Tagged: Microsoft 365

11. July 2020

Microsoft 365 safe documents configuration

In this post I describe what safe documents in Microsoft 365 are, how you can configure it and why you should enable this in your Microsoft 365 tenant.

If you are not yet familiair with safe attachments and safe links you might want to read my previous post Safe attachments and links to protect your Office 365 collaboration first.

Source: https://pixabay.com/de/illustrations/sicherheit-sichern-gesperrt-2168233/

What are safe documents?

Safe documents are a Microsoft 365 Advanced Threat Protection (ATP) feature. It protects your users from opening malicious documents which might harm your users data, privacy or even your complete IT infrastructure depending on what malicious document content is opened. ATP checks before opening it and avoids a user to open a document or leave the protected view in case ATP has recognized anything potentially malicious.

Why safe documents?

It adds another valuable layer of security for your users and infrastructure which kicks in even if someone opens a document which was not caught or categorized as malicious before by other security mechanisms. It might be the last barrier and defense if someone (accidentally) opens a document in your company to avoid a security incident with corresponding consequences for your company.

What’s required to use this capability in Microsoft 365?

Safe documents are an advanced security feature which requires the following:

Microsoft 365 E5 or Microsoft 365 E5 Security
Microsoft emphasizes that it is not in Office 365 ATP plans
Organization Management or Security Administrator role in M365 (for configuration)
Office Version 2004 (12730.x) or later

How to configure it?

If the requirement are met you can configure and test it. By default it is turned off.

Please note configuring this will enable this for your complete Microsoft 365 tenant and therefore for your complete organization.

Enabling it via Admin Center

Screenshot – Go to Security & Compliance Center at https://protection.office.com

Screenshot – Go to Threat management\Policy\ATP Safe Attachments

Screenshot – Tick the checkbox “Turn on Safe Documents for Office clients …”

Maybe DON’T tick the checkbox “Allow people to click through Protected View even if Safe Documents identifies the file as malicious”.

That’s it now it’s live.

Enabling it via Shell

Alternatively, you can also enable this using Exchange Online PowerShell. Example:

#Install Module 
Install-Module -Name ExchangeOnlineManagement
#Check Module availablity on system
Get-Module ExchangeOnlineManagement
#Update Module
Update-Module -Name ExchangeOnlineManagement
#Import Module
Import-Module ExchangeOnlineManagement

#Connect to EXO with MFA enabled
Connect-ExchangeOnline -UserPrincipalName <UPN> -ShowProgress $true

#Enabling safe documents but prevents users from leaving protected view
Set-AtpPolicyForO365 -EnableSafeDocs $true -AllowSafeDocsOpen $false
#Check values
Get-AtpPolicyForO365 | Format-List *SafeDocs*

#Disconnect from EXO
Disconnect-ExchangeOnline

#Uninstall Module
Uninstall-Module -Name ExchangeOnlineManagement

Validating it with Shell

Due to the fact that I’ve configured this in the Admin Center I’m just checking if the settings is set as expected.

And there we go, it’s set.

Conclusion, opinion and summary

It’s very easy to configure however the licensing and client requirements are quite high. In case you met the licensing requirements you can enable it (with previous planning and testing).

Also note, you should check what your antivirus (av) client might do. In case you running a third-party av client. I did not test this having a third-party av client plus this enabled. I’d assume there should be no conflicts but there can be conflicts. So, I would not directly enable this in production without previously testing this maybe in a test tenant and a test client to ensure it works as expected before going live with safe documents.

Additional resources

30. May 2020

Manage Microsoft Teams Rooms (MTR)

Soon, Microsoft Teams Meeting Rooms (MTRs) will be (remotely) managable via the Teams Admin Center, as described on the Microsoft 365 Roadmap [ID 64022].

update settings for Team Room Devices
monitor and check health status of Teams Room Devices incl. peripherals (camera, mic)
troubleshoot a MTR by remotely restart the devices
troubleshoot a MTR by remotely download logs

Source: https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=64022

I assume that the admin experience will be similar to what is already available to manage Microsoft Teams Phones and Collaboration Bars.

