Wednesday, July 26, 2017

Outbound Call ID Overwrite with Call Queues (CallingLineIdentity)


Configuring User Outbound Call ID Overwrite



As usual, the way how you can modify more parameter is strictly by using PowerShell. I need stepping into one PowerShell scripting to present the outbound calling ID overwrite.

For example, if a Call Queue represents a Support Team, you want that each dedicated person in this team to not expose their DID. You need to configure a Distribution Group for those team members used in the Call Queue.
Next step is creating a “Calling Line Identity” policy, where you enable the User Overwrite. The Service Number you are defining should be this you have assigned to the Call Queue! The Calling ID Substitute should be the name of the team.
New-CsCallingLineIdentity -Identity "SupportTeam01" -CallingIdSubstitute "Support Team Office 365" -ServiceNumber 498912345678 -EnableUserOverride $True –Verbose
Note :
The key here is not to use “+” before the Service Number assigned to AA or call Queue to make it work:


do this      -ServiceNumber 498912345678
and not this -ServiceNumber +498912345678

After creating the new CallingLineIdentiy, you need to assign this policy on a per user basis:
Grant-CsCallingLineIdentity -Identity "thomas.poett@contoso.com” -PolicyName SupportTeam01

Further documentation on CsCallingLineIdentity can be found here:
https://support.office.com/en-us/article/Set-the-Caller-ID-for-a-user-c7323490-d9b7-421a-aa76-5bd485f80583)

Monday, July 24, 2017

Enable Exchange Online for modern authentication for Focused Inbox Outlook 2016

Modern Authentication is required for Focused Inbox in Outlook 2016.

Outlook 2016 must be installed via Click-2-Run

The focused inbox in Outlook 2016 look like this:

and in OWA:


Microsoft Online Login
Set-ExecutionPolicy RemoteSigned
$credential = Get-Credential
Connect-MsolService -Credential $credential

Login to Exchange$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -Credential $credential -Authentication "Basic" -AllowRedirection
Import-PSSession $exchangeSession -DisableNameChecking


Enable Modern Authentication in Exchange Online
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
Get-OrganizationConfig | Format-Table -Auto Name,OAuth*




Friday, July 21, 2017

Cloud Connector Edition 2.0 - What's new?


Hi all,

i have listed the updates and improvements made with Cloud connector Edition Version 2.0
The both first improvements are the most interesting ones.

The CCE installation now supports more Cloud PBX User and a much higher call volume.
With a support of 500 concurrent SIP Call per CCE, it was in the past possible to run with 4x CCE 1.500 simultaneous calls, while 1 CCE was reserved for High Availability.
The ratio of 1:10 meaning, we had support for up to 15.000 Cloud PBX User pre CCE Site.

Now with the improvement for up to 16 Node:
  • we can have up to 7.500 simultaneous calls, this is Large Enterprise ready!
  • we support up too 75.000 Cloud PBX Users per CCE Site.
More details and configuration information you will finde here:
http://www.uclabs.blog/2017/05/media-bypass-with-cloud-connector-editon.html


Lets have a look into all important feature added:
  • Media Bypass
  • Support of 16 Cloud Connector Editions per one PSTN Site
  • Ability to manipulate SIP headers for billing or interoperability purposes
  • Use of Office 365 Skype for Business account instead of a Global Administrator account
  • Autogenerated passwords for local administrators of Cloud Connector instances
  • Hybrid Voice flag in Mediation Service User Agent to better distinguish Cloud Connector calls in the Call Quality Dashboard
  • Improvements to self-monitoring and self-troubleshooting process
  • Disabling SSL 3.0 by default for all services used by Cloud Connector Edition
    https://technet.microsoft.com/library/security/3009008
The Technet planning link to Cloud Connector Edition  is here:


More details about the History-Info and ForwardPAI headers can be found here http://download.microsoft.com/download/2/4/5/245583A7-E9E1-403B-BD15-AB711C7DF744/Lync%202013%20Head...


Author:

Tuesday, July 18, 2017

Get your Azure Tenant ID

The tenant ID is tied to ActiveDirectoy in Azure
  • Navigate to Dashboard
  • Navigate to ActiveDirectory
  • Navigate to Manage / Properties
  • Copy the "Directory ID"
  • Profit


Tuesday, July 4, 2017

Skype for Business from within Yammer

Excellent news:
You can start now using Skype for Business within Yammer:
New need to have an Office 365 Tenant, where Skype for Business is enable...


https://support.office.com/en-us/article/Use-Skype-for-Business-from-within-Yammer-e221b8ae-9647-4b46-b79e-257c36b1a1f8?ui=en-US&rs=en-US&ad=US


Login to Yammer:

Next you can start your conversation (IM)

Note:
I haven't seen A/V yet, but IM is a more necessary feature



(Pictures taken from office support)

Friday, June 9, 2017

Escalate CCE PSTN Call to Conference with Skype for Business Online


Working with PSTN Conferencing in your Office 365 Skype for Business Online Tenant.


ID PSTN -> SfBOnlUsr call

Start and instant (Impromptu) Meeting or schedule a Online Meeting as usual from Outlook or your Client App.  After the meeting is escalate into ConfCall, the MCU SfB OnLine Server will send reinvite to MediationServerHybrid.

This is illustrated in the drawings below.

First we have a look into the outbound call to a PSTN user:

 

Next, we have a look into the inbound call from a PSTN user:


 

Configure online hybrid Mediation Server Settings

The setup process is curial and needs to be follow as below:
 

When a P2P call is escalated to a PSTN conference, the Skype for Business Online conferencing server will send an invite to the Cloud Connector Mediation Server. To ensure that Office 365 can route this invite successfully, you need to configure a setting in your online tenant for each Cloud Connector Mediation Server as follows:
1. Create a user in the Office 365 admin portal. Use any user name you want, such as “MediationServer1.”
Use the default SIP domain of Cloud Connector (the first SIP domain in the .ini file) as the user domain.
Do not assign any Office 365 licenses (such as E5) to the account you create. Wait for Office 365 AD sync to complete.

2. Start a tenant remote PowerShell session using your tenant admin credentials, and then run the following cmdlet to set the Mediation Server and Edge Server FQDN to that user account, replacing <DisplayName> with the Display Name of the user for the account you created:

Copy Set-CsHybridMediationServer -Identity <DisplayName>
-Fqdn <MediationServerFQDN> -AccessProxyExternalFqdn <EdgeServerExternalFQDN>



3. For Identity, use the Display Name of the Office 365 user account you created for this Mediation Server.

For
MediationServerFQDN, use the internal FQDN defined for your Mediation Server.
For
EdgeServerExternalFQDN, use the external FQDN defined for Edge Server Access Proxy. If there are multiple Cloud Connector PSTN sites, choose the Edge Server Access Proxy FQDN assigned to the site where the Mediation Server is located.
4. If there are multiple Cloud Connector Mediation Servers (multiple-site, HA), please repeat the previous steps for each of them.
Note:
https://technet.microsoft.com/EN-US/library/mt740651.aspx


Further conference expansion with Dial-In and Dial-Out from/to PSTN:

If another User should be called into the conference the Microsoft Office 365 PSTN Conferencing Bridge breakout is used.

NOTE:
Dial-Out will be charged within your Office 365 Subscription.
If you have PSTN Calling activated, the outbound call with be deducted from your PSTN Calling minutes, or individually charged based on the Microsoft Destination minute pricings.


Other Users calling into the conference with PSTN, use the Dial-In Bridge in Office 365 Skype for Business.


