Tagged: Teams

Call loops after enabling busy on busy for Microsoft Teams Calling with Audiocodes Mediant

In this post I describe how you can fix a call loop and cause code issue with busy on busy enabled in Microsoft Teams Direct Routing in conjunction with a Audiocodes Mediant Session Border Controller. In one of my recent Teams Direct Routing deployments I came across an issue as soon as I enabled Busy on Busy in the Microsoft Teams Admin Center, as described in one of my previous blog posts, here.

Scenario

  • Microsoft Teams Direct Routing
  • Audiocodes Mediant VE Session Border Controller (SBC) V 7.20A.256.721
  • PSTN SIP Trunk Provider
  • Microsoft Teams Busy on busy (BoB) enabled for the user/s

Issue

Enabling busy on busy on Teams caused call loops, many missed calles shown in the call history in the Teams client.

Screenshot – Teams Call History for a user enabled for BoB

Usual calls incoming, outgoing, call forwarding etc. worked fine but after assignment of the policy including the enabled busy on busy the caller caused a “call loop” and many missed calls in the call history while the callee was still on a call with someone else.

Screenshot – SysLog with BoB enabled

Actually the above SIP flow looks ok but why on earth is the second caller’s number showing up that often? That’s the loop we get and the many missed calls as long as the called person is still busy on another call.

Solution

Usually, 486 Busy Here should be ok towards the PSTN SIP Trunk provider because this says “busy”. However, it did not really say “busy” or provide the “busy” tone to the second caller.

After some research I came across an helpful blog post from Luca Vitali describing a similar issue with the difference that he’s seeing this in a TDR deployment with a TDM PSTN trunk and a different cause code sent by Microsoft 365 Phone System.

Screenshot – SysLog – Reason Header Analysis – Cause 34 is sent in a 486 Busy Here

So, I checked the SIP reason header in more detail for the “486 Busy Here”. Viewing the SIP message logs by using the SysLog Viewer I found REASON: Q.850;cause=34;text=”171015b7-8b51-4fca-b9c0-d5f052823334;User is busy and currently active on another call.” There I noticed “cause=34” which means “no circuit available”. Is this not ok? That could be the possible issue because Microsoft 365 Phone System sends the above in a BoB scenario and probably the PSTN SIP Trunk provider looks not only on the “486 Busy Here” but also in the details of the Reason including the Q.850 cause codes which does not include the right code for “busy”.

So, just set up a message manipulation rule on the Audiocodes SBC to change the cause in the SIP reason line.

Screenshot – Audiocodes SBC \ Setup \ Signaling & Media \ Message Manipulation \ Message Manipulations

Example of the message manipulation rule to change the Header Reason Cause Code:

[ MessageManipulations ]

FORMAT Index = ManipulationName, ManSetID, MessageType, Condition, ActionSubject, ActionType, ActionValue, RowRole;
MessageManipulations 2 = "MM-Teams-486BusyHere-34-17", 1, "Any", "Header.Reason.Reason.Cause == '34'", "Header.Reason.Reason.Cause", 2, "'17'", 0;

[ \MessageManipulations ]

This message manipulation rule is based on the message manipulation set id assigned to the IP Group for Teams as an inbound message manipulation.

Please note that the above is just provided as-is and might require adjustments for your deployment. Also, the above manipulation of the cause code might be adjusted if Microsoft Phone System was changed and it sends out another cause code in the Reason Header. I thought of using “…!= ’17′” to always change the cause code in the Reason Header but that’s no good idea because it can cause other issues.

After the message manipulation was implemented I successfully re-tried.

Screenshot – Microsoft Teams Call History (after the msg. manipulation was live)

And also the SBC SIP flow is now fine, no more loops due to BoB and the second caller gets his regularly busy tone.

Screenshot – SIP Message Flow – 486 Busy Here adjusted Q.850 cause code

UPDATE 01.08.2020

It’s also an option to remove the reason header instead of changing the Header.Reason.Reason.Cause.

Additional resources

Safe transfer with Microsoft Teams Calling

In this post I highlight a Microsoft Teams Calling feature to safely transfer calls. Microsoft seems to add safe transfer for calls by Teams Users soon, according to the Microsoft 365 roadmap.

