Skype for Business On-premises Migrating to Teams - POLICY Stage (stage 2)
Updated: Mar 11, 2021
#SkypeforBusinessMigration #MicrosoftTeams #Teams
Let me start first with an assumption...
Since in my last post was stage 1 and ensuring hybrid connectivity. I will assume you have your users synced to your Teams environment.
SO let's get into designing your Teams settings!
Like I said in my last post, getting the settings figured out sets your users up for SUCCESS! Nail these settings down and be aligned with your business and most importantly Security (governance anyone?)
Step one: Teams
Teams ad channel policies are used to control what settings or features are available to users when they are using teams and channels.
This one is pretty simple...literally one option
Create private channels = On or Off
Not too exciting...
Could this have been put somewhere else...Yes
Did it need it's own section...Not even close to Yes
But hey, there you go.
Step two: Meetings
This will be used to control what features are available to users when they join MS Teams meetings. The default is for all users to be in the Global config. But they do include additional policies. Pretty simple right?? WRONG! Well, not really. But there is a lot to consider with this one. I made a few mistakes when I was settings this because I didn't fully understand what turning on or off an option would do. So do your homework.
Above are the default settings. A lot going on here. But I'll break it down..
General settings-> Leave it alone. Done.
Audio & video-> Leave it alone. Bam.
Content sharing-> Leave it alone. Now you're thinking...WOW I'm really good at this policy setting thing!
Participants & guests-> Leave it alone. KIDDING!! Seriously, review this section carefully. Let's go through it:
Let anonymous people start a meeting-> this is off by default. My recommendation keep it this way. What happens when you turn it on? Participants calling into the meeting can start the meeting. When they do that, the call will drop after 4 hours. You might think this will not happen to you, but what if it does...during an all day board meeting with your CEO, COO, CFO, CIO and any other three letter acronym that starts with Chief you want to add there...because it did. To me. Super fun.
Roles that have presenter rights in meetings->Talk to your business lead on this one. But keep in mind, users can change this per their personal meeting options.
EveryoneUserOverride: All meeting participants can be presenters. This is the default value. This parameter corresponds to the Everyone setting in Teams.
EveryoneInCompanyUserOverride: Authenticated users in the organization, including guest users, can be presenters. This parameter corresponds to the People in my organization setting in Teams.
OrganizerOnlyUserOverride: Only the meeting organizer can be a presenter and all meeting participants are designated as attendees. This parameter corresponds to the Only me setting in Teams.
Automatically admit people-> You can turn on or off if people that are anonymous are automatically joined to a meeting. Do you want them to sit in the lobby? We changed this to Everyone in our organization. Why you might ask? Great question. That leads me to the next part...
Allow dial-in users to bypass the lobby-> We turned this off. Because, we turned on Automatically admit people. This can be set when 'Automatically admit people' isn't set to Everyone. We didn't want dial in users to start meetings. Once they dial in, they will sit in the lobby, however once the organizer joins, they automatically join. Otherwise the organizer will have sit and click 'admit' on every users dialing in. This could result in 20, 30, 50 'admit' clicks...yes...that has happened.
The last 2 options are 'keep default'.
You can create custom policies. Usually you are pretty safe to keep the Global policy for all users. I did create a custom policy to Restrict users to record meetings. I had a user who didn't want to risk anyone being able to record the meetings he schedules. So I created a policy and added him to it. Bam. Done.
Control whether anonymous people can join Teams meetings, what is included in the meeting invitations, and if you want, you can enable QoS and set ports for real-time traffic.
These settings are pretty important.
Work with your business to decide if you want Anonymous users to join a meeting and if so, do you want them to be able to interact with apps in meetings? These options are more about security. They are turned on by default. If you turn them off, will you get support questions? Will your users not understand why some people can join their meetings and others can't? YES and YES. So maybe just leave these be.
You can also set the URLs for Logo, Legal, and Help. Make sure these links are open to the public, as anyone you invite to your meeting will see these.
Network - QoS
Setting QoS is important. This will help tell the network that these packets should be prioritized. These are the default settings. But running the Network Planner, will help you understand if you need more ports for any service.
Step three: Messaging policies
Used to control what chat and channel messaging features are available to users in Teams. By default there is one Global policy. You can create custom ones and assign users.
These are the default settings. Carefully review each section with your business and make sure they understand these settings.
Even though these are default settings, you can still change many of these options in the channel itself. But that is something you will need to teach your users to do.
Step four: Teams apps
Policies to control what apps you want to make available to Teams users in your organization. By default there is on Global policy. You can create custom policies and assign to individual users.
This isn't too complicated. If you want to lock down what apps your users can install, go for it. It's not a bad idea, until you've done your research on what apps are out there. But these are the default settings.
Step five: Org-wide settings
Lets your Teams and SfB users communicate with other users that are outside your organization.
By default these settings are turned on. There isn't any reason really to turn them off. Be careful though, if you add anyone to the Allow list, it automatically Blocks everyone else...
Lets people outside your organization access to teams ad channels. This is an all or nothing settings. This is pretty straight forward. No real GOTCHAS to worry about. One thing to keep in mind however, you can't create custom policies for your users. You can however change a lot of these settings in the Channel itself. Another thing to add to your training checklist! Microsoft's checklist for prereqs might help https://docs.microsoft.com/en-US/microsoft-365/solutions/collaborate-as-team?view=o365-worldwide.
Lets you set up your teams for features such as email integration, cloud storage options and device set up. These settings will be applied to all of the teams in your organization.
You can most likely keep the default settings on this. Unless you want to turn off file sharing from other cloud storage solutions. Can we say BYE BYE Google Drive!?! Okay, probably not.
Go to Stage 3 VOICE!! Voice gets it's own section. Why?! Because it is just that dang special!