Author:

 

Tuesday, June 6, 2017

Forcing Skype for Business Web App Meeting Join


You can force joining a Skype for Business Conference in browser:


Solution

To force connecting to a Skype for business meeting (conference) using the Skype for Business Web App instead of the Skype for Business Desktop Client, do the following:
  1. Open a web browser window
  2. Copy & paste the URL for joining the meeting that you received.  But do NOT press ENTER yet!
  3. Append the following string to the URL: “?SL=1” (without the double quotes)
For example, if the URL to join the Skype for Business meeting given is:
https://meet.simdom.com/thomas.poett/YR2RJ141
Change it to:
https://meet.sipdom.com/thomas.poett/YR2RJ141?SL=1



Author:

Saturday, May 20, 2017

Remote PowerShell login Office 365 all modules

Remote PowerShell login

Requisites login into Office 365 Skype for Business Online are:

·         Running OS must be 64bit

·         Microsoft .NET Framework 4.5.x

·         PowerShell Version 3.0 or higher
(if you need to install Version 3.0+, download and install Windows Management Framework 4.0:
https://www.microsoft.com/en-us/download/details.aspx?id=40855)








MicrosoftOnlineLogin

Set-ExecutionPolicy RemoteSigned

$credential = Get-Credential
Connect-MsolService -Credential $credential

  
SkypeForBusiness

Import-Module SkypeOnlineConnector
$SfBoSession = New-CsOnlineSession -Credential $credential
Import-PSSession $SfBoSession

  
SharePoint

Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
Connect-SPOService -Url
https://domainhost-admin.sharepoint.com -credential $credential


Exchange

$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -Credential $credential -Authentication "Basic" -AllowRedirection
Import-PSSession $exchangeSession -DisableNameChecking


Security

$ccSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $credential -Authentication Basic -AllowRedirection
Import-PSSession $ccSession -Prefix cc


Logout

Remove-PSSession $sfboSession
Remove-PSSession $exchangeSession
Remove-PSSession $ccSession
Disconnect-SPOService



Set a user's password to never expire


I strongly urge you, that your admin user have the password set to never expire!

Run the following cmdlet to set the user password to never expire

1.  Connect to Windows PowerShell by using your company admin credentials. Run the following cmdlet:
Connect-MsolService

2.       In the Enter Credentials page, enter your Office 365 global admin credentials.

3.       After you enter your Office 365 credentials, do the following:

o    To set the password of one user to never expire, run the following cmdlet:
Set-MsolUser -UserPrincipalName <serviceaccount@contoso.com> -PasswordNeverExpires $true

Find out whether a user's password is set to never expire

1.       Connect to Windows PowerShell by using your company admin credentials. Run the following cmdlet:
Connect-MsolService

2.       Do the following:

o    To see whether a single user’s password is set to never expire, run the following cmdlet by using the user principal name (UPN) (for example, april@contoso.onmicrosoft.com) or the user ID of the user you want to check:
Get-MSOLUser -UserPrincipalName <user ID> | Select PasswordNeverExpires

Author:

Monday, May 15, 2017

Skype for Business User Group Germany

Hi all,

we have established our Mailing Lists and they are open for subscription.
Never miss any of our User Group Events.

Hallo zusammen,
wir haben unsere Mailing Liste eingerichtet und sie aktiv zu Anmelden.
Verpasst nie mehr eine unserer User Group Events.

https://skype4b-ug.de/subscribe/

Cheers und Servus
Thomas

Sunday, May 14, 2017

Media Bypass with Cloud Connector Editon

Media bypass with Cloud Connector Edition

Update with CCE Verion 2.0


Media bypass allow the Skype for Business client leveraging on G.711 ulaw and a direct connection to the associated Session Boarder Controller with CCE.

Where is the advantage not letting the client connect to the Mediation Server component in the CCE?
This is clearly not an advantage yet for leveraging the a distributed SBC deployment, where the client will be redirected via SIP Re-Invite to a possible close PSTN connection. Saying you have a central CCE with one SBC in Munich and one in Malaysia, but in Malaysia you didn't deploy a second CCE site.
Here the client can't not reconnect to the far SBC.

But the media bypass advantage lays clearly in increasing a CCE concurrent call volume. Meaning the CCE can connect the call to the called CORE SBC and the CORE SBC handles call routing to other locations. This allows you to operate beyond the concurrent call limit of 500. If the SBC can handle more than 500 call simultaneously, the client has a direct connection to this SBC and this SBC routes the call to other SBC, which might be distributed across different locations. This will clearly save money.

