Admin App for Microsoft Teams

Microsoft has announced the release of a new Admin App for Microsoft Teams. This app simplifies top management options and showcases them in one place.

  • Optimize ‎Microsoft Teams‎ meetings, messages, webinars, and more for everyone in your organization
  • Add and remove users and reset their passwords
  • Add and remove teams and manage team members
  • Assign and remove licenses for users

Discover advanced settings, training, and support resources

To get started with the new Admin app experience, you will first need to head to the Microsoft Teams app store. Then, search for “Admin” and download the app in Microsoft Teams.

Once you have installed the app, you can manage some tenant settings and Teams configurations:

Admin app It is a great step to put teams as a central hub for everything, making easier for IT Pros to access settings and perform key management tasks across Microsoft 365 and Teams, but keep in mind that the Admin app is available for all users in the App Store, but you must have administrative rights to use it.

Do you know how to debug Teams Diagnostics?

Having information about how Teams app is running is important, so this quick post will overview how a snapshot collection of important diagnostic logs for troubleshooting can be done

Important tips!

  • Read logs with text editor​
  • Latest entry on top of the list​
  • Use keywords!

Once you have enabled the diagnostic logs, those will be created in the downloads folder:

Hope that helps to troubleshoot your Teams deployment!

Securing guest access in Teams

What we have to take inito account when we have guests in out tenant? In this post I want to throw some guides about it:

Limitations for guests

Guest are a “special” member type in Azure AD and M365. So, there are some limitations by design for guests you should know of:

  • Per licensed user you can add up to five guests (1:5 ratio)
  • Guest user permissions in Azure AD are limited by default
    • cannot browse other tenant information
    • but can view their own profile
    • but can retrieve input on other users if he/she searches for a UPN or object ID
  • Guest user permissions in Office 365 groups are limited
  • Guest user permissions in Teams are limited
    • no One Drive for Business
    • no people search outside of Teams
    • no calendar
    • no meeting scheduling
    • no pstn/telephony
    • no org chart
    • no teams creation/revision
    • no teams browsing
    • no file upload in P2P chats

What you can do to secure your Microsoft 365 guest identities?

The following are simply recommendations, so it will change depending the security you want to apply to your tenant:

  • enforce multi-factor authentication for guests
  • provide terms which guests musts agree on
  • regularly review permission needs are still valid
  • restrict access for guest to web-only / browser-only
  • set session timeout to enforce regular/daily authentication by guests
  • classify content by using sensitivity labels
  • auto classify defined sensitive information to highly confidential
  • auto remove guests access from files labeled high confidential

Unable to see Public Teams or join them

My customer had an issue where public teams are no longer showing in Teams application or Browser, whenever you go to “Join Team” or “Create Team”

Also, something weird is that the search box on the right hand of the screen was missing, so the screen that they were seeing, was similar to the following one:

searchteams

So in order to solve that, you need to do the following:

  • Access to https://admin.teams.microsoft.com with at least a Teams Administrator role in the company
  • Go to Org-Wide Settings –> Team Settings
  • At the bottom of the Teams settings, there is a Search by Name section. Ensure this is turned OFF

Once this has been turned off, it takes about 30 minutes for the tenant to update with the changes. Take into account that some changes done via UI will take up to 24 hours (in some cases I faced it)

If you go back to ‘Join or create a team’ you should see the search box and the public teams. Probably you will need to clean cache in the browser and in the Teams App ( https://albandrodsmemory.wordpress.com/2019/01/04/microsoft-teams-how-to-clean-cache )

Hope it helps!

Disabling Teams Creation Prompt in SharePoint Online

The other day a customer asked me why when they access to SPO TS, appears the owners an option saying that a Team has not been associated with a SharePoint Online site, like the image above:

CreateTeamInSPO.png

In same scenarios this could lead a problem, taking into account that this kind of things should be governed from the governance plan.

In this case, we can use some PowerShell to hide some propertybags in SPO to hide this option to all users, leading to us to create Teams from the admin site directly.

So we can execute the following:

$tenant = "https://spotenant-admin.sharepoint.com"
$web = "https://spotenant.sharepoint.com/sites/Modernsposite"

Connect-PnPOnline -Url $tenant -SPOManagementShell
$site = Get-PnPTenantSite -Detailed -Url $web
if ($site.DenyAddAndCustomizePages -ne 'Disabled') {
    $site.DenyAddAndCustomizePages = 'Disabled'
    $site.Update()
    $site.Context.ExecuteQuery()
}

Set-PnPPropertyBagValue -Key 'TeamifyHidden' -Value 'True'

Once this has been done, if you refresh the homepage after setting the value, the dialog box to create Teams should no longer appear.

Microsoft Teams How to define Holidays

Microsoft Teams now allows you to define your organization holidays (aka the period your organization is shutting down and won’t be available for business).

This can be linked with auto-attendant you may have configured for voice capabilities.

To start using it and configure your next organization time off, go to your Teams administration portal (https://admin.teams.microsoft.com) and reach out the Org-wide settings\Holidays configuration blade

You will reach the New Holiday option and you will need to set the start and end date between which your organization will be unavailable by using the Add new date and set the dates and times

If you want to link it with an auto-attendant, reach out the Voice\auto attendant after you have set your organization holiday and then select the auto attendant you want to set for the holidays period and click Edit

Finally, reach the auto attendant Holiday call settings and click the New Holiday

That’s all happy teaming!

Microsoft Teams Administrator Roles

As you know, Microsoft has created four new roles specifically for admins responsible for Microsoft Teams.

Let’s dig in which roles do we have available in O365:

Teams service admin

Can manage all aspects of Microsoft Teams except license assignment. This includes policies for calling, messaging, and meetings; use of call analytics tools to troubleshoot telephony issues, and management of users and their telephony settings.

They can also manage Office 365 Groups.

Teams communications admin

Can manage calling and meeting features of Microsoft Teams, including phone number assignments and meeting policies.

They can also use call analytics tools to troubleshoot issues.

Teams communications support engineer

Can troubleshoot communication issues in Teams using call analytics tools, and can view full call record information for all participants involved.

Teams communications support specialist

Can troubleshoot communication issues in Teams using call analytics tools, and can view call record information for the specific user being searched for.

But I want to use PowerShell to check the roles and assign them

Yes, you can use PowerShell to check it out those roles and assign them, let’s do it 🙂

GetMsolRole |? {$_.Name like “Teams”} |ft Name,Description Autosize

And if you want to assign the role…

AddMsolRoleMember RoleName “Teams Communications Administrator” RoleMemberEmailAddress “user@domain.com”

Till next time folks!

Microsoft Teams: How to clean cache

If you want to clear MS Teams cache,you could refer to the following ways

1.  Fully exit the Microsoft Teams desktop client. To do this, either right click Teams from the Icon Tray and select ‘Quit’, or run Task Manager and fully kill the process.

2.  Go to File Explorer, and type in %appdata%\Microsoft\teams.

3.  Once in the directory, you’ll see a few of the following folders:

  • From ‘Application Cache’, go to Cache and delete any of the files in the Cache location. “%appdata%\Microsoft\teams\application cache\cache”
  • From ‘Blob_storage’, delete any files that are located in here if any. “%appdata%\Microsoft\teams\blob_storage”
  • Within ‘Cache’, delete all files “%appdata%\Microsoft\teams\Cache”
  • Within ‘databases’, delete all files “%appdata%\Microsoft\teams\databases”
  • Within ‘GPUCache’, delete all files “%appdata%\Microsoft\teams\GPUcache”
  • Within ‘IndexedDB’, delete the .db or .ldb file “%appdata%\Microsoft\teams\IndexedDB”
  • Within ‘Local Storage’, delete all files “%appdata%\Microsoft\teams\Local Storage”
  • Lastly, from ‘tmp’, delete any file “%appdata%\Microsoft\teams\tmp” and”%AppData%\Microsoft\Teams\Backgrounds”

For macOS, this would be the magic folder: /Users/user_name/Library/Application Support/Microsoft/Teams. (thanks to Lucian Naie (@lnaie) for the contribution)

  • Batch Version (credits to @jared)
del /F/Q/S “%APPDATA%\Microsoft\Teams\blob_storage\*”
FOR /D %%p IN (“%APPDATA%\Microsoft\Teams\blob_storage\*”) DO rmdir “%%p” /s /q
del /F/Q/S “%APPDATA%\Microsoft\Teams\cache\*”
del /F/Q/S “%APPDATA%\Microsoft\Teams\databases\*”
del /F/Q/S “%APPDATA%\Microsoft\Teams\gpucache\*”
del /F/Q/S “%APPDATA%\Microsoft\Teams\IndexedDB\*”
FOR /D %%p IN (“%APPDATA%\Microsoft\Teams\IndexedDB\*”) DO rmdir “%%p” /s /q
del /F/Q/S “%APPDATA%\Microsoft\Teams\Local Storage\*”
FOR /D %%p IN (“%APPDATA%\Microsoft\Teams\Local Storage\*”) DO rmdir “%%p” /s /q
del /F/Q/S “%APPDATA%\Microsoft\Teams\tmp\*”
del /F/Q/S “%APPDATA%\Microsoft\Teams\backgrounds\*”
  • PowerShell Version (credits to @synikil and @Salim Hurjuk)
Remove-Item –path $env:APPDATA”\Microsoft\teams\application cache\cache\*”
Remove-Item –path $env:APPDATA”\Microsoft\teams\blob_storage\*”
Remove-Item –path $env:APPDATA”\Microsoft\teams\databases\*”
Remove-Item –path $env:APPDATA”\Microsoft\teams\GPUcache\*”
Remove-Item –path $env:APPDATA”\Microsoft\teams\IndexedDB\*” -recurse
Remove-Item –path $env:APPDATA”\Microsoft\teams\Local Storage\*” -recurse
Remove-Item –path $env:APPDATA”\Microsoft\teams\tmp\*”
Remove-Item –path $env:APPDATA”\Microsoft\teams\Cache\*”
Remove-Item –path $env:APPDATA”\Microsoft\teams\backgrounds\*”
  • For CCleaner User (kudos to @Robert Franco)
[Microsoft Teams *]
LangSecRef=3021
Default=True
DetectFile=%LocalAppData%\Microsoft\Teams
FileKey1=%AppData%\Microsoft\Teams\application cache\cache|*|RECURSE
FileKey2=%AppData%\Microsoft\Teams\blob_storage|*|RECURSE
FileKey3=%AppData%\Microsoft\Teams\Cache|*|RECURSE
FileKey4=%AppData%\Microsoft\Teams\databases|*|RECURSE
FileKey5=%AppData%\Microsoft\Teams\GPUcache|*|RECURSE
FileKey6=%AppData%\Microsoft\Teams\IndexedDB|*|RECURSE
FileKey7=%AppData%\Microsoft\Teams\Local Storage|*|RECURSE
FileKey8=%AppData%\Microsoft\Teams\tmp|*|RECURSE
FileKey9=%AppData%\Microsoft\Teams\Service Worker\CacheStorage|*|REMOVESELF
;remove previous version:
FileKey10=%LocalAppData%\Microsoft\Teams\previous\|*.*|REMOVESELF
FileKey15=%AppData%\Microsoft\Teams|old_logs_*.txt

Once finally done clearing, you can now restart Teams from your local desktop and all cache will be cleared from the desktop app.

Considerations Deploying Microsoft Teams Client

Currently a lot of customers are deciding to deploy Microsoft Teams in their environments, they know that Microsoft Teams is going to replace Skype for Business online, so they need to be ready.

The first thing that we have to be aware being a consultant is in which environment we are moving:

Client requirements, we have three options:

  • Web: Almost functional in all browsers, has some limitation in videocall mode
  • Application: Fully functional, it supports: audio, video and chat.
  • Mobile: Allow users to have conversations, calls/video on mobile data

Browser requirements

  • Web: Edge: 12+, Internet Explorer: 11+, Chrome: 51.0+, Firefox: 47.0+, Safari
  • Application: Windows 7+ (7, 8, 8.1, 10), Both 32 & 64 bit, Mac OSX 10.10+
  • Mobile: Android 4.4+, iOS (iPhone y iPad) 10+, Windows Phone 10.0.10586+

License required

Is it necessary to have enabled the license in the O365 portal, does not have the license enabled, won’t be possible to have access to Microsoft Teams.

Considetarions before deploying Microsoft Teams

The client is always installed in the user profile, %userprofile%\Appdata\Local\Microsoft\Teams. So this is not an ideal situation. It means we have to run the installer for every user that logs on.

Downloading the Microsoft Teams Client

Before we create a deployment script, we first need to download the client. There are two versions available:

  • Normal installer for Windows and Mac. You can download these at Microsoft. The setup.exe only comes with the basic switches for silent install.
  • There is also an MSI package available for Windows. This package is suitable to use with a deployment program like PDQ or SCCM and can also be used with a GPO. You can download the Microsoft Teams 32bit Client MSI file here and the 64bit Client here.

Using the Setup.exe Package

The Microsoft Teams Setup.exe installer only comes with a silent install or silent uninstall switch. You can install it by PowerShell:

Teams_windows_x64.exe -s

Uninstall Microsoft Teams

You will be aware that it is not possible to uninstall Teams in the “classic” mode, so the only way that we have is to uninstall it by CMD or by PowerShell

#cmd

%programdata%\%username%\Microsoft\Teams\Update.exe –uninstall -s

#PowerShell

Start-Process -filePath “$($env:programdata)\$($env:username)\Microsoft\Teams\Update.exe” -ArgumentList “–uninstall -s

Other considerations to take into account, will be bandwidth, audio, video, etc..

I think that this is all, till next time!

 

Recording a meeting in Teams

Since the launch of Microsoft Teams, it is evolving quickly, one of the new features that have been recently launched is Cloud Recording. Cloud Recording allows to record a meeting from Microsoft Teams which is fantastic, the only drawback that I have to add, it is that this feature is still in preview, so probably isn’t totally finished.

First of all, we need to check if all the necessary policies have been enabled in the tenant (by default are enabled), but to check this, we can execute the following PowerShell lines:

Import-Module LyncOnlineConnector
$userCredential = Get-Credential
$sfbSession = New-CsOnlineSession -Credential
$userCredential Import-PSSession $sfbSession

Get-CsTeamsMeetingPolicy -Identity Global

teamscs.png

If you need to change some of the parameters, you can execute the following:

Set-CsTeamsMeetingPolicy -Identity Global -AllowCloudRecording $true
Set-CsTeamsMeetingPolicy -Identity Global -AllowTranscription $true

Ok, now we have everything enabled at the side of Microsoft Teams, but currently this feature has something hide inside, the recording video works under Microsoft Stream. Yes, you’re reading well, wether in SFB the video were stored in the user who started the recording, in Teams, Stream provides the storage, playback and sharing capabilities, and if you have the right license, transcription and indexing.

So… what are the requirements? A valid Microsoft Teams license and a valid Microsoft Stream license. Because all the users that initiate recording in Teams, needs a license with the rights to upload videos to Stream, also take into account that this license also will be necessary for those users who wants to visualize the video…

For those who don’t know yet Microsoft Stream, I have to say that it comes in two plans (P1 and P2), P1 for view and upload videos and P2 for more things. More info here

AS it can be seen in the previous link, P1 license is included in E1, E3 and E5 licenses, and the most surprising thing is that Stream is not available in Business Plans (at the time writting this I tried in one of my tenants and unfotunately was not possible).

Once we have check the necessary requirements, we can start recording a meeting

teamsmeet.png

and once we have finished the meeting, we can stop the recording and automatically will be processed and upload to Microsoft Stream:

teamsrecord.png

We can play the video directly from Microsoft Teams, which will pop up Microsoft Stream to reproduce the record:

teamsplay.png

From the video itself we can share the video

teamshare.png

Or even, access to Stream, where the video has been autommatically uploaded:

teamstream.png

I have to add that if you’re an invited user, you can’t start the recording, even if you’re the moderator

In case you need more info about this new cool feature, I suggest to visit the following link: https://docs.microsoft.com/en-us/microsoftteams/cloud-recording

Till next time!