 1.2.

If you have Windows 7 devices in your environment, these will not support TLS 1.2 by default. Instead the protocol is disabled. You will need to ensure that the protocol is enabled on these devices in preparation for the date, it they are to continue to communicate with Office 365. You can download and apply this update for your clients: https://support.microsoft.com/en-gb/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

This change does mean that Office 365 from Nov 1st will no longer support Windows Vista as Vista does not support (in fact I am not even sure it ever did!) TLS 1.1 or 1.2! Shock horror, the world is going to dissolve! If you really have Vista out there, please update, or preferably, throw said PC in the bin and purchase a Windows 10 machine!

Windows 8.0/ 8.1 , Server 2012, Windows 10 and Server 2016 all use TLS 1.2 by default, so there are no changes needed to these Operating Systems in preparation for the disablement of TLS 1.0/1.1 in Office 365.

If you are using Android 4.3 clients or older (Jelly Bean) then Office 365 apps will no longer work post 31st October. You’ll need to update your mobile OS or purchase a new device. More worringly for businesses will be if you are running Internet Explorer version 8 through to 10 on Windows 7, you’ll need to update to Internet Explorer 11 to gain access to web services provided by Office 365.

If you have an Apple running OSX 10.8.4 or earlier of Safari 6.0.4 you too will also need to upgrade, or buy a proper computer 🙂

If you use ADFS for SSO with Office 365, you will need to ensure that your ADFS farm supports TLS 1.2. More information on how to check / do this can be found here: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs

Don’t Waste Your Money on BYOSBC to Microsoft Teams

At a breakout session in Ignite 2017, Microsoft made reference to a new method of connecting OPCH PSTN to Office 365 which was in development. The current standard offering for OPCH to Skype for Business Online Cloud PBX is Cloud Connector Edition (CCE). CCE is an on-premises hardware appliance (I use the term liberally) that connects one end to your PSTN SBC and the other to Office 365 using Skype for Business Hybrid to all intents and purposes. This solution wasn’t the most elegant and there were many hidden costs involved, such as demanding Windows Server 2012 Datacenter licensing and some beefy hardware to run the full-fat CCE appliance. You also needed to invest in a SBC anyway, although technically CCE could be connected to the likes of Cisco CUCM but that configuration isn’t the most desired from a supportability standpoint. Some vendors like Sonus and Audiocodes came out with various solutions that combined SBC and CCE into one hardware unit. Each solution served a purpose and it was a means to get OPCH connectivity into Office 365. However, as you can imagine the uptake on CCE deployments wasn’t as great as probably Microsoft had hoped for. Coupled with the decision change at Ignite to focus cloud efforts on Microsoft Teams, left many customers looking to move to the cloud, or recently invested into Cloud PBX with CCE in dismay.

Anyway, it was hinted at Ignite that there would be a simpler solution coming in 2018. Rumours were that it would be a BYOSBC solution that removed the dependency on CCE. Well it seems that at various Microsoft Tech Summit’s this year that appears to be the case, that Microsoft will let you connect your SBC directly to Office 365 and more specifically Teams.

As we can see here from this picture of a slide from Tech Summit (Credit Paul Lange), Microsoft have designed a topology that allows this direct SBC connection to the Microsoft Phone System. This is not something new really if I am honest. It’s a similar method that currently allows you to connect your on-premises Cisco / Avaya solution to Exchange Online UM for voicemail boxes.

I don’t have any information on this topology at the moment, but I will bet my house on it that the connectivity will be somewhat similar to what we do for Exchange Online UM and an SBC today, i.e. SIP trunk over TLS to Exchange Online UM public endpoint and using some kind of gateway configuration in Office 365 to tie the SBC to the tenant. In theory any current supported SBC (Sonus & Audiocodes) in Skype for Business should be able to leverage this new service, but this has yet to be confirmed. Furthermore, anyone who has purchased SBC with CCE integrated appliances should be able to continue to use the SBC element, albeit the investment in the CCE element will no longer be leveraged. Again, educated guess, but confident this is accurate going by the above schematic.

So, my advice for those of you with these investments already, hang tight and wait for release. You’ll probably find that your device will support this topology.

