Set Custom Policies in Skype for Business Online

For those who have worked with Skype for Business Online (SfBO) policies, you know that the policies which govern user behavior and features are pre-configured with defaults for the Office 365 SfBO tenant.

This was somewhat painful for a couple of reasons:

  • Policies which had a large number of settings (e.g. Conferencing), had to have a huge number of default policies to cover all the combination of features enabled/disabled
  • Organizations could not set customer specific set of features to create policies which matched their needs.

Skype for Business Server 2015 On-premises of course allows the creation of custom policies. This is starting to be available with SfB Online. 

Recently the ability to create custom policies for these 4 policy types was added to Skype for Business Online:

  1. Conferencing
  2. Client
  3. Mobility
  4. Caller-ID (** not sure if this policy is used yet in SfBO, but the cmdlet’s exist to Set and Get policies of this type)

This means there are new cmdlet’s to create new policies, and change settings on existing policies of these types. These are reflected in the traditional associated New & Set cmdlets (see below).

Tip – you cannot use the correspond Set cmdlet’s to change default policies of these types that are there as part of the Office 365 tenant.

The rest of this article details the default policy for each policy type, and the PowerShell cmdlets to create and configure them.

Note: the cmdlet name is a hyperlink to the TechNet documentation.

Conferencing

Default Policy Given to a new user: BposSAllModality

Get-CsConferencingPolicy

Returns information about the conferencing policies that have been configured for use in your organization. Conferencing policies determine the features and capabilities that can be used in a conference; this includes everything from whether or not the conference can include IP audio and video to the maximum number of people who can attend a meeting.

Set-CsConferencingPolicy

Modifies an existing conferencing policy. Conferencing policies determine the features and capabilities that can be used in a conference; this includes everything from whether or not the conference can include IP audio and video to the maximum number of people who can attend a meeting.

Cmdlet to assign to a user : Grant-CsConferencingPolicy (link to on-premises documentation)

 

Client

Default Policy Given to a new user: ClientPolicyDefault

Get-CsClientPolicy (There is no TechNet help for the SfB online; this link is the on-premises version)
Returns information about the client policies configured for use in your organization. Among other things, client policies help determine the features of Skype for Business Server 2015 that are available to users; for example, you might give some users the right to transfer files while denying this right to other users.

Set-CsClientPolicy (There are a huge number of options for this cmdlet and no online help; this link is the on-premises version)
Modifies the property values of an existing client policy. Among other things, client policies help determine the features of Skype for Business that are available to users; for example, you might give some users the right to transfer files while denying this right to other users.

Cmdlet to assign to a user : Grant-CsClientPolicy

 

Mobility

Default Policy Given to a new user: MobilityEnableOutsideVoiced

Get-CsMobilityPolicy (There is no TechNet help for the SfB online; this link is the on-premises version)

Retrieves information about the mobility policies currently in use in an organization. Mobility policies determine whether or not a user can use Skype for Business Mobile. These policies also manage a user’s ability to employ Call via Work, a feature that enables users to make and receive phone calls on their mobile phone by using their work phone number instead of their mobile phone number. Mobility policies can also be used to require Wi-Fi connections when making or receiving calls

Set-CsMobilityPolicy (There is no TechNet help for the SfB online; this link is the on-premises version)

Modifies an existing mobility policy. Mobility policies determine whether or not a user can use Skype for Business Mobile. These policies also manage a user’s ability to employ Call via Work, a feature that enables users to make and receive phone calls on their mobile phone by using their work phone number instead of their mobile phone number. Mobility policies can also be used to require Wi-Fi connections when making or receiving calls

Cmdlet to assign to a user: Grant-CsMobilityPolicy (link to on-premises help version)

 

Caller-ID

The caller-id policies are very new and govern the caller-id feature for users such as whether another another number can be shown as the outbound caller-id. There is no help available (for either the on-premises or online versions), so the command line syntax is shown for each cmdlet.

Default Policy Given to a new user: <None>

Get-CsCallerIdPolicy

SYNTAX
    Get-CsCallerIdPolicy [-Identity <XdsIdentity>] [-BypassDualWrite <$true | $false>] [-LocalStore <SwitchParameter>] [-Tenant <Guid>] [<CommonParameters>]
   
    Get-CsCallerIdPolicy [-Filter <String>] [-BypassDualWrite <$true | $false>] [-LocalStore <SwitchParameter>] [-Tenant <Guid>] [<CommonParameters>]

Set-CsCallerIdPolicy

SYNTAX
    Set-CsCallerIdPolicy [-Identity <XdsIdentity>] [-BypassDualWrite <$true | $false>] [-CallerIDSubstitute <Anonymous | Service | LineUri>] [-Confirm <SwitchParameter>]
    [-Description <String>] [-EnableUserOverride <$true | $false>] [-Force <SwitchParameter>] [-Name <String>] [-ServiceNumber <String>] [-Tenant <Guid>] [-WhatIf
    <SwitchParameter>] [<CommonParameters>]
   
    Set-CsCallerIdPolicy [-Instance <PSObject>] [-BypassDualWrite <$true | $false>] [-CallerIDSubstitute <Anonymous | Service | LineUri>] [-Confirm <SwitchParameter>]
    [-Description <String>] [-EnableUserOverride <$true | $false>] [-Force <SwitchParameter>] [-Name <String>] [-ServiceNumber <String>] [-Tenant <Guid>] [-WhatIf
    <SwitchParameter>] [<CommonParameters>]

Cmdlet to assign to a user: Grant-CsClientPolicy

Generating a List of Available Skype for Business Online PowerShell Cmdlets with Documentation

The Skype for Business Online (SfBO) PowerShell Module is the primary command line management tool for Administrators.

New users of this module are often surprised to learn that the cmdlets exposed by this module are not defined in the Skype for Business Online PowerShell module itself. Instead, the SfBO PowerShell Module creates an implicit remote PowerShell session and imports the cmdlet definitions from the Online SfBO tenant. The cmdlet’s made available in this module therefore could vary by tenant (i.e. based on the type of licensed Office 365 tenant), and be changed online in the tenant (i.e. by Microsoft) without releasing a new PowerShell module (which is installed locally).

Significant changes to the online cmdlet’s are usually well communicated, but as the SfB online service quickly evolves, changes can happen before they are well communicated. For this reason, and to learn what cmdlet’s are available for SfBO administration, I often enumerate the available cmdlet’s in several of my tenants.

The available cmdlet’s in any SfBO tenant can be easily retrieved using PowerShell by finding the associated local temporary PowerShell module associated with any current SfBO PowerShell session and enumerating the cmdlet’s available in that module.  Displaying a list of cmdlet’s to the PowerShell console is not much use however – it is hard to get a handle on what cmdlet’s are available, what they do, and what differences might exist between tenants (since the last time the cmdlet’s were enumerated).

Inspired by fellow MVP Pat Richard’s script for retrieving a convenient list of Skype for Business on-premises PowerShell cmdlet (see “All Skype for Business 2015 Cmdlets and the Default RBAC Roles That Can Use Them”) which includes help information such as the Synopsis and a link the online TechNet help for that cmdlet, I wrote a script which does the following:

  1. Retrieves all of the SfB online cmdlets available in the tenant – including the help descriptions and links to the online help for that cmdlet (if it exists).
  2. Optionally produces a nice HTML report of all the available SfBO cmdlet’s using a really useful PowerShell module named “ReportHTML” by Matthew Quickenden (See PowerShell module called Generate HTML Reports by Matthew Quickenden to get this module).
  3. Optionally saves it to a CSV file

The script is below. By default both the HTML and CSV reports are produced but this can be easily changed with two boolean input parameters to the script representing each type of report.

Some notes on using this script:

  1. It can take a long time (~10 minutes) to finish – why?  The script is calling Get-Help on every cmdlet it finds to get the description and links to online help. This can take awhile.
  2. Make sure the ReportHTML module installed to make the HTML reporting work.
  3. If you are in a SfB hybrid configuration, the OverrideAdminDomain parameter in the New-CSOnlineSession call will likely be required for the remote SfBO session to be established.  See the nodes in the script.
  4. Some cmdlet’s do not have TechNet documentation. Other cmdlet’s have a TechNet link but it is broken – nothing is posted at that link. Most do have links and they open a separate window with the help.

An recent example of the HTML report – which represents all of the SfBO cmdlet’s available on an E3 tenant as of March 2017 - is here:

> http://insidelync.com/Tools/SfBO_Cmdlets.html.

image

 

The Script

The script is published on the TechNet script gallery here: https://gallery.technet.microsoft.com/Get-a-List-of-Available-6de74e51. This is where I will keep it up-to-date.

<#
.SYNOPSIS
    Get-SfBOCmdlets.ps1 – Get’s all the cmdlet’s availalble and their help informaiton for an Online Tenant.

.DESCRIPTION
    This powershell script retrieves all the cmdlet’s available in an SfBO tenants,
    including the help description, and link to online cmdlet help, and optionally
    produces a nicely formatted HTML report and CSV file with all the cmdlet information.

    See http://blog.insidelync.com/2017/03/generating-a-list-of-available-skype-for-business-online-powershell-cmdlets-help-information/

.INPUT
    Skype for Business Online Administrative Username/Password for the tenant (manual prompt), and
    optional parameters for the type of output reports desired.

.PARAMS
    ProduceHTMLReport – Boolean to produce an HTML report (default = true)
    ProduceHTMLReport – Boolean to produce an HTML report (default = true)

.OUTPUTS
    All the cmdlet’s and information about each one.

.NOTES
    ** Need to modify the New-CSOnlineSession session (see below) for a hybrid SfB domain

.EXAMPLE
   .\Get-SfBOCmdlets.ps1 -ProduceHTMLReport $true -ProduceCSVReport $false

Written by: Curtis Johnstone
    www.InsideSkype.com
    www.InsideMicrosoft.com

Special Thanks to Pat Richards for this script: https://www.ucunleashed.com/3691.
   
#>

param (
    [bool] $ProduceHTMLReport = $true,
    [bool] $ProduceCSVReport = $true
    )

Function GetSfBOCmdlets
{
    Write-Output "About to retrieve available online cmdlets and associated help information"

    Import-Module -Name SkypeOnlineConnector

    $Credential = Get-Credential

    # use the -OverrideAdminDomain parameter for a hybrid SfB domain; see http://www.ucblog.co.uk/?p=25
    $sfBOSession = New-CSOnlineSession -credential $Credential # -OverrideAdminDomain
   
    $implicit_PS = Import-PSSession $SFBOSession -AllowClobber

    if ($SFBOSession -eq $null)
    {
        Write-Error "There was a problem establishing the remote session to the SfBO tenant. Aborting"
        exit
    }

    $global:objectCollection = @()

    $all_cmdlets = Get-Command -Module $implicit_PS.Name | Sort-Object Name

    foreach ($cmdlet in $all_cmdlets)
    {

        $cmdletHelp = $(Get-Help $cmdlet)
  
        [string] $synopsis = $cmdletHelp.Synopsis
        if ($synopsis -eq $null) { $synopsis = "" }
        if ($synopsis -eq "Provide the topic introduction here.")
            { $synopsis = "" }
   
        [string] $description = $cmdletHelp.Description
        if ($description -eq $null)
            { $description = "<blank>" }      

        [string] $onlineHelpURI = (($cmdletHelp.relatedLinks.navigationLink | Where-Object {$_.linkText -match "Online Version"}).uri) `
            -replace "EN-US/",""

        $onlineHelpURI = $onlineHelpURI.Trim();

        if ($onlineHelpURI -eq "")
        {
            $hyperLink = "Not available";
        }
        else
        {
            $hyperLinkName = $cmdlet.Name

            # these are magic keywords that the ReportHTML module uses to create hyuperlinks – use the Get-HTMLReportHelp cmdlet for more info
            [string] $hyperLink = "URL01NEW{0}URL02{1}URL03" -f $onlineHelpURI, $hyperLinkName
        }

        $object = New-Object –Type PSObject
        $object | Add-Member –Type NoteProperty –Name CmdletName -Value $cmdlet.Name
        $object | Add-Member –Type NoteProperty –Name Synopsis -Value $synopsis
        $object | Add-Member –Type NoteProperty –Name "TechNet Documentation Link" -Value $hyperLink

        $global:objectCollection += $object
    }

    # clean up remote powershell sessions and resources

    if ($implicit_PS -ne $null)
        { $implicit_PS = $null }

    if ($sfBOSession -ne $null)
        { Remove-PSSession $SFBOSession }
   
    Write-Output "Finished retrieving online cmdlets"

}

Function ProduceHTMLReport
{
    # requires the ReportHTML module (https://www.powershellgallery.com/packages/ReportHTML)
    Import-Module ReportHTML

    $htmlReportPath = $env:UserProfile + "\Documents"
    $htmlReportFile = $htmlReportPath + "\SfBO_Cmdlets.html"

    # $nc = $global:objectCollection | select CmdletName, Synopsis, "TechNet Documentation Link"

    $nc = $global:objectCollection

    $rpt = @()
    $rpt += Get-HtmlOpenPage -TitleText  ("Skype for Business Online Cmdlets") -LeftLogoName Blank -RightLogoName Blank

    $rpt += Get-HtmlContentOpen -HeaderText "Cmdlets"
    $rpt += Get-HtmlContentTable $nc
    $rpt += Get-HtmlContentClose
    $rpt += Get-HtmlClosePage

    Write-Output "Producing HTML report here: $htmlReportFile"

    $rpt > $htmlReportFile

    # display html report
    Invoke-Item $htmlReportFile
    Sleep 1
}

Function ProduceCSVReport
{
    $csvReportPath = $env:UserProfile + "\Documents"
    $csvReportFile = $csvReportPath + "\SfBO_Cmdlets.csv"

    Write-Output "Producing csv report here: $csvReportFile"

    $global:objectCollection | Export-Csv -Path $csvReportFile -NoTypeInformation -Encoding UTF8
}

Write-Output "Script is Starting"
Write-Output "Produce HTML Report? $produceHTMLReport"
Write-Output "Produce CSV Report? $produceCSVReport"

# retrieve the cmdlet listing
GetSfBOCmdlets

if ($produceHTMLReport)
    { ProduceHTMLReport }

if ($produceCSVReport)
    { ProduceCSVReport }

Write-Output "Script complete"

 

References and More Information

The Microsoft Skype for Business Online (SfBO) PowerShell Module

The ReportHTML PowerShell Module in the PowerShell Gallery – by Matthew Quickenden

Pat Richards All Skype for Business 2015 Cmdlets and the Default RBAC Roles That Can Use Them

Getting the Distribution of Skype for Business Online Registrar Pools used in an Office 365 Tenant

Much like Skype for Business on-premises users, each Skype for Business Online (SfBO) user has a home pool. This home pool consists of multiple SfB servers running in Office 365 data centers. On sign-in, the each SfBO user establishes a Skype for Business session with one of the SfB servers in that home pool.  It is also the users’ home pool for any conferences they host (organize), which determines where the media (audio, video, screen sharing) is broadcast from. These servers reside in different Office 365 data centers, and knowing which online SfB registrar pools are being used, and by which users, can help troubleshoot sign-in issues, configure firewalls, and understand underlying conferencing performance.