Source: Microsoft Teams Admin Center (Screenshot)

Additional resources

30. May 2020

Create a Microsoft Teams Meeting with Outlook on the web or mobile

Microsoft soon enables you to schedule a Teams (or Skype for Business Online) Meeting by using Outlook on the web, Outlook for iOS or Outlook for Android. As of now, May 2020, it looks like the feature on Outlook on the web is planned for the second quarter (Q2) 2020 and on mobiles (iOS/Android) for June 2020.

At the bottom of this post you can find the links to the user guide on how to create a Teams meeting in Outlook on the web/for iOS/for Android, to start right away scheduling Team meetings, as soon as it becomes available. So, you should, as usual, keep your mobile device and apps up-to-date.

Source: https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=63383

Source: https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=63625

Source: https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=63628

Additional resources

17. May 2020

Microsoft 365 Virtual Marathon 27.-28.05.2020

Microsoft announced a virtual event called Microsoft 365 Marathon. It will take place online from May 27. – 28., 2020 an it will be 36 hours all about Microsoft 365. More than 300 speakers will present different topics. There’ll be over 400 session. Can it get better, yes, it’s for free. This is really impressive and definitely the suited format given the current circumstances. So, if you want to learn about Microsoft 365, I’d say that this virtual event is the one you should not miss. As far as I’ve seen there are all kind of sessions (depths) from overview to deep dive available, e.g. regarding working remotely, using live events, set up your corporate intranet, security and compliance and many more. You can read some more details and register via the Microsoft SharePoint Blog. Enjoy if you can make it!

Source: https://pixabay.com/de/illustrations/lernen-hinweis-schule-betreff-3245793/

Additional resources

3. May 2020

Konfiguration von Microsoft Teams Direct Routing über das Teams Admin Center

In diesem Beitrag möchte ich aufzeigen, wie Microsoft Teams Direct Routing jetzt auch über das Teams Admin Center konfiguriert werden kann. Ich selbst bevorzuge weiterhin die Anlage mit der PowerShell, aber es ist gut zu wissen, dass diese Funktionen jetzt auch im Admin Center verfügbar sind.

Hinweis: Dieser Beitrag beschreibt einen aktuell verfügbaren Ansatz in Form einer beispielhaften Konfiguration. Wie einen Konfiguration vorgenommen werden muss, kann variieren (je nach Anforderungen) und sich auch jederzeit seitens Microsoft 365, Teams etc. verändern.

How to connect a certified SBC via Teams Admin Center?

Zielsetzung

Microsoft 365 Telefonsystem an einen zertifizierten Session Border Controller (SBC) für Microsoft Teams Direct Routing (TDR) anbinden.

Design und Umfang

In diesem exemplarischen Beitrag zeige ich nur wie die Verbindung vom Microsoft 365 Telefonsystem zum SBC eingerichtet werden kann (gelb). Die Konfiguration eines SBCs, mögliche Anpassungen und Feinjustierungen werden hier nicht weiter beschrieben. Am Ende wird noch ein Cloud-only User Account eine Telefonnummer und die Voice Routing Policy zugewiesen.

Auf Details, was TDR ist, Voraussetzungen und wie zu lizenzieren ist gehe ich hier nicht ein.

Zu konfigurieren sind

ein Teams PSTN Gateway (SBC),
PSTN Usage,
Voice Route,
Voice Routing Policy
und zuletzt muss die Voice Routing Policy dem User zugewiesen werden.

Lösung (Beispiel)

Wir beginnen im Microsoft Teams Admin Center (https://admin.teams.microsoft.com) als globaler Admin, aber auch schon die Teams-Administrator-Rolle (Teams Service Administrator) reicht hier und berechtigt für die Konfiguration.

Nachstehend zeigen die Screenshots den “Konfigurations-Pfad” und in jedem Screenshot werden die Schritte beginnend mit “1” aufgezeigt.

SBC im Teams Admin Center konfigurieren (FQDN, aktiviert, Port (SBC Listener), Sessions …)

Bei “Dialed number pattern” kann ein bestimmter regulärer Ausdruck via RegEx definiert werden, um basierend von Teams ausgehende Anrufe auf einem bestimmten “Muster” zu prüfen, um hier eine Routing-Entscheidung für diese oder eine mögliche andere Route zu treffen. Ich lasse dies hier mal absichtlich leer. Wenn User komplett E.164 (also mit +49… ) wählen sollen oder einfach alles akzeptiert werden soll, kann hier z. B. .$ (any) o.ä. verwendet werden. Je nach Bedarf.

