Thursday 18 October 2018

Microsoft Teams leads the way in team collaboration

At the start of this year Microsoft announced it had 120 million subscribed Office applications users. Of these, Microsoft expects 70% to migrate onto Office 365 and Teams collaboration in 2019. This contrasts with Slack which despite the media hype announced in May it has 8 million active users. Slack and a myriad of other collaboration systems have been around for some time now whereas Teams is the new kid on the block with a lot of growing to do. 

Nemertes, a global research advisory, conducted their 2018-19 team collaboration study which involved more than 600 companies and found that less than 28% were using a team collaboration tool. From that study the chart below depicts current market breakdown with Microsoft Teams taking the lead at nearly 33% from Cisco Sparks 21%:

Image: Courtesy of Nemertes

Teams is not simply the new team messaging and collaboration tool, it's a new way of working that is aligned to the modern ways in which people naturally interact with one another. It's part of the O365 stack of services which are offered bundled with the single user license model that provides the other workspace apps and services; Outlook, Excel, OneDrive etc. Teams bubbles up that workspace information bringing context but can do so much more.

Many of those 120 million Office users will transition their workspace applications to Office 365 and use Teams, not because it's a better collaboration tool but because it's effectively free for them. Within my customer base the intent for transitioning to Teams as both a collaboration tool and communication system is significantly high. Smaller organisations migrating to Office 365 (<500 seats) will not be offered Skype for Business, Teams is the only UC client the will receive now.
With Microsoft integrating into Teams the services Skype for Business online delivers including PSTN calling, audio conferencing and Teams agents for 3rd party contact centres, it will offer functionality far beyond the competition enabling more of those existing 120 million Office users to adopt Teams as their single communication and team collaboration platform. When we check back in a year from now I wonder how much of that pie chart will have turned green.

Friday 12 October 2018

Direct Routing with Microsoft Teams

From Microsoft Ignite 2018, the call routing algorithm used by Microsoft Teams that permits coexistence of Calling Plans and Direct Routing within the same tenant. This is especially useful for global migration to Teams in which some regions may not have calling plan availability. 

In most cases however, calling plans will prove an expensive option as each user enabled for Teams Phone System must also have a Calling Plan subscription if they intend to route PSTN calls via Microsoft. It’s a 1-1 mapping of users to licenses although all minutes, both national and international, are pooled across the tenant. 

For all but the smallest organisations Direct Routing will be the better commercial decision permitting businesses to scale their voice channels against the current / projected busy hour usage. This is typically a 1-10 mapping of channels to users and with a SIP provider that offers bundled minutes it’s around four times lower monthly cost than Microsoft Calling plans.

For some organisations Direct Routing can be consumed from a carrier directly without need for on premise infrastructure and “as a service.” For others, Direct Routing offers an opportunity to integrate with existing on premise systems to facilitate a phased migration rather than direct cutover or for permanent coexistence with existing on premise communication services.

To evaluate the benefits of Teams PSTN calling in a small POC type project it's simple to add Direct Routing to an existing O365 tenant and on premise SBC. The steps below outline the process for the Office 365 side.

Initiate a PowerShell session and connect to the MSOL Service.
Step 1:  Pair SBC to O365
New-CsOnlinePSTNGateway -FQDN GW1.contoso.com -SipSignalingPort 5061 MaxConcurrentSessions 10 -Enabled $true

(Configure –Enabled $false to drain the gateway for maintenance and conclusion of POC. This will prevent new active calls from being routed to this gateway.)

Step 2: Add a new PSTN Usage
Set-CsOnlinePSTNUsage -Identity Global -Usage @{Add=”UK”}

Step 3: Create a Voice Route
New-CsOnlineVoiceRoute -Identity “UK” -NumberPattern “^\+\d+” -OnlinePSTNGatewayList GW1.contoso.com -OnlinePstnUsages “UK

Step 4: Create Voice Routing Policy
New-CsOnlineVoiceRoutingPolicy “UK” -OnlinePstnUsages “UK”

Step 5: Assign Voice Routing Policy to Test User
Grant-CsOnlineVoiceRoutingPolicy -Identity “test.user” -PolicyName “UK”

Step 6: Enable Test User for Teams Phone System and Azure Voicemail
Set-CsUser -Identity test.user@contoso.com -EnterpriseVoiceEnabled $true -HostedVoiceMail $true -OnPremLineURI tel:+4412345678

Once complete log in as the test user and check Teams now shows the calls icon within the sidebar of the client. 

The SBC side of the configuration will vary depending upon the vendor. All leading manufacturers maintain detailed guides on their websites but be aware of the guidance below:

DNS
  • Ensure the SBC can resolve Sip.pstnhub.microsoft.com – global primary Azure DC, Sip2.pstnhub.microsoft.com – Secondary Azure DC priority region, Sip3.pstnhub.microsoft.com – Tertiary Azure DC priority region.
  • Create a Public DNS A record for the Direct Routing Trunk FQDN and public IP.

Certificates
  • SIP Trunks for Teams must use secure TLS so a new public certificate may be required for the SBC with the FQDN of the SBC.
  • Deploy the Cyber Baltimore Trusted Root Certificate for Microsoft Phone System to the SBC. Make sure to add sip-all.pstnhub.microsoft.com to the Federated IP/FQDN list.

Friday 27 July 2018

Skype for Business 2019

Skype for Business server 2019 is now available from Microsoft for public preview as of July 24th. 

It will be available for general release toward the end of the year with a hybrid mode deployment enabling the on-premise infrastructure to leverage Cloud services including;
  • Cloud Voicemail (when Exchange Sever 2019 is deployed.)
  • Automated process for migrations to Microsoft Teams which will ultimately become the single communication & collaboration toolset for Microsoft.
  • Cloud Auto Attendant.
  • Cloud Call Data Connector, no need to store and provision QoE databases on premise, this data is now uploaded to Microsoft's cloud and accessed via the Call Quality Dashboard (QCD.)
Microsoft Office 2019 will ship in the final quarter of the year and includes a new Skype for Business client to use with the server toolset.

Support lifecycle has been aligned with the rest of the 2019 products with mainstream support ending in 2023 (5 years) and extended support until 2025.
Will this be the last Skype for Business client / server application Microsoft release? Who knows, but customers that do not wish to migrate to Teams have at least another five years on the SfB platform with guaranteed supportability.

Tuesday 10 July 2018

Microsoft Teams Phone System Coexistence

Microsoft Teams Direct Routing is finally out of preview and available now for customer solutions providing an important new architecture for voice routing.

To make use of PSTN calling within Teams users must either have the Phone System add-on license for their O/M365 plan or a plan that incorporates Phone System such as E5. This is the same as it was for Skype for Business online however up until now Teams PSTN calling could only be achieved in a pure cloud model using Calling Plans for Office 365 – Telstra Calling. The issue here being Calling Plans are available only for certain territories ruling out much of the globe from PSTN capabilities within Teams. Calling plans can prove expensive especially for larger businesses as each user effectively leases a single trunk whereas with an on premise solution we may provide one trunk per ten users. It also presents no option for coexistence between the legacy on premise platforms increasing cost and risk during migrations, especially when it's a slow, phased migration with parallel run needs measured in years.

With Skype for Business we had a potential although less than ideal solution with the Cloud Connector Edition (CCE.) This later became an embedded option within the ASM modules of leading session border controller vendors Audiocodes and Ribbon (Sonus.) CCE allowed office 365 homed Skype for Business users to route their calls via local SBC appliances and either onto SIP services or interwork with existing PABX’s. Teams does not make use of CCE which is a good thing but there is also no option for Skype for Business to use Direct Routing. To be able to route Teams PSTN calls via local SIP services Direct Routing is required. Microsoft have established a SIP Proxy service within Office 365 that facilitates connection of the SIP trunk (bring your own SIP trunk as it used to be known.) To connect with the service a certified Session Border Controller is required, currently only models from Audiocodes and Ribbon are supported and it’s only a firmware update, so existing SBC’s can provide Direct Routing. This also includes models that incorporate CCE such as Ribbons CloudLink and Audiocodes CloudBond systems and that’s good news because we can now support Skype for Business online users and Teams users that both require on premise PSTN integration from the same appliance as shown below.

Courtesy of Ribbon
Users must be provisioned with a PSTN number that terminates on premise but other users in the organisation can be assigned DDI’s from a Microsoft Calling Plan. The use of an optimised SBC with Direct Routing support means we have great flexibility in transitioning a customer to Teams Phone System and retaining interoperability with Skype for Business and legacy communications users. This is important as Teams is best suited to collaborative worker types and until we have supported desk phones, attendant console and contact centre the bulk of a user base will not wish to transition to Teams for their communications tool.

There are still key issues to address and media bypass is at the top of that list. With the current implementation all call media will route via Microsoft cloud based infrastructure meaning in most cases call legs will traverse the Internet limiting scope for end to end QoS and adding unnecessary hops to the call. However this feature, along with others, is on the horizon and should not be an issue for most considering adoption in the near future.

Thursday 17 May 2018

Polycom Phones for Microsoft Teams


As customers consider their options for migration to Microsoft Teams modern Phone System it’s worth observing that Polycom, Microsoft leading AV partner, have made several key announcements recently. 
All Polycom devices certified for Skype for Business online are supported by Teams. So Teams will support both the VVX range of business media phones and the Trio 8800 & 8500 conference phones. Although the Trio can be considered an audio video conference device it was only ever certified on Microsoft’s audio track. If ordering new devices it is best to procure the “Microsoft edition” versions as these will arrive preinstalled with the correct profile and license (SKU’s ending with 019.)
Polycom did originally announce that LPE phones would also be supported but this is now no longer the case for several reasons; mainstream support has already ended for LPE and O365 enforces TSL 1.2 from November this year. Polycom will release new software for existing phones and a Teams native mode for the Trio 8800 conference phone was presented at partner connect in March, see graphic below.
The user experience will remain the same when a user is migrated from Skype to Teams with the following points: 
Polycom Trio 8800 - Teams (Landis Technologies LLC (c))
·       All Skype for Business sign-in capabilities will remain unchanged
·       Skype for Business users will be able to make and receive calls on their phones with no change to their current experience
·       Presence information will work
·       Users will still have access to their corporate and local directories 
·       All existing Skype for Business meeting capabilities will continue to work
Microsoft have announced that when a user is migrated additional features will be realised:
·       Incoming/outgoing P2P calls (when calling a Teams-enabled Skype for Business phone user)
·       In-call controls via UI (mute, hold/resume, transfer, end call)
·       Phone notifications about upcoming meetings
·       Calendar access and meeting details
·       One-click join for prescheduled meetings
·       Mute/unmute for conferences
·       List of meeting participants
·       Hold/resume for conferences
·       Hang up from conference calls
·       Ability for IP phones to add another Skype for Business user to an ongoing meeting   by using the ‘Add Participant’ feature
In addition to the existing line-up already Teams ready, Polycom will introduce a new range of desk phones for Teams in 2019. These will be designed with the features that are on the Microsoft roadmap in mind and provide a similar user experience to that of the Teams mobile client, specifically touch driven input.

Wednesday 16 May 2018

Anywhere 365 Contact Centre for Microsoft Phone System Architecture

Anywhere365 Universal Contact Centre is a native Skype for Business on premise and Cloud PBX (Modern Phone System) solution. It’s a great product and the guys at Workstream People are developing it rapidly so we have answers for every request that our customers can make.

For deployments against on premise Skype for Business the GoLive section of their website features detailed architectural reference models which are extremely useful but for deployments against Microsoft Modern Phone System things aren’t so clear.

An Anywhere UCC is deployed into the Skype for Business topology as a trusted application server and for Skype for Business online the topology is controlled by Microsoft so we can’t do this therefore pure public cloud solutions are not supported. This is important when we think to the future and Direct Routing with Teams. 
So how do we approach the increasing number of customers wanting to migrate into Microsoft cloud for a range of services including Phone System to maximise their E5 usage but also require cloud contact centre in as neat a packaged service as possible?

Although Cloud Connector Edition (CCE) is supported as far as the PSTN routing is concerned, CCE does not contain a front end server and while Audiocodes CloudBond OPCH does and may seem like an option it’s not. Both active and queued calls in Anywhere, like most Skype for Business native contact centres, are delivered as audio conferences. This consumes resources that the lightweight OPCH appliance does not have.
Anywhere365 Cloud Model
The solution is to deploy a Skype for Business topology within the datacentre as a hosted solution that can be scaled as required. This topology will not home any users and can be used for multiple UCC customers. This is because UCC supports federated agents, yes there are a few minor feature limitations, but this allows the customers to migrate to Microsoft cloud voice and still adopt Anywhere as their contact centre solution. Each customer can be provisioned with one or more UCC servers as required against the single Skype for Business topology and their data kept separate within dedicated SQL databases for each UCC. Simply add the required Skype online federated users to the required UCC’s and its ready to go. Each UCC will operate independently and be configured from its own SharePoint site.
There is still the issue of the Interceptor to address. This is an Anywhere application service installed onto the Front end server designed to hook any direct inbound or outbound calls to agent SIP URI’s and initiate call recording. Only with Microsoft Phone System the agents are Skype for Business online users so the Interceptor will not know if calls are made to or by them. Luckily there is a workaround, Anywhere can be used exclusively by agents from the Skype for Business soft client – chat commands control agent sign-in / out and status etc. But Workstream have built the inflight Snapper which can be run on any agent’s machine. The snapper can show a mini wallboard, various stats, includes buttons for reason codes, sign-in / out but also a dialler. If the agents use this dialler for outbound calls they will be captured and recorded. So we are only left with direct incoming calls to agents that cannot be recorded and most customers tend to exclude these from their compliance requirements anyway.

If Anywhere is needed for just a single customer then a consolidated Skype for Business deployment could be considered using Standard Edition to keep the server count and cost much lower.
For now, it seems we have a workable solution for many customers moving to Microsoft cloud voice, but with no more active development for their online Skype for Business service and Teams being positioned as the future for communications and collaboration how will both Microsoft and the Contact Centre partners ensure customer are investing in a future fit service?

Thursday 7 November 2013

Microsoft Lync Zero Day Attack




On 5th November the Microsoft zero-day vulnerability was reported by McAfee Labs senior security researcher Haifei Li. The bug affects a range of products including Lync clients. Microsoft have been informed of on-going targeted attacks mostly in the Middle East and South Asia that have exploited this flaw.
The vulnerability is due to a bug in the handling of TIFF files and results in memory corruption which can be exploited to gain elevated access to the targeted system.

Lync products affected include:
Microsoft $100,000 Bug Reward

Lync 2010 x86, x64
Lync 2010 Attendee
Lync 2013 x86, x64
Lync Basic 2013 x86, x64
Office 365 is not affected by the exploit.

Microsoft have released a temporary patch to block rendering of the TIFF format using the registry mod below: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Gdiplus\DisableTIFFCodec = 1

Microsoft advise installing EMET (the Enhanced Mitigation Experience Toolkit) that is able to mitigate this exploit in advance when any of the following mitigations are enabled for Office binaries:
Multiple ROP mitigations (StackPointer, Caller, SimExec, MemProt) available in EMET 4.0
Other mitigations (MandatoryASLR, EAF, HeapSpray ) included in EMET 3.0 and 4.0

EMET can be deployed via group policy or SCCM for blanket coverage of all vulnerable clients.