Teams encrypts all communication by default with industry-standard technologies including Transport Layer Security (TLS) and Secure Real-Time Transport Protocol (SRTP). By default TLS authenticates all traffic and encrypts them. SRTP is used for media traffic and also encrypted. And by default they are definitely Trustworthy and this end to end encryption is definitely not required unless there is a specific business case.
Last month Microsoft announced the public preview of the end to end encryption as per this blog
The goal of end-to-end encryption is to prevent data from being read or secretly manipulated by anybody other than the sender and recipient. The sender encrypts the calls, chats & files, but the third party or even the service provider has no way of decrypting them and stores them encrypted. The recipients obtain and decrypt the encrypted data on their own.
There may be a situation when a few participants are dealing with business-critical data or sensitive information, and they want more increased security to meet their compliance and regulatory obligations. In some circumstances, end-to-end encryption can be used to accommodate those scenarios, and it can be enabled exclusively for those users who are specifically targeted.
Dynamic emergency calling assists in routing calls and notifying security personnel during an emergency scenario based on the location of the Teams Client. Earlier this setup was working on Microsoft Calling plan and Direct Routing. Now with Operator connect being public GA this is a mandatory prerequisite before enabling them on the Teams Admin Center.
The dynamic emergency calling works completely with the help of the Location information service. The Location Information Service (LIS) delivers geodetic (latitude/longitude) or civic address location information. The LIS is used by emergency services to make location-based call routing decisions and to properly locate callers for dispatch. LIS addresses the intermediate solution for providing e911 service for users of VoIP telephony.
Microsoft Teams uses this same LIS based on the Network Topology Information. This is collected from the Teams Client location data which works based upon two information
With Operator connect we will be able to manage partnerships with our local telephony providers and provide telephony features to end users in Microsoft Teams. We can evict the need of managing & maintenance of SBC locally in the datacenter unless we have some specific requirements for routing calls to another ip-pbx environment within the organization .This is a big advantage for customers who want to go completely to the cloud and eliminate their on-premise dependency.
Microsoft recently announced Operator Connect to be General and it can be a good start for organizations which has less dependency on legacy PBX integrations in their environment. For instance when a customer having only Skype for business, SBC and a SIP Trunk with their local telephony provider in their current configuration can easily think of moving this enterprise voice service to cloud easily by benefiting the operator connect service.
At the moment of writing this post there are 22 operators present in this program which supports upto 60 regions all over the world with Microsoft and the list can definitely grow in future. In this blog we will run through the steps to enable operator connect and the steps to enable them with the provider NTT.
Below prerequisites are required fromOffice 365 tenant to evaluate the operator connect service:
Users must have minimum E1+Phone System, E3+Phone System or E5 License.
All these users leveraging the operator connect service must be in Teams Only mode.
Emergency Address must be created and assigned to these users.
In our case we are testing from the location Netherlands and hence we have only Netherlands defined as Emergency address.
If you are using any of Microsoft’s business plans, you are likely to be targeted by hackers. The following guide will help you boost the security of your organization. This guide will help you meet the goals outlined in the handbook by Harvard Kennedy School Cybersecurity Campaign.
If you have Microsoft Business Premium, you can set up security by following the guide in Microsoft’s Library: Microsoft 365 for Smaller Businesses and Campaigns. The guidelines here were outlined in partnership with Microsoft’s Defending Democracy team. The guide protects small business customers against cyber threats.
It is crucial that you determine your Microsoft 365 Secure Score in Microsoft’s 365 security center. There is a centralized dashboard from where you can improve the security of your Microsoft 365 apps, data, devices, identities, and infrastructure. You gain points for installing the recommended security features and addressing recommendations with third-party software or application. Here are ways you can secure Microsoft 365.
1. Set Up Multi-Factor Authentication
Multi-factor authentication is the easiest and most effective way of boosting the security of your firm. Logging in to multi-factor authentication entails typing a code sent to your phone so you can access Microsoft 365. This is also known as 2-step verification. This move prevents hackers from accessing your account if they know your password.
To add the 2-step verification to your Microsoft account, you need to add a setting that requires you to log in with multi-factor authentication. After making this change, you will be prompted to set up your phone for 2-factor authentication the next time you are logged in.
2. Create Awareness
The Harvard Kennedy School Cybersecurity Campaign handbook provides further guidance on how to promote security awareness in your organization. This includes training users on how to spot phishing attacks.
Customers who completely prohibit access to webmail may have a few security concerns. In a Modern Workplace scenario, all users must be able to access their email at any time and from any location. One of the major improvements we have seen from Outlook web access and now Outlook on the web which gives all the rich client end user experiences we see on the Outlook client. However, attachments can pose a significant security concern if Outlook on the web is permitted to be accessed from non-managed machines without any security implementation or if no data loss prevention mechanism in place.
There are two options to handle this scenario at this moment and we will go through them on this blog.
We can use mailbox policy settings to define whether users can open, view, send, or receive attachments when they are signed into Outlook on the web, including whether the user is on a computer that is part of a private or public network.
We have the PublicComputersDetectionEnabled organization value which can help us to prevent downloading the attachments from the non managed computers. The PublicComputersDetectionEnabled parameter determines whether Outlook on the web detects whether a user logs in from a public or private computer or network, and subsequently applies the public network’s attachment handling settings. $false is the default value. If you set this option to $true, however, Outlook on the web will detect if the user is logging in from a public computer, all attachment handling rules will be applied and enforced.
We can check that by running the below command.
Now we run the below command and enable the PublicComputersDetectionEnabled value to True
A content camera can be used with a Microsoft Teams Room system. A content camera collaborates with image-processing software and a whiteboard to enable a presenter to draw on an analog whiteboard and share the content with remote participants.
In this blog we will run through the steps to enable content camera on Teams Room Systems.
There are few prerequisites that needs to be prepared before trying this setup:
This content camera should be pointed at the room’s whiteboard. Please keep in mind that content camera has physical infrastructure requirements that must be considered. It’s usually a piece of equipment (a supported content camera) that hangs from the ceiling and faces the whiteboard.
The writing board must be mandatorily white in color. Other colors are not supported.
A supported content camera as per Microsoft Recommendation on this link needs to be used mandatorily for this functionality.
The camera’s positioning is influenced by the size of the whiteboard used for sharing. The following are some suggestions for board size from Microsoft:
3–6 ft. (0.9–1.8 m) wide — Supported best suited for medium sized rooms.
6–9 ft. (1.8–2.7 m) wide — Recommended best recommended for medium-large rooms.
9–12 ft. (2.7–3.6 m) wide — Supported suitable for board rooms.
Above 12 ft. (3.6 m) wide — camera covers 9–12 ft. (2.7–3.6 m) and crops the rest.
The camera can be placed up to 6 in. (152 mm) above the whiteboard’s top and centered on the whiteboard.
In the current scenario most of the Organizations are running Teams Room systems as their meeting room solution from their Offices. Few of their customers, vendors and partners host their meetings from Zoom ,WebEx or other meeting solutions. In these unique circumstances, we will be hitting in a scenario where there are people attending the meetings from Teams Room from our organization and the meeting sent by vendor or a customer might be Web-Ex or Zoom.
Knowing this requirement Microsoft released a supported Teams App version in the mid of last year for the Room Systems to join Cisco WebEx Meetings from a Teams enabled room system with the direct guest join. Later this option was extended to attend a Zoom Meetings as well from the Teams App version 126.96.36.199. We’ll walk through the procedures to enable Teams Room Devices to join the 3rd party meetings Cisco WebEx and Zoom Meetings.
There are few prerequisites to be met in order to join WebEx and Zoom Meetings from a Teams Room System
Make sure the WebEx and the Zoom Meeting URLs are fully whitelisted in your proxy and in your network to fully support this scenario.
Configure Office 365 Threat Protection and Link Rewrite exclusion list for WebEx and Zoom Meeting URLs.
Configure your Room Mailbox to automatically accept and process the invitation from Zoom and WebEx.
Configure this settings in your Room Systems devices , so that they are ready for this functionality.
To make this work for the Room Mailbox Connect to your Office 365 Exchange Online Tenant and check for the current setup for accepting the meeting room from a 3rd party meeting invites by running the below command.
One of the new feature that was announced in last week for Teams Rooms update was an option to directly cast your content from the mobile device without setting up a formal meeting. This is really beneficial when we need to share some thing directly from our mobile device to the participants in the meeting where we have a meeting room involved as a participant.
To start with utilizing this feature the Microsoft Teams App must be installed on your mobile , Bluetooth must be turned on , both the mobile device and the Teams Room system must be connected to the same network. At this moment the Teams Room must be running on Windows and must be within 10 meters range from the mobile device.
Its very easy to utilize all we need to to is open Teams App on the device – Go to the more option and click on Cast your screen
Once after we do that we are prompted with the below screen and all we need to do is just click on get started.
As we all know the basic authentication will be retired for Office 365 sooner and its high time for us to enforce Modern Authentication on all clients. When most of the organizations have already enabled Modern Authentication which is a good sign. However there are cases where the modern authentication cannot be interactive for the 2nd factor authentication ,needs some planning on those special cases and they have exceptions. For instance Room Systems they are having resource accounts with Teams Enabled and Exchange Online where these resource accounts cannot have modern authentication enabled with MFA like normal user accounts to approve for the 2nd factor authentication.
Post Microsoft Teams Room App version 188.8.131.52 we have the option to enable Modern Authentication on the devices capable of hosting Microsoft Teams Meeting. The account management of the Teams Room devices is set at the application level.
As we all are working remotely from home ,Microsoft Teams has been an extraordinary assistance for all of us in boosting our productivity and keeping us stay connected in this pandemic situation. We are in Teams Remote meeting for almost everyday to complete our daily chores. Well the vast majority of individuals are having a office setup scenario at this point, however its less likely we have setup our own personal meeting room equipment . Most likely we are attending the meetings and doing the works from the same device.
This wasn’t the case before but since we are almost having very frequent remote meetings every day its a good idea to have one personal meeting room device for the below reasons :
You have your laptop with multiple excel sheets, Word Documents , PDFs, Browsers etc., always and you do not need to switch between camera screen and your work thats going on.
There are 2 screens where one is fully focused only for work and other is dedicated only for Meetings.
There are loads of items in the market which is available in a competitive pricing , yet my thought in this blog is to demonstrate that we have a very good option to convert Windows compatible tablet or a Surface Pro into a personal meeting room just in case if you have additional device which has been hibernated for quite a long time.
I'm a Certified Microsoft Infrastructure/Cloud Architect with hands-on 14 years of International proven experience in Planning, Design, Execution, Integration, Operations, IT Management specialized in Messaging Platforms Microsoft Teams with Telephony, Skype for Business Voice, Microsoft Exchange, Intune Deployment, Microsoft Azure Infrastructure, and Cloud Security Implementations.
Over time have developed complete IT Implementation skills on Microsoft Infrastructure/Cloud projects within Multinational, Government, Construction, Leisure & Entertainment, Production, Automobile & Financial Industries.
I can be contacted through email firstname.lastname@example.org or through mobile +31 62 050 6978