Microsoft Teams Private Channels introduction

Today at Microsoft Ignite 2019 one of the most requested features was announced as GA. Private Channels is a highly requested feature and enables users to create channels that only a subset of users can see.

Why did Microsoft introduce private channels?

The requested scenario is that a subset of users in a Microsoft Team needs to discuss and collaborate without everyone having access and seeing the discussions. Keep in mind that members of a private channel need to be members of the Team.

The scenario where I see this being very useful is in projects where the steering group wants to have their own closed channel and file location to discuss the progress of the project, share meeting notes and make decisions for the project. Another scenario could be the sales department wanting to store signed contracts that only a subset of users have access to.

This is a new feature and I urge you to use private channels with moderation in the beginning and try to design teams around the notion that users should have access to all the content in a team. Use private channels as the exception, not the rule.

How to create private channels

To create a private channel, you need to be a member with the ability to create private channels. When you create the channel, you get the option to make it private, you are asked to add members from the team you are creating the channel in. Here you see how you can make a private channel.

PrivateChannels1

When the channel is created you will see who the members are, and the channel is marked with a padlock icon.  Here you see how you can differentiate between regular channels and private channels you are a member of

PrivateChannels3.PNG

The creation of channels can be controlled on a Team setting level. Some facts about channel management:

  • Owners see private channels that they are not a part of under Manage Team and channel list.
  • Owners can control if members are able to create private channels in the Team under settings for the team
  • Owners of the team can delete or see the owner list, to reach out if cleanup is needed.

privatechannels9.PNG

  • Owners of a private channel get to add member and control @mentions and Member permissions, under manage channel and settings.

privatechannels8.PNG

What are the features available today?

  • Chat and files are available from the GA date and are rolling out in November 2019
  • All members of the private channel need to be part of the original team
  • There are some limitations on apps available today, such as Planner and Stream connected to the channels, these are on the roadmapPrivateChannels4.PNG
  • When you create a private channel, it creates a new SharePoint TeamSite for that channel. This is to make sure control of who can access the files.
  • Administrators can find private channels in the Teams admin center

PrivateChannels5

  • Administrators can also find the SharePoint sites using the SharePoint PowerShell module using the template property
    • Get-SPOSite -Template TEAMCHANNEL#0
    • you can see that the site name includes the original team name, which means you can find out how many private channels are set up per team
    • The ability to see all private channel team sites in SharePoint admin portal will come later

privatechannels7.PNG

10 sessions I look forward to at #MSIgnite 2019

There are 1882 sessions at Microsoft Ignite 2019. This is an overwhelming number and there should be enough sessions there for you to find your must-attend sessions. For me, these revolve around the keynotes, Microsoft 365 and Microsoft Teams.

A tip for you, when choosing your sessions, find your rockstars, those you know always deliver great experiences on cool topics you are interested in. Then, find niche topics you want to know more about. Use theater sessions to get info on topics you are not familiar with, in only 20 minutes.

Remember, if there are sessions you have high up on your priority list, make sure you are 30-20 minutes early to get a seat.

Here are my 10 must-attend sessions from my point of view

There are a lot more sessions I will add to my list based on The Microsoft Teams Guide to Ignite 2019 and Ignite 2019 guide to SharePoint, OneDrive, Yammer, Stream and related technology sessions tech community posts. I also recommend checking out theater sessions on topics you are unfamiliar with. These are only 20 minutes and will give a lot of information in a short time.

I sat down with Ignite Community Reporter, Tom Morgan, to talk about the theater session I am doing at Microsoft Ignite and I also gave 7 tips for attendees

If you want to see sessions with me and my team at CloudWay, here are all our sessions https://cloudway.no/calendar-event/microsoft-ignite-3/ 

MSIgnite2019v3

My current #PowerShell #Pomodoro timer

I have long been a fan of and have the need for tools to reach flow state and deep work. Through my OneNote LifeHacks videos and previous tools and posts, I have shared this.

Since Microsoft Teams arrived, I have had some issues adjusting and it has taken some time. But now I have incorporated Teams in my PowerShell Pomodoro timer, by simply closing it during my focus session and open it again. I found that even if I used the newly implemented focus time in Teams, I still saw the number of unread notifications in the client. This was disturbing enough to bring me out of flow.

