User Profile
Newlife
Brass Contributor
Joined 6 years ago
User Widgets
Recent Discussions
Permission management in SharePoint online
Hi Community, One of the customer is currently tying to create SharePoint site and would like to know how to assign permission to the different type of SharePoint sites. Let’s say for example, In SharePoint Admin when they select the option to create a new site the listed options are Team site or Communication site. If they select Team site it will create a new MS Team with a default document folder. If theyuse the sync tool to sync folders here and use the option to retain file and folder security in the migration tool it will migrate to the Documents folder as required with their AD security group assigned but any user who happens to be made an owner of the Team site by default will have access to all the folders and files migrated when in reality there may be files they are not to have access to. More worrying is the fact Team owners can delete a Team and with it all the files and folders uploaded to it. They’re aware that there is a third option for a SharePoint site which is more of a custom site and there is a template to create a Document Centre but they’re looking for an advise on best practice. If they are going to migrate their data to SharePoint what is the best way (option) for creating the initial SharePoint site to host the data. Any guidance would be of great help!TMO for on-premise windows client.
Hi Community, One of the customer has query that Microsoft recently announced this solution (Teams media optimization) for using Microsoft Teams on Windows Virtual desktop (WVD). This solution is comprised of the below installation/configuration on the RD Session Host: Teams WebSocket Service Teams version 1.3.00.21759 or higher The “IsWVDEnvironment” registry key Customer currently can validate if above works, by starting Teams, going to your icon -> About -> Version. It should show something like “WVD Media….. ” However, on the client-side the “Windows Desktop client” (WDC) is required. According to this documentation, this client is different from the Remote Desktop Connection client (mstsc). The WDC will ask you to connect to a Workspace URL; or login/subscribe through your e-mail address. It uses a URL like: https://rdweb.wvd.microsoft.com/api/arm/feeddiscovery Personal experience of the customer/ understanding on how it works: What customer has noticed is that – since Windows 10 1809 and Server 2016 – it’s possible to redirect the local video capture device to the Remote Desktop session (basically redirected the encoded video stream directly to the server, so it could forward the stream where needed). This solution – in contrast to the older USB RemoteFX – allows for the local video to be directly streamed to Teams (or “proxied” through the RD SH), with low latency. Other participants will see this video stream without latency on their local device (assuming they run Teams locally); since the ‘Upstream Video’. The video stream will show up at other participants that also use RD Session Host with a delay, because the stream is basically displayed ‘at the RD Session Host’ and then captured and send to the RD client (the ‘downstream video’). So it’s not the original stream that is directly transported back to the RD Client. Questions: From this experience, customer has a query that, What new redirect ‘video capture devices’ feature in the RD Client does with the upstream video; is what the Teams Media Optimization would do with the downstream video? In their case they have a client with an On-Prem Remote Desktop environment (comprising of a few RD Session Host, an RD Broker Server, RD Web and RD Gateway server). All based on Window Server 2019 (but they could test this on Server 2016 as well). This is basically a very similar setup as the WVD solution. Is it also possible to use Teams Media Optimization in an On-Prem environment? Either using the RDC in combination with the webfeed from RD Web; or future MSTSC software? Is it on the roadmap? Will the functionally only be available for WVD (and never become available for on On-Prem environment)? Any guidance would be of great help.ER provider migration
Hi Community, One of the customer has a setup thatthey’re using MPLS SD1 provider who is providing ER services to handle the workload. Goal is to migrate Express route provider from MPLS SD1 to some other provider and decommission the current one. Looking for the best way to keep a co-existence wherein we can have two ERs on the same Virtual Network Gateway during the migration. Questions: 1. Is it possible to easily keep and manage the routing between the two ERs? If not any other best practices? 2. Will there be any impacts/implications etc? Any guidance would be of great help. Many thanks in advance.Questions on availing db encryption key and licence limitation.
Hi Community, One of our customer has below queries. Customer is active in the Financial industry, very sensitive to data protection and access. Customer does have already D365 Marketing installed and would like to extend its usage but need to fulfill certain compliance requirements BYOK is a good, valid technical option but unfortunately they seem to be “too small” to be able to use it: https://docs.microsoft.com/en-us/power-platform/admin/manage-encryption-key They have users /potential licenses is more ~ the 100 than the 1’000 For this market, besides the big 2 major banks they would probably won’t be much opportunity for D365 Marketing with environment with more than 1’000 licenses. Customer would be a great reference to penetrate the Financial market with D365 Marketing. Requirements: They’re looking for an alternative technical solution to BYOK one as self-managed database encryption keys are only available for customer who has more than 1000 Power Apps plan or D365 plan. Question: Is there a way to consider the license level requirement for smaller markets? Any guidance would be of great help!SRV record conflict between on-prem SfB server and Teams
Hi Community, One of our customer currently has Teams tenant and the required DNS records in Public DNS. But there are some higher officials accounts requires on-prem SfB server for security reasons. Customer would like to enable SRV records in on-prem for automatic sign in, external sign in etc. They don't want to create hybrid deployment. The reason is we need create the SRV record, _sipfederationtls_tcp.contoso.com pointing to on-prem Access edge for external signin. Similarly we need to create the SRV record for online Teams signin pointing to sipfed.lync.online.com Questions: 1.Is there any conflict on SRV records required for on-prem external, automatic sign in and Teams users sign in ? (Because we don't have hybrid deployment but the domain is same for on-prem and online, but there is no hybrid, split domain, for example Contoso.com) 2. Will public DNS accept two similar entries (_sipfederationtls) one for on-prem and another one for Teams tenant? Any guidance would be of help. Many thanks!Single on-prem AD forest Exchange migration to Multiple Office 365 tenants
Hi Community, One of our customer has about 12 Exchange servers in single AD forest with 10,000 mailboxes. They've multiple organizations segregated by Organization Units (OUs), Let's Say they've the below forest, On-prem AD Exchange 2016 server Organizations are segregated by OU1, OU2, OU3 etc. They'd like to migrate OU1 to M365 tenant 1 and OU2 to M365 tenant 2 and OU3 to M365 Tenant 3. Question: 1. What is the best approach for this type of migration, having single AD forest and migrate the mailboxes from different OUs to different tenants? 2. Can we get this done with Hybrid or 3rd party migration? Any guidance would be of great help! Many thanks!Questions on SQL Server hybrid solution authentication with 2 domains via Azure Application Proxy /
Hi Community, One of our customer raised the below query: They've got Azure VM (running SQL 2019 Analysis Services) connected to Azure AD via Azure Domain Services. It is on DomainX.com domain. For Quest Users works well, when using B2B collaboration scenario in Azure service like PowerBI.com, They can share on-premise datasets with guest users and grant different level access as well in my local VM. https://docs.microsoft.com/en-us/power-bi/admin/service-admin-azure-ad-b2b Question: They need those same quest users to work with on-premise programs as well. For example quest.user@DomainY.com is defined in DomainX.com Azure AD and they've set permissions in SQL Server Analysis Services (in local VM) for that user. Now this same person quest.user@DomainY.com is logged into in his/hers personal computer in DomainY.com domain/network environment. They want local programs like Excel etc. to be able to connect to their VM and authenticate using the same quest accounts. Basically they need help setting up this. https://docs.microsoft.com/en-us/azure/active-directory/b2b/hybrid-cloud-to-on-premises Any pointers would be of great help! Many thanks!Questions on configuring MDM on Mac Devices.
Hi Community, One of our customer raised the below queries: 1. How do we ensure the kernel extension profile and settings are sent down to the device before the ATP app is deployed? https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/microsoft-endpoint-manager-simplifies-deployment-of-microsoft/ba-p/1322995 This guide (https://docs.microsoft.com/en-us/mem/intune/configuration/kernel-extensions-overview-macos) describes the process of creating a profile to add antivirus scanning to kernel extensions, however this (https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-using-system-extensions-instead-of-kernel-extensions/ba-p/1191413) also mentions that kernel extensions are being replaced with system extensions. 2. Is there a documented procedure to remove Defender ATP and the Intune company app from a MAC? Or Is there any demo to do the correct MAC deployment procedure? Any guidance would be of great help. Many thanks in advance!
