Monday, July 24, 2017

Enable Exchange Online for modern authentication for Focused Inbox Outlook 2016

Modern Authentication is required for Focused Inbox in Outlook 2016.

Outlook 2016 must be installed via Click-2-Run

The focused inbox in Outlook 2016 look like this:

and in OWA:

Microsoft Online Login
Set-ExecutionPolicy RemoteSigned
$credential = Get-Credential
Connect-MsolService -Credential $credential

Login to Exchange$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "" -Credential $credential -Authentication "Basic" -AllowRedirection
Import-PSSession $exchangeSession -DisableNameChecking

Enable Modern Authentication in Exchange Online
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
Get-OrganizationConfig | Format-Table -Auto Name,OAuth*

Friday, July 21, 2017

Cloud Connector Edition 2.0 - What's new?

Hi all,

i have listed the updates and improvements made with Cloud connector Edition Version 2.0
The both first improvements are the most interesting ones.

The CCE installation now supports more Cloud PBX User and a much higher call volume.
With a support of 500 concurrent SIP Call per CCE, it was in the past possible to run with 4x CCE 1.500 simultaneous calls, while 1 CCE was reserved for High Availability.
The ratio of 1:10 meaning, we had support for up to 15.000 Cloud PBX User pre CCE Site.

Now with the improvement for up to 16 Node:
  • we can have up to 7.500 simultaneous calls, this is Large Enterprise ready!
  • we support up too 75.000 Cloud PBX Users per CCE Site.
More details and configuration information you will finde here:

Lets have a look into all important feature added:
  • Media Bypass
  • Support of 16 Cloud Connector Editions per one PSTN Site
  • Ability to manipulate SIP headers for billing or interoperability purposes
  • Use of Office 365 Skype for Business account instead of a Global Administrator account
  • Autogenerated passwords for local administrators of Cloud Connector instances
  • Hybrid Voice flag in Mediation Service User Agent to better distinguish Cloud Connector calls in the Call Quality Dashboard
  • Improvements to self-monitoring and self-troubleshooting process
  • Disabling SSL 3.0 by default for all services used by Cloud Connector Edition
The Technet planning link to Cloud Connector Edition  is here:

More details about the History-Info and ForwardPAI headers can be found here


Tuesday, July 18, 2017

Get your Azure Tenant ID

The tenant ID is tied to ActiveDirectoy in Azure
  • Navigate to Dashboard
  • Navigate to ActiveDirectory
  • Navigate to Manage / Properties
  • Copy the "Directory ID"
  • Profit

Tuesday, July 4, 2017

Skype for Business from within Yammer

Excellent news:
You can start now using Skype for Business within Yammer:
New need to have an Office 365 Tenant, where Skype for Business is enable...

Login to Yammer:

Next you can start your conversation (IM)

I haven't seen A/V yet, but IM is a more necessary feature

(Pictures taken from office support)

Friday, June 9, 2017

Escalate CCE PSTN Call to Conference with Skype for Business Online

Working with PSTN Conferencing in your Office 365 Skype for Business Online Tenant.

ID PSTN -> SfBOnlUsr call

Start and instant (Impromptu) Meeting or schedule a Online Meeting as usual from Outlook or your Client App.  After the meeting is escalate into ConfCall, the MCU SfB OnLine Server will send reinvite to MediationServerHybrid.

This is illustrated in the drawings below.

First we have a look into the outbound call to a PSTN user:


Next, we have a look into the inbound call from a PSTN user:


Configure online hybrid Mediation Server Settings

The setup process is curial and needs to be follow as below:

When a P2P call is escalated to a PSTN conference, the Skype for Business Online conferencing server will send an invite to the Cloud Connector Mediation Server. To ensure that Office 365 can route this invite successfully, you need to configure a setting in your online tenant for each Cloud Connector Mediation Server as follows:
1. Create a user in the Office 365 admin portal. Use any user name you want, such as “MediationServer1.”
Use the default SIP domain of Cloud Connector (the first SIP domain in the .ini file) as the user domain.
Do not assign any Office 365 licenses (such as E5) to the account you create. Wait for Office 365 AD sync to complete.

