Simplified port requirements for Skype for Business Online
Note: This article applies only to Office 365 Worldwide (including Government Community Cloud). For guidance on Office 365 operated by 21 Vianet, Office 365 Germany, Office 365 U.S. Government DoD or Office 365 U.S. Government GCC High click on the respective links. We are happy to announce that the 50,000-59,999 port range (UDP and TCP) is no longer a requirement for Skype for Business endpoints to communicate with Skype for Business Online. Earlier this year we talked about making simplification for network connectivity for Skype for Business Online (see blog article here) and we recently updated our guidance and removed the mentioned port range as a requirement: Office 365 URLs and IP address ranges So which ports are required for clients? All clients need to be able to directly connect to Skype for Business Online on the following destination ports: (the IP addresses and FQDNs can be found in the Office 365 URLs and IP address ranges) TCP 80, 443 UDP 3478, 3479, 3480, 3481 Optional: UDP/TCP 50,000-59,999 Is there a minimum client version required to benefit from the port changes? This change applies to all clients supported against Skype for Business Online. No clients are excluded and there are no specific minimum version required (although we always recommend to run the latest version). Why are these ports not required anymore? To answer this question, it is important to understand first how the 50,000-59,999 ports were used in the first place. (To understand all the details of their purpose, we recommend watching Troubleshoot media flows in Skype for Business across online, server and hybrid.) Let's have the following example: User A wants to call User B For the sake of the example, the direct connection between User A and User B is blocked (e.g. User and User B are at different branch offices behind firewalls), so the media traffic cannot go directly peer to peer and needs to flow via Skype for Business Online There are now the following possible media paths The 50,000-59,999 port range can be leveraged to include only a single Relay Server in the media path Without the 50,000-59,999 port range, the traffic needs to travel via two Relay Server. As you can see, closing the 50,000-59,999 port range will force the traffic to travel via an additional hop. While logic tells us that usually we want to avoid additional hops under all circumstances, the analysis on call quality data has shown us, that this additional hop does not significantly affect call quality - since both these Relay Servers are homed on the Microsoft Network, all traffic between the Relay Servers is sent over a highly reliable pipe designed for real-time communication. Our organization has these ports open, should we close them? Having the 50,000-59,999 port range open can still have (some) benefits when it comes to call setup times and under some circumstances on call quality. However in our data analysis and pilot deployments with some customers these differences did not show significance. If you have the ports open today, it makes sense to leave them open. What does this change for hybrid between Skype for Business Server and Skype for Business Online? This change only applies to users who are homed in Skype for Business Online. If you have an on-premises deployment of Skype for Business, the requirements for your Edge Server to communicate to Skype for Business Online remain unchanged (and also for any Federation scenarios including Skype for Business on-premises). The A/V Edge Server in your environment will need to be configured liked this. Please note that the Source Port is only relevant, if your firewall requires a source port to be specified (and a lot of firewalls do not require this setting): Source IP Destination IP Source Port Destination Port A/V Edge service interface Any UDP 3478 UDP 3478 A/V Edge service interface Any TCP 50,000-59,999 TCP 443 Any A/V Edge service interface Any UDP 3478 Any A/V Edge service interface Any TCP 443 Full requirements for Skype for Business Edge Server can be found here: Edge Server environmental requirements in Skype for Business Server 2015. Does this change anything for Cloud Connector Edition? No, the requirements for Cloud Connector Edition (see Plan for Skype for Business Cloud Connector Edition) remain unchanged. Call to Action Celebrate about the simplified port requirements Update any design templates you might have For future deployments, open only TCP 80, 443 and UDP 3478, 3479, 3480, 3481 per new guideline (and, optionally, 50,000-59,999 UDP and TCP) If you have any questions or comments, please let us know in the community This post is brought to you by Skype Academy. Visit Skype Academy for technical trainings and readiness around the Skype Operations Framework.Updated IP ranges and ports for Skype for Business Online
Note: We updated our port requirements. For more details see: Simplified port requirements for Skype for Business Online Updated IP ranges and ports for Skype for Business Online We heard from some of our customers recently, that the number of IP ranges and ports required for Skype for Business make it complex to configure firewalls. To address this feedback, Microsoft decided to perform several optimizations to simplify the requirements. Skype for Business Online has a significant infrastructure, so while we have started with these changes, it will take some time to be completed. We strongly recommend to open the IP subnets and ports today, to avoid any negative impact to connectivity. New IP ranges: We already started to move the Skype for Business infrastructure to new ranges. The ranges are required in addition to the existing ranges, so remember to open all IP ranges documented in Office 365 URLs and IP address ranges. New ports: While this might take a little bit more time than the new IP ranges, we will leverage the following ports for media traffic in addition to the existing ports: UDP 3479 UDP 3480 UDP 3481 Please note that the complete list of IP ranges and ports can be found at Office 365 URLs and IP address ranges.The changes to the IP and port ranges were added in August, but now is a great time to go back and review your firewall and other security devices to ensure they are being allowed as we move ahead with the deployment. Note: Though the plan is to move to these new smaller ranges, it’s possible due to the requirements for growth in the environment that the team may add new IP addresses outside of the current ranges before the consolidation is complete. Call to action: Verify that your firewall is configured for all IP ranges and ports as documented in Office 365 URLs and IP address ranges – and open them if you have not done it yet. If you are a partner, get sure to update your firewall design templates. Follow this blog and the Office 365 URLs and IP address ranges to learn when you must add new IP ranges or when you can close some of the ranges that are not required anymore. Use RSS feeds with Teams and Yammer RSS feed for this blog RSS feed for Office 365 URLs and IP address rangesMeeting Invite Updates (Windows client) - Formatting Dial-In String & Link to Join
Based on feedback we’ve heard from our customers, we’ve made a few updates to the Meeting Invites that are generated by the Skype for Business desktop client. In this blog post, we’ll focus on two new additions – the formatting of the dial-in string, and a link to join using the web app. Let’s take a look!
Skype for Business 2016 on Windows: Consultative Transfer
Based on feedback Microsoft received from customers, we are making user interface improvements to how calls can be transferred. Current Skype for Business Consultative Transfer behavior When screening calls, Assistants may often wish to consult with their executive before agreeing to transfer a call to them. Skype for Business enables this today by providing assistants with the ability to place an incoming call on hold, initiate a new call or chat with their boss to check on their availability, and either transfer the call or take a message. While past versions of Skype for Business provide all the tools necessary to accomplish this task, we’ve received customers feedback that the current process is cumbersome and inefficient – requiring assistants to juggle multiple call windows and dialogs to perform the task. New Skype for Business Call Transfer behavior With the introduction of Consultative Transfer, we address these concerns by providing a new, streamlined workflow for conferring with an executive before transferring a call. In our new model, assistants can click a new “Consult” button from the call window, choose who to consult with, perform a consultation and complete the transfer in a single window. Consultative Transfer workflow To initiate a consultative transfer, click the “consult” button from within the call window or under call controls depending if you are currently on a PSTN or Skype for Business call. A dialog will open, enabling you to search for the person you’d like to consult with. If the call was received on behalf of an executive, the executive’s name will be pre-selected. Once the person you would like to consult with is selected click on “Consult”. After you click on “Consult”, an IM window will automatically open, enabling the assistant to confer with the executive via Instant Message or initiate a voice call by clicking on the call button. When the assistant has concluded their consultation, they can complete the transfer with a single click of the blue transfer button in the upper right hand corner, or return to the original call to talk the caller by clicking on “Back to Call”. Consultative Transfer design When we designed consultative transfer, we wanted to be sensitive to the fact that different organizations have different protocols for handling calls. In the United States it’s not uncommon for assistants to consult with their executives over IM, while In Europe executives and assistants prefer to talk on the phone. To ensure that consultative transfer meets the needs of your organization we’ve provided settings enabling the organization to set how an initial consultation should occur – either over IM or by phone. It’s simple to configure and ensures that Skype for Business can meet your organization’s unique needs and cultural preferences. When will this feature be available? All dates are an estimate and subject to change. Depending on feedback we receive on new features, features might also change or not be released at all. Office 365 ProPlus Channel Insider Fast: Currently available Current Channel or First Release Deferred Channel: February 2017 Deferred Channel: June 2017 In order to see this consultative transfer feature users must be running a minimum Office 365 ProPlus build of 16.0.7766.2000 and later. For more information on how the update channels for Office 365 ProPlus work, please see the following page: https://technet.microsoft.com/en-us/library/mt455210.aspx I would encourage you to provide your feedback and submit questions in the Skype for Business Tech Community at the following address: https://techcommunity.microsoft.com/t5/Skype-for-Business/ct-p/SkypeForBusiness Customers using Skype for Business 2015 or Skype for Business 2016 (MSI) will not see any changes to their current notifications at this time.Modern Authentication for the Skype for Business Online Windows PowerShell Module
Modern Authentication is an authentication mechanism replacing NTLM or Kerberos and allows to enable scenarios like multi-factor authentication. In the past, you couldn’t leverage Modern Authentication if you wanted to connect as an administrator via remote PowerShell to manage Skype for Business Online. This meant that you had to use an administrator account that did not enforce Modern Authentication. For administrators to benefit from the additional security that Modern Authentication provides, we updated the Skype for Business Online Windows PowerShell Module. Note: You must have version 7.0.1045.0 or higher (link is at the end of this article). In addition, to use multi-factor authentication, you can no longer provide a PSCredential object to New-CsOnlineSession. New-CsOnlineSession will prompt for credentials without a PSCredential object, so you will always get a pop-up to provide your credentials. The credentials can be used for up to 8 hours, then you must re-authenticate after 8 hours. Examples of how to use the new connector with a modern authentication enabled tenant: New-CsOnlineSession user@domain.com Prompts credentials of the specified user, using multi-factor authentication enabled for that user. New-CsOnlineSession Prompts for admin UPN, then prompt for credentials for that user, using multi-factor authentication if enabled. New-CsOnlineSession <PSCredential> Not valid if multi-factor authentication is enabled for the user. Included so that existing scripts for admins using username and password only, will continue to work. Deployment considerations There are a few known issues we want to point out: Session expiration: Sessions expire after 8 hours. When they do, a pop-up asks you for credentials, but this but this pop-up will not accept any credential you can provide (as it is expecting an OAuth token). A way how to remove the existing session is: $SkypeSession = Get-PSSession Remove-PSSession $SkypeSession It is also important to keep the session expiration in mind if you plan to run scripts that might run longer than 8 hours. Installation on unpatched Windows Server 2012 R2: Installation of the Skype for Business Online Windows PowerShell Module might fail if you are running it on an unpatched Windows Server 2012 R2. The reason is that it is using an incompatible version of vcredist. We always recommend to keep all systems fully patched, this will also resolve this issue. Managing Cloud Connector Edition: A tenant global administrator account is required for Cloud Connector, to add or remove appliances, enable or disable automatic OS updates, and enable or disable automatic binary updates. While this account can be enabled for Modern Authentication it must not be enabled for multi-factor authentication - otherwise managing Cloud Connector Edition will fail. Call to action: Learn more about Modern Authentication our wiki: Skype for Business Online: Enable your tenant for modern authentication. Download the latest Skype for Business Online Windows PowerShell Module. Enable your tenant and the administrators for remote PowerShell. Questions or comments? Discuss with us in the SOF Community.Windows Server 2016 support for Skype for Business Server 2015
We are happy to announce that Skype for Business Server 2015 is supported to run on Windows Server 2016 - if you have the May 2017 update (aka CU5) for Skype for Business Server installed. Please refer to the following resources for more information: Our official support article: Supports to use Windows 2016 as the operating system in Skype for Business Server 2015 The Updated TechNet documentation: Operating systems for Skype for Business Server 2015 Our blog article on CU5: Announcing the release of Skype for Business Server Cumulative Update 5 Any questions or comments? Please let us know in our community! This post is brought to you by Skype Academy. Visit Skype Academy for technical trainings and readiness around the Skype Operations Framework.Call Analytics now in Open Preview
We are happy to share that we moved Call Analytics from "Public Preview" to "Open Preview". This means, while the feature still has preview state, there is no need to sign up for the program - all you need is to go to https://adminportal.services.skypeforbusiness.com/ and sign-in with your administrator account. Call Analytics allows you to look at quality indicators of individual calls. If you want to learn more about please refer to the following resources: Previous blog article: Introducing Call Analytics Official documentation Set up Skype for Business Call Analytics Use Call Analytics to troubleshoot poor Skype for Business call quality What's the difference between Call Analytics and Call Quality Dashboard?New Skype for Business 2016 on Windows Notifications look and feel!!
What is changing? Why is it changing? As part of the January Office 365 ProPlus update, we’ve updated the look and feel of the Skype for Business notifications for incoming calls and conversations. The purpose of these changes is to introduce a more modern look and feel for Skype for Business notifications, communicate key information about the incoming request (especially when you receive calls on behalf of someone), and make it easy to take quick action on incoming calls and requests. Below are screens of the new experience versus the old experience. In the following scenario, Alfred is configured as a delegate for Babek. The new notifications will make it much clearer, whom the caller Michell McNeil is trying to reach. The first set of screenshots shows how Alfred will get notified when Michell is calling him directly. In the following images you can see the old notification style on the left and the new notification style on the right. Now we can see what the notification looks like when Michell is calling Babek, and Alfred being Babeks delegate is getting the incoming call as well.” When will this feature be available? All dates are an estimate and subject to change. Depending on feedback we receive on new features, features might also change or not be released at all. Office 365 ProPlus Channel Insider Fast: Currently available Current Channel or First Release Deferred Channel: February 2017 Deferred Channel: June 2017 In order to see this notification change users must be running a minimum Office 365 ProPlus build of 16.0.7766.2000 and later For more information on how the update channels for Office 365 ProPlus work, please see the following page: https://technet.microsoft.com/en-us/library/mt455210.aspx I would encourage you to provide your feedback and submit questions in the Skype for Business Tech Community at the following address: https://techcommunity.microsoft.com/t5/Skype-for-Business/ct-p/SkypeForBusiness Customers using Skype for Business 2015 or Skype for Business 2016 (MSI) will not see any changes to their current notifications at this time.Training extravaganza: New training sessions about E5 workloads
Typically, we only publish trainings for the latest features. However, we partnered with the Office 365 Center of Excellence (CoE) of Microsoft Consulting Service, to create the following trainings to help all customers and partners leverage Skype for Business Online. Hybrid Configuration: http://aka.ms/sa-hybrid You already have Skype for Business and want to establish Hybrid to leverage the functionality of Skype for Business Online? Watch this training by CoE Architect Cedric Depaepe. Upgrading Server: http://aka.ms/sa-upg You are in an on-premises environment, but still run Lync Server 2010 or Lync Server 2013? CoE Architect Alan Maddison, teaches you how to upgrade to Skype for Business Server 2015. Meetings: http://aka.ms/sa-meet Meetings are an important part for every user of Skype for Business Online. Watch Alan Maddison's session to learn all about meetings. Skype Meeting Broadcast: http://aka.ms/sa-smb Want to broadcast up to 10,000 people? Skype Meeting Broadcast is there for you and CoE’s Architect Alessandro Pasero provides details about planning, deploying, and maintaining this functionality. Maintaining Health: http://aka.ms/sa-health Getting up and running is a good first step, but long-term user satisfaction requires a healthy environment. Watch CoE’s Architect Matt Soseman's training to understand what health means in the context of Skype for Business, and what tools you can leverage to measure and achieve it. Cloud PBX Introduction: http://aka.ms/sa-cloudpbx This session by Thomas Binder, Senior Program Manager on the Customer Experience and Deployment team, explains what Cloud PBX is and what features it provides. Cloud PBX with PSTN Calling: http://aka.ms/sa-pstn This session, also by Thomas Binder, addresses how to plan, deploy, and maintain Cloud PBX with PSTN calling. Cloud PBX with on premises PSTN connectivity via existing pool: http://aka.ms/sa-opch If you have already an existing pool, and want to use it to provide PSTN calling to Skype for Business Online users, watch this session, delivered by Thomas Binder. Cloud PBX with on premises PSTN calling via Cloud Connector Edition: http://aka.ms/sa-cce We released this session–a few months ago, which explains how to use Cloud Connector Edition (CCE) to integrate Skype for Business Online with an existing PSTN infrastructure. This training is delivered by BryanNyce, Principal Program Manager on the Customer Experience and Deployment team. Let us know what you think about our trainings in our Community. All feedback and questions are welcome! For more technical trainings, visit: Skype AcademySkype Room Systems v2 readiness training now available!
We’ve just published the latest Skype Academy training on Skype Room Systems v2. If you want to learn about what’s new with Skype Room Systems, how to plan for it, and how to deploy, check out the latest Skype Academy training delivered by Nick Smith (TEAMS), Principal Program Manager on the Microsoft Customer Experience and Deployment team. Skype Room Systems v2, formally known as ‘Project Rigel’, enables existing conference rooms with a projector or monitor to easily be turned into Skype for Business meeting rooms, making it a very cost-effective solution for conferencing. The new architecture of the Skype Room Systems v2 application, running on top of a Windows 10 machine, simplifies the management of Skype Room Systems v2 deployments by allowing IT to use existing tools and processes to keep devices up-to-date and secure. Watch the readiness presentation to learn more about the range of Skype Room Systems devices, when to deploy Skype Room Systems versus other Skype meeting devices, and planning and deployment considerations required for device availability. Resources: Training recording: http://aka.ms/sa-srsv2 Support information on Office.com for Using Skype Room Systems v2 Listen to Ilya Bukshteyn’s Microsoft Ignite presentation on Next Generation Skype Room Systems Watch Angela Donohue’s session: Skype for Business Video Broadcast: Episode 28 Logitech and Skype Room Systems Looking for more technical training? Please visit Skype Academy
