Microsoft Teams Contact Center Integration

This post is about the Contact Center Integration in Microsoft Teams. If you deploy Microsoft Teams calling capabilities to enable your workforce to use Microsoft Teams you might also be interested in the Contact Center integration. In the past I wrote an article about Microsoft Teams Call Queues and Auto Attendants for Direct Routing which describes Teams calling capabilities in regards of automatic call distribution (ACD) and/or interactive voice response (IVRs). Depending on your needs this was and is maybe not yet sufficient for your agents because you have many agents answering loads of incoming calls, transfer calls to maybe other departments/agents and respond to these incoming requests, complaints, remote advisories, incidents or what have you. Maybe 24/7…

Source: https://pixabay.com/de/illustrations/lernen-hinweis-schule-betreff-3245793/
Source: https://pixabay.com/de/illustrations/lernen-hinweis-schule-betreff-3245793/

So, there was a missing piece to bringt Microsoft Teams and more advanced Contact Center solutions together. Until lately. APIs were enhanced and improved which enabled Contact Center solution and service providers to build and use the available integrations based on

  • Direct Routing Connectivity,
  • Microsoft Graph Cloud Communication APIs,
  • Teams platform and extensibility and/or
  • Teams SDKs.

By this Microsoft enables for three integration “depths”:

  • Connect | based on Direct Routing
  • Connect and Extend | mixture of Direct Routing + Graph APIs + Teams apps platform
  • Extend and Power |embedding Teams SDKs into Contact Center App/Solution/Service for native Teams interactions (which works with Direct Routing as well as calling plans)

Now that you want to start to integrate your existing Contact Center solution in Microsoft Teams, note that this works only for certified Contact Center solutions and services, which are listed in the Connected Contact Center for Microsoft Teams Certification Program. Today, there are already very well-known providers offering Microsoft Teams integration (see additional resources).

Conclusion, opinion and summary

This is another step forward to bring in more voice and calling capabilities into Microsoft Teams as it can become the primary client app for Contact Center agents as well. I assume that more is about to come and enable companies to leverage more and more of Microsoft Teams especially enterprises with large contact centers which might still be on Skype for Business Server with Enterprise Voice for these workloads. In the past this was mostly due to the SFB UCMA integration which was often used in these voice deployments and in Teams this integration option was missing. Now, enterprise still running SFB Server and having dependencies in regards of third-party Contact Center solutions based on UCMA might probably soon get rid of SFB Server onprem, migrate (the until now left behind Contact Center agents) to Microsoft Teams and decommission SFB Server infrastructure.

Additional resources

Microsoft Skype for Business Server Updates

In this post I just like to quickly highlight where you can find the latest Microsoft Skype for Business Server updates. Recently Skype for Business Server 2015 May 2020 Cumulative Update (CU) was released. However, the update was only downloadable from the EN-US download page, not from the DE one. On the DE download page for SFB Server 2015 only the August 2019 CU was available. I guess it will just take some time until it is refreshed and also available on the DE download page.

https://pixabay.com/vectors/update-download-icon-icons-3314287/
Source: https://pixabay.com/vectors/update-download-icon-icons-3314287/

In general you can find the most recent CUs on a Microsoft Docs summary page where you can

  • get an update history incl. release date of the update
  • find the link to the respective knowledge base article which provides an overview on the included changes of the according update (release notes)

On the latter, the KB page you can open further links to each mentioned change or fix which the update delivers. There you can read through a more detailed explanation and update description.

First of all, you should read the update’s KB article. Afterwards you can download the package but please do not just download and install the update. To install the update should be a planned task. It might require some preparation and cause a downtime depending on your actual SFB deployment. And don’t forget the update the backend. I’ve often noticed that the backend is not updated although the description of the CU states how this has to be done depending on the SFB deployment (Standardard Edition vs. Enterprise Edition).

Additional resources

Microsoft 365 Virtual Marathon 27.-28.05.2020

Microsoft announced a virtual event called Microsoft 365 Marathon. It will take place online from May 27. – 28., 2020 an it will be 36 hours all about Microsoft 365. More than 300 speakers will present different topics. There’ll be over 400 session. Can it get better, yes, it’s for free. This is really impressive and definitely the suited format given the current circumstances. So, if you want to learn about Microsoft 365, I’d say that this virtual event is the one you should not miss. As far as I’ve seen there are all kind of sessions (depths) from overview to deep dive available, e.g. regarding working remotely, using live events, set up your corporate intranet, security and compliance and many more. You can read some more details and register via the Microsoft SharePoint Blog. Enjoy if you can make it!

Source: https://pixabay.com/de/illustrations/lernen-hinweis-schule-betreff-3245793/
Source: https://pixabay.com/de/illustrations/lernen-hinweis-schule-betreff-3245793/

Additional resources

Konfiguration von Microsoft Teams Direct Routing über das Teams Admin Center

In diesem Beitrag möchte ich aufzeigen, wie Microsoft Teams Direct Routing jetzt auch über das Teams Admin Center konfiguriert werden kann. Ich selbst bevorzuge weiterhin die Anlage mit der PowerShell, aber es ist gut zu wissen, dass diese Funktionen jetzt auch im Admin Center verfügbar sind.

Hinweis: Dieser Beitrag beschreibt einen aktuell verfügbaren Ansatz in Form einer beispielhaften Konfiguration. Wie einen Konfiguration vorgenommen werden muss, kann variieren (je nach Anforderungen) und sich auch jederzeit seitens Microsoft 365, Teams etc. verändern.

How to connect a certified SBC via Teams Admin Center?

Zielsetzung

Microsoft 365 Telefonsystem an einen zertifizierten Session Border Controller (SBC) für Microsoft Teams Direct Routing (TDR) anbinden.

Design und Umfang

In diesem exemplarischen Beitrag zeige ich nur wie die Verbindung vom Microsoft 365 Telefonsystem zum SBC eingerichtet werden kann (gelb). Die Konfiguration eines SBCs, mögliche Anpassungen und Feinjustierungen werden hier nicht weiter beschrieben. Am Ende wird noch ein Cloud-only User Account eine Telefonnummer und die Voice Routing Policy zugewiesen.

Auf Details, was TDR ist, Voraussetzungen und wie zu lizenzieren ist gehe ich hier nicht ein.

How to connect a certified SBC via Teams Admin Center?

Zu konfigurieren sind

  • ein Teams PSTN Gateway (SBC),
  • PSTN Usage,
  • Voice Route,
  • Voice Routing Policy
  • und zuletzt muss die Voice Routing Policy dem User zugewiesen werden.

Lösung (Beispiel)

Wir beginnen im Microsoft Teams Admin Center (https://admin.teams.microsoft.com) als globaler Admin, aber auch schon die Teams-Administrator-Rolle (Teams Service Administrator) reicht hier und berechtigt für die Konfiguration.

Nachstehend zeigen die Screenshots den “Konfigurations-Pfad” und in jedem Screenshot werden die Schritte beginnend mit “1” aufgezeigt.

Teams Admin Center
PSTN Gateway bzw. SBC hinzufügen
SBC im Teams Admin Center konfigurieren (FQDN, aktiviert, Port (SBC Listener), Sessions …)
Einstellungen sichten
PSTN Usage erstellen
PSTN Usage erstellen
Voice Route erstellen
Voice Routing erstellen

Bei “Dialed number pattern” kann ein bestimmter regulärer Ausdruck via RegEx definiert werden, um basierend von Teams ausgehende Anrufe auf einem bestimmten “Muster” zu prüfen, um hier eine Routing-Entscheidung für diese oder eine mögliche andere Route zu treffen. Ich lasse dies hier mal absichtlich leer. Wenn User komplett E.164 (also mit +49… ) wählen sollen oder einfach alles akzeptiert werden soll, kann hier z. B. .$ (any) o.ä. verwendet werden. Je nach Bedarf.

Voice Route erstellen
Voice Route und Priorität prüfen
Voice Routing Policy für die Zuweisung an User erstellen
PSTN Usage in Voice Routing Policy hinzufügen
Voice Routing Policy einem User zuweisen
Voice Routing Policy einem User zuweisen

Nach dem die Voice Routing Policy zugewiesen wurde, kann es eine Weile* dauern bis, in diesem Beispiel James, telefonieren kann. Natürlich muss hierfür der SBC bereits konfiguriert und funktionsfähig sein. Auch die richtigen Lizenzen und Policies (Calling Policies) dürfen für die User nicht fehlen. Nicht zu vergessen, dass der oder die Benutzer noch eine Telefonnummer zugewiesen benötigt.

*eine Weile kann von ein paar Minuten bis hin zu mehreren Stunden sein. Ich habe schon unterschiedlich lange Bereitstellungszeiten festgestellt.

Letzteres geht aktuell leider (noch?) nicht via Teams Admin Center. Dazu benötigt es noch die SFB Online PowerShell außer ich habe SFB Server (Hybrid) und meine Rufnummern werden noch vom onpremise Server via AAD Connect übertragen (msRTCSip-LineURI…). Doch hier gibt’s dann noch ein paar weitere Aspekte zu beachten.

Zuweisung der Telefonnummer und Voice Routing Policy via PowerShell

Die Zuweisung der Voice Routing Policy und Telefonnummer kann per PowerShell erfolgen (via SFB Online Connector), nach dem das SFBO PowerShell Modul heruntergeladen, installiert und verbunden wurde. Wenn man das nachstehende etwas umbaut, kann hieraus einfach über ein CSV-Import und eine foreach-Schleife ein Anlage und Zuweisung von Benutzern im größeren Stil erfolgen.

#Verbindung zu SFBO aufbauen (mit MFA)
Import-Module "C:\Program Files\Common Files\Skype for Business Online\Modules\SkypeOnlineConnector\SkypeOnlineConnector.psd1"
#Import-Module SkypeOnlineConnector
$SFBOSESSION = New-CsOnlineSession
Import-PSSession $SFBOSESSION
#Voice Routing Policy zuweisen
Grant-CsOnlineVoiceRoutingPolicy -Identity "James" -PolicyName "VoiceRoutingPolicy-Germany-Stuttgart”
#Telefonnummer zuweisen
Set-CsUser -Identity "james@...domain.de" -OnPremLineURI tel:+497119874563219 -EnterpriseVoiceEnabled $true -HostedVoiceMail $true
#Verbindung trennen
Remove-PSSession $SFBOSESSION

Zusammenfassung

Ich finde es praktisch, dass ich jetzt einen zertifizierten SBC auch über das Teams Admin Center verbinden kann. Wieso ich aber Usern noch keine (TDR) Telefonnummer auch über das Teams Admin Center zuweisen kann, ist mir ein Rätsel. Hierfür muss ich wieder in die PowerShell wechseln. Das finde ich etwas umständlich. Dann mache ich es aktuell doch lieber noch per Shell, da ich mit der PowerShell die Ansichten nicht wechseln brauche.

Ich hoffe, der Beitrag gibt eine grobe Übersicht, wie (aktuell Mai 2020) ein SBC für TDR an das Microsoft 365 Telefonsystem angebunden werden kann.

Zusätzliche Ressourcen

Heller Hintergrund für Mails bei schwarzem Microsoft Outlook Design

In diesem Beitrag gebe ich einen kleinen und praktischen Anwender Tipp für Microsoft Outlook. Ich beschreibe nachstehend wie man seine Ansicht mit einem schwarzen oder dunklen Microsoft Outlook so anpasst, dass die Mails mit weißem Hintergrund geschrieben und gelesen werden können.

Hintergrund

Wenn ich mein Microsoft Office App Design auf schwarz eingestellt habe, dann ist alles schwarz. Das betrifft auch Mails mit normalerweise weißem Hintergrund. Für viele ist das konsequent und auch so gewollt. Ich muss zugeben, dass es mir persönlich besser gefällt, wenn ich trotz schwarzem Office-Design meine Mails auf weißem Hintergrund lesen und auch verfassen kann. Zudem bekomme ich öfters Mails im HTML-Format und diese werden im dunklen/schwarzen Office-Design im Outlook nicht immer ideal angezeigt. Auch umgekehrt, wenn ich im schwarzen Design eine Mail verfasse und farblich etwas hervorhebe, kommt dies beim Empfänger, der wiederum einen weißen Hintergrund hat, visuell anders raus.

Die Ansicht und das Office-Design sind letztlich Geschmackssache, daher gibt’s ja die Möglichkeit je Gusto eine andere Einstellung für sein Office festzulegen.

Microsoft Outlook – Mail Fenster alles schwarz

Lösung

Wer vielleicht, wie ich, seine Mails ebenfalls trotz schwarzem Office-Design gerne mit weißem Hintergrund liest oder schreibt, der oder die kann das in den Outlook-Optionen an folgender Stelle einstellen.

  1. Outlook Optionen öffnen
  2. Bereich Allgemein öffnen und zu “Microsoft Office Kopie personalisieren” scrollen
  3. und beim Office-Design “Schwarz” den dahinter verfügbaren Haken für “Die Hintergrundfarbe der Nachricht nie ändern” setzen
Microsoft Outlook-Optionen
Microsoft Outlook – Mail Fenster schwarz mit weißem Inhalts-Hintergrund

G Suite security controls overview [May 2020]

Due to the increased and still increasing number of people working from home the requirement to keep users’ identities and devices secure and up-to-date is a must. Recently, I wrote some blog posts on Microsoft 365 communication and collaboration security. This time, I’d like to share what Google provides to secure its G Suite platform for communication and collaboration on an high level.

Basically, it doesn’t matter what kind of solution and service you provide, it must be secure by design to cope with more and more advanced threats for your company assets and user identities. To do so, you need to be alert, but not only just maintain your as-is security standards and architecture, no, moreover you must steadily enhance the security capabilities as there are always new threats on the rise.

Source: https://pixabay.com/de/illustrations/sicherheit-sichern-gesperrt-2168233/
Source: https://pixabay.com/de/illustrations/sicherheit-sichern-gesperrt-2168233/

To keep your company assets secure if you rely on G Suite you might want to know what you can do.

  • Fundamental device management
    • Reports/view all devices which access corporate data
    • Reports on devices accessing corporate data
    • Remediation actions, e.g. remotely sign out a user
    • Context-aware access control, e.g. allow access to corporate data/services only under defined circumstances like only device storage must be encrypted etc.
  • Enhanced security for Windows 10
    • login with Google credentials because Google can be used as a credential provider for Windows
    • Single Sign-On (SSO) for Windows 10 devices, apps and services
    • identity and account protection (detection of anti-hijacking, suspicious login detection)
    • compliance checks for Windows 10 devices (checking if the device is secured and updated)
    • device management to roll out device configuration updates and wipe a device
  • New G suite security capabilities
    • data protection insights [for data loss prevention (DLP)]
    • automated classification with labels for DLP
    • iOS copy/paste protection for DLP
    • context-aware access with group-based policies
    • context-aware access for SAML apps
    • monitor logs with third-party monitoring

Conclusion, opinion and summary

I must admit that I haven’t checked for some time what’s new and which capabilities are offered lately with G Suite. By what I’ve read so far, a lot has changed and was added for good. I recognize that the features and capabilities regarding communication and collaboration security have been growing very well, too. It’s interesting to see how G Suite also evolves over time regarding communication and collaboration security, to keep users and things secure.

Additional resources

How to secure your guest access in Teams?

In this post I point out what you can do to secure your Microsoft 365 guest access or guest identities for a secured collaboration experience. Guests in Microsoft 365 are external persons or identities which you can enabled to access defined Microsoft 365 resources, e.g. to work together in a project by using a Microsoft Teams Team. This is very beneficial for a more in-depth collaboration in project teams which include several external stakeholders from other companies like external project managers, subject matter experts, suppliers or others. By enabling guest access for specific scenarios and workloads you can easily work together across companies, if required. So, your employees do not need to find another way or a (#ShadowIT) workaround to do this which does not align with your company’s compliance.

I often have discussions regarding collaboration security on external (guest) access. So, what’s the answer to convince all from guest access? Well, let me put it that way, there is never an “one size fits all” answer, definitely not. Company A is not the same as company B. There might be similar processes, requirements, collaboration strategy goals or else but it’s still different, of course. The people, the services, the products, the vertical etc. are different. To keep it short, B2B collaboration with guest access is an excellent feature but usually requires a different implementation approach depending on the company. Sometimes a basic implementation is sufficient, sometimes you need to establish a new organizational process in varying complexity including B2B collaboration governance and so on.

Please note, that is is just one of many measures to secure your communication and collaboration in Microsoft 365. This is only a single part of a more holistic and required security architecture concept. Moreover, the below description, configuration etc. might change at anytime and is just an example, demo piece.

Source: https://pixabay.com/de/illustrations/sicherheit-sichern-gesperrt-2168233/
Source: https://pixabay.com/de/illustrations/sicherheit-sichern-gesperrt-2168233/

Limitations for guests

Guest are a “special” member type in Azure AD and M365. So, there are some limitations by design for guests you should know of. For more please read What are the default user permissions in Azure Active Directory? and Guest access in Microsoft Teams [links at the bottom].

  • Per licensed user you can add up to five guests (1:5 ratio)
  • Guest user permissions in Azure AD are limited by default*
    • cannot browse other tenant information
    • but can view their own profile
    • but can retrieve input on other users if he/she searches for a UPN or object ID
  • Guest user permissions in Office 365 groups are limited
  • Guest user permissions in Teams are limited
    • no One Drive for Business
    • no people search outside of Teams
    • no calendar
    • no meeting scheduling
    • no pstn/telephony
    • no org chart
    • no teams creation/revision
    • no teams browsing
    • no file upload in P2P chats

*unless you assign any admin role to a guest. So be cautions. Don’t.

What you can do to secure your Microsoft 365 guest identities?

Microsoft added a very good article in the documentation Create a secure guest sharing environment [link at the bottom] which describes the key elements you must take into account for your B2B collaboration and guest access configuration.

  • enforce multi-factor authentication for guests
  • provide terms which guests musts agree on
  • regularly review permission needs are still valid
  • restrict access for guest to web-only / browser-only
  • set session timeout to enforce regular/daily authentication by guests
  • classify content by using sensitivity labels
  • auto classify defined sensitive information to highly confidential
  • auto remove guests access from files labeled high confidential

Conclusion, opinion and summary

Guest access can be vital for your company and employees to easily work together with external stakeholders. If required. It must be secured.

To provide guest access, I think it is a good idea to establish a organizational process that internal employees must request guest access for an external person via an approval process. The latter could be accomplished by using Power Automate with Forms or Power Apps. Onboarding or adding a new guest should be based on the approach which Microsoft provides in Create a secure guest sharing environment [link at the bottom]. To complete the guest user life cycle the identity should be audited and monitored regarding permission needs and activities, so that either certain permissions can be removed or that an guest account gets disabled or even deleted depending on usage/activity/last logon or other criteria.

Additional resources