Below is the PowerShell to get a distribution of which online SfBO registrar’s pools are in use for your tenant, and which are used by specific users.

The PowerShell leverages the Skype for Business Online PowerShell module.  It uses the Get-CsOnlineUser cmdlet to retrieve the home registrar pool for each user, and does a simple grouping to figure out how many users are hosted on that online registrar.

#  Retrieves the Skype for Business Online Registrar Pool Distribution

Import-Module -Name SkypeOnlineConnector
$Credential = Get-Credential
$SFBOSession = New-CSOnlineSession -credential $Credential # -OverrideAdminDomain
# http://www.ucblog.co.uk/?p=25

# supress the output of importing the PS Session (not needed; save in case we do need it)
$output = Import-PSSession $SFBOSession -AllowClobber

$fullUserListing = Get-CsOnlineUser

$registrarPoolDist = @($fullUserListing | Where-Object {$_.RegistrarPool -ne $null} `
    | select RegistrarPool, SipAddress | Group-Object RegistrarPool)

foreach ($regPool in $registrarPoolDist)
{
    Write-Output ($regPool.Name + " is hosting " + $regPool.Count + " Skype for Business Online Users.")
   
    foreach ($user in @($regPool.Group))
    {
        Write-Output ("`t`t User: " + $user.SipAddress)

    }
    Write-Output "`n"
        
}

# clean up
if ($SFBOSession -ne $null)
{
    Remove-PSSession $SFBOSession
}

Here is the sample output from a small North American E3 tenant with 8 SfBO users:

image

We can see the distribution of the number of users hosted in each online registrar pool, and which users are hosted on them.

The script is published and updated on the TechNet Gallery here: https://gallery.technet.microsoft.com/Getting-the-Distribution-a951d362.

Behind the Scenes look at the Skype for Business Online PowerShell Module

As Skype for Business Online (SfBO) adoption on Office 365 continues to grow, more organizations are turning to PowerShell to manage the SfBO tenant and users.

The Skype for Business PowerShell Module used to the connect to the tenant is interesting.  Knowing a little but about how this module works behind the scene’s can go a long way to understanding any issues that come up.

There are 3 things you need to do to connect to your Skype for Business Online tenant with PowerShell using the SfBO PowerShell Module:

Action PowerShell to Accomplish It Notes
Import the SkypeOnlineConnector Import-Module -Name SkypeOnlineConnector  
Establish a New Remote SfBO PowerShell Session $SFBOSession = New-CSOnlineSession -credential $Credential  $Credential holds the SfBO admin credentials to the tenant
Import the remote session into your local PowerShell session Import-PSSession $SFBOSession –AllowClobber The –AllowClobber parameter will allow us to redefine any existing cmdlet’s with the same name in our local PowerShell session.

This blog entry details what each of these 3 steps are doing behind the scene’s.

 

Import the SkypeOnlineConnector

This Import-Module cmdlet makes the SkypeOnlineConnector module available in the local PowerShell session (e.g. in the console or ISE).

The module is usually installed locally here:

C:\Program Files\Common Files\Skype for Business Online\Modules\SkypeOnlineConnector

The interesting thing is this, unlike many other Microsoft modules, it is script module – meaning the whole module is defined in a PowerShell script that you can read for yourself.  It is located in this PowerShell file:

SkypeOnlineConnectorStartup.psm1

When we open this script, we see the following 2 PowerShell function definitions which define the cmdlet’s which allow us to establish the remote PowerShell session, and import the cmdlet’s:

  1. New-CsOnlineSession
  2. Set-WinRMNetworkDelayMS

 

Establish a New Remote SfBO PowerShell Session

Next, let’s look at what these two cmdlet’s do exactly:

$Credential = Get-Credential

$SFBOSession = New-CSOnlineSession -credential $Credential

As we noted above, the New-CsOnlineSession is a function defined in the PowerShell module. The function description inside the script describes perfectly what it does:

Creates a remote session to Microsoft Lync Online DataCenter. In this session, tenant administrator can run Lync cmdlets to manage users, policies and configurations.

 

If this completes successfully, the variable $SFBOSession now holds a remote Powershell session to the SfBO tenant. Looking at the properties of this online session reveals the online server the remote session is established with:

$SFBOSession | select *

.

.

ComputerName           : admin0b.online.lync.com

 

NOTE: for SfB Hybrid Deployments

In SfB deployments that are hybrid, the DNS records used by remote PowerShell generally point on-premises, so you need to specify an –Override parameter to override the DNS name with the intial domain name of the Office 365 tenant (e.g. <domain>.onmicrosoft.com).

This issue is documented well here:  http://www.ucblog.co.uk/?p=25

 

Import the Remote Session into your Local PowerShell Session

Finally the Import-PSSession cmdlet will import the cmdlets, functions, aliases in the remote PowerShell session into the current local sessions so that we can work use them.

image

You’ll notice that this Import-PSSession cmdlet returns a temporary PowerShell module. This module holds the cmdlet’s that were imported from the remote session (it actually does not hold the cmdlet’s themselves but rather proxy definitions).

There are 2 important things to realize here:

1. The Skype for Business Online cmdlet’s are not defined in the Skype for Business Online PowerShell module. This means that the cmdlet’s made available could vary by tenant, and be changed by Microsoft without releasing a new PowerShell module (to install locally). The takeaway for IT organizations is that changes can (and do happen). It doesn’t happen often, and changes are usually well advertised in advance and are usually cmdlet additions; but there have been (and will be) changes to the online cmdlet’s. 

This temporary PowerShell module get be seen with the Get-Module cmdlet, and like the SfBO PowerShell Module itself is a script module, so we can see all the definitions of the cmdlets it makes available.  It is available in the C:\Users\<user>\AppData\Local\Temp\ directory.

2. All the online cmdlet definitions reside in this module.  You can see them by using the Get-Command cmdlet as follows:

Get-Command –Module “tmp_chdu42yi.nev”| Sort-Object Name

As of March 2017, there are about 178 cmdlet’s in an Office 365 E3 SfBO tenant with no Add-On plans.

 

More Information

Skype for Business Online, Windows PowerShell Module

Using Windows PowerShell to manage Skype for Business Online

UNABLE TO CONNECT TO SKYPE FOR BUSINESS ONLINE REMOTE POWERSHELL IN A HYBRID ENVIRONMENT

Diagnosing and resolving connection problems with Skype for Business Online

5 Tips to Improve Skype for Business Wi-Fi Performance

This article offers 5 tips to increase overall performance for Skype for Business (Sfb) over Wi-Fi at home or a Public Hotspot. These tips were created from my own experiences at home and using Wi-Fi in different circumstances. 

Delivering a good SfB Wi-Fi experience in the enterprise is a much larger topic with more infrastructure and configuration options and recommendations. A good start here is Microsoft’s Guide “Ensuring an Enterprise Class Wireless Skype for Business Experience” which provides end to end planning, best practices, and proactive maintenance and operations to deliver enterprise grade Wireless Skype for Business service.

Here are the 5 tips I will discuss:

  1. Make Sure the Gas Tank Isn’t Empty
  2. Use a Dedicated 5 GHz Wireless Band if Possible
  3. Try a Different Wi-Fi Channel
  4. Consider Implementing Quality of Service (QoS)
  5. Still Having Issues … Ditch the Wi-Fi

 

Tip 1 – Make Sure the Gas Tank Isn’t Empty

Diagnosing and resolving Wi-Fi issues can be really challenging.  Ensuring these basic pre-requisites are met will greatly increase the chances of success:

  1. Keep Skype for Business Clients Up To Date.  This sounds like advice your mother would give you, but it really can help – especially with the SfB mobile clients. Update an Windows desktop clients in use to the latest-and-greatest via Windows Update.
  2. Ensure there is Adequate Network Connectivity from the Wireless Access Point (WAP) / Router to the Internet!  I’ve lost track on the number of times I was trying to diagnose a Wi-Fi issue, and it the real problem was a temporarily internet outage on the Internet Service Provider (ISP). The Windows Network Troubleshooting tool will usually identity whether it is a problem with the Internet connection, or to be sure, test connectivity from a wired device (pointing your browser to http://fast.com is an easy and convenient method to test the connectivity and download speed).
  3. Ensure you have Adequate Bandwidth. Support for real-time communications that use real-time media such as audio, video, conferencing require, above all, a consistent and reliable network stream to work well. Bandwidth is not the same as ‘stability’ (i.e. low latency and jitter), but when bandwidth is congested, network reliability will suffer.  The more bandwidth, the better. One often overlooked bandwidth requirement is upload (or uplink) bandwidth. It is often overlooked because many ISP’s offer a fraction of upload speed compared to download speed. Microsoft’s recommends a consistent 1.5 Mbps of consistent uplink bandwidth to support real time communications. In my experience, I can have good quality audio, video, & conferencing Skype sessions with as little as 800 Kbps but your mileage may vary.
  4. Use a Good Quality Network Interface Card (NIC) and Wi-Fi Router.
    • Most Wireless NIC’s shipped with desktops and laptops in the last 3-4 years have an adequate NIC. However performance and stability differ between.
      • If Wi-Fi issues occur on multiple Wi-Fi networks (e.g. your neighbourhood coffee shop, work, and your friends Wi-Fi network), take a look at your NIC, and make sure it has the latest drivers installed.
      • Performance – newer cards supporting the 802.11n with multiple antenna support typically offer the best performance (Intel has a good article here explaining this Multiple-Input Multiple-Output technology).
    • For your Wireless Access Point (WAP) / Router, I highly recommend newer models that support dual-band (2.4 GHz and 5 GHz).  They are engineered to support many devices connected at once.  If you add up all the Wi-Fi enabled devices in your home, you will likely be very surprised at just home many there are.  Using a router which supports the new 802.11n and 802.11ac standards will generally give much more network throughput than the older 802.11a and 802.11g.
  5. Consider Bluetooth Device Interference.  In theory Bluetooth devices can interfere with Wi-Fi communications. I have a wireless mouse and keyboard and have not really noticed a difference, but this is something to consider if you have many Bluetooth devices.

 

Tip 2 – Use a Dedicated 5 GHz Wireless Band if Possible

Many routers are multi-purpose devices (acting as wireless access points (WAP) for a variety of devices, DHCP servers, and firewalls).  Worse, as a WAP, most run with one ‘network’ (SSID) that all devices (smart phones, tablets, TV’s, etc..) connect to. In this scenario, the real-time voice and video traffic Skype for Business uses is competing with, and prioritized the same as, the Netflix cartoon your children are watching and the firmware your Smart TV is doing … among other things.

If the router supports ‘dual band’, that means it can support essentially two separate wireless networks simultaneously on different Radio Frequency (RF) bands.  The two bands are 2.4 GHz and 5 GHz.

To help real-time applications perform well, it can make a big difference to dedicate one wireless network (SSID) to devices running real-time applications and move all the other devices to the other 2.4 GHz wireless band.

The 5 GHz band is preferred because it offers less interference with other consumer products such as cordless phones. The trade-off is the 5 GHz band usually has less range than the 2.4 GHz range. Your range however will depend greatly on the location of the router and the device connecting to it. Having a clear-line-of-site from the client to the WAP will increase the range.

What about wireless range extenders?

Many people consider adding a wireless range extender – especially if their work area typically does not have clear-line-of-sight to the WAP. Generally this will not help for real-time media because these extenders increase network latency and jitter. I have had good results with an extender that plug’s into a power wall socket and uses Ethernet over Power to get to the WAP / Router. Bottom line though, you are probably relocating your router, or investing in a better one with better antenna range.

What about adding a second dedicate router?

This might seem like overkill, but it seemed like a good idea to me!  With a growing number of Wi-Fi enabled devices in my house, I added a newer second Wi-Fi router capable of better handling simultaneous connections and the latest 802.11 standards to combat my intermittent poor voice performance and dropped connections – mostly on my laptop running Windows 10 and the Windows version of Skype for Business.  The result?  It did not help, and the performance actually got worse!

This is when I started to learn about 802.11 channel congestion… which is the perfect segue into the next Tip.

 

Tip 3 – Try a Different Wi-Fi Channel

After my unexpected two router results, I had learned about the “802.11 Channel 6 Congestion” issue, and made some simple changes that helped my Wi-Fi experience.

802.11 Router Basics

As perviously discussed many home routers operate on one or two bands or frequencies – 2.4 GHz and 5 GHz. Each band is further segmented into channels – 11 narrow radio frequency channels.  When devices communicate with the router, they use whatever channel is set on the router.  If many devices (a close neighbours WiFI devices, cordless phones, etc…) use the same channel, this will likely result in congestion in that frequency – and that means trouble for your WiFi.

Wi-Fi devices bought in North America ship with a default of Channel 6 – increasing the likelihood of congestion unless you change it.

802.11 signals are designed to partially overlap – the spectrum of one channel will overlap a bit with another channel, but the further away your channel is from what is being used around you, the better throughput and performance you will have.

If you are on channel 6, one simple change is to try channel 1 or 11 – these are far away from the de-facto channel 6 specturm. However many people have started to use 1 and 11, and some devices by default use this, so you should try a couple of different ones. The change is easy to make on your router (consult your router documentation).

Another approach which is more involved is to scan the wireless environment around you using a third-party or open source application. This will show you exactly how congested each of the channels are.

I settled on using channel 8 on a dedicated 5 GHz band and had much improved performance.

Some WAPs / routers support automatic channel selection (ACS) which will in-theory auto-select a new channel when it detects RF interference. In my experience, enabling ACS has not made a difference, and I question the impact on real-time media sessions while my router attempts to switch channels.  I prefer a dedicated static channel.

There are many third party Wi-Fi application (for Windows clients) which scan and analyze your Wi-Fi networks to show which channels are in use, and the interference levels. I’ll be updating this blog entry with some of them shortly.

 

Tip 4 – Consider Implementing Custom QoS

In a nutshell, Quality of Service (QoS), is a network tagging methods which allows certain types of traffic to me tagged and treated as priority on the network. In practice, real-time media requirements for more important applications (such as voice and video application like SfB) can be tagged a higher priority over entertainment applications such as NetFlix.

Implementing QoS on a home router is likely beyond the expertise of many users, but highly recommended for those who use Skype for Business a lot from home (e.g. home workers).  It will make your life better!  Watch for a future blog article on how to do this.

 

Tip 5 – Still Having Issues … Ditch the Wi-Fi

Getting to the root cause of Wi-Fi issues can be frustrating and time-consuming. If you are still experiencing issues, and rely on good consistent networking for your daily activities, another option is to ditch the Wi-Fi at home all-together!  This might seem inconvenient and sliding down the evolutionary technology chain, but new wired options such as Ethernet over Power adapters make it very easy to add wired capabilities to almost anywhere in your home. I’ve had very good experiences with NETGEAR Powerline products.

 

Got a Wi-Fi tip for Skype (or any voice and video application) you want to share?  Please do!

 

Resources & More Information

Easily check your Download Speed in any Browser with Fast.com (Powered By NetFlix)

Microsoft TechNet – Ensuring an Enterprise Class Wireless Skype for Business Experience

Microsoft TechNet – Planning for Optimal Skype for Business Experience over Wi-Fi

Microsoft Download – Delivering Lync 2013 Real-Time Communications over Wi-Fi

Microsoft TechNet – Plan network requirements for Skype for Business 2015

5 Tips & Reminders for End Users During a SIP Address Change

SIP address changes inside organizations are usually challenging – for the IT team making the change and the end users experiencing the change. For those unfamiliar with the SIP address change, it involves a change to either:

  1. The format of the left-hand side (e.g. user-id@domain.com changing to firstname.lastname@domain.com)
  2. The domain name on the right-hand side of the @ sign (e.g. user@domain.com changes to user@new_domain.com)

This blog entry contains key reminders to end users going through the SIP address change process.

The impact to end users will depend somewhat on the Lync or Skype for Business (SfB) deployment and the clients used.

In most environments however, end users need to take the following 5 actions to re-establish their Lync and SfB services:

  1. Change the sign-in address on all SfB clients; don’t forget any clients running on mobile and tablets. Sign-out, change the SIP address, and sign-in again. Older Lync clients will sign the user out after their SIP address is changed on the backend.
  2. Any scheduled Skype for Business meetings (e.g. scheduled through the Outlook “Skype for Business Online Meeting” option) need to be canceled and recreated.
  3. When searching the address book for the first 24 hours post SIP change, enter the contacts full new SIP address.
  4. Change the SIP sign-in address at the same time as the email address (if it’s changing at the same time). This will minimize problems with the SfB feature integration with Exchange such as free/busy integration.
  5. Notify external contacts of the new SIP address.  An external contact is any contact that either federated (in another Lync/SfB organization) or a Public IM contact (e.g. user@outlook.com).  This is by far one of the highest impact items for the end users since it can render communication with external contacts. Basically the user has two options in my experience:
    • Notify external contacts that their SIP address has changed, and that they need to add it as a new contact in their address books.
    • Re-add the external contacts after the SIP change. Re-adding the external contact generates a request to the external contact to have them add the user (and the new SIP address) to their contact list. If there are a lot of external contacts, fellow Office Servers and Services MVP Michael LaMontagne has developed a nifty PowerShell script that uses the Lync SDK to run on the Lync or SfB client that can export and import contacts. An advanced user, or IT administrator, can use this script to export the contacts, delete the external contacts in the client, and then re-import them after the SIP change.

Lastly, if weird issues arise on older Lync clients (e.g. Lync 2010/2013) and/or older client operating systems such as Windows 7, try rebooting the computer is a good first step.

More Information

Anatomy of a SIP Domain Change

Anatomy of a SIP Address Change – Part #2

Effects of Changing a User’s SIP Address in Lync Server 2013

Modify the SIP Address of an Enabled Lync Server User

Invoke-SFBContacts on the TechNet Gallery

Introducing Microsoft Teams

This blog post isn’t specifically about Skype for Business but rather a newly released Microsoft Office 365 Team Collaboration application that has many similar Skype for Business collaboration features, and integrates with Skype for Business Online.

What is Microsoft Teams?

A new Office 365 Team Collaboration Experience (e.g. new Office 365 application) based on chat-based workspaces that brings together people, conversations, content, and tools that teams commonly use to get their work done.

It is built on-top of Office 365 (O365 groups are the pillar) and has built-in integration with:

  • The Microsoft Office Suite (i.e. Word, Excel, etc..) for content creation/sharing/viewing/editing
  • OneNote for content collaboration and storing content
  • Skype/Skype for Business Online integration for instant messaging
  • PowerBI for data visualizations / dashboards
  • SharePoint Online for file-based collaboration
  • Yammer for activity
  • 3rd party collaboration systems including Twitter, GitHub, and popular internet intelligence BOTS 
    • 85 BOTS
    • 70 different connectors to other systems (seamless integration with Zendesk was demo’ed)
  • Delve and the Office 365 Graph for contextual and data relevancy & Intelligence
  • Microsoft Planner for task management

Microsoft Teams is integrated and powered with Azure AD identities which is great from a security and single-sign-on perspective.

It will be available in all O365 Business and Enterprise subscriptions (likely an add-on I assume).  Currently it is free with an Office 365 Business or Enterprise subscription (not Family or Consumer).


If you want to try it for yourself, it is available in as Preview in most existing Office 365 tenants. Sign into your Office 365 Administrator portal and navigate to Settings | Services & add-ins as shown here:



Tenant administrators can control what types of collaboration Microsoft Teams leverage in their tenant as shown here:

 

Once it is enabled, you can use it by either going to http://teams.microsoft.com, or by downloading the Team’s Desktop App (available at that URL).

Chat at the Core

Many successful collaboration tools such as Slack, have group chat at their core. Microsoft Teams are no different. It leverages chat capabilities to provide threaded, persistent, and private 1-on-1 chat capabilities.


A Team Hub which Brings Together Many Office 365 Services

As mentioned above, Microsoft Teams brings together several Office 365 collaboration services to provide teams with a customizable hub to collaborate.



You can see how easily Microsoft Teams brings together Conversations, Files, Notes, Task & Project Management and 3rd party integration (here Zendesk is being shown) in an easily accessible toolbar across the top.


The integration with OneNote should be a really powerful feature. It was demo’ed in the release webcast:


Here is what the new Conversations view looks like. Question – what other popular collaboration software uses the "channel" concept? :-)


When will it be Released?

It is available today as customer preview in 181 countries and 18 languages. GA will be in Q1 of 2017.

 

What is the Integration Story with Skype for Business?

When Microsoft Teams was first announced, I assumed all of the chat features was leveraging SfB Online under the covers. This appears to not be the case and it is using a different technology stack for both the chat and real-time communication features.  More on this later.

Currently a Microsoft Teams user can instant message a SfB Online user and see their Presence (although this currently seems unstable).

References

Introducing Microsoft Teams—the chat-based workspace in Office 365

Microsoft Office Dev Center – Developer Preview for Microsoft Team

TEAMS + SKYPE FOR BUSINESS – Excellent write-up on the SfB integration by Richard Brynteson

Microsoft just brought back the Bill Gates era with its new plan to take down Slack – great article on Gates involvement in Microsoft Teams

DNS Records in a Skype for Business Hybrid Deployment

The DNS records for a Skype for Business (SfB) on-premises deployment can be somewhat complex, but are well documented (see Microsoft TechNet – DNS requirements for Skype for Business).  While working on a recent hybrid Skype for Business (SfB) deployment, I realized there is a lot of confusion. This was a classic hybrid deployment – some SfB servers and users on-premises, and some in SfB Online sharing one DNS namespace. This article aims to clear up some of this confusion.

The unique question that comes up in hybrid is where should I point my DNS records for clients to logon?  On-premises or online?

The general golden rule in a SfB hybrid environment is:

All Skype for Business external DNS records should point to the on-premises infrastructure.

This is a bit hidden but documented here in this TechNet article Plan hybrid connectivity between Skype for Business Server and Skype for Business Online.

A source of this confusion usually happens when client logins do not work for Skype for Business Online (SfBO) users in a hybrid deployment. Several Microsoft sources citing SfB Online client login issues and that DNS records should point to Office 365:

NOTE – both of these resources are meant for pure Skype for Business Online deployments in Office 365, NOT for hybrid.

For hybrid deployment the client autodiscover login DNS records should point to the on-premises deployment.  The TechNet documentation is quite clear on this requirement “In a hybrid deployment that has an on-premises Lync Server deployment and Skype for Business Online, the DNS records for Lync Autodiscover must be pointed to the on-premises Lync server”.

When a Skype for Business Online user attempts to sign-in, the on-premises SfB server will go through a process of being redirected multiple times until they reach their final home server in the Skype for Business Online topology. This process is well documented in the bottom half of this Microsoft Support article: Users can’t sign in to Skype for Business Online in a hybrid deployment of Lync Server 2013.

For hybrid deployment, here is a convenient summary of the external DNS records and where they should point to on-premises:

(Note: this example uses the domain contoso.com)

DNS RECORD RECORD TYPE WHERE IT SHOULD RESOLVE TO PORT
sip.contoso.com A Public IP of Access Edge n/a
_sip._tls.contoso.com SRV External on-premises Access Edge Interface (sip.contoso.com) 443
_sipfederationtls._tcp.contoso.com SRV External on-premises Access Edge Interface (sip.contoso.com) 5061
webcon.contoso.com A Public IP of Access Edge n/a
av.contoso.com A Public IP of Access Edge n/a

But What about the CNAME records I read about Required for Office 365 Users?

Again, this is part of the confusion as this only applies to pure online deployments.  In this case, you will want the following two DNS records, but NOT FOR HYBRID:

> A DNS CNAME record for sip.contoso.com which points to sipdir.online.lync.com

> A DNS CNAME record for lyncdiscover.contoso.com which points to webdir.online.lync.com

For the internal DNS records, these are the same as the internal DNS records for a non-hybrid on-premises Skype for Business Deployment (which you can find here) so I won’t repeat them, but I will point out one exception:

> An DNS A record for sfedge.contoso.com which resolves to the IP address of the internal interface of Edge server

DNS and Using PowerShell with the Skype for Business Module in a Hybrid Environment

Now, to further confuse things, the Skype for Business Online PowerShell module relies on the DNS CNAME record for pure online deployments to connect with PowerShell. This record:

A DNS CNAME record for lyncdiscover.contoso.com which points to webdir.online.lync.com

Because this record is not used in a SfB / Lync hybrid deployment, the Remote PowerShell connection will fail.

This is well documented with the work around, here:

Lync administrators can’t connect to Skype for Business Online Remote PowerShell in a Lync hybrid environment

The work around is to use an OverrideDomain property on with the default domain for your Office 365 tenant (i.e. the *.onmicrosoft.com domain that was included with the tenant subscription).

This is also documented here: http://www.ucblog.co.uk/?p=25

Five Productivity Tips to get the most from Skype for Business

As a daily user of Skype for Business and someone who specializes in it, I often see other users struggle with some relatively common usage scenario’s in the client. This blog entry describes 5 productivity tips that will increase the productivity of Skype for Business users in specific situations.

1) Easily Start a Group Conversation from an Outlook Meeting

I frequently see the need for this and it is a real productivity booster. Many times users are participating in a meeting from their Outlook calendar which does not have a corresponding Skype for Business (SfB) meeting or conference.  Typically these meetings have a mix of internal and external participants with an external audio bridge, or other non-SfB conferencing solution.

Inevitably the needs arises during the meeting to collaborate – a group IM chat, a desktop share, or sharing a PowerPoint presentation.

A very effective way to instantly start collaborating with all meeting participants in Skype for Business is to:

  1. Open the Outlook Meeting
  2. Go to the Meeting tab
  3. If you are the meeting Organizer –select the Contact Attendees option (click on the icon), and select Reply All with an IM
  4. If you are a meeting Participant – select the Respond option (click on the icon), and select Reply All with an IM

This seldom used option instantly starts a Skype for Business group conversation with all Outlook meeting participants. All the people on the call can now chat, add audio, share their Desktop, or share a PowerPoint presentation. If an external participant (outside of the company hosting the SfB conference) does not have Skype for Business, you might have to send them the URL for the meeting and they can join via a web browser.

The screen shots which illustrate this capability are here:

If you are a Meeting Organizer

image

If you are a Meeting Participant

image 

2) Transfer a Call from a Mobile Client to your Desktop

Many times users want to know how to keep a call going when they are participating in a Skype for Business session on their mobile client (i.e. using the SfB client on an Windows Mobile / iPhone / Android device) after they have reached their desk.

In these scenarios the call can be transferred from the SfB Mobile client to the SfB Desktop client by doing the following:

  • While in a call on the SfB mobile client, select the “…” circle icon to bring up additional options
  • Select yourself in the SfB client mobile address book
  • Select “Transfer Call” and then “Skype for Business call
  • The call should now ring the SfB Desktop client where it can be answered and the mobile session can be disconnected

An example of the call transfer process is shown here:

Blog Entry Call Transfer

3) Change Devices During a Call

Having multiple audio and video devices is becoming the norm for most users.  Many times users will join into a SfB web conference with audio and video, and the client is using an different audio device then the one they want (e.g. a speakerphone instead of a USB headset).

Most users know of the “Select your Primary Device” shortcut setting in the bottom left-hand corner of the SfB client, but users often forget that this device selection feature can be used mid-call. So if you join a SfB session with a device you do not want to use, it can be changed on the fly. The client device shortcut is shown here:

image 

Note: when an incoming call is ringing the SfB client, the device cannot be changed; it must first be answered.

During a SfB voice call, the dial-pad contains an obvious Devices icon which allows users to easily switch devices as shown here:

image

4) Use Shortcut Keys for Common Tasks

Like most Microsoft client software solutions, the Skype for Business (SfB) client has several well document keyboard shortcuts. One of the best references is available here:

Keyboard shortcuts for Skype for Business
https://support.office.com/en-us/article/Keyboard-shortcuts-for-Skype-for-Business-74eda765-5631-4fc1-8aad-cc870115347a#__toc327975864

Keyboard shortcuts are most useful for frequently used actions, or features that require multiple clicks. Here is a list of my useful favourites that not many users know of:

Windows logo key+F4

Mute Yourself (On/Off).  Useful for quickly toggling your mute setting during a call.

Alt+Enter

With a Contact selected, use Alt+Enter to open the contact card.

Alt+M

Quickly start a new ad-hoc Meeting (i.e. “Meet Now”)

Ctrl+Shift+O

Pop-out the Gallery / Pop-in the Gallery during a web conference.

 

5) Use the Address Book instead of the Contact List

This is possibly the simplest tip, but one that alludes even experienced users of the Lync & SfB clients.

Users, including myself, get into a habit of adding people that you communicate with even when these are contacts not commonly used.

Few users are disciplined enough to categorize their contacts into Skype for Business Groups that meet their work habits, so the contact list ends up diluted with a lot of contacts – many of which are rarely used.  This is a typically a productivity drain because whether users realize it or not, they spend extra time sifting through their huge contact list trying to locate the people they communicate with most frequently.

A simple way to solve this is to make ample use of the built-in SfB Address Book, and save the Contact List only for contacts that you frequently communicate with (or need to know the Presence Status of).

This takes some getting used to – but after doing it for awhile the benefits of simply typing a name into the Address Book search bar will make you more productive.

Key Skype for Business Online Policy Settings

As I work more with enterprises adopting Skype for Business (SfB) Online in Office 365, many questions arise about setting user policies which govern which features which compliance, security, and resource usage.

There are many policies (about 12 that applicable to individual SfB Online users), and each type of policy can have many settings (52 for the Conferencing Policy for example), and it is difficult to know what settings are available, what the individual setting enables/disables, and which ones matter the most.

In my experience the 4 most commonly used SfB Online policies are:

  1. Conferencing
  2. External Access
  3. Client
  4. Voice

The importance of each policy type will depend on what features your SfB tenant is leveraging. The bulk of this article lists and explains the key policy settings for each policy type.

Before we get to that it is worth pointing out several significant differences between setting policies in SfB Online and the SfB Server 2015 on-premises equivalent:

  1. Skype for Business Server 2015 gives more granular policy control in the native management GUI’s (primarily the Management console); both in terms of policy features, and the ability to assign it a user. You will likely need to use the Skype for Business Online PowerShell module to manage policy settings if you are doing anything over-and-above the basics. See Using Windows PowerShell to manage Skype for Business Online for more information.
  2. Many default policy settings that apply to individual users derive from the SfB Online tenant settings. For example, if you enable Federation and Public IM (PIC) at the tenant level, all users in the SfB online tenant are assigned the “FederationAndPICDefault” policy under the covers. Any settings in a user level policy will override these default settings.
  3. There are differences in online policy scopes. SfB Online does not have the “Site” scope and primarily used the Global or Tag (per user) scope. This Microsoft TechNet article describes Identities, scopes, and tenants in Skype for Business Online.
  4. New Policies are not Created in Skype for Business Online. With SfB Server 2015 on-premises you can create custom policies to your hearts content (for most policy types). In Skype for Business online existing policies can be changes (with the associated Set cmdlet) but you cannot create new policies. See Managing policies in Skype for Business Online for more information.

Conferencing Policy

The Conferencing policy determines the features and capabilities that can be used in a Skype for Business conference.  It is important because it controls features that span legal & compliance (such as the ability to record the media used in a web conference), security (the ability for anonymous users to participant in a conference), and important management settings that affect the amount of bandwidth consumed during a conference.  The table below highlights the key Conference Policy settings I have used in the past.

Note: Unless otherwise noted, these settings apply to the user who organizes the conference  - the setting enables or disables a feature in conferences the organizing user creates.  However, the user can participate in other conferences where the same feature might be allowed or disallowed based on that conference organizers settings.

Setting Description Default Global Policy Value

AllowAnnotations

Controls whether or not participants are allowed to make on-screen annotations on any content shared, and whether or not whiteboarding is allowed.  Annotations are not archived along with other meeting content.

True
AllowAnonymousParticipantsInMeetings Controls whether anonymous users are allowed to participate in the meeting. If this setting is ‘False’, only AD authenticated users are allowed to attend the meeting True
AllowAnonymousUsersToDialOut Controls whether anonymous users (not authenticated with Active Directory) are allowed to join a conference using dial-out phoning. With dial-out phoning, the SfB conferencing server telephones the user; when the user answers the phone, he or she will be joined to the conference True

AllowConferenceRecording

Controls whether users are allowed to record the meeting (from the client). This setting applies to all users taking part in the conference. False
AllowExternalUserControl

Controls whether external users (either anonymous users or federated users) are allowed to take control of shared applications or desktops.

This setting is enforced at the per-user level for both conferences and peer-to-peer communication sessions, so some users in a session might be allowed to give up control of a shared application or desktop to an external user while other users might not be allowed to give up control

False
AllowExternalUsersToRecordMeeting Controls whether external users (either anonymous users or federated users) are allowed to record the meeting. This setting takes effect only if the AllowConferenceRecording property is set to True. False
AllowExternalUsersToSaveContent

Controls whether external users (that is, users not currently logged-on to your network) are allowed to save handouts, slides, and other meeting content

True
AllowNonEnterpriseVoiceUsersToDialOut Controls whether or users who have not been enabled for Enterprise Voice are allowed to join a conference using dial-out phoning. With dial-out phoning the conferencing server will dial the user via the telphone (PSTN); when the user answers the phone, he or she will be joined to the conference False
EnableAppDesktopSharing

Controls whether participants are allowed to share applications – including their desktop – in a meeting.  The values are either  1)
"Desktop" (users are allowed to share their entire desktop),  2) "SingleApplication"  (users are allowed to share a single application, or 3) "None"  (users are not allowed to share applications or their desktop)

Desktop
EnableDialInConferencing Controls whether users are able to join the meeting by dialing in with a public switched telephone network (PSTN) telephone True
EnableFileTransfer Controls whether file transfers to all the meeting participants are allowed during the meeting. True
EnableP2PRecording Enables users will be able to record peer-to-peer conferencing sessions. It is enforced at the per-user level so one user in a P2P communication session might be allowed to record it while the other user is not. False
MaxMeetingSize Controls the maximum number of people who are allowed to attend a meeting. After the maximum number of participants has been reached, anyone else who tries to join the meeting will be turned away with the notice that the meeting is full. 250

The full Conference Policy settings can be viewed in the ‘Parameters’ section in the Microsoft Technet article for the Set-CsConferencingPolicy cmdlet.

External Access Policy

External access policies have the fewest settings of any of the policies, but are important.  They are the main tool to control whether users can connect externally (outside of the corporate network), and whether the can communicate with users outside of the organization such as contacts in a partner organization running Skype for Business (federated contacts), and contacts in public consumer instant messaging systems.

The table below shows the settings in the External Access policy and the default values for the FederationAndPICDefault Policy which is the default policy in most SfB Online tenants, and when enabled at the tenant level, this policy gets assigned to all the users.

* Note: all the settings below are False in the Global policy.

Setting Description The FederationAndPICDefault Policy Value
EnableFederationAccess Controls whether the user is allowed to communicate with people who have SIP accounts with a federated organization True
EnableOutsideAccess Controls whether the user is allowed to connect to Skype for Business Server 2015 over the Internet (on an external network) True
EnablePublicCloudAccess Controls whether the user is allowed to communicate with people who have SIP accounts with a public Internet connectivity providers such as MSN True
EnablePublicCloudAudioVideoAccess Controls whether the user is allowed to conduct audio/video conversations with people who have SIP accounts with a public Internet connectivity providers. When set to False, audio and video options in Skype for Business Server 2015 will be disabled any time a user is communicating with a public Internet connectivity contact True
EnableXmppAccess Controls whether the user is allowed to communicate with users who have SIP accounts with a federated XMPP (Extensible Messaging and Presence Protocol) partner False

To view all the settings in the SfB External Access Policies, see the Parameters section in the Microsoft TechNet article for the Set-CsExternalAccessPolicy cmdlet.

 

Client Policy

Client policies are the main method to control the behaviour of the Skype for Business client such as whether a user photo is displayed, how the address book is accessed, and whether the presence state “Appear as Offline” is available to the user.

Here are some of the key policy settings:

Setting Description Default Global Policy Value
AddressBookAvailability

Controls how the client Address Book is used – either through the AB Web Query service and/or by downloading a copy of the Address Book (to the client). The Possible values are:

> WebSearchAndFileDownload
> WebSearchOnly,
> FileDownloadOnly

WebSearchOnly
AutoDiscoveryRetryInterval

This setting specifies the amount of time the Skype for Business client waits before trying again to connect to the server after a previous failed attempt. It can be set between 1 second and 60 minutes.

The value needs to be in the format "hours:minutes:seconds".  Eg. to set the interval to 15 minutes the value used for the AutoDiscoveryRetryInterval parameter would be "00:15:00"

<not set>
DisableEmailComparisonCheck Controls whether the Skype for Business client will attempt to verify that any currently running instance of Microsoft Outlook belongs to the same user running Skype for Business.  If set to True (to not check) the client will assume that the SfB client and Outlook are running under the same account and, in turn, and will include contact and calendar data from Outlook.

When set to False, the SfB client will use SMTP addresses to verify that Outlook and Skype for Business are running under the same account. If the SMTP addresses do not match, then contact and calendar data in Outlook will not be used in the SfB client

False
DisableEmoticons Controls whether users will be able to send or receive emoticons in their instant messages. If set to True, users will see the text equivalent of those emoticons. When set to False, users will be able to include emoticons in their instant messages, and to view emoticons in instant messages they receive True
DisableFreeBusyInfo Controls whether free/busy information is retrieved from Microsoft Outlook and displayed in the SfB client contact card. When set to False, free/busy information is displayed in the contact card for contacts in the SfB client False
DisableSavingIM Enables (or disables) the menu bar option to save an instant message session int the SfB client.When set to false, the options to Save an IM session are available in the Conversation window.

Note that setting this value to true removes the menu options that make it easy for users to save instant message transcripts. However, it does not prevent users from copying all the text in a transcript to the clipboard, pasting that text into another application, and then saving the transcript that way

False
DisplayPhoto Determines whether or not photos of both the user, and his or her contacts, will be displayed in the SfB client. Valid settings are:

> NoPhoto – Photos are not displayed in Skype for Business.

> PhotosFromADOnly – Only photos that have been published in AD

> AllPhotos – Either AD photos or custom photos can be displayed.

AllPhotos
EnableExchangeContactSync When set to True, Skype for Business creates a corresponding personal contact in Outlook for each person in the user’s Skype for Business Contacts list True
EnableExchangeDelegateSync When set to true, a user that has been configured with delegate access in Outlook will be allowed to schedule online Lync Calendar meetings for that user (this happens via Lync UCMAPI delegation, without the need of the Enterprise Voice feature) True
EnableIMAutoArchiving When set to true, a transcript of every instant message session that a user takes part in will be saved to the Conversation History folder in Outlook. When set to false, these transcripts will not be saved automatically.

Note: users will always have the option to manually save (copy & paste) instant message transcripts

True
EnableSkypeUI Allows administrators to enable the Skype for Business user interface instead of the Lync interface for the Skype for Business client. True
EnableEventLogging When set to true, detailed information about the Skype for Business client operations will be recorded in the Application event log lon the client. When set to false, only major events (such as the failure to connect to Skype for Business Server) are recorded in the event log False
EnableTracing When set to true, software tracing will be enabled in the Skype for Business client. Software tracing enables a very detailed log of all client operations (including API calls). It is mostly useful to developers and to application support personnel. False
TracingLevel

Enables Administrators to manage event tracing and logging in the Skype for Business client.

Possible values are:

> Off – Tracing is disabled and the user cannot change this setting.

> Light – Minimal tracing is performed, and the user cannot change this setting.

> Full – Verbose tracing is performed, and the user cannot change this setting.

  Light

To view all the settings in the SfB Client Policies, see the Parameters section in the Microsoft TechNet article for the Set-CsClientPolicy cmdlet.

Voice Policy

The Voice Policy is largely used to configure the PSTN calling voice features such as whether to allow call forwarding or whether to allow simultaneous ring for users. It is only applicable if the SfBO tenant is licensed and using Enterprise Voice (PSTN Calling), and the user has an appropriate Office 365 license (currently an E5 license). Note that SfB Online VoIP voice calls (e.g. SfB to SfB client audio) are not governed by this policy.

Setting

Description

AllowCallForwarding

If this parameter is set to True, users assigned to this policy can forward calls. If this parameter is set to False, calls cannot be forwarded.

AllowPSTNReRouting

When this parameter is set to True, calls made to internal numbers homed on another pool will be routed through the public switched telephone network (PSTN) when the pool or WAN is unavailable.

AllowSimulRing

Simultaneous ring is a feature that allows multiple phones to ring when a single number is dialed. Setting this parameter to True enables simultaneous ring. If this parameter is set to False, simultaneous ring cannot be configured for any user assigned to this policy.

CallForwardingSimulRingUsageType

Provides a way for administrators to manage call forwarding and simultaneous ringing. Allowed values are:

* VoicePolicyUsage – The default voice policy usage is used to manage call forwarding and simultaneous ringing on all calls. This is the default value.

* InternalOnly – Call forwarding and simultaneous ringing are limited to calls made from one Lync user to another.

* CustomUsage. A custom PSTN usage will be used to manage call forwarding and simultaneous ringing. This usage must be specified using the CustomCallForwardingSimulRingUsages parameter.

CustomCallForwardingSimulRingUsages

Custom PSTN usage used to manage call forwarding and simultaneous ringing.

EnableBusyOptions

Enables or disables Busy Options for the specified voice policy. Busy Options allows incoming calls to be routed to voice mail or rejected with a "busy" signal when the call’s target user is on the phone. Use the Set-BusyOptions cmdlet to set the option desired.

EnableCallPark

The Call Park application allows a call to be held, or parked, at a certain number within a range of numbers for later retrieval.

EnableCallTransfer

Determines whether calls can be transferred to another number.

EnableDelegation

Call delegation allows a user to answer calls for another user or make calls on the other user’s behalf. For example, a manager can set up call delegation so that all incoming calls ring both his or her phone and the phone of an administrator.

EnableMaliciousCallTracing

Malicious call tracing is a standard that is in place to trace calls that a user designates as malicious. These calls can be traced even if caller ID is blocked. The trace is available only to the proper authorities and not to the user.

EnableTeamCall

Team Call allows a user to designate a group of other users whose phones will ring when that user’s number is called. This feature is useful in teams where, for example, anyone from a team can answer incoming calls from customers.

EnableVoicemailEscapeTimer

When set to True, calls to an unanswered mobile device will be routed to the organization voicemail instead of the mobile device provider’s voicemail. If a call is answered "too soon" (that is, before the value configured for the PSTNVoicemailEscapeTimer property has elapsed) it will be assumed that the mobile device is not available and the call will be routed to the organization voicemail.

The default value is False.

PreventPSTNTollBypass

PSTN tolls are more commonly known as long-distance charges. Organizations can sometimes bypass these tolls by implementing a Voice over Internet Protocol (VoIP) solution that enables branch offices to connect via network calls. Setting this parameter to True will send calls through PSTN and incur charges rather than going through the network and bypassing the tolls.

PstnUsages

A list of PSTN usages available to this policy. The PSTN usage ties a voice policy to a phone route and determines whether a user is allowed to make a specific call to a destination number.

Keep in mind that if you use this parameter to remove all PSTN usages from the policy, users granted this policy will not be able to make outbound PSTN calls.

PSTNVoicemailEscapeTimer

Amount of time (in milliseconds) used to determine whether or not a call has been answered "too soon." If a response is received within this time interval Skype for Business Server 2015 will assume that the mobile device is not available and automatically switch the call to the organization’s voicemail. If no response is received before the time interval is reached then the call will be allowed to proceed.

The default value is 1500 milliseconds.

Tenant

Globally unique identifier (GUID) of the Skype for Business Online tenant account whose voice policy is to be modified. For example:

-Tenant "38aad667-af54-4397-aaa7-e94c79ec2308"

You can return the tenant ID for each of your tenants by running this command:

Get-CsTenant | Select-Object DisplayName, TenantID

 

Here are the default settings for voice policy used in a hybrid voice configuration:

Identity                            : Tag:HybridVoice
PstnUsages                          : {BVTest}
CustomCallForwardingSimulRingUsages : {}
Description                         : LYO Prod HybridVoice voice policy
AllowSimulRing                      : True
AllowCallForwarding                 : True
AllowPSTNReRouting                  : False
Name                                : HybridVoice
EnableDelegation                    : True
EnableTeamCall                      : True
EnableCallTransfer                  : True
EnableCallPark                      : False
EnableMaliciousCallTracing          : False
EnableBWPolicyOverride              : True
PreventPSTNTollBypass               : True
CallForwardingSimulRingUsageType    : VoicePolicyUsage
VoiceDeploymentMode                 : OnPremOnlineHybrid
EnableVoicemailEscapeTimer          : False
PSTNVoicemailEscapeTimer            : 4000
TenantAdminEnabled                  : False
BusinessVoiceEnabled                : False

To view all the settings in the SfB Online Voice policy, see the Parameters section in the Microsoft TechNet article for the Set-CsVoicePolicy cmdlet.  Note: many of the settings documents here apply to on-premises Skype for Business Server 2015 and not SfB Online.

One final note, while researching this article I discovered a recent Microsoft TechNet article by Thomas Binder and Jens Trier Rasmussen that has some useful information about managing SfB Online policies: Policies in Skype for Business online.