Category Archives: Microsoft Teams

Microsoft Teams – Side load 3rd party & custom built apps in Microsoft Teams pane

With all the more new improvements in Microsoft Teams,we have more alternatives to modify the end user client choices from the application perspective to get access to the most frequently used applications from Microsoft Teams.

The Custom built in-house applications can be effectively side-stacked in Microsoft Teams which makes the end users to adequately use these applications.

To start utilizing these options login to Office 365 admin portal and verify if the teams side loading options are migrated to Teams admin portal.

Once logged in navigate to settings – services & addins – search for Microsoft Teams – And see if external apps in turned on.

In below case in this tenant these configurations have been migrated to Microsoft Teams admin portal and hence these settings are greyed out. This will be the case for almost every office 365 tenants.

Now we have got app permission policies in Microsoft Teams.

App permissions policies control what applications we need to make accessible to Teams clients in our organization. Now we have got the better flexibility to customize the default policy or create custom policy and assign to only targeted users. The better option is to create a custom policy and assign them to targeted users.

Login to Microsoft Teams Admin portal – Select Teams Apps – and choose permission polices – Click Permission policies – Click Add

Here we have the flexibility to control Microsoft Apps, Third party Apps and Self developed custom inbuilt tenant apps which are published in Microsoft Teams as an App Package.

Once the required applications are selected the created application is ready to be assigned to individual users.

We can create app setup policies which decides the way we want to display the prepinned apps in Microsoft Teams pane.

To create custom one navigate to setup policies and click on Add

We do have further customization of the default apps or remove them and add more custom applications.

In the policy there is option to select the appropriate app permission policies which makes the default policy not affected and apply only for targeted users.

Assigning the App Permission policies and Setup Policies to end users.

Having the policy created now it is easier to assign the custom policy to targeted users.

Navigate to users tab – select policies tab – Now we have option to assign custom app permission and app setup policy.

End user Experience –

Once the policy is assigned we have the custom apps side-loaded in Microsoft Teams.

With these above options Application arrangement strategies can be improved and modified dependent on the business prerequisites, integrated with Microsoft Teams and rolled out to the end users.

Thanks & Regards

Sathish Veerapandian

Microsoft Teams – Manage External and Guest Access communication for users

Microsoft Teams becoming an unrivaled communication platform its been adopted by most of the corporate organizations right from small, medium and large scale businesses.

Teams adoption rate have been thriving a lot and there are organizations managing their daily operations and projects completely via better organized Teams and channels.

In this article we will have an overview and the options available to expose Microsoft Teams for communication to the external network and other office 365 organizations.

As an initial prerequisite we must ensure that all the Office 365 URL and IP Ranges are allowed.

Login to Microsoft Teams Admin center portal here we have 2 options.

  1. External Access
  2. Guest Access

For external access the screenshot is pretty much explanatory. The best way is to add only the allowed domains which would block the other external organizations.

We do have an option to toggle the second feature where the Skype for Business online users have the ability to communicate with the Skype Users. But then if all the users are switched to Teams only mode then enabling the latter functionality will not be working.

External access lets our Teams users communicate with allowed domains.
Only the allowed domains in the list can communicate with each other.
They cannot be a member of a Teams or any Channels, however they can initiate peer to peer chats, audio , video calls and can join the meeting initiated from Outlook.

As of now below are the features that will be working between external access domains.

With Guest Access anyone with a business or consumer email account, such as Outlook, Gmail, or others, can participate as a guest in Teams. We can grant them access to our existing teams and channels.

Guest access can be further manipulated based on our business requirements with the below options.

Meeting and messaging choices can be further controlled in guest access.

Once the guest access is enabled the end users can go ahead and add external ids like gmail in their channels like below.

The external guest account will receive a descriptive invite which will provide information about Microsoft Teams.

Note: For all the invited external users a corresponding azure AD account will be created in our Tenant with the user type of Guest.

Few users reported challenge in communicating with allowed federated domains.

While most of the users were able to communicate across federated domains and there were few users experiencing the below error.

On further analysis found that there are two federation policies.

And the affected users were assigned to disabled federation access policies.

After moving them to federation only policy the issue got resolved.

Grant-CsExternalAccessPolicy -Identity “S Hameed” -PolicyName FederationOnly

Thanks & Regards

Sathish Veerapandian

Create Customized App Package for Azure Bot and publish them in Microsoft Teams

In the previous article , we had an overview and example of how to start creating Microsoft Azure Bots and integrate with Teams. Furthermore once the bots are integrated with teams ,we would need to create application package for our Azure Bot, so that we can provide better end user experience.

