Wednesday, 11 July 2018

Microsoft Teams Federation is here, sort of

Hello Readers,

Hope you're well.

This post is going to change a lot in the coming days/weeks so you will probably want to keep checking back.

One of the features that everyone is waiting for for Teams is Federation.  That is the ability to communicate with people outside your organisation.  When I say communicate, I mean presence first and foremost, chat (instant messaging), audio/video calling and sharing.  I know you can already do this if you set up a meeting with someone outside, but this isn't federation.  This works because you invited external people with an email address (MPN) to your meeting.

Federation has been in Microsoft UC since Messenger in Exchange 2000.  In Skype for Business you can turn federation on and off and create policies, allowed domain lists and even federate with non Lync/Skype for Business contacts using Consumer Skype or Cisco Jabber for instance.  

With federation enabled, you can add external contacts using Lync, Skype, Skype for Business, Jabber and more to your contact list and see their presence and easily start an IM with them or escalate to add audio or video over the internet.  To say that federation is ubiquitous is an understatement.

Federation in Teams

The title of the post suggests federation is available in Teams.  And it is, sort of.  Once again, this post will change as more becomes available.  But some things work.

What's works now - 11th July 2018

Presence in Skype for Business of a Teams user.  If you tag a user for status change you'll see immediately when the user signs into Teams or becomes available.  

Sadly, presence information isn't exchanged between two Teams users.

Calling, both audio and video, works between Teams users in different organisations.

I tried this in a few scenarios.  
  • Teams desktop client to desktop client works
  • Teams desktop client to mobile client works
  • Teams desktop client to browser client (Edge) works to start with, but the session crashes in Edge shortly after the call starts.  Desktop client thinks it is still in the call until the Edge client is back in.  Then it says the call failed and gives you a rejoin link which clearly doesn't work.

Teams to Teams doesn't work.  You actually get an error message

Skype for Business to Teams does work.  
In Skype for Business (Server), double click on a Teams contact who is only signed in to Teams to start a chat.  Send a message.  There is a delay of up to 30 seconds, but it eventually pops up in the chat window in Teams.  It actually pops up as a new chat, separate from the one between Teams accounts and the contact has a little Skype for Business logo on it.

The failed message was because I closed the Skype for Business chat window too early.  As I said, there is a delay between sending and receiving of upwards of 30 seconds.  Once I did see that the message had been received I started a new chat from Skype for Business to Teams and was able to chat in both directions.

Another word of warning.  The chat session can time out it seems.  If you leave the chat open between Skype for Business and Teams and do nothing while you write more of a blog post, then go to Teams and send a new message, it will fail with the same error.  If you send a new message from Skype for Business it first appears in Teams as a peek and then pops into the same chat window.

Teams to Skype for Business doesn't work.  This is probably because I'm testing between an account with Teams and Skype Online to an account with Teams and Skype for Business Server.  More likely it is because Teams to Teams doesn't work.  

I also tested a new chat to someone I know that has Skype for Business Online but not Teams and that failed.

And lastly, I tried a chat between Teams and a Skype for Business server account only (no Teams).  And that failed.

How do you chat to an external contact?
Type their SIP address into the address bar of a new chat.  You'll get a message saying that "We couldn't find any matches" and it offers to let you search externally.

Once you click on the Search externally message it opens up a chat window.  It said that the contact is external and that some Teams features won't be available.

What do you need to do to enable?
The answer is External access.  If you browse to the Skype and Teams Admin Centre (STAC) aka Microsoft Teams and Skype for Business Admin Centre (MTSBAC) and expand Org-wide settings and click on External access, and make sure External access is switched on.  I also switched on external Skype users.

Sadly the Learn More link goes to a 404 not found. 

But it does include links to a couple of useful posts.

This one says to enable External Access and wait 24 hours.

This one says enable external access and add a domain (which isn't in the admin centre).

More to considerWhen two Teams users in separate tenants/domains are communicating with each other they can only use Teams features that are turned on in both organisations.  
I'll update this post when I know more.  
Go and test.  I'd love to hear how you get on.


Thanks for reading.

If this or any other post has been useful to you please take a moment to share.  Comments are welcome. 

