FeedBurner makes it easy to receive content updates in My Yahoo!, Newsgator, Bloglines, and other news readers.
As most folks are already aware Microsoft Teams has a dramatically different architecture to Skype for Business, gone is the baggage that came with on-premises technology – Teams is built for cloud first so with that comes a number of changes, one of which is the meeting URL.
The first thing that you will notice when you create a Teams meeting is that it is presented with percentage encoding, this is the first thing we’ll need to strip out or decode prior to deciphering the Teams meeting URL. Below is an example of a meeting generated via the Teams Outlook add-in.
Various URL decoders are available, one such example here
Let’s next break this URL into four sections:
1: Thread ID
2: Thread Message ID
3: Tenant ID
4: Organizer ID
Now one of the things you’ll notice within the example above is that the thread message ID is not populated or zero, this is due to the fact that we created the meeting within Outlook, if we create a meeting within a Teams channel and also perform the same decoding outlined above the message ID is now populated:
Small update, the Microsoft Ignite presentation on video interoperability with Skype for Business on-premises and online has now been posted. This was a joint Microsoft, Polycom and Pexip session whereby existing certified solutions were explained (including an overview on the certification program itself) and finally an update on the future direction of video interoperability with Microsoft Teams.
Check the session out here
This week I’ll be at Microsoft Ignite, Microsoft’s biggest IT Pro event of the year and it’s always a good time to catch-up up with customers, industry folks and learn a thing or two about what’s coming next from Microsoft’s technology stack.
This year Polycom will be sharing details around some new devices and technologies that they’ve been cooking up, one of these being near and dear to me a new RealConnect solution – RealConnect Hybrid. But before we dig into this let’s level set.
Skype for Business has gotten to a point whereby it’s become an extremely credible conferencing platform, delivering voice, video and content (including PowerPoint sharing, polling and white boarding). The experience for Windows, Mac and mobile users is second to none. The gap that Microsoft certified vendors (Pexip and Polycom) address is the ability to bring non-native Skype for Business devices into these meetings, for many meetings this isn’t a requirement so simplicity of deployment and minimal technical foot print is key. These non-native devices (VTCs) are typically expected to have a longer return on investment as they’re often embedded into existing meeting rooms and handled as integrated A/V solutions.
Back in April (2017), Polycom launched RealConnect for Office 365. It was the first (and still the only) solution that allows Office 365 users that leverage Skype for Business and Exchange to schedule meetings with integrated video interoperability capabilities – Polycom also nailed the simplicity piece as the entire stack is hosted within Azure (with little to no on-premises technology foot print). Whilst this was received extremely well, it became immediately clear that something similar needed to be made available for Skype for Business on-premises customers. Again, I go back to my previous statement – “simplicity of deployment and minimal technical foot print is key”.
RealConnect Hybrid is a new solution that facilitates this requirement, in this topology Skype for Business is on-premises and Exchange can be either on-premises or online. Customers can even choose to mix both RealConnect for Office 365 with RealConnect Hybrid if they have a Skype for Business Hybrid topology or when they’re slowly migrating to Microsoft’s cloud.
The illustration below, credit: Jeff Schertz, outlines the RealConnect Hybrid topology.
Unlike other solutions in-market this does not require Skype for Business meeting invitations be sent to a room or service mailbox, the in-meeting experience is identical to RealConnect for Office 365 (gateway mode) and the Polycom platform automatically joins the on-premises Skype for Business meeting via the meeting scheduler’s Edge Server. This multi-tenanted Polycom platform is at time of writing deployed globally within five Azure data centers (see below) and is not only fully resilient but ensures the closest instance to the VTC is leveraged to reduce Internet hops.
This is expected to continue growing over time.
The RealConnect Hybrid solution is powered by the Polycom Cloud Relay, this is a minimal footprint virtual machine that houses a number of Polycom micro-services – two of which will be relevant to this solution.
The illustration bellow, outlines the One Touch Dial Service cloud dashboard whereby administrators can monitor, manage and deploy endpoints that require Click-to-Join capabilities:
I’m really excited for this new solution to come to market and seeing how deployment of Skype for Business video interoperability can no longer be a huge undertaking with this solution capable of being up and running in under an hour. Both RealConnect Hybrid and the One Touch Dial Service are set for general availability before the end of the year, with betas starting soon.
If you’re attending Ignite this week feel free to come say “Hi” at the Polycom booth and if you’re keen to learn more about Skype for Business video interop, come to a session I’ll be co-presenting together with Doug Anderson, Srividhya Chandrasekaran (Microsoft) and Marius Nilsen (Pexip) on ”Video Interop for Skype for Business …and path forward to Microsoft Teams” Friday Sep 29th at 9am.
For more information on Polycom solutions that are compatible with Microsoft Teams and the RealConnect announcement read the recent press release here
For folks that are either trialing RealConnect for Office 365 or have purchased this solution from Polycom they may already be aware that this solution leverages a new scheduling service from Microsoft – referred to as “Modern Scheduling”. This can only be utilized via an updated Skype for Business add-in which is shipped as a part of Office 2016 Click-to-Run.
For those that are not already aware Click-to-Run or C2R is a distribution model, in this case leveraged by Office, whereby updates are streamed to a Windows Desktop. This allows Microsoft to deliver features and fixes on a more regular basis and is the default installation package for Office 365 subscribers. Microsoft have previously announced that from 2020 this will be the only way to connect to Office 365 services. There’s also a simple way for existing MSI-based installations to be converted to C2R, or create an offline installer for Office 2016 C2R here
With the background on this out of the way there are some other items to be aware of, specifically that when Modern Scheduling shipped some of the existing Skype for Business Meeting Options did not function as they did previously. Some of these impacted that ability to seamlessly bring a VTC into a Skype for Business Online Meeting without manual admittance or presenter promotion via an in-meeting organizational Skype for Business client. Let’s address these one at a time:
b) To ensure their Skype for Business Online Meeting Configuration is updated as per below, for this to be executed you need to be a Global Administrator:
Some time back I wrote up a blog post on some of the new IP Phone Policies introduced within Skype for Business Online. Since then IP Phone vendors have added additional “3PIP” functionality, one of which is Device Lock.
Device Lock has for some time been available within Lync Phone Edition devices, but more recently this is something which is not only certified by Microsoft but also supported within Skype for Business Online. Many IP Phone settings can be managed out of band via 3rd party provisioning servers, but if you’re registering the device directly and utilizing factory settings some of these parameters can be set via Skype for Business Online PowerShell.
So with Device Lock Microsoft has now exposed the
By default Device Lock is enabled, but this can be disabled by executing the following commands:
$credential = Get-Credential
$session = New-CsOnlineSession -Credential $credential
To retrieve current configuration type,
Get-CsUCPhoneConfiguration(see output below)
The event organizers at UC Day reached out to me and kindly asked whether I would be interested in flying back over to Blighty and speaking at their epic day long UC extravaganza, of course I jumped at the chance – even when I found out it was up north
For those of you that can make it I thoroughly recommend you register for this superb free industry event. I’d also encourage you to attend the legendary pub quiz the night before.
To find out more about the event and register now, head over to http://www.ucday.co.uk/
For those that haven’t already noticed Microsoft’s Skype for Business Tech Community Blog has announced a second Skype for Business Online Broadcast on video interop – now that it’s officially GA within NA and close to being launched in EMEA.
I must have behaved the first time around as they’ve asked me back Hopefully some of you can make it!
More information here
Update: this video is now posted on YouTube
Almost a year ago Polycom and Microsoft jointly announced at Enterprise Connect a new cloud video interoperability service – RealConnect for Office 365.
Following this announcement I wrote a post that covered this in more details and talked about this on Microsoft’s Skype for Business broadcast vlog.
We’re now in preview within the US and I wanted to give folks an overview of the provisioning flow, it’s still not the final design – in the future the provisioning app will be embedded within a native Office Store Web App and this has minimal branding. Nevertheless it answers a lot of questions around security and how much effort it takes to get the service deployed – the video is live and it’s 8mins! (including commentary)
As many of you are no doubt already aware Skype for Business on-premises provides a mechanism for users to easily sign into IP telephony devices, this process is referred to as PIN authentication. It provides end-users with an easy way to authenticate with Skype for Business without the need to input a full username and password on the phone. Of course, if the phone is paired with your desktop PC via “Better Together” functionality this makes things easier, but given that 3rd party interoperability program or (3PIP) devices require additional software for network-based pairing – this often isn’t deployed.
Now let’s level set on a few limitations to be aware of with PIN-based authentication:
1. As an IT admin DHCP options needs to be configured appropriately, specifically option 43. This lets the phone know the location for the certification provisioning service, this then in turn facilitates a secure TLS channel between the phone and the Skype for Business server. Once the authentication is completed the phone retrieves a client certificate which facilitates access to various services, this process is referred to as “TLS-DSK”. This private certificate provisioning service isn’t published externally, so remote workers need to use the process previously mentioned, “Better Together”.
Note: Polycom VVX phones can be configured to work in absence of deploying this option (provided Internet time is configured and available), refer to the parameter dhcp.option43.override.stsUri documented within the UCS Lync and Skype for Business Deployment Guide.
For more information on Option 43, I’d recommend you refer to this post by Jeff Schertz.
2. Given that PIN authentication grants the phone access to Skype for Business services this does not help with Microsoft Exchange, for this NTLM sign-in is still required. Once complete calendaring details can be populated – this is important if you want to perform Skype for Business “Click-to-Join” from the phone’s calendar.
So now let’s talk about Skype for Business Online Web Sign-In, this is a new (heavily understated) feature that allows users with Skype for Business Online accounts to sign into their phone with minimal phone intervention or the need for the 3PIP Better Together AKA the “Better Together-over-Ethernet” companion application.
Let’s first walk you through the process and then we’ll examine how it works.
Step 1: We select the new Web Sign-In option via the phone home screen
Step 2: Once Web Sign-In is selected the phone displays a unique device code, this code is generated within the region the phone is set to and is retrieved via the Device Configuration Web Service
Step 3: Via your computer web browser access the web page displayed on the phone and enter the email associated with your Skype for Business Online account
Step 4: Once the email is entered the user is prompted to sign-in with his or her Office 365 account credentials
Step 5: Enter the device code displayed on the phone screen
Once the code is entered the phone vendor details are displayed
Finally the web page acknowledges that sign-in is complete and the browser session can be closed
The phone sign-in completes without any user intervention
Next up let’s look at how this works behind the scenes. The first thing we need to understand is that Modern Authentication (OAuth 2.0) is used to facilitate this authentication process. Note: even with Skype for Business Online set to
“Set-CsOAuthConfiguration -ClientAdalAuthOverride NoOverride”
(as per documentation here) Web Sign-In is still possible.
The flow chart below outlines the interaction via the various services:
Step 1: The IP Phone requests a localized device pairing site and pairing code (valid for two minutes).
Step 2: The end-user opens their local device pairing website within their web browser. After inputting their device pairing code they are redirected to the Skype for Business device pairing website (where authentication credentials are added).
Step 3: Once authentication is completed an OAuth 2.0 access token is shared with the IP Phone.
Step 4: The users UPN is extracted from the token and Skype for Business autodiscovery is performed against this account.
Step 5: The Skype for Business online server responds and issues a user certificate (valid for 8 hours) with the access token. Remember TLS-DSK?
Step 6: SIP registration completes. That’s it!
If you’ve not tried IP Phone Web Sign-In then I’d recommend you give it a go, as always comments welcome.