Media Bypass is only available, if your SfB client is internal. External clients run through the Edge and Mediation Server, hitting the SBC. Routing on the SBC will still apply.

Example:

The advantage is clearly on the higher load a CCE an take, while the CORE SBC handles the Client Connections and reroute to the Sub-SBCs.
Important is, you must consider the network delay within your calculation.


Configuring Media Bypass on a CCE Site:
Set-CsTenantHybridConfiguration -HybridConfigServiceInternalUrl http://newname.domain/hybridconfig/hybridconfigservice.svc
$mediabypass = New-CsNetworkMediaBypassConfiguration -AlwaysBypass $true -Enabled $true
Set-CsNetworkConfiguration -MediaBypassSettings $mediabypass


Newname.domain must point to the CCE Mediation Server!
Port 80 must be open from internal Network to the CCE Mediation Server IP Address!
The URL is only queried once during LOGIN of the SfB client!

Note:
The replication can take up to 1hrs!
First within your Office 365 tenant might take 15 min and another 15+min down to your CCE.

Client Requirements:
latest versions !


Check the replication within your Office 365 tenant 
Get-CsTenantHybridConfiguration -LocalStore

Check the replication on you Mediation Server VM (on the CCE)
Get-CsNetworkConfiguration -LocalStore



Technet reference:
https://technet.microsoft.com/en-us/library/mt808734.aspx
https://technet.microsoft.com/en-us/library/mt605227.aspx
https://technet.microsoft.com/en-us/library/mt808733.aspx

Note:
Clients will receive the web address of Media bypass web service from an internal DNS server. The name of the web service will be the same across all instances and Cloud Connector PSTN sites. In complex multisite environment, we recommend using Windows 2016 DNS Policy for Geo-Location Based Traffic Management, so clients can be redirected to web service which is local for their network.
More about Windows 2016 DNS Policy for Geo-Location Based Traffic Management can be found on the following link https://docs.microsoft.com/en-us/windows-server/networking/dns/deploy/primary-geo-location

I will update this blog post and will write a new Configuration Guide (E-Book) with multi-site CCE Deployment and internal GEO-DNS. Geo DNS internally is required, since the Office 365 Tenant can only host a single HybridConfigServiceInternalURL entry.

Optionally, you can host local site DNS Zone as per this hostname. Or you can use the host file on the client and configure it differently per network site.



Warning:
If the client DNS resolution fails, it will make CALLS, but it fallback not using Media Bypass, as the client therefore assumes it is external!

Troubleshooting Media Bypass:

The URL is not visible in the SfB Configuration Information. Us can only see this in the UCC-APILog file.



Author:

Sunday, May 7, 2017

Office 365 Groups and Teams

https://gallery.technet.microsoft.com/Working-with-Office-365-d418588a


I worte a new free E-Book about Office 365 Groups and Teams.
You will learn how to calculate the Business Impact/ ROI, as well how to consult, configure and use those productivity features.

Office 365 Groups:


The Groups enable us to extend our Outlook collaboration to the next level and join in with our team members


Microsoft Teams require Office 365 Groups, this will bring the next level to our team communication, where we are even further able integrating our Office 365 Groups Tools



Happy reading!

Thomas

Sunday, April 23, 2017

DNS Records for Skype for Business Hybrid Installation

DNS Configuration for Skype for Business Hybrid Deployments


DNS settings are important and you need to understand how your organizations Skype for Business communication flow works.

First important understanding:
If you run a hybrid installation, your Office 365 Tenant with Skype for Business Online is seen from your On-Premise installation as a federated organization.


Therefore the following DNS records must also be resolvable from your internal DNS infrastructure (Edge Server).
Depending on how DNS is configured in your organization, you may need to add these records to the internal hosted DNS zone for the corresponding SIP domain(s) to provide internal DNS resolution to these records. (see illustration below table)


DNS RECORD
RECORD TYPE
WHERE IT SHOULD RESOLVE TO
PORT
sip.YourDom.com
A
Public IP of Access Edge
n/a
_sip._tls.YourDom.com
SRV
External on-premises Access Edge Interface (sip. YourDom.com)
443
_sipfederationtls._tcp.
YourDom.com
SRV
External on-premises Access Edge Interface (sip. YourDom.com)
5061
webcon.YourDom.com
A
Public IP of Access Edge
n/a
av.YourDom.com
A
Public IP of Access Edge
n/a


Illustration for DNS Best Practice:

(Click the illustration to enlarged)

The internal Clients, will not query the _sip._tls or _sipfederationtls._tcp records, but your Edge will do. Therefore the illustration above should provide you with an idea on how setting up DNS.

Remember, only the Edge is requiring the both DNS SRV record, not any internal system.
In case you decide not having a HOSTS file, this both drawing will also work, since this with or without SPLIT DNS, the internal DNS servers will provide the correct DNS records to the Edge Server.

Errors in SNOOPER:

An indication for DNS misconfiguration is for example a one-way Presence, where the external partner can see your presence, even is able calling your. But from your side no outbound presence or call are possible.

Possible seen error with a wrong setup:
SIP communication:
ms-diagnostics: 1008;reason="Unable to resolve DNS SRV record";domain=YourDom.com";dns-srv-result="NegativeResult";dns-source="InternalCache";source="YourDom.com"




Conferencing Setup:
<diagHeader>1008;reason="Unable to resolve DNS SRV record";domain="YourDom.com";dns-srv-result="NegativeResult";dns-source="InternalCache";source="sip.YourDom.com"</diagHeader>


Important Best Practice:
Your Edge Servers should be configured with HOSTS file and external DNS resolution. If you fail doing so, you might consider configuring Split DNS with the external DNS Records (see table) on your internal DNS SIP Domain.


Understanding Hybrid Deployments on Technet:
https://technet.microsoft.com/en-us/library/jj205403.aspx

Troubleshooting Hybrid Deployment on Technet:
https://support.microsoft.com/de-de/help/2566790/troubleshooting-skype-for-business-online-dns-configuration-issues-in-office-365


Author:

Friday, April 21, 2017

Query Office 365 Tenant ID


The Office 365 Tenant ID is pretty good hidden. Therefore here are two was finding out what's your Tenant ID ist.

Open PowerShell and login into Office 365

Set-ExecutionPolicy RemoteSigned

$credential = Get-Credential
Connect-MsolService -Credential $credential
$Tenantdomain = 'YourOFFICE365TenantName.onmicrosoft.com'
$TenantID = (Invoke-WebRequest https://login.windows.net/YourOFFICE365TenantName.onmicrosoft.com/.well-known/openid-configuration|ConvertFrom-Json).token_endpoint.Split(‘/’)[3]
$TenantID



Finding the Tenant ID in SharePoint



Author:

Tuesday, March 21, 2017

Skype for Business Cloud Connector Version 1.4.2 Release

Very important information's about the actual release of CCE Version 1.4.2


https://blogs.technet.microsoft.com/sfbhybridvoice/2017/03/20/skype-for-business-cloud-connector-version-1-4-2-release/


Important Support Changes:
Starting with CCE 1.4.2 we will be a little more prescriptive on updates and SLAs:
When we release version N (1.4.2 in this case) there is a 60 day window within which version N-1 (the prior released version, 1.4.1) will also be supported against the SLA commitment. After 60 days only version N is supported against the SLA commitment.

Improvements:

a lot of new certificate based commands are included and all issues are now fixed!

Target: Define the certificate target, either EdgeServer or MediationServer.
  • Set-CcExternalCertificateFilePath -Path <Path to Edge PFX Cerfiticate> -Target EdgeServer
    Set the path to the certificate that has private key which the script will import and assign to the external interface of the Edge server during deployment.
  • Set-CcExternalCertificateFilePath -Path <Path to PSTN Gateway Certificate> -Target MediationServer.
    Set the path to the certificate that has the certificate chain of the issuing CA for the PSTN Gateway which the script will import to the Mediation server certificate store during deployment.
Import: Import the certificate for the Edge server or Mediation server.
  • Set-CcExternalCertificateFilePath -Path <Path to Edge PFX Cerfiticate> -Target EdgeServer -Import.
    Used to both import new certificate to the Edge server and assign it to the external interface. This action will put appliance in maintenance mode.
  • Set-CcExternalCertificateFilePath -Path < Path to PSTN Gateway Certificate > -Target MediationServer -Import.
    Used to import new certificate chain of the issuing CA for PSTN Gateway certificate to the Mediatioin Server.
Defined certificate paths saved in “C:\ProgramData\CloudConnector\module.ini”:
  • ExternalCertificateFilePath.
  • GatewayCertificateFilePath.

New certificate management cmdlets

  • Backup-CcCertificationAuthorityBacks up the certification authority service to a file and saves it to the CA folder under the site share directory.
  • Export-CcRootCertificateExports the root CA certificate to a local file on the Cloud Connector host server.
  • Renew-CcCACertificateReinstalls the Certification Authority Service AD Server to create a new root CA certificate..
  • Renew-CcServerCertificateRenews the certificates for Cloud Connector when they are near expiration or already expired.
  • Remove-CsCertificationAuthorityFileRemoves the certification authority service backup file “<SiteRootDirectory>\CA\SfB CCE Root.p12” in the CA folder under the site share directory for Cloud Connector.
  • Remove-CcLegacyServerCertificate:Removes legacy server certificates on the Central Management Store, Mediation Server, and Edge Server after you execute the Renew-CcCACertificate or Renew CcServerCertificate cmdlets.
  • Reset-CcCACertificate: Resets the certificate authority servers to install a new certificate authority certificate.
Cloud Connector cmdlet reference: https://technet.microsoft.com/EN-US/library/mt740652.aspx

Saturday, March 11, 2017

Rename a Skype for Business Server (Front end or others)

Rename a Skype for Business Server (Front end or others)


The procedure is explained in simple step's. I had this a couple of times, not only why a customer wanted to change the name. Its the same if you made a typo ;)

Today a came across with an double task to do. Upgrading a SBS from Lync 2013 to Skype for Business. This ahs put me into a dilemma of the chicken egg problem.
Should I do an in-place upgrade first or a rename or or or?

The answer to me was straight forward. Since the servers to be reinstalled, I decided removing the SBA entirely and do a re-deployment with SfB. Since it was an SBS, equal with an Front End server, please make sure there are no user hosted or anything else.

Renaming Process:

  1. Remove Skype for Business server from topology
  2. Publish topology.
  3. Run Skype for Business Server Deployment Wizard local setup on server to remove Lync components (or run the bootstrapper)
  4. Uninstall SQL Server. Front-ends have LyncLocal and RTCLocal instances. Remove both, rebooting between instance removal.  Edge only has RTCLocal instance. 
  5. Remove SQL Server 2012 Management Objects (x64)
  6. Remove SQL Server 2012 Native Client (x64)
  7. Remove Microsoft System CLR Types for SQL Server 2012 (x64)
  8. Remove Microsoft Skype for Business Server 2015, Front End Server
  9. Remove Microsoft Skype for Business Server 2015, Core Components
  10. Delete leftover data:
    Delete C:\Program Files\Microsoft SQL Server
    Delete C:\Program Files\Microsoft Skype for Business Server 2015
    Delete C:\CSData
  11. Rename server and restart
  12. Wait until AD replication completes with new server name.
  13. Open Topology Builder, add a new server to existing pool and publish. (If this is a SBA or Standard Edition Server, the pool and the server FQDN is identical.)
  14. Reinstall Skype for Business Server 2015components and all cumulative updates
  15. Generate new certificate with updated server name and assign to appropriate services using Skype for Business Server 2015 Deployment Wizard.
  16. Restart all servers in pool at same time (only relevant for front-end servers in an Enterprise pool).



Note and Warnings:
Careful if this is the Pool where CMS is located. There you need to migrate the CMS to another pool first and starte the rename procedure. than you can move back the CMS.
Same to users or other applications. simply move them to a different server and move back after the rename procedure has finished.

Note:
This procedure applies to Lync server too.