Home

Microsoft Ignite Live Blog - BRK4102 - Managing Teams Effectively

With Microsoft Teams recently recognized as "the fastest growing business app in Microsoft History", more attention has been focused on the management controls organizations can utilize to onboard users, stay compliant and secure, and manage the Teams workload day-to-day.

 

At Ignite 2018, Teams Senior Program Manager Isabella Lubin presented the current set of management tools available, detailed newly announced capabilities, and gave of glimpse of what is coming in the future in the session "BRK4102 - Managing Teams Effectively".

 

Having managed Teams since the early days of the Skype for Business Online PowerShell module cmdlets, it was very impressive seeing the progress and completeness of the Teams management experience at Ignite. This blog post recaps what is available today, some new announcements, and a quick overview of what to expect in the future for Microsoft Teams management.

 

Management Tools that Fit the Scenario

 

A significant takeaway I had at Ignite 2018 was gaining an appreciation for the power of Microsoft applications being tightly integrated into the "Microsoft 365" infrastructure. The Microsoft Teams client is a shinning example of this. It leverages Office 365 Groups, Exchange Online, SharePoint Online, and many other Office 365 services to provide the end-user with a powerful one-stop collaboration experience.

 

Similarly, the Teams management experience benefits from Teams running on the M365 Infrastructure.  As shown here, this infrastructure provides administration tools for managing the underlying pillars such as Office 365 Groups, the Microsoft Teams service itself, and Security and Compliance.

 

Teams Blog Pic 1.png

 

And Let's not Forget PowerShell!

 

Another huge benefit of a common infrastructure is the ability to use PowerShell for bulk administration and more advanced management needs in all the scenarios shown above. Isabelle demonstrated this by using the Azure AD PowerShell Preview module for Graph to set a naming policy on Office 365 Groups.  Teams will enforce any of the Office 365 group settings that are configured in the organization.  The Get-AzureADDirectorySettings cmdlet in the Azure AD preview module will show all of the configuration settings that can be used to manage the creation of the underlying Office 365 groups.

 

Likewise, administrators can use a remote PowerShell session to connect to Office 365 Security & Compliance Center and set retention and eDiscovery policies and apply them to manage the messages in Teams Channels and Chat.

 

A handy reference slide was presented during the session which detailed which management tool was available for the most common Teams management scenarios:

 

Teams Blog Pic (reference).JPG

 

Administrator Roles for Microsoft Teams

 

Four New Administrator Roles for Microsoft Teams

 

One the significant new Teams manageability announcements was the introduction of new administrator RBAC roles specifically for Teams.  There are four new roles:

 

  1. Teams Service Administrator
    • This role is the classic all-inclusive service admin role that has broad rights to administer the Teams workload (much like the equivalent in Exchange Online, and SharePoint Online).
    • Coming soon, users with this role will also be able to manage the underlying Office 365 Groups, including creating groups on behalf of users.
  2. Teams Communication Administrator
    • Can manage calling and meetings features
    • This role grants administrators access to configure and manage the calling and meetings features.
  3. Teams Communication Support Engineer
    • This role provides engineers in the organization access to the necessary tools and all the associated data to diagnose problems (e.g. like Call Analytics).
  4. Teams Communication Support Specialist
    • This role is similar to the 'Teams Communication Support Engineer' but is meant more for a telephony helpdesk persona who is tasked with handling first-line type support requests for calling issues.  Users with this role have access to a limited set of personally identifiable information (PII); information about the user whose call record was queried is visible, but not the information about any other participants in the session.

These roles can be viewed and set in the associated Azure AD (AAD) tenant portal.  For any AAD user, the new Teams administrator directory roles can be managed as shown here:

 

Teams Blog Pic 3.png

 

Leverage Those Existing Office 365 Administrator Roles!

 

The introduction of new Teams admin roles does not diminish the use of other existing Office 365 administrator roles.  As Isabella Lubin described in her session "How to Manage Teams Effectively", Teams is built-on and benefits from the Microsoft 365 infrastructure; other roles such as Compliance Administrator enable the appropriate administrator privileges for other Teams enterprise scenarios such as compliance, security, and eDiscovery in the other management portals.

 

The use of the new and existing roles will depend on size and needs of the Teams organization. Larger organizations typically require more granular administration roles for dedicated staff.

 

Policies and Configuration

 

As anyone who has managed Skype for Business Online or Exchange Online knows,  policies play an important role.  Teams is no different.  Policies are available to manage the user experience, feature availability, and capabilities of Teams both at the user level and organization level.

 

Teams borrows from the Skype for Business policy administration model.  Polices can be defined at an Organization and user level.  The effective policy is the most granular; which is the user level policy (if one is set).  This model allows for default organization-wide policies that govern Teams Meeting, Messaging, and Calling, and also per-user specific policies for groups and users where needed.

 

Here is a screen shot from the Teams & Skype for Business Admin Center showing the creation of an example Meeting Policy:

 

Teams Blog Pic 4.png

 

 Configuration settings typically do not follow this model.  Configuration settings such as whether to "Allow external apps in Teams" apply only at an organization level. Here is a sample screen shot of some Teams tenant configuration settings in the same Teams & SfB Admin Center:

 

Teams Blog Pic 5.png

 

 

New Polices to Manage Teams Application Permissions and Setup

 

Another new announcement was the future addition of two new application policies for Microsoft Teams:  App Permission Policies and App Setup Policies.  No date was given for their release but here is more information about each policy type.

 

  • App Permission Policies
      • This policy will allow organizations to manage what applications users have access to.
      • Applications will be classified as one of the following categories:
        • 1st party (Microsoft)
        • 3rd party
        • LOB Apps (Tenant Apps)
      • Administrators can set these restrictions for each type of application:
        • Allow all apps
        • Allow specific aps and block all users
        • Block specific apps and allow all others
        • Block all apps 
  • App Setup Policies
    • App Setup policies will govern how apps get pinned in the Teams client and show in the left navigation bar for users

 

The Staples of Management - Reporting & Troubleshooting

 

Managing any service requires tools for reporting and troubleshooting.  Teams is no different.  The real-time nature of communication features such as desktop sharing and calling amplify the need for troubleshooting tools which provide support engineers the ability to drill down into specific user and session level data to identify and resolve end-user issues. 

 

Troubleshooting

 

Starting with Microsoft Skype for Business Online, Microsoft introduced the Call Analytics and the Call Quality Dashboard (CQD).  Both tools are used to monitor call quality and gain specific information about the call quality experienced by users, and troubleshoot issues when there is a poor experience.  The Microsoft documentation on both tools provides an excellent description of what these tools do and how to use them:  Call Analytics and Call Quality Dashboard.  

 

  1. Call Analytics provides detailed, specific information about the call quality experienced by users.  A Microsoft Teams support engineer or helpdesk agent can investigate the device, network, connectivity, and other factors related to calls and other modalities like desktop sharing.  A great feature in the new Teams and SfB Admin Center is that the call analytics is directly accessible off of the "Call History" tab for any user - making it very easy to find a user through the new Search text box and drill-in to a particular users media session.  More information about the integrated Call Analytics can be found here:  https://docs.microsoft.com/en-us/MicrosoftTeams/difference-between-call-analytics-and-call-quality-d....
  2. The Call Quality Dashboard (CQD) provides aggregate call quality information for the entire Teams organization and gives insight into overall call quality trends and patterns.

 

During the Ignite session on managing Teams effectively, Isabella Lubin demonstrated how easy it is to drill into the Call Quality metrics of a specific user through the new User Search capabilities in the Teams Admin portal, and isolate a network issue causing quality issues.  Here is a sample screen shot of the latest integrated user call analytics from the Call History tab:

 

Teams Blog Pic 6.png

 

More detailed information about any given session including the media and networking statistics can be viewed my selecting any session as shown here:

 

Teams Blog Pic 7.png

 

Reporting

 

Reporting on Microsoft Teams usage plays a vital role in understanding end-user adoption, and resource usage.  Two basic reporting tools were highlighted at Ignite with a mention that more will be delivered in the future:

 

  1. Teams Usage Reporting in the M365 Admin Portal.  For years, basic summary usage reports for the major Office 365 workloads have been available directly in the Office 365 Admin Portal (not the M365 Admin Portal).  Teams usage is available and provides insight into the number of active users, channel and chat messages, over 7, 30, 60, and 90 days.  Administrators can drill-in and see these metrics per user, as well as last activity date, which helps identify active vs non-active users, and Teams resources that are no longer being used. Anne Michels has an excellent review of what Teams reporting is available in the Office 365 Admin Center in this TechCommunity blog post:  New usage reports for Microsoft Teams

 

  1. The Office 365 Adoption Content Pack.  For more in-depth analytics and user adoption data, the Microsoft Office 365 Adoption Content Pack leverages PowerBI and provides a very good perspective on Teams adoption versus the other Office 365 workloads. It does require some configuration and setup, but is well worth the investment to understand how Teams is being adopted, and can be customized to your organizations needs.

 

Microsoft will continue to evolve their reporting functionality, and organizations are encouraged to submit their reporting needs in the Microsoft Teams User Voice: https://microsoftteams.uservoice.com/forums/555103-public/suggestions/20168716-reporting-capabilitie....

 

 

Future Teams Management Additions

 

Attending several Microsoft Teams management sessions at Ignite, it was clear Microsoft is committed to providing a complete set of management tools to manage all aspects of Microsoft Teams - whether it be on-boarding, adoption, service quality, and day-to-day management.

 

Details of future plans were not discussed in details, but the following areas were identified as being a priority going forward:

 

  • Device Management
  • Change Management
  • Richer Security and Compliance
  • Better Reporting

 

Given the huge progress in Teams management capabilities over the past year,  the evolution will be exciting to watch.  Stay tuned!

 

 

 

 

 

 

1 Comment
New Contributor

It's a crying shame that group naming policy doesn't yet allow the use of extension attributes. Department names are generally far too long to be usable but a short code from an extension attribute would be the way to go.

 

There is a uservoice request for this here