2. Start a tenant remote PowerShell session using your tenant admin credentials, and then run the following cmdlet to set the Mediation Server and Edge Server FQDN to that user account, replacing <DisplayName> with the Display Name of the user for the account you created:

Copy Set-CsHybridMediationServer -Identity <DisplayName>
-Fqdn <MediationServerFQDN> -AccessProxyExternalFqdn <EdgeServerExternalFQDN>

3. For Identity, use the Display Name of the Office 365 user account you created for this Mediation Server.

MediationServerFQDN, use the internal FQDN defined for your Mediation Server.
EdgeServerExternalFQDN, use the external FQDN defined for Edge Server Access Proxy. If there are multiple Cloud Connector PSTN sites, choose the Edge Server Access Proxy FQDN assigned to the site where the Mediation Server is located.
4. If there are multiple Cloud Connector Mediation Servers (multiple-site, HA), please repeat the previous steps for each of them.

Further conference expansion with Dial-In and Dial-Out from/to PSTN:

If another User should be called into the conference the Microsoft Office 365 PSTN Conferencing Bridge breakout is used.

Dial-Out will be charged within your Office 365 Subscription.
If you have PSTN Calling activated, the outbound call with be deducted from your PSTN Calling minutes, or individually charged based on the Microsoft Destination minute pricings.

Other Users calling into the conference with PSTN, use the Dial-In Bridge in Office 365 Skype for Business.



Tuesday, June 6, 2017

Forcing Skype for Business Web App Meeting Join

You can force joining a Skype for Business Conference in browser:


To force connecting to a Skype for business meeting (conference) using the Skype for Business Web App instead of the Skype for Business Desktop Client, do the following:
  1. Open a web browser window
  2. Copy & paste the URL for joining the meeting that you received.  But do NOT press ENTER yet!
  3. Append the following string to the URL: “?SL=1” (without the double quotes)
For example, if the URL to join the Skype for Business meeting given is:
Change it to:


Saturday, May 20, 2017

Remote PowerShell login Office 365 all modules

Remote PowerShell login

Requisites login into Office 365 Skype for Business Online are:

·         Running OS must be 64bit

·         Microsoft .NET Framework 4.5.x

·         PowerShell Version 3.0 or higher
(if you need to install Version 3.0+, download and install Windows Management Framework 4.0:


Set-ExecutionPolicy RemoteSigned

$credential = Get-Credential
Connect-MsolService -Credential $credential


Import-Module SkypeOnlineConnector
$SfBoSession = New-CsOnlineSession -Credential $credential
Import-PSSession $SfBoSession


Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
Connect-SPOService -Url -credential $credential


$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "" -Credential $credential -Authentication "Basic" -AllowRedirection
Import-PSSession $exchangeSession -DisableNameChecking


$ccSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $credential -Authentication Basic -AllowRedirection
Import-PSSession $ccSession -Prefix cc


Remove-PSSession $sfboSession
Remove-PSSession $exchangeSession
Remove-PSSession $ccSession

Set a user's password to never expire

I strongly urge you, that your admin user have the password set to never expire!

Run the following cmdlet to set the user password to never expire

1.  Connect to Windows PowerShell by using your company admin credentials. Run the following cmdlet:

2.       In the Enter Credentials page, enter your Office 365 global admin credentials.

3.       After you enter your Office 365 credentials, do the following:

o    To set the password of one user to never expire, run the following cmdlet:
Set-MsolUser -UserPrincipalName <> -PasswordNeverExpires $true

Find out whether a user's password is set to never expire

1.       Connect to Windows PowerShell by using your company admin credentials. Run the following cmdlet:

2.       Do the following:

o    To see whether a single user’s password is set to never expire, run the following cmdlet by using the user principal name (UPN) (for example, or the user ID of the user you want to check:
Get-MSOLUser -UserPrincipalName <user ID> | Select PasswordNeverExpires


Monday, May 15, 2017

Skype for Business User Group Germany

Hi all,

we have established our Mailing Lists and they are open for subscription.
Never miss any of our User Group Events.

Hallo zusammen,
wir haben unsere Mailing Liste eingerichtet und sie aktiv zu Anmelden.
Verpasst nie mehr eine unserer User Group Events.

