Speaking at Microsoft Ignite about OneNote and Skype for Business

I am stoked to return to Microsoft Ignite as a speaker for the third time. This year is going to be a blast and I have several sessions and activities lined up

I will also be active in the community and expo area around the OneNote and Skype for Business booth during the week. Do not hesitate to search me out and talk about productivity :D

How to set custom presence states in Skype for Business on your Windows machine

This works on Windows 10, Windows 8, Windows 7, Lync and Skype for Business desktop clients. Requires administrative rights to your computer

Wouldn’t it be cool if you could change your presence state in Skype for Business to match you current task such as busy in a Workshop, Do Not Disturb in a Pomodoro Sprint or Away Getting Coffee?

Turns out, you can by creating an XML file and adding a setting in your local registry. How? The easy way is to download my script, change the custom presences that is predefined in the script and run it.

  1. Download the script from TechNet Gallery
  2. The default custom presence states are shown below
  3. To change the names you need to open the script and write your own presence states
    • Away does not work as a custom presence state, if you put that in no custom states will show up in the client
    • The presence states that works are: Online, Busy, and Do-Not-Disturb
  4. To run the script, just type the following in PowerShell in elevated mode from the location you saved it
    • .\Set-CsCustomPresence.ps1
    • It works for Lync and Skype for Business
    • It works for 64-bit and 32-bit office
    • It works for MSI installed Office and Click-to-Run Office
    • The xml file will get stored under c:\_CustomPresence\CustomPresence.xml if that is your systemdrive
  5. You need to sign out of the client and back in for the changes to take effect
  6. The presence states works in the following scenarios
    • On English Skype for Business clients for you and your colleagues
    • On Skype for Business clients in your local location retrieved using (Get-Culture).LCID
    • For everyone in your Colleagues relationship level as long as they are running a client language version specified above
    • If you want external contacts to see your custom presence state you need to elevate them as colleagues in the relationship pane
      • Understand that they will also see you as in a meeting, in a call, your note and your location as well
    • If you are in an environment with more than two languages for you Office deployment, make sure you add an LCID per language in the script

Download the script here and use PowerShell to control your presence using the Lync 2013 Client SDK described here

You can now control you custom presence states using PowerShell, if you have installed the SDK, using the Publish-SfBContactInformation.ps1 found on GitHub here with this syntax

Publish-SfBContactInformation -CustomActivityId 1 -PersonalNote "Getting Stuff Done" -Location "@HomeOffice"

You are now ready to use this in a Pomodoro context, read how to get started with the open source PowerShell based Pomodoro timer here: https://msunified.net/2013/11/25/lock-down-your-lync-status-and-pc-notifications-using-powershell/

How to install the Lync 2013 Client SDK

To install the Lync 2013 Client SDK you need to have administrator rights to your computer. This works on Windows 10, Windows 8, Windows 7, Lync and Skype for Business desktop clients.

Why would you install the SDK? Because you can then play with some of the client settings such as presence states using PowerShell. How can  you do that? Download and use this script. You can also use it with my Pomodoro PowerShell timer

How to installing the SDK without having to install Visual Studio

  1. Download the Lync SDK from this link, do not run the exe file
  2. To avoid the requirement to have Lync 2013 installed and the need to install Visual Studio, you need to extract the files using winrar
    • You will then get two msi files
    • Run the one that matches the bitness of your Office installation
      • To find out if you have a 64-bit Office or a 32-bit Office
        • Open Word, go to file->Account->About Word and see you version as in the picture
      • Install lyncsdk86.msi if you have a 32-bit Office
      • install lyncsdk64.msi if you have a 64-bit Office
  3. You have now successfully installed the Lync 2013 SDK
    • Microsoft has not released a SDK for Skype for Business, but the Lync 2013 Client SDK works great

To get the most out of the use of the SDK, read my blog post on creating custom presence states that you can control using the PowerShell script mentioned above with the example below

Publish-SfBContactInformation -Availability "Available" -ActivityId available -PersonalNote "Getting Stuff Done" -Location "@HomeOffice"

My thoughts on Pexip getting certified for Skype for Business

This is good news! The certification process validates the seamless way Pexip Infinity Fusion integrates with Skype for Business Server 2015 meetings. Pexip has the ability to integrate video endpoints seamless in to Skype for Business meetings so that anyone from any device can call in to a the meeting and join with audio, video and screen sharing both ways.

The Pexip and Skype for Business integration explained in one picture

Why the certification at this point?

Personally I see a lot of enterprise customers moving to Skype for Business Server for VoIP and meetings including moving their telephone conferencing solution. If the enterprise has video endpoints from other vendors the end-user story becomes complex. The goal is always to have as few options as possible when it comes to how to do meetings to ensure widespread adoption. Pexip helps with this story and they can even register endpoints directly which helps the enterprise decommission older outdated and complex video servers and still keep the meeting room investments. Another reason for this move by Microsoft is probably that Cisco has a good video interoperability story with their acquisition of Acano that happened in 2016. Also their own offering, the Video Interoperability Server (VIS) that was introduced with Lync Server 2013, has not seen much development since it’s release. The VIS role has the limitation that it only works with certain Cisco endpoints and only with internal endpoints without any firewall between the endpoints and Skype for Business Servers.

What does the integration look like?

From a video endpoint that is internally registered on separate video servers or directly to Pexip, all they have to do to join the Skype for Business meeting is dial the Skype for Business meeting conferencing ID and join directly in to the meeting. For external endpoints that is not registered to any local video servers, they need to dial skype@domain.com and type the conference ID when prompted to join the meeting. To learn more about the capabilities and setup process read my blog post on the subject

How it looks like when a Pexip registered endpoint joines a Skype for Business meeting, from my blogpost on how to set it up

Why this has a big impact for customers

A lot of enterprises moving to Skype for Business has an existing investment in video based meeting rooms. In my design process I always ask what their meeting rooms look like and what kind of equipment are being used. Many larger organization has many vendors for video and audio in their meeting rooms and are not ready to replace all that technology with Skype for Business based equipment. The Pexip integration helps them capitalize on the investment already made and still succeed with Skype for Business. This helps with flexibility when designing future meeting rooms and ends the technology debate regarding what vendor is best. You can have the best of both worlds and remove the technology barrier for meetings.

What does the certification entail?

Here is what Microsoft writes about the certification process “The Skype for Business Certification Program is designed to offer Microsoft customers badges or designations as indicators of third party solutions that demonstrate a high quality experience and compatibility when used with Skype for Business. Only products that pass the specifications outlined in the Skype for Business Certification Program can be associated with each designation. Specifications are designed specific to each category based on, but not exclusive to, industry standards, enterprise class solutions, functional interop or audio/video quality. All vendors participating in Skype for Business Certification Program participate in common support infrastructure (TSANet) for rapid resolution of support tickets.”  Read more here

In short, it means both Microsoft and Pexip has tested, adjusted and validated the integration and that both parties support the solution and will work together to resolve any unforseen issues. This is good news for customers and partners that use and work with both Microsoft and Pexip.

To sum it up

Pexip is now supported by Microsoft when integrating with Skype for Business meetings. This is good news for customers because they can now easier choose best of both worlds when designing meeting room experience. Removing the meeting technology barrier results in widespread adoption in the enterprise. The focus of this certification is clearly Skype for Business Server meeting integration for enterprises. Pexip has other capabilities such as support for hybrid topology, distributed meeting across servers in a global environment and scale-out capacity using Azure. I am looking forward to see how this relationship develops and working with helping enterprises succeed with Skype for Business user adoption in all scenarios.

References

How to Integrate Pexip with Skype for Business meetings

Skype for Business video interoperability is one of two technology barriers we need to tear down to make sure users succeed with Skype in all scenarios. Being able to invite anyone to a Skype for Business conference regardless of vendor is the key to large-scale user adoption. Pexip is one of few vendors that are able to integrate seamlessly with Skype for Business Server meetings so that anyone can call in to a Skype meeting and join with audio, video and screen sharing both ways.

In this post I will show you how to configure Pexip to integrate with Skype for Business meetings and how to test using the Pexip Infinity Connect soft-client. The goal is to have the ability to join a Skype for Business meeting with any VC Endpoint by using the Skype for Business dial-in conference ID. Read more about what features you can expect from Pexip. Here is how you do it

At the end of this post you will be able to join a Skype for Business meeting from any endpoint

You are about to learn how to do the following

  • Make sure you read my previous blog post on What you need to know to get started with a Skype for Business and Pexip PoC where I explain how to set up the Pexip servers and enable a simple test call between Pexip and Skype for Business
  • Configure direct registration of a VC Endpoint to Pexip
  • Create a new Call Routing rule for the ability to dial the Skype Conference ID directly
  • Create a Virtual Receptionist for the ability use a fixed alias to join meetings
  • Create a dial-in conferencing number and adjust the Skype meeting invitation
  • Validate the configuration by dialing in to a meeting from the Pexip Infinity Connect client
  • Next Steps

Configure direct registration of a VC Endpoint to Pexip

  • Log on to the management node web admin site
  • Navigate to Service Configuration -> Device Aliases
      • Device alias could be PexipUser@vc.contoso.com
        • vc.contoso.com is my video conferencing domain
        • My Skype for Business SIP domain is contoso.com
      • Leave the rest blank and delete the password, in that way you will not get challenged with a username and password when registering
      • Click Add Device alias
  • Click Save
  • Now we have created a user for our test client
  • next we will need to create a new call route

Create a new Call Routing rule for the ability to dial the Skype Conference ID directly

  • Navigate to Service Configuration -> Call Routing rule
  • Click Add Call Routing Rule
    • Name is Dial directly in to a Skype Meeting using conference ID
    • Priority needs to be unique and set it to 70
    • Set When Matching incoming Gateway calls to all except Lync / Skype for Business
    • Set Destination alias regex match to: (\d{5,7})(@(vc\.)?contoso\.com)?
      • This assumes your SfB Conference ID is between 5 and 7 digits, modify 5,7 to fit the lengths of your Conference IDs.
    • Set Destination alias regex replace string to: \1
    • Set Call target to Lync / Skype for Business Meeting direct (not via Virtual Reception)
      • This allows the routing rule to resolve the Conference ID to a meeting URI and connect to it directly
    • I set the Outgoing location to my primary site, MainDC
    • Make sure the correct Lync / Skype for Business server is chosen
      • in my case it is my Standard Edition server called SfB1.contoso.com
    • Click Save
    • The result of the Call Routing configuration should look like this

Create a Virtual Receptionist for the ability use a fixed alias to join meetings

  • Navigate to Service Configuration -> Virtual Reception
  • Click Add Virtual Reception
    • Name: Contoso Skype Meeting Reception
    • Show Advanced options
      • Lync/Skype for Business server: SfB1.contoso.com
        • your Skype for Business server, in my case it is the SfB1.contoso.com standard edition server
      • Lync / Skype for Business meeting lookup location: MainDC
        • The Pexip location where your Skype integrated conferencing node resides, in my case it is MainDC
    • Aliases (Typically add a few options for aliases as VC endpoints might be able to dial different things)
      • Alias1: skype@vc.contoso.com
      • Alias2: skype@contoso.com
        • in case someone types just contoso.com from a VC Endpoint
      • Alias3: skype
        • In case someone wants to just type Skype from a VC Endpoint
  • Click Save
  • Now, let’s validate the Skype for Business requirements for this to work

Create a dial-in conferencing number and adjust the Skype meeting invitation

  • On the Skype for Business Server, open Skype for Business Control Panel
  • Navigate to Conferencing -> Dial-In Access Number
    • If you have a dial-in access number already you are all set
    • If you do not have a dial-in access number and you do not have a SIP trunk integration, you can use a dummy number
      • The reason for needing the dial-in access numbers is that it will generate a conference ID with each meeting invite, this is the ID that Pexip will use to join the conference
      • Click New
        • In Display Number, type the phone number as you want it to be displayed in the meeting invitation
          • in my case it is +4721402075
        • Display name, is typically the location or country where this number is homed
          • In my case it is Norway
        • Line URI, is the actual number formatted as a line uri
          • in my case it is tel:+4721402075
        • SIP Uri should be a name and domain for the dial-in access number
          • in my case it is sip:Norway@contoso.com
        • Pool is where the number is homed, this applies if you have multiple pools
        • Choose Primary language and secondary language
        • Choose the region the number is the primary number for, in my case it is Norway
          • If you cannot find a region here, you need to add one before you can create a dial-in access number
          • You can add one by going to Voice Routing -> Dial Plan, click on Global and write a name for your region in the region field
            • If you do not want to modify Global you can either create a Site, Pool or User dialpan.
            • User dialplan needs be added manually to users.
        • Now you are ready to create and save the dial-in access number
      • Click Commit
  • Now, let’s add some text to the meeting invite to reflect the ability to join from a VC Endpoint
  • Navigate to Conferencing -> Meeting Configuration
    • Edit Global or create a new Site or Pool configuration
      • A meeting configuration will apply to all users within pool, site or global
      • In the Custom footer text type an appropriate text to reflect the Pexip integration
        • Example: To join the meeting from a Contoso video endpoint, just dial the Conference ID. To join the meeting as an external video endpoint participant use skype@vc.contoso.com and enter the Conference ID when prompted
      • If you want to change the logo url, the link needs to hosted on a public site and the size should be a gif or jpg and the maximum size of the image should be 30 pixels high by 188 pixels wide for best result
    • Click Commit
  • Now you are ready to validate the meeting join experience

Validate the configuration by dialing in to a meeting from the Pexip Infinity Connect client

  • Download the Pexip Infinity Connect client and install it
  • Click the cogwheel and type your name and scroll down to registration
    • Sign in using pexipuser@vc.contoso.com or the Device User you created
    • Server address is the IP address or FQDN to your Pexip Conferencing node
      • In my case it is pexip2.contoso.com
    • leave username and password blank as we did not specify that when creating the Device alias
    • Click Register and ok to exit the setup
  • We are going to do three tests
    1. Type testcallservice@vc.contoso.com and call the Pexip Test Call Service
      • This is a service I created in my initial setup blog post found here
      • Verify that you are able to resolve it, call it and have it play back your sound with a two second delay
    2. Call in to a Skype meeting using the Virtual Reception user we created
      • First, log on using Skype for Business and create a ad-hoc meeting
        • You can do that by clicking the cogwheel drop down in the client
        • Click Meet Now
        • When joining the meeting with your Skype for Business client, click the three dotted button and click Meeting Entry Info
        • There you will see the Conference ID for that call
      • Go back to the Pexip Infinity Client
        • Type skype@vc.contoso.com, see that it resolves presence and dial it
        • When prompted for the Lync Conference ID, type the one from the Skype meeting
          • in my case it is 11127
        • Click connect and see that you are joining the Skype for Business meeting and notice that you are joining as Pexip User and not as a Pexip conference
      • This is great stuff and it means that the Virtual Reception user we created works and that the Call Routing rule with the .+@contoso.com.* regex rule is working.
      • But there is one more thing we can test
    3. Call in to a Skype meeting by dialing directly using the Conference ID
      • This is possible for internal VC Endpoints
      • Close down any existing calls on the Pexip Infinity Client
      • In the Pexip client type the conference ID
        • In my case it is 11127
      • Call using video and verify that you are able to join the meeting directly as Pexip User
      • When this scenario succeeds it means that the Call Routing rule with (\d{5,7})(@(vc\.)?contoso\.com)? regex rule worked
    4. Celebrate that your Skype for Business meeting integration with Pexip works
      • As a bonus, you should of course be able to dial the Skype user directly from the Pexip User by using the Skype sip address and the other way around

It is always #GoodTimes when you are able to validate a new deployment

Congratulations! You have now set up a fully integrated Skype for Business and Pexip deployment. This is all there is to it and a basic video interoperability service is now in place. Your Skype for Business adoption is a key ingredient for success and there is one less blocker for widespread use of Skype in your organization. Check out the next steps below for configuring Pexip to work with external and federated traffic and how to integrate Pexip with other video systems

Next Steps

What you need to know to get started with a Skype for Business and Pexip PoC

Skype for Business video interoperability is one of two technology barriers we need to tear down to make sure users succeed with Skype in all scenarios. Being able to invite anyone to a Skype for Business conference regardless of vendor is the key to large-scale user adoption. Pexip is one of few vendors that are able to integrate seamless with Skype for Business Server meetings so that anyone can call in to a Skype meeting and join with audio, video and screen sharing both ways.

The other technology barrier is audio interoperability that we can tear down by enabling users for Enterprise Voice, but that is another story. This post is about setting up that first Proof of Concept solution on Hyper-V and be able to make a test call between the systems. The focus is internal setup. How to integrate with a Skype for Business meeting invitations is a separate blog post. Personally, I wanted to learn how to set up Pexip for Skype for Business integration. My experience with Pexip so far is that it is easy to get started with and my goal for this post is to demystify the initial setup experience.

At the end of this post you will be able to validate the setup with the Pexip Test Call Service

I will walk you through the following topics

  • What you need to know before you start
  • Setting up the management node
  • Requesting the certificate
  • Setting up the conference node
  • Configuring the integration on the Pexip side
  • Configuring the integration on the Skye for Business side
  • Validate the setup using the Pexip Test Call Service
  • Next step actions

What you need to know before you start

  • Hyper-V on Windows Server 2012 or later
    • VMware, Xen 4,2 and KVM are also supported
  • Plan for two internal nodes
    • Management node with 2 CPU cores, 100 GB of disk and 4 GB memory
    • Conferencing node with 10-12 CPU cores per socket, 1 GB of ram per core and 50 GB disk, it is recommended to have a bit of available capacity (200 GB ++) to do snapshots prior to upgrades etc
    • Read more here
  • Make sure you have an available NTP server, default suggestion is a public server
    • If your Pexip server does not have access to internet, point it to your DC, make sure UDP port 123 is accessible from non-domain joined devices
  • Plan DNS names and certificates since it is going to talk to Skype for Business, the Pexip servers need to have certificates from a trusted PKI
    • There are web-based tools available on the management node to make the request and import the pem certificates
    • you can use the same certificate on the management node and conference node as long as it contains all FQDNs
      • The integration requires that the trusted application pool name is the subject name of the certificate, in my setup the following names were used
      • pexip.contoso.com, Pexip1.contoso.com, Pexip2.contoso.com, Pexip3.contoso.com, Pexip4.contoso.com
      • the Pexip is the poolname, Pexip1 is the management node and Pexip2 is the first conferencing conferencing node
        • Pexip3 and Pexip4 is there for future conferencing nodes for high availability
    • Make sure you update internal DNS with pexip server names, pool name does not need to be in DNS, but if you want to add it, point it to your conferencing nodes
  • You also need a trial license to be able to make and receive calls through the Pexip Conferencing node, you can get a trial license through your Pexip contact

Setting up the management node

  • Head over to the Pexip Download page and download the Pexip Infinity Management Node for Microsoft Hyper-V virtual machine
  • Before you import the virtual machine, make sure you have a virtual switch you can connect it to that is in the same network as your NTP server or has internet access
  • In Hyper-V manager choose import virtual machine and navigate to the location where you extracted the Pexip Management virtual machine, click next and choose all the standard configurations.
    • When asked for a virtual switch, choose the one that has access to your NTP server or internet
  • After you have successfully imported the machine you are ready to boot it and start configuring it
  • Booting the VM you will be asked to log in as admin and change the password
    • Make sure you take note of the password you specify
  • The installation wizard will start and you will be asked to specify IP address and details for your Pexip Management node, I used the following values
    • IP Address – 192.168.10.174
    • Subnet Mask – 255.255.255.0
    • Default Gateway – 192.168.10.1
    • Hostname – Pexip1
    • Domain – contoso.com
    • DNS Servers – 192.168.10.172
      • in most cases this will be your internal DNS servers
    • NTP Servers – ntp.contoso.com
      • This is contoso.com internal ntp server residing on the domain controller
    • Web User – username for Web Administrator: web admin
    • Web Password – password for the web administrator:
      • You will use the web user and password to log in to the management webpage
    • When all values are set correctly and the Pexip server can reach the ntp server the installation wizard will finish the setup using the values specified above
      • In order to change web user password or name of the management node you will need to rerun the installation wizard and reconfigure the management node from scratch
      • The installation will look like this
  • When the wizard is finished and the Management Node has rebooted you will be able to log in to the administration website by navigating to https://pexip1.contoso.com or the IP address from a web browser
    • Now you are ready to configure the Skype for Business integration, but before that you need to assign a trusted certificate and configure a conferencing node

Requesting the certificate

  • The certificate assigned to the internal Pexip servers needs to be trusted by a local or public certificate authority
  • In this example I will generate the certificate request from the management node and use the internal PKI solution to generate the certificate
  • By importing it back in the Pexip certificate utility you will get the correctly formatted pem certificate with corresponding key
    • I am impressed by the simplicity of this tool and it is a great tool to use
    • The usual process for creating pem certificates is a mess and this is an easy and straight forward approach
  • To request and assign the certificate, the following needs to be done
    • Log in to the Pexip web admin
      • notice you will get a certificate trust issue the first time you log in
      • we will use the certificate we now request to assign to the management node as well and the certificate trust message will go away
    • Navigate to Utilities -> Certificate Signing Request and click Add Certificate signing request
        • use pexip.contoso.com as subject name, this is the Skype for Business Trusted Application Pool Name
        • Add pexip1.contoso.com, this is our management node
        • Specify custom subject alternate name as pexip2.contoso.com, this is the conferencing node we are configuring after we have imported the certificate
        • We are also adding pexip3.contoso.com and pexip4.contoso.com so that we can use the same certificate for future conferencing nodes.
    • Click Save
    • Click the newly created request and view the request details
    • At the bottom of the page you will see a download button where you can get the request file
    • Open it in notepad and copy all the text
    • Navigate to your certificate server request website
    • Click request certificate -> submit and advanced certificate request -> Submit a certificate request by using….
    • Paste your request and choose the appropriate template, typically Web Server
    • Download the Base 64 encoded certificate without chain and save your certnew.cer file
    • Navigate back to the Pexip certificate signing request
    • Import the file at the bottom of the page and confirm that the certificate text is shown in the window as shown below
    • Click Complete to finish the certificate request
    • Now you have successfully imported the request
      • verify that the status is green OK and that Found 2048 bit RSA key is present and in green
    • On this page you can assign the certificate to pexip1.contoso.com and we will use the same certificate and assign it to the conference node we will create in the next section
    • Hit Save at the bottom of the page and you have successfully imported and assigned the certificate, no reboot is required
    • You also need to make sure the Pexip servers trust the Root CA chain
      • To check if it is automatically imported, navigate to Platform Configuration -> Trusted CA certificate and see if the Root CA is assigned
      • If it is not you need to navigate to your certificate server request website again
      • This time click Download a CA certificate, certificate chain, or CRL
      • Select Base 64 and click Download CA certificate
      • Import the certificate by navigating to Platform Configuration -> Trusted CA certificate in the Pexip web admin

Setting up the conference node

  • Now you are ready to set up the Pexip Conferencing Node
  • This is surprisingly easy, just follow these steps
    • Log in to the Pexip Management Node web admin
    • Navigate to Platform Configuration -> Conferencing Nodes
    • Click Add Conferencing Node
    • Select Manual (Hyper-V)
    • Use default number of virtual cores and memory
      • If you add more cores, make sure you add 1 GB memory per core
    • Fill out as shown below, use the certificate we requested earlier containing the pool name which in my case is pexip.contoso.com
      • If the pool name is not the subject name of the certificate you will get TLS error when Skype for Business wants to set up a TLS connection to the conferencing node
      • You need to specify a system location which is basically what DNS servers to use, I called it MainDC
      • Remember to set SIP TLS FQDN. It must be set to the full hostname of this specific conference node, in my case it is pexip2.contoso.com. Make sure you are not inserting the poolname here, as it will cause failure scenarios when adding more conference nodes and a difficult troubleshooting scenario.
    • Remember to specify SSH password at the bottom of the page
    • Click Finish
    • Now you will be able to create the Hyper-V VM with the correct settings, it will get generated on the management node and then you can download it and copy it over to your Hyper-V host and import it
    • In order to correctly import the VM you can follow Pexip Director Solutions Architecture, Graham Walsh’s, post on Setting up Pexip Infinity with Microsoft Hyper-V Server 2012
    • You can start at Step Nine
    • After successfully booting the conferencing node you will see that it connected ok under Status -> Conferencing Nodes

Configuring the integration on the Pexip side

  • The Pexip side of the configuration
    • Log in to the Pexip Management Node web admin
    • Navigate to Platform Configuration -> Global Settings
      • Under Connectivity and Pexip Infinity Domain (for Lync / Skype for Business integration) set vc.contoso.com
        • which is the domain you are routing from Skype for Business to Pexip and needs to be something different from the SIP domains you have added to your Skype for Business deployment
      • Optionally you can check Enable Lync / Skype for Business auto-escalation
        • This will answer all calls with video, even though you have called with only voice from the Skype for Business client
        • Personally I think it may be confusing for VC Endpoint users to not answer with video, but that is just my thought on the subject
      • You should however check Enable Lync / Skype for Business Video-based Screen Sharing (VbSS)
        • This enables the ability to do VbSS in calls where Skype for Business is using this, it is always preferred to use VbSS whenever possible, that is why you should alway prioritize screen sharing over application sharing in Skype for Business.
        • Read about the advantages with VbSS
    • Navigate to Call Control -> Lync / Skype for Business Servers
      • Click Add Lync / Skype for Business server
      • Specify the name, Standard Edition Server name or Enterprise Edition Pool name, choose port 5061 and make sure transport is TLS
      • Click Save
    • Prepare a Pexip Test Call Service for testing purposes
      • Navigate to Service Configuration -> Test Call Service
      • Click Add Test Call Service
      • For basic test purposes you need only define the name and alias
        • The alias needs to be a domain other than Skype for Business SIP domains
        • A typical example is vc.contoso.com, we will create a static route for this domain in the Skype for Business environment
        • In my case the Name is TestCallService and alias is testcallservice@vc.contoso.com
          • I also added a second alias just called testcallservice so that VC endpoints can dial that without adding the domain
      • Click Save
    • Create Call Routing rules
      • You need to call routing rules, one for contoso.com being outgoing and one for vc.contoso.com being incoming
      • Navigate to Service Configuration -> Call Routing
      • Click Add Call Routing Rule
        • Name it Route calls from Skype for Business
        • Priority 40, this value needs to be unique
        • Check incoming gateway calls
        • Check Match Lync /Skype for Business (MS-SIP)
        • Set Destination alias regex match .+@vc.contoso.com
        • Protocol on outgoing call placement should be SIP
        • Click Save
      • Add another Call Routing rule by clicking Add Call Routing Rule
        • Name it Route calls to Skype for Business
        • Priority 60, this value needs to be unique
        • Check incoming gateway calls
        • Check Match all other than Lync / Skype for Business
        • Check Match against full alias URI
          • This is important for the Pexip Virtual Reception to resolve Conferencing ID’s on the Skype for Business server
        • Set Destination alias regex match .+@contoso.com.*
          • The .* at the end is there for match against aliases that contain parameters after the domain portion and enables the Virtual Receptionist to discover the Conference ID on the Skype for Business server
          • Read my post on how to set up Conference ID integration here
        • Set Call target to Lync / Skype for Business clients, or meetings via a Virtual Reception
        • Set Lync / Skype for Business Server to SfB1.contoso.comClick Save and add another
    • The result of the Call Routing configuration should look like this
    • Add conferencing licenses
      • Obtain a license from your Pexip contact
      • Navigate to Platform Configuration -> Licensing
      • activate the license(es) you have received

Configuring the integration on the Skype for Business side

  • The Skype for Business part of the configuration can all be done through PowerShell
    • I have created a simple script you can run line by line in order to make sure the configuration is done correct
    • To run the configuration, log on to your Skype for Business server where Skype for Business management tools are installed, with a user that is CSsAdministrator
    • Run PowerShell ISE as administrator and paste the text below in to the text editor
      • in order to copy the text, double-click in the window, select all and copy the plain text
      • Make sure you edit the variables with the values that apply to your environment
    • Run the lines one by one in your environment
    • To get a more detailed explanation, check out the Pexip documentation
break #Just in case you accidentally run the entire script in PowerShell ISE
#Specify the trustedapplication poolname
$TrustedApplicationPoolName = "pexip.contoso.com"
#Specify the Trusted Application name
$TrustedApplicationName = "pexip"
#Specify the conferencing node fqdn
$ConferencingNodeFQDN = "pexip2.contoso.com"
#Specify the static route sip domain, typically vc.domain.com
$StaticRouteSIPDomain = "vc.contoso.com"
#Find and create a variable for the registrar you want to add the pexip integration for
Get-CsService -Registrar | ft identity
#create the variable
$RegistrarFQDN = "SfB1.contoso.com"

#Create the trusted applicationpool where you can add multiple conferencing nodes
New-CsTrustedApplicationPool -Identity $TrustedApplicationPoolName -ComputerFqdn $ConferencingNodeFQDN -Registrar $RegistrarFQDN -Site 1 -RequiresReplication $false -ThrottleAsServer $true -TreatAsAuthenticated $true
#To add more nodes, use the below syntax
New-CsTrustedApplicationComputer -Identity pexip3.contoso.com -Pool pexip.contoso.com
#Add the trusted application to the trustedapplication pool
New-CsTrustedApplication -Applicationid $TrustedApplicationName -TrustedApplicationPoolFqdn $TrustedApplicationPoolName -Port 5061
#In order to tell Skype for Business where to route SIP traffic for Pexip conference calls, you need to create a static route for our vc domain
#use Get-CsStaticRoutingConfiguration to check if there are existing static routes added, 
Get-CsStaticRoutingConfiguration
#if no existing routes are found use the New-CsStaticRoutingConfiguration to create static route, if it does exist, skip thenNew-CsStaticRoutingConfiguration cmdlet
New-CsStaticRoutingConfiguration -Identity "Service:Registrar:$RegistrarFQDN"
$route = New-CsStaticRoute -TLSRoute -Destination $TrustedApplicationPoolName -Port 5061 -MatchUri "$StaticRouteSIPDomain" -UseDefaultCertificate $true
Set-CsStaticRoutingConfiguration -Identity "Service:Registrar:$RegistrarFQDN" -Route @{Add=$route}
#Enable the new configuration
Enable-CsTopology
#Check the Trusted Application Pool configuration
Get-CsTrustedApplicationPool
#Check the Trusted Application Computer
Get-CsTrustedApplicationComputer
  • Now you are ready to make test calls

Validate the setup using the Pexip Test Call Service

  • The goal of this blog post is to help you get the basic Skype for Business and Pexip integration set up correct
  • We will validate the configuration by making a test call from the Test Call Service testcallservice@vc.contoso.com to a Skype for Business user and we will make sure we can add the meeting room to a Skype for Business contact list and see that it resolves presence and are able to call the meeting room
  • To make a call from the Pexip Test Call Service
    • Log in to the Pexip Management Node web admin
    • Navigate to Service Configuration -> Test Call Service
    • Click the VMR we created earlier called TestCallService
    • At the bottom of the page you click Dial out to participant
      • Specify Participant alias to be the sip address you are logged in with using your Skype for Business client.
        • I am logged in with adrianl@contoso.com
      • On Protocol, specify Lync / Skype for Business (MS-SIP)
      • Since we have only set up and internal solution, no firewalls should block the path between the client and the Pexip Conferencing node
      • Click Dial out to participant and you should receive the call from Pexip on your Skype for Business client, answer using video and verify that you are able to connect and can hear and see yourself with a 2 second delay
      • You will get an incoming call from TestCallService
    • Answer it and make sure you can hear the service asking you to count to three and that you can hear yourself with a two second delay
  • To make a call from a Skype for Business client
    • Search for and add testcallservice@vc.contoso.com to your contact list
    • Verify that it resolves the name of the room and presence
    • Make a video call and verify that you connect ok to the Pexip Test Call Service and that you can hear yourself with a two second delay

Congratulations! You have now set up a basic Pexip setup with your Skype for Business deployment. This is all there is to it, but of course there is more that needs to be done in order to have a fully integrated video interoperability service. Check out my post on how to integrate Pexip with Skype for Business meetings. There you will learn how to complete Skype for Business and Pexip integration with the ability to join Skype for Business meeting from any video system either directly or via a Pexip Virtual Receptionist.

Next Steps

Proud to be contributing on the Fourth Edition of Office 365 for IT Pros book

I think that search engines are loosing their powers in an evergreen and ever changing Cloud World. When searching failed me for learning what I needed about Office 365 Groups I found that the Office 365 for IT Pros book had the angle and up to date answers I needed. It is kept up to date by MVPs who work with and understand the technology for what it is and what it’s not, so you know you get an up to date and thoughtful answer. It covers all of Office 365 with practical examples to get you started. I strongly believe in this format moving forward since it is difficult to search for Groups or Teams online, and when you find articles they are half a year old and may or may not be outdated. To make sure I stay up to date on my core knowledge, I offered my services to write about Skype for Business Online and hybrid. I am happy to be accepted in to the team with Tony Redmond, Michael Van Horenbeeck and Paul Cunningham. I look forward to contribute to a great collection of knowledge. The fourth edition is planned for a June 1st release, read more about it here

Totally recommend Office 365 for IT Pros if you are an Office 365 admin or consultant. Get it here

 

Join my full online day on how to design #Skype4B voice in a cloud first world

aufkyjhqijj5si381hic

Join me March 3oth for my full online day on how to design Skype for Business in a cloud first world. Because of the high score at the last IT/Dev Connections session I did october 2016 Penton asked if I could do a full day, and it is a huge honor to get the chance. I will focus on three topics

  • How to think when designing global voice solutions with Skype for Business.
  • Explore online, hybrid and on-premises deployments and how Azure MFA plays in to the mix.
  • Deep dive in to codecs, protocols, routing and the optimal media path

Skype for Business Online is a different kind of infrastructure technology than the rest of Office 365 and I will focus on helping you understand how to prepare for success. I will answer live Q&A during the sessions, so make sure you sign up!

 

Talking about #Skype4B design @NICconf

logoFebruary 2nd I have the honor of speaking at the Nordic Infrastructure Conference 2017 for the 6th consecutive year. This is a premiere event with a great expo hall and a list of world known speakers such as Johan Arwidmark, Sami Laiho, Wally Mead to name a few.

I will talk about how I design voice solutions with Skype for Business where I will share my three main design principles. Make sure you catch it if you are wondering about how to design in a cloud first world. Check it out and sign up here

payoff

Office 365 Multi-Factor Authentication requirements explained

Short version

mf_authMulti-Factor Authentication (MFA) in Office 365 is dependent on Modern Authentication which is oAuth 2.0 via ADAL that authenticates the user in Azure AD

Longer version with links to deep dives

  • What is MFA?
    • Multi-Factor Authentication (MFA) in Office 365 requires Modern Authentication (oAuth2.0 + ADAL) to be enabled for the clients and services that are going to use MFA
    • MFA, Two-step verification, is a method of authentication that requires more than one verification method combined with the Azure Authenticator App, SMS or phone call verification
    • Read more here
  • What is Modern Authentication?
    • Modern Authentication is oAuth 2.0 used via ADAL to enable newer applications (Outlook, Word, OneNote, Skype for Business and other Office applications) to authenticate to services such as Skype for Business, Exchange and SharePoint
    • In Office 2013 march 2015 update and later Modern Authentication is supported and in Office 2016it is enabled by default and will use an in-application browser control to render the Azure AD sign-in experience
    • Read more here
  • What is oAuth?
    • Open Authentication 2.0 (oAuth 2.0) is used as a component via ADAL as the web-based authorization flow between servers or clients and servers
    • Read more here
  • What is ADAL?
    • Microsoft Azure Active Directory Authentication Library (ADAL) is a tool in the .NET framework that lets client applications authenticate users to Office 365 and Azure AD
    • Read more here
  • Two options are available for SSO with on-premises AD that requires Modern Authentication
    • Pass Through Authentication (PTA)
      • Works with Office 365 only
      • Enabled on latest AADC with outbound connection only, no DMZ server
      • Just set up several AADC and it is automatically loadbalanced resulting in low operational cost
      • Does not store password in Azure AD, authenticates user in on-premises AD first and presents MFA after that if enabled
      • In combination with password sync you are not dependent on AADC uptime
      • Read more here and here
    • ADFS 3.0
      • Used for hybrid Skype for Business and Exchange environments
        • Skype for Business server Hybrid supports Modern Authentication, but will do NTLM authentication to on-premises AD and give MFA pop-up when authenticating to Exchange Online, read more here 
        • I recommend Pointsharp MFA for on-premises and hybrid Skype for Business deployments
        • Exchange Server hybrid requires MFA Server, read more here
        • For best Azure MFA result an Online only deployment is recommended
      • ADFS is best for larger organizations
      • More complex and requires proxy servers in DMZ with public IP and Certificate
      • Requires loadbalancer for high-availability
      • Is required when doing MFA with Smart Card, 3rd party tokens and certificate based authentication
      • Read more here
  • You can now use Microsoft Intune to control MFA options and turn of MFA for certain subnets and conditions, read more here
  • Read about conditional access, MFA with Intune Hybrid and SCCM
  • Use Azure AD Premium with automated password roll-over for business social media profiles protected by a MFA enabled identity with centrally controlled delegation, read more here

mfastalehansen