However, there may be considerations for hardware. Currently SBCs using CCE don’t have to do any audio transcoding, instead the mediation server on the CCE will perform the transcoding between PSTN codec and Skype Enterprise Voice codecs, unless of course you have taken advantage of Media Bypass in the later versions of CCE. But assuming not, and your relying on the out of the box config, then your SBC may be under powered. Why? Well the above schema does not show an on-premises mediation server. So consider the scenario where you have on site users using Microsoft Teams with PSTN calling. Teams to Teams audio will try all local routes before breaking out back to Office 365. But a PSTN call has to go via a media server. Without Media Bypass, this means the PSTN call’s media will travel from the SBC to Office 365 and then back to the local site where the callee using Teams is located. This is tromboning of the internet is something Microsoft have campaigned hard to avoid with Skype for Business Online and therefore we should expect that when this solution is released, Media Bypass should be the out of the box, preferred solution to prevent this tromboning of the internet.

With Media Bypass, it would allow the Microsoft Teams client to send it’s signalling via Office 365 to the SBC, but the media establishment would be direct between the client and the SBC. This means that we will be expecting the SBC to work harder, transcoding media between Teams and the PSTN, rather than offloading that to the mediation server of old. Media transcoding on a SBC is performed by DSPs or Digital Sound Processors. DSP’s are essentially like CPUs and in the same manner of CPUs, each DSP has a maximum throughput, meaning a maximum number of media streams it can transcode at any one time. With Skype for Business and CCE, this allowed you to buy relatively entry level SBCs with 1 or 2 DSPs, because you didn’t care as Skype would handle it. In the Teams world this might not be the case, and you may have to replace these SBCs as invariably adding DSPs to a chassis is not a field serviceable option.

So why have I titled this “Don’t waste your money”?

Consider the wider picture. Microsoft is allowing direct SIP trunk connectivity to Office 365 that allows you to Bring Your Own Carrier (BYOC). It essentially allows you to choose if you want Microsoft to be in charge of PSTN call delivery and billing, or another provider. If I was a certified SIP trunk provider e.g. Gamma and PureIP for example, I would be working hard to offer direct SIP trunk connectivity to Office 365 as a package deal. This would essentially remove the need for on-premises hardware, risk and maintenance overhead and still allows the company to take advantage of fair market competition, while adopting Cloud Only.

I think this option if it comes to pass is an amazing opportunity, it opens Office 365 to competition and stops the Microsoft Cloud only monopoly of calling plans and allows you to make a decision on which carrier to choose. It also helps Microsoft deliver a global PSTN presence for Office 365, something that they’ve struggled with themselves due to regulations of each country. So instead of waiting for Microsoft to release PSTN calling in Singapore for instance, you potentially could just use a provider in Singapore and hook Office 365 straight up to the PSTN network there and away you go. It’s truly an amazing opportunity that opens the cloud up to coverage, scale and competition. It’s going to be a fantastic market!

Obviously, there are going to be some scenarios where you will have to have OPCH in some of your sites, PRI connections for instance, although, why not move to SIP if you can? Call center integrations or 3rd party PBXs and analog devices.

I am looking forward to seeing how this develops, it makes total sense from my standpoint, and was the first thing I said when CCE was release, was Why? This solution should have been the one deployed from the outset. When this comes in later this year, I expect to see more adoption and less resistance to enterprise voice in the cloud. I can’t wait! All that needs to happen now is for the Microsoft Teams Team to focus on getting enterprise voice feature parity with Skype for Business by the same time and I am sure it will be Microsoft’s finest moment yet. That said, there is no reason why Skype for Business Online users couldn’t leverage the same architecture? But, Let’s wait and see…..

Sorry for the clickbait title…. 🙂

A day in the Life of a Plantronics Guy

A few months ago, Plantronics released their new premium headset, the 8200UC. Being a Plantronics device enthusiast I was lucky enough to acquire one of these to add to my already growing collection of Plantronics devices, and thought that I’d share my opinion on the devices I use, why I use them and which ones I prefer. This isn’t so much a technical review of each device, but just my experiences with them, what I like and what I don’t to help you choose the right one for you.

