The Microsoft Teams update we’ve all been waiting for

Being able to work with external people of your organization, would be possible thanks to an update that Microsoft is being working recently.

As many of you probably know, when you are using a team in Microsoft Teams, commonly not only involve people from inside the organization, also projects includes people from other organizations, where they have to struggle to be able to catch day to day notifications and files inside those Teams.

Currently, the only method to be able to stay up to date to all the work in different organizations it was to use third party plugins or even to have multiple windows of Teams, being a nightmare to cope with that.

Thus, reduces the productivity of the employees, but also increment problems of security, not only in terms of sign-ins also in terms of information shared…

For those reasons, Microsoft has been working in two updates related with Mirosoft Teams Connect and the access capacities of AzureAD to facilitate the collaboration between orgs.

The first feature includes shared channels which allows that people and teams of different organizations could work in the same Mirosoft Teams without changing the app or event the org where the you are set, which under my point of view is simply fantastic

This feature will be release at the beginning of the next year, but if you’re working under Microsoft org with other Micorosoft Teams, you will be able to see in which direction are taking these new updates.

In my case, the screenshot is from the Microsoft corp teamd organization, but no only shows the Microsoft teams from the Microsot tenant, it also shows one of the teams from the company where I work (showing labelled as external), because I’m connected with my work account.

Also the users would be able to program a meeting in a shared channel, use other applications of Microsoft, and of course, shared the channel with up to 50 teams and external orgs.

From the IT perspective, as always it can be controlled and shut down, in order to configure the “trust relationship” between tenants, and differentiate the collaboration between orgs.

This new features have been highy demanded in the last few months, and probably it will allow Microsoft Teams to be a key tool to communicate internally and externally without problem.

Securing guest access in Teams

What we have to take inito account when we have guests in out tenant? In this post I want to throw some guides about it:

Limitations for guests

Guest are a “special” member type in Azure AD and M365. So, there are some limitations by design for guests you should know of:

  • Per licensed user you can add up to five guests (1:5 ratio)
  • Guest user permissions in Azure AD are limited by default
    • cannot browse other tenant information
    • but can view their own profile
    • but can retrieve input on other users if he/she searches for a UPN or object ID
  • Guest user permissions in Office 365 groups are limited
  • Guest user permissions in Teams are limited
    • no One Drive for Business
    • no people search outside of Teams
    • no calendar
    • no meeting scheduling
    • no pstn/telephony
    • no org chart
    • no teams creation/revision
    • no teams browsing
    • no file upload in P2P chats

What you can do to secure your Microsoft 365 guest identities?

The following are simply recommendations, so it will change depending the security you want to apply to your tenant:

  • enforce multi-factor authentication for guests
  • provide terms which guests musts agree on
  • regularly review permission needs are still valid
  • restrict access for guest to web-only / browser-only
  • set session timeout to enforce regular/daily authentication by guests
  • classify content by using sensitivity labels
  • auto classify defined sensitive information to highly confidential
  • auto remove guests access from files labeled high confidential

Unable to see Public Teams or join them

My customer had an issue where public teams are no longer showing in Teams application or Browser, whenever you go to “Join Team” or “Create Team”

Also, something weird is that the search box on the right hand of the screen was missing, so the screen that they were seeing, was similar to the following one:

searchteams

So in order to solve that, you need to do the following:

  • Access to https://admin.teams.microsoft.com with at least a Teams Administrator role in the company
  • Go to Org-Wide Settings –> Team Settings
  • At the bottom of the Teams settings, there is a Search by Name section. Ensure this is turned OFF

Once this has been turned off, it takes about 30 minutes for the tenant to update with the changes. Take into account that some changes done via UI will take up to 24 hours (in some cases I faced it)

If you go back to ‘Join or create a team’ you should see the search box and the public teams. Probably you will need to clean cache in the browser and in the Teams App ( https://albandrodsmemory.wordpress.com/2019/01/04/microsoft-teams-how-to-clean-cache )

Hope it helps!

Microsoft Teams How to define Holidays

Microsoft Teams now allows you to define your organization holidays (aka the period your organization is shutting down and won’t be available for business).

This can be linked with auto-attendant you may have configured for voice capabilities.

To start using it and configure your next organization time off, go to your Teams administration portal (https://admin.teams.microsoft.com) and reach out the Org-wide settings\Holidays configuration blade

You will reach the New Holiday option and you will need to set the start and end date between which your organization will be unavailable by using the Add new date and set the dates and times

If you want to link it with an auto-attendant, reach out the Voice\auto attendant after you have set your organization holiday and then select the auto attendant you want to set for the holidays period and click Edit

Finally, reach the auto attendant Holiday call settings and click the New Holiday

That’s all happy teaming!