Tuesday, 26 June 2018

How to: Configure Microsoft Teams Direct Routing with Anynode SBC

Hello readers,

Hope you're well.

This is the first follow up to my post on configuring Microsoft Teams Direct Routing.  In this post I'll take it one step further and show how to configure an SBC for Direct Routing and a VoIP provider.  

I said in my last post that I wanted to write posts on any SBC I got my hands on.  I'm starting with an SBC I've blogged about before, Anynode from TE-Systems.


I covered all of this in my previous post, but just to summarise.  Direct Routing is Microsoft's name for On-premises Call Handling (OPCH) for Microsoft Teams using an SBC.  Its a way to connect Teams in Office 365 with on-premises lines and PBX systems.  

Once configured, Direct Routing enables users homed in Teams to call the PSTN through existing telco lines or SIP trunks on-prem or to make or receive calls to/from users on a connected PBX.  This is a much simpler version of how we configured this for Skype for Business Online with Phone System (Cloud PBX) which also needed a variant of Skype for Business Server on-prem.

On with the show!

Configure an Anynode SBC for Direct Routing and a VoIP provider

At this point I'm going to assume that you have Direct Routing configured in Office 365 and you have a gateway, PSTN Usages, Voice Routes and Voice Roputing Policies which are assigned to your users.  If you don't, go to my previous post and follow the steps.  I'll wait ;-)

I'll also assume that you already have your Anynode SBC installed and running.  It is very simple and can be summarised as download, double click, next, next, finish.  No really, that's just about it.

Once installed just browse to the Web UI.  Click start and find "anynode frontend" in the list.

Or open a browser and browse the default URL http://localhost:8088.  

Log in with admin and the password you configured.  This will open up the dashboard.  Your Anynode will be completely default with no configuration entries.

Now click Configuration Mode

Now click Wizard

And choose the template "Microsoft Teams Direct Routing and VoIP Provider" and click next

Now click configure

Create a new network controller.  Choose your NIC and IP if you have multiple... 

or "any" if you only have one interface.

Specify your TLS port.  The default in Anynode is 5067.  This is the port that the Anynode is listening on for SIP connections from Microsoft.

Be sure that you use the same port you used when you configure your PSTN Gateway in PowerShell.

e.g. New-CsOnlinePSTNGateway -Fqdn -SipSignallingPort 5067 -MaxConcurrentSessions 10 -ForwardCallHistory $true -Enabled $true -MediaBypass $true

Now configure your certificate and private key.

If you already have a certificate you want to use you can import here.  You can also create a certificate signing request to give your certificate issuer when placing your order for a new certificate.

Complete your details including common name and address etc

Add additional subject alternate names or leave as the default.  By default, Anynode adds the local IP address you have configured in the CSR along with the common name.  Click next to continue

Configure the key length.  The default (and minimum) is 2048 bit.  Click next.

Here's the summary of the CSR.  Click download to save a copy of the request file on your local PC.

Once you have downloaded, click finish.

If you can order and obtain a certificate in a few minutes, congratulations!  Simply import it here.  I went away and ordered the certificate and it took a little while to verify and get back.  Of course the browser session got bored waiting and timed out to the login screen.  So just repeat all the previous steps except for generating a CSR.  

Just tick import and click next.

When I received my certificate I used the DigiCert certificate tool to install it, them I exported it to a file with the private key and the certificate chain to a single pfx file.

Click choose files and browse to your certificate file.

Once the certificate is imported, a summary of the certificate is displayed.  Check the details and click next.

If your certificate file doesn't have the certificate chain intact you can click request chain to obtain it.  Otherwise click next.

Now configure your SBC FQDN.  Anynode guesses what it should be from the certificate you created.  If you created or imported a wildcard cert, enter the correct name here. This is the name you will use when you configure your Online PSTN gateway.

Configure any incoming and outgoing manipulations here.

Now give your node a name.  It is a good idea to make them descriptive enough so you know what your looking at later if you have multiple.  In this case leave it as the default and click next.

Here is the summary of your new Direct Routing node.  Check it over and click next to configure your VoIP provider.

Click configure to add a connection to your VoIP (SIP trunk) provider.

In my case I use Sipgate.  Select your provider from the list or other if your provider isn't in the list and click next.

TE-Systems periodically add new provider templates to the list.  If you don't see yours and think you need to use it a lot, ask your account manager and they may add it in a future version.

Now create a new network controller for your SIP connection and configure it as before.  If you have a dedicated link to your provider make sure you choose the correct NIC.  Once configured, click next.

Configure the ports your provider uses for the connection.  Sipgate uses 5060 and 5063 as standard.  Once configured, click next.

If you connect to your provider through a NAT tunnel, configure it here.  Otherwise click next to continue.

Configure the remote SIP domain and click next

If your VoIp provider doesn't use credentials to connect, tick no credentials needed.

Sipgate issues credentials to use for connecting to VoIP phones and SBCs.  Enter your details and click next.

Now configure the SIP registration.  Click edit... 

...and enter the following and click Ok

The SIP registration settings you just entered should be present.  Sipgate uses the address of record which includes your account number/name to form part of the connection.  Verify and click next.

Configure a SIP proxy if you have one and click next.

This next screen configures your network peer white list.  Add more if you have any or just click next.

Give your SIP node a name.  If you selected a provider from a template the default name will the the name of the template.  Again make it meaningful if you have multiple.  Don't just call it "SIP Trunk".  This will help you when you need to edit later on.  Now click finish

Now you will see the summary screen for your VoIP provider.  Click next to configure routing.

Anynode calls their source and destination routing Routing Domains.  You can choose to use Direct Routing to route calls with or without a prefix.

Configure what you want and click finish.

And that's just about it.  You now have a connection to/from Microsoft Teams for Direct Routing and to/from your VoIP or SIP Provider.

You should see your Nodes and Routing Domains listed in the configuration screen.  Now click commit to commit the config to memory.

Then click monitor mode to go to the dashboard.  You will see a node and network controller for your Direct Routing and SIP connections.  OK means they are connected outbound.

To make sure Microsoft Teams can connect to your SBC click on the node to open it up.  You should see SIP Options and packets being sent and received.  As you can see, the SBC connects outbound to your primary, secondary and tertiary hubs.

If you haven't received any options or you have failed packets there is a problem.  Most likely the network or firewall or possibly a misconfigured SIP Signalling Port in your Online PSTN Gateway.

There are a couple of things to configure still to make sure it all works.  In particular, for your SIP provider.  Sipgate uses the address of record as standard in the SIP header for security. You also want to make sure your SBC forwards the called number to Teams or any other connected node.

Click on Configuration Mode

Now expand Configuration and Nodes and click on Sipgate (or the name of your provider) and click SIP User Agent.

Scroll down and tick "To Header" under Derive Destination-URI from.  

Sipgate sends "" as standard for all incoming SIP messages.  When your routing group forwards that on to Teams, Teams won't know what to do with that because your telephone number isn't your SIP provider account number.  It is probably some E.164 number.

Sipgate also sends an automated area code which adds a 00 before your area code.  In my case 0044 and the number.  You need to create an incoming manipulation to change that and convert the called number to E.164.

Click on SIP Node and where it says dial string manipulations, click add.

Choose Prefix and Suffix Manipulation and click next

Enter 00 in Prefix
Delete the first 2 leading characters
Add prefix + to convert to E.164
And click finish

You'll see your manipulation in the list

Now just click Commit to save and write the changes to memory.

Time to test

Go back to monitor mode to open the dashboard and click Active Sessions.

Place a test call from Teams.  You should see your call on the SBC and with any luck, the person you called will receive a call and will answer.

One last thing.  Save your config to a local file just in case.  Go back to Configuration mode and click configuration and export.

And that's it!  I know it seems like a lot of steps, but this represents about 5 minutes' work.  Maybe 10.  It will be 5 if you've done it a few times.

That's all for now folks!

Additional Info
If you want information about this or any of the other products from TE-Systems visit their website.

For detailed information about the Anynode SBC click here.

TE-Systems produced a great YouTube video on how to do it.


Thanks for reading.

If this or any other post has been useful to you please take a moment to share.  Comments are welcome.