Microsoft Teams – Under the hood and membership administration.

Microsoft Teams is the latest application to be released on the Office 365 platform.  Teams is Microsoft’s answer to the latest generation of persistent chat products currently available on the market.  With further updates and expanded integration with other O365 products it could see considerable uptake.

I decided to take a look at what happens when a team is created to better understand the moving parts underneath the hood and if this could assist when administering individual teams such as modifying membership and owners.  If Teams become popular and begin to proliferate then finding a way to automate or simplify the administrative tasks involved would be beneficial.

Whilst no powershell module created specifically for Teams is currently available there are portions of the solution that can be administered by powershell such as Office 365 groups however I found this brings a mixed bag of results.

To be fair to Teams is a very new application and I wouldn’t hesitate to believe Microsoft will be focusing a lot of energy to deliver a compete solution to reach its full potential.

What happens when you create a team

When creating a team within Microsoft Teams using either the desktop app or web client a number of things occur behind the scenes

  • Office 365 Group is created.  Group members are granted access to the team and content.  Group owners have additional administrative rights.  By default Teams belong to private groups.
  • Sharepoint site created to host content

Microsoft Teams makes use of Office 365 groups as they grant access to resources and reference sharepoint for additional functionality such as shared workspace for conversations, files, and calendar events.

The first thing I did was to create a couple of groups.  Below you can see teams as seen from the desktop app, the related Office 365 groups, and sharepoint site.

Example Teams after cretion

When a team is created a corresponding Office 365 group is created

Some of the Office 365 group attributes utilised by Teams

Sharepoint site automatically created for a team

Modifying Teams using Powershell

Because Teams groups rely on Office 365 groups I decided to see if it was possible to add Team members via powershell using the following command

add-unifiedGroupLunks testteam2 –linkType Members –link

A few moments after adding the account to the Office 365 group Test Team 2 appreaed in the application.   
Test Team 2 is now available

The next step was to test removing members via powershell using the following command
Remove-UnifiedGroupLinks testteam2 -LinkType Members -Links 

The group then disappeared from Teams
Access to Test Team 2 has been removed

So far this looks to be a viable method of adding and removing team members.  However once an account has been removed from a teams corresponding Office 365 group using powershell there was an issue if the account was re-added.  Whilst the account is now a member of the Office 365 group the team would never show to the user within the application.

Account for Paul Maggs re-added to Office 365 group as a member

Team does not update to reflect this change

Re-adding accounts to the team was still possible when an owner granted access from the application.

Unlike re-adding accounts via powershell which was unsuccessful it was possible to continually remove accounts from an Office 365 group to revoke access.

Another scenario was adding team owners via powershell using the following command

Add-UnifiedGroupLinks testteam2 -LinkType Owners -Links 

Account for Paul Maggs now has owner rights

The same occurs if an account is re-added to the Office 365 group as an owner.  The account will display as an owner when querying the Office 365 group however will not have owner administrative rights available from within the application.

Paul Maggs account is listed as an Owner

Owner controls not granted in Teams web app when account added to Office 365 group using powershell.

It’s quite clear adding Team members and owners works best using either Teams web or desktop app.  There may be additional steps available to correctly assign permissions using powershell however I am unaware of them at this point in time.

A few other things I learn’t from this process  –

Team display names do not need to be unique and this is also reflected with Office 365 groups  –

Duplicate team names

Duplicate Office 365 Group name.  Note smtp address is unique

Even though the group names are the same a number of unique attributes exist.  Here’s an example of a few –

If you’re planning on deleting any Teams then I suggest you do so using the Teams web or desktop app and by doing so the deleted team is no longer viewable.  The office 365 group is also removed however the sharepoint site seems to remain.  I’m not overly familiar with Sharepoint so there could be additional tasks that need to occur.

Another thing that seemed rather strange was if a Teams Office 365 group is deleted then the Team is still remains in the Teams web or desktop app and I could continue to view and add to persistent chat however files and notes were no longer available.

Polycom Trio Introduction + Setup – Creating AD, Exchange, and Lync/Skype4B accounts

Polycom Trio registers to Lync/Skype4B and provides cost effective high quality audio and video conferencing.  A setup consists of a number of parts – Polycom Trio, Visual+, and Logitech camera.  A screen with HDMI connectivity is required to display video and content.  For best effect I’ve found the screen displaying video should be placed at the end of the table so remote participants will seem to be sitting in the room with you.

What do I like best about the Trio?

  • Integration with meetings hosted on Lync/Skype4B
  • Excellent video and audio quality
  • Lync/Skype4B client to control meeting and share content
  • Schedulding and join experience
  • Simplicity

As great as the device is I have noticied a few drawbacks

  • Issue where video does not display and device requires reboot
  • Unable to enable video when joining conference using dial in numbers
  • No gallery view causes some confusion if people are used to other Polycom end points

To function the device is registered to Lync or Skype4B pool utilising the following

  • Active Directory user account
  • Exchange mailbox to provide scheduling
  • Lync/Skype4B meeting room account

Depending on the environment there may be a need to configure

  • Conference policy
  • Enterprise voice dial plan and voice policy for PSTN connectivity.
  • To easily allow anyone to share content then configure your environment to allow anyone from your organisation to be a presenter. Otherwise a meeting organiser will be required to assign presenters during the meeting.

The following powershell commands create required accounts and apply configuration.

# Following commands require Exchange powershell add in
# Create AD Account and Exchange mailbox, calendar processing, and mail tips
New-Mailbox -Name 'Polycom Trio Room' -Alias 'polycomTrio' -OrganizationalUnit 'nomoredeskphone.local/Accounts' -UserPrincipalName 'polycomTrio@nomoredeskphone.local' -SamAccountName 'polycomTrio' -FirstName '' -Initials '' -LastName '' -Room

Set-CalendarProcessing -Identity PolycomTrio -AutomateProcessing AutoAccept -AddOrganizerToSubject $false -RemovePrivateProperty $false -DeleteSubject $false
Set-Mailbox -Identity polycomTrio@nomoredeskphone.local -MailTip "Polycom Trio Meeting Room"

# Following commands require Active Directory powershell add in
# Set meeting room account password & enable account
 Set-ADAccountPassword -Identity polycomTrio
 Enable-ADAccount -Identity polycomTrio

# Following commands require Lync powershell add in
# Enable meeting room account on Microsoft Lync
Enable-CsMeetingRoom -SipAddress "sip:polycomTrio@nomoredeskphone.local" -RegistrarPool fe01@nomoredeskphone.local -Identity PolycomTrio

# Enable for enterprise voice and assign E.164 phone number
set-csMeetingRoom polycomTrio -enterpriseVoiceEnabled $true
set-csMeetingRoom polycomTrio -lineURI "tel:+613XXXXXXXX;ext=XXXX"

# Assign enterprise voice dial plans and voice policies
grant-CsDialPlan -identity polycomTrio -policyName "Dial Plan - Australia - Victoria"
grant-csVoicePolicy -identity polycomTrio -policyName "Voice Policy - Australia - National Calls"

The next blog post shall describe how to get the Trio onto the network, signed in, additional calendar processing configuration, and scheduling and joining a video conference.