Microsoft Teams have been the highly adopted collaborative platform in few months time.It has been helping a ton worldwide and the new features that is been released every now and then makes us stay connected and expands the efficiency in every organization who have been using them.
By default Microsoft Certified Room systems are forward compatible with the new Skype for Business or Teams services while maintaining the same client user experience.Usually when any organization has only Skype then these meeting rooms will have the options only Skype enabled on them.
In this article we will be looking at how to enable the existing Skype room systems to have the capacity to host Teams Meetings in them.
Example screen of a Skype room system panel where we have the below options on the supported meeting mode while configuring them at the initial stage .
These devices are basically on KIOSK mode running on recommended versions of Windows 10 currently supported one being 1909 at the time of writing this blog.
With Microsoft PowerBI we can gather more details from the call quality dashboards. As of now Microsoft have released 7 power BI desktop templates to accumulate more details on the Microsoft teams call quality dashboard.
PowerBI being a very potential platform for data gathering and analysis these new templates for Microsoft Teams have been more outstanding in terms of analyzing the Microsoft Teams data.
We will go through the overview of the reports and the configuration on this post.
These are customizable templates which can be used to analyze data. These above are PBIT file formats which can be used from PowerBI desktop which has the data source configured. If we need to open them directly from the powerbi portal they need to be renamed as pbix. If we are importing them from the powerbi desktop the following file MicrosoftCallQuality.pqx needs to be imported to the location [Documents]\Power BI Desktop\Custom Connectors folder.
In the previous post we had a look at how to group multiple azure log analytics queries ,group them and display them in one screen. There are few real challenges in displaying the queries directly from the workbook. Firstly they are not having the capability to auto refresh the live data until we reload the workbook. There is no option to fit the dashboard and customize them as per our requirement. Finally there is no option to set the refresh rate, setting up the local time zone and sharing them to the required persons to view them with read access.
Creating the dashboards is much easier and there are multiple ways to do them. In this post we will have a look at creating one from the workbook.
Inorder to create a workbook navigate to Azure Log Analytics Workspace – Click on WorkBooks – Select the workbook that needs to be created in dashboard.
Currently there is no option as per this uservoice to delegate the MFA reset action to help desk team via an admin role. As of now only the global admin have the required privileges to perform this action from the azure portal. In this article we had a look into how to reset this option by creating an automation account and integrating with Microsoft Flow. Though this is a good option there is another way where this action can be delegated via ManageEngine AD manager plus.
Most of the organizations have AD Manager plus and its features integrated on their on premise tenant. This can be used to execute office 365 and Azure AD operations in a hybrid environment. In this article we will have a look at the steps to integrate AD manager plus with Azure AD to delegate this action to the help desk team.
Below are the prerequisites :
AD manager plus server must be present in the hybrid domain. Not necessarily a hybrid domain it works well for cloud only accounts as well.
The connectivity to the Azure IPs and URLs are required to connect azure module connect-msolservice
Azure AD modules must be downloaded on the AD manager plus server.
AD delegation must be already assigned to the help desk team with AD management role.
Global admin account is required to specify them as encrypted credentials with key on the AD manager plus server. This global admin account will only be used by the manage engine AD manager server in the backend and not exposed to the helpdesk team.
In the previous post we looked on how to configure Azure Monitor Alerts for Critical events that occurs on Microsoft Windows Devices which can be used for monitoring the Teams Room Systems. With Azure Log Analytics we could leverage few more components that will help us to visualize the status of the systems which are monitored through selected event logs and the performance counters.
Creating the Workbooks and making them visualize purely depends on the data that is been ingested on the corresponding log analytics workspace. So at the first stage its very important that we are sending all the required logs and counters which is mandatory for visualizing the metrics.
Firstly before creating the workbooks we need to devise a strategy on how to build a skeleton for the dashboard. This is very important since there are multiple options available and need to understand what important data that needs to be projected on the dashboard.
In the previous post we had an overview of how to create Azure Log Analytics and configure them to collect data from windows systems. Once the information is ingested in the workspace we currently have a choice to make alarms and notify the responsible team dependent on various signal logics which will be useful on monitoring these devices.
These alerts are scoped to each log analytics workspace. It will be a smart thought to isolate the services ,group them on singular workspace and create separate alerts for critical events happening on these monitored devices.
In order to create the alerts Navigate to alerts on the same workspace – Click on New Alert Rule
Navigate to signal logic and choose the signal logic. There are multiple we need to see if any more interesting which suits our requirement can be added over here.
Now we have the required critical signals based on which the alert needs to be triggered. Usually the signal type will be from the collected events and the performance counters. In our scenario we could go with some default events from the list and also custom log search.
Microsoft Teams being the best collaborative solution there are lots of supported smart devices which are equipped with Microsoft teams App for providing the smart meeting room systems with modern cameras, microphones and display screens. The nicest aspect of Teams room application is that it can function well in all ranges of supported devices as stated here with a support of basic hardware and running on a windows 10 IOT operating system running in appliance mode.
While there are numerous approaches to monitor the Microsoft Teams room systems this article we will go through the steps to monitor them through Azure Log Analytics.Like other applications Microsoft Teams App running on room devices will write all the events on the event logs.Through the Microsoft Monitoring agent in Microsoft Teams it allows these events to be collected in Azure log Analytics.
Subscription with Azure to configure log analytics workspace.
Teams meeting room system with internet connectivity. There are other methods to collect the logs without internet through Log Analytics gateway in this approach we are going with direct agent method.
The Teams devices must be running on a supported Teams windows operating system as listed here on all meeting rooms on a KIOSK mode or probably on a full operating system mode based on the requirements.
Since we are going to leverage Azure Log Analytics as a monitoring solution for our room systems the first step here is to Create Azure Log Analytics and integrate them with Microsoft windows agent.
In a huge enterprise scale deployments there will be various teams who handles the services with multiple administrator accounts.These executives must be furnished with administrator accounts which are appropriate to their boundaries.Microsoft intune being a device,apps and office 365 administration management there are high prospects that this element may be used over various departments,applications,devices and from various areas. Microsoft Intune having lots of features and capabilities now most of the organizations are moving as managed tenant with Microsoft intune.
For instance there can be multiple app protection policies, device compliance policies, app configuration policies ,etc., are created for multiple services one for meeting room management, another for BYOD devices and for corporate windows devices. In these situations we need to create customized role based access control for each users.
Information barrier policies is an another security enhancement feature in Microsoft Teams. With this new component it helps the organization to enforce policies which prevents the communication between specific group of people. This is primarily helpful and beneficial for the organizations who are into manufacturing and production units where they would need to adhere certain industry standards and guidelines usually to avoid conflicts of interest.
Before we actually move into deploying the information barrier policies segmentation of the users needs to be done.Ideally the business requirement which falls into compliance category to prevent communications between groups of users in Microsoft Teams. For example a person from Marketing Team cannot make a call,send instant messages or share his desktop to Research department. It can be vice versa or its is only one direction. All the sets of users needs to be identified because this contributes to the number of the segments that we are going to create for this policy to prevent the communication between them.
With the Azure active directory powershell commandlets, we could control the lifecycle of office365 groups.Ideally when any office365 group is created for an action of creating a team in the backend it creates the azure ad group.With the Azure commandlets we have options to control the lifecycle of the office365 groups automatically.
Let’s say we ‘ve created Team for a partner project which completes in 1 year time period, we have got an option to expire this team in 1 year time during the team creation.This keeps the access reviews of the Microsoft Teams intact and ensures that only required persons have access to the company corporate data.
The default setting is unlimited days as it should be for most of the scenarios.
Firstly we need to connect to azuread module from the powershell. Since we do not have any group life cycle policy the value remains empty.
I'm a Certified Microsoft Infrastructure/Cloud Architect with hands-on 14 years of International proven experience in Planning, Design, Execution, Integration, Operations, IT Management specialized in Messaging Platforms Microsoft Teams with Telephony, Skype for Business Voice, Microsoft Exchange, Intune Deployment, Microsoft Azure Infrastructure, and Cloud Security Implementations.
Over time have developed complete IT Implementation skills on Microsoft Infrastructure/Cloud projects within Multinational, Government, Construction, Leisure & Entertainment, Production, Automobile & Financial Industries.
I can be contacted through email email@example.com or through mobile +31 62 050 6978