What’s safe transfer with Microsoft Teams?

As the roadmap item says it enables Team Users to get a call back if the Teams User transferred it to another Teams or Skype for Business user which does not answer.

That this works it is required that the user who transfers the call is a Microsoft Teams user and the target must be a Microsoft Teams or Skype for Business user in the same or federated tenant.

Additional resources

Microsoft Teams Call Quality Dashboard (CQD)

In this post I describe the CQD for Microsoft Teams and provide an high-level overview on its capabilities.

What’s the CQD? The call quality dashboard, short CQD, is a rich dashboard and reporting platform to check and ensure call quality metrics. Furthermore, it helps to analyze and to troubleshoot call quality if you drill down in reports and to figure out where you might have issues. Or you can just see what’s going on in your Microsoft 365 Phone System with Microsoft Teams.

Source: Microsoft Teams CQD (May/June 2020)

In case you need to dig in deep in the depths of the reports you might also want to upload some network details regarding your physical location/s or endpoints. This can help you as well as Microsoft Support to troubleshoot issues, if required. For example, you can upload a CSV including:

column namecolumn formatexample
networkipString10.10.1.0
network nameStringHQ-Stuttgart
networkrangeNumber24
buildingnameStringHQ-Stuttgart-Office
ownershiptypeStringEriksLab
buildingtypeStringIT Operations
buildingofficetypeStringAdministration
cityStringStuttgart
zip codeString71178
countryStringDE
stateStringBaden-Wuerttemberg
regionStringStuttgart
insidecorpBoolean1
expressrouteBoolean0
VPN (optional)Boolean0
CQD Tenant Data Information (CSV) example for buildings
Source: Microsoft Teams CQD (June 2020)

So, depending on your uploaded data you can view the reports either without or with the enriched data input.

Source: Microsoft Teams CQD (June 2020)

Conclusion, opinion and summary

The CQD is a helpful means to support analyzing and troubleshooting call quality-related issues. They reporting data can help to find out what’s not working well and maybe even give you the why to mitigate the issue. E.g. bad connectivity, bad device or else. Additional, depending on your organization’s size and requirements you could also get the data to PowerBI for more customized views and reporting, if needed. The CQD is very powerful and supportive to resolve call quality issue. In case you are utilizing Microsoft Teams especially calling capabilities, I think, it is a very good platform which can support your call quality troubleshooting.

Additional resources

Manage Microsoft Teams Rooms (MTR)

Soon, Microsoft Teams Meeting Rooms (MTRs) will be (remotely) managable via the Teams Admin Center, as described on the Microsoft 365 Roadmap [ID 64022].

  • update settings for Team Room Devices
  • monitor and check health status of Teams Room Devices incl. peripherals (camera, mic)
  • troubleshoot a MTR by remotely restart the devices
  • troubleshoot a MTR by remotely download logs
Source: https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=64022

I assume that the admin experience will be similar to what is already available to manage Microsoft Teams Phones and Collaboration Bars.

Source: Microsoft Teams Admin Center (Screenshot)

Additional resources

Create a Microsoft Teams Meeting with Outlook on the web or mobile

Microsoft soon enables you to schedule a Teams (or Skype for Business Online) Meeting by using Outlook on the web, Outlook for iOS or Outlook for Android. As of now, May 2020, it looks like the feature on Outlook on the web is planned for the second quarter (Q2) 2020 and on mobiles (iOS/Android) for June 2020.

At the bottom of this post you can find the links to the user guide on how to create a Teams meeting in Outlook on the web/for iOS/for Android, to start right away scheduling Team meetings, as soon as it becomes available. So, you should, as usual, keep your mobile device and apps up-to-date.

Source: https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=63383
Source: https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=63625
Source: https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=63628

Additional resources

Microsoft Teams Contact Center Integration

This post is about the Contact Center Integration in Microsoft Teams. If you deploy Microsoft Teams calling capabilities to enable your workforce to use Microsoft Teams you might also be interested in the Contact Center integration. In the past I wrote an article about Microsoft Teams Call Queues and Auto Attendants for Direct Routing which describes Teams calling capabilities in regards of automatic call distribution (ACD) and/or interactive voice response (IVRs). Depending on your needs this was and is maybe not yet sufficient for your agents because you have many agents answering loads of incoming calls, transfer calls to maybe other departments/agents and respond to these incoming requests, complaints, remote advisories, incidents or what have you. Maybe 24/7…

Source: https://pixabay.com/de/illustrations/lernen-hinweis-schule-betreff-3245793/
Source: https://pixabay.com/de/illustrations/lernen-hinweis-schule-betreff-3245793/

So, there was a missing piece to bringt Microsoft Teams and more advanced Contact Center solutions together. Until lately. APIs were enhanced and improved which enabled Contact Center solution and service providers to build and use the available integrations based on

  • Direct Routing Connectivity,
  • Microsoft Graph Cloud Communication APIs,
  • Teams platform and extensibility and/or
  • Teams SDKs.

By this Microsoft enables for three integration “depths”:

  • Connect | based on Direct Routing
  • Connect and Extend | mixture of Direct Routing + Graph APIs + Teams apps platform
  • Extend and Power |embedding Teams SDKs into Contact Center App/Solution/Service for native Teams interactions (which works with Direct Routing as well as calling plans)

Now that you want to start to integrate your existing Contact Center solution in Microsoft Teams, note that this works only for certified Contact Center solutions and services, which are listed in the Connected Contact Center for Microsoft Teams Certification Program. Today, there are already very well-known providers offering Microsoft Teams integration (see additional resources).

Conclusion, opinion and summary

This is another step forward to bring in more voice and calling capabilities into Microsoft Teams as it can become the primary client app for Contact Center agents as well. I assume that more is about to come and enable companies to leverage more and more of Microsoft Teams especially enterprises with large contact centers which might still be on Skype for Business Server with Enterprise Voice for these workloads. In the past this was mostly due to the SFB UCMA integration which was often used in these voice deployments and in Teams this integration option was missing. Now, enterprise still running SFB Server and having dependencies in regards of third-party Contact Center solutions based on UCMA might probably soon get rid of SFB Server onprem, migrate (the until now left behind Contact Center agents) to Microsoft Teams and decommission SFB Server infrastructure.

Additional resources

Konfiguration von Microsoft Teams Direct Routing über das Teams Admin Center

In diesem Beitrag möchte ich aufzeigen, wie Microsoft Teams Direct Routing jetzt auch über das Teams Admin Center konfiguriert werden kann. Ich selbst bevorzuge weiterhin die Anlage mit der PowerShell, aber es ist gut zu wissen, dass diese Funktionen jetzt auch im Admin Center verfügbar sind.

Hinweis: Dieser Beitrag beschreibt einen aktuell verfügbaren Ansatz in Form einer beispielhaften Konfiguration. Wie einen Konfiguration vorgenommen werden muss, kann variieren (je nach Anforderungen) und sich auch jederzeit seitens Microsoft 365, Teams etc. verändern.

How to connect a certified SBC via Teams Admin Center?

Zielsetzung

Microsoft 365 Telefonsystem an einen zertifizierten Session Border Controller (SBC) für Microsoft Teams Direct Routing (TDR) anbinden.

Design und Umfang

In diesem exemplarischen Beitrag zeige ich nur wie die Verbindung vom Microsoft 365 Telefonsystem zum SBC eingerichtet werden kann (gelb). Die Konfiguration eines SBCs, mögliche Anpassungen und Feinjustierungen werden hier nicht weiter beschrieben. Am Ende wird noch ein Cloud-only User Account eine Telefonnummer und die Voice Routing Policy zugewiesen.

Auf Details, was TDR ist, Voraussetzungen und wie zu lizenzieren ist gehe ich hier nicht ein.

How to connect a certified SBC via Teams Admin Center?

Zu konfigurieren sind

  • ein Teams PSTN Gateway (SBC),
  • PSTN Usage,
  • Voice Route,
  • Voice Routing Policy
  • und zuletzt muss die Voice Routing Policy dem User zugewiesen werden.

Lösung (Beispiel)

Wir beginnen im Microsoft Teams Admin Center (https://admin.teams.microsoft.com) als globaler Admin, aber auch schon die Teams-Administrator-Rolle (Teams Service Administrator) reicht hier und berechtigt für die Konfiguration.

Nachstehend zeigen die Screenshots den “Konfigurations-Pfad” und in jedem Screenshot werden die Schritte beginnend mit “1” aufgezeigt.

Teams Admin Center
PSTN Gateway bzw. SBC hinzufügen
SBC im Teams Admin Center konfigurieren (FQDN, aktiviert, Port (SBC Listener), Sessions …)
Einstellungen sichten
PSTN Usage erstellen
PSTN Usage erstellen
Voice Route erstellen
Voice Routing erstellen

Bei “Dialed number pattern” kann ein bestimmter regulärer Ausdruck via RegEx definiert werden, um basierend von Teams ausgehende Anrufe auf einem bestimmten “Muster” zu prüfen, um hier eine Routing-Entscheidung für diese oder eine mögliche andere Route zu treffen. Ich lasse dies hier mal absichtlich leer. Wenn User komplett E.164 (also mit +49… ) wählen sollen oder einfach alles akzeptiert werden soll, kann hier z. B. .$ (any) o.ä. verwendet werden. Je nach Bedarf.

Voice Route erstellen
Voice Route und Priorität prüfen
Voice Routing Policy für die Zuweisung an User erstellen
PSTN Usage in Voice Routing Policy hinzufügen
Voice Routing Policy einem User zuweisen
Voice Routing Policy einem User zuweisen

Nach dem die Voice Routing Policy zugewiesen wurde, kann es eine Weile* dauern bis, in diesem Beispiel James, telefonieren kann. Natürlich muss hierfür der SBC bereits konfiguriert und funktionsfähig sein. Auch die richtigen Lizenzen und Policies (Calling Policies) dürfen für die User nicht fehlen. Nicht zu vergessen, dass der oder die Benutzer noch eine Telefonnummer zugewiesen benötigt.

*eine Weile kann von ein paar Minuten bis hin zu mehreren Stunden sein. Ich habe schon unterschiedlich lange Bereitstellungszeiten festgestellt.

Letzteres geht aktuell leider (noch?) nicht via Teams Admin Center. Dazu benötigt es noch die SFB Online PowerShell außer ich habe SFB Server (Hybrid) und meine Rufnummern werden noch vom onpremise Server via AAD Connect übertragen (msRTCSip-LineURI…). Doch hier gibt’s dann noch ein paar weitere Aspekte zu beachten.

Zuweisung der Telefonnummer und Voice Routing Policy via PowerShell

Die Zuweisung der Voice Routing Policy und Telefonnummer kann per PowerShell erfolgen (via SFB Online Connector), nach dem das SFBO PowerShell Modul heruntergeladen, installiert und verbunden wurde. Wenn man das nachstehende etwas umbaut, kann hieraus einfach über ein CSV-Import und eine foreach-Schleife ein Anlage und Zuweisung von Benutzern im größeren Stil erfolgen.

#Verbindung zu SFBO aufbauen (mit MFA)
Import-Module "C:\Program Files\Common Files\Skype for Business Online\Modules\SkypeOnlineConnector\SkypeOnlineConnector.psd1"
#Import-Module SkypeOnlineConnector
$SFBOSESSION = New-CsOnlineSession
Import-PSSession $SFBOSESSION
#Voice Routing Policy zuweisen
Grant-CsOnlineVoiceRoutingPolicy -Identity "James" -PolicyName "VoiceRoutingPolicy-Germany-Stuttgart”
#Telefonnummer zuweisen
Set-CsUser -Identity "james@...domain.de" -OnPremLineURI tel:+497119874563219 -EnterpriseVoiceEnabled $true -HostedVoiceMail $true
#Verbindung trennen
Remove-PSSession $SFBOSESSION

Zusammenfassung

Ich finde es praktisch, dass ich jetzt einen zertifizierten SBC auch über das Teams Admin Center verbinden kann. Wieso ich aber Usern noch keine (TDR) Telefonnummer auch über das Teams Admin Center zuweisen kann, ist mir ein Rätsel. Hierfür muss ich wieder in die PowerShell wechseln. Das finde ich etwas umständlich. Dann mache ich es aktuell doch lieber noch per Shell, da ich mit der PowerShell die Ansichten nicht wechseln brauche.