Cheers und Servus

Sunday, May 14, 2017

Media Bypass with Cloud Connector Editon

Media bypass with Cloud Connector Edition

Update with CCE Verion 2.0

Media bypass allow the Skype for Business client leveraging on G.711 ulaw and a direct connection to the associated Session Boarder Controller with CCE.

Where is the advantage not letting the client connect to the Mediation Server component in the CCE?
This is clearly not an advantage yet for leveraging the a distributed SBC deployment, where the client will be redirected via SIP Re-Invite to a possible close PSTN connection. Saying you have a central CCE with one SBC in Munich and one in Malaysia, but in Malaysia you didn't deploy a second CCE site.
Here the client can't not reconnect to the far SBC.

But the media bypass advantage lays clearly in increasing a CCE concurrent call volume. Meaning the CCE can connect the call to the called CORE SBC and the CORE SBC handles call routing to other locations. This allows you to operate beyond the concurrent call limit of 500. If the SBC can handle more than 500 call simultaneously, the client has a direct connection to this SBC and this SBC routes the call to other SBC, which might be distributed across different locations. This will clearly save money.

Media Bypass is only available, if your SfB client is internal. External clients run through the Edge and Mediation Server, hitting the SBC. Routing on the SBC will still apply.


The advantage is clearly on the higher load a CCE an take, while the CORE SBC handles the Client Connections and reroute to the Sub-SBCs.
Important is, you must consider the network delay within your calculation.

Configuring Media Bypass on a CCE Site:
Set-CsTenantHybridConfiguration -HybridConfigServiceInternalUrl http://newname.domain/hybridconfig/hybridconfigservice.svc
$mediabypass = New-CsNetworkMediaBypassConfiguration -AlwaysBypass $true -Enabled $true
Set-CsNetworkConfiguration -MediaBypassSettings $mediabypass

Newname.domain must point to the CCE Mediation Server!
Port 80 must be open from internal Network to the CCE Mediation Server IP Address!
The URL is only queried once during LOGIN of the SfB client!

The replication can take up to 1hrs!
First within your Office 365 tenant might take 15 min and another 15+min down to your CCE.

Client Requirements:
latest versions !

Check the replication within your Office 365 tenant 
Get-CsTenantHybridConfiguration -LocalStore

Check the replication on you Mediation Server VM (on the CCE)
Get-CsNetworkConfiguration -LocalStore

Technet reference:

Clients will receive the web address of Media bypass web service from an internal DNS server. The name of the web service will be the same across all instances and Cloud Connector PSTN sites. In complex multisite environment, we recommend using Windows 2016 DNS Policy for Geo-Location Based Traffic Management, so clients can be redirected to web service which is local for their network.
More about Windows 2016 DNS Policy for Geo-Location Based Traffic Management can be found on the following link

I will update this blog post and will write a new Configuration Guide (E-Book) with multi-site CCE Deployment and internal GEO-DNS. Geo DNS internally is required, since the Office 365 Tenant can only host a single HybridConfigServiceInternalURL entry.

Optionally, you can host local site DNS Zone as per this hostname. Or you can use the host file on the client and configure it differently per network site.

If the client DNS resolution fails, it will make CALLS, but it fallback not using Media Bypass, as the client therefore assumes it is external!

Troubleshooting Media Bypass:

The URL is not visible in the SfB Configuration Information. Us can only see this in the UCC-APILog file.


Sunday, May 7, 2017

Office 365 Groups and Teams

I worte a new free E-Book about Office 365 Groups and Teams.
You will learn how to calculate the Business Impact/ ROI, as well how to consult, configure and use those productivity features.

Office 365 Groups:

The Groups enable us to extend our Outlook collaboration to the next level and join in with our team members

Microsoft Teams require Office 365 Groups, this will bring the next level to our team communication, where we are even further able integrating our Office 365 Groups Tools

Happy reading!


Sunday, April 23, 2017

DNS Records for Skype for Business Hybrid Installation

DNS Configuration for Skype for Business Hybrid Deployments

DNS settings are important and you need to understand how your organizations Skype for Business communication flow works.

First important understanding:
If you run a hybrid installation, your Office 365 Tenant with Skype for Business Online is seen from your On-Premise installation as a federated organization.