Where to store my data in O365

Nowadays nobody likes file servers, probably because are often in a state of chaos, and accessing them from a mobile device is difficult.

But for our luck, we can use O365 to adress this problems in order to store and share files in other systems like OneDrive, Teams and SharePoint.

The key point here, is files are stored in the cloud, so can be accessed easly from any device and probably anywhere (depends on the security implemented at your organization). So… there is no need to use the corporate network or to log into a VPN.

So let’s take into smaller pieces:

  • Personal Data OneDrive: This is not a surprise, all your personal data MUST be stored on your OneDrive (I am not talking about your personal OneDrive), your corporate OneDrive!! OneDrive is mobile accessible, syncs with the user desktop, allows to sync certain files. It’s easy to find what you’re looking for. For me, it’r a masterpiece in the user Adoption
  • Collaborative Projects Microsoft Teams: Any data that is being shared and worked within a group of users, should be on Teams, in addition to sync, mobility and search capabilities, it integrates an IM solution and other features as notes, calendar, Planner, which provides a complete collaborative workspace.
  • Corporate Data SharePoint: Final versions of data and files that are shared company wide, should be stored in SHarePoint. You can include several layers of securioty, which provices a safe place where store confidential documents.

As you can see, there are several options inside O365, but as always you will need to implement a Governance plan inside your tenant to be sure that your data is secured.

Microsoft Teams Administrator Roles

As you know, Microsoft has created four new roles specifically for admins responsible for Microsoft Teams.

Let’s dig in which roles do we have available in O365:

Teams service admin

Can manage all aspects of Microsoft Teams except license assignment. This includes policies for calling, messaging, and meetings; use of call analytics tools to troubleshoot telephony issues, and management of users and their telephony settings.

They can also manage Office 365 Groups.

Teams communications admin

Can manage calling and meeting features of Microsoft Teams, including phone number assignments and meeting policies.

They can also use call analytics tools to troubleshoot issues.

Teams communications support engineer

Can troubleshoot communication issues in Teams using call analytics tools, and can view full call record information for all participants involved.

Teams communications support specialist

Can troubleshoot communication issues in Teams using call analytics tools, and can view call record information for the specific user being searched for.

But I want to use PowerShell to check the roles and assign them

Yes, you can use PowerShell to check it out those roles and assign them, let’s do it 🙂

GetMsolRole |? {$_.Name like “Teams”} |ft Name,Description Autosize

And if you want to assign the role…

AddMsolRoleMember RoleName “Teams Communications Administrator” RoleMemberEmailAddress “user@domain.com”

Till next time folks!

Microsoft Teams: How to clean cache

If you want to clear MS Teams cache,you could refer to the following ways

1.  Fully exit the Microsoft Teams desktop client. To do this, either right click Teams from the Icon Tray and select ‘Quit’, or run Task Manager and fully kill the process.

2.  Go to File Explorer, and type in %appdata%\Microsoft\teams.

3.  Once in the directory, you’ll see a few of the following folders:

  • From ‘Application Cache’, go to Cache and delete any of the files in the Cache location. “%appdata%\Microsoft\teams\application cache\cache”
  • From ‘Blob_storage’, delete any files that are located in here if any. “%appdata%\Microsoft\teams\blob_storage”
  • Within ‘Cache’, delete all files “%appdata%\Microsoft\teams\Cache”
  • Within ‘databases’, delete all files “%appdata%\Microsoft\teams\databases”
  • Within ‘GPUCache’, delete all files “%appdata%\Microsoft\teams\GPUcache”
  • Within ‘IndexedDB’, delete the .db or .ldb file “%appdata%\Microsoft\teams\IndexedDB”
  • Within ‘Local Storage’, delete all files “%appdata%\Microsoft\teams\Local Storage”
  • Lastly, from ‘tmp’, delete any file “%appdata%\Microsoft\teams\tmp” and”%AppData%\Microsoft\Teams\Backgrounds”

For macOS, this would be the magic folder: /Users/user_name/Library/Application Support/Microsoft/Teams. (thanks to Lucian Naie (@lnaie) for the contribution)

  • Batch Version (credits to @jared)
del /F/Q/S “%APPDATA%\Microsoft\Teams\blob_storage\*”
FOR /D %%p IN (“%APPDATA%\Microsoft\Teams\blob_storage\*”) DO rmdir “%%p” /s /q
del /F/Q/S “%APPDATA%\Microsoft\Teams\cache\*”
del /F/Q/S “%APPDATA%\Microsoft\Teams\databases\*”
del /F/Q/S “%APPDATA%\Microsoft\Teams\gpucache\*”
del /F/Q/S “%APPDATA%\Microsoft\Teams\IndexedDB\*”
FOR /D %%p IN (“%APPDATA%\Microsoft\Teams\IndexedDB\*”) DO rmdir “%%p” /s /q
del /F/Q/S “%APPDATA%\Microsoft\Teams\Local Storage\*”
FOR /D %%p IN (“%APPDATA%\Microsoft\Teams\Local Storage\*”) DO rmdir “%%p” /s /q
del /F/Q/S “%APPDATA%\Microsoft\Teams\tmp\*”
del /F/Q/S “%APPDATA%\Microsoft\Teams\backgrounds\*”
  • PowerShell Version (credits to @synikil and @Salim Hurjuk)
Remove-Item –path $env:APPDATA”\Microsoft\teams\application cache\cache\*”
Remove-Item –path $env:APPDATA”\Microsoft\teams\blob_storage\*”
Remove-Item –path $env:APPDATA”\Microsoft\teams\databases\*”
Remove-Item –path $env:APPDATA”\Microsoft\teams\GPUcache\*”
Remove-Item –path $env:APPDATA”\Microsoft\teams\IndexedDB\*” -recurse
Remove-Item –path $env:APPDATA”\Microsoft\teams\Local Storage\*” -recurse
Remove-Item –path $env:APPDATA”\Microsoft\teams\tmp\*”
Remove-Item –path $env:APPDATA”\Microsoft\teams\Cache\*”
Remove-Item –path $env:APPDATA”\Microsoft\teams\backgrounds\*”
  • For CCleaner User (kudos to @Robert Franco)
[Microsoft Teams *]
LangSecRef=3021
Default=True
DetectFile=%LocalAppData%\Microsoft\Teams
FileKey1=%AppData%\Microsoft\Teams\application cache\cache|*|RECURSE
FileKey2=%AppData%\Microsoft\Teams\blob_storage|*|RECURSE
FileKey3=%AppData%\Microsoft\Teams\Cache|*|RECURSE
FileKey4=%AppData%\Microsoft\Teams\databases|*|RECURSE
FileKey5=%AppData%\Microsoft\Teams\GPUcache|*|RECURSE
FileKey6=%AppData%\Microsoft\Teams\IndexedDB|*|RECURSE
FileKey7=%AppData%\Microsoft\Teams\Local Storage|*|RECURSE
FileKey8=%AppData%\Microsoft\Teams\tmp|*|RECURSE
FileKey9=%AppData%\Microsoft\Teams\Service Worker\CacheStorage|*|REMOVESELF
;remove previous version:
FileKey10=%LocalAppData%\Microsoft\Teams\previous\|*.*|REMOVESELF
FileKey15=%AppData%\Microsoft\Teams|old_logs_*.txt

Once finally done clearing, you can now restart Teams from your local desktop and all cache will be cleared from the desktop app.

Considerations Deploying Microsoft Teams Client

Currently a lot of customers are deciding to deploy Microsoft Teams in their environments, they know that Microsoft Teams is going to replace Skype for Business online, so they need to be ready.

The first thing that we have to be aware being a consultant is in which environment we are moving:

Client requirements, we have three options:

  • Web: Almost functional in all browsers, has some limitation in videocall mode
  • Application: Fully functional, it supports: audio, video and chat.
  • Mobile: Allow users to have conversations, calls/video on mobile data

Browser requirements

  • Web: Edge: 12+, Internet Explorer: 11+, Chrome: 51.0+, Firefox: 47.0+, Safari
  • Application: Windows 7+ (7, 8, 8.1, 10), Both 32 & 64 bit, Mac OSX 10.10+
  • Mobile: Android 4.4+, iOS (iPhone y iPad) 10+, Windows Phone 10.0.10586+

License required

Is it necessary to have enabled the license in the O365 portal, does not have the license enabled, won’t be possible to have access to Microsoft Teams.

Considetarions before deploying Microsoft Teams

The client is always installed in the user profile, %userprofile%\Appdata\Local\Microsoft\Teams. So this is not an ideal situation. It means we have to run the installer for every user that logs on.

