-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfeed.rss
1466 lines (1404 loc) · 123 KB
/
feed.rss
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<?xml version="1.0" encoding="utf-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
<channel>
<title>Andrés Gorzelany</title>
<link>https://get-itips.capazero.net/</link>
<description>Get-ITips</description>
<copyright>2024</copyright>
<pubDate>Thu, 11 Jan 2024 15:16:03 GMT</pubDate>
<lastBuildDate>Thu, 11 Jan 2024 15:16:03 GMT</lastBuildDate>
<item>
<title>Images in announcement posts in the New Teams</title>
<link>https://get-itips.capazero.net/posts/images-announcements-new-teams</link>
<description><p>Sometime last year (2023), Microsoft removed a very nice feature to upload images in announcement posts.</p></description>
<guid>https://get-itips.capazero.net/posts/images-announcements-new-teams</guid>
<pubDate>Thu, 11 Jan 2024 00:00:00 GMT</pubDate>
<content:encoded><h1 id="some-history">Some history</h1>
<p>Sometime last year (2023), Microsoft removed a very nice feature to upload images in announcement posts.</p>
<p><img src="/images/Add_Background_Image.png" class="img-fluid" alt="Add background image" /></p>
<p>If you have never used this feature, it allowed you to use an image in announcement posts, the announcement post then looked customized and nice.</p>
<p><img src="/images/Add_Background_Image_2.png" class="img-fluid" alt="Image added" /></p>
<h1 id="confusing-message-center-posts">Confusing Message Center posts</h1>
<h2 id="mc680348-microsoft-designer">MC680348 - Microsoft Designer?</h2>
<p>A Message Center post related to the return of this feature was published on October 10, 2023, let’s analyze what it says</p>
<p><em>Custom Backgrounds for Announcement Posts in Channels</em></p>
<p><em>Message Summary</em></p>
<p><em>Microsoft Teams users will soon be able to create custom backgrounds for their Announcement posts with the generative AI power of Microsoft Designer. This release of Custom Backgrounds for Announcement Posts will be rolling out across Microsoft Teams Desktop and Web for Channels 2.0 in English – US markets only.</em></p>
<p><strong>Stop</strong> – some things to comment there</p>
<p><em>“...with the generative AI power of Microsoft Designer”</em></p>
<p>Ok, so now we need to accept the assistance of Artificial Intelligence to upload create an image?</p>
<p><em>“...in English – US Markets Only”</em></p>
<p>Ok, other markets will have to wait it seems.</p>
<p>Let’s continue</p>
<p><em>This message is associated with Microsoft 365 Roadmap ID 123501:</em></p>
<p><em>Teams users will be able to create engaging custom backgrounds for channel announcements in just a few clicks. Powered by Microsoft Designer, use generative AI to create expressive images.</em></p>
<p>Ok pretty similar to what the MC says, let’s continue</p>
<p><em>Before, in Channels 1.0, users struggled to &quot;find the right picture,&quot; to &quot;find images that work correctly with banner sizing, so it takes ages,&quot; etc.</em></p>
<p>This seems to be opinions Microsoft has collected, continuing</p>
<p><em>Now, whether users have their own image or an idea in mind, or absolutely nothing at all, they can create rich, engaging backgrounds for their announcement posts through the generative AI power of Microsoft Designer. A few clicks is all it takes--let the imagination run wild!</em></p>
<p>Ok, Microsoft Designer is mentioned again, what is that? According to Microsoft: <em>“A graphic design app that helps you create professional quality social media posts, invitations, digital postcards, graphics, and more.” It uses AI and it is currently in preview, at the bottom and in a small size font it says it will require a paid subscription once it reaches GA.</em></p>
<p>Let’s continue</p>
<p>The Designer Mini Dialog is where all the magic happens. You can write a description, upload an image, or click one of the examples we have provided for you to start.</p>
<p><em>“Upload an image”</em></p>
<p>Ok it seems the feature we miss is buried there.</p>
<p>Let's continue</p>
<p><em>While we work on making a policy setting available to tenants, this feature will be enabled by default (except in EDU). If there are concerns, please contact support.</em></p>
<p><em>“Enabled by default”</em></p>
<p>Enabled by default and the policy setting to control this will not arrive at the same time as the feature is released? <strong>NO BUENO</strong>.</p>
<p><em>We can't wait to see what announcement backgrounds you and your team come up with.</em></p>
<p>Erh... this isn’t the best sentence to sell this feature to data privacy concerned companies, isn’t it?</p>
<h2 id="mc687791-teams-premium">MC687791 - Teams Premium?</h2>
<p><strong>Another</strong> Message Center post related to the return of this feature was published on November 6, 2023, and updated on December 14, 2023, let’s analyze the differences:</p>
<p><em>Microsoft Teams users will soon be able to create custom backgrounds for their Announcement posts with the generative AI power of Microsoft Designer. As part of the advanced Teams Premium capabilities, users will have access to DALL-E, a text to image generator, which they can use for their backgrounds. This release of Custom Backgrounds for Announcement Posts will be rolling out across Microsoft Teams Desktop and Web for Channels 2.0 in English – US markets only.</em></p>
<p><em>“As part of the advanced Teams Premium capabilities, users will have access to DALL-E”</em></p>
<p>Ok so very similar to the previous MC post but this one will use DALL-E and require Teams Premium, let’s continue.</p>
<p><em>Note: Non-US tenants may notice a temporary loss in the ability to upload an image. For tenants who do not have access to Designer, the ability to upload image will be made available again in early 2024, while the team works on Designer support for more languages.</em></p>
<p><em>“For tenants who do not have access to Designer, the ability to upload image will be made available again in early 2024”</em></p>
<p>Ok some hope that we will get the upload image feature again without requiring Designer and Teams Premium?</p>
<p>What follows is remarkably like the previous MC post.</p>
<p><em>The information provided in these two MC posts does not answer if we are getting back a feature that we had without requiring extra licenses or extra tools or AI (a lot of companies are still concerned about AI and data privacy), except for the sentence that hints we could have it back in early 2024.</em></p>
<h1 id="final-thoughts">Final thoughts</h1>
<p>Based on the provided information, it seems there will be two different flavors of the feature:</p>
<ul>
<li><p>One will not require Teams Premium but still use AI</p>
</li>
<li><p>One will require Teams Premium and use DALL-E</p>
</li>
</ul>
<p>I think they overly complicated something that was simple and easy to use, just to include another app? Another license? AI?
Let’s see if they update these Message Center post improving the clarity of the message and providing more details.</p>
</content:encoded>
</item>
<item>
<title>Collaborative Notes in Microsoft Teams – The good, the bad and the ugly</title>
<link>https://get-itips.capazero.net/posts/collaborative-notes-review</link>
<description><p><img src="/images/collabmeetingnotes.png" class="img-fluid" alt="introimage"></p></description>
<guid>https://get-itips.capazero.net/posts/collaborative-notes-review</guid>
<pubDate>Fri, 25 Aug 2023 00:00:00 GMT</pubDate>
<content:encoded><p><img src="/images/collabmeetingnotes.png" class="img-fluid" alt="introimage" /></p>
<p>I’ve been using Teams Collaborative Notes for a while now and decided to write a blog post with my opinion of the good, the bad, and the ugly of this feature. Let me know if you agree or have a different opinion. 😉</p>
<h1 id="the-good">The good </h1>
<p>It’s a loop component, which means it’s collaborative and synced in real-time and can be shared in Teams chat, Outlook emails, Whiteboards, and other places. Don’t know what a Loop Component is? Read here <a href="https://learn.microsoft.com/microsoft-365/loop/loop-components-teams?view=o365-worldwide?WT.mc_id=M365-MVP-5004663">Overview of Loop components in the Microsoft 365 ecosystem | Microsoft Learn</a> want to read the Collaborative Notes announcement? Read here <a href="https://techcommunity.microsoft.com/t5/microsoft-teams-public-preview/now-in-public-preview-amp-targeted-release-collaborative-meeting/m-p/3848392">Now in public preview: Collaborative notes in Microsoft Teams Meetings - Microsoft Community Hub</a> </p>
<p>It’s easy to access while in a meeting, just by clicking Notes on a Teams Meeting, it’s there and everyone can collaborate on the same notes at real-time, which means it is better than OneNote, at least in my opinion, as it takes fewer steps to take notes and find the correct page/section. </p>
<p>It creates tasks automatically if you want, no need to go to Planner, you just enter new tasks and the assignment in the Follow-up tasks section. </p>
<h1 id="the-bad">The bad </h1>
<p>Recurring meetings and Collaborative notes create some confusion, let’s say John creates a recurring meeting with 10+ people and forgets to create the Collaborative notes for an occurrence, as an attendee, you need to chase the meeting organizer to create the Collaborative notes in advance of the meeting, Adam wants to add some topics to be discussed in the meeting, but he can’t because the loop component was not created by the Organizer. There is a workaround, Adam can start the meeting anytime, which will enable the Notes button, and because of that, will be able to create the Collaborative Notes. (There is a caveat in the following section), but everyone invited will also see someone started the meeting in advance of the scheduled time, more confusion. </p>
<p>Also on recurring meetings, if you expand the details of an occurrence in Teams, there is a banner on top of the loop component warning you that you are viewing the meeting notes for that occurrence, however, is that visible enough? </p>
<h1 id="the-ugly">The Ugly </h1>
<p>The .loop file or component will be created in the OneDrive of the person who created the Collaborative Notes for the meeting, being the organizer or the first person that clicked on Notes, imagine a recurring meeting that spans for a year, with different moderators that add topics to be discussed, you will have this .loop files spread into different personal OneDrive's, each one for every occurrence of a meeting, what if someone leaves the company and the OneDrive site is finally deleted? What if the .loop file is deleted by the creator? (I tested this, an ugly You don’t have access to this file message will be shown in the meeting details). This in the end adds more IT work to train users or act upon these situations. Somehow, I think it would be better organized if this file were created always in the same location, the OneDrive of the organizer. </p>
<h1 id="conclusion">Conclusion</h1>
<p>Collaborative Notes in Teams Meetings are a powerful tool, Customers asked me and I said, I prefer it over OneNote or another solution, however, they require training for your users not to mess up with meeting notes that ultimately create tickets in the support systems, and I also think they can be improved, I'm pretty sure that will happen once Microsoft listens to the feedback by users.</p>
</content:encoded>
</item>
<item>
<title>Convert Microsoft Teams group chat to team</title>
<link>https://get-itips.capazero.net/posts/convert-teams-group-chat-to-team</link>
<description><p>Microsoft Teams Group Chat members can grow, sometimes, a conversation that is happening in a Group Chat would be better and deserve its own Microsoft Teams team, let's say
we have a Group Chat with 25 members, what it takes to get the list of members is not straigthforward. So, with a little PowerShell magic, we can "convert" a group chat into a team.</p></description>
<guid>https://get-itips.capazero.net/posts/convert-teams-group-chat-to-team</guid>
<pubDate>Mon, 20 Mar 2023 00:00:00 GMT</pubDate>
<content:encoded><h1 id="introduction">Introduction</h1>
<p>Microsoft Teams Group Chat members can grow, sometimes, a conversation that is happening in a Group Chat would be better and deserve its own Microsoft Teams team, let's say
we have a Group Chat with 25 members, what it takes to get the list of members is not straigthforward. So, with a little PowerShell magic, we can &quot;convert&quot; a group chat into a team.</p>
<p>Actually, what the script does is creating a team with the same membership as the group chat, the group chat will stay as is and you will have to redirect the users to the
new team. It will ask you a couple of things and then run the required commands.</p>
<h1 id="requirements">Requirements</h1>
<ul>
<li>Latest stable Microsoft Graph PowerShell module</li>
<li>Latest stable Microsoft Teams module</li>
</ul>
<h1 id="the-script">The script</h1>
<p>You can find it <a href="https://github.com/get-itips/MiscScripts/blob/main/Teams/CreateTeamFromGroupChat.ps1">here</a> and I expect to update it with new features, contributions are welcomed.</p>
</content:encoded>
</item>
<item>
<title>Teams Wiki internals and possible migration</title>
<link>https://get-itips.capazero.net/posts/migrating-teams-wiki</link>
<description><p>I knew this was a long-time request by the community and that there isn't an out-of-the-box method to do this, I was asked
if I could find a way to migrate a Wiki tab from one channel in one team to another channel in another team.</p></description>
<guid>https://get-itips.capazero.net/posts/migrating-teams-wiki</guid>
<pubDate>Wed, 30 Nov 2022 00:00:00 GMT</pubDate>
<content:encoded><h1 id="introduction">Introduction</h1>
<p>I knew this was a long-time request by the community and that there isn't an out-of-the-box method to do this, I was asked
if I could find a way to migrate a Wiki tab from one channel in one team to another channel in another team.</p>
<p>I found this Tech Community post, I tried to use it but SharePoint Designer was not an option, but it helped me understand a few things, so thanks to the
person behind it <a href="https://techcommunity.microsoft.com/t5/microsoft-teams/how-to-copy-teams-wiki-pages-answered/m-p/2785567.">https://techcommunity.microsoft.com/t5/microsoft-teams/how-to-copy-teams-wiki-pages-answered/m-p/2785567.</a></p>
<p>I spent several days figuring it out how Teams handles wiki tabs, from creation, to updating and to removal, so I decided to share
my findings with the community, <strong>this is provided as-is, with no guarantee whatsoever, as you will see it is a very craft-made process</strong>.</p>
<h1 id="the-wiki-tab">The Wiki tab</h1>
<p><img src="/images/SourceWiki.png" class="img-fluid" alt="Source Wiki" /></p>
<p>When a Teams Wiki tab is added to a Channel, the following is created on the SharePoint site belonging to the Team:</p>
<ul>
<li>A SharePoint Document library named <em>Teams Wiki Data</em></li>
</ul>
<p><a href="https://contoso.sharepoint.com/sites/TeamName/Teams%20Wiki%20Data/Forms/AllItems.aspx">https://contoso.sharepoint.com/sites/TeamName/Teams%20Wiki%20Data/Forms/AllItems.aspx</a></p>
<p>This document library contains .mht files generated by the Wiki tab when someone edits the wiki, it will also contain the images inserted.</p>
<ul>
<li>A SharePoint List, like this, (but it is hidden by default)</li>
</ul>
<p><a href="https://contoso.sharepoint.com/sites/TeamName/Lists/19pYZDaUICINpaAq7iFZpRNyuEGeXK8gqb5yUC3ja4oc1threa">https://contoso.sharepoint.com/sites/TeamName/Lists/19pYZDaUICINpaAq7iFZpRNyuEGeXK8gqb5yUC3ja4oc1threa</a></p>
<p>(The list gets its name from the Team Channel id)</p>
<p><img src="/images/SourceSiteContents.png" class="img-fluid" alt="SourceSite Contents" /></p>
<p>Teams will also save this information about the tab and we can query it using Graph API:</p>
<p>HTTP Request</p>
<pre><code class="language-http">https://graph.microsoft.com/v1.0/teams/2c009003-bf45-47ab-ac9d-fe4f3f3967f5/channels/19:Kb8nmcctoGWrOYfiB-Cf7wVgX8Lnk0UL8BH-WB6s7hQ1&#64;thread.tacv2/tabs
</code></pre>
<pre><code class="language-json">{
&quot;&#64;odata.context&quot;: &quot;https://graph.microsoft.com/v1.0/$metadata#teams('d925b426-bcff-4d41-8e40-dda0bd157044')/channels('19%3AXV4JrShhjXTNB_EVNNZyoBiMRQkXcWFECKy_aFmZ1Qs1%40thread.tacv2')/tabs&quot;,
&quot;&#64;odata.count&quot;: 1,
&quot;value&quot;: [
{
&quot;id&quot;: &quot;e06b5ed7-404b-4a9e-b9d8-608d3b456bd5&quot;,
&quot;displayName&quot;: &quot;Wiki&quot;,
&quot;webUrl&quot;: &quot;https://teams.microsoft.com/l/channel/19%3aXV4JrShhjXTNB_EVNNZyoBiMRQkXcWFECKy_aFmZ1Qs1%40thread.tacv2/tab%3a%3ae06b5ed7-404b-4a9e-b9d8-608d3b456bd5?label=Wiki&amp;groupId=d925b426-bcff-4d41-8e40-dda0bd157044&amp;tenantId=239cf0aa-5769-4830-bda9-8eb6f978424e&quot;,
&quot;configuration&quot;: {
&quot;entityId&quot;: null,
&quot;contentUrl&quot;: null,
&quot;removeUrl&quot;: null,
&quot;websiteUrl&quot;: null,
&quot;hasContent&quot;: true,
&quot;wikiTabId&#64;odata.type&quot;: &quot;#Int64&quot;,
&quot;wikiTabId&quot;: 2,
&quot;dateAdded&quot;: &quot;2022-11-30T12:21:37.605Z&quot;,
&quot;isPrivateMeetingWiki&quot;: false,
&quot;meetingNotes&quot;: false,
&quot;scenarioName&quot;: &quot;wiki_init_context&quot;
}
}
]
}
</code></pre>
<p>See the property named wikiTabId? that's an important one and it is used by Teams to identify a specific Teams Wiki tab within
the channel, as you might know, we can have more than one Wiki per channel, and if we create 3 Wiki tabs, we should have
wikiTabId 1, 2 and 3, those numbers are assigned incrementally by Teams, this wikiTabId is important because, it is referenced in the
list I mentioned is created in the site, but we'll return to this later.</p>
<h1 id="requirements">Requirements</h1>
<p>Install the latest PnP PowerShell module version, you can check here <a href="https://msshells.net,">https://msshells.net,</a> we will use it for several things.
