Kurt Shintaku's Blog

For those looking to script configurations in Microsoft Teams, the following links should be helpful.

• Microsoft Teams PowerShell Overview
  https://docs.microsoft.com/en-us/MicrosoftTeams/teams-powershell-overview
• Microsoft Teams 1.16: Microsoft Teams cmdlets module for Windows PowerShell and PowerShell Core
  https://www.powershellgallery.com/packages/MicrosoftTeams/1.1.6

Microsoft Teams Governance is documented in the articles below.

• Plan for governance in Teams
  Teams provides a rich set of tools to implement any governance capabilities your organization might require. This article guides IT pros to ask the right questions to determine their requirements for governance, and how to meet them.
  https://docs.microsoft.com/en-us/MicrosoftTeams/plan-teams-governance
• Governance quick start for Microsoft Teams
  The following activities will happen simultaneously, and they may involve all or part of your key team. As a best practice, defer large-scale governance and security conversations for after you have completed your initial experimentation with Teams. It is important to understand how governance decisions may impact the end-user experience and will simplify the decisions you will need to make at that later date.
  https://docs.microsoft.com/en-us/microsoftteams/teams-adoption-governance-quick-start
• Create and test an approval workflow with Power Automate
  A Microsoft Teams Governance practice is to enable Approval Workflow such that to create a new team, users need to make a request.
  https://techcommunity.microsoft.com/t5/microsoft-teams-blog/get-faster-results-with-approvals-in-microsoft-teams/ba-p/1680743
  https://docs.microsoft.com/en-us/power-automate/modern-approvals
  https://techcommunity.microsoft.com/t5/microsoft-teams-blog/automate-teams-provisioning-with-the-request-a-team-app-template/ba-p/1390964
• Private channels in Microsoft Teams
  Private channels in Microsoft Teams create focused spaces for collaboration within your teams. Only the users on the team who are owners or members of the private channel can access the channel. Anyone, including guests, can be added as a member of a private channel as long as they are already members of the team.
  https://docs.microsoft.com/en-us/microsoftteams/private-channels
• Manage tags in Microsoft Teams
  Tags in Microsoft Teams let users quickly and easily connect with a subset of people on a team. You can create and assign custom tags to categorize people based on attributes, such as role, project, skill, or location. Or, tags can be automatically assigned to people based on their schedule and shift information in the Shifts app (coming soon). After a tag is added to one or multiple team members, it can be used in @mentions by anyone on the team in a channel post or to start a conversation with only those people who are assigned that tag.
  https://docs.microsoft.com/en-us/microsoftteams/manage-tags
• Manage app setup policies in Microsoft Teams
  As an admin, you can use app setup policies to do the following tasks:
• Customize Teams to highlight the apps that are most important for your users. You choose the apps to pin and set the order that they appear. Pinning apps lets you showcase apps that users in your organization need, including apps built by third parties or by developers in your organization.
• Control whether users can pin apps to Teams.
• Install apps on behalf of users (in preview). You choose which apps are installed by default for users when they start Teams. Keep in mind that users can still install apps themselves if the app permission policy that’s assigned to them allows it
  https://docs.microsoft.com/en-us/microsoftteams/teams-app-setup-policies
  
• Turn on or turn off guest access to Microsoft Teams
  By default, guest access is turned off. You must turn on guest access for Teams before admins or team owners can add guests.
  After you turn on guest access, it may take a few hours for the changes to take effect. If a user sees the message "Contact your administrator" when they try to add a guest to their team, it’s likely that either guest access hasn’t been turned on or the settings aren’t effective yet.
  https://docs.microsoft.com/en-us/microsoftteams/set-up-guests
  
• Calling policies in Microsoft Teams
  In Microsoft Teams, calling policies control which calling and call forwarding features are available to users. Calling policies determine whether a user can make private calls, use call forwarding or simultaneous ringing to other users or external phone numbers, route calls to voicemail, send calls to call groups, use delegation for inbound and outbound calls, and so on.
  You can use the global (Org-wide default) policy that’s created automatically or create and assign custom policies.
  https://docs.microsoft.com/en-us/MicrosoftTeams/teams-calling-policy
  
• Manage meeting policies in Teams
  Meeting policies are used to control the features that are available to meeting participants for meetings that are scheduled by users in your organization. You can use the global (Org-wide default) policy that’s automatically created or create and assign custom policies. You manage meeting policies in the Microsoft Teams admin center or by using PowerShell.
  https://docs.microsoft.com/en-us/microsoftteams/meeting-policies-in-teams
• Manage Microsoft Teams settings for your organization
  You manage apps for your organization in Teams apps in the Microsoft Teams admin center. For example, you can set policies to control what apps are available org-wide or to specific Teams users and you can customize Teams by pinning the apps that are most important for your users.
  You can control organization-wide user settings in the Microsoft Teams admin center. To edit org-wide settings, go to the Microsoft Teams admin center, and then select Org-wide settings. You can configure the following settings.
  https://docs.microsoft.com/en-us/microsoftteams/enable-features-office-365
• Manage teams policies in Microsoft Teams
  As an admin, you can use teams policies in Microsoft Teams to control what users in your organization can do in teams and channels. For example, you can set whether users are allowed to create private channels.
  https://docs.microsoft.com/en-us/MicrosoftTeams/teams-policies
• Microsoft 365 group expiration policy (Requires “Azure Active Directory Premium P1” license)
  With the increase in usage of Microsoft 365 groups and Microsoft Teams, administrators and users need a way to clean up unused groups and teams. A Microsoft 365 groups expiration policy can help remove inactive groups from the system and make things cleaner.
  When a group expires, all of its associated services (the mailbox, Planner, SharePoint site, team, etc.) are also deleted.
  When a group expires it is "soft-deleted" which means it can still be recovered for up to 30 days.
  https://docs.microsoft.com/en-us/microsoft-365/solutions/microsoft-365-groups-expiration-policy
  
• Microsoft 365 groups naming policy (Requires “Azure Active Directory Premium P1” license)
  You can use a group naming policy to enforce a consistent naming strategy for groups created by users in your organization. A naming policy can help you and your users identify the function of the group, membership, geographic region, or who created the group. The naming policy can also help categorize groups in the address book. You can use the policy to block specific words from being used in group names and aliases.
  The naming policy is applied to groups that are created across all groups workloads (like Outlook, Microsoft Teams, SharePoint, Planner, Yammer, etc.). It gets applied to both the group name and group alias. It gets applied when a user creates a group and when group name or alias is edited for an existing group.
  https://docs.microsoft.com/en-us/microsoft-365/solutions/groups-naming-policy
• Dynamic membership rules for groups in Azure Active Directory (Requires “Azure Active Directory Premium P1” license)
  In Azure Active Directory (Azure AD), you can create complex attribute-based rules to enable dynamic memberships for groups. Dynamic group membership reduces the administrative overhead of adding and removing users. This article details the properties and syntax to create dynamic membership rules for users or devices. You can set up a rule for dynamic membership on security groups or Microsoft 365 groups.
  https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-membership
• Overview of dynamic membership for teams
  Microsoft Teams supports teams associated with Microsoft 365 groups by using dynamic membership. Dynamic membership enables the membership of a team to be defined by one or more rules that check for certain user attributes in Azure Active Directory (Azure AD). Users are automatically added or removed to the correct teams as user attributes change or users join and leave the tenant.
  https://docs.microsoft.com/en-us/microsoftteams/dynamic-memberships

The Microsoft Cybersecurity Reference Architecture (https://aka.ms/MCRA) describes Microsoft’s cybersecurity capabilities and how they integrate with existing security architectures and capabilities.

We have seen this document used for several purposes by our customers and internal teams (beyond a geeky wall decoration to shock and impress your cubicle neighbors 🙂

• Starting template for a security architecture – The most common use case we see is that organizations use the document to help define a target state for cybersecurity capabilities. Organizations find this architecture useful because it covers capabilities across the modern enterprise estate that now spans on-premise, mobile devices, many clouds, and IoT / Operational Technology.
• Comparison reference for security capabilities – We know of several organizations that have marked up a printed copy with what capabilities they already own from various Microsoft license suites (many customers don’t know they own quite a bit of this technology), which ones they already have in place (from Microsoft or partner/3rd party), and which ones are new and could fill a need.
• Learn about Microsoft capabilities – In presentation mode, each capability has a "ScreenTip" with a short description of each capability + a link to documentation on that capability to learn more.
• Learn about Microsoft’s integration investments – The architecture includes visuals of key integration points with partner capabilities (e.g. SIEM/Log integration, Security Appliances in Azure, DLP integration, and more) and within our own product capabilities among (e.g. Advanced Threat Protection, Conditional Access, and more).
• Learn about Cybersecurity – We have also heard reports of folks new to cybersecurity using this as a learning tool as they prepare for their first career or a career change.

Get it here:

• DOWNLOAD: Microsoft Cybersecurity Reference Architecture
  http://aka.ms/mcra

Highly secure and forward-thinking, Azure powers government missions across a broad range of data classifications and tactical scenarios from intelligent cloud to intelligent edge.

Discover the wide range of new Azure services and capabilities to help government organizations meet their critical needs—both today and tomorrow.

• Date/Time:
  Wednesday, November 18, 2020 | 10:00AM – 1:30 PM PST
• Registration:
  https://info.microsoft.com/en-us-landing-WhatsNewinAzureGovernment-none.html

Did you know there’s a special trick that enables you to automatically register any SQL Server Virtual Machines running in your Azure subscription as SQL workloads in the Azure Portal?

• Register Your Azure SQL Virtual Machines with SQL Server IaaS Agent extension today
  “…simply tick a consent checkbox and allow Microsoft to automatically register all existing and future SQL Server Virtual Machines in your subscription”
  https://azure.microsoft.com/en-us/updates/register-your-azure-sql-virtual-machines-with-sql-server-iaas-agent-extension-today/

If you enable this switch in your Azure Portal, any new Azure VMs running SQL Server get automatically discovered & registered in Azure Portal Management as “SQL Resources” & are simultaneously prepped for “Automated Management”, without *any* disruption to the VM’s operation.

WHY DOES ONE CARE?
By doing this, you get the benefits of SQL IaaS “Lightweight Management” Mode for all SQL Server VMs – at no cost!:

1. Registers the VM as a SQL resource in Azure Portal – enabling views & dashboards that “catch” any and all SQL resources in a group or the subscription
2. Enables the Azure Administrator to “discover” SQL workloads that “pop up” in their subscription to ensure they are properly licensed or applying Azure Hybrid Benefit to reduce the VM operational cost
3. Enables changing the SQL Server license type/edition on the fly to ensure it matches one’s licensing
4. Installs the SQL IaaS extension binaries on the VM – but does NOT reboot the VM nor consume CPU cycles
5. Simplifies compliance by notifying Microsoft that Azure Hybrid Benefit is enabled, a requirement per Product Terms
6. Enables administrators to easily step up to SQL IaaS “Full Management” mode during a maintenance window
   (Full Management provides Automated Backup, Automated Patching, Azure Key Vault Integration, etc. – for FREE)

Details here:

• Automatic registration with SQL VM resource provider
  https://docs.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/sql-vm-resource-provider-automatic-registration?tabs=azure-cli
• What is the SQL Server IaaS Agent extension?
  https://docs.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/sql-server-iaas-agent-extension-automate-management?tabs=azure-cli

Customers leveraging Microsoft 365 E3 & E5 are well-positioned in the Gartner Magic Quadrant for “Enterprise Information Archiving” through its solutions in Microsoft 365 E3 & E5.

“I am delighted to announce that Gartner has listed Microsoft as a Leader in its 2020 Magic Quadrant for Enterprise Information Archiving. This is the third consecutive year that Microsoft has been recognized as a Leader in this critical space. To us, this recognition reinforces our leadership in innovative data governance, archiving, eDiscovery, and compliance solutions.”

For more information & to download the report, visit:

• NEWS: Microsoft recognized as a Leader in the 2020 Gartner Magic Quadrant for Enterprise Information Archiving (Oct 2020)
  https://www.microsoft.com/security/blog/2020/11/05/microsoft-recognized-as-a-leader-in-the-2020-gartner-magic-quadrant-for-enterprise-information-archiving/

This is old news but for the purposes to making sure folks know:

Office 2016 connectivity support for Office 365 services
In addition, we are modifying the Office 365 services system requirements related to service connectivity. In February, we announced that starting October 13, 2020, customers will need Office 365 ProPlus or Office 2019 clients in mainstream support to connect to Office 365 services. To give you more time to transition fully to the cloud, we are now modifying that policy and will continue to support Office 2016 connections with the Office 365 services through October 2023.

The previous support end date was October 2020.  Basically, connectivity from Office Professional Plus 2016 was gonna be “no longer supported” after this month.  This support statement changed as you can see.

(It’s buried at the bottom of this post so I wanted to highlight it for those who needed it)

• ANNOUNCEMENT: “Helping customers shift to a modern desktop”
  https://www.microsoft.com/en-us/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop/

Interested in posting a message in a Microsoft Team when an VM in Azure goes down?

I thought this might be a cool exercise for folks invested in both Azure & Teams. Using these instructions, when an Azure-based VM goes down, a message is sent directly into a Teams channel for people to know.

Here’s the step-by-step instructions on how to accomplish this using simple Azure Logic Apps & Azure Resource Health:

• Step-by-Step: Azure Resource Health alert into Microsoft Teams
  https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-azure-resource-health-alert-into-microsoft-teams/ba-p/1817484?Wt.mc_id=modinfra-10514-socuff

Here’s some newsletters that we publish that everyone can enroll in:

• Microsoft Power BI Newsletter
  Take your data to the next level with the best tips and tricks from our experts.
  https://powerbi.microsoft.com/en-us/newsletter/
• Microsoft Dynamics 365 Newsletter
  Get Dynamics 365 product news, announcements, customer success stories, and details on upcoming events—delivered right to your inbox.
  https://dynamics.microsoft.com/en-us/newsletter/
• Microsoft Quantum Computing Newsletter
  Sign up for the newsletter on quantum computing from Microsoft and learn more about the revolutionary topological approach to quantum computing that helps you perform computations longer and more consistently.
  https://info.microsoft.com/Quantum-Computing-Newsletter-Signup.html
• Microsoft.Source newsletter
  Get the latest articles, documentation, and events from Microsoft.Source—the curated monthly developer community newsletter
  https://azure.microsoft.com/en-us/resources/join-the-azure-developer-community/
• Microsoft Research Newsletter
  Sign up to receive highlights from research areas such as AI, systems, security, programming, theory and other sciences
  https://note.microsoft.com/ww-registration-microsoft-research-newsletter-s.html

One of my favorite Azure services is Azure Files.  It’s so elegantly simple:  It delivers SMB/NFS/CIFS file shares & storage… from the cloud.

• It provides access to files securely over SMB, NFS or CIFS to clients
• It can alternatively provide a file cache on-prem & sync files  between on-prem file shares and the cloud (using an installable sync service)
• It can archive files that aren’t used often to the cloud in cheap, tiered storage & display stubs in the directory for files that aren’t on-prem and will be retrieved from the cloud
• It can provide antivirus, file backups, encryption & file level restores, all in the cloud.

Here’s an overview of how it works:

(https://www.youtube.com/watch?v=nfWLO7F52-s)