Downloading the Microsoft Teams Client

Before we create a deployment script, we first need to download the client. There are two versions available:

  • Normal installer for Windows and Mac. You can download these at Microsoft. The setup.exe only comes with the basic switches for silent install.
  • There is also an MSI package available for Windows. This package is suitable to use with a deployment program like PDQ or SCCM and can also be used with a GPO. You can download the Microsoft Teams 32bit Client MSI file here and the 64bit Client here.

Using the Setup.exe Package

The Microsoft Teams Setup.exe installer only comes with a silent install or silent uninstall switch. You can install it by PowerShell:

Teams_windows_x64.exe -s

Uninstall Microsoft Teams

You will be aware that it is not possible to uninstall Teams in the “classic” mode, so the only way that we have is to uninstall it by CMD or by PowerShell

#cmd

%programdata%\%username%\Microsoft\Teams\Update.exe –uninstall -s

#PowerShell

Start-Process -filePath “$($env:programdata)\$($env:username)\Microsoft\Teams\Update.exe” -ArgumentList “–uninstall -s

Other considerations to take into account, will be bandwidth, audio, video, etc..

I think that this is all, till next time!

 

How to check if an external user has accepted the invitation

From time to time, I receive calls from my customers saying that they send invitations from SPO to external users, but they claim that they did not receive nothing. This post will try to clarify the process, and how is it possible to check the user invitation status.

As you know, every invitation made into O365 (Teams, O365 Groups, SPO…) relies in Azure Active Directory, so our source of information will be there. So what are the steps that we need to follow?

The important thing here, is the source field. If the source field shows invited user, it means the user has not accepted the invitation. If that is the case, than you can click on resend invitation and this will trigger another invite for the user to redeem

inv

Once the user has redeemed the external user invite, you can check the source field, because depending on the Identity Source, the field will be updated regsarding the IS.

In this case, the user has been invited to a Microsoft Account (@outlook, @hotmail)

inv1

In this other case, the user has been invited from an Organization Account (note that the source is External Azure Active Directory)

inv2

That’s all!

 

Recording a meeting in Teams

Since the launch of Microsoft Teams, it is evolving quickly, one of the new features that have been recently launched is Cloud Recording. Cloud Recording allows to record a meeting from Microsoft Teams which is fantastic, the only drawback that I have to add, it is that this feature is still in preview, so probably isn’t totally finished.

First of all, we need to check if all the necessary policies have been enabled in the tenant (by default are enabled), but to check this, we can execute the following PowerShell lines:

Import-Module LyncOnlineConnector
$userCredential = Get-Credential
$sfbSession = New-CsOnlineSession -Credential
$userCredential Import-PSSession $sfbSession

Get-CsTeamsMeetingPolicy -Identity Global

teamscs.png

If you need to change some of the parameters, you can execute the following:

Set-CsTeamsMeetingPolicy -Identity Global -AllowCloudRecording $true
Set-CsTeamsMeetingPolicy -Identity Global -AllowTranscription $true

Ok, now we have everything enabled at the side of Microsoft Teams, but currently this feature has something hide inside, the recording video works under Microsoft Stream. Yes, you’re reading well, wether in SFB the video were stored in the user who started the recording, in Teams, Stream provides the storage, playback and sharing capabilities, and if you have the right license, transcription and indexing.

So… what are the requirements? A valid Microsoft Teams license and a valid Microsoft Stream license. Because all the users that initiate recording in Teams, needs a license with the rights to upload videos to Stream, also take into account that this license also will be necessary for those users who wants to visualize the video…

For those who don’t know yet Microsoft Stream, I have to say that it comes in two plans (P1 and P2), P1 for view and upload videos and P2 for more things. More info here

AS it can be seen in the previous link, P1 license is included in E1, E3 and E5 licenses, and the most surprising thing is that Stream is not available in Business Plans (at the time writting this I tried in one of my tenants and unfotunately was not possible).

Once we have check the necessary requirements, we can start recording a meeting

teamsmeet.png

and once we have finished the meeting, we can stop the recording and automatically will be processed and upload to Microsoft Stream:

teamsrecord.png

We can play the video directly from Microsoft Teams, which will pop up Microsoft Stream to reproduce the record:

teamsplay.png

From the video itself we can share the video

teamshare.png

Or even, access to Stream, where the video has been autommatically uploaded:

teamstream.png

I have to add that if you’re an invited user, you can’t start the recording, even if you’re the moderator

In case you need more info about this new cool feature, I suggest to visit the following link: https://docs.microsoft.com/en-us/microsoftteams/cloud-recording

Till next time!