Therefore the following DNS records must also be resolvable from your internal DNS infrastructure (Edge Server).
Depending on how DNS is configured in your organization, you may need to add these records to the internal hosted DNS zone for the corresponding SIP domain(s) to provide internal DNS resolution to these records. (see illustration below table)

Public IP of Access Edge
External on-premises Access Edge Interface (sip.
External on-premises Access Edge Interface (sip.
Public IP of Access Edge
Public IP of Access Edge

Illustration for DNS Best Practice:

(Click the illustration to enlarged)

The internal Clients, will not query the _sip._tls or _sipfederationtls._tcp records, but your Edge will do. Therefore the illustration above should provide you with an idea on how setting up DNS.

Remember, only the Edge is requiring the both DNS SRV record, not any internal system.
In case you decide not having a HOSTS file, this both drawing will also work, since this with or without SPLIT DNS, the internal DNS servers will provide the correct DNS records to the Edge Server.

Errors in SNOOPER:

An indication for DNS misconfiguration is for example a one-way Presence, where the external partner can see your presence, even is able calling your. But from your side no outbound presence or call are possible.

Possible seen error with a wrong setup:
SIP communication:
ms-diagnostics: 1008;reason="Unable to resolve DNS SRV record";";dns-srv-result="NegativeResult";dns-source="InternalCache";source=""

Conferencing Setup:
<diagHeader>1008;reason="Unable to resolve DNS SRV record";domain="";dns-srv-result="NegativeResult";dns-source="InternalCache";source=""</diagHeader>

Important Best Practice:
Your Edge Servers should be configured with HOSTS file and external DNS resolution. If you fail doing so, you might consider configuring Split DNS with the external DNS Records (see table) on your internal DNS SIP Domain.

Understanding Hybrid Deployments on Technet:

Troubleshooting Hybrid Deployment on Technet:


Friday, April 21, 2017

Query Office 365 Tenant ID

The Office 365 Tenant ID is pretty good hidden. Therefore here are two was finding out what's your Tenant ID ist.

Open PowerShell and login into Office 365

Set-ExecutionPolicy RemoteSigned

$credential = Get-Credential
Connect-MsolService -Credential $credential
$Tenantdomain = ''
$TenantID = (Invoke-WebRequest|ConvertFrom-Json).token_endpoint.Split(‘/’)[3]

Finding the Tenant ID in SharePoint


Tuesday, March 21, 2017

Skype for Business Cloud Connector Version 1.4.2 Release

Very important information's about the actual release of CCE Version 1.4.2

Important Support Changes:
Starting with CCE 1.4.2 we will be a little more prescriptive on updates and SLAs:
When we release version N (1.4.2 in this case) there is a 60 day window within which version N-1 (the prior released version, 1.4.1) will also be supported against the SLA commitment. After 60 days only version N is supported against the SLA commitment.


a lot of new certificate based commands are included and all issues are now fixed!

Target: Define the certificate target, either EdgeServer or MediationServer.
  • Set-CcExternalCertificateFilePath -Path <Path to Edge PFX Cerfiticate> -Target EdgeServer
    Set the path to the certificate that has private key which the script will import and assign to the external interface of the Edge server during deployment.
  • Set-CcExternalCertificateFilePath -Path <Path to PSTN Gateway Certificate> -Target MediationServer.
    Set the path to the certificate that has the certificate chain of the issuing CA for the PSTN Gateway which the script will import to the Mediation server certificate store during deployment.
Import: Import the certificate for the Edge server or Mediation server.
  • Set-CcExternalCertificateFilePath -Path <Path to Edge PFX Cerfiticate> -Target EdgeServer -Import.
    Used to both import new certificate to the Edge server and assign it to the external interface. This action will put appliance in maintenance mode.
  • Set-CcExternalCertificateFilePath -Path < Path to PSTN Gateway Certificate > -Target MediationServer -Import.
    Used to import new certificate chain of the issuing CA for PSTN Gateway certificate to the Mediatioin Server.
Defined certificate paths saved in “C:\ProgramData\CloudConnector\module.ini”:
  • ExternalCertificateFilePath.
  • GatewayCertificateFilePath.

New certificate management cmdlets

  • Backup-CcCertificationAuthorityBacks up the certification authority service to a file and saves it to the CA folder under the site share directory.
  • Export-CcRootCertificateExports the root CA certificate to a local file on the Cloud Connector host server.
  • Renew-CcCACertificateReinstalls the Certification Authority Service AD Server to create a new root CA certificate..
  • Renew-CcServerCertificateRenews the certificates for Cloud Connector when they are near expiration or already expired.
  • Remove-CsCertificationAuthorityFileRemoves the certification authority service backup file “<SiteRootDirectory>\CA\SfB CCE Root.p12” in the CA folder under the site share directory for Cloud Connector.
  • Remove-CcLegacyServerCertificate:Removes legacy server certificates on the Central Management Store, Mediation Server, and Edge Server after you execute the Renew-CcCACertificate or Renew CcServerCertificate cmdlets.
  • Reset-CcCACertificate: Resets the certificate authority servers to install a new certificate authority certificate.
Cloud Connector cmdlet reference:

Saturday, March 11, 2017

Rename a Skype for Business Server (Front end or others)

Rename a Skype for Business Server (Front end or others)

The procedure is explained in simple step's. I had this a couple of times, not only why a customer wanted to change the name. Its the same if you made a typo ;)

Today a came across with an double task to do. Upgrading a SBS from Lync 2013 to Skype for Business. This ahs put me into a dilemma of the chicken egg problem.
Should I do an in-place upgrade first or a rename or or or?

The answer to me was straight forward. Since the servers to be reinstalled, I decided removing the SBA entirely and do a re-deployment with SfB. Since it was an SBS, equal with an Front End server, please make sure there are no user hosted or anything else.

Renaming Process:

  1. Remove Skype for Business server from topology
  2. Publish topology.
  3. Run Skype for Business Server Deployment Wizard local setup on server to remove Lync components (or run the bootstrapper)
  4. Uninstall SQL Server. Front-ends have LyncLocal and RTCLocal instances. Remove both, rebooting between instance removal.  Edge only has RTCLocal instance. 
  5. Remove SQL Server 2012 Management Objects (x64)
  6. Remove SQL Server 2012 Native Client (x64)
  7. Remove Microsoft System CLR Types for SQL Server 2012 (x64)
  8. Remove Microsoft Skype for Business Server 2015, Front End Server
  9. Remove Microsoft Skype for Business Server 2015, Core Components
  10. Delete leftover data:
    Delete C:\Program Files\Microsoft SQL Server
    Delete C:\Program Files\Microsoft Skype for Business Server 2015
    Delete C:\CSData
  11. Rename server and restart
  12. Wait until AD replication completes with new server name.
  13. Open Topology Builder, add a new server to existing pool and publish. (If this is a SBA or Standard Edition Server, the pool and the server FQDN is identical.)
  14. Reinstall Skype for Business Server 2015components and all cumulative updates
  15. Generate new certificate with updated server name and assign to appropriate services using Skype for Business Server 2015 Deployment Wizard.
  16. Restart all servers in pool at same time (only relevant for front-end servers in an Enterprise pool).

Note and Warnings:
Careful if this is the Pool where CMS is located. There you need to migrate the CMS to another pool first and starte the rename procedure. than you can move back the CMS.
Same to users or other applications. simply move them to a different server and move back after the rename procedure has finished.

This procedure applies to Lync server too.

Tuesday, March 7, 2017

Polycom Group 30x, 500 and 700 support Office 365 Skype for Business Online

Polycom Group 30x, 500 and 700 support Office 365 Skype for Business Online.
You need to upgrade the Software Version to V.6.0.1 and you are good to go.

Skype for Business Cumulative Update List (10.03.2017)

It is now the 7th Update
(some may say it's CU 7, but it is only called the 7th update, the correct name is: CU4HF1

Windows 2016 Server is not supported for Skype for Business Server 2015 yet.

Cumulative Update
KB Article
February 2017: CU4 HF1
November 2016: CU4
June 2016: CU3
March 2016: CU2
November 2015: CU1
September 2015: RTM HF2
June 2015: RTM HF1