Thursday, 25 October 2018

Tenant dialplan for Danish users

The default Office 365 dialplan doesn't offer a correct national translation for the Danish based user (based on location in Office 365) to E.164.

Example:

The official Danish numbering plan has the following general properties:
00 - International Access Code (rule3)
0[1-9] - Not in use
10 - Operator specific routing codes 
1[1-9] - 3-5 digit short dials (like emergency service 112, police 114 etc.) (rule1)
2-9 - 8 digit landline and mobile phonenumbers (rule2)

Special numbers are numbers starting with 80 (toll-free) and 90 (overpriced).

For more information on the numbering plant, please visit Energistyrelsen (Danish Energy Agency): https://ens.dk/ansvarsomraader/telefoni/numre/den-danske-nummerplan 

To support the Danish numbering dialplan, a tenant dialplan has to be created.

These cmdlets will support a Global tenant dialplan:
$rule1 = New-CsVoiceNormalizationRule -Name 'DK - service' -Parent 'Global' -Pattern '^(1\d{2,4})$' -Translation '+45$1' -Priority 2 -InMemory
$rule2 = New-CsVoiceNormalizationRule -Name 'DK - national' -Parent 'Global' -Pattern '^([2-9]\d{7})$' -Translation '+45$1' -Priority 3 -InMemory
$rule3 = New-CsVoiceNormalizationRule -Name 'DK - international' -Parent 'Global' -Pattern '^00(\d+)' -Translation '+$1' -Priority 4 -InMemory
Set-CsTenantDialPlan -Identity 'Global' -NormalizationRules @{add=$rule1,$rule2,$rule3}

And grant this dialplan to the user:
Grant-CsTenantDialPlan -Identity <userid> -PolicyName 'DK'

You could also include a voice normalization rule for internal numbers (old telephony style) - this one will support 4 digits in the range of 4200-4399 and translate to +457874xxxx:
$rule = New-CsVoiceNormalizationRule -Name 'DK - intern' -Parent 'Global' -Pattern '^(4[2-3]\d{2})$' -Translation '+457874$1' -Priority 1 -InMemory

If you have users in multiple countries, you should create a country specific tenant dialplan.
$rule1 = New-CsVoiceNormalizationRule -Name 'DK - service' -Parent 'Global' -Pattern '^(1\d{2,4})$' -Translation '+45$1' -Priority 2 -InMemory
$rule2 = New-CsVoiceNormalizationRule -Name 'DK - national' -Parent 'Global' -Pattern '^([2-9]\d{7})$' -Translation '+45$1' -Priority 3 -InMemory
$rule3 = New-CsVoiceNormalizationRule -Name 'DK - international' -Parent 'Global' -Pattern '^00(\d+)' -Translation '+$1' -Priority 4 -InMemory
New-CsTenantDialPlan -Identity 'DK' -NormalizationRules @{add=$rule1,$rule2,$rule3}

This could also be scripted based on the user location:
Connect-MsolService
$users = Get-MsolUser | Where-Object {$_.UsageLocation -eq 'DK'}
foreach ($user in $users)
{
Grant-CsTenantDialPlan -Identity $user.UserPrincipalName -PolicyName 'DK'
}

As always, please share your thoughts, on this topic, below.

Tuesday, 9 October 2018

Provide easy access to call queue optin/optout

As more and more services transition from Skype for Business to Microsoft Teams, also call-queues and auto-attendants are available for a Teams user organization.

In the call-queue, there is an option to allow for agents to opt-out of the call-queue and hence not receive calls from the call-queue.

In Skype for Business, this can be accessed from the client settings.

However, when the user has upgraded to Teams, there is not a link, or setting, that can help the user to the settings, they need to remember the URL themselves. Not the best option, my bet is the URL will be lost, soon after opt-out of the call-queue.

To provide easy access to the settings page, we can create a custom tile in the Office 365 applauncher. Go to the admin page in Office 365 -> Settings -> Organization Profile and select "Add custom tiles for your organization". If this option is not present, you need to assign a license, provision an Exchange mailbox and login to Outlook Web client. The mailbox and license can be removed afterwards.

Select "Add a custom tile"

Add these settings and click "Save"

Now the users can easily access the settings page from the tile in their applauncher and they can even pin the tile to the starter for quicker access.

The user can now opt-out and change other settings easily and the URL will not be lost.


Wednesday, 13 December 2017

Skype for Business Online conference policy overview

I have created an Excel workbook with all the available conference policies, so, during workshops, I could drill down to which policy should be assigned to the different users based on the features that should be available.

The file is available here.

Tuesday, 12 December 2017

New call routing features in Office 365

As christmas sneaks up on us, we have received new call routing features in our Office 365 subscription. The new call routing features are both auto attendant and call queues.

Auto Attendant news:

Just in time for the holidays a new holiday scheduling feature has been released. This gives us the opportunity to schedule a holiday period and greeting.


  1. Name the holiday set, e.g. Closed for christmas
  2. Define what the callers should hear, options are a TTS prompt or upload an audio file
  3. Define what should happen after the announcement, options are disconnect or redirect call to either a person in the company, a call queue or an auto attendant
  4. Define when should be activated start and end date and time (half-hour interval only, minutes 00 and 30). You can have multiple schedules
  5. Save and add to AA.
This feature is easy to implement and maintain for the office admins, but we still face an issue with the half-hour interval for business hours.

Call Queue news:
A new call distribution has been released, serial routing. This setting will route a call in the queue to the first agent in the grouplist, if this agent is not available then route to the second agent in the group etc. 

  1. The new Serial routing option
  2. List of groups of agents, the groups can be Office 365 groups, distribution lists or mail-enabled security groups
This feature improves the call queue usability for many organizations, but we still face a limitation of 50 agents per call queue.

Queue timeout has been made more granular, instead of just a number of minutes we now also have an option of seconds (0, 15, 30 or 45) which should be sufficient for most organizations.
When the queue time has been exceeded, the call is either disconnected or forwarded to a person in the company, a call queue or an auto attendant.

Last, but not least, it is worth to bring to attention the mobile app, which is now able to receive a call from a call queue, at least on my Android powered device.

This is from the log file of my mobile app:


Wednesday, 20 September 2017

Add a Yammer group to a Teams channel

I wanted to give a short instruction on how to connect a Yammer group feed to a Teams channel, so I decided to go down the YouTube path.



Monday, 11 September 2017

New PSTN Conferencing opportunities

On October 1st, 2017 a change in PSTN Conferencing for Office 365 is coming to a tenant near you.

PSTN Conferencing will in the future, as a supplement to the well-known monthly subscription, also be available as Audio Conferencing pay-per-minute feature for E1, E3 and VL customers.

The most important notes are:
  • No monthly PSTN Conferencing subscription per users
  • Toll and toll-free inbound calls are charged on a per-minute basis
  • All outbound calls are charged on a per-minute basis
  • Available to enterprise E1, E3 and VL customers
This new feature will be a very interesting change for enterprises there are not using E5 license already. Especially if the E3 users only uses the PSTN Conferencing on a non-regular basis.


Rates for inbound calls are unknown at this point in time, but rates for outbound PSTN calls are listed here: https://products.office.com/en-us/skype-for-business/pstn-conferencing#Rates 

If a user has a PSTN Conferencing license (add-on or included) all toll inbound calls and outbound domestic (domestic to the user location) is included in the subscription fee. The add-on subscription license is $4.00 per user monthly.

Tuesday, 21 March 2017

Use CertReq.exe to request and install a certificate (and CertUtil.exe to fix it)

I have several times requested a certificate using CertReq.exe tool from Windows. However I have never documented all the options, that I use for this purpose and how I actually do it, so here goes.

CertReq.exe is a built-in command-line tool and can be used to request certificates from a certification authority (CA), to retrieve a response to a previous request from a CA, to create a new request from an .inf file, to accept and install a response to a request, to construct a cross-certification or qualified subordination request from an existing CA certificate or request, and to sign a cross-certification or qualified subordination request. Right now I'll only use it to create a new offline request from an .inf file.

Since we use an infile (.inf) to supply information, we need to create and adapt this file to our needs. The file is basically a text file containing all the necessary information to generate the certificate request.
[Version]
Signature="$Windows NT$"

[NewRequest]
Subject = "CN=ap01.fabrikam.com,OU=IT,O=Fabrikam,L=City,C=Country"  ; Modify to match your requirements and organisation
Exportable = TRUE    ; Private key is exportable
KeyLength = 2048     ; Valid key sizes: 1024, 2048, 4096, 8192, 16384
KeySpec = 1          ; Key Exchange – Required for encryption
KeyUsage = 0xA0      ; Digital Signature, Key Encipherment
MachineKeySet = True
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
RequestType = PKCS10

[EnhancedKeyUsageExtension]
; If you are using an enterprise CA the EnhancedKeyUsageExtension section can be omitted
OID=1.3.6.1.5.5.7.3.1 ; Server Authentication
OID=1.3.6.1.5.5.7.3.2 ; Client Authentication

[Extensions]
; SANs can be included in the Extensions section by using the following text format. Note 2.5.29.17 is the OID for a SAN extension.
; Multiple alternative names must be separated by an ampersand (&).
2.5.29.17 = "{text}"
_continue_ = "dns=ap01.fabrikam.com&"
_continue_ = "dns=sip.fabrikam.com"
Save the text file as cert1.inf, make sure it's ANSI encoded, and start a command prompt (or PowerShell prompt) as Administrator.

Run the command:
certreq.exe -new [infile [outfile]]
certreq.exe -new cert1.inf cert1.req




This will generate a cert1.req file like this:
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIEiTCCAXECAQAwXTEQMAXGAXUEBhMHQXXXbnRyeTENMAsGAXUEBwwEQXlXeTER
MAXGAXUECgwIRmFicmlrYWXxCzAJBgNVBAsMAklUMRowGAYDVQQDDBFhcDAxLmZh
YnJpaXFtLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOZFtXOw
ZXGYew+lTXzsPXGYPpsTsndggpPgXKXzEXUASXCtnOlbtmXemdkXXGXyjkISXOAY
BXrSeRBXrX+HbXLLiJvbsLAzmXzpXwHepwWECQfUPZIXOnjOXHlXfXagszYlZ+Ol
umBqVZPWEvhRiuuXVbJXUJOXtvZXXolXdbzRaXXXazXOnHXX+XXrdUhWEXIfs+Gj
ZNtBdrXlTiP+fDcXomKXXDz/zDZQXlCMLtlYyFsDrUybcXjHZxcXKHZzXkSdXQFC
heXbidhZAdVNYBoHLKrvC+XBDhNIXUQPwNMmULYTpnKVsSOyLlUXktFtL/XieBVp
XTXHXXFVDMYthGcCAwEAAaCCAeUwGgYKKwYBBAGCNwXCAzEMFgoXLjIuOTIwMCXy
MEYGCSsGAQQBgjcVFDEXMDcCAQkMFkhPUXQwMyXwcmXhYXRpdmUubGXjYWwMDVBS
TXFDVElWRVxrbWwMCXNlcnRyZXEuZXhlMHIGCisGAQQBgjcNAgIxZDBiAgEBHloA
TQBpAGMAcgBvAHMAbwBmAHQAIABSAFMAQQAgAFMAQwBoAGEAbgBuAGUAbAAgAEMA
cgBXAHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwBXAGkAZABlAHIDAQAwggEJ
BgkqhkiGXwXBCQXxgfswgfgwDgYDVRXPAQH/BAQDAgWgMBXGAXUdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjAuBgNVHREEJzAlghFhcDAxLmZhYnJpaXFtLmNvbYIQ
cXlwLmZhYnJpaXFtLmNvbTBXBgkqhkiGXwXBCQXEazBpMAXGCCqGSIbXDQMCAgIA
gDAOBggqhkiGXwXDBAICAIAwCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBLTALBglg
hkgBZQMEAQIwCwYJYIZIAWUDBAEFMAcGBSsOAwIHMAoGCCqGSIbXDQMHMBXGAXUd
DgQWBBThybXXXasmqWzDXeXM+ItXUiMTwzANBgkqhkiGXwXBAQUFAAOCAQEAHkBi
aXXLFvXSbLbXXWAVoVgbkmEyqQDVHObXSaYuKgTRGEQNCXXhrhSXXHH/GCAklkaM
cehXVcPXvhXzXHXcnvsfHTI/yZhpqrXPwXamXSiSTUZXIaJXOXXnbyGZLXAtKphc
XqbXtGoVgXHSmUznxZlxbXXvCpgRXdXfkfmkVuXoJVHzXFFyXjxVfNnXws+pzuIw
QhXPBNZOi//XoX/OUwXeW+bFjwXipw/IVXVnzbtDXge+oXtyXyYdXwX+zMSjbEWq
RkDXhIGJNpyQhGATMMUExUXOErXIqFDmPZoLXCXVaJqlqGpobhJXrAXPdfHWNWuZ
IpSoNmXQyXRouVyfFA==
-----END NEW CERTIFICATE REQUEST-----
You can check the file using a CSR decoder e.g. from www.sslshopper.com or  www.entrust.com.




Send the cert1.req file to the certificate provider and wait to get the .cer file back.

When the .cer is returned from the certificate provider, install it using this command:
Certreq.exe -accept certnew.cer

If, for some reason, the private key is not matched with the installed certificate, you can try to repair it using following command:
Certutil.exe -repairstore my "thumbprint"