I won't go into the details on how to use PnP PowerShell, there are <a href="https://pnp.github.io/powershell/">good resources</a> for that.</p>
<h1 id="the-scenario">The scenario</h1>
<ul>
<li>Two Team's teams, let's call them SourceTeam and DestinationTeam</li>
<li>One wiki per team</li>
</ul>
<h1 id="procedure">Procedure</h1>
<p>The DestinationTeam has to have at least an empty Wiki, so it creates the <em>Teams Wiki Data</em> DL for us and also the SharePoint list,
let's call these placeholder DL and List. So create an empty Wiki tab on DestinationTeam using the regular procedure.</p>
<p>Then, use PnP PowerShell to connect to the source site:</p>
<pre><code class="language-powershell">connect-pnponline -Interactive -Url https://contoso.sharepoint.com/sites/SourceTeam
</code></pre>
<p>Get the List name by calling <a href="https://pnp.github.io/powershell/cmdlets/Get-PnPList.html?q=get-pnplist">Get-PnpList</a></p>
<pre><code class="language-powershell">Get-PnpList
</code></pre>
<p>The one we are looking for is named something like this &quot;19:XV4JrShhjXTNB_EVNNZyoBiMRQkXcWFECKy_aFmZ1Qs1&#64;thread.tacv2_wiki&quot;</p>
<p>Get the template of the list and also add the data to it, customize the $list variable and if you want the $template location.</p>
<pre><code class="language-powershell">$template = &quot;.\sourceTeamWiki.xml&quot;
$list = &quot;19:XV4JrShhjXTNB_EVNNZyoBiMRQkXcWFECKy_aFmZ1Qs1&#64;thread.tacv2_wiki&quot;
Get-PnPSiteTemplate -Out $template -ListsToExtract $list -Handlers Lists
Add-PnPDataRowsToSiteTemplate -Path $template -List $list
</code></pre>
<p>Unhide the List with <a href="https://pnp.github.io/powershell/cmdlets/Set-PnPList.html?q=set-pnplist">Set-PnpList</a></p>
<pre><code class="language-powershell">Set-PnpList -Identity bdd7b031-57f6-47fd-9922-67cc1c68cb6e -Hidden:$false
</code></pre>
<p>As we will probably need to review it on the site.</p>
<p>Now, let's do the same with the destination List, so we will have two xml files to compare.</p>
<pre><code class="language-powershell">$template = &quot;.\destinationTeamWiki.xml&quot;
$list = &quot;19:7BvdpssdDqtYTSLvKDRRUlF-RKLX5XUMnfSvinc4lFA1&#64;thread.tacv2_wiki&quot;
Get-PnPSiteTemplate -Out $template -ListsToExtract $list -Handlers Lists
Add-PnPDataRowsToSiteTemplate -Path $template -List $list
</code></pre>
<p>Open both .xml files, compare the structure and get familiar with how things are organized there.</p>
<p>On the source .xml file, we need to replace any occurrence of the list guid of the source with the guid of the destination (in the 2nd xml file), for example:</p>
<pre><code>19:XV4JrShhjXTNB_EVNNZyoBiMRQkXcWFECKy_aFmZ1Qs1&#64;thread.tacv2_wiki
</code></pre>
<p>with</p>
<pre><code>19:7BvdpssdDqtYTSLvKDRRUlF-RKLX5XUMnfSvinc4lFA1&#64;thread.tacv2_wiki
</code></pre>
<p>and</p>
<pre><code>19XV4JrShhjXTNB_EVNNZyoBiMRQkXcWFECKy_aFmZ1Qs1thre
</code></pre>
<p>with</p>
<pre><code>197BvdpssdDqtYTSLvKDRRUlFRKLX5XUMnfSvinc4lFA1threa
</code></pre>
<p>Save this .xml file as migratedTeamWiki.xml or something like that, browse to the destination site and delete the empty list (be sure not to be on the source site!)</p>
<p>Grab the PnP connection against the destination Sharepoint Site and import it into the site with <a href="https://pnp.github.io/powershell/cmdlets/Invoke-PnPSiteTemplate.html">Invoke-PnPSiteTemplate</a></p>
<pre><code class="language-powershell">Invoke-PnPSiteTemplate -Path C:\temp\Wiki\migratedTeamWiki.xml
</code></pre>
<p>This should leave you with a list of the same name on the destination site.</p>
<p>Browse to both source and the destination's site <em>Teams Wiki Data</em> Document Library, download and copy all the mht files from the source <em>Teams Wiki Data</em> to the destination's <em>Teams Wiki Data</em>.</p>
<p><img src="/images/TeamsWikiData.png" class="img-fluid" alt="TeamsWikiData Contents" /></p>
<p>Open the Team's destination team and clic on the Wiki tab, it should load the migrated Wiki, if everything was done correctly, if something looks odd, review the steps taken.</p>
<h1 id="developer-tools">Developer tools</h1>
<p>If we dig deeper activating the browser's developer tools, we can see that, when the wiki loads, it is using this request</p>
<pre><code class="language-http">https://contoso.sharepoint.com/sites/DestinationTeam/_api/web/lists/getbytitle('19:7BvdpssdDqtYTSLvKDRRUlF-RKLX5XUMnfSvinc4lFA1&#64;thread.tacv2_wiki')/items?$filter=(Id eq '10' or (wikiCanvasId eq '10' and wikiDeleted eq 'false'))&amp;$top=5000
</code></pre>
<p>(The HTTP url is already decoded)</p>
<p>If we look closer, it queries the Wiki list and filters by</p>
<ul>
<li>Id eq 10</li>
<li>wikiCanvasId eq 10</li>
<li>wikiDeleted eq false</li>
</ul>
<p>(It will differ in your case)</p>
<p>What I don't understand is how the wiki <strong>will still load when the Id does not eq what Teams is expecting</strong>, this Id corresponds to the wikiTabId I mentioned earlier, and unfortunately, there is <a href="https://learn.microsoft.com/en-us/graph/teams-configuring-builtin-tabs#wiki-tabs">no supported way of updating it</a>:</p>
<p>HTTP Request:</p>
<pre><code class="language-http">https://graph.microsoft.com/v1.0/teams/2c009003-bf45-47ab-ac9d-fe4f3f3967f5/channels/19:Kb8nmcctoGWrOYfiB-Cf7wVgX8Lnk0UL8BH-WB6s7hQ1&#64;thread.tacv2/tabs/6dd527de-ee8e-4f65-a389-ca8920adf3e0
</code></pre>
<pre><code class="language-json">{
&quot;configuration&quot;: {
&quot;wikiTabId&quot;: 1
}
}
</code></pre>
<pre><code class="language-json">{
&quot;error&quot;: {
&quot;code&quot;: &quot;BadRequest&quot;,
&quot;message&quot;: &quot;Setting the tab configuration for app 'com.microsoft.teamspace.tab.wiki' is not supported.&quot;,
&quot;innerError&quot;: {
&quot;message&quot;: &quot;Setting the tab configuration for app 'com.microsoft.teamspace.tab.wiki' is not supported.&quot;,
&quot;code&quot;: &quot;InvalidRequest&quot;,
&quot;innerError&quot;: {},
&quot;date&quot;: &quot;2022-11-25T20:19:19&quot;,
&quot;request-id&quot;: &quot;da8fd32f-f0e4-4f11-b7f3-bee20ddb2b30&quot;,
&quot;client-request-id&quot;: &quot;58eef061-4999-feda-86d6-44105932a1c5&quot;
}
}
}
</code></pre>
<p>For more information about that Graph API Call see <a href="https://learn.microsoft.com/en-us/graph/api/channel-patch-tabs?view=graph-rest-1.0?WT.mc_id=M365-MVP-5004663">here</a>.</p>
<p>So Teams will keep looking for whatever <strong>wikiTabId</strong> has in its own configuration, and also, unfortunately, Microsoft does not provide much information about this, as the effort and recommendations now seem to be <strong>to move on to OneNote</strong>, and this might be the small detail that makes this whole process still not perfect (?).</p>
<h1 id="extra">Extra</h1>
<p>If you want to dig deeper into this, browse to the List in the source and destination site and create a SharePoint List view adding this columns:</p>
<p><img src="/images/CustomListView.png" class="img-fluid" alt="Custom List View" /></p>
<h1 id="final-thoughts">Final thoughts</h1>
<p>If you have to do this because maybe you can't migrate content manually, I think you can follow this procedure but, test, test and test, until you get the desired results, and if you find an error or improvement to this guide, please, share it with me so I can update the post and share with the community.</p>
</content:encoded>
</item>
<item>
<title>Using Conditional Access Policies with Microsoft Teams Rooms devices - Part 1</title>
<link>https://get-itips.capazero.net/posts/tmr-conditional-access</link>
<description><p>Upon customer request, I needed to investigate how to restrict the resource account used by a Microsoft Teams Rooms device, the goal was to prevent this account from logging in from other devices than the MTR device, I think that is not so crazy request, right?</p></description>
<guid>https://get-itips.capazero.net/posts/tmr-conditional-access</guid>
<pubDate>Thu, 24 Nov 2022 00:00:00 GMT</pubDate>
<content:encoded><h1 id="introduction">Introduction</h1>
<p>Upon customer request, I needed to investigate how to restrict the resource account used by a Microsoft Teams Rooms device, the goal was to prevent this account from logging in from other devices than the MTR device, I think that is not so crazy request, right?</p>
<p>In this blog post, that I hope it becomes a blog series, I want to share my findings about this, and also thank <a href="https://twitter.com/randychapman">Randy Chapman</a>, <a href="https://twitter.com/LCansby">Linus Cansby</a>, <a href="https://twitter.com/thegrahamwalsh">Graham Walsh</a> for providing some more information.</p>
<h1 id="what-are-our-options">What are our options?</h1>
<p>According to Microsoft, <em>Filter for devices</em>, which is a <em>Conditional Access Policy</em> condition, is <strong>supported</strong> in Microsoft Teams Rooms on Android and on Windows. See here <a href="https://learn.microsoft.com/microsoftteams/rooms/supported-ca-and-compliance-policies?WT.mc_id=M365-MVP-5004663">Supported Conditional Access and Intune device compliance policies for Microsoft Teams Rooms and Teams Android Devices</a></p>
<p>However, we also found this statement</p>
<blockquote class="blockquote">
<p>You can't use a resource account to apply device-level conditional access policies in Azure Active Directory and Endpoint Manager as device info is not passed when using this grant type.</p>
</blockquote>
<p><a href="https://learn.microsoft.com/microsoftteams/rooms/rooms-authentication?WT.mc_id=M365-MVP-5004663">Authentication in Microsoft Teams Rooms on Windows - Microsoft Teams | Microsoft Learn</a></p>
<p>So if we read both those pages, it is a little contradictory, right? Is it or is it not supported to use <em>filter for devices</em>?</p>
<p>So, upon testing, I found out that Microsoft Teams Rooms devices based on windows <strong>do not send the device information on the sign-in event</strong> of the Microsoft Resource Account (Room Mailbox), see here an example:</p>
<p><img src="/images/MTR_Windows_SignIn.png" class="img-fluid" alt="TMR Windows Sign In event" /></p>
<p>Decided to give it a try <a href="https://support.microsoft.com/en-us/account-billing/register-your-personal-device-on-your-work-or-school-network-8803dd61-a613-45e3-ae6c-bd1ab25bf8a8">Azure AD Registering the device</a>, also with no luck. Then, I received confirmation from Microsoft that the device needs to be AADJ (Azure AD Joined/Enrolled) to send this information, I still could verify this but I hope I can do it for my 2nd blog post of these series.</p>
<p>So, that leaves me with the MTRoA devices, the idea, was to create a Conditional Access Policy like this:</p>
<h1 id="the-conditional-access-policy">The Conditional Access Policy</h1>
<ul>
<li><strong>Users</strong>: The specific resource account</li>
<li><strong>Cloud Apps</strong>: All cloud apps (or at least, Exchange Online, Microsoft Teams, and SharePoint Online as explained here <a href="https://learn.microsoft.com/en-us/microsoftteams/rooms/conditional-access-and-compliance-for-devices?WT.mc_id=M365-MVP-5004663">Conditional Access and compliance best practices for Microsoft Teams Rooms - Microsoft Teams | Microsoft Learn</a>)</li>
<li><strong>Conditions</strong> : <strong>Filter for Devices</strong>: <em>Exclude filtered devices</em>, Configure: Yes, Exclude filtered devices from policy: deviceId Equals e592fe64-fd2b-4ced-ae96-91657183cdb8</li>
<li><strong>Grant</strong>: Block access</li>
</ul>
<p>The policy should be read like this: <em>Block resource account from logging in from any device but the ones that match the condition of deviceId</em></p>
<p>As said, this unfortunately din’t work with a MTRoW, as-is or Azure AD Registered, but what about Microsoft Teams Rooms on Android?</p>
<p>These devices showed as Azure AD Registered by default and upon testing, they send the device information upon sign-in.</p>
<p><img src="/images/MTR_Android_SignIn.png" class="img-fluid" alt="TMR Android Sign In event" /></p>
<p>So, we could use CAPs with Android-based MTR devices without any other intervention (like AADJ/Enrolling, see <a href="https://techcommunity.microsoft.com/t5/intune-customer-success/enrolling-microsoft-teams-rooms-on-windows-devices-with/ba-p/3246986?WT.mc_id=M365-MVP-5004663">Enrolling Microsoft Teams Rooms on Windows devices with Microsoft Endpoint Manager</a>) in case you can't use Endpoint Manager/Intune for any reason.</p>
<h1 id="the-end">The end?</h1>
<p>Hope these findings are useful and saves time for someone, as this took me a good couple of days to find out and test.</p>
<p>I expect to continue sharing my findings with the community in a 2nd part of this blog post.</p>
</content:encoded>
</item>
<item>
<title>Automate adding tags to team members</title>
<link>https://get-itips.capazero.net/posts/Add-TagsToUsers</link>
<description><p>Hello!</p></description>
<guid>https://get-itips.capazero.net/posts/Add-TagsToUsers</guid>
<pubDate>Wed, 19 Oct 2022 00:00:00 GMT</pubDate>
<content:encoded><p>Hello!</p>
<h1 id="introduction">Introduction</h1>
<p>I see that there is no way to ease the job of adding a tag to multiple users at the same time without having to look for the user in the edit tag window, so if you have
a large list of team members and you want to add the tag to a lot of them or all, it is a little tedious, so exploring the API as
these other posts <a href="https://get-itips.capazero.net/posts/extra-information-federated-teams">Getting some extra information about Teams federated users using PowerShell</a> and
<a href="https://get-itips.capazero.net/posts/clear-teams-notifications">Mark Teams notifications as read</a> we can script this calling the chat service API.</p>
<h1 id="requirements">Requirements</h1>
<h2 id="tag-name">Tag name</h2>
<p>The tag you want to add to users doesn't need to be already created, this also means that, for example you make a typo specifying the tag name, it will be created, so make sure
you type the right tag name.</p>
<h2 id="the-teams-object-id">The team's object id</h2>
<p>Every entity in Teams is represented by an MRI, in this case we would need to grab the object id part of the mri from the URL.</p>
<p>Instructions</p>
<ol>
<li>Open Teams using the Web browser</li>
<li>Click on the three &quot;...&quot; and Manage team</li>
<li>Look at the address bar, for example <a href="https://teams.microsoft.com/_#/teamDashboard/Sales%20and%20Marketing/19:PwiCdKrPbQ2IyrQy7W2EVrXpHTAA3G00WuHUgP6PY1&#64;thread.tacv2/td.members">https://teams.microsoft.com/_#/teamDashboard/Sales%20and%20Marketing/19:PwiCdKrPbQ2IyrQy7W2EVrXpHTAA3G00WuHUgP6PY1&#64;thread.tacv2/td.members</a></li>
<li>Copy everything between &quot;:&quot; and &quot;&#64;&quot;</li>
</ol>
<h2 id="the-userids">The UserIds</h2>
<p>You can grab the user ids, using the official Microsoft Teams PowerShell module, using the <code>Get-TeamUser</code> cmdlet, take note of the UserId you need (corresponding to the user
you need to assign a tag to).</p>
<h2 id="the-csv-file">The CSV file</h2>
<p>The format of the csv file is this</p>
<pre><code>objectid;userId;tag
</code></pre>
<p>for example</p>
<pre><code>objectid;userId;tag
PwiCdKrPbQ2IyrQy7W2EVrXpHTAA3G00WuHUgP6PY1;e69b51ea-2d84-4881-a7df-99f651c62d68;ITPro
PwiCdKrPbQ2IyrQy7W2EVrXpHTAA3G00WuHUgP6PY1;2e59f376-9231-44b6-8654-e53f866daa65;ITPro
</code></pre>
<h1 id="the-script">The script</h1>
<pre><code class="language-powershell">function Add-TagsToUsers{
#CSV file containing the team objectId, user id and tag name
$userAndTags=&quot;usersAndTags.csv&quot;
$csv = Import-CSV -Delimiter &quot;;&quot; -Path $userAndTags
#Authentication
## Let's load the great AADInternals module
Import-Module AADInternals
#Let's request a chat service token
$token = Get-AADIntAccessToken -Resource https://chatsvcagg.teams.microsoft.com -ClientId &quot;1fec8e78-bce4-4aaf-ab1b-5451cc387264&quot;
#Some variable definitions - Do not change this
$urlPart1=&quot;https://teams.microsoft.com/api/csa/amer/api/v1/teams/19:&quot;
$urlPart3=&quot;&#64;thread.tacv2/memberTags/?action=add&quot;
#For each entry in the csv we will try to add the user to the tag
foreach($entry in $csv){
$objectId=$entry.objectId
$userId=$entry.userId
$tag=$entry.tag
$uri = $urlPart1+$objectId+$urlPart3
Write-Verbose $uri
$body = &quot;{`&quot;tagNames`&quot;:[`&quot;$tag`&quot;],`&quot;memberIds`&quot;:[`&quot;8:orgid:$userId`&quot;]}&quot;
Write-Verbose $body
$path=&quot;/api/csa/amer/api/v1/teams/19:$objectId&#64;thread.tacv2/memberTags/?action=add&quot;
Write-Verbose $path
$guid=(New-Guid).Guid
$Result=Invoke-WebRequest -UseBasicParsing -Uri $uri `
-Method &quot;POST&quot; `
-Headers &#64;{
&quot;authority&quot;=&quot;teams.microsoft.com&quot;
&quot;method&quot;=&quot;POST&quot;
&quot;path&quot;=$path
&quot;scheme&quot;=&quot;https&quot;
&quot;accept&quot;=&quot;json&quot;
&quot;accept-encoding&quot;=&quot;gzip, deflate, br&quot;
&quot;accept-language&quot;=&quot;es,es-ES;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6&quot;
&quot;authorization&quot;=&quot;Bearer $token&quot;
&quot;origin&quot;=&quot;https://teams.microsoft.com&quot;
&quot;referer&quot;=&quot;https://teams.microsoft.com/_&quot;
&quot;sec-ch-ua&quot;=&quot;`&quot;Chromium`&quot;;v=`&quot;106`&quot;, `&quot;Microsoft Edge`&quot;;v=`&quot;106`&quot;, `&quot;Not;A=Brand`&quot;;v=`&quot;99`&quot;&quot;
&quot;sec-ch-ua-mobile&quot;=&quot;?0&quot;
&quot;sec-ch-ua-platform&quot;=&quot;`&quot;Windows`&quot;&quot;
&quot;sec-fetch-dest&quot;=&quot;empty&quot;
&quot;sec-fetch-mode&quot;=&quot;cors&quot;
&quot;sec-fetch-site&quot;=&quot;same-origin&quot;
&quot;x-ms-client-env&quot;=&quot;pds-prod-c1-ussc-01&quot;
&quot;x-ms-client-type&quot;=&quot;web&quot;
&quot;x-ms-client-version&quot;=&quot;1415/1.0.0.2022092126&quot;
&quot;x-ms-scenario-id&quot;=&quot;511&quot;
&quot;x-ms-session-id&quot;=$guid
&quot;x-ms-user-type&quot;=&quot;null&quot;
&quot;x-ringoverride&quot;=&quot;general&quot;
} `
-ContentType &quot;application/json&quot; `
-Body $body `
$Result
}
}
Add-TagsToUsers
</code></pre>
<p>The script uses the great AADInternals module to ease the token retrieval and then mimics what the Teams client does when adding tags to users.
Once run, you should have all the users you specified in the csv file with the specified tag in the specified team.</p>
<p>I invite everyone that wants to contribute to this script to do so here in this <a href="https://github.com/get-itips/MiscScripts/blob/dev/Teams/Add-TagsToUsers.ps1">GitHub repo</a>.</p>
</content:encoded>
</item>
<item>
<title>How to export Azure AD Connect metaverse using sqlcmd</title>
<link>https://get-itips.capazero.net/posts/azure-ad-connect-db-query</link>
<description><p>The Synchronization Service Manager app is good to review the status and check the configuration of synchronization to and from an Azure AD tenant,
and it also includes a Metaverse Search option where you can query the SQL database that Azure AD Connect uses.
One of the things that is recommended in a swing migration is to compare the number of objects between installations, however this UI does not handle correctly
a big number objects, I found that if you click <em>Search</em> on the <em>Metaverse Search</em> option, with 50,000 items or more, and then you try to copy all the results (I do this to
understand which accounts will not be part of the new installation, hence, deleted from Azure AD), the UI will hang.</p></description>
<guid>https://get-itips.capazero.net/posts/azure-ad-connect-db-query</guid>
<pubDate>Tue, 06 Sep 2022 00:00:00 GMT</pubDate>
<content:encoded><h1 id="introduction">Introduction</h1>
<p>The Synchronization Service Manager app is good to review the status and check the configuration of synchronization to and from an Azure AD tenant,
and it also includes a Metaverse Search option where you can query the SQL database that Azure AD Connect uses.
One of the things that is recommended in a swing migration is to compare the number of objects between installations, however this UI does not handle correctly
a big number objects, I found that if you click <em>Search</em> on the <em>Metaverse Search</em> option, with 50,000 items or more, and then you try to copy all the results (I do this to
understand which accounts will not be part of the new installation, hence, deleted from Azure AD), the UI will hang.</p>
<h1 id="analysis">Analysis</h1>
<p>So I needed a way to query the objects but using the command line, I didn't want to install SQL Management Studio on the Azure AD Connect Server.</p>
<p>First of all, we need to get the named pipes connection string, (these instructions are if using the LocalDB version of SQL Server's Azure AD Connect, otherwise, if using an standalone SQL
Server you would already know the server name, instance name and protocol).</p>
<h1 id="the-solution">The Solution?</h1>
<p>SQL Server's Azure AD Connect uses named pipes as protocol, so we need to take that into account, open the error.log file that is present in</p>
<pre><code>C:\Users\[Account Running Microsoft Azure AD Sync Service]\AppData\Local\Microsoft\Microsoft SQL Server Local DB\Instances\ADSync2019
</code></pre>
<p>also found on this path</p>
<pre><code>C:\Windows\ServiceProfiles\ADSync\AppData\Local\Microsoft\Microsoft SQL Server Local DB\Instances\ADSync2019
</code></pre>
<p>find a line similar to:</p>
<pre><code>Server local connection provider is ready to accept connection on [ \\.\pipe\LOCALDB#SHEA4A65\tsql\query ].
</code></pre>
<p>take note of the whole pipe \.\pipe\LOCALDB#SHEA4A65\tsql\query (it differs from installation to installation, yours will be different)</p>
<p>then, open a command prompt and run this command, making the required adjustments</p>
<pre><code class="language-cmd">sqlcmd -S np:\\.\pipe\LOCALDB#SHEA4A65\tsql\query -d &quot;ADSync&quot; -E -Q &quot;select displayName FROM [ADSync].[dbo].[mms_metaverse]&quot; -o &quot;ExportAADC.txt&quot; -h-1 -w 200
</code></pre>
<p>This command connects to the specified named pipe (-S np:\.\pipe\LOCALDB#SHEA4A65\tsql\query), against the specified database (-d &quot;ADSync&quot;), runs the specified T-SQL
(-Q &quot;select displayName FROM [ADSync].[dbo].[mms_metaverse]&quot;) and produces the specified output text file (-o &quot;ExportAADC.txt&quot;)
This command will produce a text file with the output of the query, unfortunately, a lot of white lines will be present on the file, you can remove them easily using</p>
<pre><code>Edit -&gt; Line operations -&gt; Remove Empty Lines (Containing Blank characters)
</code></pre>
<p>option from Notepad++.</p>
<h1 id="conclusion">Conclusion</h1>
<p>This method is useful if you do not want to add any other piece of software in the server, which it is usually not recommended or easy in customer's installations, sqlcmd comes with the Azure AD Connect installation and is right there.</p>
</content:encoded>
</item>
<item>
<title>Renewing Web Management Service certificate from SHA1 to SHA256 in Exchange Server</title>
<link>https://get-itips.capazero.net/posts/wmsvc-sha256-exchange</link>
<description><p>The <a href="https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/">Exchange Health Checker</a> checks for the presence of SHA1 signed certificates in the output of Get-ExchangeCertificate, upon checking on a customer where I ran the script, a warning was raised about SHA1 certificates being present, the only SHA1-signed certificate was the one that Exchange creates for the Web Management service of IIS (WMSvc) when installing Exchange. This certificate can be SHA1-signed if, at the time of the setup, Exchange did not create certificates with a signature algorithm of SHA256.</p></description>
<guid>https://get-itips.capazero.net/posts/wmsvc-sha256-exchange</guid>
<pubDate>Thu, 07 Jul 2022 00:00:00 GMT</pubDate>
<content:encoded><h1 id="background">Background</h1>
<p>The <a href="https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/">Exchange Health Checker</a> checks for the presence of SHA1 signed certificates in the output of Get-ExchangeCertificate, upon checking on a customer where I ran the script, a warning was raised about SHA1 certificates being present, the only SHA1-signed certificate was the one that Exchange creates for the Web Management service of IIS (WMSvc) when installing Exchange. This certificate can be SHA1-signed if, at the time of the setup, Exchange did not create certificates with a signature algorithm of SHA256.</p>
<p>It seems that <a href="https://blog.rmilne.ca/2016/07/20/exchange-self-signed-sha2-certificates/">starting from CU13</a> of Exchange 2013 and Exchange 2016 CU2, self-signed certificates created using New-ExchangeCertificate started to be created using SHA256.</p>
<h1 id="checking-if-using-sha1-for-wmsvc-service">Checking if using SHA1 for WMSvc service</h1>
<p>If you are not sure, confirm that you are indeed using a SHA1-signed certificate for WMSvc</p>
<ol>
<li>Open <em>IIS Manager</em></li>
<li>Click on the name of the server in the left pane</li>
<li>2-Click on <em>Management Service</em></li>
<li>Take note of the name of the SSL certificate (this will be the friendly name in the <em>Certificates</em> snap-in)</li>
<li>Open <em>mmc.exe</em> and add the <em>certificates Snap-In</em> for <em>local computer</em></li>
<li>Search for the certificate, it will be something like “WMSvc - ServerName” in the personal store, open the properties of the certificate</li>
<li>Click the <em>Details</em> tab</li>
<li>Check if <em>signature algorithm</em> field is SHA1</li>
</ol>
<h1 id="getting-a-new-self-signed-certificate-sha256-signed">Getting a new self-signed certificate SHA256-signed</h1>
<p><strong>Prerequisite:</strong> You must be running Exchange 2013 CU13 or later or Exchange 2016 CU2, Exchange 2019 creates SHA2 certificates from RTM</p>
<p>Open Exchange Management Shell and run this cmdlet to create a new self-signed certificate</p>
<pre><code class="language-powershell">New-ExchangeCertificate -SubjectName &quot;cn=WMSvc-SHA2-SERVERNAME&quot; -FriendlyName &quot;WMSVC-SHA2&quot;
</code></pre>
<p><strong>Note:</strong> Replace SERVERNAME in the cmdlet with the actual name of your Exchange Server</p>
<h1 id="verify-the-new-certificate-was-generated-and-trust-it">Verify the new certificate was generated and trust it</h1>
<p>If you still have the certificates snap-in open, you will now have a <em>Issued to</em> certificate with the subject name we used in the step above.</p>
<ol>
<li>Right-click &amp; copy this certificate</li>
<li>Select <em>Trusted Root Certification Authorities</em></li>
<li>Right-click &amp; paste this certificate</li>
</ol>
<p>Swapping the certificate used by WMSvc service</p>
<ol>
<li>Open <em>IIS Manager</em></li>
<li>Click on the name of the server in the left pane</li>
<li>2-Click on <em>Management Service</em></li>
<li>In the <em>Actions</em> pane, click <em>Stop</em>, accept any warning</li>
<li>Now you can select different certificate in the <em>SSL Certificate</em> drop-down, choose the newly generated cert</li>
<li>In the <em>Actions</em> pane, click <em>Start</em></li>
</ol>
<p>That should be it, you will now have a Web Management Service running a SHA2 signed certificate and the health checker should not raise you this warning.</p>
</content:encoded>
</item>
<item>
<title>Cmdlets run by the Hybrid Configuration Wizard</title>
<link>https://get-itips.capazero.net/posts/hcw-cmdlets</link>
<description><p>Based on several runs of the Hybrid Configuration Wizard from different deployments, these appear to be the cmdlets ran either against On-Premises (Exchange Server) and against the Tenant (Exchange Online).
I'll update these if I found any missing cmdlets, and I also would like to split them between Minimal and Full hybrid options.</p></description>
<guid>https://get-itips.capazero.net/posts/hcw-cmdlets</guid>
<pubDate>Wed, 29 Jun 2022 00:00:00 GMT</pubDate>
<content:encoded><p>Based on several runs of the Hybrid Configuration Wizard from different deployments, these appear to be the cmdlets ran either against On-Premises (Exchange Server) and against the Tenant (Exchange Online).
I'll update these if I found any missing cmdlets, and I also would like to split them between Minimal and Full hybrid options.</p>
<h1 id="classic-or-modern-full">Classic or Modern Full</h1>
<h2 id="get-cmdlets">Get- cmdlets</h2>
<table class="table">
<thead>
<tr>
<th>Cmdlet</th>
<th>Where</th>
<th>Parameters</th>
</tr>
</thead>
<tbody>
<tr>
<td>Get-ExchangeServer</td>
<td>Exchange Server</td>
<td></td>
</tr>
<tr>
<td>Get-MailboxDatabase</td>
<td>Exchange Server</td>
<td>-IncludePreExchange2013: $true</td>
</tr>
<tr>
<td>Get-OrganizationConfig</td>
<td>Exchange Server</td>
<td></td>
</tr>
<tr>
<td>Get-HybridConfiguration</td>
<td>Exchange Server</td>
<td></td>
</tr>
<tr>
<td>Get-AcceptedDomain</td>
<td>Exchange Server</td>
<td></td>
</tr>
<tr>
<td>Get-FederatedOrganizationIdentifier</td>
<td>Exchange Server</td>
<td>-IncludeExtendedDomainInfo: $false</td>
</tr>
<tr>
<td>Get-FederationTrust</td>
<td>Exchange Server</td>
<td></td>
</tr>
<tr>
<td>Get-WebServicesVirtualDirectory</td>
<td>Exchange Server</td>
<td>-ADPropertiesOnly: $true</td>
</tr>
<tr>
<td>Get-RemoteDomain</td>
<td>Exchange Server</td>
<td></td>
</tr>
<tr>
<td>Get-OrganizationConfig</td>
<td>Exchange Online</td>
<td></td>
</tr>
<tr>
<td>Get-OnPremisesOrganization</td>
<td>Exchange Online</td>
<td></td>
</tr>
<tr>
<td>Get-AcceptedDomain</td>
<td>Exchange Online</td>
<td></td>
</tr>
<tr>
<td>Get-MigrationEndpoint</td>
<td>Exchange Online</td>
<td></td>
</tr>
<tr>
<td>Get-ExchangeCertificate</td>
<td>Exchange Server</td>
<td>-Server <ExchangeHost></td>
</tr>
<tr>
<td>Get-RemoteDomain</td>
<td>Exchange Server</td>
<td></td>
</tr>
<tr>
<td>Get-EmailAddressPolicy</td>
<td>Exchange Server</td>
<td></td>
</tr>
<tr>
<td>Get-OrganizationRelationship</td>
<td>Exchange Server</td>
<td></td>
</tr>
<tr>
<td>Get-OrganizationConfig</td>
<td>Exchange Server</td>
<td></td>
</tr>
<tr>
<td>Get-OrganizationRelationship</td>
<td>Exchange Online</td>
<td></td>
</tr>
<tr>
<td>Get-OwaVirtualDirectory</td>
<td>Exchange Server</td>
<td>-ADPropertiesOnly: $true</td>
</tr>
<tr>
<td>Get-AvailabilityAddressSpace</td>
<td>Exchange Server</td>
<td></td>
</tr>
<tr>
<td>Get-SendConnector</td>
<td>Exchange Server</td>
<td></td>
</tr>
<tr>
<td>Get-ReceiveConnector</td>
<td>Exchange Server</td>
<td>-Server <ExchangeHost></td>
</tr>
<tr>
<td>Get-FederationInformation*1</td>
<td>Exchange Server</td>
<td></td>
</tr>
<tr>
<td>Get-FederationTrust*1</td>
<td>Exchange Server</td>
<td>-Identity 'Microsoft Federation Gateway'</td>
</tr>
<tr>
<td>Get-FederationTrust*1</td>
<td>Exchange Online</td>
<td>-Identity MicrosoftOnline</td>
</tr>
<tr>
<td>Get-OutboundConnector</td>
<td>Exchange Online</td>
<td></td>
</tr>
<tr>
<td>Get-InboundConnector</td>
<td>Exchange Online</td>
<td></td>
</tr>
<tr>
<td>Get-IntraOrganizationConfiguration</td>
<td>Exchange Server</td>
<td></td>
</tr>
<tr>
<td>Get-IntraOrganizationConfiguration</td>
<td>Exchange Online</td>
<td>-OrganizationGuid '<guid>'</td>
</tr>
<tr>
<td>Get-IntraOrganizationConnector</td>
<td>Exchange Online</td>
<td></td>
</tr>
<tr>
<td>Get-IntraOrganizationConnector</td>
<td>Exchange Server</td>
<td></td>
</tr>
<tr>
<td>Get-AuthConfig</td>
<td>Exchange Server</td>
<td></td>
</tr>
<tr>
<td>Get-ActiveSyncVirtualDirectory</td>
<td>Exchange Server</td>
<td>-ADPropertiesOnly: $true</td>
</tr>
<tr>
<td>Get-PartnerApplication</td>
<td>Exchange Server</td>
<td>-Identity 'Exchange Online'</td>
</tr>
</tbody>
</table>
<h2 id="new-set-update-cmdlets">New-, Set- &amp; Update- cmdlets</h2>
<table class="table">
<thead>
<tr>
<th>Cmdlet</th>
<th>Where</th>
<th>Parameters (Example)</th>
</tr>
</thead>
<tbody>
<tr>
<td>Update-EmailAddressPolicy</td>
<td>Exchange Server</td>
<td>-Identity 'Default Policy' -UpdateSecondaryAddressesOnly: $true</td>
</tr>
<tr>
<td>New/Set-HybridConfiguration</td>
<td>Exchange Server</td>
<td>-ClientAccessServers $null -ExternalIPAddresses $null -Domains 'contoso.com','fabrikam.com' -OnPremisesSmartHost 'mail.contoso.com' -TLSCertificateName '<I>CN=WorldSSL DV CA, O=Sàrl, C=LU&lt;S&gt;CN=mail.contoso.com' -SendingTransportServers EXC01 -ReceivingTransportServers EXC01 -EdgeTransportServers $null -Features FreeBusy,MoveMailbox,Mailtips,MessageTracking,OwaRedirection,OnlineArchive,SecureMail,Photos</td>
</tr>
<tr>
<td>Set-EmailAddressPolicy</td>
<td>Exchange Server</td>
<td>-Identity 'Default Policy' -ForceUpgrade: $true -EnabledEmailAddressTemplates 'SMTP:&#64;contoso.com','X400:c=US;a= ;p=Contoso;o=Contoso;','smtp:%m&#64;contoso.mail.onmicrosoft.com'</td>
</tr>
<tr>
<td>New/Set-OrganizationRelationship</td>
<td>Exchange Server</td>
<td>-FreeBusyAccessEnabled: $true -FreeBusyAccessLevel LimitedDetails -MailTipsAccessEnabled: $true -MailTipsAccessLevel All -DeliveryReportEnabled: $true -PhotosEnabled: $true -TargetOwaURL '<a href="https://outlook.office.com/mail%27">https://outlook.office.com/mail'</a> -Identity 'On-premises to O365 - 6fc3a33e-3ca2-4528-8e3c-75e5d4e9db76'</td>
</tr>
<tr>
<td>New/Set-OrganizationRelationship</td>
<td>Exchange Online</td>
<td>-FreeBusyAccessEnabled: $true -FreeBusyAccessLevel LimitedDetails -TargetSharingEpr $null -MailTipsAccessEnabled: $true -MailTipsAccessLevel All -DeliveryReportEnabled: $true -PhotosEnabled: $true -TargetOwaURL '<a href="https://mail.contoso.com/owa%27">https://mail.contoso.com/owa'</a> -Identity 'O365 to On-premises - 6fc3a33e-3ca2-4528-8e3c-75e5d4e9db76'</td>
</tr>
<tr>
<td>New/Set-SendConnector</td>
<td>Exchange Server</td>
<td>-Name 'Outbound to Office 365 - 6fc3a33e-3ca2-4528-8e3c-75e5d4e9db76' -AddressSpaces 'smtp:contoso.mail.onmicrosoft.com;1' -DNSRoutingEnabled: $true -ErrorPolicies Default -Fqdn 'mail.contoso.com' -RequireTLS: $true -IgnoreSTARTTLS: $false -SourceTransportServers EXC01 -SmartHosts $null -TLSAuthLevel DomainValidation -DomainSecureEnabled: $false -TLSDomain 'mail.protection.outlook.com' -CloudServicesMailEnabled: $true -TLSCertificateName '<I>CN=Go mommy Secure Certificate Authority - G2, OU=<a href="http://certs.gomommy.com/repository/,">http://certs.gomommy.com/repository/,</a> O=&quot;Gomommy.com, Inc.&quot;, L=Scottsdale, S=Arizona, C=US&lt;S&gt;CN=mail.contoso.com' -Identity 'Outbound to Office 365 - 6fc3a33e-3ca2-4528-8e3c-75e5d4e9db76'</td>
</tr>
<tr>
<td>Set-ReceiveConnector</td>
<td>Exchange Server</td>
<td>-AuthMechanism 'Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer' -Bindings '[<span>]:25','0.0.0.0:25' -Fqdn 'EXC01.contoso.com' -PermissionGroups 'AnonymousUsers, ExchangeServers, ExchangeLegacyServers' -RemoteIPRanges '</span>-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff','0.0.0.0-255.255.255.255' -RequireTLS: $false -TLSDomainCapabilities 'mail.protection.outlook.com:AcceptCloudServicesMail' -TLSCertificateName '<I>CN=Go mommy Secure Certificate Authority - G2, OU=<a href="http://certs.gomommy.com/repository/,">http://certs.gomommy.com/repository/,</a> O=&quot;Gomommy.com, Inc.&quot;, L=Scottsdale, S=Arizona, C=US&lt;\S&gt;CN=mail.contoso.com' -TransportRole FrontendTransport -Identity 'EXC01\Default Frontend EXC01'</td>
</tr>
<tr>
<td>New/Set-OutboundConnector</td>
<td>Exchange Online</td>
<td>-Name 'Outbound to 6fc3a33e-3ca2-4528-8e3c-75e5d4e9db76' -RecipientDomains 'contoso.com','fabrikam.com' -SmartHosts 'mail.contoso.com' -ConnectorSource HybridWizard -ConnectorType OnPremises -TLSSettings DomainValidation -TLSDomain 'mail.contoso.com' -CloudServicesMailEnabled: $true -RouteAllMessagesViaOnPremises: $false -UseMxRecord: $false -IsTransportRuleScoped: $false -Identity 'Outbound to 6fc3a33e-3ca2-4528-8e3c-75e5d4e9db76'</td>
</tr>
<tr>
<td>New/Set-InboundConnector</td>
<td>Exchange Online</td>
<td>-Name 'Inbound from 6fc3a33e-3ca2-4528-8e3c-75e5d4e9db76' -CloudServicesMailEnabled: $true -ConnectorSource HybridWizard -ConnectorType OnPremises -RequireTLS: $true -SenderDomains '<em>' -SenderIPAddresses $null -RestrictDomainsToIPAddresses: $false -TLSSenderCertificateName '</em>.contoso.com' -AssociatedAcceptedDomains $null</td>
</tr>
<tr>
<td>Set-OnPremisesOrganization</td>
<td>Exchange Online</td>
<td>-HybridDomains 'contoso.com','fabrikam.com' -InboundConnector 'Inbound from 6fc3a33e-3ca2-4528-8e3c-75e5d4e9db76' -OutboundConnector 'Outbound to 6fc3a33e-3ca2-4528-8e3c-75e5d4e9db76' -OrganizationRelationship 'O365 to On-premises - 6fc3a33e-3ca2-4528-8e3c-75e5d4e9db76'</td>
</tr>
<tr>
<td>New/Set-PartnerApplication</td>
<td>Exchange Server</td>
<td>-Identity 'Exchange Online' -Enabled: $true</td>
</tr>
<tr>
<td>New-RemoteDomain</td>
<td>Exchange Server</td>
<td>-Name 'Hybrid Domain - contoso.mail.onmicrosoft.com'</td>
</tr>
<tr>
<td>New-AcceptedDomain</td>
<td>Exchange Server</td>
<td>-DomainName 'contoso.mail.onmicrosoft.com' -Name 'contoso.mail.onmicrosoft.com'</td>
</tr>
<tr>
<td>New-IntraOrganizationConnector</td>
<td>Exchange Server</td>
<td>-Name 'HybridIOC - <guid>' -DiscoveryEndpoint '<a href="https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc%27">https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc'</a> -TargetAddressDomains 'contoso.mail.onmicrosoft.com' -Enabled: $true</td>
</tr>
<tr>
<td>New-IntraOrganizationConnector</td>
<td>Exchange Online</td>
<td>-Name 'HybridIOC - <guid>' -DiscoveryEndpoint '<a href="https://mail.contoso.com/autodiscover/autodiscover.svc%27">https://mail.contoso.com/autodiscover/autodiscover.svc'</a> -TargetAddressDomains 'contoso.com','fabrikam.com' -Enabled: $true</td>
</tr>
<tr>
<td>New-AuthServer</td>
<td>Exchange Server</td>
<td>-Name 'ACS - <guid>' -AuthMetadataUrl '<a href="https://accounts.accesscontrol.windows.net/22e190d2-28f3-4a09-898f-f7bb4c477af7/metadata/json/1%27">https://accounts.accesscontrol.windows.net/22e190d2-28f3-4a09-898f-f7bb4c477af7/metadata/json/1'</a> -DomainName 'contoso.com','contoso.mail.onmicrosoft.com'</td>
</tr>
<tr>
<td>New-AuthServer</td>
<td>Exchange Server</td>
<td>-Name 'EvoSts - <guid>' -AuthMetadataUrl '<a href="https://login.windows.net/contoso.onmicrosoft.com/federationmetadata/2007-06/federationmetadata.xml%27">https://login.windows.net/contoso.onmicrosoft.com/federationmetadata/2007-06/federationmetadata.xml'</a> -Type AzureAD</td>
</tr>
<tr>
<td>New-FederationTrust*1</td>
<td>Exchange Server</td>
<td>-Name 'Microsoft Federation Gateway' -Thumbprint <thumbprint></td>
</tr>
<tr>
<td>Set-FederatedOrganizationIdentifier</td>
<td>Exchange Server</td>
<td>-AccountNamespace 'contoso.com' -DelegationFederationTrust 'Microsoft Federation Gateway' -Enabled: $true -DefaultDomain $null</td>
</tr>
<tr>
<td>Set-FederatedOrganizationIdentifier</td>
<td>Exchange Online</td>
<td>-DefaultDomain 'contoso.mail.onmicrosoft.com' -Enabled: $true</td>
</tr>
</tbody>
</table>
<p>*1 Apparently only if Exchange 2010 is present in the Exchange Organization</p>
</content:encoded>
</item>
<item>
<title>The Microsoft Exchange Unified Messaging Call Router service rejected the call for the following reason</title>
<link>https://get-itips.capazero.net/posts/um-call-rejected</link>
<description><p>In the process of adding an Exchange Server 2019 to a current Exchange organization with Exchange Server 2013, Auto Attendant/UM stopped working, investigating event viewer logs
in Exchange Server 2013 server, I found this event entry (Event Id 1647)</p></description>
<guid>https://get-itips.capazero.net/posts/um-call-rejected</guid>
<pubDate>Wed, 11 May 2022 00:00:00 GMT</pubDate>
<content:encoded><p>In the process of adding an Exchange Server 2019 to a current Exchange organization with Exchange Server 2013, Auto Attendant/UM stopped working, investigating event viewer logs
in Exchange Server 2013 server, I found this event entry (Event Id 1647)</p>
<pre><code class="language-powershell">The Microsoft Exchange Unified Messaging Call Router service rejected the call for the following reason: 15647;source=&quot;ex2013.contoso.net&quot;;reason=&quot;Access to Active Directory error occured.&quot; Microsoft.Exchange.UM.UMCore.CallRejectedException: The Mailbox server with the FQDN ex2019.contoso.net couldn't be located in Active Directory.
at Microsoft.Exchange.UM.UMCore.EnterpriseRedirectionTarget.GetRoutingInformation(String serverFqdn, Boolean isSecuredCall, String&amp; routingFqdn, Int32&amp; routingPort)
at Microsoft.Exchange.UM.UMCore.EnterpriseRedirectionTarget.GetBackEndBrickRedirectionTarget(ADUser user, IRoutingContext context)
at Microsoft.Exchange.UM.UMCore.EnterpriseRedirectionTarget.GetForNonUserSpecificCall(OrganizationId orgId, IRoutingContext context)
at Microsoft.Exchange.UM.UMCore.AutoAttendantCallHandler.HandleCall(CafeRoutingContext context)
at Microsoft.Exchange.UM.UMCore.RouterCallHandler.InternalHandle(ICallHandler[] handlers, CafeRoutingContext context)
at Microsoft.Exchange.UM.UcmaPlatform.UcmaCallRouterPlatform.TryHandleIncomingCall(CallReceivedEventArgs`1 args, Exception&amp; error, Boolean&amp; isDiagnosticCall)
at Microsoft.Exchange.UM.UcmaPlatform.UcmaUtils.&lt;&gt;c__DisplayClassf.&lt;ProcessPlatformRequestAndReportErrors&gt;b__d()
</code></pre>
<p>The error might be misleading as it implies some Active Directory connection issue, but it was mentioning the newly incorporated Exchange Server 2019 and I thought, why?</p>
<p>I then remember I migrated System Mailboxes to Exchange 2019 box, especially, these two, that have UM-related capabilities:</p>
<pre><code class="language-powershell">Name : SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}
PersistedCapabilities : {OrganizationCapabilityUMGrammarReady, OrganizationCapabilityPstProvider,
OrganizationCapabilityMessageTracking, OrganizationCapabilityMailRouting,
OrganizationCapabilityClientExtensions, OrganizationCapabilityGMGen,
OrganizationCapabilityOABGen, OrganizationCapabilityUMGrammar}
Name : SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}
PersistedCapabilities : {OrganizationCapabilityUMDataStorage}
</code></pre>
<p>Boom! that might be it... so I moved them back to Exchange 2013 mailbox database and AutoAttendant/UM started to work again.</p>
</content:encoded>
</item>
<item>
<title>Enabling Teams Shared Channels 101</title>
<link>https://get-itips.capazero.net/posts/shared-channels-101</link>
<description><p>#Background</p></description>
<guid>https://get-itips.capazero.net/posts/shared-channels-101</guid>
<pubDate>Wed, 27 Apr 2022 00:00:00 GMT</pubDate>
<content:encoded><p>#Background</p>
<p>Teams Shared Channels is a great new feature that is still in Public Preview, the goal of this post is to create a concise guide to follow in order to enable Shared Channels in your Tenant</p>
<h1 id="azure-ad-cross-tenant-access-policies">Azure AD Cross Tenant Access Policies</h1>
<p>These are the basis of Teams Shared Channels and we must begin configuring them in order to enable Teams Shared Channels later.</p>
<ol>
<li>Browse to <a href="https://aad.portal.azure.com/">https://aad.portal.azure.com/</a></li>
<li>Click on <strong>Azure Active Directory</strong></li>
<li>Click on <strong>External Identities</strong></li>
<li>Click on <strong>Cross-Tenant access settings (preview)</strong></li>
<li>Click <strong>Add Organization</strong>, this would be the information of the other organization we would like to interact with.</li>
<li>Enter the <strong>Tenant ID or domain name</strong>, if you use the latter, it is in the form of tenantname.onmicrosoft.com</li>
<li>It should resolve the Name and Tenant ID, click <strong>Add</strong></li>
<li>A new entry should be added on the list and a default of &quot;<strong>Inherited from default</strong>&quot; in <strong>Inbound Access</strong> and <strong>Outbound access</strong> columns should be displayed.</li>
<li>We are going to customize per organization instead of using the defaults, but you can also customize the defaults. Click on the <strong>Inherited from default</strong> in the <strong>inbound access</strong> column</li>
<li>Click <strong>B2B Direct connect</strong></li>
<li>Click <strong>Customize settings</strong></li>
<li>Verify <strong>Allow Access</strong> and <strong>All External users and groups</strong> are selected (Although it can be customized to scope to certain users and groups), and Click <strong>Save</strong></li>
<li>Click <strong>Applications</strong> and verify <strong>Allow Access</strong> and <strong>all applications</strong> are selected (although it can be customized to certain applications), click <strong>Save</strong> if you had to modify any setting here.</li>
<li>Go back to the <strong>External identities</strong> screen clicking on <strong>External Identities</strong></li>
<li>Inbound access is configured when the direction of the collaboration is ToMyTenancy, in other words when we want to invite someone from the other organization to a Shared channel created on our tenant.</li>
<li>If you want your users to be able to participate in the other organization’s shared channels, configure the same settings under inherited from default in Outbound access column.</li>
</ol>
<p><strong>Note:</strong> This configuration can be viewed with the Graph PowerShell cmdlet <strong>Get-MgPolicyCrossTenantAccessPolicy</strong> (Microsoft.Graph.Identity.SignIns) and the Exchange Online PowerShell cmdlet <strong>Get-CrossTenantAccessPolicy</strong>, although not yet so user-friendly.</p>
<p>Check this great resources in case you want to understand more about these policies:</p>
<p><a href="https://www.michev.info/Blog/Post/3681/cross-tenant-access-policy-xtap-and-the-graph-api">https://www.michev.info/Blog/Post/3681/cross-tenant-access-policy-xtap-and-the-graph-api</a>
<a href="https://practical365.com/cross-tenant-access-policies/">https://practical365.com/cross-tenant-access-policies/</a>
<a href="https://docs.microsoft.com/en-us/azure/active-directory/external-identities/b2b-direct-connect-overview">https://docs.microsoft.com/en-us/azure/active-directory/external-identities/b2b-direct-connect-overview</a>
<a href="https://docs.microsoft.com/en-us/azure/active-directory/external-identities/cross-tenant-access-settings-b2b-direct-connect">https://docs.microsoft.com/en-us/azure/active-directory/external-identities/cross-tenant-access-settings-b2b-direct-connect</a></p>
<h1 id="teams-admin-center">Teams Admin Center</h1>
<h2 id="teams-policies">Teams policies</h2>
<ol>
<li>Browse to <a href="https://admin.teams.microsoft.com/">https://admin.teams.microsoft.com/</a></li>
<li>Click on <strong>Teams – Teams policies</strong></li>
<li>Click on the <strong>Global (org-wide default)</strong></li>
<li>Verify that <strong>Create shared channels</strong> and <strong>Join external shared channels</strong> is <strong>enabled</strong></li>
<li>You can also create a new policy if you don’t want to use the Global one</li>
</ol>
<h2 id="teams-update-policies">Teams update policies</h2>
<ol>
<li>Click on <strong>Teams – Teams update policies</strong></li>
<li>Click on the <strong>Global (org-wide default)</strong></li>
<li>Verify that under the <strong>Show preview features</strong> combo, <strong>Enabled</strong> is selected</li>
<li>Click <strong>Apply</strong> if necessary.</li>
</ol>
<h2 id="teams-client">Teams client</h2>
<ol>
<li>Click the <strong>…</strong> in the Teams desktop client</li>
<li>Select <strong>About – Public Preview version</strong></li>
<li>Accept the agreement</li>
<li>You should now be able to create a Shared Channel</li>
</ol>
<p><strong>Note:</strong> Is not necessary to load Teams using the Public Preview version to later interact with the Channel once it is created.</p>
</content:encoded>
</item>
<item>
<title>How to leave a Teams meeting chat, even if you are the organizer</title>
<link>https://get-itips.capazero.net/posts/leave-from-meeting-chat</link>
<description><p>I noticed that, if you schedule a Teams Meeting, (and you are the organizer), these are the options available for the meeting chat/conversation:</p></description>
<guid>https://get-itips.capazero.net/posts/leave-from-meeting-chat</guid>
<pubDate>Thu, 10 Feb 2022 00:00:00 GMT</pubDate>
<content:encoded><h1 id="introduction">Introduction</h1>
<p>I noticed that, if you schedule a Teams Meeting, (and you are the organizer), these are the options available for the meeting chat/conversation:</p>
<p><img src="/images/NoLeaveOption.png" class="img-fluid" alt="Teams Meetings No Leave Option" /></p>
<p>See? No <strong>Leave</strong> option.</p>
<p><em>Did you know? Leave option will show up to attendes only if the meeting has &gt; 2 participants</em></p>
<p><img src="/images/LeaveOption.png" class="img-fluid" alt="Teams Meetings Leave Option" /></p>
<h1 id="the-problem">The problem?</h1>
<p>What about if, for some reason, you are not anymore in the topic, you switched roles in your company, or you just want to leave the conversation for good?</p>
<p>Sure, you can mute or hide the conversation, but it will show up again if someone writes into the meeting chat.</p>
<p>So, I investigated a little bit with Developer tools, as I did in <a href="https://get-itips.capazero.net/posts/extra-information-federated-teams">Getting some extra information about Teams federated users using PowerShell</a> and <a href="https://get-itips.capazero.net/posts/clear-teams-notifications">Mark Teams notifications as read</a> to see what happens when a non-organizer leaves a Meeting chat/conversation and found out that a REST API is called to do that, so decided to give it a try and force an organizer to Leave a Teams meeting chat.</p>
<h1 id="prerequisites">PreRequisites</h1>
<p>The tricky part is that we need to specify two things in the URL</p>
<ul>
<li><p>Some sort of thread ID created for the meeting</p>
</li>
<li><p>Our Teams User ID</p>
</li>
</ul>
<p><em>Sample URL</em></p>
<pre><code class="language-powershell">https://amer.ng.msg.teams.microsoft.com/v1/threads/19:meeting_MjRkYTA1ZWItZjVhYi00MDVjWJiZDQtMDQwZGU3OTkwZTIz&#64;thread.v2/members/8:orgid:cb13db92-6e3a-4f30-a4a1-3be0d94d4ede
</code></pre>
<p>So how do we get these values? Currently, I am trying to figure out a scripted way to do this, but for now, we can extract the thread ID related to the meeting by editing the meeting itself from Teams web, look in the address bar and copy and paste the whole URL to your favorite text editor.</p>
<p>Then, grab everything between the <strong>19:meeting</strong> and <strong>&#64;thread.v2</strong>, (including those strings), you will end up with something similar to this</p>
<pre><code class="language-powershell">19:meeting_NTNjZGZmODItYjc0NS00yLTkyOWMtZmRhOWEwNDc2ZWEy&#64;thread.v2
</code></pre>
<p>Now, let’s get our user id, the id of the organizer and for this, I used Teams PowerShell, but there are probably other options.</p>
<p>I run</p>
<pre><code class="language-powershell">Get-TeamUser -GroupId 13854e5-baf1-403e-ad3f-b26687383541
</code></pre>
<p>Using a <code>GroupId</code> of a team where the organizer belongs, and in the results, the column on the left will show you the <code>UserId</code> that we need, something like</p>
<p><code>cb13db92-6e3a-4f30-a4a1-3be0d94d4ede</code></p>
<p>Ok, now we have everything we need, this is the script, go and replace the thread ID and userId in the lines that begin with <code>Invoke-WebRequest</code> and <code>path</code>, you have to provide the credentials of the organizer when asked</p>
<pre><code class="language-powershell">Import-Module AADInternals
#This will prompt for credentials so it supports MFA login
$token = Get-AADIntAccessTokenForTeams
$skypeToken = Get-AADIntSkypeToken -AccessToken $token
Invoke-WebRequest -UseBasicParsing -Uri &quot;https://amer.ng.msg.teams.microsoft.com/v1/threads/&lt;MEETING_ID_GOES_HERE&gt;/members/8:orgid:&lt;YOUR_USERID&gt;&quot; `
-Method &quot;DELETE&quot; `
-Headers &#64;{
&quot;method&quot;=&quot;DELETE&quot;
&quot;authority&quot;=&quot;amer.ng.msg.teams.microsoft.com&quot;
&quot;scheme&quot;=&quot;https&quot;
&quot;path&quot;=&quot;/v1/threads/&lt;MEETING_ID_GOES_HERE&gt;/members/8:orgid:&lt;YOUR_USERID&gt;&quot;
&quot;sec-ch-ua&quot;=&quot;`&quot; Not A;Brand`&quot;;v=`&quot;99`&quot;, `&quot;Chromium`&quot;;v=`&quot;98`&quot;, `&quot;Microsoft Edge`&quot;;v=`&quot;98`&quot;&quot;
&quot;x-ms-session-id&quot;=&quot;edba78e0-8e34-767a-2aae-fcb1e3d8bb68&quot;
&quot;behavioroverride&quot;=&quot;redirectAs404&quot;
&quot;x-ms-scenario-id&quot;=&quot;738&quot;
&quot;x-ms-client-env&quot;=&quot;pds-prod-comm-usce-01&quot;
&quot;x-ms-client-type&quot;=&quot;web&quot;
&quot;sec-ch-ua-mobile&quot;=&quot;?0&quot;
&quot;clientinfo&quot;=&quot;os=windows; osVer=10; proc=x86; lcid=es-es; deviceType=1; country=es; clientName=skypeteams; clientVer=1415/1.0.0.2022020411; utcOffset=-06:00; timezone=America/Costa_Rica&quot;
&quot;x-ms-client-version&quot;=&quot;1415/1.0.0.2022020411&quot;
&quot;x-ms-user-type&quot;=&quot;null&quot;
&quot;authentication&quot;=&quot;skypetoken=$skypeToken&quot;
&quot;sec-ch-ua-platform&quot;=&quot;`&quot;Windows`&quot;&quot;