Key Skype for Business Online Policy Settings

As I work more with enterprises adopting Skype for Business (SfB) Online in Office 365, many questions arise about setting user policies which govern which features which compliance, security, and resource usage.

There are many policies (about 12 that applicable to individual SfB Online users), and each type of policy can have many settings (52 for the Conferencing Policy for example), and it is difficult to know what settings are available, what the individual setting enables/disables, and which ones matter the most.

In my experience the 4 most commonly used SfB Online policies are:

  1. Conferencing
  2. External Access
  3. Client
  4. Voice

The importance of each policy type will depend on what features your SfB tenant is leveraging. The bulk of this article lists and explains the key policy settings for each policy type.

Before we get to that it is worth pointing out several significant differences between setting policies in SfB Online and the SfB Server 2015 on-premises equivalent:

  1. Skype for Business Server 2015 gives more granular policy control in the native management GUI’s (primarily the Management console); both in terms of policy features, and the ability to assign it a user. You will likely need to use the Skype for Business Online Powershell module to manage policy settings if you are doing anything over-and-above the basics. See Using Windows PowerShell to manage Skype for Business Online for more information.
  2. Many default policy settings that apply to individual users derive from the SfB Online tenant settings. For example, if you enable Federation and Public IM (PIC) at the tenant level, all users in the SfB online tenant are assigned the “FederationAndPICDefault” policy under the covers.
  3. Their Differences in Policy Scopes. SfB Online does not have the “Site” scope and primarily used the Global or Tag (per user) scope. This Microsoft TechNet article describes Identities, scopes, and tenants in Skype for Business Online.
  4. New Policies are not Created in Skype for Business Online. With SfB Server 2015 on-premises you can create custom policies to your hearts content (for most policy types). In Skype for Business online existing policies can be changes (with the associated Set cmdlet) but you cannot create new policies. See Managing policies in Skype for Business Online for more information.

Conferencing Policy

The Conferencing policy determines the features and capabilities that can be used in a Skype for Business conference.  It is important because it controls features that span legal & compliance (such as the ability to record the media used in a web conference), security (the ability for anonymous users to participant in a conference), and important management settings that affect the amount of bandwidth consumed during a conference.

The table below highlights the key Conference Policy settings I have used in the past. Unless otherwise noted, these settings apply to the user who organizes the conference  - the setting enables or disables a feature in conferences the organizing user creates.  However, the user can participate in other conferences where the same feature might be allowed or disallowed base on that conference organizers settings.

Note: unless otherwise noted, these settings apply to the user who organizes the conference  - the setting enables or disables a feature in conferences the organizing user creates.  However, the user can participate in other conferences where the same feature might be allowed or disallowed base on that conference organizers settings.

Setting Description Default Global Policy Value

AllowAnnotations

Controls whether or not participants are allowed to make on-screen annotations on any content shared, and whether or not whiteboarding is allowed.  Annotations are not archived along with other meeting content.

True
AllowAnonymousParticipantsInMeetings Controls whether anonymous users are allowed to participate in the meeting. If this setting is ‘False’, only AD authenticated users are allowed to attend the meeting True
AllowAnonymousUsersToDialOut Controls whether anonymous users (not authenticated with Active Directory) are allowed to join a conference using dial-out phoning. With dial-out phoning, the SfB conferencing server telephones the user; when the user answers the phone, he or she will be joined to the conference True

AllowConferenceRecording

Controls whether users are allowed to record the meeting (from the client). This setting applies to all users taking part in the conference. False
AllowExternalUserControl

Controls whether external users (either anonymous users or federated users) are allowed to take control of shared applications or desktops.

This setting is enforced at the per-user level for both conferences and peer-to-peer communication sessions, so some users in a session might be allowed to give up control of a shared application or desktop to an external user while other users might not be allowed to give up control

False
AllowExternalUsersToRecordMeeting Controls whether external users (either anonymous users or federated users) are allowed to record the meeting. This setting takes effect only if the AllowConferenceRecording property is set to True. False
AllowExternalUsersToSaveContent

Controls whether external users (that is, users not currently logged-on to your network) are allowed to save handouts, slides, and other meeting content

True
AllowNonEnterpriseVoiceUsersToDialOut Controls whether or users who have not been enabled for Enterprise Voice are allowed to join a conference using dial-out phoning. With dial-out phoning the conferencing server will dial the user via the telphone (PSTN); when the user answers the phone, he or she will be joined to the conference False
EnableAppDesktopSharing

Controls whether participants are allowed to share applications – including their desktop – in a meeting.  The values are either  1)
"Desktop" (users are allowed to share their entire desktop),  2) "SingleApplication"  (users are allowed to share a single application, or 3) "None"  (users are not allowed to share applications or their desktop)

Desktop
EnableDialInConferencing Controls whether users are able to join the meeting by dialing in with a public switched telephone network (PSTN) telephone True
EnableFileTransfer Controls whether file transfers to all the meeting participants are allowed during the meeting. True
EnableP2PRecording Enables users will be able to record peer-to-peer conferencing sessions. It is enforced at the per-user level so one user in a P2P communication session might be allowed to record it while the other user is not. False
MaxMeetingSize Controls the maximum number of people who are allowed to attend a meeting. After the maximum number of participants has been reached, anyone else who tries to join the meeting will be turned away with the notice that the meeting is full. 250

The full Conference Policy settings can be viewed in the ‘Parameters’ section in the Microsoft Technet article for the Set-CsConferencingPolicy cmdlet.

External Access Policy

External access policies have the fewest settings of any of the policies, but are important.  They are the main tool to control whether users can connect externally (outside of the corporate network), and whether the can communicate with users outside of the organization such as contacts in a partner organization running Skype for Business (federated contacts), and contacts in public consumer instant messaging systems.

Here are all of the settings in the External Access policy the default value for the FederationAndPICDefault Policy.  In my experience, this is the default policy in most SfB Online tenants, and when enabled at the tenant level, this policy gets assigned to all the users. * Note: all the settings below are False in the Global policy.

Setting Description The FederationAndPICDefault Policy Value
EnableFederationAccess Controls whether the user is allowed to communicate with people who have SIP accounts with a federated organization True
EnableOutsideAccess Controls whether the user is allowed to connect to Skype for Business Server 2015 over the Internet (on an external network) True
EnablePublicCloudAccess Controls whether the user is allowed to communicate with people who have SIP accounts with a public Internet connectivity providers such as MSN True
EnablePublicCloudAudioVideoAccess Controls whether the user is allowed to conduct audio/video conversations with people who have SIP accounts with a public Internet connectivity providers. When set to False, audio and video options in Skype for Business Server 2015 will be disabled any time a user is communicating with a public Internet connectivity contact True
EnableXmppAccess Controls whether the user is allowed to communicate with users who have SIP accounts with a federated XMPP (Extensible Messaging and Presence Protocol) partner False

 

Client Policy

Client policies are the main method to control the behaviour of the Skype for Business client such as whether a user photo is displayed, how the address book is accessed, and whether the presence state “Appear as Offline” is available to the user.

Here are some of the key policy settings:

Setting Description Default Global Policy Value
AddressBookAvailability

Controls how the client Address Book is used – either through the AB Web Query service and/or by downloading a copy of the Address Book (to the client). The Possible values are:

> WebSearchAndFileDownload
> WebSearchOnly,
> FileDownloadOnly

WebSearchOnly
AutoDiscoveryRetryInterval

This setting specifies the amount of time the Skype for Business client waits before trying again to connect to the server after a previous failed attempt. It can be set between 1 second and 60 minutes.

The value needs to be in the format "hours:minutes:seconds".  Eg. to set the interval to 15 minutes the value used for the AutoDiscoveryRetryInterval parameter would be "00:15:00"

<not set>
DisableEmailComparisonCheck Controls whether the Skype for Business client will attempt to verify that any currently running instance of Microsoft Outlook belongs to the same user running Skype for Business.  If set to True (to not check) the client will assume that the SfB client and Outlook are running under the same account and, in turn, and will include contact and calendar data from Outlook.

When set to False, the SfB client will use SMTP addresses to verify that Outlook and Skype for Business are running under the same account. If the SMTP addresses do not match, then contact and calendar data in Outlook will not be used in the SfB client

False
DisableEmoticons Controls whether users will be able to send or receive emoticons in their instant messages. If set to True, users will see the text equivalent of those emoticons. When set to False, users will be able to include emoticons in their instant messages, and to view emoticons in instant messages they receive True
DisableFreeBusyInfo Controls whether free/busy information is retrieved from Microsoft Outlook and displayed in the SfB client contact card. When set to False, free/busy information is displayed in the contact card for contacts in the SfB client False
DisableSavingIM Enables (or disables) the menu bar option to save an instant message session int the SfB client.When set to false, the options to Save an IM session are available in the Conversation window.

Note that setting this value to true removes the menu options that make it easy for users to save instant message transcripts. However, it does not prevent users from copying all the text in a transcript to the clipboard, pasting that text into another application, and then saving the transcript that way

False
DisplayPhoto Determines whether or not photos of both the user, and his or her contacts, will be displayed in the SfB client. Valid settings are:

> NoPhoto – Photos are not displayed in Skype for Business.