Voice Routing Policy für die Zuweisung an User erstellen

PSTN Usage in Voice Routing Policy hinzufügen

Voice Routing Policy einem User zuweisen

Nach dem die Voice Routing Policy zugewiesen wurde, kann es eine Weile* dauern bis, in diesem Beispiel James, telefonieren kann. Natürlich muss hierfür der SBC bereits konfiguriert und funktionsfähig sein. Auch die richtigen Lizenzen und Policies (Calling Policies) dürfen für die User nicht fehlen. Nicht zu vergessen, dass der oder die Benutzer noch eine Telefonnummer zugewiesen benötigt.

*eine Weile kann von ein paar Minuten bis hin zu mehreren Stunden sein. Ich habe schon unterschiedlich lange Bereitstellungszeiten festgestellt.

Letzteres geht aktuell leider (noch?) nicht via Teams Admin Center. Dazu benötigt es noch die SFB Online PowerShell außer ich habe SFB Server (Hybrid) und meine Rufnummern werden noch vom onpremise Server via AAD Connect übertragen (msRTCSip-LineURI…). Doch hier gibt’s dann noch ein paar weitere Aspekte zu beachten.

Zuweisung der Telefonnummer und Voice Routing Policy via PowerShell

Die Zuweisung der Voice Routing Policy und Telefonnummer kann per PowerShell erfolgen (via SFB Online Connector), nach dem das SFBO PowerShell Modul heruntergeladen, installiert und verbunden wurde. Wenn man das nachstehende etwas umbaut, kann hieraus einfach über ein CSV-Import und eine foreach-Schleife ein Anlage und Zuweisung von Benutzern im größeren Stil erfolgen.

#Verbindung zu SFBO aufbauen (mit MFA)
Import-Module "C:\Program Files\Common Files\Skype for Business Online\Modules\SkypeOnlineConnector\SkypeOnlineConnector.psd1"
#Import-Module SkypeOnlineConnector
$SFBOSESSION = New-CsOnlineSession
Import-PSSession $SFBOSESSION

#Voice Routing Policy zuweisen
Grant-CsOnlineVoiceRoutingPolicy -Identity "James" -PolicyName "VoiceRoutingPolicy-Germany-Stuttgart”

#Telefonnummer zuweisen
Set-CsUser -Identity "james@...domain.de" -OnPremLineURI tel:+497119874563219 -EnterpriseVoiceEnabled $true -HostedVoiceMail $true

#Verbindung trennen
Remove-PSSession $SFBOSESSION

Zusammenfassung

Ich finde es praktisch, dass ich jetzt einen zertifizierten SBC auch über das Teams Admin Center verbinden kann. Wieso ich aber Usern noch keine (TDR) Telefonnummer auch über das Teams Admin Center zuweisen kann, ist mir ein Rätsel. Hierfür muss ich wieder in die PowerShell wechseln. Das finde ich etwas umständlich. Dann mache ich es aktuell doch lieber noch per Shell, da ich mit der PowerShell die Ansichten nicht wechseln brauche.

Ich hoffe, der Beitrag gibt eine grobe Übersicht, wie (aktuell Mai 2020) ein SBC für TDR an das Microsoft 365 Telefonsystem angebunden werden kann.

Zusätzliche Ressourcen

19. April 2020

How to secure your guest access in Teams?

In this post I point out what you can do to secure your Microsoft 365 guest access or guest identities for a secured collaboration experience. Guests in Microsoft 365 are external persons or identities which you can enabled to access defined Microsoft 365 resources, e.g. to work together in a project by using a Microsoft Teams Team. This is very beneficial for a more in-depth collaboration in project teams which include several external stakeholders from other companies like external project managers, subject matter experts, suppliers or others. By enabling guest access for specific scenarios and workloads you can easily work together across companies, if required. So, your employees do not need to find another way or a (#ShadowIT) workaround to do this which does not align with your company’s compliance.

I often have discussions regarding collaboration security on external (guest) access. So, what’s the answer to convince all from guest access? Well, let me put it that way, there is never an “one size fits all” answer, definitely not. Company A is not the same as company B. There might be similar processes, requirements, collaboration strategy goals or else but it’s still different, of course. The people, the services, the products, the vertical etc. are different. To keep it short, B2B collaboration with guest access is an excellent feature but usually requires a different implementation approach depending on the company. Sometimes a basic implementation is sufficient, sometimes you need to establish a new organizational process in varying complexity including B2B collaboration governance and so on.

Please note, that is is just one of many measures to secure your communication and collaboration in Microsoft 365. This is only a single part of a more holistic and required security architecture concept. Moreover, the below description, configuration etc. might change at anytime and is just an example, demo piece.

Limitations for guests

Guest are a “special” member type in Azure AD and M365. So, there are some limitations by design for guests you should know of. For more please read What are the default user permissions in Azure Active Directory? and Guest access in Microsoft Teams [links at the bottom].

Per licensed user you can add up to five guests (1:5 ratio)
Guest user permissions in Azure AD are limited by default*
- cannot browse other tenant information
- but can view their own profile
- but can retrieve input on other users if he/she searches for a UPN or object ID
Guest user permissions in Office 365 groups are limited
Guest user permissions in Teams are limited
- no One Drive for Business
- no people search outside of Teams
- no calendar
- no meeting scheduling
- no pstn/telephony
- no org chart
- no teams creation/revision
- no teams browsing
- no file upload in P2P chats

*unless you assign any admin role to a guest. So be cautions. Don’t.

What you can do to secure your Microsoft 365 guest identities?

Microsoft added a very good article in the documentation Create a secure guest sharing environment [link at the bottom] which describes the key elements you must take into account for your B2B collaboration and guest access configuration.

enforce multi-factor authentication for guests
provide terms which guests musts agree on
regularly review permission needs are still valid
restrict access for guest to web-only / browser-only
set session timeout to enforce regular/daily authentication by guests
classify content by using sensitivity labels
auto classify defined sensitive information to highly confidential
auto remove guests access from files labeled high confidential

Conclusion, opinion and summary

Guest access can be vital for your company and employees to easily work together with external stakeholders. If required. It must be secured.

To provide guest access, I think it is a good idea to establish a organizational process that internal employees must request guest access for an external person via an approval process. The latter could be accomplished by using Power Automate with Forms or Power Apps. Onboarding or adding a new guest should be based on the approach which Microsoft provides in Create a secure guest sharing environment [link at the bottom]. To complete the guest user life cycle the identity should be audited and monitored regarding permission needs and activities, so that either certain permissions can be removed or that an guest account gets disabled or even deleted depending on usage/activity/last logon or other criteria.

Additional resources

12. April 2020

Microsoft Teams Telephony Licensing Notes [Update April 2020]

In this post I like to point out some updated licensing options for Microsoft Teams regarding telephony, common area phones and meeting rooms.

The hereinafter described license options might be subject to change. Moreover not all licenses or subscriptions are available in every country around the globe, especially calling plans and audio conferencing (shortened: Audioconf.).

Teams Licensing Basics

Microsoft Teams is a single service of the massiv Microsoft 365 services stack which it tightly linked and integrated within this service stack.
Microsoft Teams is part of a “packaged” Microsoft Office 365 subscriptions by default.
Microsoft Teams “replaces” Skype for Business Online (SFB Online EOL date July 31, 2021). The Skype for Business Desktop Client within Office 365 ProPlus is also obsolete, meaning that new (full) Office 365 ProPlus installation will get a Teams instead of a Skype for Business Client.

The following slides and drawing are intended to provide you with an overview on licensing options. I also point out what you should take into account in case of Teams Direct Routing (TDR), in this post and following drawings I call a TDR scenario a “hybrid” scenario.

Telephony with Teams (for users)

Call Queues (CQ) and Auto Attendants (AA)

Resource accounts for CQ/AA need a license. Till 01.07.2019 you had to license these users with typical user licenses. Now you can buy and assign a free “Phone System Virtual User license”.

At the bottom I’ll add a link to a well-written how-to post “Add a free licence to Call Queues and Auto Attendants (Microsoft Teams)” from ucgeek.com which describes how to buy and assign the license.

Teams Common Area Phone (CAP)

Teams Meeting Room

Conclusion, opinion and summary

The above drawings quickly depict how you can license users, common area phones, meeting room devices and even call queues or auto attendants for Microsoft Teams.

Additional Resources

11. April 2020

What’s new in Microsoft Teams in April 2020?

In this post I like to highlight some new and planned Microsoft Teams features based on the latest roadmap updates by Microsoft. The last few days many updates were made to the Microsoft Teams roadmap. There are several neat feature updates for Microsoft Teams which will be rolled out soon, are rolling out now or which are already available. Let me give you an overview on these.

Source: https://pixabay.com/illustrations/landscape-hill-sky-clouds-hilly-922581/

Meetings and live events

end meetings | as an host you can now end meetings. So nobody can remain in the meeting to proceed or use the online meeting space.
audioconferening dialin user number masking | PSTN participant phone numbers will be masked from external users [~May 2020]
background effects in meetings | use background (pre-selected) images to enable other participants to focus on you and reduce distraction. later also custom background images.
raise hands in Teams meetings | attendees can rais their virtual hand to notify the presenter that there is a person who would like to speak
share system audio in a meeting
share system audio in a live event

Voice / telephony

Microsoft 365 Business Voice | Microsoft 365 phone system capabilities are available for SMB organizations with up to 300 seats as addon license for the smaller licensing bundles (business plan/s).

So, also business plans are enabled to go for calling plans and/or Direct Routing to enable (pstn) telephony to/from Microsoft Teams.

Chat

Multi window chat | Ability to pop out a chat in a separate chat window

Security

Microsoft adds Azure AD Premium Plan 1 to M365 Business plans which provides feature like

conditional access,
self-service password reset and
multi-factor authentication (MFA) to secure your identities.
Plus some more features like Cloud App Discovery (to discover used apps which you might were not aware that these are used within your company),
application proxy,
dynamic groups,
passwordless auth (Windows Hello for Business, Microsoft Authenticator app, FIDO 2).

All this helps to make your communication and collaboration for your business more secure. Especially for SMBs (up to 300 seats). This is really compelling due to price and feature set. Until know you had to get enterprise plans for this to get the option to add these features to your Microsoft 365 deployment.

Conclusion, opinion and summary

Microsoft now really pushes out these features and changes to enable small and medium sized business (SMBs) to securely communicate and collaborate at a reasonable price. To me, MFA (for all) was long awaited in this licensing segment because nowadays MFA should be the imperative anyway.

Additional resources

Azure Active Directory Premium P1 is coming to Microsoft 365 Business
Microsoft Teams PSTN telephony licensing update for SMBs
Microsoft Teams – end meeting for all participants within a Teams meeting [Featured ID: 63286]
Microsoft Teams – PSTN participant phone numbers are masked from external users [Featured ID: 63309]
Microsoft Teams – Share system audio in a Teams meeting [Featured ID: 50692]
Microsoft Teams – background effects in Teams meetings [Featured ID: 62890]
Microsoft Teams – share system audio in live events [Featured ID: 63276]
Microsoft Teams – raise hands in Teams meetings [Featured ID: 62755]
Microsoft Teams – Multi-Window Chat [Featured ID: 57292]

6. April 2020

Microsoft Teams PSTN telephony licensing update for SMBs

This post highlights a new licensing option regarding (PSTN) telephony / calling / dial tone with Microsoft Teams for small and medium businesses (SMBs) or companies with up 300 seats. Now SMBs can benefit also from Microsoft Teams’ integrated telephony capabilities.

The hereinafter described licensing might be subject to change. Moreover not all licenses or subscriptions are available in every country around the globe, especially calling plans and audio conferencing.

source: https://pixabay.com/illustrations/sound-wave-voice-listen-856770/

Microsoft extended its phone system offering to be a add-on license for Office 365 business premium, too. Until now you needed the following licenses for telephony in Microsoft Teams:

previously

Office 365 E1/E3 + phone system (+ calling plan) (+ optional audio conferencing)
Office 365 E5 (incl. phone system) (+ calling plan) (+ optional audio conferencing)

now [March 2020]

Office 365 Business Essentials / Premium + phone system (+ calling plan) (+ optional audio conferencing)
Office 365 E1/E3 + phone system (+ calling plan) (+ optional audio conferencing)
E5 (incl. phone system) (+ calling plan) (+ optional audio conferencing)

Conclusion, opinion and summary

The new licensing option for Microsoft 365 Phone System enables small and medium business (up to 300 seats) with Office 365 Business Premium licenses to consider to use Microsoft 365 Phone System instead of using a PBX or migrate to it to reduce costs, get telephony integrated to Teams and provide a seamless and unified user experience by using Microsoft Teams for communication and collaboration as the hub for teamwork and telephony as well.

Additional resources

Microsoft Teams add-on licensing [updated section/s – see section “License options based on your plan”]
Microsoft 365 Business Voice service description
Use the Getting Started wizard to set up Business Voice
Microsoft telephony solutions [general overview]
Office 365 Business Premium [seems not yet to be up to date]
Microsoft Teams Licensing Notes [Update July 2019]

29. March 2020

Microsoft Teams online meetings and live events

In this post I explain which options you have to bring people in a virtual meeting space together using Microsoft Teams and how you can schedule these meeting types. I also describe some technical configuration options which you might want to adjust depending on your company’s user profiles and needs, if required.

Online meetings in Teams

Microsoft Teams online meetings can be scheduled or ad hoc and are for up to 250 people at max. To schedule it you must be assigned with the appropriate licenses. An audio conferencing license is complementary and not required but I’d recommend it in case you expect that some attendees might dial in using their phone (PSTN) instead of enjoying the online experience.

Schedule an online meeting (example)

In this section you can get a glance on organizing an online meeting by using Microsoft Teams on a Windows client. This is just one approach to organize an online meeting. You can also set up an online meeting using Outlook with the Teams add-in installed, your mobile device Teams app etc.

To schedule an online meeting you can start by opening the Teams Calendar in the left-hand navigation rail and click the button “New meeting” in the upper right corner of the desktop (or web client).

You are now seeing the form for scheduling meeting and to enter all the input – as required – to get your online meeting ready.

select time zone, e.g. +1 h UTC Berlin
add a meeting subject, e.g. Teams User Adoption Planning (be specific!)
add attendees
specify the date and time for online meeting (using the scheduling assistant to check on free/busy for your colleagues)
specify the date and time for online meeting (without the scheduling assistant)
(optional) add a Teams Team channel if you want to use one (e.g. if it is related to an project – regular project status update calls or all-hands meetings)
(optional) add a room or address, e.g. add a room with a Microsoft Teams Meeting Room device or a Surface Hub
write an invitation (I recommend to include a meeting purpose and defined meeting goal/s and outcome/s!)
save it (to send it out)

If the online meeting invitation is saved and sent you can modify it, review it to see the join link and the meeting details you entered. In case you have to cancel the meeting you can do this on this view, too.

Online meeting configuration [admin]

To provide and adjust the online meetings you (as an Teams admin) can set up policies depending on your requirements via the Teams Admin Center (admin.teams.microsoft.com). The next illustrations show where you can find and modify these settings.

Teams meeting settings

You can modify the Teams meetings settings. Please note that these settings are global (org-wide/tenant-wide) for all users enabled for Teams (meetings).

Teams Admin Center –> Meetings –> Meeting settings
Enable/disable if anonymous users (anyone) can attend the meeting
(optional) insert a URL to a publicly available (Internet) logo file (jpg/png, < 188 w x 30 h pixels), e.g. on your company’s website
(optional) insert a URL to a publicly available (Internet) legal page
(optional) insert a URL to a publicly available (Internet) help or support page
(optional) write a footer, e.g. “All meeting contents are confidential if not otherwise stated. Contents must not by shared with third parties without explicit authorization by the meeting host. …” or what fits best for your meetings.
save it to enable your customized meeting settings

I don’t describe the network part in the meeting settings section. This is intended to configure quality of service (QoS) for Teams clients.

