Timeline Fullwidth

Keeping your flow with Microsoft Teams

by Sandy Catalucci

As Microsoft Teams continues to grow in both popularity and capability, it is important to find a way to manage the platform that ensures productivity and not just interruption. In a nutshell, you need to find your ‘flow’.

What is flow?

Flow is the state of concentration at work we seek to maximise our skill level and keep us motivated without pushing us out of our comfort zones.

Think of it as the sweet spot with our work productivity.

In our current ever-changing world, technology can be disruptive to our flow. Too much disruption and interruptions can subsequently cause workplace anxiety. Microsoft 365 (M365) has a few effective yet underrated features that can help to reduce the noise and keep your flow, well, flowing.

Tips for managing interruptions:

This is by no means an exhaustive list, but a curation of my favourite features that help me manage my flow which in turn, helps me keep productive and achieve my outcomes.

Tip1: Set your status. Your status automatically changes depending on your calendar items, setting it to busy or showing when you’re in a meeting for example. Did you know you can also override this at any time? A recent update to this was the addition of appearing offline. You can also write a custom status message to give your colleagues some information about your status at this time. This message can clear after the workday or persist for longer periods, all set by you.

Tip 2: Use Focus Assist. Accessible in your Windows 10 settings, Focus Assist is a handy feature that allows you to minimise or stop notifications when you need to stay focused. When activated, your colleagues will see your status as focusing.

Tip 3: Manage your growing list of tasks with ToDo for personal tasks and Planner for team tasks. Better yet, enjoy the simplified view of this, plus your Outlook tasks, with the new Tasks app in Teams, available on the left-hand side of the screen. For now, this may still be called Planner in your Teams environment, but it will be renamed Tasks soon.

Keeping track of all of your actions will help you to create and prioritise them so that you can continue with the task you’re trying to focus on!

Tip 4: Set your own rules of engagement. Put a placeholder in your calendar to look at @mentions or other notifications in Microsoft Teams. This will prevent you jumping from task to task and getting distracted throughout the day. Consider putting your standard days and hours of availability in your signature block if you’re a part time worker.

There is a vast array of features in the M365 suite that can assist you with time management and wellbeing. To keep things simple and maintain your flow, try following these four tips.

Direct Routing Improvements for Australian Tenants

If your organisation is using Microsoft Teams and your Microsoft 365 tenant is hosted within the Australia region, there are two ways that public switched telephone network (PSTN) calling can be introduced to your Microsoft Teams environment. These are: 

  1. Use Telstra Calling (calling plans) 
  2. Use Direct Routing 

 

Given its deployment flexibility and ability to support a wide range of deployment scenarios, more often than not we see Direct Routing as the technology chosen to meet an organisation’s needs when adding PSTN calling to Microsoft Teams.  

Whether you want to migrate from an existing Private Automatic Branch Exchange (PABX) platform to Teams Voice over time, or you have an existing Skype for Business environment with infrastructure that natively supports Direct Routing with Teams, it’s relatively quick and easy to augment the existing telephony and introduce Teams Calling. 

What is Direct Routing? 

Plainly speaking, a Direct Route is simply a Session Initiation Protocol (SIP) trunk between a Session Border Controller (SBC) and Teams. It’s one of two call legs between Teams users and a telco trunk provider:  

When an SBC is configured to interface with Teams via Direct Routing, we need to let the SBC know where to send calls to (and receive calls from) in order to support PSTN calling.  

No matter where you are in the world, the same configuration is used, with the following Fully Qualified Domain name (FQDN) resolving to the closest Teams Direct Route infrastructure in relation to the SBC:  

  • sip.pstnhub.microsoft.com  

Today, in Australia, if we resolve the above FQDN, Teams Direct Route SIP infrastructure that’s returned is located in South East Asia (Singapore), with an IP address of 52.114.14.70. This is where our SBC will send SIP signalling when setting up a call: 

Just in case there’s an outage with infrastructure located closest to the SBC (in our case, SE Asia), Microsoft also publish the following FQDNs that will resolve to secondary and tertiary infrastructure located somewhere else in the world. So again, when resolving these FQDNs from an SBC located in Australia, they return the following:   

  • sip2.pstnhub.microsoft.com (United States) 

  • sip3.pstnhub.microsoft.com (Europe) 

As the examples above show, historically SIP signalling for Teams PSTN calling was not routed via Teams infrastructure located in Australia, as it has not existed.  

That is not to say that media associated with my call follows the same path. Infrastructure that supports media traversal (Media and Transport relays) have been available and deployed in Australia for some time, it’s just the signalling component that negotiates and sets up the call that’s been routing via infrastructure that resides off shore for Australian tenants. 

New Infrastructure Deployed in Australia 

In order to cope with increased traffic (mainly due to COVID-19), and to reduce latency, Microsoft have recently deployed additional infrastructure in Australia that will handle SIP signalling for Direct Routing.  

This ensures that all traffic associated with Teams PSTN calling (signalling and media) stays within Australia and should mean call setup is quicker for Australian tenants. 

One other FQDN that Microsoft publish, related to Direct Routing, is sip-all.pstnhub.microsoft.com. This one is useful, as it resolves to all IP addresses that an SBC might use globally when Direct Routing is deployed. Looking at the IP addresses that are returned when resolving this record, note two new entries: 

These IP Addresses represent SIP infrastructure that has been deployed in Australian datacentres to support local SIP signalling for Australian tenants. 

How do I use them? 

Today, these IP addresses are not being returned when resolving the primary Direct Route FQDN sip.pstnhub.microsoft.com from Australia. We expect this will be the case soon, however if you want to use them anyway, you can! 

  1. Add static DNS host entries to your SBC (the following example is from a Ribbon SWE Lite virtual appliance)
  2. Confirm that SIP Signalling is routing to one of these IP addresses:

This configuration won’t be necessary once Microsoft’s primary FQDN for direct routing resolves to these IP addresses automatically. But until then, manual configuration lets you take advantage right away. 

Rather than working with separate partners for your Microsoft 365 and telco needs, you can now integrate cloud telephony via Teams Calling with the rest of your Modern Workplace environment – all set up, managed, and supported by Insync Technology 

Take the next step on your Modern Workplace journey with VoiceX and enjoy the benefits of increased efficiency and improved productivity. To learn more about VoiceX, get in touch today 

mvp status

Becoming a Microsoft Most Valuable Professional (MVP) – Michael Zanatta

We are pleased to announce that our Senior Consultant, Michael Zanatta, has been presented with a 2020-21 Microsoft Most Valuable Professional (MVP) award for the award category Cloud and Datacenter Management. Michael will join colleagues Megan Strant and Loryan Strant who currently hold an MVP award in the Office Apps & Services category.

The Microsoft Most Valuable Professional award is given by Microsoft to community-focused technology experts who have been recognised and nominated in their area of expertise. We caught up with Michael to gain a bit more insight into his journey and receiving the MVP award.

Tell us a bit about how your journey, how you got here?

Actually, it all started because of a virus which infected on my dad’s computer. Ironically, the virus was called Windows 95 CIH. Of all the viruses to put on my parent’s computer, that one was probably the worst. Back in those days, motherboards only had one BIOS (Basic Input Output System) and didn’t have any recovery features. So when the virus reached the predetermined time, it would attempt to overwrite the BIOS chip on the motherboard, effectively killing the motherboard. So not a good start, but an interesting start to say the least!

After that, I got into computing (Grade 9). My dad worked in IT, so he introduced me to IT by teaching my DOS 4.6, and then I was batch scripting. Soon after that, I learned VBScript and VB.NET. Since I was learning to code while I was attending school (back in the days of Windows XP), a lot of my personal projects were pranks that I deployed at school. For instance, I wrote a Remote Control Application (Task Control, Computer Control) and messaging chat script similar to MSN Messenger. Much fun!

So, what is your area of expertise?

My area of specialty is Powershell. I’m a Powershell Subject Matter Expert. That’s really my area specialty, but really like what I do, obviously from day-to-day is more IT Process Automation/ Integration and WinOps/DevOps.

That is interesting, and with the MVP award could you tell me like a little bit how it works. Did someone nominate you for it? Or was it something that you went after yourself?

It’s a nomination by peers/others – It has to be done by either an existing MVP or a Microsoft employee. I was nominated by a Microsoft employee who was a former MVP.

What does the MVP award mean to you? What sort of benefits does it have for you?

There are many benefits that the award gives, but for me, I think it’s good to be recognised for the community involvement. It’s always nice to have someone say, ‘Hey, thanks for the input, it helped me with such and such’ Having that recognition is really good.”

MVP’s have access to a lot of NDA content from Microsoft that I can’t talk about. But there are other things like you can get a Visual Studio Enterprise subscription, which is fantastic for me as a coder.

You also get Azure credits so you can run services in Azure, but there’s a lot of little benefits with (MVP status) as well.

Outside of Microsoft third-party companies also come to the plate so they have their own MVP program so you can go to them and get additional valuable software from them as well. That’s handy to help you develop your journey.

Do you have a favourite platform you post on or a particular article that you have contributed to?

I think the two major articles/passion projects are the PowerShell Conference Books, Volume 2, and Volume 3. Working on the book is a full-time job outside of work for about four months.

Volume 2 is a bit of an interesting story. Initially, I was a contributor, I wrote a chapter for the book, and then I jumped on board as unofficial editor. The book is about 600 pages, so it’s not a light read! While it’s a ‘conference in a book’, you are reading a series of lectures/ deep-dive topics. It also serves as a textbook resource.

Now I’m working on Volume 4 which is exciting, and I’m taking ownership of the project as editor-in-chief. It’s a really exciting challenge.

I am also working on a PowerShell Module which allows new MVP nominees to automate their submissions, saving a considerable amount of time.

I also spend time talking to students, teaching them some PowerShell to get them to automate their labs a bit easier, and demonstrate how cool PowerShell is. During those talks, I also do a non-nonsense open IT AMA session where students can ask questions about IT.

Do you have any tips for anyone else – who is striving for an MVP award?

I think if you want to get an MVP award, the first thing you need to think about is why do you want to do it.

The best piece of advice I could probably say is if you’re in the right mindset, then everything else will come along. Be good at what you do, and love helping others. I think those are really the two key it that you could probably take away. And be prepared to get your hands dirty and spend a lot of time going the extra mile.

For me, I am committed to upskilling the Reddit community and realigning them back with the PowerShell community. It’s really really tough; you have your good days and bad days.

Is there anything else you would like to mention in regards to the MVP award?

Don Jones, wrote a book called “Be the Master”. Don uses the analogy of the apprentice and the master and how the apprentice learns from the master. The difference between the master and the apprentice is that the master teaches. So when a person has the skills and proficiency, they can start going a mentoring someone else. This reinforces what you have learned and forces you to learn something new. Having that mindset and being around those people is fantastic. I would also like to point out that we should always be putting on the apprentice hat and learning new things. When you have mastered something, learn something else.

Fundamental Security for Microsoft 365 – What do we need to do?

Fundamental Security for Microsoft 365 – What do we need to do?

  • Enforce MFA
  • Utilise Conditional Access to limit access via IP/Subnet, device, location
  • Block Legacy authentication
  • Manage External sharing with SharePoint
  • Mobile application management
  • Block / Audit Exchange forwarding rules
  • Block App Consent

In this blog, we will cover the fundamental security controls that ANY organisation should be using in this new hybrid world of work. It’s important to consider a variety of different security controls, particularly when staff are remote, from unfamiliar locations and possibly unfamiliar devices. With cybersecurity becoming a board-level responsibility, too often we find organisations with poor security controls applied to one of their biggest investments and locations of information, Microsoft 365.

Generally, we split the key things organisations should be doing into two categories – User Controls and Admin Controls. User Controls being things that touch the user, that the user can help be responsible for their own security and that of the organisation. Admin controls aren’t exposed to the end user but provide valuable minimums in protecting an organisation from various vulnerabilities or threats.

If you get nothing else from this blog other than the impetus to go and implement these in your organisation, we will consider this a success! If you need help implementing what’s discussed here or want a further conversation around our managed Microsoft security platform, @M365 Secure, please hit the links below to get in touch.

 

User Controls

Multifactor Authentication

Do we actually need to say this anymore? Apparently so, after a recent survey revealed that 78% of Microsoft 365 admins don’t activate MFA. This might sound like an aggressive statement but having dealt with organisations using these excuses not to implement basic security norms too often, it just needs to be said: Any organisation that hasn’t implemented this or is planning to – is either derelict in their duty, has a poor culture and difficult employees, or has some intractable technical problem that cannot be overcome. Deploy MFA, do some training, spend the time with your users to onboard them and then build the process into your employee lifecycle. Staff play a role in protecting organisational assets, not just the CISO or the board. If staff have an issue with the extra level of security, consider the scenario where they are the cause of a security breach that results in financial loss and flows over to job cuts – including theirs. That should be enough for staff to take on the responsibility to protect their job, their peers, and their employer. Financial loss flows through many parts of an organisation and can impact people as well as reputation.

Deploy MFA, do some training, spend the time with your users to onboard them and then build the process into.

External Sharing

This is a contentious one – often you need external sharing enabled to allow people to share files with contractors, visitors, business partners etc. SharePoint External Sharing is a top-level configuration setting which controls sharing content from SharePoint to anyone, including external accounts. It also offers control at the individual site level, but many admins aren’t aware of this. Some organisations might turn this off completely instead of being selective, but its worth understanding the implications of external sharing with regards to SharePoint, OneDrive (because this lives in SharePoint effectively) and Teams. Check out a link by our own Loryan Strant describing recommended External Sharing settings here.

Mobile App Management

For those customers that have access to Endpoint Manager (formerly known as Intune) as part of Microsoft 365, implementing Mobile Application Management (MAM) is another key aspect of managing corporate data leakage. MAM gives the ability for granular in-application controls, limiting things like saving data locally to mobile devices, inability to copy and paste data from corporate applications to consumer applications, and preventing screenshots and other items that could be construed as data leakage. This also means that consumer or personal devices can be used for business purposes, and securely separated so that work applications can sit side-by-side with consumer/personal applications in sandboxed areas.

Self Service Password Reset

No more continuous calls to the ICT Service Desk to get passwords reset, or an on-premises only server that can reset them. Enrolling staff in Self-service Password Reset relieves the service desk, allows 24/7 password resets from anywhere in the world based on known user criteria.

Admin Controls

In order of importance here…

  • Conditional Access
  • Block forwarding
  • Block consent
  • Block legacy authentication

Conditional Access

Conditional Access is straightforward – it lets you set conditions on who can access your data and Microsoft 365 services. These conditions could be – only from your office IP addresses, only using a corporate owned device, only from a device with up to date security patches etc. The basics should be set up to reflect your level of acceptable risk. Conditional Access works in tandem with MFA, allowing you to set stateful rules in addition to MFA to access resources.

However, in a COVID-world, it’s hard to lock down access via IP, if no one is in your office. So, you should think about what minimum conditions you want to impose for users to access your data. We would suggest allowing access from:

  • From a corporate owned or managed PC
  • Up to date antivirus/Windows Defender
  • Blocking swathes of geography where you have no users – e.g. Continental Europe, Asia
  • Blocking unsupported applications – e.g. specific mail clients and look to something that can utilise modern authentication, like Outlook Mobile or Nine.

Legacy Authentication

Legacy authentication comprises older protocols like Exchange Web Services, Autodiscover, SMTP – which have been phased out in favour of “modern” authentication which allows such things as multifactor authentication, per-session limits and controls – simply unavailable in older protocols. It is well known that most attacks on infrastructure utilise legacy authentication – looking for a hole in which to get in.

Implementing legacy authentication is a really simple process – in fact, Microsoft will tell you what applications are accessing your Microsoft 365 platform and using legacy authentication so you can remediate if you see fit. It could be someone had an old printer using SMTP that needs to be sorted out before you can totally block legacy auth.

Head over to:

  1. Jump into the Azure portal > Azure Active Directory > Sign-ins.
  2. Add the Client App column if it is not shown by clicking on Columns > Client App.
  3. Add filters > Client App > select all of the legacy authentication protocols. Select outside the filtering dialog box to apply your selections and close the dialog box.

This will show you what people, applications or clients are using legacy auth. If you don’t recognize any, and are comfortable with that – you can then go ahead and block legacy authentication from your tenant.

Block Consent

One of our favourite topics and one that we believe not enough customers review and manage sensibly. We’re not sure why this isn’t more prominent with Microsoft and organisations, but the consent process allows third-party applications access to the user in Microsoft 365, and consequently, whatever the user has access to in Microsoft 365.

Obviously, third-party consent to users’ applications and attributes are super important for app functionality, and there’s lots of apps that are beneficial to end user productivity. Items like Trello, Salesforce, AvePoint Cloud Governance etc. It’s an important part of the Office 365 / Microsoft 365 ecosystem. But – it should be carefully managed. It is almost too easy for users to click through and add applications to their workplace experience, but have little idea what data that application can access, where it is stored and what that organisation does with its data.

To be on the safe side, we generally recommend customers white-list their preferred external applications after going through an audit process, even if it is just high-level. This will allow some oversight for applications that are integrated with Microsoft 365 and limit the risk of data leakage to low quality or unsupported applications.

Block Exchange Forwarding

Some users like forwarding their mailboxes to external mailboxes for historical or posterity purposes. Sometimes this is acceptable in some organisations, particularly if someone is taking a sabbatical, they may want their mail forwarded, but generally, you don’t want automatic forwarding taking place from an internal mailbox to an external party.

This is how some organisations have been breached – for example, an accounts payable user with their mail being forwarded could open up the ability for someone to receive invoices, modify them and return leading to fraud. Stop this by following this guidance.

If you need help implementing what’s discussed here or want a further conversation around our managed Microsoft security platform, @M365 Secure, please hit the links below to get in touch.

 

Inside Insync – David MacDonald

Today we meet: 

David MacDonald 

Senior Systems Engineer 

Time with Insync: August 2019 

Previous notable time in IT industry/customer/vendor: I have been working full time in IT for the past 5 years. 

What are your best skills for your role?

I think that my best skill is being able to identify and solve technical problems that our customers are faced withResolving technical issues brings me great satisfaction in my work life. 

What do you like about your role? 

I love the fact that I get to do BAU and Project work within my role. In previous positions, I only had the chance to work on general BAU activities which would eventually burn me out as it was usually the same type of repetitive work. Since I have been with Insync Technology I’ve had the opportunity to work with our customers on configuring security solutions such as Azure MFA and new modern management technologies such as Intune which has been a great learning experience for myself. 

What trends are you seeing with customers? 

The impact of COVID-19 has seen our customers rapidly adopting new technologies which can assist staff and IT teams to allow for remote working and collaboration.

What do you think about the opportunity for Teams for customers?

I love using Teams in my day to day work as it allows for easy communication and collaboration with teammates as well as our customers. It’s always evolving and new features are constantly getting added to improve the general user experience as well as the collaboration experience. 

Where have you used Insync core values in Insync everyday work life: 

Don’t walk past a problem & Make a call – I had a recent ticket with a client where they had a monthly manual process to run a monthly security report on mailbox access and they wanted to see how we could improve it by making it more efficientI explained to the customer that this process could potentially be automated. I had setup a free Azure Automation account and wrote a script which would generate the report and email it to the respective parties. 


 

What do you like to do in your downtime?

I enjoy working on personal programming projects and playing video games. 

 

Adoption and learning are ongoing, evolving processes that cannot be confined to a one-hour workshop

The year 2020 has thrown us all into a spin. Whether dealing with long lockdowns and sharing your workspace with your five-year-old, or being forced to rethink your entire business processes, it is fair to say we have all learned something. 

Learning and developing is a core component of any workforce. Businesses experience a huge amount of change during their lifecycles, and employees are generally expected to adapt and grow with each modification. Recently, there has been a general shift in how staff learn, with many organisations opting for self-managed learning journeys. The expectation that this can deliver the necessary education however, is flawed.  

“Self-managed learning relies on motivation. Staff are often expected to find time in a busy schedule, so they need to be highly motivated to complete it. In addition, self-managed learning journeys generally rely on pre-packaged tools and information which do not address specific learning needs. This can lead to disgruntled staff, a lack of confidence and an overall impact on productivity,” says Megan Strant, Principal Consultant – Adoption and Change Management at Insync Technology.  

So how do you ensure that your staff are learning and being equipped for the information and support they need?  

Understand where your staff sit in the ‘learning pit’  

The theory of the learning pit is that in order to learn, we first need to be thrown into, what is essentially, a pit of despair. By facing a challenge, staff identify that they may not have the knowledge and competency needed to complete it. This can have a knock-on effect with confidence and a willingness to jump in and give it a go.  

“Managed, ongoing learning means you have specialists standing by, ready to help staff climb out of the pit. In the case of technology and workplace computing, we do this by having staff touch and try the tools and ask questions as they go,” says Megan.  

By getting hands-on with a tool and having time to absorb information, staff are more likely to adopt and use it in their work life. According to Megan, this is because they have transitioned through the learning pit, from unconscious incompetence, to being consciously incompetent and ultimately consciously competent.  

“It’s important we consider all stages of the learning pit, because incompetence makes staff feel silly and stupid, it leads to embarrassment. This is a blocker for learning and so your adoption and change management needs to address this,” adds Megan.  

To allow staff to become competent, it is important to provide psychological safety by setting realistic goals and timeframes on how something is learned.  

Consider the anchors your staff need in order to learn  

In order to provide the guidance needed to help your employees through the learning pit, organisations should consider the information being delivered and the format of it.  

“At Insync, we want to provide anchors for staff that make it easier to remember information. We do this by focussing on the relevance of the content and how it is presented. We provide creative visual content and hands-on demonstrations and we repeat any components needed to continually reinforce behaviour,” says Megan.  

Putting structure around learning also ensures staff continuously move forward and stops their learning from stagnating. This is especially important if the learning is around workplace computing as the systems and tools are constantly evolving. Staff who may have received Microsoft training in 2017 can’t be expected to be consciously competent in a Microsoft environment in 2020.  

Realise learning isn’t a project with an end date 

For Megan, one of the key issues with self-managed learning is the perception that training is something that has a clear end date. Employee learning should in fact be an ongoing process, driven not only by product releases, but inhouse pains and challenges.  

For this to happen, seeking and listening to staff feedback is crucial. Learning has to be collaborative and include those with their ear to the ground and hands on the tools, as well as managers and leaders.  

“When it comes to learning, the people using the tools should have a voice. What struggles are they having, what goals should they be working towards? By driving learning programmes based on pains rather than product releases, you will prevent frustration and increase adoption,” notes Megan.  

Switch to managed learning 

Revising how you implement learning and development requires a shift in mindset. Professor Edgar Schein said back in 1955 “my own thinking has evolved from theorising about ‘planned change’ to thinking about such processes more as ‘managed learning.”   

To assist businesses in making the shift, Insync Technology is launching M365 Manage. The solution encompasses planning, governance and adoption and change management for organisations working in Microsoft 365.  

“Before we can address learning, we first embed ourselves in an organisation in order to understand what it is like to work there and how they use their platforms. Then we set goals and immediately focus on quick wins, because we know this builds confidence,” says Megan.  

By looking at the specifics of each organisation, Megan believes real, long lasting change can be implemented, and business leaders can be confident their staff are consciously competent.  

To find out more about Insync Technology’s M365 Manage, contact the team today 

Has your PBX (or Skype for Business Conference) been hacked?

by Jason Jacobs

 

Working for a Modern Workplace & Managed Service Provider (MSP) like Insync Technology can bring some curious and interesting issues my way. 

Issue description:

This week one of our customers reported some strange behaviour on their telco bill. Within the span of 48 hours, 1000+ outgoing calls were made to various international numbers…all from a single phone number. What made things worse, the supposed user making these outgoing calls was high up on the corporate ladder! Let’s call him Executive “JDoe”. Luckily, the telco was able to block any further international calls coming from JDoe’s number to avoid further charges. It was at this point where the issue came our way. Now it was up to us to figure out what had happened.

Investigation:

The customer runs a Skype for Business Server 2015 on-premises deployment, and all telephony services interface with Skype for Business via a Ribbon SBC 1000 voice gateway. The first place to start was the trusty “Skype for Business Monitoring Reports”.

Only a single audio call was made to “JDoe” during this 11 hour period. Well this cannot be it.

Let us keep looking…

BINGO! According to the list of conferences for this user, we see that “JDoe” hosted a Skype conference which started at 1:25:53am on 19 August 2020. Within minutes, multiple PSTN callers were added to the conference. PSTN callers are added continuously for another 90 minutes at which point the conference ends. Another conference starts and the whole process repeats. Note how most of the conferences use the same conference ID.

The key was realizing that despite “JDoe” hosting the conference, this user never actually joined any of these conferences from their Skype account. The time stamps also give it away; “JDoe” was fast asleep at 1:25:53am.

A Skype for Business conference can only be generated in one of two ways:

  1. From Microsoft Outlook calendar using the “New Skype Meeting” button. This will generate a conference ID on the Skype for Business server and allow people to join the meeting immediately (even if the conference is scheduled for the future). It simply creates the virtual meeting space and allows you to send the meeting join URL to any email address:
  1. From the Skype for Business client using the “Meet now” button. This will also generate a conference ID, but it will also join you into the Skype meeting automatically using your Skype for Business PC client.

All of this could mean one of two things:

  • Someone got hold of the Active Directory username/password for “JDoe”, logged in as them, and started creating Skype conferences from their account using Microsoft Outlook Calendar. (we know that “Meet Now” was not used because we don’t see “JDoe” in the meeting.
  • Someone got hold of a legitimate conference ID, or Join URL, and was able to enter the conference unencumbered.

Our security team ruled out the first option by checking sign in logs against Active directory. All authorisations for “JDoe” were legitimate. This leaves us with only one option: The “hacker”, in this case dyonnes@dyonnimlanches.onmicrosoft.com, got hold of a Meeting URL and happily joined themselves into the meeting and started calling PSTN numbers. Turns out the first time that Conference ID was used was for a legitimate meeting at 18/08/2020 11:30am

Why did this happen?

Now that we know WHAT happened, we need to figure out WHY, and how to prevent it in the future.

Skype for Business Server 2015 has several settings in the Conferencing Policy that configure who and what can be done from a conference.

Looking at the first few settings we see the following:

There are 4 types of users that can join a conference:

  1. A Skype user from the same organization
  2. A Skype user from another organization/domain (federated user)
  3. Anyone with access to the Meeting URL. This will join them via a web browser as a (guest) This is also known as an anonymous user.
  4. PSTN dialin user

In this case, dyonnes@dyonnimlanches.onmicrosoft.com is seen as a federated user. But here is the catch, all federated users that join a conference are also seen as “non EV” users. This means if you have this setting ticked:

 

It will allow any federated user to make outbound PSTN calls.

Of course, this issue led me to multiple internet searches, and I must give credit to “Flinchbot” for this article, which confirmed my suspicion:

https://flinchbot.com/ucnow/index.php/2016/11/28/conference-participants-and-dial-out/

In summary, here is what happened:

  1. JDoe creates a new Skype meeting from his Outlook client for 18/08 at 11:30am
  2. Somehow, dyonnes@dyonnimlanches.onmicrosoft.com gets hold of the meeting URL and can join the meeting from their own Skype for Business PC client. (Scheduled meetings can be joined for 14+ days after the schedule date). If you have the join URL, you can join.
  3. dyonnes@dyonnimlanches.onmicrosoft.com is seen as a non-EV federated user and can make outbound PSTN calls from the meeting.

As for how they got hold of the meet URL, this could happen any number of ways. The meeting invite could have been sent to an already compromised external party which is out of our control.

Solution:

Disable PSTN dial out for federated users:

 

 

Only Skype users from within your organization will now be able to PSTN dial out from a conference.

Alternative prevention:

Another preventative measure, albeit controlled by the users themselves, is to modify the Skype For Business meeting options from Outlook. This way you can prevent “Anyone” from bypassing the lobby even if they get their hands on the meeting join URL.

Inside Insync – Anneliese Luz

Today we meet: 

Anneliese Luz – Adoption Consultant  

Time with Insync: July 2020

Previous notable time in IT industry: 

Not having a lot of previous experience in the IT industry is actually a strength of mine in my adoption role.  I connect with the challenges that people face when migrating to and learning new applications, and can assist and encourage them in a non-technical and easy manner. 

What are your best skills for your role?

Mix Approachable with adaptable. 

In a separate bowl add in a heaped interest in learning and facilitation. 

Combine together and add a good pinch of people skills. 

What do you like about your role?

I am on a constant learning curve, which allows me to grow personally and professionally.  I get real enjoyment helping our customers to adopt new modern ways of working. 

What trends are you seeing with customers? 

Rapid online organisational transformation and onboarding of new modern technologies to assist staff to function and enrich remote collaboration and connection.  This is the new post Covid world. 

What do you think about the opportunity for Teams for customers? 

Seriously, it’s got dynamic rich functioning features that will just keep on improving.  I really don’t know how I worked without it – Once your staff build up their confidence (I can help with this part) they will love it too!

Where have you used Insync core values in Insync everyday work life: 

Coming from a non-technical background, I have really stepped outside my knowledge boundaries and gone the extra 1.6 KM to learn and upskill on the job. Putting in lots of effort to be effective and contribute to my Team. Working for Insync matches my own values.  I love that I can be open, honest and fundamentally  human in my work environment and facilitation work with Clients. 

 

What do you like to do in your downtime?

I have a 5 & 7 year old and an adoring Hubby.  I like nothing better than to head out for a bike ride, go camping and be outdoors with my family.

Running a Hackathon on Microsoft Teams

For the last 4 years, Insync Technology has been a proud sponsor of UHack: The University of Tasmania’s annual weekend-long event that sees teams of participants come together to create something innovative. The event runs from Friday evening though to Sunday afternoon, with mentors from various backgrounds providing guidance along the way, culminating in a panel of judges on Sunday afternoon who review the teams’ submissions and ultimately crown the winners. 


Historically, UHack has been an in-person event: participants from around Tasmania would gather at the three main UTAS campuses (Hobart, Launceston and Cradle Coast) and work through the weekend to develop their innovation. Mentors would be on-site, with some video conferencing allowing participants in the north of the state to also access mentors who have tended to be concentrated at the Hobart campus.  

 

Of course, given the global COVID-19 pandemic that has affected all of us this year, many events have been disrupted and have needed to move to an online format. UHack also found itself needing to adapt and pivot to a complete online solution ensuring it didn’t disrupt the event activities and submission of entries. The critical impact of this change to the event was on time. The project team needed a technical platform for the event with only weeks to work through the many use cases, build and give access to participants in the lead up to the main event. They also had to ensure that the change didn’t impact the flow of communication and activities, and that all thosinvolved, whatever their role, could come together easily, and with minimal training time, using this platform. The fast pace of the event has relied on physical proximity to bring together multiple roles, deliverables, checkpoints and many largely unnoticed resources – all of which now needed to be accessible, responsive and smooth to replicate the UHack experience in an online environment. And it all had to be set up quickly, as preparation and registration was already in train.

In previous years, even though an in-person event, there have been multiple platforms to capture data across the eventEventBrite for registration, MeetUp for lead up information sessions, DevPost for submitting deliverables. If you’re interested, Insync’s very own Richard Charnock wrote a blog about last year’s experienceincluding a first outing for Teams, primarily as a communication tool. Here’s Richard taking a well earned rest in the “Mentor Pen” in between sessions:

 

 

This year, given that all participants would now be remote, the focus was to build a much more integrated solution that reduced the need to move across applications or platforms. The immediate desire was to utilise an education tenant and Microsoft Teams to build out the event, along with as many out of the box apps and features as possible to save time. We will dive deeper later in this blog into the technical journey and platform detail. Firstly, let’s talk about the overall experience of moving a weekend hackathon to a remote competition and experience.
 

How did a hackathon differ run completely remote? 

UHack is a great event. Each year it brings people together with a fantastic sense of community and energy. Participants are students and members of the general public who simply turn up, join groups and head into an intense phase – measurable in hours  to create an idea and develop that into a business model. During this, the event team floorwalk. They pop into rooms and chat to groups to answer questions, address concerns and give updates. It is very much about people coming together. 

A key factor for moving this event online was bringing this UHack community together. How do you replicate the communication and team feel through technology? 

The immediate answer was Microsoft Teams as the central platform and hub. Teams and channels for the event wide communication, break out social space, questions to the event team, private Teams for each group of participants and spaces for judges, mentors and the event staff to communicate. 

 

 

If you want to see a little more of what we created within Microsoft Teams, check out our intro sway. The imbedded video will take you on a walkthrough of the various Teams, Channels and Apps that came together to support UHack this year. 

What we built was an instant community, and by contrast with the timescales in a conventional organisation for uptake of a social platform, in this instance we needed uptake to be high right away.
What was great to see was that as soon as participants were registered and had access to the platform, there was a lot of activity in the breakout channel looking for a team to join and general discussion. See below for some further thoughts on the overall experience, with further wins and challenges.
 

The overall platform experiences  

Microsoft 365 had several built-in apps and services that not only integrated easily, but enabled some easy wins across the event such as: 

  • Meetings and Live events – Using Microsoft Teams to support UHack meant that we had a single tool that could handle not just the collaborative requirements to run a hackathon, but also all communications requirements. Both opening and closing ceremonies were held using Live Events, with mentor sessions, information sessions and other sessions that had typically been held face to face in previous years all being held via Teams meetings. This also made it simple to record meetings and live events directly to Microsoft Stream and share them out to all UHack participants. 

Here’s one example: the pitch presentation Live Event: 

 

 

  • Bookings – this app was quick to setup and make edits. Having a participant choose a timeslot to meet with a mentor with it, and then automatically book a Teams Meeting in a Mentors calendar, meant less applications for Mentors to access and learn. They simply followed what was in their calendar and only needed to know how to join Microsoft Teams meetings. 
  • Having Bookings create timeslots from free/ busy time in a Mentors calendar was easy to work with. We simply advised each mentor to setup their availability and block out breaks and this fed into Bookings as meeting timeslots. 
  • Microsoft Forms was used to create a scoring system for judges. Having this as a tab in the Judges Team general channel simplified their experience with a single space to access and complete the work. It was easy at the end to export everything into Excel and use a pivot table to manipulate data to create winners across divisions. 
  • Communication through posts in the event wide channel made it easy to broadcast updates and provide information to all participants, or to communicate directly in either the judges or mentors’ spaces. 
  • Using tags in Microsoft Teams was a great way to alert the event team as a group of people, rather than having to type all their names to @mention. Simple feature with big impact. 
  • Having everything combined through Microsoft Teams meant we all ‘lived’ in one place and had easy access to all aspects across the platform for the event weekend.  

fast-paced event brings with it challenges. Some of these we had to rapidly overcome to ensure the event ran smoothly and activities were delivered: 

  • UHack has participants from a diverse range of backgroundsfor many of whom English is their second language. This means communication must be clear and followup questions must adequately support the participant. This is much easier to handle face-to-face where you can gauge if they understand or need more support. This was harder with online posts in Teams. We really had to think about language in an announcement or instructions and if it was a clear explanation. When people posted a question, at times the reply post wasn’t always resolving their confusion and a Teams call was needed to discuss further.   
  • The importance of clear roles across the event. At times we had several people responding to posts. It was potentially unclear which name was the person to assist. We did have display names clearly indicate who was staff, mentor, participant etc, but there may have been too many people posting and replying which should be more streamlined in events like these. 
  • The quality of data was a challenge that increased stress and challenges leading up to the event opening ceremony. You can clarify an email address when a participant registers standing at a desk; however when the event is 100% remote the data input is critical. Several typo’s in registration data lead to bounce backs and some manual follow up. 
  • We used a separate education tenant for the event and provided everyone accounts. This separate profile and account worked well for Live Events and consistent data, however it can mean people don’t log in to that account and see activityHaving a guest account enables people to tenant switch and notifications in their Microsoft Teams application are more obvious. 
  • And finally, of course a key challenge as with many events and technology is human error. People not understanding the basics of Microsoft Teams led to replies not connected to posts and thus not being seen, or not checking their calendar and joining a mentor meeting, and in the ‘assignments’ area of Teams some not clicking ‘submit’ on their final entry. A lot of lessons were learned by everyone involved in the event. 

As everthere were challenges: many of these were behind the scenes or quickly remediated and we all moved forward.
 

Without COVID-19, UHack may have shifted forward with slight technical platform innovation. What we have seen in 2020 is a massive shift – a technical revolution. The crisis drove a massive change which everyone involved enthusiastically rolled up sleeves and adopted with minimal hesitation or barriers. 

Let’s now dive deeper into how we solved some of UHack’s requirements within the Microsoft 365 ecosystem: 

 

Microsoft 365 Tenant 

 Given that not all UHack participants are students of UTAS, we weren’t able to use the existing UTAS tenant to support UHack. This was to ensure security and privacy was maintained, but also would have led to longer lead times to develop the UHack platform itself. If we were working in with an existing production tenant that supported an entire university, development of applications, creation of teams and user onboarding would not have bene possible in the time frame available. Luckily, work on the previous year’s UHack event has meant that a separate UHack tenant had already been setup and was sitting idle ready for us to use. This tenant is an education tenant: this ended up being crucial, as we used educationspecific Teams features to support assignment submissions for UHack teams. 

 

 

To support participants, an Office 365 A1 licence was sufficient. This gave them access to Teams, Microsoft Stream, online Office apps, and everything else required during the event. A1 was also sufficient for Judges, however for Mentors who needed to be bookable via the Microsoft Bookings app, they required an A3 license. The tenant had 25 of these licenses available to support this. 

 

Onboarding 

 In previous years where UHack was an in-person event, participants would turn up to one of three UHack locations and “manually” register their teams, or even create\join a new team on the day. Transitioning the event to being fully online meant that this would no longer be possible, and users would need to be onboarded to Microsoft Teams prior to the commencement of activities.  

Onboarding required a number of things to occur: 

  • Create accounts for participants in Azure Active Directory 
  • Add participants to specific groups to ensure they received appropriate Office 365 licensing, and to automatically add them to the right Teams 
  • Communicate login and other pertinent information to each participant via email 

How was this achieved? 

Since its inception, UHack has used Eventbrite to support user registration for UHack, and this year was no different. This year however, data from Eventbrite was the primary input data to PowerShell scripting developed to support user onboarding and email communications. The first step was to create all participants in Azure AD: 

 

 

Key actions the script completed for each participant: 

  • Set initial password for participants 
  • Force participants to reset their password to something unique at first login 
  • Appended (Participant) to display name to make it easier to identify Participants in Teams during the UHack event 
  • Set Department to UHack Participant (used for dynamic group membership and automatic licensing\Teams membership) 
  • Alternate email address attribute set to email address used to register via Eventbrite: supporting easy password reset without requiring a participant to register a mobile\email address for password reset 

 

 

Now that participant accounts had been created, we now needed to get an individualised email out to every participant letting them know how to login, where to find additional information, and how to get in touch with UHack event staff if they had any problems. Initially, mail merge was investigated as a way to achieve this, but was dismissed due to complexity (who remembers how to mail merge?). 

Instead, PowerShell was again the winner and would allow us to use the same master participant list that was used to enable users in Azure AD. To do this, the script used for user enablement above was modified to send an email instead. 

This did require email content to be in HTML format, fortunately sites like https://wordtohtml.net/ make it easy to design in plain test and output the HTML you need: 

 

 

Once we had HTML content ready to go, the following script was used: 

 


With the resultant email sent to all participants: 

 

 

 

Onboarding Assets 

Given the radical shift in how UHack would be delivered in 2020, we wanted to make sure that we were able to give participants as much information about what Microsoft Teams was, how it was being used to support UHack, and how to login to the UHack tenant. Links to resources that would achieve this were imbedded in the welcome emailMicrosoft Sway was used to create a presentation that explained what was different about UHack this year, and to provide an asset that was dynamic and updateable in the leadup and during the UHack weekend. 

 

 

 In addition to Sway, Camtasia was used to record and edit a first time login video for UHack participants. In under an hour, Camtasia allowed us to record, edit and publish a professional looking video that helped removed friction from the first-time sign in process:  

 

 

UHack App 

In delivering UHack as a pure online event for 2020, there was a desire to provide a single location within Teams where participants could check the schedule, get helpful tips and info, and provide a way to find more details on mentors. Given the relatively short amount of time available to come up with a solution, we needed to find something that could meet our requirements with a minimal amount of development. 

Earlier in the year, Microsoft released a template Power App that aimed to provide a user-friendly experience to connect users with information about a crisis. Insync Technology had deployed this for a number of organisations as a way to communicate during the COVID crisispresenting it as an app within the Microsoft Teams client. 

It would save a lot of time if we could use this as the base of an app for UHack, and that’s precisely what we did. Here is what the Crisis app looks like when deployed with defaults: 

 

 

And here’s what our UHack App looked like. Company News was repurposed as the UHack schedule, World news (which was initially an RSS feed from the WHO) was repurposed to take an RSS feed of any social content that mentioned UHack 2020. Emergency Contacts became Mentors, a single location where participants could see all mentors listed, click on a link to read more about a Mentor (SharePoint site) or make a Mentor booking with the Bookings app: 

 

 

Content within the app was controlled with a corresponding Admin app that allowed event staff to update the schedule, add helpful tips, links, or anything else for the duration of the event: 

 

 

With minimal effort, we were able to take an off the shelf app template and turn it into something that supported our needs for UHack. 

 

UHack Bot 

One other use case we wanted to support was the ability for participants to ask questions, get an automated answer, but also have a mechanism to ask a person if they were unable to find the answer they were after. Building chat bots within Teams is relatively straight forward, with lots of resources available to help you along the way: 

Within the time constraints we were working with, we were able to build a bot that presented useful information to participants: 

 

 

As well as ensuring any queries the bot couldn’t answer were directed to the Events Team to action: 

 

 

Bookings App 

UHack 2019 was the first year that Insync deployed Microsoft Bookings to support booking mentors, but this year it was more important than ever given that all participants were remote. In addition, the Bookings app in 2020 automatically created the booking as a Teams meeting – ensuring participants and mentors had a quick and seamless way to meet throughout the weekend: 

 

UHack Submissions 

When participating in UHack, each team is required to submit the following: 

  • A Business Model Canvas 
  • A 2-minute pitch video 
  • Their innovation submission files 

In previous years, UHack submissions were handled by Devpost. This year, however, given that the event was being held on Microsoft Teams, we wanted to find a way to support submissions natively within Microsoft Teams. We also needed to ensure we had a mechanism in place that would allow us to get submitted files prepared ready for judging: all while taking into account that all participants, event staff and judges were scattered throughout Australia. 

Given that UHack was being held on an education specific Microsoft 365 tenant, this meant that we had access to Assignments in Microsoft Teams to support UHack submissions. We created single UHack Final Submissions Team, added a single team captain per hacking group to the Team, and created a single UHack 2020 Submission assignment within the team. We took this approach as not every UHack participant needed to submit an assignment: one submission per group. If we had added an assignment to each Teams private Team, every participant would have had the ability to submit, making collecting submissions much harder. Introducing the concept of a team captain and a single UHack submissions teams solved thisAssigment submission also provided a mechanism to ensure everyone had access to the same template documents and instructions, in this case a Word template for the Business Model Canvas: 

 


Once all Teams had submitted their work, our next challenge was how to get these files to a Team created specifically for the judges. Whilst it was possible to manually click on each and every submission, download submitted files and upload to another location, we needed something that was quicker and more streamlined. To achieve this, we discovered where submitted files are actually stored in SharePoint, and synced this library to our own PCs: 

 

From here, it was much easier to review submitted files, format as required and copy across to the synced SharePoint library from the Judges Team. This allowed the remote Judges to access files quickly and easily: 

 

 

Some closing reflections… 

It wasn’t until the dust had settled and all the post-hackathon wrap-ups had been done that we realised how big a change we had made. Of course, we had built a model of one aspect of the “hybrid workplace” we are all now starting to envision. But more than that – 

First, in terms of space: once UHack escaped the limitations of physical space based on all the people and all the action being in one place, it actually became, in principle, boundless. The event serves to promote innovation in Tasmania, but by the time UHack 2021 comes around we’re sure there will have been much discussion of how to attract attendees, mentors and others from outside Australia, never mind the state.  

Second, in terms of time: we transformed UHack from an onsite event (one that only worked if you literally went to it) to an online event in a matter of weeks. This took a lot of skill and focus, and a certain level of sleep-deprivation: but it also demonstrates what can be achieved with the ever-improving tools available in Office365.  It will only get easier. 

And of course the world is now full of online events replacing their onsite predecessors. Commsverse, Ignite, M365 May, TeamsFest… these are not just replacements – they are in many ways improvements, certainly in terms of accessibility, participation, scope and choice. We can’t wait to be involved in the next one. We’ll see you there! 

Inside Insync – Ian Culliver

Today we meet: 

Ian Culliver – Senior Consultant 

Time with Insync: Early 2019 

Previous notable time in IT industry/customer/vendor: 

Having worked full time in IT for 20 years, I have worked in or with almost every industry Australia has to offer. I still remember floppy disks if that counts for anything? 

What are your best skills for your role?

My ability to help analyse issues and identify problems has always helped with managing IT systems and issues for my customers. Lately, I have had the opportunity to work with our clients to help develop and improve their systems and processes. This non-technical engagement is aimed at bridging the gap between IT staff and the commercial operations. 

What do you like about your role?

Being able to help create change and improve people’s effectiveness and work life balance. 

What trends are you seeing with customers?

COVID has changed the attitude of some senior leadership on the value remote working can provide. I have seen customers that were strongly against having a remote workforce, embrace and encourage this recently. Some are now looking to continue and even expand flexible hours and remote work locations beyond COVID. 

What do you think about the opportunity for Teams for customers?

The collaborative nature and the integration of supporting products are the key to a remote workforce being effective. If this platform continues to simplify the interactions and integrations between people and products, this will only further enhance the effectively and productivity of all involved. 

Where have you used Insync core values in Insync everyday work life: 

I would like to think that I never promote or push a solution or product that wont work for a customer. Not every business has the same needs, desires, or wants and sometimes you need to help curb the enthusiasm of senior staff and help get the foundations in place. Being honest and not bulls#!ing them about their expectations and the road ahead is imperative to a successful partnership. 

 

What do you like to do in your downtime?

Scuba diving. I’m inside and at desk enough so when I can I like to tune out and find a trench, channel or shipwreck to paddle around and in. 

show