Here is what the PowerShell Pomodoro timer doesStart-SimplePomodoroGet it at GitHub, got a suggestion? Make a commit :)

What you need to set up to use the script

  • If you have a workstation, you need to install the mobility feature on your PC to be able to set the computer in presentation mode
  • Set up IFTTT webhooks to mute your phone, I have set this up for Android, but it seems like it is possible for iOS as well now. You need a mute, unmute and webhook code.
  • Find the Uri for your focus Spotify list and use it the script
  • The script itself is just a function, you need to create your run command in the bottom of the script with your variables to run it, see details on GitHub

The goal is to induce the flow state in a busy workday

Multitasking is a myth. The goal is to reach the flow state by focusing on one task at a time. Have you ever started writing an email, thought you sent it and eagerly waiting for a response, only to find it incomplete and unsent at the end of the day? This is one of the perils of multitasking.

The Pomodoro Technique is a great methodology to induce flow in a busy workday. It is all about avoiding distractions for 15-25 minutes and focus on one task at a time. This is a short enough period in the day that you can squeeze it in before a meeting. It is incredible what you can get done 15-25 minutes. The goal is to not get distracted and it takes about 7 minutes of focus before you reach your flow state.

If you want to succeed with Pomodoro, you need to make yourself unavailable. Equally important, you need to make yourself available again when those 25 minutes have passed. That is why we created the Pomodoro PowerShell tool, and why I love the simplicity of this approach.

Watch an outtake from my session at Microsoft Ignite 2017 on single-tasking

Learn more on my thinking around single-tasking and tools available to succeed with the flow state, from this outtake of my OneNote LifeHacks talk at Microsoft Ignite 2017

Happy deep work!

My post-migration from Skype to Teams toolbox

When migrating from Skype for Business Server to Microsoft Teams you may find that users are not migrated with the correct features as intended. If the migration also includes moving Enterprise Voice workloads and switching to a Direct Routing or Calling Plan setup, you may find it difficult to get a full overview of what state the user is in and if all settings are correct.

I found that this Skype for Business Online PowerShell oneliner gave me the overview I needed to see if there were configuration issues or wrong settings. Hope this helps you in your post-migration cleanup process

Get-CsOnlineUser ken.myer@contoso.com | Format-List UserPrincipalName, DisplayName, SipAddress, Enabled, TeamsUpgradeEffectiveMode, `
EnterpriseVoiceEnabled, HostedVoiceMail, City, UsageLocation, DialPlan, TenantDialPlan, OnlineVoiceRoutingPolicy, `
LineURI, OnPremLineURI, OnlineDialinConferencingPolicy, TeamsVideoInteropServicePolicy, TeamsCallingPolicy, HostingProvider, `
InterpretedUserType, VoicePolicy 

postmigrationken

Some explanation

  • TeamsUpgradeEffectiveMode – Should be set to TeamsOnly, if not, try to change it again and look at the error message
  • UsageLocation, DialPlan, and TenantDialPlan – When using enterprise voice together with Microsoft Teams, UsageLocation is important. It decides the number you get as part of AudioConferencing and your DialPlan. The default DialPlan just adds a plus and country code to whatever you type in Teams and is rarely good enough. You should supplement with TenantDialplans, don’t crate them yourself, use https://www.ucdialplans.com/ by MVP Ken Lasko. UsageLocation is set using the MSol PowerShell module.
  • LineURI, OnPremLineURI, and VoicePolicy – if your VoicePolicy is set to BusinessVoice you have a Calling Plan assigned, if it is set to HybridVoice, you are using Direct Routing. This is good to know if you are troubleshooting why LineURI is not updated by OnPremLineURI for Direct Routing. You should also know that if you are not able to set OnPremLineURI using Set-CsUser using online PowerShell, then you have msRTCSIP-LineURI populated in local Active Directory. If you clear this attribute, you get write access to the OnPremLineURI online.
  • InterpretedUserType – is a great source of information. It tells you the status of the user. If you have any attributes in local Active Directory it will be set to HybridOnpremSfBUser. If for some reason the user is disabled it will show in this attribute as something with disabled such as DirSyncDisabledSfBUser. Read this useful blog article that goes into this in more detail

On-Premises attributes cleanup

If InterpretedUserType has the value of HybridOnpremSfBUser, then you need to clean up on-premises attributes if you are fully moving to Microsoft Teams and are decommissioning your on-premises deployment. The best way is to use Disable-CsUser to remove all Skype for Business related attributes on a user. More often than not, we see that this command is not run before decommissioning the deployment, so you need to remove the properties manually, here is a routine to detect all msRTCSIP attributes and then to clear them in Active Directory. Based on the type of configuration the user had before servers were removed, the properties with a value may be different per user so using ‘msRTCSIP*’ is a good way to catch the attributes for that specific user.

#Get all msRTCSIP properties for a user that has a value
$Properties = Get-ADUser -Filter {UserPrincipalName -eq "ken.myer@contoso.com"} -Properties * | Select-Object -Property 'msRTCSIP*'

#Clear all properties for a user
Get-ADUser -Filter {UserPrincipalName -eq "ken.myer@contoso.com"} -Properties * | Set-ADUser -clear ($Properties | Get-Member -MemberType "NoteProperty " | % { $_.Name })

To learn more about InterpretedUserType and the values it can be set to, read this useful blog article that goes into this in more detail

Get a more in-depth explanation and read more about tips like this in the highly recommended Office 365 for IT Pros eBook, the only constantly-updated book covering Office 365 and associated technologies. You can buy a copy of the book at (Gumroad.com – EPUB/PDF version) or (Amazon – Kindle).

Did you know that you can control notifications from #MicrosoftTeams channel @mentions? 

Yep, it’s true, here is the scenario

  1. You are joined to a lot of teams with high activity and people are @mentioning the Teams and channels because internal emails are moved to Teams, which they should!
  2. Every day you get back to work, you have a huge amount of notifications to go through in your activity feed because people are @mentioning everything all the time to get attention
  3. You are starting to wonder if Teams is a fad and are longing back the thousands of unread internal email messages in Outlook instead

Here is the solution

  1. To avoid getting a notification when someone is @mentioning a channel
    • Go and unfavorite itUnfavorite
    • You still get a notification when someone @mentions your name
    • You cannot unfavorite the General channel, this is why it should be only used for off-topic discussions, wins or general announcements
    • Want to go the other way and get notified whenever someone is talking in a channel? Go and follow the channelFollow
  2. To avoid getting a notification when someone is @mentioning a team
    • There is no way to avoid getting a notification
    • This is why you should refrain from mentioning a team unless it is at the utmost importance
    • You can actually turn off that people can mention either a team or a channel as owner under Manage Team -> Settingsmentions

That’s it really. Now you know it is a huge difference in @mentioning a Team vs channel. #LifeHack

Post a #MicrosoftTeams channel chat message from #PowerShell using Graph API

Implementing Microsoft Teams is 10% IT, 10% governance and the rest is a cultural change. As part of the governance process, I have long seen the need to post the first chat message in a Team channel reminding the members of some cultural etiquette scenarios as part of a governance process. Up until now, December 2018, this was not possible unless you created an Incoming Webhook which required an administrator to log in to a Team which meant it was not something you could do during an automated creation.

Good news, you can now use the Graph API to post messages to channels without the webhook. This is still part of the beta API as of December 2018 and is not intended for production, yet. Here is what you need to do

Prerequisite: you need to create an Azure AD App registration with the correct permissions

  1. Log on to https://portal.azure.com with a GA administrator
  2. Navigate to Azure Active Directory
  3. go to App registration (Preview)
  4. Click + New registration
  5. Call it PowerShelltoTeamsGraphAPI
  6. Leave Redirect URI blank
  7. Go to Authentication and under Redirect URIs choose urn:ietf:wg:oauth:2.0:oob
  8. Click Save
  9. Go to API permissions to grant the required group read and write permissions
  10. Click + Add a permission
  11. Choose Microsoft Graph, Delegated permissions and choose Group.Read.All and ReadWrite.All (remember you need to expand Group)
  12. Click Grant admin Consent from  and click Yes
  13. You now have admin consent granted for your tenant
  14. Navigate to Overview
  15. Copy the Application (client) ID
  16. we are going to use it in the next step when logging on
  17. Check out the references pictures below

You are now ready to connect to the Graph API via PowerShell. The connection code is from a more thorough blog post by my MVP colleague Alexander Holmeset. $clientId is the client ID you copied in the prerequisites

#Connect Graph, use the client ID we created earlier in the lab called PowerShelltoTeamsGraphAPI in Azure AD under app registrations
#Source: https://alexholmeset.blog/2018/10/10/getting-started-with-graph-api-and-powershell/
$clientId = "bb808f16-b6ef-44aa-8218-2520aaff461e"
$redirectUri = "urn:ietf:wg:oauth:2.0:oob"
$resourceURI = "https://graph.microsoft.com"
$authority = "https://login.microsoftonline.com/common"
$AadModule = Import-Module -Name AzureADpreview -ErrorAction Stop -PassThru
$adal = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
$adalforms = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll"
[System.Reflection.Assembly]::LoadFrom($adal) | Out-Null
[System.Reflection.Assembly]::LoadFrom($adalforms) | Out-Null
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority
# Get token by prompting login window.
$platformParameters = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters" -ArgumentList "Always"
$authResult = $authContext.AcquireTokenAsync($resourceURI, $ClientID, $RedirectUri, $platformParameters)
$accessToken = $authResult.result.AccessToken

#Validate that you have access by getting a list of all Office 365 Groups in your tenant
$apiUrl = 'https://graph.microsoft.com/v1.0/Groups/'
$Data = Invoke-RestMethod -Headers @{Authorization = "Bearer $accessToken"} -Uri $apiUrl -Method Get
($Data | select-object Value).Value

Then you need to get the group ID and Id of the channel you want to post to. In this example, I use the Microsoft Teams PowerShell module and I want to post to a Team called TMDemo in the General channel. This can, of course, be done as part of a governance creation process

Connect-MicrosoftTeams

#I assume you only have one TMDemoXX Group
$TeamGroupID = (Get-Team | Where-Object {$_.displayname -match "TMDemo"}).GroupId
$TeamChannelID = (Get-TeamChannel -GroupId $TeamGroupID | Where-Object {$_.displayname -match "general"}).Id

Now you are ready to post to the channel, you are connected without errors, we have the Team you are posting to and have chosen a channel. There is one more thing, you also need to be a member of the Team in order to post. Make sure you get added, and then remove the admin user when you are finished posting. “content” is HTML text so you can format it nicely with bulletpoints and stuff.

#connect to teams channels and post a message
$apiUrl = "https://graph.microsoft.com/beta/teams/$TeamGroupID/channels/$TeamChannelID/chatThreads"
#add your admin user as member of the team
Add-TeamUser -User $UserName -GroupId $TeamGroupID
$body = @{
"rootMessage" = @{
    "body" = @{
        "contentType" = 1;
        "content" = '<h1>Welcome to this project. All project related discussions happen in the respective channels in our Team. We look forward to working with you and remember, General channel is used for announcements, wins and off-topic discussion</h1>'
        }
      }
}
$bodyJSON = $body | ConvertTo-Json
$Data = Invoke-RestMethod -Headers @{Authorization = "Bearer $accessToken"} -Uri $apiUrl -Method Post -Body $bodyJSON -ContentType 'application/json'
#remove your admin user from the team
Remove-TeamUser -User $UserName -GroupId $TeamGroupID

You have now successfully posted to a channel directly from PowerShell. Congratulations! Log in to your Team an see the result. I think this is great stuff and will definitely be part of my governance processes moving forward graph1

The best Microsoft Ignite to date

I had a blast at Microsoft Ignite 2018! Here are some reasons why I think it was the best to date:

  • The product groups were accessible and always available for feedback. If you went to the different product group booth you would find prominent members available to chat and discuss their products.
  • Less walking distance, since everything was organized in the same building. This is a great improvement over all other the Microsoft Ignite’s the previous years
  • The focus om community engagement was apparent this year with Community hours and available podcast booths and locations. Even more community members got to share their experience in breakout sessions, meetup sessions, and theater sessions. The community hours had even more people from the product groups join and you got to ask your burning questions and have a great discussion

Ignitecommunity

Microsoft Ignite 2018 group photo with the Microsoft Teams Product Group and MVP’s

This is at least my experience and I may be biased as I got to have a great time delivering three theater sessions, a meetup, guest two podcasts and spend time at the Microsoft Teams booth. But still, compared to the previous years, the vibe during this year Microsoft Ignite was great. If you are thinking of attending next year, make sure you register as soon as possible, for it is going to be awesome. You can pre-register for November 4-8, 2019, in my favorite vacation location, Orlando