Teams meeting policies

To set different “permissions”, enable/disable certain meeting experiences or features there are some pre-defined meeting policies which you can assign per user. Additionally, custom policies can be created and assigned to users. You can find this also in the Teams Admin Center underneath the meeting category in the left navigation rail.

Teams Admin Center –> Meetings –> Meeting policies
Check the available policies and what’s allowed within each
(optional) create a new custom policy
assign the policy to user/s [option 1]
assign the policy to user/s [option 2] in the user section (recommended)

Live events in Teams

Are you looking for or planning a large virtual communication event? You might want to use Teams live meetings. It’s no meeting although you can produce and attend a live event with Microsoft Teams. Live events are for up 10.000 attendees, up to 4 hours en block and you can have up to 15 concurrent live events in your Office 365 tenant. Live events are broadcasts and no meetings, i.e. you provide content (like audio/video/desktop or app shared…) in a more advanced way in one direction towards the attendees. The attendees can only interact with the hosts (producers, presenters) via a Q & A chat. Producers are the live event hosts and “manager” and presenters can support in delivering content to the attendees. Producers supervise and run the live event.

To schedule or run (producer, presenter) a live event you need to have the correct licenses, e.g. Office 365 E1/E3/E5/A3/A5 with Teams and Stream license assigned.

Schedule a live event using Yammer

With the right permissions you can schedule a live event using Yammer from within a group as the next screenshot shows.

Yammer group –> schedule live event [de]

Yammer live event options –> Microsoft Teams [de]

Afterward selecting Microsoft Teams and “Next” the scheduling wizards guides you through the live event scheduling process.

Schedule a live event using Teams

In Teams the procedure is similar to scheduling an online meeting.

Instead of “New meeting” and “Schedule meeting” you need to click on “Live event” to schedule it.

Invite attendees to a live event

To distribute the join link after you have scheduled the live event you need distribute it manually, e.g. via your SharePoint Online intranet, Yammer, internal or public website, mail, social media or else.

Teams live event settings [admin]

Teams Admin Center – Live event settings

There are global (org-wide/tenant-wide) settings for live events.

Teams Admin Center –> Meetings –> Live events settings
(optional) attach a support URL
– 6. (optional) third party provider use for video distribution, if needed
–
–
–
save it

Teams live event policies [admin]

Same as with meeting policies, to set different “permissions” and enable/disable features there are some pre-defined live event policies which you can assign per user. Additionally, custom policies can be created and assigned to users. You can find this also in the Teams Admin Center underneath the meeting category in the left navigation rail.

Teams Admin Center – Live events policies

You can create a new custom live event policy and assign it to users which need the capability. In this example I created a “Allow-All” custom policy which can be assigned to users via the “Manage users” button or within the users administration pane.

Teams Admin Center – Live events policy – Allow-All

Teams Admin Center –> Meetings
Live events policies
Enter a name for the policy
Enable/disable scheduling
Enable/disable transcriptions for attendees
Choose scale (internal <-> public)
Enable/disable recording
Save your policy

I would recommend to test live events thoroughly to really understand how it works with the roles (producer, presenter) and getting the content “live”.

When to use what?

Online meetings are suited for a interactive and collaborative kind of meeting whereas live events are for larger uni-directional broadcasts, e.g. company management announcements or external-facing events/webinars.

Conclusion, summary and opinion

Depending on the size and virtual “gathering’s” purpose you can bring together people virtually either in Microsoft Teams online meetings or live events. However, the latter is as mentioned above more a one-way communication. As soon as you want to share and collaborate you can initiate an online meeting. Online meetings are straightforward and provide key online conferencing capabilities (audio/video/sharing) for company-internal as well as external people.

Additional resources

Producing live events in Yammer just got easier
What are Microsoft Teams live events?
Plan for live events in Microsoft Teams
Produce a live event using Teams
Get started with Microsoft Teams live events
Meetings and conferencing in Microsoft Teams
Limits and specifications for Microsoft Teams [see section meetings and calls as well as live events]
Meetings in Teams [schedule, start, join, share, call in | user guidance]
Join a meeting in Teams [user guidance]
Manage meeting settings in Microsoft Teams [admin]
Live events in Yammer