1.0 Teams - Manage Teams Collaboration

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Dynamics Group in Team | Use Cases

* A hospital can create distinct teams for nurses, doctors, and surgeons to broadcast communications. This is especially important if the hospital relies on temp employees. * A university can create a team for all faculty within a particular college, including an adjunct faculty that changes frequently. * An airline wants to create a team for each flight (like a Tuesday afternoon non-stop from Chicago to Atlanta) and have a frequently changing flight crew automatically assigned or removed as needed. License requirement > Azure AD Premium P1 licenses and team membership can be assigned by a tenant admin to any user's Azure AD properties provided you have a tenant and an admin account. P1 licenses are not required for each user as such.. However, you need at least the number of P1 licenses equivalent to the total number of uses in the Dynamic Group (when populated)

Private Channel Characteristics

* Each team can have a maximum of 30 private channels and * each private channel can have a maximum of 250 members. * The 30 private channel limit is in addition to the 200 standard channel limit per team. * Private channels can't be converted to standard channels and vice versa.

Microsoft Graph is

.. the gateway to data and intelligence in Microsoft 365. Graph provides a unified programmability model that you can use to access the tremendous amount of data in Microsoft 365, Windows 10, and Enterprise Mobility + Security. Graph is built on a REST-based API that allows access to Teams and other Microsoft 365 services.

Enable / Disable labels in PowerShell (for containers)

1. $setting["EnableMIPLabels"] = "False" (enable/disable sensitivity label support) 2. Execute-AzureAdLabelSync (to ensure the sensitivity labels can be used with M365 groups) Sensitivity Labels is an Azure AD functionality

Best practice | Org Wide Teams

1. Allow only team owners to post to the General Channel (assuming, use of General channel is clearly defined) 2. Restrict @mention 3. Show 'favourite' channels 4. Setup moderation 5. Remove 'unwanted' accounts using Teams ! Using the Admin Center or an Outlook group might result in the account being added automatically again.

Use Cases | Moderations

1. Annoucement Channel (org or team level) 2.

For a full Teams experience, every user should be enabled for ..

1. Exchange Online 2. Sharepoint Online 3. Onedrive for Business 4. M365 Group Creation. >> check what are the limitations if above rights are not available << e.g.. stand-alone Teams

3 Types of Teams

1. Public Teams - available for all users in your organization to join. Public teams are visible to everyone in the teams gallery, and users can join a public team without having to get approval from the team owner 2. Discoverable private teams can only be joined when the team owner adds users to them. When you make a private team discoverable, the team is included in the list of suggested teams and search results in the teams gallery and the user can request to join. 3. Non-discoverable private teams can only be joined when the team owner adds users to them. When you make a private team not discoverable, it's hidden from the list of suggested teams and removed from search results in the teams gallery. >> this is still in preview To enable the feature in PS Set-Team -GroupId 0abc123d-e4f5-67gh-i890-jk1m2n345o6p -ShowInTeamsSearchAndSuggestions $true

Large Teams | Best Practice

1. Restrict Channel creation/modification - to avoid channel sprawl 2. Add favourite channels - to speed up new user engagement and content discovery 3. Restrict addition of applications and bots 4. Restrict team and channel mentions 5. Setup moderation

Examples of Tag use

A store manager wants to post an announcement to a channel and notify all cashiers. A group product manager wants to message all product managers in a channel. A hospital administrator wants to send a message to all radiologists in a channel. A marketing manager wants to start a group chat with all designers. When a tag is @mentioned in a channel conversation, team members associated with the tag will get notified, just like any other @mention.

Policy Precedence

A user has one effective policy for each policy type. It's possible or even likely that a user is directly assigned a policy and is also a member of one or more groups that's assigned a policy of the same type. A user's effective policy is determined according to rules of precedence, as follows: 1. If a user is directly assigned a policy (either individually or through a batch assignment), that policy takes precedence. 2. If a user isn't directly assigned a policy of a given type, the policy assigned to a group that the user is a member of, takes precedence. If a user is a member of multiple groups, the policy that has the highest group assignment ranking for the given policy type takes precedence. 3. If a user isn't directly assigned a policy or isn't a member of any groups that are assigned a policy, the user gets the global (Org-wide default) policy for that policy type. Here's an example.

How custom app policies and settings work together

Check this out if necessary https://docs.microsoft.com/en-us/microsoftteams/teams-custom-app-policies-and-settings

Actionable activity emails

Users automatically get actionable missed activity emails which help them to catch up on missed conversations in Teams. The missed activity emails allow the user to click on Reply to respond directly from within Outlook. >> PowerShell << You can use the Set-OrganizationConfig cmdlet together with the SmtpActionableMessagesEnabled parameter to turn off actionable emails. By default, the SmtpActionableMessagesEnabled parameter is set to true. Setting the parameter to false turns off actionable email messages across Office 365. Hence, the user will need to respond in Teams instead of Outlook itself.

Large Teams | Scenarios

* Department-wide collaboration If your organization has multiple departments such as Finance, Operations, R&D etc., then you can create a single team that includes all members in a specific department. Now all communications relevant to a department can be shared in this team, which facilitates instant reach and engagement from members. * Collaboration in employee resource groups: Organizations often have large groups of people with mutual interests who belong to a different department or work group. As an example, there can be a group of people who share a passion for personal finance and investing. It's often hard to connect in a large organization. To develop communities for such groups, tenant admins can create a large team that serves as a public company-wide resource group that anyone can join and take advantage of. * Collaboration between internal and external members: Popular products often develop a community of early adopters who are eager to try new product releases and provide feedback. Early adopters develop a relationship with product groups to help shape the product. In such scenarios, tenant admins can set up a large team which includes both internal product groups and external product evaluators to facilitate a rich product development process. These teams can also provide customer support to a select set of customers.

Teams is built on

.. Microsoft 365 groups, Microsoft Graph, and the same enterprise-level security, compliance, and manageability as the rest of Microsoft 365

Data in Teams resides ..

.. in the geographic region associated with your tenant.

When creating a team from an existing O365 Group,

.. that group's membership, site, mailbox, and notebook are surfaced in Teams

Steps to allow Team Owners to give consent to apps

1. Settings in Azure AD 1.0 The "Users can consent to apps accessing company data on their behalf" setting. To allow team owners to give consent, this setting must be set to Yes 1.1 In the Azure portal, go to Enterprise applications > User settings. 1.2 Under Enterprise applications, set Users can consent to apps accessing company data on their behalf to No or Yes. 2.0 The 'EnableGroupSpecificConsent' Setting - This setting controls whether users in your organization can consent to apps accessing company data for the groups that they own. This setting must be enabled for team owners to give consent 2.1 Select Azure Active Directory > Enterprise applications > Consent and permissions > User consent settings. 2.2 Under Group owner consent for apps accessing data select the option you'd like to enable. 3.0 Settings in Teams Admin Center 3.1 "Allow 3rd Party Apps"setting in Org Wide app settings 3.1.1 This setting must be on to enable team owners to give consent. 3.2 "Allow or Block the app at the Org level" 3.2.1 Team owners can only give consent to an app if the app is allowed 4.0 App permission policy assigned to the team owner 4.1. Team owners can only give consent to apps that their app permission policy allows them to run.

The Powershell controls for Teams are found in 2 different modules:

1. Teams PowerShell module - cmdlets you need to create and manage teams 2. Skype for Business PowerShell module - cmdlets to manage policies, configurations, and other Teams tools.

Teams Reports & Analytics (Admin center)

1. Teams usage report: This report gives you an overview of usage activity in Teams, including the total active users and channels, and the number of active users and channels, guests, and messages in each team 2. Teams user activity report: This report gives you insight into the types of activities users engage in, such as how many people communicate through 1:1 calls, channel messages, and private chat messages. 3. Teams device usage report: This report shows you how users connect to Teams, including how many people use Teams on their mobile devices when on-the-go.

Apps Summary - #1

4 Main Configurations Settings: i. Manage Apps - Control which app is Available / Not Available from the Teams App Catalog ii. Org-Wide Settings - Control which type of apps that can be installed - namely - Microsoft apps, 3rd party, ( interaction with ) Custom Apps iii. Permissions Policies - Same controls/settings as Org- Wide Settings but offering more granular control e.g. to specific user / group of users iv. App Setup Policies - 1. Control Upload of Custom Apps 2. Add Apps to be installed for users 3. Add/Remove pinned apps

Teams Orgn Best Practice

A Team works together to drive towards a shared outcome. Members of a team may work at a different pace or create assets differently, but they often collaborate quickly with each other, a process we call "high velocity teamwork." 1st Step: 1. Think about the goal, project, or work items and who in your organization can help deliver it collaboratively. Once identified, add them to a Team. Membership can change over time. 2. Start with a small number of Teams and team members.. Add more people as and when required. The new comers can quickly get to speed on what's already been discussed as they have access to all past conversations and/or docs.. 3. Avoid the temptation to create a bunch of different teams that have the same set of members; instead, create channels in a single team. 4. Create Channels to focus discussions - Think about the different projects and types of conversations you need to support. 5. Create initial channels so people know where to contribute and to find existing conversations. Use descriptive channels names to make it easy for people to now where to go for each conversation. Add tools e.g. onenote, sharepoint, apps so that members have everything they need right in the channel 6. Better to create teams with a larger set of members and more channels than many teams where people belong. 7. The General Channel is created by default and cannot be deleted or renamed or 'unfavourite' . Use it : * to share an overview of what the team wants to achieve such as a project charter or who's who in the team. * for new team member onboarding and other high-level information that a new team member would find useful. * For new or single purpose teams, it may be the only channel at the beginning as you decide how Teams can best support your goals. 7. Setup moderation if necessary.

Analytics & Reports in Teams Admin Center

A new analytics and reporting experience for Microsoft Teams is available in the Microsoft Teams admin center. You can run different reports to get insights into how users in your organization are using Teams. The reports in the Microsoft Teams admin center are separate from the activity reports for Teams that are part of the Microsoft 365 reports in the Microsoft 365 admin center.

PowerShell | Assigning a Policy Package

A policy package in Teams is a collection of predefined policies and policy settings that you can assign to users who have the same or similar roles in your organization. Each policy package is designed around a user role and includes predefined policies and policy settings that support activities typical for that role. When you assign a policy package to users, the policies in the package are created and you can then customize the settings of each policy in the package to meet users' needs. N.B. currently, it is not possible to create a new package from package.. However, you can modify the settings of existing packages How to use Policy Package: 1. View: View the settings of each policy in a policy package before you assign a package. Make sure that you understand each setting and then decide whether the predefined values are appropriate for your organization or whether you need to change them to be more restrictive or lenient based on your organization's needs. If a policy is deleted, you can still view the settings but you won't be able to change any settings. A deleted policy is re-created with the predefined settings when you assign the policy package. 2. Assign: Assign the policy package to users. Remember that policies in a policy package aren't created until you assign the package, after which you can change the settings of individual policies in the package. 3. Customize: Customize the settings of policies in the policy package to fit the needs of your organization. Any changes you make to policy settings are automatically applied to users who are assigned the package. Use batch policy package assignment to assign a policy package to large sets of users at a time. You use the New-CsBatchPolicyPackageAssignmentOperation cmdlet to submit a batch of users and the policy package that you want to assign. The assignments are processed as a background operation and an operation ID is generated for each batch. A batch can contain up to 5,000 users. You can specify users by their object Id, UPN, SIP address, or email address. You can then use the Get-CsBatchPolicyAssignmentOperation cmdlet to track the progress and status of the assignments in a batch. N.B. Currently, batch policy assignment using PowerShell isn't available for all Teams policy types. See New-CsBatchPolicyAssignmentOperation for the list of supported policy types. In the below example, we use the New-CsBatchPolicyAssignmentOperation cmdlet to assign an app setup policy named HR App Setup Policy to a batch of users listed in the Users_ids.text file. ps> $user_ids = Get-Content .\users_ids.txt ps> New-CsBatchPolicyAssignmentOperation -PolicyType TeamsAppSetupPolicy -PolicyName "HR App Setup Policy" -Identity $users_ids -OperationName "Example 1 batch" 2nd example - connect to Azure AD to retrieve a collection of users and then assign a messaging policy named New Hire Messaging Policy to a batch of users specified by using their SIP address. ps> Connect-AzureAD ps> $users = Get-AzureADUser ps> New-CsBatchPolicyAssignmentOperation -PolicyType TeamsMessagingPolicy -PolicyName "New Hire Messaging Policy" -Identity $users.SipProxyAddress -OperationName "Example 2 batch" Run the following to get the status of a batch assignment, where OperationId is the operation ID that's returned by the New-CsBatchPolicyAssignmentOperation cmdlet for a given batch. ps> $Get-CsBatchPolicyAssignmentOperation -OperationId f985e013-0826-40bb-8c94-e5f367076044 | fl

What is a team?

A team is a collection of people, content, and tools surrounding different projects and outcomes within an organization. Teams can be created to be private to only invited users. Teams can also be created to be public and open and anyone within the organization can join (up to 10,000 members). A team is designed to bring together a group of people who work closely to get things done. Teams can be dynamic for project-based work (for example, launching a product, creating a digital war room), as well as ongoing, to reflect the internal structure of your organization (for example, departments and office locations). Conversations, files and notes across team channels are only visible to members of the team.

Teams Advisor (Preview) | Deployment Guidance

Advisor for Teams walks you through your Microsoft Teams rollout. It assesses your Microsoft 365 or Office 365 organization environment and identifies the most common configurations that you may need to update or modify before you can successfully roll out Teams. Then, Advisor for Teams creates a Deployment team (in Teams), with channels for each workload you want to roll out. Each workload in the Deployment team comes with a comprehensive Planner plan that includes all the rollout tasks for each workload. Using this Planner plan, you'll assign tasks to the people responsible for each phase of the rollout - including the project manager, Teams and Microsoft 365 or Office 365 admins, support people, and your adoption and user readiness team. Each rollout task contains all the guidance and resources you need to successfully complete the task.

App Templates for Teams

App templates are production-ready apps for Microsoft Teams that are community driven, open-source, and available on GitHub. Each contains detailed instructions for deploying and installing that app for your organization, providing a ready-to-use app that you can install and begin using immediately. The complete source code is available as well, so you can explore it in detail, or fork the code and alter it to meet your specific needs. >> Check Associate Insights << https://github.com/OfficeDev/microsoft-teams-apps-associateinsights

Apps

Apps let you find content from your favorite services and share it right in Teams. They help you do things such as pin services at the top of a channel, chat with bots, or share and assign tasks.

Private Teams Discoverability

As an admin, you can also control which users in your organization are allowed to discover private teams in search results and suggestions in Teams. Create a new policy and Set the AllowPrivateTeamDiscovery parameter to true or false. By default, the value is True i.e. all users can discover private teams e.g. in PS New-CsTeamsChannelsPolicy -Identity VendorPolicy -AllowPrivateTeamDiscovery $false Grant-CsTeamsChannelsPolicy -Identity [email protected] -PolicyName VendorPolicy In the above example, we create a policy named VendorPolicy that prevents users from discovering any private teams that are made discoverable, and then we assign the policy to a user named vendoruser1. N.B. Private teams that are (set to) NOT discoverable are never shown in search results and suggestions, regardless of the policy setting. For example, if you turn off the discovery setting for a private team, users are unable to discover the team, even though the AllowPrivateTeamDiscovery parameter is set to true in the policy setting for those users.

Managing Tags

As an admin, you can control who can add tags (team owner and/or team member or nobody) and how tags are used across your organization in the Microsoft Teams admin center. A team can have up to 100 tags, up to 100 team members can be assigned to a tag, and up to 25 tags can be assigned to a single user.

App Setup Policies

As an admin, you can use app setup policies to do the following: * Customize Teams to highlight the apps that are most important for your users. You choose the apps to pin and set the order that they appear. Pinning apps lets you showcase apps that users in your organization need, including those built by third parties or by developers in your organization. * Control whether users can pin apps to Teams. * Install apps on behalf of users (in preview). You choose which apps are installed by default for users when they start Teams. Keep in mind that users can still install apps themselves if the app permission policy that's assigned to them allows it.

Custom Apps overview

As an admin, you can use custom app policies and settings to control who in your organization can upload custom apps to Microsoft Teams. Admins decide which users can upload custom apps, and admins and team owners can determine whether specific teams in your organization allow custom apps to be added to them. Users can add a custom app to Teams by uploading an app package (in a .zip file) directly to a team or in the personal context. This is different from how apps are added through the Teams app store. Adding a custom app by uploading an app package, also known as sideloading, lets you test an app as it's being developed, before it's ready to be widely distributed. It also lets you build an app for internal use only and share it with your team without submitting it to the Teams app catalog in the Teams app store.

Teams (Overall) Policy

As an admin, you can use teams policies in Microsoft Teams to control what users in your organization can do in teams and channels. For example, you can set whether users are allowed to discover private teams in search results (in preview) and in the team gallery and whether users are allowed to create private channels. There is a default org-wide policy.. But you can create a custom policy and assign it to specific users

User custom app policy

As part of app setup policies, admins can use a policy setting, Upload custom apps, to control whether a user can upload custom apps to Teams. If this setting is turned off: * The user can't upload a custom app to any team in your organization or in the personal context. * The user can interact with custom apps, depending on the org-wide custom app setting. If this setting is turned on: * The user can upload custom apps to teams that allow it and to teams for which they are owners, depending on the org-wide custom app setting. * The user can upload custom apps to the personal context. * The user can interact with custom apps, depending on the org-wide custom app setting.

Best Practice | People Manager Teams

Consider team for each of your first and second line people managers, with each manager's direct reports as team members .. can leverage MS script to do it.

Modify & Delete published labels

Deleting or modifying the label while it's associated with sensitivity policies can result in team creation failures across the tenant. Therefore, before you delete or modify a label, you must first disassociate the label from its associated policies. Use the following steps to delete or modify a label: 1. Remove the label from all policies that use the label. Alternatively, you can also delete the policies themselves. 2. When the label is removed from the policies or the policies themselves are deleted, wait 10 minutes before proceeding further. 3. After 10 minutes, launch the team creation interface and ensure that the label is no longer visible for any user in the tenant. 4. Now you can safely delete or modify the label.

PowerShell | Assigning Policies to individual user

Each policy type has its own set of cmdlets for managing it. Use the Grant- cmdlet for a given policy type to assign the policy. e.g. use the Grant-CsTeamsMeetingPolicy cmdlet to assign a Teams meeting policy to users. These cmdlets are included in the Skype for Business Online PowerShell module In this below example, we assign a Teams meeting policy named Student Meeting Policy to a user named Reda. ps> Grant-CsTeamsMeetingPolicy -Identity [email protected] -PolicyName "Student Meeting Policy"

Scope - Sensitivity Labels in Teams

For this container-level classification and protection, the following label settings can be used: * Privacy (public or private) of Microsoft 365 group-connected teams sites * External users access * Access from unmanaged devices When you apply this sensitivity label to a supported container, the label automatically applies the classification and protection settings to the connected site or group. Content in these containers however, do not inherit the labels for the classification and settings such as visual markings, or encryption. So that users can label their documents in SharePoint sites or team sites, make sure you've enabled sensitivity labels for Office files in SharePoint and OneDrive.

Licensing for guest access

Guest access is included with all Microsoft 365 Business Standard, Office 365 Enterprise, and Office 365 Education subscriptions. No additional Microsoft 365 or Office 365 license is necessary. Teams doesn't restrict the number of guests you can add. However, the total number of guests that can be added to your tenant may be restricted by the paid features of Azure AD

View Analytics

In Microsoft Teams, users can view analytics for teams and channels that they are part of. This information gives users insight into usage patterns and activity on their teams. Users can see data such as the number of active users, posts, replies, and more at three levels. Cross-team analytics gives users a broad overview of usage data for all teams that they are a member or owner of in a single list view. Per-team analytics gives users a more granular view, showing usage data for a specific team. Per-channel analytics gives users an even more granular view, showing usage data for a specific channel. Users can filter any of these views to see data for a specified time period.

Information Barriers in Teams

Information barriers (IB) are policies that an admin can configure to prevent individuals or groups from communicating with each other. This is useful if, for example, one department is handling information that shouldn't be shared with other departments or a group needs to be prevented, or isolated, from communicating with anyone outside of that group. N.B. Before you set up or define policies, you must enable scoped directory search in Microsoft Teams.

Inline Message Translation

Inline message translation lets users translate Teams messages into the language specified by their personal language settings. Microsoft Teams admin center >> Messaging Policies > either create a new policy or edit an existing policy, and set the Allow users to translate messages option to On.

Advisor License Requirements

M365 Basic at a minimum Advisor uses Teams, Planner & Forms.

Apps Summary - #2 | Custom App Policies

Managing Custom App Policies: 1. Org-Wide Settings : Master Switch to enable/disable upload/interaction with Custom Apps - if Disabled, no interaction with Custom Apps despite the below 2 settings 2. Custom App Policy - control if a user/group can upload Custom App e.g. to Team Owners or Developers or Beta users 3. Team Settings >> "allow members to upload custom Apps " - team members will be able to upload an app if this setting is on and their Custom Policy allows it

Manage Messaging policies

Messaging policies are used to control which chat and channel messaging features are available to users in Microsoft Teams. You can use the global (Org-wide default) policy that's created automatically or create and assign custom messaging policies. Users in your organization will automatically get the global policy unless you create and assign a custom policy. You can edit the settings in the global policy or create and assign one or more custom policies to turn on or turn off the features that you want.

To view Activity reports

Microsoft 365 admin center, select Reports > Usage Then choose Teams .

Team Membership

Microsoft Teams makes it easy for team owners to add people in the organization based on their name Team owners can also create a team based on an existing Microsoft 365 group. Any changes made to the group will be synced with Microsoft Teams automatically. Creating a team based on an existing Microsoft 365 group not only simplifies the process of inviting and managing members, but also syncs group files inside of Microsoft Teams.

Teams Scope Directory Search

Microsoft Teams scoped directory search allows organizations to create virtual boundaries that control how users can find and communicate with other users in their organization. Microsoft Teams lets organizations provide custom views of the directory to their users. Microsoft Teams uses Information Barrier policies to support these custom views. Once the policies are enabled, the results returned by searches for other users (for example, to initiate a chat or to add members to a team) will be scoped according to the configured policies. Users will not be able to search or discover teams when scoped search is in effect.

Cmdlets available for each role

Most of the PowerShell tools for these admin roles live in the Skype for Business PowerShell module, and it's important to note that some of the cmdlets that these admin roles have access to control shared settings that are also used for Skype for Business Online. To view the full list of cmdlets currently available to a given role in the Skype for Business PowerShell module, follow these steps: 1. Assign that role to a user (and make sure that the user has no other roles). 2. Connect to the Skype for Business PowerShell module: a. ps> $session = new-csonlinesession b. ps> Import-pssession $session c. Use Get-Module to identify the name of the imported session (it will be a randomly generated name). d. Use Get-Command -Module <name from above> to identify all available cmdlets

Org-Wide Team

Org-wide teams provide an automatic way for everyone in a small to medium-sized organization to be a part of a single team for collaboration. With org-wide teams, global admins can easily create a public team that pulls in every user in the organization and keeps the membership up to date with Active Directory as users join and leave the organization. Only global admins can create org-wide teams and currently, an org-wide team is limited to organizations with no more than 5,000 users. >> normal team can normally have up to 10,000 users. There's also a limit of five org-wide teams per tenant. If these requirements are met, global admins will see Org-wide as an option when they select Build a team from scratch when creating a team. When an org-wide team is created, all global admins are added as team owners and all active users are added as team members. Unlicensed users are also added to the team. The first time an unlicensed user signs in to Teams, the user is assigned a Microsoft Teams Exploratory license. These types of accounts won't be added to your org-wide team: * Accounts that are blocked from sign in * Guest users * Service accounts * Room or equipment accounts * Accounts backed by a shared mailbox Team members can't leave an org-wide team. As a team owner, you can manually add or remove users if needed.

Team Expiration & Renewal

Organizations with a large number of teams often have teams that are never actually used. This can happen because of several reasons including product experimentation, short-term team collaboration, or team owners leaving the organization. Over time, such teams can accumulate and create a burden on tenant resources. To curb the number of unused teams, as an admin, you can use Microsoft 365 group expiration policy to automatically clean up unused teams. Because teams are backed by groups, group expiration policies automatically apply to teams as well. When you apply an expiration policy to a team, a team owner receives a notification for team renewal 30 days, 15 days and 1 day before the team's expiration date. When the team owner receives the notification, they can click Renew now in team settings to renew the team. If the team owner doesn't renew the team, the team is put in a "soft-deleted" state, which means it can be restored within the next 30 days. When a group expires, all of its associated services (the mailbox, Planner, SharePoint site, team, etc.) are also deleted. Administrators can specify an expiration period and any inactive group that reaches the end of that period, and is not renewed, will be deleted. The expiration period begins when the group is created, or on the date it was last renewed. Group owners will automatically be sent an email before the expiration that allows them to renew the group for another expiration interval. Teams users will see persistent notifications in Teams. Groups that are actively in use are renewed automatically. Any of the following actions will auto-renew a group: * SharePoint - view, edit, download, move, share, or upload files. * Outlook - join group, read or write group message from the group, and like a message (Outlook on the web). * Teams - visiting a teams channel. N.B Group expiration is turned off by default. Administrators will have to enable it for their organization if they want to use it N.B.B Configuring and using the expiration policy for Microsoft 365 groups requires you to possess but not necessarily assign Azure AD Premium licenses for the members of all groups to which the expiration policy is applied.

Archive or Delete a Team

Over time, a team created in Microsoft Teams might fall out of use or you might want to archive or delete a team at the end of a project. If you're a Microsoft Teams admin, follow the steps in this article to archive or delete a team that's no longer needed. When you archive a team, all activity for that team ceases. Archiving a team also archives private channels in the team and their associated site collections. However, you can still add or remove members and update roles and you can still view all the team activity in standard and private channels, files, and chats. When you delete a team, team activity in standard and private channels (and associated site collections), files, and chats is also deleted. Restore a deleted team by restoring the Microsoft 365 group that's associated with the team. Restoring the Microsoft 365 group for a team restores team content, including tabs, standard channels, and private channels and their associated site collections. By default, a deleted Microsoft 365 group is retained for 30 days. This 30-day period is called "soft-delete" because you can restore the group. To display a list of all soft-deleted Microsoft 365 groups that are still within the 30-day retention period. Use the -All $True parameter if you have a lot of groups. ps> Get-AzureADMSDeletedGroup Find the group that you want to restore, and then make a note of the Id. Run the following to restore the group, where [Id] is the group Id. ps> Restore-AzureADMSDeletedDirectoryObject -Id [Id] Run the following to verify the group was successfully restored, where [Id] is the group Id. ps> Get-AzureADGroup -ObjectId [Id]

Assigning Policy to a Group

Policy assignment to groups lets you assign a policy to a group of users, such as a security group or organizational unit. The policy assignment is propagated to members of the group according to precedence rules. As members are added to or removed from a group, their inherited policy assignments are updated accordingly. Policy assignment to groups is recommended for groups of up to 50,000 users but it will also work with larger groups. When you assign the policy, it's immediately assigned to the group. However, note that the propagation of the policy assignment to members of the group is performed as a background operation and may take some time, depending on the size of the group. The same is true when a policy is unassigned from a group, or when members are added to or removed from a group. Also, currently, cannot do this operation via the GUI. (policy assignment to groups using the Microsoft Teams admin center is only available for Teams calling policy, Teams call park policy, Teams policy, Teams live events policy, Teams meeting policy, and Teams messaging policy. For other policy types, use PowerShell.) N.B. Currently, policy assignment to groups using PowerShell isn't available for all Teams policy types. Use the New-CsGroupPolicyAssignment cmdlet to assign a policy to a group. You can specify a group by using the object Id, SIP address, or email address. e.g. Use the New-CsGroupPolicyAssignment cmdlet to assign a Teams meeting policy named Retail Managers Meeting Policy to a group with an assignment ranking of 1. ps> New-CsGroupPolicyAssignment -GroupId d8ebfa45-0f28-4d2d-9bcc-b158a49e2d17 -PolicyType TeamsMeetingPolicy -PolicyName "Retail Managers Meeting Policy" -Rank 1 Use the Get-CsGroupPolicyAssignment cmdlet to get all policies assigned to a group. Note that groups are always listed by their group Id even if its SIP address or email address was used to assign the policy. e.g. we retrieve all policies assigned to a specific group. Get-CsGroupPolicyAssignment -GroupId e050ce51-54bc-45b7-b3e6-c00343d31274 e.g. return all groups that are assigned a Teams meeting policy. Get-CsGroupPolicyAssignment -PolicyType TeamsMeetingPolicy Use the Remove-CsGroupPolicyAssignment cmdlet to remove a policy from a group. When you remove a policy from a group, the priorities of other policies of the same type assigned to that group and that have a lower ranking are updated. For example, if you remove a policy that has a ranking of 2, policies that have a ranking of 3 and 4 are updated to reflect their new ranking. e.g. we remove the Teams meeting policy from a group. Remove-CsGroupPolicyAssignment -PolicyType TeamsMeetingPolicy -GroupId f985e013-0826-40bb-8c94-e5f367076044 Here's an example of how to change the effective policy for a user who is directly assigned a policy. First, we use the Get-CsUserPolicyAssignment cmdlet together with the PolicySource parameter to get details of the Teams meeting broadcast policies associated with the user. ps> Get-CsUserPolicyAssignment -Identity [email protected] -PolicyType TeamsMeetingBroadcastPolicy | select -ExpandProperty PolicySource The output shows that the user was directly assigned a Teams meeting broadcast policy named Employee Events, which takes precedence over the policy named Vendor Live Events that's assigned to a group the user belongs to. Now, we remove the Employee Events policy from the user. This means that the user no longer has a Teams meeting broadcast policy directly assigned to them and will inherit the Vendor Live Events policy that's assigned to the group the user belongs to. ps> Grant-CsTeamsMeetingBroadcastPolicy -Identity [email protected] -PolicyName $null

Resource Specific Consent (..in preview)

Resource-specific consent in Microsoft Teams lets team owners give consent to apps to access team data. Examples of such access include the ability to read channel messages, create and delete channels, and create and remove channel tabs. As an admin, you control whether team owners in your organization can give consent through settings that you configure by using the Azure Active Directory (Azure AD) PowerShell module or the Azure portal and the Microsoft Teams admin center.

Use Case - Scope Directory Search

Scenarios that benefit from scoped directory searches are similar to address book policy scenarios. e.g. * Your organization has multiple companies within its tenant that you want to keep separate. * Your school wants to limit chats between faculty and students. To enable it in Teams Org-wide settings > Teams settings > Search .. next to Scope directory search in Teams using an Exchange address book policy (ABP), turn the toggle On.

Private Channel use Cases

Scenarios: * A group of people in a team want a focused space to collaborate without having to create a separate team. * A subset of people in a team want a private channel to discuss sensitive information, such as budgets, resourcing, strategic positioning, and so on.

Sensitivity Labels

Sensitivity labels allow Teams admins to regulate access to sensitive organizational content (!) created during collaboration within teams. You can define sensitivity labels and their associated policies in the Security & Compliance Center. These labels and policies are automatically applied to teams in your organization. Sensitivity labels and their policies are automatically enforced end-to-end through a combination of the Groups platform, Security & Compliance Center, and Teams services.

Teams & Outlook integration

Share to Outlook - lets users share a copy of a Teams conversation to an email in Outlook, without having to leave Teams. This feature is handy if users need to share conversations or status updates with users outside their immediate team or even your organization. To use this feature, Outlook on the web must be turned on for the user. If Outlook on the web is turned off, the Share to Outlook option isn't displayed in Teams for the user.

Tags

Tags let users communicate with a subset of people on a team. Tags can be added to one or multiple team members to easily connect with the right subset of people. Team owners and members (if the feature is enabled for them) can add one or more tags to a person. The tags can then be used in @mentions by anyone on the team in a channel post or to start a conversation with only those people who are assigned that tag. N.B. tags are not yet supported in Private Channels

Team Settings

Team owners can manage team-wide settings directly in Microsoft Teams. Settings include the ability to add a team picture, set permissions across team members for creating standard and private channels, adding tabs and connectors, @mentioning the entire team or channel, and the usage of GIFs, stickers, and memes.

Channel Moderation

Team owners can turn on moderation for a standard channel to control who can start new posts and reply to posts in that channel. A team owner might not have the subject matter expertise at the channel level to best support channel moderation. By allowing specific team members to moderate a channel, the responsibility of managing content and context within a channel is shared between team owners and channel moderators. For example, a team owner can add business owners or content owners as moderators, which lets them control information sharing in that channel. N.B. 1. Channel moderation is available for standard channels. It's not available for the General channel or private channels. 2. Channel moderation is a per-channel setting. There's no tenant-level setting for channel moderation.

Org-Wide Custom App setting

The 'Allow interaction with custom apps' org-wide custom app setting on the Manage apps page applies to everyone in your organization and governs whether they can upload or interact with custom apps. This setting overrides the user and team custom app policy and setting. It's intended to serve as a master on/off switch during security events. Normal Sequence is: 1. Org Wide Settings - interact with Custom Apps 2. Team Settings - if you want users to be able to upload apps to a team. By default, team owners and Teams Service Admins can upload custom apps.. The user should be allow to upload custom apps 3. User Settings

Teams Roles & Capabilities

There are four Teams admin roles availableL 1. Teams Service Administrator - Manage the Teams service, and manage and create Microsoft 365 Groups 2. Teams Communications Administrator - Manage calling and meetings features within the Teams service 3. Teams Communications Support Specialist - Troubleshoot communications issues within Teams by using BASIC tools. He can ; a. Access user profile page for troubleshooting calls in Call Analytics. Can only view user information for the specific user being searched for. b.Access, monitor, and troubleshoot tenant's call quality and reliability using data exposed in Call Quality Dashboard (CQD). 4. Teams Communications Support Engineer - Troubleshoot communications issues within Teams by using ADVANCED tools. He can: a. View user profile page and troubleshoot user call quality problems using advanced troubleshooting toolset. b. Access, monitor, and troubleshoot tenant's call quality and reliability using data exposed in Call Quality Dashboard (CQD) down to the users who are impacted by poor call quality.

Teams Auto Renewal

There can be times when a team owner is unable to renew the team perhaps because they forgot to renew or were away when renewal was due. In these scenarios, a team in active use can get deleted because of expiration policies that apply to the team. To prevent accidental deletion (of a Team in Active use), auto-renewal is automatically enabled for a team in the group expiration policy. When the group expiration policy is set up, any team that has at least one channel visit from any team member before its expiration date is automatically renewed without any manual intervention from the team owner.

Moderator Capabilities

This needs to be turned On explicitly by the Team Owner A team member can be given Moderator rights. Moderators can start new posts in a channel and control whether team members can reply to existing channel messages. They can also control whether bots and connectors can submit channel messages. Moderator capabilities are assigned at the channel level A moderator within a channel can add or remove other moderators.

Custom App Policy & Settings

Three components determine whether a user can upload a custom app to a team, giving you granular control over who can add custom apps to a team and which teams custom apps can be added to: 1. User custom app policy 2. Team custom app setting 3. Org-wide custom app setting

PowerShell | Assigning Global policies

To set the global policies using PowerShell, use the Global identifier. Start by reviewing the current Global policy to determine which setting you want to change. ps> Get-CsTeamsMessagingPolicy -Identity Global Next, update the Global policy as needed. You only need to specify values for the settings that you want to change. ps> Set-CsTeamsMessagingPolicy -Identity Global -AllowUserEditMessage $false

View Status of Policy Assignment

To view the status of your policy assignment, in the banner that appears at the top of the Users page after you click Apply to submit your policy assignment, click Activity log. Or, in the left navigation of the Microsoft Teams admin center, go to Dashboard, and then under Activity log, click View details. The Activity log shows policy assignments to batches of more than 20 users through the Microsoft Teams admin center from the last 30 days.

Teams >> Org Wide Settings > email integration

Turn on this feature so users can send email to a channel in Teams, using the channel email address. Users can do this for any channel belonging to a team they own. Users can also send emails to any channel in a team that has adding connectors turned on for team members.

External Access

Use external access (federation) when you need a solution that lets external users in other domains find, call, chat, and set up meetings with you. External users have no access to your organization's teams or team resources. Choose external access when you want to communicate with external users who are still on Skype for Business (online or on premises) or Skype (coming in early 2020). External access is turned on by default in Teams, which means your org can communicate with all external domains. The Teams admin can turn it off or specify which domains to include (or exclude). If you want external users to have access to teams and channels, guest access might be a better way to go. Use external access when: * You have users in different domains who need to collaborate. For example, [email protected] and [email protected] are working on a project together along with some others in the contoso.com and northwindtraders.com domains. * You want the people in your organization to use Teams to contact people in specific businesses outside of your organization. * You want anyone else in the world who uses Teams to be able to find and contact you, using your email address. POWERSHELL Use the Set-CsExternalAccessPolicy cmdlet together with the EnablePublicCloudAccess parameter to control whether Teams users can communicate with Skype users. Setting the parameter to true allows Teams users to communicate with Skype users. Note that the EnablePublicCloudAudioVideoAccess parameter can be used to enable/disable audio/video calls.

Guest Access

Use guest access to add an individual user (regardless of domain) to a team, where they can chat, call, meet, and collaborate on organization files (stored in SharePoint or OneDrive for Business), using Microsoft 365 or Office 365 apps such as Word, Excel, or PowerPoint. A guest user can be given nearly all the same Teams capabilities as a native team member. * Guests are added to your organization's Active Directory. * To communicate with a guest, the guest has to be signed in to Teams using their guest account. This means that a guest may have to sign out of their own Teams account to sign in to your Teams account, or switch organizations if it's the same account. * Guest users have access to more resources in Teams - such as files, teams, and channels - than external-access (federated) users. * Anyone with a business or consumer email account, such as Outlook, Gmail, or others, can participate as a guest in Teams with full access to team chats, meetings, and files. The Teams admin controls everything that a guest can (or can't) do in the Teams admin center . Guest access is an org-wide setting in Teams and is turned off by default. Guest access is subject to Azure AD and Microsoft 365 or Office 365 service limits.

Sharing in Teams

Users can share content with other Teams users within and outside their organization. Sharing in Teams is based on the settings configured in SharePoint and OneDrive, so whatever you set up for SharePoint and OneDrive will control sharing in Teams as well.

(give) Feedback & Surveys in Teams

Users in your organization can send feedback about Teams to Microsoft let us know how we're doing, directly from within the Teams desktop and web clients. Similar, they can have a pop-up survey from time to time By default, all users in your organization are automatically assigned the global (Org-wide default) policy and the Give feedback feature and survey are enabled in the policy. However, it cannot be disabled via the GUI except for the survey where a user can opt-out via the Teams client. To turn off and turn on the features, set the following parameters: Give feedback: Set the userInitiatedMode parameter to enabled to allow users who are assigned the policy to give feedback. Setting the parameter to disabled turns off the feature and users who are assigned the policy don't have the option to give feedback. Surveys: Set the receiveSurveysMode parameter to enabled to allow users who are assigned the policy to receive the survey. To have users receive the survey and allow them to opt out, set the parameter to enabledUserOverride. In Teams, users can then go to Settings > Privacy and choose whether they want to participate in surveys. Setting the parameter to disabled turns off the feature and users who are assigned the policy won't receive the survey. Example - create a feedback policy called New Hire Feedback Policy and turn off the ability to give feedback through Give feedback and the survey. ps> New-CsTeamsFeedbackPolicy -identity "New Hire Feedback Policy" -userInitiatedMode disabled -receiveSurveysMode disabled Example - assign a custom policy named New Hire Feedback Policy to a user named user1. Grant-CsTeamsFeedbackPolicy -Identity [email protected] -PolicyName "New Hire Feedback Policy"

Create & Publish labels

When a label is created and published in the Security & Compliance Center, it can take up to 10 minutes for the label to become visible in the teams creation interface. Use the following steps to publish the label for all users in the tenant: 1. Create the label and publish it for a few select user accounts in the tenant. 2. When the label is published, wait 10 minutes. After 10 minutes, try to create a team with the label using one of the user accounts that have access to the label. 3. If the team successfully created in step 3, then go ahead and publish the label for the remaining users in the tenant.

(Sensitivity labels) - When in use..

When the team is created, the sensitivity label is visible in the upper-right corner of channels in the team. A team owner can change the sensitivity label and the privacy setting of the team at any time by going to the team, and then clicking Edit team. You can specify whether a team created with a specific label allows guest access. Teams created with a label that doesn't allow guest access are only available to users in your organization. People outside your organization can't be added to the team.

Group Assignment Ranking (for policies precedence)

When you assign a policy to a group, you specify a ranking for the group assignment. This is used to determine which policy a user should inherit as their effective policy if the user is a member of two or more groups and each group is assigned a policy of the same type. The group assignment ranking is relative to other group assignments of the same type. For example, if you're assigning a calling policy to two groups, set the ranking of one assignment to 1 and the other to 2, with 1 being the highest ranking. The group assignment ranking indicates which group membership is more important or more relevant than other group memberships with regards to inheritance. Say, for example, you have two groups, Store Employees and Store Managers. Both groups are assigned a Teams calling policy, Store Employees Calling Policy and Store Managers Calling Policy, respectively. For a store manager who is in both groups, their role as a manager is more relevant than their role as an employee, so the calling policy that's assigned to the Store Managers group should have a higher ranking.

Communicating with External Users

When you need to communicate and collaborate with people outside your organization, Microsoft Teams gives you two different ways to make that happen. 1. External access (federation) - lets you find, call, and chat with users in other domains (for example, contoso.com). 2. Guest access - lets you add individuals to your teams, as guests, using their email address. You can collaborate with guests as you would with any other users in your organization. You can use both external access and guest access if you want - one doesn't preclude the other.

What is chat ?

While channel conversations are public, chats are just between you and someone else (or a group of people). Think of them like instant messages in other messaging apps. Private chats are only visible to the chat participants. Teams saves your whole chat history, all the way back to the first message you sent—this is known as persistent chat. If someone leaves your organization, that person's chat responses will remain in your chat history.

Scenarios - Teams & Sensitivity labels

You can create a sensitivity label that, when applied during team creation, allows users to create teams with a specific privacy (public or private) setting. For example, you create a label named "Confidential" in the Security & Compliance Center and you configure Teams so that any team that's created with this label must be a private team. When a user creates a new team and selects the Confidential label, the only privacy option that's available to the user is Private. Other privacy options such as Public and Org-wide are disabled for the user.

Activity Reports for Teams

You can use activity reports in the Microsoft 365 admin center to see how users in your organization are using Microsoft Teams. e.g.if some don't use Microsoft Teams yet, they might not know how to get started or understand how they can use Teams to be more productive and collaborative. Your organization can use the activity reports to decide where to prioritize training and communication efforts.

When you create a team, the following also gets created:

* A new Microsoft 365 Group * A SharePoint Online site and document library to store team files * An Exchange Online shared mailbox and calendar * A OneNote notebook

Manage your Custom Apps

"To create and manage custom apps in Teams, you'll need two tenants: a test tenant for development and a production tenant. Step 1: Develop and test 1.1 Create test users Make sure that your developers, whether in-house or external, have accounts in your test tenant. Learn more about adding users. 1.2. Allow custom apps in the test tenant To give developers the access they need for testing, allow all users in the test tenant to upload custom apps (also known as sideloading). This lets developers upload a custom app to be used personally or across the test tenant without having to submit the app to the Teams apps store. Uploading a custom app lets developers test an app before you distribute it more widely. To allow users to upload custom apps, Turn on the Allow interaction with custom apps org-wide app setting. 1.3 Turn on the Upload custom apps setting in the global app setup policy. To do this, in Teams admin center, go to Teams apps > Setup policies, and then click the Global (Org-wide default) policy, and enable Upload Custom Apps Step 2 : Create the App 2.1 When the app is ready for use in production, the developer should produce an app package. They can use App Studio for that. They'll send you the file in .zip format. 2.2. To validate that the app is working correctly in your production tenant, you need to allow yourself and/or trusted users in your organization to upload custom apps. Much like in the earlier step, you use app setup policies to do this. > Org Wide Settings > enable "Allow interaction with custom apps" ++ 2.1. Turn Off "Upload Custom Apps" so that you can control who has access during the testing period 2.3 Create a new "Setup Policy" to allow 'Upload Custom Apps" and add users for this policy 3.0 To make the app available to users in the tenant app store, upload the app. You can do this on the Manage apps page of the Microsoft Teams admin center. 4.0 Configure & Assign Permissions By default, all users have access to this app in the the Teams apps store. To restrict and control who has permission to use the app, you can create and assign a new app permission policy. 5.0 Pin the App for the users to Discover it

Large Teams | How to create ?

* Import a group to make a team: When you import a group with up to 3,500 members into Teams, Teams automatically calculates the total number of members in the group. This is a one-time import only and future changes in the group will not automatically be updated in Teams. * Create a team from a large Microsoft 365 group: When you create a team from a large Microsoft 365 group, members are automatically part of the Microsoft 365 group and the team. In the future, as team members join or leave the Microsoft 365 group, they're automatically added or removed from the team.

Team Custom App setting

Admins and team owners can control whether a team allows for custom apps to be added to it. This setting, 'Allow members to upload custom apps', together with a user's custom app policy determines who can add custom apps to a particular team. If this setting is turned off: * Team owners can add custom apps, if their custom app policy allows it. * Team members who aren't team owners can't add custom apps to the team. If this setting is turned on: * Team owners can add custom apps, if their custom app policy allows for it. * Team members who aren't team owners can add custom apps, if their custom app policy allows for it.

Ways to Assign Policies

Before assigning policies to individual users or groups, start by setting the global (Org-wide default) policies so that they apply to the largest number of users in your organization. Once the global policies are set, you will only need to assign policies to those users that require specialized policies.

Permissions to create Teams

By default, all users with a mailbox in Exchange Online have permissions to create Microsoft 365 groups and therefore a team within Microsoft Teams. You can have tighter control and restrict the creation of new teams and thus the creation of new Microsoft 365 groups by delegating group creation and management rights to a set of users.

Team Moderators

If moderation is set up, team owners and members can have moderator capabilities for a channel. Moderators can start new posts in the channel and control whether team members can reply to existing channel messages. Team owners can assign moderators within a channel. (Team owners have moderator capabilities by default.) Moderators within a channel can add or remove other moderators within that channel.

What are Channels ?

Channels are dedicated sections within a team that keep conversations organized by specific topics, projects, or disciplines. Files that you share in a channel (on the Files tab) are stored in SharePoint. Channels are dedicated sections within a team to keep conversations organized by specific topics, projects, disciplines—-whatever works for your team!

Assigning Custom Policies to Users

You can assign a policy directly to users, either individually or at scale through a batch assignment (if supported for the policy type), or to a group that the users are members of (if supported for the policy type). You can also use policy packages to assign a preset collection of policies to users in your organization who have similar roles. The option that you choose depends on the number of policies that you're managing and the number of users that you're assigning to. By setting the global (Org-wide default) policies so that they apply to the largest number of users in your organization, you only have to assign policies to those users that require specialized policies. A user can only be assigned one messaging policy at a time.


Set pelajaran terkait

Lewis Book/Evolve Questions: Ch. 60 and Giddens Concept 26

View Set

Chapter 8: Capitalizing on Global & Regional Integration

View Set

Questions .2 Chapter 9 Key Issue

View Set