We recently added functionality to create custom policies in Skype for Business Online. This allows you to control more granularly what functions are available to end users and how the client behaves. For example, you could use custom policies to prevent users in certain a business unit from using File Transfer and creating Polls.
As you open Skype Admin tab in Office 365 portal, you can select specific options like Allow HD Video. However, you cannot create policies in traditional way. PowerShell reveals quite an extensive list of pre-existing policies described in our previous blogs: Policies, Policies, Policies–Online! and Policies in Skype for Business Online.
Like in ice-cream shop, to accommodate your taste, you want to pick your own set of flavors and mix them together. To adapt to specific organization scenarios, you may require your own set of policies. Policies become important for scenarios where, in certain countries by law, you are required to block VoIP functionality. Compliancy requirements for financial institutions may drive you to impose IM Archiving for certain user profiles or and leave them as optional for others. Labor requirements may require allowing users to appear offline even if they are signed to the system. Custom policies are currently available for:
We advise that you collect your business requirements and compare them to current options available in the portal, or pre-defined policies in place via remote PowerShell. Most customers will find them sufficient. This simplifies your day-to-day operations, where administrators use the Office 365 admin portal for core features. Custom policies are available only via remote PowerShell where less savvy admins may struggle.
While it is relatively easy to create policies with PowerShell (more details later in this article), it is important that you consider how to plan, deliver, and operate policies. You will not find any guidance on how to do it, but you should follow the core SOF principals to help you plan, deliver, and operate.
Now, you only have to learn and understand the new set of commands. They are similar, and the principal is similar across the commands.
New policy creates one, Set sets the setting, Remove removes the policy and you grant it to the end user. When you grant the policy, you specify the user as identity and policy with the name.
Once created, you cannot rename the policy name. Be aware, of Conferencing policies, as you cannot alter the following three settings: AllowIPAudio, AllowIPVideo and EnableDialInConferencing after initial definition during policy creation. This is by design to prevent administrative error of accidental functionality enablement in countries under VOIP blocking legislation.
Imagine a scenario where you are tasked to deploy a policy to all Contoso Bank users in Austria (AT). You can identify them by the Office and CountryOrRegionDisplayName fields. Users in scope are not allowed to do a File Transfer, P2PFileTransfer and prevent participants from using polls.
The second part of the cmndlet “Select Identity,EnableFileTransfer, EnableP2PFileTransfer,AllowPolls” renders the table with policy names and setting for the policy you are want, instead of generating a long list of all settings.
Next, you create a new conferencing policy. In this case, we will call it DisableFileTransferPolls.
We chose this name as it exactly describes what the policy will do. Run the following command:
New-CsConferencingPolicy -Identity “DisableFileTransferPolls” -EnableFileTransfer $False -EnableP2PFileTransfer $False
Remember, if you must set AllowIPAudio, AllowIPVideo and EnableDialInConferencing, do so during policy creation. Since this is not a requirement for our example, we do not need to set any of these values.
You just realize that you forgot to disable Polls. You update the policy by using Set command:
Set-CsConferencingPolicy -Identity “DisableFileTransferPolls” -AllowPolls $False
Now, it’s time to test the policy. First you apply it to the single end user:
Grant-CsConferencingPolicy -Identity zoran@contoso.com -policyname “DisableFileTransferPolls”
Allow 15-30 min for policy to apply. Remember, you must sign out and in for policy to apply. On your local machine check uccapi log file in Snooper. Search for “Meeting Policy”, check response and you would be able to locate settings you just set:
<property name="AllowPolls">false</property> <property name="AllowFileTransfer">false</property> <property name="EnableP2PFileTransfer">false</property>
$BankUsers = Get-CsOnlineUser -filter {(Office -eq "Contoso Bank") -and (CountryOrRegionDisplayName -eq "AT")}|Select UserPrincipalName,SipAddress
Assigning variables gives you flexibility to:· Obtain count by executing $BankUsers.count
· List all users in scope by typing $BankUsers
· Export list by executing $BankUsers|Export-CSV -Path .\BankUsers.csv in case you have to revert the changes
$BankUsers.SipAddress | Grant-CsConferencingPolicy -policyname “DisableFileTransferPolls”
The command below returns first 5 users with DisableFileTransferPolls policy applied (currently specifying tenant ID is required).
get-csonlineuser -filter { (Conferencingpolicy -eq "Tag:DisableFileTransferPolls") -and (TenantID -eq "xxxx-xxxx-xxx-xxxx-xxxx") } -Resultsize 5 |Select Alias,UserPrincipalName,SipAddress
Later you can follow the same principal to obtain list of users you missed (match users who do not have policy applied but are matching Office and Country)
$BankUsersMissed = get-csonlineuser -filter { (Conferencingpolicy -ne "Tag:DisableFileTransferPolls") -and (TenantID -eq "xxxx-xxxx-xxx-xxxx-xxxx") -and (Office -eq "Contoso Bank") -and (CountryOrRegionDisplayName -eq "AT")} |Select Alias,UserPrincipalName,SipAddressFor detailed set of commands, check the following blog Custom Policies for Skype for Business Online.
As we mentioned through the article, keep in mind the following:
Review options available in portal, review pre-defined policies before you decide to create custom ones.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.