> PhotosFromADOnly – Only photos that have been published in AD

> AllPhotos – Either AD photos or custom photos can be displayed.

AllPhotos
EnableExchangeContactSync When set to True, Skype for Business creates a corresponding personal contact in Outlook for each person in the user’s Skype for Business Contacts list True
EnableExchangeDelegateSync When set to true, a user that has been configured with delegate access in Outlook will be allowed to schedule online Lync Calendar meetings for that user (this happens via Lync UCMAPI delegation, without the need of the Enterprise Voice feature) True
EnableIMAutoArchiving When set to true, a transcript of every instant message session that a user takes part in will be saved to the Conversation History folder in Outlook. When set to false, these transcripts will not be saved automatically.

Note: users will always have the option to manually save (copy & paste) instant message transcripts

True
EnableSkypeUI Allows administrators to enable the Skype for Business user interface instead of the Lync interface for the Skype for Business client. True
EnableEventLogging When set to true, detailed information about the Skype for Business client operations will be recorded in the Application event log lon the client. When set to false, only major events (such as the failure to connect to Skype for Business Server) are recorded in the event log False
EnableTracing When set to true, software tracing will be enabled in the Skype for Business client. Software tracing enables a very detailed log of all client operations (including API calls). It is mostly useful to developers and to application support personnel. False
TracingLevel

Enables Administrators to manage event tracing and logging in the Skype for Business client.

Possible values are:

> Off – Tracing is disabled and the user cannot change this setting.

> Light – Minimal tracing is performed, and the user cannot change this setting.

> Full – Verbose tracing is performed, and the user cannot change this setting.

  Light

To view all the settings in the SfB Client Policies, see the Parameters section in the Microsoft TechNet article for the Set-CsClientPolicy cmdlet.

Voice Policy

The Voice Policy is used to configure the PSTN calling voice experience for users, however it is only applicable if your tenant is using the PSTN calling feature set in SfB Online (which depends on the user licence). SfB Online VoIP voice calls are not governed by this policy.

The individual settings of this policy depend heavily on how the PSTN calling feature is deployed/configured, so rather than list all their values, this is the default settings for voice policy used in a hybrid voice configuration:

Identity                            : Tag:HybridVoice
PstnUsages                          : {BVTest}
CustomCallForwardingSimulRingUsages : {}
Description                         : LYO Prod HybridVoice voice policy
AllowSimulRing                      : True
AllowCallForwarding                 : True
AllowPSTNReRouting                  : False
Name                                : HybridVoice
EnableDelegation                    : True
EnableTeamCall                      : True
EnableCallTransfer                  : True
EnableCallPark                      : False
EnableMaliciousCallTracing          : False
EnableBWPolicyOverride              : True
PreventPSTNTollBypass               : True
CallForwardingSimulRingUsageType    : VoicePolicyUsage
VoiceDeploymentMode                 : OnPremOnlineHybrid
EnableVoicemailEscapeTimer          : False
PSTNVoicemailEscapeTimer            : 4000
TenantAdminEnabled                  : False
BusinessVoiceEnabled                : False

To view all the settings in the SfB Online Voice policy, see the Parameters section in the Microsoft TechNet article for the Set-CsVoicePolicy cmdlet.  Note: many of the settings documents here apply to on-premises Skype for Business Server 2015 and not SfB Online.

One final note, while researching this article I discovered a recent Microsoft TechNet article by Thomas Binder and Jens Trier Rasmussen that has some useful information about managing SfB Online policies: Policies in Skype for Business online.

Managing Skype for Business Online Administrator Rights

With an Office 365  Skype for Business Online (SfB Online) tenant that has several SfB Administrators, I frequently need to review who has Administrator access – that is – who has the ability to see, and change, SfB settings. This includes everything from SfB service settings, user settings, to permission changes. This blog entry explains the basics for Skype for Business Online administrator permissions and how to easily review them.

The Basics

SfB Online Administrator permissions leverage the default Office 365 Admin Roles and their associated Permissions in Office 365. Office 365 has predefined administrator roles, and each role has a set of permissions which allow the Office 365 user with that Admin role to do specific actions in SfB online (i.e. access to specific objects or configuration data).

The question then becomes, which Office 365 Admin Roles grant Skype for Business administrator access?

In the Office 365 Admin Center, these O365 admin roles have SfB admin permissions:

  1. Global administrator
  2. User management administrator
  3. Password administrator
  4. Skype for Business administrator

You can use either the Office 365 Admin Center or PowerShell (via the Skype for Business Online Connector module) to set these permissions.

Tips:

  1. One of the big surprises I learned is that all of the above o365 roles grant full access to Skype for Business Online!  In other words, there is no difference in administrative access between those roles; any user that has one of the those roles assigned has full administrative access to Skype for Business Online settings.
  2. Another key point is that those first 3 roles default O365 admin roles grant access to other parts of the O365 tenant, whereas the Skype for Business administrator role limits the administrator assigned to this role to read/write to SfB Online settings, and only read-only to the other Office 365 organization and user information.
  3. The above pre-defined Office 365 administrator role names in the O365 Admin Center differ slightly from the equivalent role names used when using PowerShell (more information on this later).

Using the Office 365 Admin Center

To view and set SfB Online Administrator permissions in the Office 365 portal roles navigate to “Users | Active Users” node (as of March 2016). This provides the ability to view which O365 users have been assigned predefined O365 Administrator roles.  The available views are shown here:

image

In this view, any O365 user that has been assigned either the “Global admins”,User management admins”, or “Password admins” roles will have SfB Online Administrator access.

To confuse matters, there is a “Skype for Business administrator” role, but it is not available in this view; however you can view whether a user has this role and assign or remove it by editing the individual O365 user and and selecting Roles as show here:

image

You can also see this by selecting “EDIT USER ROLES” in the the right-hand pane when you have selected a specific user.

As you can see, trying to answer the question “Who has SfB Administrator access” is cumbersome in the O365 Admin Center.  PowerShell to the rescue.

Using PowerShell

To administer SfB Online via PowerShell you use the Skype for Business Online Connector Module and establish a session to your corresponding O365 tenant. This process is described here: Connecting to Skype for Business Online by using Windows PowerShell.

In PowerShell, SfB Online admin access for a user equates to having one of these 4 roles assigned to their O365 user account:

  • Company Administrator” = the role name representing Global Administrators
  • Lync Service Administrator” = the role name representing Skype for Business Administrators
  • User Account Administrator” = the role name representing User Management
  • Helpdesk Administrator” = this corresponds to the O365 Admin center role “Password administrator”

If you frequently need to see who holds any of these Administrator roles, you are best to script it in PowerShell so that it is easily accessible.

Unfortunately there is no one cmdlet which lists all of the O365 admin roles assigned to a particular office 365 user, so we are going to have to enumerate the membership of the four O365 Admin roles that correspond to SfB administrative permissions.

I wrote a PowerShell script to do that here:

Import-Module MsOnline

Function Enumerate_SfBAdminRole
{
    [CmdletBinding()]
    PARAM
    (
            [Parameter(Mandatory = $true)]
            [String]$AdminRole
    )

    $o365AdminRole = Get-MsolRole -RoleName $AdminRole
    $o365Admins = Get-MsolRoleMember -RoleObjectId $o365AdminRole.ObjectId

    Write-Host ""
    Write-Host $AdminRole
    Write-Host "———————————————————————"

    $o365Admins | Select-Object DisplayName, EmailAddress, IsLicensed, RoleMemberType
}

$cred = Get-Credential

Connect-MsolService -Credential $cred

Enumerate_SfBAdminRole -AdminRole "Company Administrator"

Enumerate_SfBAdminRole -AdminRole "User Account Administrator"

Enumerate_SfBAdminRole -AdminRole “Lync Service Administrator”

Enumerate_SfBAdminRole -AdminRole “Helpdesk Administrator”

Demystifying a User Compliance setting in Skype for Business Online

I recently had to figure out a Skype for Business (SfB) Online user settings in the O365 Admin Center that was poorly understood – the user setting “For compliance, turn off non-archived features” as shown here:

image

The purpose of this setting is to allow Administrators to turn off SfB online communication features that cannot have the communication content captured by the in-place hold feature that is used with Exchange integration (the in-place hold is an Exchange feature configured in the Exchange admin center which allows archiving of communication to a special folder in the corresponding Exchange for compliance purposes).

This setting turns off the SfB features that cannot be subject to the in-place hold. Enterprises that are required to preserve digital communication can turn this setting on to ensure all SfB communication can be captured with the in-place holder features.

The SfB online features which are turned off are:

  • File transfer using instant messaging

  • Shared OneNote pages

  • PowerPoint annotations

SfB Online accomplishes this by setting the Conferencing Policy for the user to one that does that include the above features.

The default Conferencing Policy is BposSAllModality. After turning this setting on for a user, the Conferencing policy is set to BposSAllModalityNoFTnotice the “NoFT” in the name = “No File Transfer”.

We can see the exactly settings in each conferencing policy using these two cmdlet:

Get-CsConferencingPolicy -Identity BposSAllModality,

Get-CsConferencingPolicy -Identity BposSAllModalityNoFT

Here are the settings for the BposSAllModality:

  • AllowSharedNotes                              : True
  • EnableFileTransfer                              : True
  • EnableP2PFileTransfer                         : True
  • DisablePowerPointAnnotations              : False

Here are the settings for the BposSAllModalityNoFT:

  • AllowSharedNotes                              : False
  • EnableFileTransfer                              : False
  • EnableP2PFileTransfer                         : False
  • DisablePowerPointAnnotations              : True

 

Here is the SfB Online PowerShell cmdlet to change all users to use a specific policy (in this case the BposSAllModality policy):

Get-CsOnlineUser | Grant-CsConferencingPolicy -PolicyName BposSAllModality

Here is the SfB Online PowerShell cmdlet to set a specific user to have a policy (in this case the BposSAllModalityNoFT policy):

Grant-CsConferencingPolicy -identity curtisj@example.com -PolicyName bposSAllModalityNoFT

The New Skype for Business iOS App 101 & Key Tips

It’s been 2 weeks since Microsoft released the new Skype for Business iOS app (https://blogs.office.com/2015/10/14/skype-for-business-ios-app-now-available/). This article answers common questions, summarizes the important points you need to know, and includes some tips to get the most out of it.

Basics you Should Know

  1. This is a one-way upgrade from the Lync 2013 iOS application.  There is no going back.  It replaces the Lync 2013 app in the Apple Store. It will co-exist with the Lync 2010 app if it is on the device.
  2. The version works against Skype for Business Server 2015, Lync Server 2013, and Office 365 Skype for Business Online.
  3. The app requires iOS 8.1 or later and is 121 MB (iPhone app).
  4. The icon is called “Business” as shown below (not to be confused with the consumer “Skype” app):image
  5. The dial pad automatically adds a country code prefix to the number being dialled. This is determined by the regional setting on your device. You can manually use the backspace button to delete the prefix if need be.
  6. During the initial app setup you are asked to enter your Mobile Number. This is the number that will be used in the “Call via Work” scenario, or anytime that you to do make an outbound audio or video call by having the Skype4B server call you.
  7. If setting server-side client policies or need to identify this client in reports, the user agents are:
    • iPhone:  UCWA/6.0.0.0 iPhoneLync/6.0.1445.0000 – 6.0.1447.0000
    • iPad: UCWA/6.0.0.0 iPadLync/6.0.1445.0000 – 6.0.1447.0000
    • If you are running against a Lync 2013 Server is will be UCWA/5.0.0.0 instead of “6”.
    • 1445 was the original release;  1447 was released on Oct 22nd and addressed several bugs.
  8. There have been reports of the client crashing during the meeting join process. Make sure you upgrade to the latest release (6.0.1447 on Oct 22nd) if you are experiencing this.

Tips

Useful App Settings in the iOS Device Settings

I usually don’t venture into the device settings for applications. For the Skype for Business App there are some useful ones you should consider.

The Contacts settings controls whether contacts from you iOS device are shown in the Search Contacts results in the app. If this is settings is OFF, the contact search results will just contain results from the Global Address List (GAL).

I have been experimenting with the “Background App Refresh” and so far, having it on appears to have little affect on the batter – which is good.

image

Viewing a Contacts Profile

The profile of any contact can be viewed by just tapping on the contacts name as shown here:

image

Note : that you cannot access a participant’s Contact Card from the Participant List from the IM chat screen.

Saving Battery Life

With the older Lync iOS clients, signing out was a good idea to save battery life if the client was not going to be used for awhile.  This is anecdotal, but I am finding the new Skype for Business iOS app much more battery-friendly while staying signed-in.

Swipe Right & Swipe Left

One of the best pieces of functionality I have discovered is the ability to swipe Left and Right for recent activity under the “recent” group on the main search bar for locating contacts.

A swipe Right and you can immediately launch communication with the recent contact as shown here:image

A swipe Left and you can remove the entry from your recent listings as shown here: 

image

 

What’s Missing?

One of the most obvious pieces of functionality missing in this initial version (that was available in previous iOS versions) is sharing a PowerPoint presentation during a conference. Application and screen-sharing are still possible – you can share a ppt through screen-sharing.

A number of people have reported missing the ability to control Simultaneous Ring and to set Call Forwarding options.

Microsoft has detailed other pieces of functionality that are missing in this KB article: Some Lync 2013 for iPhone/iPad features are missing in Skype for Business for iOS (https://support.microsoft.com/en-us/kb/3102247).

 

Bugs

Meeting Join Crashes?

There were many reports of the app crashing on meeting joins in preview and the initial release. Since the latest release on Oct 22nd, I have personally not had any crashes on or during meeting joins.

The Ability to Make Calls to Skype Users

The new app offers the capability to communicate with anyone who uses Skype (consumer). The other users Skype ID is all the is required. In my experience this is buggy.  I did get it to work with one Skype consumer accounts but not another’s.  I think this speaks to the Lync/Skype4b and Skype consumer integration issues that have been present for a long time and is not related to the app.

 

Summary

The new iOS is a good, and a better experience than it’s predecessor – a noticeable improvement in UI usability and aesthetics. The in-call and in-meeting experiences are much improved over the Lync 2013 app and it is a well worth the few missing features and bugs which will be addressed in subsequent releases.

 

Links to More Information

Microsoft Skype for Business for iOS Productivity Guide (http://www.microsoft.com/en-us/download/49185)

- a step-by-step guide to installing and using the iOS guide

Some Lync 2013 for iPhone/iPad features are missing in Skype for Business for iOS (https://support.microsoft.com/en-us/kb/3102247)

Microsoft’s “Skype For Business” iOS App Now Available To All (http://techcrunch.com/2015/10/14/microsofts-skype-for-business-ios-app-now-available-to-all/)

Persistent Chat with Multiple Front-End Sites and Pools

A quick post about a misleading error you might experience in a Lync Server 2013 topology with one Persistent Chat Pool servicing multiple sites and front-end pools. Using one Persistent Chat (PS) pool for multiple sites or pools is a supported Topology configuration, but the errors outlined in this blog post are triggered after deploying Persistent Chat, or a new Lync Site using an existing PS Pool, and forgetting to set a Persistent Chat Site or Pool policy. I assume this experience is the same with Skype for Business Server, but I have not verified that.

Forgetting to set the Persistent Chat Policy can be tricky because to the end-user, the Persistent Chat functionality will show up as available in the client, but an erroneous error message will be shown that says “Your chat room access may be limited due to an outage” as shown in the screen shot below:

image

When a user attempt to enter a Persistent Chat room, they will receive this error:

image

From an Administrative point of view this can be easily overlooked because the bulk of the PS chat configuration is done in the Topology Builder. However, there is a group of PS Chat administrative settings in the Lync Control Panel (and also available through Lync cmdlets) that should be configured during your deployment.  Specifically pay attention to the “Persistent Chat Policy” tab on the Lync Control Panel. Users must be enabled for Persistent Chat either Globally or with specific policies for each site or pool. Many deployments do not enable Persistent Chat globally, so a PS Chat policy per site which PS Chat enabled is required.

image

Another aspect that can get overlooked by Administrators is that if the Persistent Chat policy set on Lync user accounts is set to “Automatic” – the default – Lync will use the most granular PS Chat policy that applies, which will be a Pool or Site specific policy (if one exists).  If this is the case and a Lync user account is moved from a site or pool with PS Chat enabled to a site or pool with no PS Chat policy defined, they will get the errors shown in the first two screen shots above.

Enabling Skype for Business Users to Join a Conference via “Call Me At”

A scenario I have come across several times and usually forget the answer to is:

What configuration does a Lync user require to be enabled for the ‘Call me at’ conference feature?  

In this post I will address that question and some common end-user challenges with using this feature.

If you are not familiar with it, the ability to join a conference using the “Call me at” option it is a powerful communication feature. In Microsoft Skype for Business (SfB) and Lync, it allows end-users joining a SfB conference call (i.e. participants) to join the audio portion of the call by having the SfB server call out to whatever number the user specifies. This could be their cell phone, desk phone, or any manually specified phone number – provided the user is enabled for it, and as the Enterprise Voice feature set has been deployed.

When the user launches a Skype meeting, they are presented with some options to join the audio portion of the meeting as shown below. This screen shot shows one of the first sources of confusion – the “Call me at” drop-down box of numbers appears blank:

image

I have yet to determine if this is a SfB system configuration but I have seen it in the field several times. If this holds true for you, the best solution is user awareness, and fortunately once they click on the “Call me at” option (radio button), they will see a choice of numbers as shown here:

image

Another challenge with this feature is that if the end-user is not configured on the back-end server (Lync Server 2013 used here), the end-user experience is confusing. Even though the SfB client will allow the user select this join method, it will produce a generic error as shown here:

image

If you are seeing this error, check to make sure the user is enabled in the Skype for Business (SfB) or Lync Server 2013 deployment. And what settings enable them to use this feature?

Two system settings can be used to enable this conference join option. This is an “either / or” situation.  If they are enabled for either of these settings, they will be able to join conference audio using the “Call me at:” feature:

  1. Enterprise Voice, or,
  2. Conference Policy Setting (“Allow participants not enabled for Enterprise Voice to dial out”)

For the Enterprise Voice setting, if the user is enabled for “Enterprise Voice” in the Telephony setting of their account, they will have this capability regardless of the Conferencing policy setting. The setting for Enterprise Voice is in the user account in the Lync/SfB Control Panel:

image

The Lync/SfB Server Conferencing Policy setting which will also give a user this capability is the “Allow participants not enabled for Enterprise Voice to dial out”. It is available in the Lync/SfB Conferencing Policy setting in the Administrative Control Panel as shown below.  Lync/SfB policies can apply at different levels (Global, Site, User) so ensure that whatever policy you enable this setting with, is the effective policy applied to the user accounts you want to enable this feature for.

image

Any SfB user with this Conference policy setting enabled will be able to join via the “Call me at” option even if they are NOT enabled for enterprise voice.

The only other question around this feature is usually from Administrators who want to know how to control which numbers the end-user is given as choices. This is controlled by the same number options that show up in the Lync/SfB address book.

Happy Skyping,

Skype for Business Mobile Client Preview Release

Details of the Skype for Business mobile client were announced today, along with an associated preview program here: https://blogs.office.com/2015/08/11/announcing-the-technical-preview-of-skype-for-business-apps-for-ios-and-android/. Both Skype for Business online and on-premises (Lync and Skype) can sign-up for the preview program if the mobile features are deployed today. To participate, either an IT administrator or tenant administrator nominates 4 of their end-users here: https://www.skypepreview.com/.

Each participate is identified by name with their device type and OS version, and individual instructions are sent to them to participate.

In addition to the details in the Microsoft Office blog post, are are some details to clarify common questions:

  1. The Skype for Business mobile client replaces (upgrades) the Lync 2013 mobile app on iOS and Android when the end-user upgrades the app from the store.
  2. The Skype for Business mobile client replaces will GA later this fall.  It will be a one-way upgrade – no rolling back.
  3. The Skype for Business mobile client will work against a Lync 2013 Server, but not a Lync 2010 Server.
  4. The Lync 2010 mobile client will be a separate mobile client and will be kept and maintained separately.
  5. Windows Phone users can already download the Skype for Business Windows Phone App here: https://www.microsoft.com/en-us/store/apps/skype-for-business/9wzdncrfjbb2.

The new mobile client follows the same new streamlined UI and workflow theme of the thick client.  Looking forward to giving it a whirl!

Skype for Business News

In case you missed it, on the eve of Microsoft Ignite, the Skype for Business Server 2015 build has been officially released – the RTM version is available for download on MSDN (thanks to fellow MVP Jeff Schertz for alerting me to this):

image

The download is 1.4 GB. Just a reminder, it is an in-place upgrade from Lync Server 2013 with no additional hardware requirements.

The TechNet documentation was released a couple of days ago and is available here: https://technet.microsoft.com/en-us/library/gg398616.aspx.

Fellow MVP Matt Landis has already done a nice job on a Step by Step Skype for Business Server 2015 In Place Upgrade blog post.

And lastly, Microsoft has already updated the Key Health Indicators for the new Skype release – available here: Key Health Indicators for Lync Server 2013 and Skype for Business Server 2015.

The Skype for Business Client UI Controller Script

As you are probably aware, Microsoft rolled-out the new Skype for Business client as an Office 2013 in the form of 2 update for the Lync 2013 client (KB2889853 and KB2889923). Just apply the latest Office Professional Plus 2013 updates, and you will get the Skype for Business client update.

Most of you are aware that the UI can either run as the Lync 2013 look-and-feel, or the new Skype for Business look-and-fell (if you are not familiar with it, do a quick search, or visit one of the many good write-up’s like fellow Lync MVP Tom Arbuthnot’s write-up here: Important Changes coming to the Lync 2013 Client UI/UX in the April 2015 Client Patch). In a nutshell, the type of UI ‘skin’ that is used depends on a combination of backend server version, optional server-side client policy, and a registry key.

I ended up writing a quick script to flip the registry value so I could switch back-and-forth for various reasons (testing, helping users). I used this script enough myself that I thought the community would benefit from it.