To interpret further once the azure bot is available to the end users via teams it will not be showing to them as an application (example shown below). Providing them as vanilla format will not be more intriguing to the consumers.

In Microsoft Teams there is an option to create a customized app package for our azure bots. Once we create and publish them, it will be available for end users in the app section. From Microsoft Teams users can search and install them on their Teams Client.

With app studio package admins can create their own customized apps for Microsoft Teams and publish them to individual users, teams and globally to the whole organization. Search and install app studio package from app section in Microsoft Teams.

Once after it is installed , open App Studio and use the Manifest Editor to create the App Package.

Here there are two options:

Create a new app – Used to create our own customized app.

Import an existing app – We can import our own customized existing app.

In this section create a new app is selected since the scope is to create an app for an existing azure bot service.

In the app section provide the information as requested.

App ID is crucial here and it must be the value of the Azure Bots from the setting page of the Azure Bots that we are creating the APP Package. Rest all information is descriptive and can be added easily.

There is an option for customized branding to insert the iconic image of our app which will be shown to the end users while interacting and also the terms of use can be added over here.

Capabilities tab is a vital section as this determines the functionality of the bot. Select only the bot section , add the required information and leave the others with default configuration .In above example existing bot must be selected because the app package is been created for an active bot. Provide them a name and use the option select from one of my existing bots.

The other options have to be chosen very carefully based on your bot functionality. For instance choosing My Bot is a one-way functional only for a bidirectional bot will not provide the message input window to the end users during the interaction.

It is important to note that for a 1:1 bot it needs to be selected only in personal scope. Choosing the other options for a 1:1 bot will create a malfunctioning of the app to the end users.

On a security perspective there are few options to restrict, provide SSO and Device permissions.

Provide the below information for the SSO.

And we have the option to control the device permission which is really great.

Having done all these settings above there is an option to test and distribute the created app package.

The easiest way is to install in our own client before distributing them by choosing the first option install your app in teams for testing.

After installation the app is ready to be launched.

Now on a user experience it provides us a prime look to our Azure Bot and looks appealing.

Its better to change the bot profile icon as well to show the same icon in the chat conversation.

Having tested this app from individual level client , now it is time to publish them to all users. Download them as json file and upload it from a teams client with global admin privilege.

The application must be downloaded from the teams client that was used to create this manifest file. Once after its been downloaded we can see it would have been downloaded them as json file along with the associated PNG files.

This zip file needs to be uploaded from the teams client using the option upload a custom app.

Once logged in with Global Admin Credentials – Navigate to store and use the option – upload a custom app.


There is  2 options to upload for me or my teams and upload for the whole tenant which will make the app be available for all users.

Once after its uploaded , successfully this new app for the azure bot will be available for end users and they can search in the store and install them.

Finally the App can be updated to next version with ease of operations or deleted with the below settings from the Teams client with Global Admin Credentials.

There are much more ways to control this app visibility and user experience on teams client like side loading the apps for easier communication , restricting them only via 3rd party apps etc. We will discuss about these configurations in the next upcoming blog.

Thanks & Regards

Sathish Veerapandian

Create Microsoft Azure Bot and Integrate with Microsoft Teams

As we are heading towards the modern workplace model, we are thriving a lot on reducing the first level of tasks. One of the preferred feasible solution is to create a self-query knowledge base through which the end users can attempt to address their issues on their own before contacting the IT Team. Eventually API integrations with bots can reduce the first level of recurring tasks. Through Microsoft Bot Framework quite a lot of organizations are filling these requirements and increasing the operational excellence values.

In this article we will focus on how to create a bot in Azure and integrate them with Microsoft Teams.

In summary Bot usually comprises of three concepts dialog, channels and state. In my point of view dialog play a fundamental role in the Bot Framework. The dialogues will be organized in a natural sequence based on the input from the user it can respond, skip to next answer or even go in a sequential loop. In the back-end the programs will be configured to respond to the dialogues in a consecutive manner. Currently the underlying solution can be via C# , Node.Js or Rest API

Channels are the medium through which a user can communicate with the bots. There are more than 15 channels at this moment that can be integrated with Azure Bots. There is also an option to run our bot via our own client application using the direct line as our channel.

The Bot state service basically stores and retrieves state data that can be associated with User, conversation or a specific user. The former 2 are fully dependent on this data and state remains a database for them.

Bot Builder remains as a SDK framework which can be on C#, Node.Js or in RestAPI. Bot Service is used to build the bots, develop, test them and finally deploy on Azure.

