In a previous blog post, I talked through the basics of setting up a Microsoft Team and showed you how Teams are related to Office365 Groups, SharePoint Online and Skype for Business Online.
Now I’d like to walk through some of the nitty-gritty details related to your Microsoft Teams deployment. A much more comprehensive set of information can be found in the “Practical Guidance for Microsoft Teams.docx” found at http://www.successwithteams.com, but this article will give you an overview of what you should have in mind as you start talking with your customers.
A Peek Under the Covers
Now, we’ve discussed some of the basics of Microsoft Teams, but it’s important to have a “big picture view” of the other components that will factor into your planning process.
First of all, as we noted previously, a Microsoft Team creates an Office365 Group. If you are the owner of an existing Office365 Group, you also have the ability to convert it over to a Microsoft Team. When the Group becomes a Team, the existing SharePoint and OneNote are automatically ported over to Teams. Keep in mind, though, that Groups must be private and they cannot have more than 600 members. You can see where your Office365 Group is created in the Office365 Admin Portal, as seen below:
Office365 Office365 Groups uses identities that are stored in Azure Active Directory. This means that all authentication and authorization capabilities are managed by Azure AD. This makes it possible for you to use things like Multi-Factor Authentication (MFA) in Microsoft Teams, as well. That means that an organization can use any identity model supported by Office365, including the following:
- Cloud Identity: In this model, a user is created and managed in Office 365 and stored in Azure Active Directory, and the password is verified by Azure Active Directory.
- Synchronized Identity: In this model, the user identity is managed in an on-premises server, and the accounts and password hashes are synchronized to the cloud. The user enters the same password on-premises as they do in the cloud, and at sign-in the password is verified by Azure Active Directory. This model uses the Microsoft Azure Active Directory Connect Tool.
- Federated Identity: This model requires a synchronized identity with the user password is verified by the on-premises identity provider. With this model, the password hash does not need to be synchronized to Azure AD, and Active Directory Federation Services (ADFS) or a third-party identity provider is used to authenticate users against the on-premises Active Directory.
Now let’s dig into the components of the Microsoft Team itself: each Team that you create contains multiple elements, including a SharePoint Online (SPO) site. Each channel that you create in Teams gets its own folder on this SPO site, and the permissions and file security options that are set in SPO are automatically reflected in Teams. This is the data that is shared across the members of the Team. To be clear, for this functionality to be available, you must be using SharePoint Online.
However, you can also have 1:1 conversations using private chat in Microsoft Teams. What if you share a file with someone in one of those chat sessions? Where is that data stored? The files associated with those private chat sessions are hosted in your OneDrive for Business, and the permissions are automatically granted to all participants in that specific private chat. The OneDrive for Business license is tied to the SharePoint Online license, so again, we have to have SharePoint Online enabled for this to work. In the screenshot below, you can see where OneDrive for Business files are made available in Teams.
When we create an Office365 Group, we also get an associated OneNote notebook for the Team, and sections are created in the notebook for each channel in that Team. Any security settings applied within OneNote automatically apply to Notes within Teams. So, as you see below, there is a notebook for the Graphic Design Institute, and then a section would be created in OneNote for the channels – Art and Media Festival, Content Staging, Future Ideas, and so on.
What may not be quite so obvious is that each Team also has an associated Exchange Online (EXO) mailbox. This mailbox is used to store information including the group mailbox and a common calendar for the Team. When a meeting is created in Teams, the invite is pushed to your Exchange Online mailbox, and the meetings created in EXO are synced to the Meetings tab in Microsoft Teams. The meetings that show up here in the “Meetings” area are the same ones that show up in your Outlook mailbox.
What’s interesting is that Microsoft Teams does not strictly REQUIRE users to have an Exchange Online mailbox. Unlike the SharePoint and OneDrive for Business components, which MUST be hosted online, you are able to deploy Teams with mailboxes hosted on-premises. There will, however, be a few caveats for users with on-premises mailboxes. This table, taken from the Planning Workshop for Microsoft Teams.pptx document highlights the restrictions.
When it comes to Microsoft Teams and Skype for Business, there is an important fact to consider during your planning and deployment. At this time, interoperability between Microsoft Teams and Skype for Business is available only for peer-to-peer (P2P) instant messaging. In other words, you cannot have a conference where some users are on Skype for Business and other users are leveraging Microsoft Teams in the same conference. Additionally, in order for a Microsoft Teams user to send an IM to a SfB user, the Microsoft Teams user must be homed in Skype for Business Online.
The Dreaded Licensing Discussion
Yes, I know. I hate talking about licensing, too. But as we’ve seen above, there are a lot of online components that provide the core functionality to Microsoft Teams, so there may be some confusion around which SKU’s are required to get the needed functionality.
As of this writing (May 2017) the Microsoft Teams Licensing Requirements are actually quite straightforward. They are as follows:
With these licenses, the core functionalities (chat-based workspace, and meetings with audio, video, and content group calling) of Microsoft Teams are available to all supported subscription plans. All the supported subscription plans are eligible for access to Microsoft Teams’ Web client, desktop clients, and mobile apps.
However, if the organization where you are deploying Microsoft Teams has specific information protection (security and compliance) requirements, these may dictate the use of a specific subscription plan in order to get the functionality needed – not just for Microsoft Teams - but for the overall Office 365 solution for the organization. For example, if a customer requires the ability to perform eDiscovery against SharePoint data or Exchange mailboxes, they may require an Enterprise SKU, rather than a Business SKU.
More bandwidth, more bandwidth….
With all these capabilities being hosted in Office365, you may be wondering about bandwidth requirements.
The group that has developed Microsoft Teams leverages a planning methodology that closely mirrors the Skype Operations Framework (SOF) planning process, which encompasses the Plan, Deliver and Operate phases. So, if you’re familiar with SOF, you’ll understand the process for a successful Teams rollout.
Part of that successful planning involves determining bandwidth requirements. Since we know that there is a Skype component to Teams, a logical question comes up: “How do I plan for Teams from a network capacity standpoint? Can I just use the Skype for Business Bandwidth Calculator and be good to go?”
Well, probably. But if your deployment of Teams is not very large or complicated, you can use the Microsoft Teams bandwidth calculator located here for network planning: http://aka.ms/bwcalc/
However, keep in mind that, in order to get an optimal experience with real time media within Microsoft Teams, you have to meet the typical networking requirements for running Skype for Business in Office 365, which may require more than just meeting bandwidth requirements. In other words, your planning is going to include things like ensuring the quality of your WiFi connections, allowing access to the necessary Office365 URLs and IP address ranges, bypassing proxies, and enabling split-tunnel VPN. So there may be circumstances where
It also means you need to meet the following requirements on the two critical network segments: Client to Microsoft Edge and Customer Edge to Microsoft Edge:
To test these values, we recommend that you leverage the Network Assessment Tool located here: https://www.microsoft.com/en-us/download/details.aspx?id=53885). This tool can be deployed on both the client PC directly, as well as a PC/laptop connected at the Customer Network Edge. Documentation for how to use the tool can be found here: Network Readiness Assessment. By running this Network Readiness Assessment tool, you can validate your network’s readiness to run real-time media applications, such as Microsoft Teams. If the tool indicates that there may be network issues that would impact the quality of the audio/video experience for your end users, you should recommend that the customer have an Advanced Network Readiness assessment performed by a partner with qualifications in that area.
Now we’ve taken a little bit of a deeper look into Microsoft Teams. It’s a great tool for group collaboration, and it’s really very easy to set up and deploy in an organization. Make sure to read all the planning documentation on the www.successwithteams.com website – and Happy Teaming!