The purpose of the SFB client registry key is primarily for the first run of the SFB client – i.e. controlling whether the Lync or SFB UI is displayed – until the client policy governs the behavior after the first run.  However, if no policy is set and Lync Server 2010/2013 is being used on-premises, you can use this script to keep reverting back to the Skype for Business Client if it is desired – until a policy is set.

I put the script in an HTML file and use embedded Javascript running under the Windows Host Script to flip the registry value so anyone can quickly make this change if they desire.  You can access the script here:

http://www.insidelync.com/Tools/SkypeUIController.html

Specifically the script will do the following.

  1. It checks to see if the Skype for Business UI registry value exists (e.g. “HKCU\Software\Microsoft\Office\Lync\EnableSkypeUI”).
  2. If it does NOT exist, it creates it with a default value of “1” – which is the binary value for enabling the Skype for Business client UI experience.
  3. If the registry value DOES exist, it changes the value to be the alternate UI.  For example:
    • If the value is set to use the Lync UI (i.e. “00 00 00 00”), it will change the value to Enable the Skype for Business UI by setting the registry value to “01 00 00 00”.
    • If the value is set to use the Skype for Business UI (i.e “01 00 00 00”), it will change the value to Enable the Lync UI by setting the registry value to “00 00 00 00”.

You need access to your registry for this script to work.

Caveat: I hesitated releasing this little script because it does modify the registry on a Windows host/client. I will include the standard ‘registry modification’ disclaimer with this:

Warning: this script modifies the Windows registry (if the current logged on user has permission to do so). If you are not familiar with editing the registry, or are not sure, do not attempt to run it.

I take no responsible for any issues this may cause. Having said all of that, it is tested and I cannot see any harm that it could cause!

Enough warnings, hope it helps.

The Skype for Business Client–What you Need to Know

The past few weeks have been a flurry of activity on the Skype for Business front. If you’ve been busy like me, this post will tell you just what you need to know, clear up some confusion, and get you started with the new Skype for Business client.

A Technical Preview of the new Skype for Business Client is Available

The most significant news is that a Technical Preview of the next release of the Lync client was made available. The new version is rebranded as the Skype for Business (“SfB”) client.  Here is what you need to know:

  • This is the Lync client under the covers, but it is available with a new optional UI skin that looks like the Skype Consumer client.
  • When it is officially released in April, the SfB client will be distributed via a Windows Update (a Cumulative Update in Office 2013).
  • When it is released, it is not known yet what the default UI skin will be (the new Skype look, or the Lync look).  There are registry key entries and a Lync server side setting that can control which UI is displayed.
  • Because it is the Lync client under the covers, it has the look and feel of the Skype consumer client but the security and management controls of the Lync client.
  • This Microsoft Office Support Article has some good links to get your users up and running with the SfB Preview Client – Skype for Business change management and adoption.
  • Do not confuse this release with the Skype for Business client experience in the Office 2016 Preview – which is a longer leading initiative that will not be released until the second half 2015.

Details of the Technical Preview

  • Download for North America: http://www.microsoft.com/en-us/evalcenter/evaluate-skype-for-business
  • Outside of North America: https://technet.microsoft.com/en-gb/evalcenter/dn917485
  • Noteworthy:
    • You’ll need to sign-in with a Microsoft Account
    • There is a 64 and 32-bit download – I recommend using the one that matches your Office Version
    • It is an update to the Lync 2013 client MSI.
    • It is a 270 Mb trial which expires May 1, 2015
    • I’ve had troubles downloading this in non-IE browsers (“HTTP Error 400. The size of the request headers is too long”). IE seems to work.
  • FAQ:
    • Can I run the Skype for Business Technical Preview with Office 2010?   Yes.
    • Can I run the Skype for Business Technical Preview with Microsoft Lync Server 2010?  Yes.
    • Can I run the Lync 2013 Client side-by-side with the SfB Client?   No – the SfB client is an upgrade to your existing Lync 2013 client (replaces it)

The new Skype for Business Client, Server, and Online service will be Generally Available in April.

  • This is essentially the release date for Skype for Business that we have been waiting for – not far off!

Office 2016 is available in preview is Available

  • Microsoft recently announced the Office 2016 IT Pro and Developer Preview.
  • Among other things, this preview contains a release of the Skype for Business experience that is different from the Skype for Business client being released in April and in Technical Preview today. It will not be released until the second half of 2015 as part of the next version of Office for Windows desktop.

More Information

There is a lot of information available on what the new SfB client UI looks like, changes in functionality from the current Lync client, and how to change the UI look-and-feel between Skype-mode and Lync-mode: