Azure vSBC App Registration for Teams Direct Routing (Cont)

Teams SBA registration was showing different errors due to couple reasons and this article share the experience i went through on that. 

This is the 3rd error

Classic mistake i did was coping the Secret ID provided below because in Microsoft article says Application (Client ID) and Client secret. 

I copied the Secret ID (which is wrong) instead of that it should be Value should be copied and thats the client secret.

Following is from Azure App registration. 

Thanks to Nathan, he had a chance to work on App registration for another product prior and he was showing the mistake.

This was the 1st issue which i faced, during that time i created the secret ID and App ID which i was used in wrong way but the error message i got was nothing to do with it. My expectation was is secret is wrong then Auth failure in seconds.

This was the 2nd issue, This came when i try to do it on the SBA by providing Azure Application credential (being global administrator will do) 

One of the following permission will do and check the Microsoft Article on App registration on Azure - Quickstart: Register an app in the Microsoft identity platform - Microsoft Entra | Microsoft Docs

-     Application administrator

-     Application developer

-     Cloud application administrator

Microsoft Teams user administration using Set-CsOnlineVoicemailUserSettings

Now tenant admin can help with user for custom greetings, 

DefaultGreetingPromptOverwrite and DefaultOofGreetingPromptOverwrite many other user settings on behalf of users. This may help to end users when they are away to set up forwarding rules to another colleague or external number etc.

Set-CsUserCallingSettings -Identity "madushka@abc.com" -IsForwardingEnabled $True -ForwardingType Immediate -ForwardingTarget taniya@abc.com -ForwardingTargetType SingleTarget - Verbose

Note: You must have PhoneSystem License attached for you to have this forwarding to a another person. Basically both users must have PhoneSystem License. 

Forward to external number when you try this make sure you are using E.164 standard for phone numbers. 

Set-CsUserCallingSettings -Identity "madushka@abc.com"  -IsForwardingEnabled $True -ForwardingType Simultaneous -ForwardingTargetType SingleTarget -ForwardingTarget "+1365888xxx" - Verbose

Note: You must have PhoneSystem License attached for you to have this forwarding to a number. 

Immediate transfer to voicemail 

Set-CsUserCallingSettings -Identity madushka@abc.com -IsForwardingEnabled $true -ForwardingType Immediate -ForwardingTargetType Voicemail -Verbose

Delegate scenario when manager secretary or Team member after few seconds rings Unanswered delay is 30sec

Set-CsUserCallingSettings -Identity madushka@abc.com - IsUnansweredEnabled $true -UnansweredTargetType MyDelegates -UnansweredDelay 00:00:30

You can review the change settings by following PS commands

Get-CsUserCallingSettings -Identity "madushka@abc.com" | fl

Finally removed the configuration 

Make sure once end user comeback from vacation or whenever user want change it, use following PS command. Which will reset user configuration what you made. 

Set-CsUserCallingSettings -Identity madushka@abc.com -IsForwardingEnabled $false

Enjoy!

Teams - SfB Hybrid and federation

Hosting Provider 

To share the same SIP address in On-prem and online (Teams) required hybrid to set/change Hosting Provider. 

for you to run get-cshostingProvider you will required Skype for business Online (old) module or Skype for business ISO mount and install the tools.

Hosting provider identity should be Office365 

Proxy FQDN should be "sipfed.online.lync.com"

Enable to $True

Enabled Shared Address Space $True

Host OCSUsers    $True

VerificationLevel    $True

AutoDiscoverUrl  need to set https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root

 

Tenant Federation Configuration 

SharedSIPAddressSpace should be True 

Access Edge Configuration 

Make sure set all the important properties you need to True 

Check default configuration in this article - Manage Access Edge Configuration for your organization - Skype for Business Server 2015 | Microsoft Docs

Teams Auto Attendant (AA) configure with External number dialing

 

I had a scenario where porting is completing and customer end devices are not ready/late delivery to the location. Had many user numbers and many reception numbers, which i didn't port everything but partial porting and this is one of the number +1 365 xxx 421 and since it is "ServiceNumber" from Local telco. 

Due to the device not availability delay i have to look for an option asap.

Option #1 - Convert this number to user number and add forwarder to reception number. it can be Teams client or may be number forwarded.

Option #2 - Do the option#1 part of it and forward immediate Voicemail but for how many days? This wont be an option :D 

Option #3 - Create new Auto Attendant immediately and Add the greeting (just like other reception number) so no one feel a difference or changes. Then all the call forwarded to existing to reception number: +1 365 xxx 6226 (Not migrated reception/main line)

Best option will be Option #3 and i have created AA and added a greeting and in the call routing options I select to External phone number which will ring the existing reception number. 

 

Unfortunately it was not working and i was checking the license etc for AA is all good. i had a Microsoft Phone System standard - Virtual User license for AA. 

           Fixed: It was for External call to be forwarded as redirect option from Auto Attendant it required Calling plan to be assigned but getting an error due to conflict of some license. 

i assumed this was due to bundle license option and it had some license was conflicting. what i did was following and kept only domestic calling plan and assign to Auto Attendant addition Microsoft PhoneSystem standard - Virtual User license and everything works well. Try this and enjoy! 

   

Azure vSBC App Registration for Teams Direct Routing

For virtual SBC to be connected with the M365 Tenant and this will be done via Azure App Registration - Direct Routing SBA - Microsoft Teams | Microsoft Docs

above article shows given the requirement but thought it will be better if someone write about the steps 

It has 4 major steps (Not really major :) )

1. Register the application

2. Set the implicit grant tokens

3. Set the API permissions 

4. Create the client secret

However, for above steps even to start you will required the Azure Tenant Permission after you create the vSBC on it. 

Following screen you will receive if permission is not available when you try to create an app on Azure AD

Permission require: for this question to answer wont be able to find it on above Direct Routing SBA article and it will be mention on this - Quickstart: Register an app in the Microsoft identity platform - Microsoft Entra | Microsoft Docs

Once you have above permission/one of the permission 

Cloud Application/Application administrator or Developer

Access the portal - https://portal.azure.com or https://aad.portal.azure.com 

 

Create App registration and provide a name for Application. select the account/tenant name and click register.

Redirect url can be optional at this point 

There will be Application (client) ID, Object ID, Directory (tenant) ID will be there. 

Next we will required to add the platform and it is under authentication section. Select authentication and click add platform on that windows will take us to  platform types and we will required to choice web and provide/insert url given in the Microsoft Article provided.

Web option selected in the following step 

make sure check the following options in the implicit grant and hybrid flows and click configure. 

Next will be API Permission 

Go to the API Permission and click add permission.

This take us to REQUEST permission section and it will have following options and we will required to select API my organization uses. 

You will be able to search existing list of which is my org/tenant already have and in use. 

Look for Skype and Teams Tenant Admin API 

Required to provide permission for application in the following section 

Once you add it will shows grant pending permission and it should be grant manually this section itself. 

Next will be Application secret 

Go to the certificates and secrets section and 

Select the New client secret and add the name for the secret and define the expiration period. In my case i added 24 months since my public cert also 12 months renewal. So its good to aware we have some stuffs and expiration while IT folk are in sleep :) 

this will provide the Client Value and Secret ID and which we need for SBC configuration. Following window might be different from Ribbon to AudioCodes however both required Azure App registration for vSBCs.

Classic mistake i did was coping the Secret ID provided below because in Microsoft article says Application (Client ID) and Client secret. 

Following is from Azure App registration. 

I copied the Secret ID (which is wrong) instead of that it should be Value should be copied and thats the client secret.

Thanks to Nathan, he had a chance to work on App registration for another product prior and he was showing the mistake.

Teams Calling | Number porting diary - Day 3

Port-out from Microsoft 

Interesting requirement came today for me which is port-out from Microsoft. Most common request which we get everyday port-in request, but this requirement which they have fully went on cloud (Teams born) environment both of them look for moving some numbers to local telco with Direct Routing SBC at premises. My customer is trying to achieve on-prem PBX integration and also some numbers are plan to use for elevators and guards with analog devices.

Basically on this process, customer need a Microsoft 365 port out PIN to be created.  

How to set up your PIN:

   1.Sign into Office 365 with your work or school account

   2.Go to the Office 365 admin center > Admin centers > Teams Admin Center

   3.In the left navigation, choose Voice > Actions (on right top) > Manage Porting  PIN

     

   4.Click Set up and manage the PIN that is used for transferring or porting numbers to another service carrier

   5.In the Set or change your port out PIN panel, enter your PIN and click Save

The process will take 14 days but practically if you provide all the details on the LOA correctly it can be get it done even within 8 days according to my experience. 

Once you submitted the request to the local telco you can share the ticket details with PTN team where you can get help to expedite the process. Microsoft process was pretty straight forward compare to legacy telco. 

 Teams dial pad is missing - 5 items to check!

In my personal experience even you Move users (Move-CsUser) it doesnt mean it will be all activate in the Microsoft Teams backend. It will take time to replicate microservices and sometimes it goes up to 24hrs. 

Following 4 items are important  

- Phone system license attached with the user 

- SfB Online Plan 2 License 

 -EnterpriseVoiceEnabled

 - Hosting provider change to sipfed.online.lync.com 

 - CsOnlineVoicePolicy is assigned to the user or calling plan

 

 

  

How to check this using PowerShell, Connect to Teams using PowerShell and 

Get-CsOnlineUser -identity <mailaddress@abc.com> | ft *LineUri, HostingProvider, EnterpriseVoiceEnabled

In my personal experience make sure above items are in checked. 

and addition to above items you can check this tool too - Dial pad in missing in Teams - Microsoft Teams | Microsoft Docs 

M365 Secure score - Turn on the common attachments filter setting for Anti-malware on EOP

This filter will help us to prevent certain types of files that are risker to send and receive via emails. To make sure these file types don't get through, enable the common attachment filter.  

How to access -  https://security.microsoft.com/ then go to Policies & Rules > Threat policies > Anti-Malware

It will have a long list 

You can use the default list of file types or customize it. 

Messages with the specified attachments types are treated as malware and are automatically quarantined. 

Change notification status to different organization requirement. 

Teams Calling | Number porting diary - Day 2

Find the LOAs for Teams Calling migration

Following URL will be the listed every LOA and LOA format will be different from each market/country and also requirement will be different from telco to telco.

 Phone number management for Canada - Microsoft Teams | Microsoft Docs

This article will have all the LOA for Subscriber Numbers (DID), Service Numbers (AA, CQ) and Toll-free. 

When you submit a LOA it will be important to filled it correctly and include correct information to reduce number rejections from the telco. In this case it will be Microsoft TN support team (PTN) team (which mention in my previous article). 

- BTN (Billing Telephone Number) mentioned in the ER (Equipment Record) or  CSR (Customer Service Record). 

- Account Number can be found on the bill or ER/CSR

- Signatory Name of the person of the organization and this can be change when person is left organization via direct email from the client to respective telco. 

- Service Address mentioned correctly (it can be multiple service address)

- Company Name without a mistake not even a dot :)  

I got many LOA rejected for very simple things but it is not simple because its purely security purpose they validate those.

ER - Term mostly used by Canada telecom providers/ISP

Teams Calling number porting diary - Day 3

 

DNS Suffix , Internal DNS zones, External DNS (M365_UCTechiLab#5) - AD and Exchange 2016

DNS Suffix , Internal DNS zones, External DNS (M365_UCTechiLab#5) - AD and Exchange 2016

Access the AD Server and DNS and Create new DNS Zone. 

I would suggest to fix the it/DNS suffix add then you can verify by accessing the ADUC and create user 

For DNS work in the Exchange and also AADConnect to verify UPNSuffix we should have domain in the both side of the ADs. AAD will have the automatically when we verify part of the tenant verification by adding a CNAME in public domain where you have domain records. Addition to that if you dont have this in AD DNS (On-Prem) then you will required to add. 

Follow the steps and it will be straight forward in new environment and if you already using this domain in your exchange then this wont be a problem or not required to create. 

Go to Active Directory Server (AD) > AD Domains and Trusts 

 

Right click on top Active Directory Domains and Trust > UPN Suffixes and Add the UPN you required 

Once you save above settings. When you try to create users you able to see that. 

for DNS zone we will be creating new zone under this name 

next step

 

Add the domain you which you created in the DNS Suffix

Do not allow dynamic updates 

Completed

Zone will be created 

Adding Exchange A records on all new zones 

Teams Calling | Number porting diary - Day 1

During my time at Microsoft I did not have a chance to migrate any customer since Microsoft Calling plan was not available for Asia Pacific.

The list of articles here are all my experiences with migrations to Teams calling plan and also from Teams calling plan to Telco porting. I searched in several places for documentations by individuals about the process and how to proceed, and I did not have much luck in my search. Hence, I thought why not I give back to the community about my daily hustle in summary.

Number porting can be very simple to complex, this completely depends on the environment, the type of numbers available in that environment, their usage, and the level of knowledge the customer has about their own environment. Prior to submitting any order (be it Microsoft or any Telco around the world), number planning is required, and the entire process can consume many hours.

Porting request submission 

Porting request(s) can be submitted from two locations:

1.  Teams Admin Center (TAC) > Voice 

2. Access via PTN portal - https://pstnsd.powerappsportals.com/ 

 

Teams Calling | Number porting diary - Day 2