In order to create a Bot login to Azure Portal and look for Bot service – and create Web app Bot.We require a web app bot because Bot is basically a web service that is exposed to a RestAPI.

Choose Web App Bot and create them

Now we can create a web app bot – provide them a name

Choose the language . In this example node.js is been chosen.

Provide all the basic required information. Here it is strongly recommended to turn on the application insights and this will provide the statistical consumption of the Bot service utilization. This utilization report is definitely required at a later stage to measure the utility of this service. We can select the option auto-create app ID an password. After this we are done with creating the Azure Bot.

We see here something called LUIS App Location. Microsoft uses LUIS(Language Understanding Intelligent Service).It is an AI service used to build natural language into apps, bots and IOT devices. This makes all the end user queries to learn easily and subsequently improve without manual intervention.

Once the validation is successful we can go ahead and create the bot.

The bot have been created and we need to plan, build, test and publish them. There are lot of many ways to create and publish them.

Here i have followed this Microsoft article and is straight forward to create and make your bot up and running with JavaScript.

Once the above is completed we need to deploy the bot in azure. We can follow the steps in this Microsoft Article. Also there are lots of articles available in the internet to make up running first bot in the internet. Here is one example.

Below is an example of hello world bot. This bot will respond hello world for all user input. The below node.js and package.json can also be used for creating the first bot. We need to have all the prerequisites for this on the local PC Visual Studio, Node Js Modules and bot builder modules installed. The Microsoft article linked previously have all the prerequisites and readiness.

Create nodejs and this is the nodejs for helloworld bot.

Install them from nodejs command prompt

Create index.js and below is the indexjs for helloworld bot.

Once after everything is done we can start

Later we can use the same steps mentioned in the Microsoft article to publish them on Azure Bots.

Having followed the above article with the prerequisites , we can test our bot in web chat.

Having tested this once we navigate to channels tab now we have option to integrate our bot with more than 15 channels. Only the web chat will be enabled by default.

Here we will focus on integrating our bot with Teams.

After we click on Microsoft Teams, we will be getting the below option. In our case it will be only messaging channel since the bot which is used here for testing is 1:1 messaging bot.

We need to agree for the terms of service

We could see the Teams added into our channel.

It is time to test our bot in Teams. In-order to test them in teams we need to take the app id from the settings page of the bot.

Once we search with the app ID in teams we would be able to see this bot as a contact in Microsoft Teams and we can also interact with them.

Finally the Bot is up running and integrated with teams the next step is we need to create an app package for this bot and publish in teams. We will look in the next article on how to create a custom app package and publish them on Microsoft Teams.

Thanks

Sathish Veerapandian

Teams Upgrade- Important points to consider before teams only toggle mode

Microsoft is investing and focusing on Teams for the Collaboration platform, Skype for Business have become volatile. We can see every day new features and enhancements are coming on the way for Microsoft Teams. Moreover, Microsoft have provided all the requirements and materials available for transition from Skype for Business to Microsoft Teams. This makes much simpler for any customers to completely move to teams only mode.

On a comparison of the road map improvements in Microsoft Teams the features have been enhanced and loads of new functionalities are being added very often. Currently the default configuration of all the tenants will be on Island mode which will make the users to communicate on both Microsoft Teams and Skype for Business. This might create more confusion for the end users to choose which platform to communicate for their daily activities since they are provided with couple of options.

This article focusses readiness on environment before we completely migrate to teams only mode.

Skype for Business Interop Mode Removed:

Earlier 6 months ago we had the Skype for Business Interop mode which helped the team’s users to communicate with Skype for business users. This will show teams chats in skype for business for users who don’t have teams. But this option has been removed and we have teams only mode added in the coexistence mode.

As of now there are 3 options available for all office 365 tenants:

When we run the command Get-CsTeamsUpgradePolicy we will get additional options.

While coming to talk about transition mode only below 3 options are feasible for most of the organizations.

Islands Mode:

As the name indicates this is a big sign of warning. Island mode is an indication of a temporary place where we can stay only for some time and not denoted to settle down for a long period. With this mode the User experience are completely different. There is no interconnection between Skype for Business and Microsoft Teams and they both work as an independent system.

Only below workflow in Island Mode:

Teams Communication – Teams Communication

Skype Communication – Skype Communication

Teams Only Mode:

In this mode we are enforcing all the users to use only Microsoft Teams. Meaning no users will be able to login to Skype for business even if they have the client system installed on their PC from their office 365 pro plus package. However, users present in Skype for Business only mode will be still able to reach teams only mode users and teams only mode users can reply to Skype users. However, we need to note that a new conversation chat cannot be initiated from a Teams only mode user to an Island or Skype for Business only user’s mode.