Before I go into the specifics of each device, I have to look at the communication profiles or personas I float between. Whichever persona I am working in decides which device I will use. This is an interesting point, because when we have originally profiled users, we define them a single persona and that outputs the communication profile we assign to them. In reality though, many people will have multiple personas that are dependent on their working pattern. So assigning them a single device even though 65% of the time they will be using persona, they might have completely the wrong device or configuration for 35% of their working time, which to that person is a significant handicap.

The people most likely to have multiple personas are going to be the smart workers, the ones that work from home, the car and the office. However, if you follow the Persona advice from various vendors, the output of the persona you define for them will often supply them with a binaural USB headset. I fall into this category, my work life is split as follows:

  • 65% work from home
  • 25% customer site
  • 7% travel by train or car
  • 3% work from company office

Breaking down my day in each of these personas I often require the use of more than one device, depending on the type of communication I am participating in. Even from home, I can float between as many as 3 devices. For instance, I could be listening to music, having a P2P audio call with a colleague, a meeting that lasts 30 minutes or less, or multi-hour meetings with customers. The way I interact and concentrate also affects the device I use. For instance, talking in an internal meeting, I am usually sat by my desk multi-tasking until it is my turn to speak. However, if I am in a pre-sales meeting with a customer and explaining to them why they should invest in Skype for Business, I tend to pace up and down my office to keep my concentration and flow. But that’s not all of my meeting profiles, technical calls with customers where I am going to be in the meeting for hours, the last thing I want is a headset on my head, so I’ll tend to use a speakerphone for those.

When I am working away from home I will travel as light as I possibly can. My priorities for travel are based on these questions; “What can I fit into my carry on?” and “what am I going to be doing the other end?”. Generally, my travel is always planned in advance, I have very little events where I have less than 72 hours notice, so I typically always know what I am going to be doing. The question that changes things is what mode of transport am I taking? For instance, if I am travelling on a day trip to London, I will go on the train, the last thing I want to be doing is lugging by rucksack around on the tube during rush hour, the mass of people, the heat, and the confinement of space already stresses me out enough without having to lug a heavy bag around with me. So I will carry my laptop, its charger, a USB cable (for charging phone and headset) and the most mobile, lightweight headset I have and pack them into a traditional over the shoulder carry bag. If I am travelling by car, then I tend to take my laptop bag with a bit more in like travel plugs, various connecting cables, speakerphone, headset, spare battery pack, external hdd, USB sticks etc. I think I even carry a small toolset somewhere for those less glamourous moments. The reason, I’d rather go more prepared than I need to, and generally it is only a short distance between car park and the seat where I will be working. But in some cases, I have emptied the bag into my boot (trunk) and gone light in some cases. When in the car and someone calls my mobile phone, I will have it paired with the car’s built-in bluetooth phone system. I know that I sacrifice audio and I have no active noise cancellation, but I have tried the “white van man” approach with a in-ear monaural headset and I find that an intense distraction to driving because I like to have stereo hearing to fully appreciate my surroundings.

Aside from the where I am working, what am I doing questions I ask myself, the other important element to me is multi-device support. I could be at home listening to music on my headset, nose into a design document and some one tries to calls me on my mobile phone, which could be away from my line of sight. There is a potential I could miss that call if I was using a USB headset connected to my laptop. So a device that can connect to both my laptop and phone at the same time and notify me of calls on either is critically important to me.

So as I build my personas I can start to see that a single device and single persona is not suited to my way of working, and this is the point. In order to be productive, the end user has to use their own techniques and methods that work best for them in different surroundings. As a business or employer you cannot enforce productivity, all you can do is offer the means and support to encourage your staff. The rest is down to them. This is where people get it wrong, by assigning a single persona to a user, you are in effect trying to enforce a way of working on a staff member without considering their personal needs, it’s counter productive and goes against everything you are trying to achieve.

Let’s take a look at the devices I use. In my Plantronics collection I have:

  • Focus UC
  • 8200 UC
  • 5200 UC
  • Calisto P620-M
  • Voyager Edge UC

Now, I am not saying that you should go out an buy all these devices for your staff because they transit multiple personas, that would cost you a fortune. But hold this thought!

So when do I use these devices?