Links to my session recordings and slide decks

THR2137 – OneNote Life Hacks

IgniteOLF.png

THR2138 – Stream meetings with Microsoft Teams Live Events

Igniteliveevents

THR2241 – Meetings best practices in Microsoft Teams

Ignitemeetings

Podcast: Skype for Business & Microsoft Teams MVP Roundtable

pod1.png

Podcast: Microsoft Teams news – Live Podcast Discussion

pod2

I also had the pleasure of bringing all of CloudWay AS  to Orlando this year and had great fun together with Jan Ketil Skanke and Alexander Holmeset. I think networking is a big part of conferences such as Microsoft Ignite, that is why we co-hosted Norwegian networking event at Bahama Breeze together with KPMG, Pexip and Microsoft Norway. Read about our activities here

CW1Ignite18V1

Speaking at Microsoft Ignite 2018

I am so proud to return as a speaker for the fourth time at Microsoft Ignite 2018, at my favorite vacation spot, Orlando, FL.

29542728_10155933429450622_4000566362420889272_n

I will share my experience with Microsoft Teams meeting best practices in two expo theater sessions. I will again share my passion for personal productivity using OneNote in a third expo theater session. I will team up with featured speaker, Brian Ricks, and other Teams/Skype MVP’s for ask us anything on troubleshooting Teams and Skype in my first ever meetup.

THR2138V5

Check out my Teams Live Events session

I am scheduled to be at the Microsoft Teams booth during happy hour on Monday so if you have any burning questions or want to hang out and chat, look me up. I would love to whiteboard some migration scenarios or Teams lifecycle scenarios :)

Microsoft Ignite is a huge event for networking with your peers, that is why I am happy that my company is encouraging that by being a co-host for Norsk Aften on Tuesday.

This is going to be fun! See you there :)

Awarded Microsoft Most Valuable Professional (MVP) 2018-2019!

I am really proud to be awarded Microsoft Most Valuable Professional (MVP) 2018-2019. This is the eighth time I receive this award and it is a real honor to be part of this community and that Microsoft recognizes my contributions. I was awarded as Office Servers and Services MVP and I will continue focus on Microsoft Teams, Skype for Business, Office 365 and Microsoft 365, in that order.

The MVP award program recognizes your passion for Microsoft technology and your activities for the past 12 month. I think that the MVP program is the key to success because of getting there is not the end of the journey, but the beginning. When you are recognized as an MVP, you have been acting as an MVP for a long time and this is a way for Microsoft to say thank you for something you have already been doing for a couple of years. Getting the reward just means you need to step it up in terms of community activities to be able to get re-awarded. Think about it, there are now 2996 MVP’s and hundreds of thousands of IT Pro’s, this does not happen by itself.

Typical, but not limited to, activities for becoming an MVP are 

  • Contributing code to Projects
  • In-Person and virtual Speaking
  • Engaging in organizing user groups
  • Helping Others
  • Creating Content
  • Providing Feedback
  • Source (mvp.microsoft.com)

Some highlights of my contributions for the past year

Some links to MVP information

Microsoft Teams Direct Routing GA

Today Microsoft Teams Direct Routing was announced as General Available. This is the means for you to bring your own SIP trunk to Microsoft Teams using only a standard SBC. Today AudioCodes and Ribbon are certified SBC’s for Direct Routing and more are in the works. There are three flavors to Direct Routing

Hosted in Azure!

Yes you read correct. AudioCodes has a certified SBC that now is supported in Azure, which means you can run your Direct Routing SBC in Azure as an appliance.

DRGA6.PNG

Installed in your datacenter connected to your PBX or SIP trunk

With Direct Routing you do not need any Skype for Business or Teams components installed in your datacenter to provide voice for your Teams users. All you need is a certified SBC, a public IP address and a public certificate to connect. Read my blogpost on infrastructure requirements for setting up Direct Routing in your datacenter

DRGA2.png

Hosted by a partner

One SBC can connect to multiple Office 365 tenants making this scenario scalable. This means you can consume native Microsoft Teams services from your own tenant and have a service provider host your voice connectivity.

DRGA3

Thoughts

I think Direct Routing will make Cloud Voice mainstream and it can be combined with Calling Plans where available, which means that you can freely choose how to consume voice. Being able to install the SBC in Azure means that anyone can now host and conenct their own sip trunk to Office 365. With the ability to either get this hosted or set up with next to no on-premises infrastructure you have a solution that can be consumed by most customer types from SMB to Enterprise.

References