Only below workflow in Teams only Mode:

SFB Users Sends to Teams User – Message will be received in teams.

Teams Users responds to SFB User – Message will be received in teams only for the SFB user.

Teams User Tries to establish a new Chat with SFB user – Will not be successful

Also, we need to note that only limited functionalities will be working between team’s user and SFB user communication in this mode. For instance, a remote desktop cannot be shared by an SFB user who is on Teams and in Teams only mode.

Skype only Mode:

Only Skype Client no matter from where the IM is initiated.

Note: In any modes as of now the Meetings will be accessible in the cross platforms.

Be ready for this change target pilot users first:

Before we make this transition it’s very important to understand the current usage model of collaboration platform by end users. For instance, a Marketing head might be more comfortable with Skype for Business and never had a chance to explore Microsoft Teams. There might be a heavy dependency on Enterprise Voice Integration with Skype for Business which needs to be considered before making this change. It’s always better to choose few pilot users  

If we are planning for Teams Transition its better to slowly move users to teams only mode based on current user dependency on Skype for Business. Its better to identify few pilot users in each department and slowly transition them to Microsoft Teams only Mode.

After identifying the capable team leaders in every department better to switch them to teams only mode.

Below action needs to be verified:

1.Verify if you have Skype online connector module installed.

Get-Module -ListAvailable | Where-Object {$_.Name -eq "SkypeOnlineConnector"}

If you do not have them then Download and install the Skype online connector.

2. Connect to Skype online connector

Import Skype Online Connector

Import-Module SkypeOnlineConnector
$session = New-CsOnlineSession
Import-PSSession $session

3. Collect the current list of users in Island mode.

By Default, We will have all the user in Island mode. However, it is better to collect the list and prepare the users for teams only mode in phases.

Get-CsonlineUser | Select-Object Displayname,  UserPrincipalname,Department,Company,Office,TeamsUpgradeEffectiveMode,TeamsUpgradeNotificationsEnabled,TeamsUpgradePolicyIsReadOnly,TeamsUpgradePolicy | Export-Csv C:\Temp\IslandMode

4. Collect the pilot users and enable them on Teams only mode . Have a CSV file with  only userprincipalname.

$Teams= Import-csv C:\temp\Teamsonlypilot.csv |%{$_.userprincipalname}
 $Teams | % {Get-CsonlineUser -Identity $("$_")} | fl Displayname,TeamsUpgradeEffectiveMode,TeamsUpgradeNotificationsEnabled,TeamsUpgradePolicyIsReadOnly,TeamsUpgradePolicy
$Teams | % {Grant-CsTeamsUpgradePolicy -PolicyName UpgradeToTeams -Identity $("$_")}

Once after updating the users we will get the below confirmation stating that they will be only on Teams and can no longer be able to use Skype for Business.

We can also switch to one user by following option from the GUI

Or by the one line command

Grant-CsTeamsUpgradePolicy -PolicyName UpgradeToTeams -Identity username@domain.com

5. Notify Users about Teams Upgrade is available to them

We can enable this option to end users couple of days before upgrading

6. Restrict Teams Event live Policies

By default Teams has a Global policy for live events, which affects to all users in the organization and this needs to be restricted.

Create a new policy that doesn’t allow to create Live Events and assign the policy to all users.

New-CSTeamsMeetingBroadcastPolicy -Identity DisabledBroadcastSchedulingPolicy


Set-CsTeamsMeetingBroadcastPolicy -Identity DisabledBroadcastSchedulingPolicy -AllowBroadcastScheduling $false
Grant-CsTeamsMeetingBroadcastPolicy -Identity {user} -PolicyName DisabledBroadcastSchedulingPolicy -Verbose


7. Push and install the Teams desktop Client for the targeted users.

By default the teams is not included in the Pro plus package as of now. Microsoft have recently announced that Teams will be added in ProPlus package in future roadmap as per this Article.

Until we get this as a bundle we have

Download the Teams app in the Background.

This option will only download the teams app in the background for users in Teams only mode.

However it does not install the app and we need to perform some action of installing them to all users PC via group policy or SCCM. There is one amazing article written by Paul Cunningham for pushing them via GPO.

Imp Notes:

  1. Before making these changes educate the L1 support team to address end user queries.
  2. We can make use of the Microsoft Teams Customer adoption success kit
  3. If there is any PSTN integration with Skype for Business Online, then these factors needs to be planned before phasing out Skype for Business Online until they are transferred completely to Microsoft Teams.

