June 7th, 2017 | Tags:

Hi All,

For those that haven’t already noticed Microsoft’s Skype for Business Tech Community Blog has announced a second  Skype for Business Online Broadcast on video interop – now that it’s officially GA within NA and close to being launched in EMEA.

I must have behaved the first time around as they’ve asked me back 🙂 Hopefully some of you can make it!

More information here

Update: this video is now posted on YouTube

May 5th, 2017 | Tags: ,

The Microsoft folks that create some awesome Skype for Business training kindly asked that I collaborate with them on updated RealConnect for Office 365 training. This was recently shared via a blog post and the video that @Korneel Bullens and I produced is embedded below.

March 1st, 2017 | Tags: , ,

Almost a year ago Polycom and Microsoft jointly announced at Enterprise Connect a new cloud video interoperability service – RealConnect for Office 365.

Following this announcement I wrote a post that covered this in more details and talked about this on Microsoft’s Skype for Business broadcast vlog.

We’re now in preview within the US and I wanted to give folks an overview of the provisioning flow, it’s still not the final design – in the future the provisioning app will be embedded within a native Office Store Web App and this has minimal branding. Nevertheless it answers a lot of questions around security and how much effort it takes to get the service deployed – the video is live and it’s 8mins! (including commentary)

February 28th, 2017 | Tags: , ,

As many of you are no doubt already aware Skype for Business on-premises provides a mechanism for users to easily sign into IP telephony devices, this process is referred to as PIN authentication. It provides end-users with an easy way to authenticate with Skype for Business without the need to input a full username and password on the phone. Of course, if the phone is paired with your desktop PC via “Better Together” functionality this makes things easier, but given that 3rd party interoperability program or (3PIP) devices require additional software for network-based pairing – this often isn’t deployed.

Now let’s level set on a few limitations to be aware of with PIN-based authentication:

1. As an IT admin DHCP options needs to be configured appropriately, specifically option 43. This lets the phone know the location for the certification provisioning service, this then in turn facilitates a secure TLS channel between the phone and the Skype for Business server. Once the authentication is completed the phone retrieves a client certificate which facilitates access to various services, this process is referred to as “TLS-DSK”. This private certificate provisioning service isn’t published externally, so remote workers need to use the process previously mentioned, “Better Together”.

Note: Polycom VVX phones can be configured to work in absence of deploying this option (provided Internet time is configured and available), refer to the parameter dhcp.option43.override.stsUri documented within the UCS Lync and Skype for Business Deployment Guide.

For more information on Option 43, I’d recommend you refer to this post by Jeff Schertz.

2. Given that PIN authentication grants the phone access to Skype for Business services this does not help with Microsoft Exchange, for this NTLM sign-in is still required. Once complete calendaring details can be populated – this is important if you want to perform Skype for Business “Click-to-Join” from the phone’s calendar.

So now let’s talk about Skype for Business Online Web Sign-In, this is a new (heavily understated) feature that allows users with Skype for Business Online accounts to sign into their phone with minimal phone intervention or the need for the 3PIP Better Together AKA the “Better Together-over-Ethernet” companion application.

Let’s first walk you through the process and then we’ll examine how it works.

Step 1: We select the new Web Sign-In option via the phone home screen

Step 2: Once Web Sign-In is selected the phone displays a unique device code, this code is generated within the region the phone is set to and is retrieved via the Device Configuration Web Service

Step 3: Via your computer web browser access the web page displayed on the phone and enter the email associated with your Skype for Business Online account

Step 4: Once the email is entered the user is prompted to sign-in with his or her Office 365 account credentials

Step 5: Enter the device code displayed on the phone screen

Once the code is entered the phone vendor details are displayed

Finally the web page acknowledges that sign-in is complete and the browser session can be closed

The phone sign-in completes without any user intervention

That’s it!

Next up let’s look at how this works behind the scenes. The first thing we need to understand is that Modern Authentication (OAuth 2.0) is used to facilitate this authentication process. Note: even with Skype for Business Online set to

“Set-CsOAuthConfiguration -ClientAdalAuthOverride NoOverride”

(as per documentation here) Web Sign-In is still possible.

The flow chart below outlines the interaction via the various services:

Step 1: The IP Phone requests a localized device pairing site and pairing code (valid for two minutes).

Step 2: The end-user opens their local device pairing website within their web browser. After inputting their device pairing code they are redirected to the Skype for Business device pairing website (where authentication credentials are added).

Step 3: Once authentication is completed an OAuth 2.0 access token is shared with the IP Phone.

Step 4: The users UPN is extracted from the token and Skype for Business autodiscovery is performed against this account.

Step 5: The Skype for Business online server responds and issues a user certificate (valid for 8 hours) with the access token. Remember TLS-DSK?

Step 6: SIP registration completes. That’s it!

If you’ve not tried IP Phone Web Sign-In then I’d recommend you give it a go, as always comments welcome.

 

October 3rd, 2016 | Tags:

msignitelogo

So at Ignite Albert Kooiman and I had the opportunity to re-unite and present some more details around the new Office 365 video interoperability service both Polycom and Microsoft are co-developing. This was a 300 level session where Albert and I started with a general overview and then went into more architectural details on this new service due for public preview later this year.

The session is embedded below and PowerPoint available for download here (this is not available on the event page right now)

September 1st, 2016 | Tags:

Picture1

Earlier this year Polycom and Microsoft jointly announced a new joint cloud video interoperability service.  The goal here is giving Microsoft’s Skype for Business Online users a way to schedule meetings with the ability to easily add video room systems from vendors like Cisco, Polycom, LifeSize etc. You know, the kinds that either don’t play nice with Skype for Business or have direct Microsoft registration capabilities.

This sounds easy right? Well often this isn’t the case, you might need to deploy various boxes, go through a complex integration or even break the existing Skype for Business end-user workflow. This new service is geared toward making this easy, the technology is Polycom’s RealPresence Platform and the solution itself is RealConnect. This is all to be fully integrated with Office 365, hosted within Microsoft Azure and operated by Polycom.

Over the next few months more detailed information will be shared, next week Albert Kooiman and I will discuss this solution and also provide a demo of the experience, so don’t miss our Skype for Meeting Broadcast. Then at Ignite expect an even deeper dive on how this all works.

Webcast join details below:

Join Polycom and the Skype for Business team to hear and see a demo of the new Polycom cloud-based video interoperability service for Office 365 users. Built directly into the Skype for Business workflow, users can easily use this service to create an online meeting that Office 365 and other video endpoint users can join.

Join the Skype Meeting Broadcast, Friday, September 9, 2016, at 9:00 a.m. PST.

Speakers: Angela Donohue, Albert Kooiman, Adam Jacobs

Update: Recording from the Skype Meeting Broadcast is now posted online