Each device has it’s merits, however, I tend to gravitate to 3 of them. When I am at home and I have a day full of short meetings I will tend to use my Focus UC. For some enthusiasts out there will be saying why not the 8200 UC? Well, I find the Focus UC easier in many respects that the 8200UC. It’s easier to get on to your ears, it’s lighter in weight, which when you spend the majority of your day in calls it makes a significant difference in fatigue. When I tried the 8200UC for a day I found after a while my next started to ache a little and moving to the Focus UC, it felt like a feather in comparison. I also find the audio quality received by the other party to be generally better when using the Focus UC over the 8200UC. I have put this down to the fact that the Focus UC has a microphone boom, while the 8200UC is boom-less with microphones built in to the ear cups. I find I tend to have to talk louder when using the 8200UC than the Focus UC for the audio  to be clear the other end. However, it’s not just the device that causes this, I also have to factor in the way I speak. I tend to speak nasally and with a lot of base in my voice. I find it hard to emphasize words, or put expressions on phrases and the 8200UC doesn’t quite pick out the definition that well. For others who are able to project their voice with different emotion, or who generally have a more alto style voice the 8200 UC may not have the same problem. The other element I like of the Focus UC over the 8200UC is the desk docking station where I can keep my headset charged all the time. With the 8200UC you have no docking station (its too heavy and bulky), instead you have to charge with a USB cable, which having to do that midway through your day can be a mild inconvenience when you need to use it!

This is not to say that I don’t like or use the 8200UC, but I tend to use that for quiet days where I may have the odd add-hoc call but spend most of the day focused and listening to music. The over the ear cups and ear speakers give really good audio range and they are perfect for listening to music. They also keep outside noise out almost completely which when you work from home and have a screaming baby in the background is critical for keeping your concentration on task. So these are more my life savers than my day to day headset of choice.

If I am out on the road or at customer site, I will travel with my 5200UC, a single ear bluetooth earpiece and microphone modelled on the Legend UC but comes with Focus UC style active noise cancellation. It’s small, lightweight and the built in battery into the carry case means that its almost always charged and ready to go with at least 5 hours of talk time. It allows me to have good audio participation away from the home office without carrying a substantial headset around with me. It also allows me to ensure that I am fully aware of my surroundings and to keep the volume level of my voice down to an appropriate level. This headset is so good at it’s job that I have completely shelved the Voyager Edge UC device (it’s older anyway).

The Calisto I keep in my bag and that only comes out in two cases. One, where I am expecting a long multi-hour call and I don’t want my ears to get sweaty by wearing a headset all the time, or two I am at a customer site (or company office) and we have a meeting where we need to bring in external participants in a Skype meeting. It always looks good when you have the technical solution to solve the problem in front of the customer, while they are busy running around trying to see if they can bring a desk phone in on loud speaker or some other weird solution. It opens their eyes to how easy UC can be. Although I have a Calisto I also have a Jabra Speak 710 (ssshhh), but as this is Plantronics focused I won’t say too much about it. The only thing I will say is that the 710 has a slightly better microphone pickup at range than the calisto, but you’d only want to swap to the 710 if you had two of them (they can be paired) and in a large room. On a one to one comparison in a small huddle room either devices perform well enough.

So that’s how I use my devices and my preferences. Back to the point where it does not make sense to buy all these devices for your workers.. You are right it doesn’t. What I find works best is rather than IT decide what device to ship with a “back office” designed persona is to allow the end user to make their own choice on the device they want.

Now choosing blindly of course everyone is going to order the most expensive one right? Not quite.. The way to handle this is to have an internal catalog of approved devices per persona definition. For instance for smart working you may offer a USB headset, A Focus UC, or a 8200UC, and maybe a speakerphone by request. You wouldn’t necessarily list the RRP price or the price at all on the catalog page. Instead, as part of your adoption program, you would educate your users to look within themselves on how they work and give them advice on the type of device that they may benefit from. Design a questionnaire for them to complete, like a self assessment to make them think about what they do on a day to day basis. Once they understand that, they are more than likely to order the right device for them because it has a direct impact on their working lives. The end result is you as an employer get more productive staff, less complaints about how bad Skype for Business is and better overall return on investments in hardware and people.

%d bloggers like this: