Category: Skype for Business

January 26th, 2022 by Tom Arbuthnot

Long time blog readers will know. I like to follow the Microsoft earnings calls for insights around Microsoft Teams and Microsoft 365. Microsoft just announced their earnings and revenue for the fiscal second quarter, the last calendar quarter of 2022. This quarter has some good insights; quotes are from the earnings call transcript, and everything outside the quotes is my commentary.

To stay up to date with all the Microsoft Teams news, be sure to join now over 15,000 people on my monthly free Teams news and insights newsletter.

  • Microsoft Teams “surpassed 270 million monthly active users this quarter”. Up from the 250M number we got in July 2021. It’s worth noting that Microsoft don’t break out numbers for Teams Consumer and Teams Commercial (Business/Enterprise/Health/Everything with an Office 365 account really). Microsoft recently included Teams Consumer with Windows 11. I wonder how much of this bump can be attributed to Windows 11/consumer accounts? The Windows 11 user numbers were not broken out, but we did get that “There are now more than 1.4 billion monthly active devices running Windows 10 or Windows 11”. I would guess the vast majority are still Windows 10 right now, but even a small percentage of that being Windows 11 could have an impact
  • Over 90 percent of Fortune 500 companies used Teams Phone this quarter, and we continue to take share across PSTN and VOIP”. I notice here that “PSTN and VoIP” is mentioned. We have seen perviously that Microsoft has included VoIP use when talking about “Teams Phone” rather than a strict definition of user with PSTN/Teams Phone licences.
  • “Monthly usage of third-party applications and custom-built solutions [in Teams] has grown 10X in the last two years”. Microsoft is making a real push for Teams to be more than just UC and land it as collaboration and a platform. Tighter integration with Power Platform really helps this story “Marks & Spencer used Power Apps and Teams to streamline internal help desk requests”
  • “The number of active Teams Rooms devices more than doubled year over year.”. Thats impressive growth, especiallty considering supply chain constraints. The Hybrid work experience is a hot topic in most enterprises right now.
  • Frontline worker usage [of Microsoft Teaams is] up 2X year over year“. Walmart chose Teams for their more than 2 million frontline workers this quarter.
  • Teams Essentials got a mentions from both Satya and Amy Hood as one of the strategies to focus on growth in SMB. “It’s early days, but we’re already encouraged by strong demand”.
  • Viva is being used by more than 1,000 paid customers – including Blum, Nationwide, and REI – to help address challenges like employee burnout and retention”
  • Office 365 commercial revenue growth of 19% was driven by installed base expansion across all workloads and customer segments, as well as higher ARPU”. You see Microsoft increasingly focusing on getting The Acerage Revenue Per User up by pushing more users towards E5 and even beyond with addiitonal beyond E5 services like Viva, Advanced Communicaitons, Microsoft Teams Room Premium and other “add-on” SKUs
  • Office 365 commercial seats increased 16% year-over-year, driven by another strong quarter of growth in our small and medium business and frontline worker offerings.”. The difference in seats growth vs revenue growth indicating some increase in ARPU.
  • Dynamics revenue grew 29% year-over-year driven by Dynamics 365, which grew 45% and 44% in constant currency”. Dynamics growth was mentioned, but no mention of Dynamics Voice Channel/Microsoft in the Contact Center market. Maybe it’s a bit eaerly for any meaningful results in this area, but I expected a nod to the potential.

Overall, Microsoft’s numbers are up and beating projections. The global changes caused by the pandemic have accelerated cloud adoption, particularly of Microsoft Teams and hybrid working/new ways of working continue to be hot topics for organisations. 2022 will be a big year for Teams Phone as organisations that moved to Microsoft Teams for meetings and collaboration consolidate their Unified Communications onto Microsoft Teams.

Posted in Skype for Business

January 25th, 2022 by The_Exchange_Team

Historically, Exchange has used a user’s primary SMTP address as the From address when sending messages. Other SMTP addresses assigned to a user (e.g., proxy addresses, also known as aliases) were mainly intended for receiving messages. Even when an email client tries to use an alias for the From address, that value is overwritten with the user’s primary SMTP address when the message is sent.

Today, business operations are much more challenging and complex, and activities such as mergers and acquisitions, rebranding, and other such changes have created the need for multiple identities and SMTP domains to be managed by an organization. To address these challenges, we started a journey toward making aliases first-class addresses in Exchange Online. We are excited to announce that we’ve reached the first milestone of this journey.
In the past, those wanting to send from aliases had a few options. They could use the SMTP AUTH client submission protocol, which didn’t rewrite the From addresses. Shared mailboxes could be used, but that meant another identity and another Inbox, as well.

To eliminate the need for these suboptimal solutions, we have introduced new capabilities in Exchange Online that enable Outlook clients to use and preserve aliases and to display the original alias used to send the message. This is accomplished by no longer replacing aliases during the sending or delivery of messages in Exchange Online.

The new capabilities are now available in Public Preview for Outlook on the Web and Outlook for iOS and Android. You can access the Preview using the SendFromAliasEnabled parameter of the Set-OrganizationConfig cmdlet. The setting enables the new functionality for all Exchange Online mailboxes in the organization.

This feature is in Preview because we have made fundamental changes throughout the email pipeline. There are known compatibility issues with some features that assume the user’s primary SMTP address will always be used. These known issues are listed below. We will work to the update the known issues list in this post periodically.

This is the first iteration of our support for aliases. We do have plans for additional functionality, but we want to hear from customers about what they want.
Client support
Support for sending from aliases has been added to Outlook on the web and Outlook for iOS and Android. Mobile clients allow users to enter aliases in the From field and those will be saved for future use. Support for Outlook for Windows is currently planned for Monthly Channel customers by Q2 of this calendar year. Desktop clients will display a list of enabled aliases in the From field, and messages sent from an alias will have that address preserved.

Aliases will also be preserved when messages are addressed to them. If a user replies to a message that was sent to their alias, their reply will come from the alias by default.
Outlook on the web
The From drop-down now contains a list of available aliases:

alias01.png

This list of aliases can be customized by the user in Settings from the full list of aliases (proxy addresses) that are associated with their mailbox.

alias02.png

Outlook for iOS and Android
Aliases can be entered into the From field. Previously used aliases will be saved and available via a dropdown list:

alias03.png

Outlook for Windows
Support for aliases is on the way for Outlook for Windows. The From field will also support a customized list of aliases.

alias04.png

It’s possible to customize the list by clicking on Manage List…, which is the same as changing them on the Settings page in Outlook on the web.

alias05.png

Known Issues
This being a preview, we are aware of several known issues:

  • Outlook on the Web has an issue with displaying and preserving aliases when Conversation View is not enabled. A fix is being worked on.
  • Rules, such as hygiene or journaling rules that are configured to look for specific email addresses, may not match aliases, resulting in the rule not acting on those messages.
  • Different email addresses or display names may appear. Some companies have set up Outlook clients with aliases or display names that differ from the user’s primary email address and display name stored on the mailbox. When the sending from aliases feature is enabled, it may cause a change in behavior for what shows up in sent messages’ From field.
  • Messages sent to aliases were rewritten to the primary SMTP address in the past. Complex routing configurations may rely on this behavior. When the sending from aliases feature is enabled, rewriting to the user’s primary SMTP address will stop, which could break routing.
  • When using the user’s primary SMTP address in a Message Trace query, the results do not include messages sent using an alias. To trace messages sent to or from an alias, you need to use the alias in your query. This is less of a known issue and more about highlighting the change to existing behavior.
  • This feature is for Exchange Online-hosted mailboxes only. Messages to and from on-premises can be subject to rewriting the aliases on those servers.

To provide feedback on the Preview (such as requests for additional features or functionality) we have set up an email to send those to: aliases-feedback[AT]Microsoft[DOT]com. We will monitor these to determine what functionality to invest resources into. Please note that we will not be individually replying to this feedback.

Outlook client feedback / features can also be filed (and voted on) on our new Feedback Portal. Please use the in-app support for Outlook Mobile issues, and regular support tickets can be opened for other versions of Outlook clients.
Let us know below what you think!

Exchange Online team

Posted in Skype for Business

January 25th, 2022 by Pooja Parab

Looking back over the last year, the security landscape has continued to experience significant change and escalation. Every day, we see the toll this is taking on organizations of all sizes as they navigate the enduring challenges of the pandemic, the expansion of the digital estate, and the evolution of threats. As defenders ourselves, we understand the relentless commitment required to safeguard people and organizations in this environment. It is our mission to ensure security leaders have the tools and resources they need to succeed in this important work. To continually understand the priorities and concerns of our community, we run research with security leaders every six months. I wanted to share some of those insights with you, as you may find the information valuable in your work.

To begin, the top five challenges shown below, as reported by survey takers, are very consistent with what I’m hearing in my regular interactions with customers and partners. 

Security leaders report that their top security challenge is managing increased risk of ransomware and cyber-extortion (29%). This is followed by ensuring cloud resources, workloads, and apps are securely configured (28%), gaps in protection across hybrid, multi-cloud, and multi-platform environment (27%), challenge recruiting security professionals (26%), and enabling end user productivity without sacrificing security (25%).

Addressing ransomware is number one, followed closely by cloud security

The security leaders we talk to are feeling the pressure—managing the risk of ransomware and cyber extortion was reported as their number one challenge this past year. According to the 2021 Ransomware Survey Report, ransomware grew by 1,070 percent between July 2020 and June 2021.1 Data from Microsoft’s Detection and Response Team (DART) in the latest Microsoft Digital Defense Report shows that cybercrime supply chains are consolidating and maturing.2 No longer do individual cybercriminals have to develop their own tools. Today, they can simply buy proven cybercrime kits and services to incorporate into their campaigns. This gives the average cybercriminal access to better tools and automation to enable scale and drive down costs. As a result, attacks of all types are on the rise, with the economics behind successful ransomware attacks fueling a rapid trajectory.

Cloud security has also been pushed into the forefront as security leaders adapt to the realities of the pandemic and the shift to hybrid work.3 The cloud represents significant opportunities for scale and agility. At the same time, cloud security technologies are evolving, and customers are looking for ways to simplify security across their entire portfolio.

Investment priorities for 2022

Aligned to the top cybersecurity challenges, cloud security lands as the top area of security investment over the next 12 months. For most security leaders, this means prioritizing investments that help them close gaps, protect workloads, and secure access to cloud resources. Security leaders tell us this is an area in which they’re looking for solutions that can help them tackle these challenges comprehensively—with so many organizations having a multi-cloud environment, the integration will be key. Microsoft is committed to delivering end-to-end cloud security that works across all clouds.

Protecting data is fundamental to positive business outcomes, so it’s not a surprise that data security continues to rank high on the list of priorities among respondents. Hybrid work and the acceleration of digital transformation are massively expanding the amount of data that needs to be protected, amplifying the need for comprehensive data security. We predict that organizations of all sizes will need to continue to evolve their data security strategy to keep up with changes in the digital environment.  

Security leaders report that cloud security is the area they are most interested in investing in in the next 12 months (35%). This is followed by data security (25%), vulnerability management/assessment (24%), application security (DevSecOps) (23%), and cloud-based network security (22%).

Following cloud and data security, we’re also hearing that decision-makers have increased interest in investing in vulnerability management and vulnerability assessment as they prioritize prevention initiatives. We are also seeing growing interest in emerging technologies like extended detection and response (XDR), IoT and operational technology (OT) security, and Secure Access Service Edge (SASE) solutions. With XDR, organizations can better detect and respond to threats across their complex ecosystems. Many organizations also use IoT and OT technologies and are looking for ways to close gaps in protection and address potential vulnerabilities. A SASE solution can help with providing secure access to resources at the edge, enabling more flexibility, visibility, and control.

Reading list for 2022

As security leaders look to mitigate threats now and in the near future, we’re seeing an increased focus on improving the prevention capabilities of the highest growth threat vectors, such as cloud security, access management, cloud workloads, hybrid work, and ransomware. An overarching component of that transformation includes increased attention on implementing Zero Trust—currently the top reported topic of interest from our research. Because Zero Trust architecture is essentially designed to prevent an attacker’s ability to move laterally, a Zero Trust strategy is extremely helpful in prioritizing and addressing prevention-focused investments. These include things like shutting down legacy authentication methods, providing secure access to resources using multifactor authentication (MFA), implementing risk-based access controls, and utilizing posture management tools to identify and remediate risks in cloud resources. By implementing a Zero Trust strategy, organizations can more safely embrace a hybrid workplace, and protect people, devices, apps, and data wherever they are located.

Read our Evolving Zero Trust whitepaper to learn how real-world deployments and attacks are shaping the future of Zero Trust strategies.

As part of the shift to the cloud, security leaders tell us they are also interested in learning more about how posture management, access management, and workload protection tools fit into their cloud security strategy. And given the concerns around the rise of ransomware and securing remote or hybrid work, it’s not surprising to see them as a priority topic of interest.

Check out our ransomware blog posts to keep up to date on the latest ransomware insights from Microsoft Security researchers and product updates.

Read our recommendations on securing a new world of hybrid work.

Security leaders report that the topics they are most interested in are Zero Trust (43%), cloud security (37%), ransomware and cyber-extortion protection (28%), securing remote/hybrid work (24%), and machine learning (24%).

Perception of Microsoft

Serving our customers is our primary job and so it’s probably not surprising that we measure the perception of security leadership for various vendors, including ourselves, in a blind survey. We asked security decision-makers which companies they saw as leading the way in the security industry. Despite so many established vendors, we were honored that Microsoft was ranked in the top three by survey takers with a substantial increase in overall perception in the last year, following several years of steady growth. We hear from customers that our end-to-end solution with broad multi-cloud and multi-platform coverage and deep, industry-recognized protection has been an approach that resonates. We always have more work to do, and I’m sharing this because we want you to know that the success and protection of our customers is at the heart of everything we do. It drives our priorities and is fundamental to our mission. We’re thrilled to know we’re on the right track and we don’t take your trust or your partnership for granted.

Learn more

As the last couple of years have shown us, cybersecurity is a mission of great importance. It not only underpins the business resilience that enables your organization to thrive in times of uncertainty, but it’s also critical to the fight for digital safety for all. This isn’t something we can do alone. We must work together as a community, sharing insights and supporting each other, to defend against not only today’s attacks, but also be prepared for the threats of tomorrow. As part of our commitment to sharing insights and fostering cooperation among defenders, my colleague Rob Lefferts will be releasing a new quarterly report next month called CISO Insider, where we invite Chief Information Security Officers (CISOs) from around the globe to share their best practices and expertise.

For more information that can help you navigate the current challenges in the security landscape, check out the following resources:

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.


1Fortinet Ransomware Survey Shows Many Organizations Unprepared, Fortinet. 29 September 2021.

2How cyberattacks are changing according to new Microsoft Digital Defense Report, Amy Hogan-Burney, Microsoft. 11 October 2021.

3New data from Microsoft shows how the pandemic is accelerating the digital transformation of cyber-security, Andrew Conway, Microsoft. 19 August 2020.

The post How CISOs are preparing to tackle 2022 appeared first on Microsoft Security Blog.

Posted in Skype for Business

January 25th, 2022 by Matt W.
Are you looking for powerful Microsoft Teams resources for your team to leverage? Here are 2 must-have ebooks worth reading.

Posted in Skype for Business

January 25th, 2022 by Habib Mankal

In this episode, the team discusses upcoming changes in M365 that will break your configuration if you don't act upon them.

[youtube https://www.youtube.com/watch?v=N_U0uxabCp4?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en&autohide=2&wmode=transparent&w=625&h=352]

  • Microsoft Teams Powershell Cmdlets for number management
  • Microsoft Teams SBC Direct Routing - Changes
  • Microsoft Teams Meeting recording expiration policy
  • IE 11 Expiration
  • Microsoft Exchange - Plus Addressing
  • Microsoft Exchange - API Retirements
  • Microsoft Exchange - Anti-Malware policy - Quarantine notifications for recipient

Posted in Skype for Business

January 25th, 2022 by sean mcavinue

This post is part of the overall MS-700 Exam Study Guide. Links to each topic as they are posted can be found here.

In this section I will go through the following topics relating to security and compliance settings for Microsoft Teams.

  • Plan Data Loss Prevention (DLP) policies
  • Plan for conditional access and MFA for Microsoft Teams
  • Plan information barrier policies

This post rounds out the Security and Compliance settings topic and looks at some features that can really add value to Microsoft Teams from a governance and compliance perspective. As with many of the features we’ve looked at so far, these topics don’t just relate to Teams and have benefits to the wider platform however in this post, I will be specifically looking at the Teams aspect.


Plan Data Loss Prevention (DLP) policies

Data Loss Prevention (DLP) has been a cornerstone of Microsoft 365 compliance for a long time. It specifically looks at data as it leaves the organization and allows admins to build out policies to protect against data leakage. For the basics of configuring DLP policies in Microsoft 365 check out this post.

When we talk about DLP specifically for Microsoft Teams, there are two areas where we have data potentially leaving the organization, Teams chat and channel messages and file sharing (from SharePoint). Let’s look at each of them separately.

Teams chat and channel messages

DLP for Teams chat and channel messages protects data that is sent to external users and guests in messages by detecting predefined types of information within the messages and blocking the entire message based on the policy applied.

As an example, let’s look at the following requirement:

“No messages containing credit card data is permitted to leave the organization via Teams chat or channel messages”

To meet this requirement we can set up a new DLP policy targeting all users for Teams chat and channel messages as shown in Figure 1. This can be filtered by changing the included accounts or adding exclusions to allow more granular control. There are templates available to help you get started quickly but I’ll user a custom policy so we can see all the available settings.

Figure 1: Targeting a DLP policy at all Teams chat and channel messages

For this requirement, we don’t treat high or low volumes of information differently so we just need a single rule created. The rule in this case will specify when content is shared with people outside the organization and there is high confidence that it contains at least one credit card number as shown in Figure 2.

Figure 2: A DLP rule for externally shared content containing at least one credit card number

An action can be added to the rule to block the content for external users as shown in Figure 3.

Figure 3: The rule contains an action to block external people from accessing the data

Now when a user sends a message externally that is detected as having a credit card number, they will be informed that the message was blocked as shown in Figure 4.

Figure 4: The user is prevented from sending the message externally

On the recipient side, the user will also be informed the message was blocked by policy (Figure 5)

Figure 5: The recipient is also informed that the message was blocked

One thing to note is that the block occurs in close to real time but often not immediate so it’s important to set expectations. Similarly, the same attempt from a Teams channel with external members is blocked (Figure 6). Note that for Teams chat and channel messages, internal users are also blocked from seeing the message.

Figure 6: Team members cannot see the message containing a credit card number

Teams file sharing

Teams file sharing is provided from SharePoint (and OneDrive for sharing outside a Team such as a chat) so to provide DLP to file sharing, we actually need to protect the back end SharePoint site. To get started, let’s update the requirement from the previous step a little:

“No content containing credit card data is permitted to leave the organization via Teams chat or channel messages”

There is a subtle difference but our requirement now specifies all content, not just messages. To meet this requirement, we can either create a new policy or modify the one we just created. Well we know that SharePoint hosts Team based files and OneDrive hosts files shared from one to one or group chats so in Figure 7, I’ve modified the existing policy and added in all SharePoint and OneDrive locations. Note that we can still filter this with a different include scope or by adding exclusions.

Figure 7: Including SharePoint and OneDrive locations to protect Teams file sharing

To test this, I’ve uploaded a document containing the company credit card details to a Team with external users. On the senders side, we see that the document has the sensitive information icon beside it in the files tab (Figure 8), letting us know this has triggered the policy.

Figure 8: The internal user get’s an icon to let them know the file contains sensitive information

If we check the recipient side, the file cannot be viewed (Figure 9).

Figure 9: Externally, the users don’t see the file in the library

As I mentioned above, DLP can apply to many different types of data egress and there are other configuration options for it such as alerting and notifications but they don’t specifically relate to Teams. For a full view of the scope of DLP, I recommend checking out my previous post here.


Plan for conditional access and MFA for Microsoft Teams

If you’ve been going through this exam guide this won’t be a surprise but Conditional Access applies to whole lot more than just Teams. Conditional Access allows administrators to specify rules to be processed when a user signs in to Azure AD / Office 365. For example you can specify that when users sign in from unmanaged devices, they are only allowed to access via browser and get proxied via Microsoft Defender for Cloud Apps session control. An extremely common use case for Conditional Access is to require MFA for user access to services. For a full run down of Conditional Access, check out this post but as before, let’s look at a specific Teams requirement example:

“Any user signing in to Microsoft Teams must be prompted for Conditional Access unless they are on an Intune Compliant device”

This is a very common requirement and very easy to configure. From the Azure AD portal, create a new Conditional Access policy targeted at all users (Extra points for having a naming convention for Conditional Access policies!). For the Cloud Apps section, choose Microsoft Teams as shown in Figure 10.

Figure 10: A new Conditional Access policy targeted at all users accessing Teams

For the actions of the policy, under the “Grant” section, we want to select both Require multi-factor authentication and Require device to be marked as compliant. Because we only want MFA on non-compliant devices, choose the option to Require one of the selected controls as shown in Figure 11.

Figure 11: Require MFA or compliant device

Now enabled the policy and hit save and the next time a user signs in to Teams from a non-compliant device, they will be prompted for MFA (Figure 12).

Figure 12: The Conditional Access policy enforces MFA from non-compliant devices

Obviously, Conditional Access and MFA should be looked at in a much wider scope, including all apps, not just Teams but for specific Teams requirements, they can be met by targeting the Teams cloud app.

One thing to note on Teams Conditional Access policies is that because Teams relies on several other Office 365 services, policies for Exchange Online, Stream, SharePoint and Skype should be aligned with Teams requirements to prevent unexpected behaviour. For example, blocking Exchange Online via Conditional Access will also block Teams, even if it’s not targeted. Best practice for generic policies such as MFA is to apply them to either All cloud apps or to the Office 365 app.


Plan information barrier policies

Information Barriers (IBs) are available as part of the E5 Compliance licensing add-on (and also bundled with other licensing SKUs – particularly for educational licensing). IBs are used to separate users within a single tenant, effectively preventing communication between two or more groups of users, for example – separating faculty and students within a school. This is achieved by grouping users into segments and then configuring IB policies to block communication.

Notes:

  • Before configuring Information Barriers, it’s required that no Exchange Address Book Policies (ABPs) exist in the tenant. If you use ABPs, they need to be fully removed and deleted before configuring IBs
  • Scoped Directory Search in Teams should be enabled to prevent users in Teams from searching for users in different IB segments

As with everything else in this topic, IBs don’t just apply to Teams and can prevent communication via SharePoint Online, OneDrive and Exchange (For Exchange they work similarly to Address Book Policies and block visibility but not email). Within Teams specifically, IBs can control:

  • Searching for a user
  • Adding a member to a team
  • Starting a chat session with someone
  • Starting a group chat
  • Inviting someone to join a meeting
  • Sharing a screen
  • Placing a call
  • Sharing a file with another user
  • Access to file through sharing link

IBs are configured from the Microsoft 365 Compliance Portal and the first step, under “Information Barriers” -> “Segments” is to create some segments (or user groupings). In this example, let’s use the following common requirement:

“Students in the school cannot interact with any member of staff via Teams, SharePoint or OneDrive and vice versa. They should also have a separate address list to staff in the global address list”

To get started with IBs, they should be activated in your tenant by running the below commands in Azure AD PowerShell:

##Declare IB Processor App ID
$appId="bcf62038-e005-436d-b970-2a472f8c1982" 
##Get IB Processor Service Principal
$sp=Get-AzureADServicePrincipal -Filter "appid eq '$($appid)'" 
##If it doesn't exist
If($sp -eq $null) { 
##Create the Service Principal
New-AzureADServicePrincipal -AppId $appId 
} 
##Prompt for Consent
Start-Process "https://login.microsoftonline.com/common/adminconsent?client_id=$appId"

When this runs you will be prompted to grant consent to the IB Processor to access the required aspects of your tenant (Figure 13).

Figure 13: Grant consent to the IB Processor

In my environment, all student accounts have been given a department value of Student to help identify them. I have created a new segment for faculty, filtering the membership to users who do not have their department set to Student as shown in Figure 14.

Figure 14: The faculty segment specifies users who do not have student as their department

Likewise, the second segment is named Students and has the opposite filter (Figure 15). This is a very simplistic segment configuration with only two groups but multiple segments can be created to meet your requirements.

Figure 15: The student segment specifies users who have student as their department

This can also be done via PowerShell using the Security and Compliance PowerShell module and running the commands below:

##Create Faculty Segment
New-OrganizationSegment -Name "Faculty" -UserGroupFilter "Department -ne 'Student'"
##Create Student Segment
New-OrganizationSegment -Name "Students" -UserGroupFilter "Department -eq 'Student'"

With the two segments ready, we can create a new policy and select the Students segment as shown in Figure 16.

Figure 16: Creating a new policy and adding the Students segment

Next, we specify that communication and collaboration is blocked (We could also create a policy to allow communication which would prevent communication to segments not specified) and add the Faculty segment as shown in Figure 17.

Figure 17: Specify that communication is blocked to the Faculty segment

Next, enable and save the new policy to finish. This can also be done in PowerShell with the below command:

##Create Information Barrier Policy
New-InformationBarrierPolicy -Name "Separate Staff and Students" -AssignedSegment "Students" -SegmentsBlocked "Faculty" -State Active

For every policy created, a second policy needs to be configured to specify the reverse so we’ll also create the following policy:

##Create Information Barrier Policy
New-InformationBarrierPolicy -Name "Separate Students and Staff" -AssignedSegment "Faculty" -SegmentsBlocked "Students" -State Active

The the policy created and active, the last step is to apply it by opening the “Policy Application” page and clicking “Apply all policies” (Figure 18) or by running the below command:

##Apply IB policies
Start-InformationBarrierPoliciesApplication
Figure 18: Apply Information Barrier Policies

Once the policies apply (This may take a few hours depending on the amount of users) users will be blocked from communicating and collaborating in Teams, SharePoint, OneDrive and Exchange Address Books. For example, attempting to add a user from the Students segment into a Team with users from the Faculty segment results in the message shown in Figure 19.

Figure 19: Attempting to add a user from the Students segment to a Team

Summary

This post is the last in the series focusing on security and compliance features in Teams. Over the past three posts, I’ve gone through a lot of topics that can really add value to a Teams deployment. As I’ve mentioned throughout these topics, the security and compliance features covered span beyond just Teams and should be considered from a holistic tenant perspective. For more on these features from this perspective, I recommend checking out my MS-500 Study Guide, even if you’re not focusing on that exam. I’ve also linked some relevant articles I wrote previously below covering the topics in this post.

Posted in Skype for Business

January 25th, 2022 by SharePoint Maven

I am not being original in publishing a post about this topic. If you google “Edit vs. Contribute Permission Levels in SharePoint Online,” you will get many posts covering this very important and one of the most infamous subjects in SharePoint. Since I receive lots of questions from my clients and loyal followers still on the matter, I decided to drop a few words of wisdom on this issue as well.

Permission Levels in SharePoint

Permission levels in SharePoint define what a user can do on a SharePoint site. For example, The user with the “Read” Permission level can read and download content (documents). The user with the “Full Control” Permission level pretty much has Admin Access to the site and so on. I wrote about Permission Levels previously.

Complicated hierarchy of Permission Levels

Older versions of SharePoint used to have a pretty detailed list of permission levels. Besides the typically expected ones (Read, Full Control), it also had Contribute, Edit, Design, Approve, etc.

Edit vs. Contribute Permission Levels in SharePoint Online

Contribute Permission Level

Up until SharePoint 2013, Members of the site used to get Contribute Permission Level. This level allowed members to add/edit/delete documents and items in SharePoint. In the context of document libraries, that meant that Members could add/edit/delete documents in a Document Library. In the content of lists, that meat that members could add/edit/delete rows in a list.

Edit vs. Contribute Permission Levels in SharePoint Online

Edit Permission Level

Around the time SharePoint became available in the cloud (starting with SharePoint 2013), a drastic change occurred within SharePoint permissions/security. Members of the site now got Edit Permission Level assigned instead of Contribute.

Edit vs. Contribute Permission Levels in SharePoint Online

So what is the difference between the two permission levels? If we look behind the scenes, it states that:

Edit: Can add, edit and delete lists; can view, add, update and delete list items and documents.
Contribute: Can view, add, update, and delete list items and documents.

Edit vs. Contribute Permission Levels in SharePoint Online

So the difference between the two is the ability to add, edit and delete lists.

What does the ability to add/edit and delete lists mean?

In pure English, it means that users can adjust the majority of settings on a list or library and create or delete those lists and libraries.

Looking behind the scenes, this is what the member of a site can do at a list or library level.

  1. Gear Icon > Library Settings
  2. Manage any of the available options listed belowEdit vs. Contribute Permission Levels in SharePoint Online

That means that any regular member of a site can manage content types for a list or library, manage versioning history, check-in/check-out settings, and whether the Office files will open up in native or browser mode or not. Another significant advantage of Edit access is that users can also create metadata on a library (those with Contribute can’t).

Additionally, members can also delete entire lists and libraries too!

Should we change the permission level?

No. When this change occurred back in 2013, I advocated for the shift to Contribute, which was a common practice back then. But times change, things and my opinions evolve as well. With modern SharePoint – it is the power to the users! Members now can create new sites and teams and delete them, too, so a shift in the Permission level is not too big of a deal. Adopt to change, baby!

How to change the permission level to Contribute

If you are reading this, wow, thank you so much for making it to the end. It also tells me that you ignored my device above and still want to proceed with the downgrade to Contribute. Well, I am not happy, my friend, but I have no other way to stop you, and all I need to do is show you how to change the permission level. I wrote an article on this some time ago – here it is.

The post Edit vs. Contribute Permission Levels in SharePoint Online appeared first on SharePoint Maven.

Posted in Skype for Business

January 24th, 2022 by Tom Arbuthnot

It’s all change for me in 2022. After 11 years at Modality Systems working with some great people, I am excited to be taking on two new roles. Firstly I am joining Pure IP on a part-time basis in a Solutions Director role. I have worked with Pure IP in a partner capacity for many years and know a lot of the team well and just a few weeks in I’m really excited to be working with such a great team. Pure IP has been a leader in the Microsoft UC telco space for many years, most recently being one of the launch partners for Operator Connect. I’m excited to get deeper into the PSTN carrier world and work with some great customers. My main role will be driving new innovative services.

We well as part-time working for Pure IP, I am also launching my own business, Empowering.Cloud. With the massive changes, Microsoft Teams and cloud have brought to the UC and collaboration market, I see a great opportunity for a new approach to supporting customers and partners in this new world. Empowering.Cloud is focused on providing the best real-world training, advisory and market insights for Microsoft Teams for individuals, end-customer organisations, and Microsoft Partners/SIs/ISVs on a subscription model. As the cloud constantly evolves, there is a regularly updated video library, labs, papers, monthly briefings, and Q&A sessions. A private EC Advisory Council of customers and field experts ensure that content is accurate, up-to-date, and, most importantly, real-world. I’m also really excited to be again working with James Rodd, one of the founders of Modality Systems.

At the moment I’m in the early phases of building out the Empowering.Cloud content, working with a few early customers (thanks!) who are validating the content and approach. We are lining up for a launch at the end of Q1. When we launch we plan to have subscription models for individuals, organisations and Microsoft Partners/ISVs.

Nothing will change with respect to the blog or my community activity, in fact, I hope that this will allow me to be even more engaged and allow me to spend more time keeping up to date with everything in the Microsoft Teams world.

Thanks to everyone who has been so supportive both at Pure IP and for Empowering.Cloud. I am really excited about what we will deliver in 2022.

If you want to stay up to date with what’s happening with Empowering.Cloud and maybe even get some early previews, be sure to join my email list.

Posted in Skype for Business

January 24th, 2022 by M365 Now News Feed
By Ryan Daily
In this No Jitter Roll, we feature news from Vonage and Microsoft.

Posted in Skype for Business

January 24th, 2022 by robertaichner

A tenet of our ongoing efforts to improve the audio and video experiences in Microsoft Teams is situational optimization – understanding specific use cases and environments and enabling Teams to perform at its peak in those scenarios. One such scenario is to transmit live or pre-recorded music content during a Teams meeting or call. High-fidelity music mode and automatic music detection are new Teams features that optimize for music, to deliver clear sound at frequencies that extend beyond the normal range for speech.

 

Communication apps are frequently designed for meetings or one-on-one conversations in which most of the audio signals are speech. Transmitting high-quality speech at the lowest possible bitrate typically requires the use of high-efficiency speech codecs. While these codecs are suitable for their primary purpose, they can significantly limit the fidelity of non-speech signals. High-fidelity music mode in Teams offers superior sound clarity for a wide range of audio content including music, medical signals, and speech.

 

Superior speech quality in Teams

Traditional PSTN (Public Switched Telephone Network) landlines transmit speech in the frequency range from 300Hz to 3.4kHz. The low-end nature of this range poses challenges for hearing differences in letters such as “S” and “F”. However, speech codecs used in today’s telecommunication applications are typically designed for wideband, covering a frequency range of 60Hz to 8kHz, significantly improving the intelligibility of speech compared to traditional phone calls over PSTN.

 

To enable speech signals with a bandwidth of 8kHz, the raw signal must be sampled at 16kHz at 16bits, which requires 256kbps to transmit. A highly-efficient speech codec can transmit speech at 16kbs or less. Recent efficiency improvements to the Teams audio codec make it possible to deliver quality sound even as low as 6kbps with minimal audible distortion.

 

Take audio beyond speech quality with High-fidelity music mode

High-efficiency codecs depend on speech model parameters that can characterize the vocal tract and pitch of the speaker. This does not work well for non-speech signals such as music. As users increasingly share an expanded variety of audio signals including music lessons, songs through other applications, or medical signals during a virtual appointment with a physician, it is increasingly important to provide high-fidelity options to transmit audio signals other than speech.

 

High-fidelity music mode addresses the need to share these types of content in Teams by transmitting audio signals with a 32kHz sampling rate (16kHz bandwidth) at 128kbps, preserving fidelity while reducing the bitrate by 4x compared to lossless encoding. The optimized experience in Teams applies to signals captured by microphones as well as audio played while sharing an application or desktop. The result is significantly improved audio quality of music and other non-speech signals in Teams calls and meetings.

 

The following examples contrast music transmitted using the speech codec versus the High-fidelity music mode.

Music experienced in a regular meeting:

 

Music experienced in High-fidelity music mode:

 

Check out the following guide for using High-fidelity music mode to play music in Teams.

 

New automatic music detection prompts Teams users to enable High-fidelity music mode

Machine-learning-based noise suppression has now been enabled by default for most Teams customers. This noise suppression considers any non-speech signal picked up by the microphone as noise which should be suppressed. To avoid unintentionally suppressing music, Teams features new automatic music detection which notifies users whenever music is recognized (see below.) This gives users the choice to enable High-fidelity music mode when music is a desired signal, such as a guitar lesson, or continue suppressing unwanted music, such as ambient sound in a coffee shop.

High fidelity mode.png

 

Detecting music with accuracy involved training a deep neural network with more than 1,000,000 audio clips which contain speech and music. We then evaluated this model with an independent test of 1,000 additional audio clips crowd-sourced from a wide range of contributors. This approach ensured a variety of recording conditions such as different microphones and room acoustics. For music lesson simulation, we asked contributors to play different instruments such as piano, guitar, violin, trumpet, and play different background music from a wide variety of music genres including rock, pop, country, R&B, jazz, classical and others.

 

Since we didn’t want the user notification to appear when no music is present, we had a very strict requirement of 0.1% false positives (i.e., speech or noise is classified as music) and even so, we were still able to detect more than 81% of all music clips in our test set, significantly outperforming all published research in this field. Another important requirement was for this machine learning model to run in the Teams client across devices, to preserve a great user experience for all users. More details on our approach can be found in this research paper. Automatic music detection is expected to be generally available in the coming months.

 

Each day, millions of users across the globe choose Teams to communicate across work, school, and home, with innovative features that enable new customer experiences. Automatic music detection and High-fidelity music mode are examples of how Teams uses machine learning and AI to optimize user experiences in real-time, delivering improved audio and video quality without taxing your organization’s network.

 

Stay tuned to this blog to learn about new Teams features designed to improve the quality of your calls and meetings.

 

Posted in Skype for Business