Skype for Business Online conference policy overview

I have created an Excel workbook with all the available conference policies, so, during workshops, I could drill down to which policy should be assigned to the different users based on the features that should be available.

The file is available here.

New call routing features in Office 365

As christmas sneaks up on us, we have received new call routing features in our Office 365 subscription. The new call routing features are both auto attendant and call queues.

Auto Attendant news:
Just in time for the holidays a new holiday scheduling feature has been released. This gives us the opportunity to schedule a holiday period and greeting.

1. Name the holiday set, e.g. Closed for christmas
2. Define what the callers should hear, options are a TTS prompt or upload an audio file
3. Define what should happen after the announcement, options are disconnect or redirect call to either a person in the company, a call queue or an auto attendant
4. Define when should be activated start and end date and time (half-hour interval only, minutes 00 and 30). You can have multiple schedules
5. Save and add to AA.

This feature is easy to implement and maintain for the office admins, but we still face an issue with the half-hour interval for business hours.

Call Queue news:

A new call distribution has been released, serial routing. This setting will route a call in the queue to the first agent in the grouplist, if this agent is not available then route to the second agent in the group etc. 

1. The new Serial routing option
2. List of groups of agents, the groups can be Office 365 groups, distribution lists or mail-enabled security groups

This feature improves the call queue usability for many organizations, but we still face a limitation of 50 agents per call queue.

Queue timeout has been made more granular, instead of just a number of minutes we now also have an option of seconds (0, 15, 30 or 45) which should be sufficient for most organizations.

When the queue time has been exceeded, the call is either disconnected or forwarded to a person in the company, a call queue or an auto attendant.

Last, but not least, it is worth to bring to attention the mobile app, which is now able to receive a call from a call queue, at least on my Android powered device.

This is from the log file of my mobile app:

Add a Yammer group to a Teams channel

I wanted to give a short instruction on how to connect a Yammer group feed to a Teams channel, so I decided to go down the YouTube path.

New PSTN Conferencing opportunities

On October 1st, 2017 a change in PSTN Conferencing for Office 365 is coming to a tenant near you.

PSTN Conferencing will in the future, as a supplement to the well-known monthly subscription, also be available as Audio Conferencing pay-per-minute feature for E1, E3 and VL customers.

The most important notes are:

• No monthly PSTN Conferencing subscription per users
• Toll and toll-free inbound calls are charged on a per-minute basis
• All outbound calls are charged on a per-minute basis
• Available to enterprise E1, E3 and VL customers

This new feature will be a very interesting change for enterprises there are not using E5 license already. Especially if the E3 users only uses the PSTN Conferencing on a non-regular basis.

Rates for inbound calls are unknown at this point in time, but rates for outbound PSTN calls are listed here: https://products.office.com/en-us/skype-for-business/pstn-conferencing#Rates 

If a user has a PSTN Conferencing license (add-on or included) all toll inbound calls and outbound domestic (domestic to the user location) is included in the subscription fee. The add-on subscription license is $4.00 per user monthly.

Use CertReq.exe to request and install a certificate (and CertUtil.exe to fix it)

I have several times requested a certificate using CertReq.exe tool from Windows. However I have never documented all the options, that I use for this purpose and how I actually do it, so here goes.

CertReq.exe is a built-in command-line tool and can be used to request certificates from a certification authority (CA), to retrieve a response to a previous request from a CA, to create a new request from an .inf file, to accept and install a response to a request, to construct a cross-certification or qualified subordination request from an existing CA certificate or request, and to sign a cross-certification or qualified subordination request. Right now I'll only use it to create a new offline request from an .inf file.

Since we use an infile (.inf) to supply information, we need to create and adapt this file to our needs. The file is basically a text file containing all the necessary information to generate the certificate request.

[Version]
Signature="$Windows NT$"
[NewRequest]
Subject = "CN=ap01.fabrikam.com,OU=IT,O=Fabrikam,L=City,C=Country"  ; Modify to match your requirements and organisation
Exportable = TRUE    ; Private key is exportable
KeyLength = 2048     ; Valid key sizes: 1024, 2048, 4096, 8192, 16384
KeySpec = 1          ; Key Exchange – Required for encryption
KeyUsage = 0xA0      ; Digital Signature, Key Encipherment
MachineKeySet = True
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
RequestType = PKCS10
[EnhancedKeyUsageExtension]
; If you are using an enterprise CA the EnhancedKeyUsageExtension section can be omitted
OID=1.3.6.1.5.5.7.3.1 ; Server Authentication
OID=1.3.6.1.5.5.7.3.2 ; Client Authentication
[Extensions]
; SANs can be included in the Extensions section by using the following text format. Note 2.5.29.17 is the OID for a SAN extension.
; Multiple alternative names must be separated by an ampersand (&).
2.5.29.17 = "{text}"
_continue_ = "dns=ap01.fabrikam.com&"
_continue_ = "dns=sip.fabrikam.com"

Save the text file as cert1.inf, make sure it's ANSI encoded, and start a command prompt (or PowerShell prompt) as Administrator.

Run the command:
certreq.exe -new [infile [outfile]]
certreq.exe -new cert1.inf cert1.req

This will generate a cert1.req file like this:

-----BEGIN NEW CERTIFICATE REQUEST-----
MIIEiTCCAXECAQAwXTEQMAXGAXUEBhMHQXXXbnRyeTENMAsGAXUEBwwEQXlXeTER
MAXGAXUECgwIRmFicmlrYWXxCzAJBgNVBAsMAklUMRowGAYDVQQDDBFhcDAxLmZh
YnJpaXFtLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOZFtXOw
ZXGYew+lTXzsPXGYPpsTsndggpPgXKXzEXUASXCtnOlbtmXemdkXXGXyjkISXOAY
BXrSeRBXrX+HbXLLiJvbsLAzmXzpXwHepwWECQfUPZIXOnjOXHlXfXagszYlZ+Ol
umBqVZPWEvhRiuuXVbJXUJOXtvZXXolXdbzRaXXXazXOnHXX+XXrdUhWEXIfs+Gj
ZNtBdrXlTiP+fDcXomKXXDz/zDZQXlCMLtlYyFsDrUybcXjHZxcXKHZzXkSdXQFC
heXbidhZAdVNYBoHLKrvC+XBDhNIXUQPwNMmULYTpnKVsSOyLlUXktFtL/XieBVp
XTXHXXFVDMYthGcCAwEAAaCCAeUwGgYKKwYBBAGCNwXCAzEMFgoXLjIuOTIwMCXy
MEYGCSsGAQQBgjcVFDEXMDcCAQkMFkhPUXQwMyXwcmXhYXRpdmUubGXjYWwMDVBS
TXFDVElWRVxrbWwMCXNlcnRyZXEuZXhlMHIGCisGAQQBgjcNAgIxZDBiAgEBHloA
TQBpAGMAcgBvAHMAbwBmAHQAIABSAFMAQQAgAFMAQwBoAGEAbgBuAGUAbAAgAEMA
cgBXAHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwBXAGkAZABlAHIDAQAwggEJ
BgkqhkiGXwXBCQXxgfswgfgwDgYDVRXPAQH/BAQDAgWgMBXGAXUdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjAuBgNVHREEJzAlghFhcDAxLmZhYnJpaXFtLmNvbYIQ
cXlwLmZhYnJpaXFtLmNvbTBXBgkqhkiGXwXBCQXEazBpMAXGCCqGSIbXDQMCAgIA
gDAOBggqhkiGXwXDBAICAIAwCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBLTALBglg
hkgBZQMEAQIwCwYJYIZIAWUDBAEFMAcGBSsOAwIHMAoGCCqGSIbXDQMHMBXGAXUd
DgQWBBThybXXXasmqWzDXeXM+ItXUiMTwzANBgkqhkiGXwXBAQUFAAOCAQEAHkBi
aXXLFvXSbLbXXWAVoVgbkmEyqQDVHObXSaYuKgTRGEQNCXXhrhSXXHH/GCAklkaM
cehXVcPXvhXzXHXcnvsfHTI/yZhpqrXPwXamXSiSTUZXIaJXOXXnbyGZLXAtKphc
XqbXtGoVgXHSmUznxZlxbXXvCpgRXdXfkfmkVuXoJVHzXFFyXjxVfNnXws+pzuIw
QhXPBNZOi//XoX/OUwXeW+bFjwXipw/IVXVnzbtDXge+oXtyXyYdXwX+zMSjbEWq
RkDXhIGJNpyQhGATMMUExUXOErXIqFDmPZoLXCXVaJqlqGpobhJXrAXPdfHWNWuZ
IpSoNmXQyXRouVyfFA==
-----END NEW CERTIFICATE REQUEST-----

You can check the file using a CSR decoder e.g. from www.sslshopper.com or  www.entrust.com.

Send the cert1.req file to the certificate provider and wait to get the .cer file back.

When the .cer is returned from the certificate provider, install it using this command:
Certreq.exe -accept certnew.cer

If, for some reason, the private key is not matched with the installed certificate, you can try to repair it using following command:
Certutil.exe -repairstore my "thumbprint"