Ich hoffe, der Beitrag gibt eine grobe Übersicht, wie (aktuell Mai 2020) ein SBC für TDR an das Microsoft 365 Telefonsystem angebunden werden kann.

Zusätzliche Ressourcen

How to secure your guest access in Teams?

In this post I point out what you can do to secure your Microsoft 365 guest access or guest identities for a secured collaboration experience. Guests in Microsoft 365 are external persons or identities which you can enabled to access defined Microsoft 365 resources, e.g. to work together in a project by using a Microsoft Teams Team. This is very beneficial for a more in-depth collaboration in project teams which include several external stakeholders from other companies like external project managers, subject matter experts, suppliers or others. By enabling guest access for specific scenarios and workloads you can easily work together across companies, if required. So, your employees do not need to find another way or a (#ShadowIT) workaround to do this which does not align with your company’s compliance.

I often have discussions regarding collaboration security on external (guest) access. So, what’s the answer to convince all from guest access? Well, let me put it that way, there is never an “one size fits all” answer, definitely not. Company A is not the same as company B. There might be similar processes, requirements, collaboration strategy goals or else but it’s still different, of course. The people, the services, the products, the vertical etc. are different. To keep it short, B2B collaboration with guest access is an excellent feature but usually requires a different implementation approach depending on the company. Sometimes a basic implementation is sufficient, sometimes you need to establish a new organizational process in varying complexity including B2B collaboration governance and so on.

Please note, that is is just one of many measures to secure your communication and collaboration in Microsoft 365. This is only a single part of a more holistic and required security architecture concept. Moreover, the below description, configuration etc. might change at anytime and is just an example, demo piece.

Source: https://pixabay.com/de/illustrations/sicherheit-sichern-gesperrt-2168233/
Source: https://pixabay.com/de/illustrations/sicherheit-sichern-gesperrt-2168233/

Limitations for guests

Guest are a “special” member type in Azure AD and M365. So, there are some limitations by design for guests you should know of. For more please read What are the default user permissions in Azure Active Directory? and Guest access in Microsoft Teams [links at the bottom].

  • Per licensed user you can add up to five guests (1:5 ratio)
  • Guest user permissions in Azure AD are limited by default*
    • cannot browse other tenant information
    • but can view their own profile
    • but can retrieve input on other users if he/she searches for a UPN or object ID
  • Guest user permissions in Office 365 groups are limited
  • Guest user permissions in Teams are limited
    • no One Drive for Business
    • no people search outside of Teams
    • no calendar
    • no meeting scheduling
    • no pstn/telephony
    • no org chart
    • no teams creation/revision
    • no teams browsing
    • no file upload in P2P chats

*unless you assign any admin role to a guest. So be cautions. Don’t.

What you can do to secure your Microsoft 365 guest identities?

Microsoft added a very good article in the documentation Create a secure guest sharing environment [link at the bottom] which describes the key elements you must take into account for your B2B collaboration and guest access configuration.

  • enforce multi-factor authentication for guests
  • provide terms which guests musts agree on
  • regularly review permission needs are still valid
  • restrict access for guest to web-only / browser-only
  • set session timeout to enforce regular/daily authentication by guests
  • classify content by using sensitivity labels
  • auto classify defined sensitive information to highly confidential
  • auto remove guests access from files labeled high confidential

Conclusion, opinion and summary

Guest access can be vital for your company and employees to easily work together with external stakeholders. If required. It must be secured.

To provide guest access, I think it is a good idea to establish a organizational process that internal employees must request guest access for an external person via an approval process. The latter could be accomplished by using Power Automate with Forms or Power Apps. Onboarding or adding a new guest should be based on the approach which Microsoft provides in Create a secure guest sharing environment [link at the bottom]. To complete the guest user life cycle the identity should be audited and monitored regarding permission needs and activities, so that either certain permissions can be removed or that an guest account gets disabled or even deleted depending on usage/activity/last logon or other criteria.

Additional resources

Microsoft Teams Telephony Licensing Notes [Update April 2020]

In this post I like to point out some updated licensing options for Microsoft Teams regarding telephony, common area phones and meeting rooms.

The hereinafter described license options might be subject to change. Moreover not all licenses or subscriptions are available in every country around the globe, especially calling plans and audio conferencing (shortened: Audioconf.).

Teams Licensing Basics

  • Microsoft Teams is a single service of the massiv Microsoft 365 services stack which it tightly linked and integrated within this service stack.
  • Microsoft Teams is part of a “packaged” Microsoft Office 365 subscriptions by default.
  • Microsoft Teams “replaces” Skype for Business Online (SFB Online EOL date July 31, 2021). The Skype for Business Desktop Client within Office 365 ProPlus is also obsolete, meaning that new (full) Office 365 ProPlus installation will get a Teams instead of a Skype for Business Client.

The following slides and drawing are intended to provide you with an overview on licensing options. I also point out what you should take into account in case of Teams Direct Routing (TDR), in this post and following drawings I call a TDR scenario a “hybrid” scenario.

Telephony with Teams (for users)

Call Queues (CQ) and Auto Attendants (AA)

Resource accounts for CQ/AA need a license. Till 01.07.2019 you had to license these users with typical user licenses. Now you can buy and assign a free “Phone System Virtual User license”.

At the bottom I’ll add a link to a well-written how-to post “Add a free licence to Call Queues and Auto Attendants (Microsoft Teams)” from ucgeek.com which describes how to buy and assign the license.

Teams Common Area Phone (CAP)

Teams Meeting Room

Conclusion, opinion and summary

The above drawings quickly depict how you can license users, common area phones, meeting room devices and even call queues or auto attendants for Microsoft Teams.

Additional Resources

What’s new in Microsoft Teams in April 2020?

In this post I like to highlight some new and planned Microsoft Teams features based on the latest roadmap updates by Microsoft. The last few days many updates were made to the Microsoft Teams roadmap. There are several neat feature updates for Microsoft Teams which will be rolled out soon, are rolling out now or which are already available. Let me give you an overview on these.

Source: https://pixabay.com/illustrations/landscape-hill-sky-clouds-hilly-922581/
Source: https://pixabay.com/illustrations/landscape-hill-sky-clouds-hilly-922581/

Meetings and live events

  • end meetings | as an host you can now end meetings. So nobody can remain in the meeting to proceed or use the online meeting space.
  • audioconferening dialin user number masking | PSTN participant phone numbers will be masked from external users [~May 2020]
  • background effects in meetings | use background (pre-selected) images to enable other participants to focus on you and reduce distraction. later also custom background images.
  • raise hands in Teams meetings | attendees can rais their virtual hand to notify the presenter that there is a person who would like to speak
  • share system audio in a meeting
  • share system audio in a live event

Voice / telephony

Microsoft 365 Business Voice | Microsoft 365 phone system capabilities are available for SMB organizations with up to 300 seats as addon license for the smaller licensing bundles (business plan/s).

So, also business plans are enabled to go for calling plans and/or Direct Routing to enable (pstn) telephony to/from Microsoft Teams.

Chat

Multi window chat | Ability to pop out a chat in a separate chat window

Security

Microsoft adds Azure AD Premium Plan 1 to M365 Business plans which provides feature like

  • conditional access,
  • self-service password reset and
  • multi-factor authentication (MFA) to secure your identities.
  • Plus some more features like Cloud App Discovery (to discover used apps which you might were not aware that these are used within your company),
  • application proxy,
  • dynamic groups,
  • passwordless auth (Windows Hello for Business, Microsoft Authenticator app, FIDO 2).

All this helps to make your communication and collaboration for your business more secure. Especially for SMBs (up to 300 seats). This is really compelling due to price and feature set. Until know you had to get enterprise plans for this to get the option to add these features to your Microsoft 365 deployment.

Conclusion, opinion and summary

Microsoft now really pushes out these features and changes to enable small and medium sized business (SMBs) to securely communicate and collaborate at a reasonable price. To me, MFA (for all) was long awaited in this licensing segment because nowadays MFA should be the imperative anyway.

Additional resources