Thanks & Regards

Sathish Veerapandian

Manage Microsoft Teams from Powershell and admin center

This article outlines the steps to manage Microsoft Teams from powershell and admin center.

We need to download the Microsoft Teams Module from the powershell Gallery

Install-Module -Name MicrosoftTeams -RequiredVersion 0.9.0

PWT

PWT1

Verify if the module is installed

Get-Module MicrosoftTeams -ListAvailable

FM1

Connect to Microsoft Teams

Connect-MicrosoftTeams -Credential $cred

PWT2

To view the teams

Get-Team

PWT3

To view Team Guest Settings and Team Fun settings

Get-TeamGuestSettings

Get-TeamFunSettings

PWT5

PWT6

List of team commands available as of now

Get-Command -Module *teams*

PWT8

To create new Team

New-Team -DisplayName TeamName -Description GiveDescription -AccessType private -AddcreatorasMember:$false

PWT9

PWT10

Unfortunately Add-TeamUser is not available for bulk operation as of now. Microsoft will release them in near future very soon from teams module.

PWT12

Bulk adding/removing  the associated group unified group for that team is not populating the users to the Team immediately. The Microsoft Teams PowerShell module is based on Microsoft Graph.This is because of the Microsoft Graph SLA is 24 hours to replicate and synchronize any changes done from azure AD.

Below command can be used to bulk add the users to associated teams group.

Import-Csv D:\Teams\Test.csv | % {Add-AzureAdGroupMember -ObjectID mentionobjectid -Refobjectid $_.objectid}

PWN

Below command can be used to bulk remove the users to associated teams group.

Import-Csv D:\Teams\Test.csv | % {Remove-AzureAdGroupMember -ObjectID mentionobjectid -Refobjectid $_.objectid}

PWN1

The same action can be performed via unified group as well.

Import-Csv E:\Teams\T1.csv | % {Add-UnifiedGroupLinks -Identity T1 -LinkType Members -Links $_.userprincipalname}

FM31

Now the new admin center for Microsoft Teams and SFB have options to manage MS teams

Untitled.png

Adding and updating locations data

Untitled1

Following options are available from end users options in MS Teams

Untitled4

Following meeting policies to control the features are available

Untitled6

Following org wide settings are available

Untitled7

Untitled8

We have the meeting customization settings

Untitled9

Option to customize the real time media traffic to online is also available

Untitled10

Controlling  the live event policies is present

Untitled11

Global user level policies can be enforced

Untitled12

Controlling external access

Untitled13

We have option to control the guest access settings

Untitled14

We have very nice option to have email integration, File sharing option and show organization tab to end users.

Untitled15

Skype for business Interop, search and Bots feature can be customized.

Untitled16

We have the teams upgrade options which have island mode set by default.

Untitled17.png

After this we have the Call quality dashboard and first line worker configuration as a last option. The First line worker configuration will be removed and will not be available after october 2019 according to Microsoft . All these features available in  first line worker configuration are available in MS Teams and customer needs to shift to MS teams.

Above are the list of administrative options available for Microsoft Teams as of now and they will be definitely changing and adding more new features since Microsoft is more focused on enhancing and bringing new features in Microsoft teams.

Thanks & Regards
Sathish Veerapandian

Microsoft Teams- Consult before transferring a call & HoloLens Remote assist

Calling in Teams is powered by Phone System (formerly known as Cloud PBX), the same service in Office 365 that enables PSTN calling capabilities in Skype for Business Online.

The Phone System feature set for Skype for Business is different from the Phone System feature set for Teams.Also With Direct Connect we can use our existing  PSTN Telephony system through an SBC . To connect the on premise SBC to Microsoft Teams a sip proxy is used to connect to  sip.pstnhub.microsoft.com.

Microsoft Teams have a new feature consult before transfer.

By using this option we can help the  wrong callers calling our extension to reach the right person.

This feature lets you quickly check in with another person via chat or audio call before transferring a call to them

Anyone with an Enterprise Voice license can do this, not just delegates! To try it, when you’re in a call, click More options (…) > Consult then transfer.

CBT

Call someone on a HoloLens –

Microsoft introduced the remote assist option for HoloLens users via Microsoft Teams.

Untitled

By using this option we can collaborate remotely to our Microsoft Teams Colleagues list. In remote assistance they can  perform reality annotations, we can show them  what we see , place arrows, draw lines and share images with our colleagues.

Prerequisites:

  1. This works from the Teams desktop app from Windows 10 PC.
  2. Need to have the remote assist app installed on the holo lens.

 

%d bloggers like this: