March 2021 - Page 103 of 138 - Dr. Ware Technology Services

Microsoft Ignite Live Blog: FS191 – Secure and Compliant Collaboration with Microsoft Teams

by Contributed | Mar 5, 2021 | Technology

This article is contributed. See the original author and article here.

Blogger: Peter Rising, MVP Office Apps and Services, Principal Consultant at Softcat PLC

Speakers: John Gruszczyk | Microsoft, Rushmi Malaviarachchi | Microsoft, Mansoor Malik | Microsoft

As the author of two books that focus on Microsoft Teams, and Microsoft Security & Compliance administration, it’s safe to say that I was looking forward to this session, and it did not disappoint.

We get underway with our host John Gruszczyk, Product Manager for Microsoft Teams, who speaks passionately about what he has to share with us on the latest security and compliance innovations in Microsoft Teams. We will learn how Microsoft Teams will help us to collaborate with confidence, while meeting regulatory and business requirements.

John begins by explaining that we have seen online communication with Microsoft Teams evolve beyond just meetings and chat. Teams has kept us connected with friends and colleagues and enabled us to get our work done remotely. However, this increase in remote working has brought more challenges to IT and Security teams who are facing increasing cyber security threats such as malicious documents and attachments, and mounting compliance obligations to protect organizational data.

A recent Harvard Business Review study shows that 77% of organizations agree that an effective security, compliance, and risk strategy is essential for business success, while 82% also acknowledge increased risks and complexities have made an effective strategy significantly more challenging.

This has made Microsoft keenly aware that it is crucial to remain focused on helping organizations enable both secure and compliant collaboration without interrupting the ways in which end users are able to collaborate with each other.

The unique advantage that Microsoft Teams provides is the fact that it is a centralized platform for collaboration. This enables organizations reduce shadow IT and the use of fragmented collaboration services which can lead to data sprawl which in turn can lead to data leaks.

John goes on to share with us some key areas where Teams has been investing, and how these investments will help organizations achieve the correct Security & Compliance strategy.

Rushmi Malaviarachchi, Partner Director of Program Management for Microsoft Teams is introduced and talks with John about how Microsoft Teams has evolved to become a content generating platform; when users work together in chat, video calls, channels, collaborating on documents, or even within custom or third-party apps, these activities create valuable business content that needs to be protected. Rushi went on to highlight the following plans and announcements for Security and Compliance in Microsoft Teams:

Adaptive cards now in scope
Microsoft recently announced that Adaptive card content generated in Teams Apps is now in scope for compliance capabilities. More than 70% of Teams apps today generate card content in Teams conversation. When an app posts a card to a chat, the content of that card will be visible in eDiscovery, can be preserved with Legal Hold, covered by retention policies, and any actions people take on that card will be available in the audit log.

Teams Multi-Geo
Also announced in relation to the critical subject of Data residency was that Microsoft have carefully listened to customer feedback, and they are extending Microsoft 365 Multi-Geo support to include Microsoft Teams so you can specify where your Teams data at rest will sit. You will be able to set the Geo-location for both individual users and teams. The roll out of Teams Multi-Geo is planned for the 2nd quarter of this year and this is going to be welcome news for many organizations with a global footprint who have very specific data residency obligations.

Secure Score
The Microsoft Secure Score helps to prevent unwanted incidents across Microsoft 365 services including – Exchange Online, Azure Active Directory, Microsoft Defender for Endpoint, Microsoft Defender for Identity, and Cloud App Security. Microsoft Teams has recently also been brought into scope for Secure Score and more configuration best practices will be coming soon so watch this space!

Azure Sentinel
Beyond prevention, the correct systems to detect when an intrusion event is happening is of key importance. In Teams, Microsoft have been bolstering the events that are collected by the audit log, so that now the Microsoft Security Information & Event Management (SIEM) tool – Azure Sentinel, can analyze what is going on within Teams and be on the lookout for threats, and use playbooks to respond.

Customer key
Also announced was that bring your own key for Microsoft Teams will be rolling out in the second quarter of this year.

A frictionless approach
The overall theme of aiming for secure organizational collaboration was that it needs to be frictionless. The balance between security and useability is an important consideration, but these principles should not be at odds with each other.

Fritctionless cross organization collaboration will be bolstered by the introduction of shared channels which was also announced at Ignite. In conjunction with the use of technologies such as Microsoft Information Protection across the collaboration space, a label driven approach using sensitivity labels and leveraging conditional access will help to break down traditional collaboration boundaries.

Meeting safety

Next, Mansoor Malik, Principal Group Manager, Microsoft Teams discussed the hugely important subject of meeting safety in Microsoft Teams.

Meeting safety covers a wide range of criteria, which includes meeting participants, content being presented, who can present that content, what is being recorded, and who can record.

One of the big concerns that Microsoft are keenly aware of is uninvited attendees getting into meetings. Being able to control meeting intruders and disruptors, especially in the student and classroom space is crucially important, and if this subject is not correctly addressed, then mental health and wellbeing can be put at risk.

Microsoft have been working to provide brand new meeting controls, such as preventing anonymous attendees from being able to join meetings at an organization level through policy.

Restricting the ability to forward meeting invites is also a very welcome introduction.

In addition, new lobby bypass setting controls will provide the ability to allow only specific invitees to bypass the lobby.

And meeting safety does not stop there. There will also be options for allowing or not allowing attendees to present, chat or unmute, and it was also announced that the ability for meeting organizers to disable video for all attendees is coming soon.

End-to-end encryption
Mansoor also talked about End-to-end encryption for Microsoft Teams. This is a new feature that is coming soon and will provide the ability in Teams to encrypt at the origin and decrypt at the destination. Initially this will only be supported in Teams 1:1 VOIP calls and only participating parties in the End-to-end encryption communication will be able to access the content. The announcement of End-to-end encryption is based on year-long feedback and Teams will be introducing the ability to use End-to-end encryption for 1:1 calls in the coming months.

Some important considerations for End-to-end encryption:

Both the caller and callee in the 1:1 call will need to have been enabled by administrators for End-to-end encryption

Only voice, video and screen sharing in those 1:1 calls will be end to end encrypted.

Microsoft will continue to talk to customers about widening the scope of this crucial new feature, and you can expect to see End-to-end encryption come to Microsoft Teams meetings next. Watch out for more details available soon.

Summary

This was a fast paced and engaging session that gave us a glimpse of what is to come for Security and Compliance in Microsoft Teams. I must say that I am hugely encouraged by what this session revealed. Microsoft customers have been asking the correct questions, and Microsoft are providing some very good answers in return.

I will surely be testing and reporting on these features as they become available and if you would like to discuss any of these with me then please feel free to reach out to me in the Microsoft Technical Community.

I hope you have enjoyed this Ignite as much as I have, and I wish you a frictionless experience in your Microsoft Teams journey moving forward!

Deploying multi-tier application on Azure Kubernetes Service

by Contributed | Mar 5, 2021 | Technology

This article is contributed. See the original author and article here.

Overview

This blog demonstrates a multi-tier application deployment on to Azure Kubernetes Service along with several other Azure managed services such as Azure Database for MySQL, Azure Functions, etc.

Note: There may be few features that are used in this blog such as Azure Active Directory Pod Identity are still in preview, these features are not recommended for production deployment.

Architecture

Setup

We will create and setup the infrastructure including the following services:

Azure Container Registry for storing images

AAD Enabled, Managed AKS Cluster with the below addons and components
1. Application Gateway Ingress Controller Addon
2. Monitoring Addon
3. LetsEncrypt for Certificate authority
4. KEDA runtime for Azure Functions on Kubernetes clusters

Azure Database for MySQL Service

Azure Storage Queues

DNS Zone for custom domain

SendGrid Account for email service

Cluster Creation

Clone repository

git clone https://github.com/ssarwa/multitiered-app-on-azure

cd multitiered-app-on-azure

# You could use script.azcli as your working file. Don’t run the script as is!

Initialize variables

# Add variables (sample values below change as required)

resourcegroupName=’CNCF-Azure-RG’

clusterName=’myaksCluster’

location=’westus’

appGtwyName=’AKSAppGtwy’

acrName=’cncfazure’

domainName=’sarwascloud.com’

dnsRG=’dns-rg’

subDomain=’expense’

mysqlSvr=’expensedbserver’

adminUser=’expenseadmin’

mysqlPwd=”

keyvaultName=’expensesvault’

# Identity name must be lower case

identityName=’exppoidentity’

# Storage name must be lower case and globally unique

storageAcc=’expensesqueue’

subscriptionId=’12bb4e89-4f7a-41e0-a38f-b22f079448b4′

tenantId=’72f988bf-86f1-41af-91ab-3d7cd011db47′

Login to Azure

az login

az account set -s $subscriptionId

Register to AKS preview features

# Follow https://docs.microsoft.com/en-us/azure/aks/use-azure-ad-pod-identity

az feature register –name EnablePodIdentityPreview –namespace Microsoft.ContainerService

az provider register -n Microsoft.ContainerService

az extension add –name aks-preview

az extension update –name aks-preview

Create Resource Group

az group create –name $resourcegroupName –location $location

Create ACR

az acr create –resource-group $resourcegroupName –name $acrName –sku Standard

Get Object ID of the AAD Group (create AAD Group and add the members, in this case: expenses-ad-azure)

This group is needed as admin group for the cluster to grant cluster admin permissions. You can use an existing Azure AD group, or create a new one. Record the object ID of your Azure AD group.

az ad group create –display-name expenses-ad-azure –mail-nickname expenses-ad-azure –description ‘Group for Managing AAD based AKS cluster’

objectId=$(az ad group list –filter “displayname eq ‘expenses-ad-azure'” –query ‘[].objectId’ -o tsv)

Create an AKS-managed Azure AD cluster with AGIC add-on and AAD Pod Identity

az aks create -n $clusterName -g $resourcegroupName –network-plugin azure –enable-managed-identity -a ingress-appgw –appgw-name $appGtwyName –appgw-subnet-cidr “10.2.0.0/16” –enable-aad –enable-pod-identity –aad-admin-group-object-ids $objectId –generate-ssh-keys –attach-acr $acrName

# Enable monitoring on the cluster az aks enable-addons -a monitoring -n $clusterName -g $resourcegroupName

Add Public IP to custom domain

# Get Node Resource Group nodeRG=$(az aks show –resource-group $resourcegroupName –name $clusterName –query nodeResourceGroup -o tsv) # Get Public IP created by App Gtwy in AKS created cluster appIP=$(az network public-ip show -g $nodeRG -n $appGtwyName-appgwpip –query ipAddress -o tsv) # Create DNS zone, if not created az network dns zone create -g $dnsRG -n $domainName

# Once created, add Nameservers in the domain provider (eg go daddy, may take sometime to update the name servers) az network dns record-set a add-record –resource-group $resourcegroupName –zone-name $domainName –record-set-name $subDomain –ipv4-address $appIP

For more details see the tutorial on registering custom domain: https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns

Connect to the Cluster

Merge Kubeconfig

az aks get-credentials –resource-group $resourcegroupName –name $clusterName –admin

Install Cert Manager

# Install the CustomResourceDefinition resources separately

# Note: –validate=false is required per https://github.com/jetstack/cert-manager/issues/2208#issuecomment-541311021

kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.13/deploy/manifests/00-crds.yaml –validate=false
kubectl create namespace cert-manager

kubectl label namespace cert-manager cert-manager.io/disable-validation=true

helm repo add jetstack https://charts.jetstack.io

helm repo update

helm install cert-manager –namespace cert-manager –version v0.13.0 jetstack/cert-manager

kubectl apply -f yml/clusterissuer.yaml
# Test a sample application. The below command will deploy a Pod, Service and Ingress resource. Application Gateway will be configured with the associated rules.

sed -i “s//$domainName/g” yml/Test-App-Ingress.yaml

sed -i “s/_{/$subDomain/g” yml/Test-App-Ingress.yaml

kubectl apply -f yml/Test-App-Ingress.yaml}
# Clean up after successfully verifying AGIC

kubectl delete -f yml/Test-App-Ingress.yaml

Install KEDA runtime

helm repo add kedacore https://kedacore.github.io/charts

helm repo update

kubectl create namespace keda

helm install keda kedacore/keda –namespace keda

Install CSI Provider for Azure KeyVault

helm repo add csi-secrets-store-provider-azure https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/charts

helm repo update

kubectl create namespace csi

helm install csi csi-secrets-store-provider-azure/csi-secrets-store-provider-azure –namespace csi

Assign managed identity

clientId=$(az aks show -n $clusterName -g $resourcegroupName –query identityProfile.kubeletidentity.clientId -o tsv)

scope=$(az group show -g $nodeRG –query id -o tsv)

az role assignment create –role “Managed Identity Operator” –assignee $clientId –scope $scope

Create Azure KeyVault for saving secrets and assign identity

az keyvault create –location $location –name $keyvaultName –resource-group $resourcegroupName

kvscope=$(az keyvault show -g $resourcegroupName -n $keyvaultName –query id -o tsv)

az identity create -g $resourcegroupName -n $identityName

idClientid=$(az identity show -n $identityName -g $resourcegroupName –query clientId -o tsv)

idPrincipalid=$(az identity show -n $identityName -g $resourcegroupName –query principalId -o tsv)

identityId=$(az identity show -n $identityName -g $resourcegroupName –query id -o tsv)

az role assignment create –role “Reader” –assignee $idPrincipalid –scope $kvscope


# Set permissions

az keyvault set-policy -n $keyvaultName –secret-permissions get –spn $idClientid


# Add Pod Identity

az aks pod-identity add –resource-group $resourcegroupName –cluster-name $clusterName –namespace default –name $identityName –identity-resource-id $identityId

Create MySQL managed service (basic sku) and add Kubernetes Load Balancer’s public ip in it firewall rules

aksPublicIpName=$(az network lb show -n kubernetes -g $nodeRG –query “frontendIpConfigurations[0].name” -o tsv) aksPublicIpAddress=$(az network public-ip show -n $aksPublicIpName -g $nodeRG –query ipAddress -o tsv) az mysql server create –resource-group $resourcegroupName –name $mysqlSvr –location $location –admin-user $adminUser –admin-password $mysqlPwd –sku-name B_Gen5_2 az mysql server firewall-rule create –name allowip –resource-group $resourcegroupName –server-name $mysqlSvr –start-ip-address $aksPublicIpAddress –end-ip-address $aksPublicIpAddress

# Replace with your Local Machine IP. You can use: https://www.whatsmyip.org/ az mysql server firewall-rule create –name devbox –resource-group $resourcegroupName –server-name $mysqlSvr –start-ip-address <Dev station ip> –end-ip-address <Dev station ip>

Login to MySQL (you may need to add you ip to firewall rules as well). # Login to MySQL Client your your local dev box: sudo apt install mysql-client-core-8.0

mysql -h $mysqlSvr.mysql.database.azure.com -u $adminUser@$mysqlSvr -p

show databases;
CREATE DATABASE conexpweb;
CREATE DATABASE conexpapi;

USE conexpapi;
CREATE TABLE CostCenters(

   CostCenterId int(11)  NOT NULL,

   SubmitterEmail text NOT NULL,

   ApproverEmail text NOT NULL,

   CostCenterName text NOT NULL,

   PRIMARY KEY ( CostCenterId )

);
# Insert example records

INSERT INTO CostCenters (CostCenterId, SubmitterEmail,ApproverEmail,CostCenterName)  values (1, ‘ssarwa@microsoft.com’, ‘ssarwa@microsoft.com’,’123E42′);

INSERT INTO CostCenters (CostCenterId, SubmitterEmail,ApproverEmail,CostCenterName)  values (2, ‘ssarwa@microsoft.com’, ‘ssarwa@microsoft.com’,’456C14′);

INSERT INTO CostCenters (CostCenterId, SubmitterEmail,ApproverEmail,CostCenterName)  values (3, ‘ssarwa@microsoft.com’, ‘ssarwa@microsoft.com’,’456C14′);


# Verify Records
SELECT * FROM CostCenters;


quit

Create Storage queue

az storage account create -n $storageAcc -g $resourcegroupName -l $location –sku Standard_LRS

# Do not change queue name of contosoexpenses. KedaFunction queue trigger relies on this queue name.

az storage queue create -n contosoexpenses –account-name $storageAcc

Add corresponding secrets to the create KeyVault

MySQL Connection strings (choose ADO.NET) – both for API and Web
1. mysqlconnapi
2. mysqlconnweb

Storage Connection strings
1. storageconn

Sendgrid Key
1. sendgridapi

az keyvault secret set –vault-name $KeyVault –name mysqlconnapi –value ‘<replace>Connection strings for MySQL API connection</replace>’

az keyvault secret set –vault-name $keyvaultName –name mysqlconnweb –value ‘<replace>Connection strings for MySQL Web connection</replace>’

az keyvault secret set –vault-name $keyvaultName –name storageconn –value ‘<replace>Connection strings for Storage account</replace>’

# Make sure to register for free SendGrid Account and verify identity. Visit https://sendgrid.com

az keyvault secret set –vault-name $keyvaultName –name sendgridapi –value ‘<replace>Sendgrid Key</replace>’

az keyvault secret set –vault-name $keyvaultName –name funcruntime –value ‘dotnet’

Application Deployment

registryHost=$(az acr show -n $acrName –query loginServer -o tsv) az acr login -n $acrName cd source/Contoso.Expenses.API docker build -t $registryHost/conexp/api:latest . docker push $registryHost/conexp/api:latest cd .. docker build -t $registryHost/conexp/web:latest -f Contoso.Expenses.Web/Dockerfile . docker push $registryHost/conexp/web:latest docker build -t $registryHost/conexp/emaildispatcher:latest -f Contoso.Expenses.KedaFunctions/Dockerfile . docker push $registryHost/conexp/emaildispatcher:latest cd .. # Update yamls files and change identity name, keyvault name, queue name and image used refer values between <> in all files # Create CSI Provider Class # Use gsed for MacOS sed -i “s/<Tenant ID>/$tenantId/g” yml/csi-sync.yaml sed -i “s/<Cluster RG Name>/$resourcegroupName/g” yml/csi-sync.yaml sed -i “s/<Subscription ID>/$subscriptionId/g” yml/csi-sync.yaml sed -i “s/<Keyvault Name>/$keyvaultName/g” yml/csi-sync.yaml kubectl apply -f yml/csi-sync.yaml # Create API sed -i “s/<identity name created>/$identityName/g” yml/backend.yaml sed -i “s/<Backend image built>/$registryHost/conexp/api:latest/g” yml/backend.yaml sed -i “s/<Keyvault Name>/$keyvaultName/g” yml/backend.yaml kubectl apply -f yml/backend.yaml # Create frontend sed -i “s/<identity name created>/$identityName/g” yml/frontend.yaml sed -i “s/<frontend image built>/$registryHost/conexp/web:latest/g” yml/frontend.yaml sed -i “s/<Keyvault Name>/$keyvaultName/g” yml/frontend.yaml kubectl apply -f yml/frontend.yaml # Create ingress resource sed -i “s/<custom domain name>/$domainName/g” yml/ingress.yaml sed -i “s/_{/$subDomain/g” yml/ingress.yaml kubectl apply -f yml/ingress.yaml}

# Create KEDA function sed -i “s/<identity name created>/$identityName/g” yml/function.yaml sed -i “s/<function image built>/$registryHost/conexp/emaildispatcher:latest/g” yml/function.yaml kubectl apply -f yml/function.yaml

Once the ingress controller updates with new frontend deployed it may take a min for Application gateway to update.

Browse the application URL: https://subdomain.yourcustomdomain.com

Next Steps

Implement Service Mesh (like OSM) for securing service to service communications

Enabling managed identity to access MySQL and Storage services, thus removing Key Vault references

Enabling Github Actions for CI/CD pipelines

Surface Hub Windows 10 Team 2020 Update – Hub v1 status

by Contributed | Mar 5, 2021 | Technology

This article is contributed. See the original author and article here.

Editor’s note: This blog post was first published February 24 and updated with new information March 5.

As announced February 24, Microsoft began delivering the Windows 10 Team 2020 Update to first-generation Surface Hub 55” and 84” devices. We will continue to provide the Windows 10 Team 2020 Update to all first-generation Surface Hubs as a staged rollout. Using a staged rollout allows our engineers to investigate issues as they arise and ensure the highest quality update experience.

In response to recent customer feedback, Microsoft will throttle the March 2 rollout to investigate an issue listed in the known issues list. Additionally, Microsoft will start rolling out the Windows 10 Team 2020 Update for Surface Hub first-generation devices in the United States on March 9.

Feb. 24: Surface Hub v1 with full telemetry enabled in Australia, New Zealand, Japan, Canada, Mexico, Belgium, Italy, Germany, the Netherlands, Switzerland, and UK.

March 2: Surface Hub v1 with full telemetry enabled in all geographies except the U.S.

March 9: Surface Hub v1 with full telemetry enabled in the U.S.

We will continue to provide updates as the rollout continues including devices without full telemetry enabled, as well as availability via Windows Update for Business. If you would like to start your Hub v1 feature update before it is offered via Windows Update, we encourage you to use the Surface Hub Recovery Tool. Instructions are provided below.

Note: If the Windows 10 Team 2020 Update does not appear in the list of available Windows Updates, you can temporarily turn on full telemetry (aka Windows diagnostics). After enabling full telemetry and restarting the device, it may take 24 hours or more before the update appears. To check, open the Settings app from the Start menu, login with an administrator account, and select Updates & Security > Check for updates.

Updating via Surface Hub Recovery Tool

As an alternative to Windows Update, all first-generation Surface Hubs can be updated from Windows 10 Team, version 1703 (RS2) to the new Windows 10 Team 2020 Update with the Surface Hub Recovery Tool (SHRT) available for download (select SurfaceHub_Recovery_v2.7.139.0.msi). When you run the SHRT tool, you will be prompted to select the 2020 Update image – aka 20H2 – as shown in the following screenshot:

For more information about using the SHRT tool including step-by-step instructions, refer to Using the Surface Hub Recovery Tool.

Microsoft Ignite Live Blog: KEY06 – The Hybrid Workplace

by Contributed | Mar 5, 2021 | Technology

This article is contributed. See the original author and article here.

Blogger: Chris Hoard, Partner Education Lead, Vuzion (UK), MCT Regional Lead, OAS MVP

Sessions: KEY06, KEY06-R1

2020 was a year that changed everything. The way we live. The way we work. As the Covid-19 pandemic spread across borders and over continents organisations in every country of every type needed to adapt in order to survive or to function. We, as IT professionals, came into a situation where it was imperative we act as the first responders. On the one hand we needed to help our customers maintain business operations and keep their workforces secure in the face of growing cyber-attacks. On the other, we needed to support many of our colleagues in this new world of remote working helping to safeguard and ensure their mental and emotional wellbeing. As Jared rightly points out in the opening scene of Hybrid, we also needed to do both of these things whilst navigating our own personal challenges at home. When does work start? When does it stop? Where can our business conversations or activities take place without intruding on the privacy of our loved ones whose home it is as much as ours? Given these new realities, how many of us forget that throughout the pandemic many workers have still needed to go onsite each and every single day as it’s an essential requirement for their job. Think of healthcare workers and construction workers. Think of police, and firefighters, those who work in waste disposal, electricians, plumbers, vets. Think of retail and hospitality. These first-line workers have needed to be able to easily communicate with their remote colleagues whilst at the same time still be safe on the job.

As vaccination programs roll out across the world, we now begin to think and to re-imagine how work will be as we enter a period where the pandemic becomes more manageable. What is already clear is that things are not going to return to the way they were pre-pandemic. Some of us will remain at home. Some of us will go back to working or continue to work onsite. Others may choose to work at home or onsite in a hybrid setup depending on how it makes sense to them. This is not conjecture. The statistics back this up. Over 80% of managers expect more flexible work from home policies post-pandemic; 70% of employees expect to adopt flexible work from home policies. Yet the key insight of Hybrid is this: as Jared notes, in our experience of living through the pandemic we come to understand that whilst physical spaces will always be important, we cannot rely on them or being together in person the way that we used to. Because we cannot rely on them, cloud powered technologies such as Microsoft Teams are fundamental to how businesses support working from home, working onsite or anywhere in between. Look at the numbers for Teams since the start of the pandemic – daily active usage (DAU) has rocketed to 115 million, up from 20 million at the end of 2019 when it first emerged out of China. 30 billion collaboration minutes worldwide by Microsoft 365 users in a single day. Astronomical growth.

Yet growth isn’t just about Covid in-itself. Microsoft has worked hard and relentlessly over the course of 2020 to introduce over 100 new features for Microsoft Teams which has helped organisations and their users communicate and collaborate more effectively wherever they may be. Two examples that Hybrid gives to illustrate this are Large Gallery Mode which allows attendees to see more colleagues and up to 49 video feeds at the same time and Together Mode – a unique meeting experience where everyone is together within a virtual shared space designed to reduce meeting fatigue. Going beyond Jared’s examples, some of the other features introduced throughout 2020 include Breakout Rooms, Custom Backgrounds, Hard Mute, Pop Out Chat Meetings and Calling, the New File Experience and closer integration with SharePoint, Sensitivity Labels, Meeting Extensibility, the Yammer communities app, new Power Platform apps, Spotlight mode, Raise Hand, Live Captions, Presence duration and Skype Consumer Interop. It’s difficult to articulate just how much innovation has gone into Teams or do justice to all the passionate engineers and product managers who have clearly thrown themselves into this to deliver the functionality organisations have needed to succeed throughout the pandemic.

Moving onto some of the new features for Microsoft Teams which were introduced in Hybrid and which will bring a new dimension to how we will work in the hybrid workplace, we saw Endpoint transfer allowing users to seamlessly move their calls between different devices – for example from a laptop to a mobile device – without any interruption in call service or quality. Great for wanting to get up and go for a walk on that call when you’ve been sitting on that chair at home all day.

We saw Dynamic View. Dynamic view intelligently arranges the elements of your meeting for an optimal experience and lets you control who shows up alongside content that’s shared. For example, you can place the gallery at the top of the meeting screen, so people appear at the top of the meeting window enabling a more natural eye gaze with other participants. The participant gallery also auto-adjusts when the meeting window is resized. This will help to make meeting more engaging and, for many of us, help us to break out of the grid view we have become accustomed. It will be great to see colleagues’ reactions as content is shared.

One of the features announced that will excite many Teams users is Teams Connect, otherwise known as Shared Channels. Teams Connect enables users to share channels in Teams across multiple organizations meaning you can collaborate – chat, meet, use apps, share, and co-author documents in real-time with individuals and teams that have an Azure Active Directory all without having to switch tenants – a pain point for many users and which many IT pros have flagged. Admins have access to granular security and compliance controls, allowing them to stay in control of how external users access data and information. This is a real game changer – and what is less known about Teams connect is that you can share channels across multiple Teams in your own organisation!

Next, we have Presenter Mode. Presenter mode empowers you as a presenter to customize how your video feed and content appear to the audience. There will be three options available. Standout which shows your video feed in front of the shared content, Reporter which has content as a visual aid above your shoulder like how a news report on television looks and Side-by-side which displays your video feed next to your content. This experience will allow you to form a much stronger connection to your audience where you can transmit your energy and personality into the presentation.

Finally, following on from the standard meeting and Live Event we will see the release of Webinars. A meeting organizer can easily add a registration page to a meeting to better manage attendance before and after any engagement. Following registration, attendees will automatically receive an email confirmation with a calendar invite for a simple join experience. Teams will support interactive webinars for up to 1,000 attendees including rich presentation options, reactions, and controls to disable chat, audio, and video. This will seamlessly scale to accommodate 10,000-person view-only broadcast experience and 20,000-person to the end of 2021 to support throughout the pandemic. Following a webinar, the organizer can use reporting to learn who attended and how long they participated. In addition, they can also upload contacts to other marketing tools to manage ongoing communication. All this will be delivered in Q1 2021. Another game changer.

Moving onto Teams Rooms, the hybrid workplace will demand an inclusive and equitable meeting experience whether remote, onsite, or even on the shop floor. Everyone needs to be seen and heard clearly no matter where they join from. Large gallery view and Together Mode in Microsoft Teams Rooms brings users together in the same form, where a second screen such as a Surface Hub 2S can be used to display and work the content.

We will also see the introduction of the intelligent speaker. The intelligent speaker brings speaker attributed captions and transcriptions to Microsoft Teams Room which enables attendees to easily follow along with what has been said and who said it. Using advanced speech recognition powered by Cortana, it can identify and differentiate the voices of up to 10 people in meeting rooms and apply their name and profile picture next to their transcripts.

There were three reasons why this segway on teams meeting rooms was so exciting: Firstly, there was a great demonstration of Virtual Whiteboarding and how people can work together to ideate and be creative from anywhere on any device, using Surface Hub 2S and an iPad as examples. This really drives home how Teams removes location and environment as barriers to share and start a great dialogue with others on the idea we have to move things forward.

Secondly, Jared gave us a peek into how Microsoft see the new Casting to Teams Rooms evolving and how this could be leveraged to be able to share content on any screen.

Thirdly, Jared also gave us insights into how Microsoft see Microsoft Teams Rooms themselves evolving. Designing for a future of flexible working means rethinking about physical spaces. What does the meeting of future look like? Fluid, dynamic and cloud powered, where everyone feels included, engaged, and empowered to bring their best ideas.

At the conclusion of Hybrid, Jared says that Microsoft are ‘designing experiences to empower people in a work from anywhere world’ where they can work, learn, and collaborate whether that is at home, on the go, in the office, or from the manufacturing floor. Everything shown in this session has been ‘a scaffold to navigate a hybrid world’ with Teams as that organising layer. Yet Teams alone cannot give business leaders such things as ways to foster trust, build a culture and establish deep connections amongst employees – things which ultimately makes for a resilient organisation. This is the beginning of a conversation for Microsoft Viva. Built on Teams, Teams as the foundation of the employee experience as delivered by Viva.

For a session that was a little over 15 minutes, this had a significant amount of content and delivered masterfully as you would expect. But why should this session matter to us as IT Pros at all? Because it is important to understand where we are headed. Why is it important to know where we are headed? Because we need to lead and help organisations – our customers as well as our own – re-imagine how work will be as we move into a period where the pandemic becomes manageable. In our experience of living through the pandemic, we come to understand that whilst physical spaces will always be important, we cannot rely on them or being together in person the way that we used to.

And that is why we need Microsoft Teams. It’s no longer simply a tool to communicate and collaborate. When we have this organisation layer – this scaffold, this foundation upon which we can operate from anywhere – we can begin to build upon that and focus on the employee experience. By getting to where we give workers what they need wherever they may be in order to thrive in challenging times; we are developing resilience in a way we never could before.

Resilience is the reason we can never go back.

Read More here:

What’s New in Microsoft Teams | Microsoft Ignite 2021 – Microsoft Tech Community

Microsoft Viva Blog – Microsoft Tech Community

See great sessions on Microsoft Teams and Microsoft Viva at MS Ignite

About Chris Hoard
Blog: https://www.microsoft365pro.co.uk
Twitter: https://twitter.com/microsoft365pro

Microsoft Ignite Live Blog: The Hybrid Workplace