A Tour through the Teams AppSource (App Store)

Did you know you can add third-party add-ons to a Teams channel? Let’s see what happens when you do!

Microsoft calls these add-ons “Teams Apps.” They work like Chrome browser add-ons…a way to integrate third-party software into the Teams experience.

They even have their own app store: AppSource – Microsoft Teams
(You can also view Apps within Teams, by clicking the “Store” button in the left column.)

For this blog post, I installed some Teams Apps in our internal Teams channels and tested them out. I went with some fairly simple Apps, but you can find much more complex ones in AppSource.

I chose Asana and MailChimp for this test. Asana is a project management tool. We already use Asana in our office, so it’s a natural choice. We switched from MailChimp to Campaign Monitor years ago, but we know plenty of businesses who still use & love MailChimp. (Plus I still have a MailChimp account for testing!)

Teams AppSource CRM
The CRM Category in Teams AppSource. Kind of wish they had a Hubspot connector; would love to see how their CRM works within Teams. I’m sure it’s coming!

 

Installing Apps into Teams

Apps are connected to Teams channels, not the overall Team. Installation is pretty darn easy…just a few clicks to select, grant access, login to the third-party account, and voila!

Teams Apps Added

First, the steps for installing Asana.

Add Asana to Teams 1
The Install screen tells us what the Asana add-on will do.

 

Add Asana to Teams 2
Office 365 must have permission to grant third-party access through its Connectors. Click Allow.

 

Add Asana to Teams 3
You’ll need to sign into your Asana account on the next screen. Then select an Asana workspace & project to follow. Click OK and done!

Next, installing MailChimp.

Add MailChimp to Teams 1
Same as before; the Install screen tells us what MailChimp’s add-on will do.

 

Add MailChimp to Teams 2
Some Apps will display an extra screen for permissions: one for the app/service, one for Office 365.

 

Add MailChimp to Teams 3
Here’s the Office 365 Connector, requesting permission. Use your Office 365 account username & password.

 

Add MailChimp to Teams 4
Fewer options for MailChimp, but the same process – select the appropriate MailChimp account, and report frequency.

 

Add MailChimp to Teams 5
The MailChimp App is added! This screen shows in your Teams channel.

 

Now, the next big question—how do we USE these Apps?

It actually depends on the App. For Asana, we only need to configure the Asana projects the App will monitor. Whenever someone creates or comments on a task within those projects, we get a notification in Teams.

Asana Task Notifications
Two instances of Asana tasks appearing in my Teams channel flow. Note how easy it is to jump over to Asana if needed, or just mark tasks as Complete right from Teams.

 

Zero effort. Plus, getting notifications like this shaves one window off your daily checks.

MailChimp will display campaign performance reports, likewise eliminating a window to check. Connectors like these simplify the workday by consolidating information flow into the Teams channel.

Other connectors, like Help Scout (updates from customer support emails) or Pingdom (notifies you about website incidents) facilitate add-on services from within Teams. You may need additional configuration.

Caveat: Apps Can Overwhelm Your Channel

The old adage is true…you can have too much of a good thing. In this case, too many Teams Apps can blot out normal conversations.

Most Apps automatically notify the Teams channel when their event is triggered. Asana will report a new task, or MailChimp will pop up a new campaign performance report. The automatic setup lends convenience. But the more you use Asana and MailChimp, the more frequently you get notifications in Teams.

It’s easy to see the problem. One notification-clogged Teams channel, coming right up!

Of course, you could create a fresh Teams channel and assign App notifications to it. But then you’ve just created another checkpoint for yourself and your team. Instead, I recommend limiting the number of Teams Apps you’ll need. Only add the ones whose notifications add value to your conversations.

Use Teams Apps Whenever They Help You Stay Productive—And Don’t Disrupt Everyone Else

When deciding which Teams Apps to add, consider the whole team’s priorities & daily activities. Does everyone use Asana? Then chances are everyone will spend time in Asana anyway. You don’t need to add it to Teams. Conversely, if half the people on this particular Team use Asana, then adding the Teams App helps them save time and doesn’t cause too much disruption.

If you use many other online services, but only need to interact with them occasionally (e.g. Pingdom only sending alerts when a site’s down), then adding them as a Teams App makes sense. Provided they HAVE a Teams App, that is. Not everyone does yet.

Still, there’s plenty of choices in the AppSource already. Go take a look!

Which Teams Apps do you have installed?

 

Facebooktwittergoogle_plusredditlinkedinmail

Software Add-on Review: SuperToast V3

Never Miss a Skype for Business Notification Again

In early 2016 I wrote a post titled, Making Sure You See Skype for Business Notifications—No Matter What!.

In said post I reviewed a notification app called SuperToast, made by Modality Systems. It remains one of the blog’s most-read posts today. Evidently lots of Skype for Business users miss notifications…

The other day, Louise at Modality asked if I’d like to review the new, redeveloped SuperToast V3. Of course I was happy to do so!

What is SuperToast?

The SuperToast app sits in your taskbar. Every time you miss a Skype for Business call or Instant Message, SuperToast displays a notification popup with details about the missed event.

Chat Notification
Someone is chatting with me!

SuperToast notifies you of missed Instant Messages, incoming audio/video calls, and missed audio/video calls.

Missed Call Notification
Can’t talk now, writing this post.

The notification windows only displays the first message someone sends. If for example you receive 4 messages in succession from one person (as my co-workers sometimes do), you’ll only see one SuperToast notification. Which is smart—nobody wants a stream of popup windows blocking other work!

The SuperToast settings could not be simpler. Here’s the entire settings window.

SuperToast Settings
The SuperToast Options window. Five settings. Nothing else needed.

You choose which communication types for which you want to receive SuperToast notifications via checkboxes. That’s it.

What’s New in V3

The new SuperToast has two main improvements over old versions.

  1. Full support for the latest Skype for Business clients.
  2. Bug Fixes:
    1. Notifications appearing despite you being active in the conversation window
    2. Not bringing the conversation window to the front when clicking on a notification

The UI is largely the same as before. Which helped it fold back into my day-to-day routine almost immediately. But after a few weeks’ testing, I can say V3 is more stable now.

Two Versions: Single-Use and Business-Wide

SuperToast comes in two versions:

  • SuperToast One is a single-user version.
  • SuperToast for Business is a business version with central management.

SuperToast One has a few limitations the Business version doesn’t. You can’t customize SuperToast One’s look & feel, no central admin, etc. Pretty much what you’d expect for a single-user.

SuperToast One costs $7/year. SuperToast for Business costs $7/year for 5-99 users, $5/year for 100-999 users, $2.50/year for 1000-2499 users, and $1/year for 2500+ users. So no matter which version you buy, or how many, you’re only paying a few dollars a user per year. You even get 24-hour support with this too.

They used to have a free version. Now there’s a free 30-day trial.

Incoming Call Notification
Hold on, better take this. Be right back.

Who Can/Should Use SuperToast?

Modality developed this app to support Skype for Business users. Like us, they didn’t like missing notifications from co-workers or customers. The app works with Skype for Business Server and Online (O365) deployments.

Lync 2013 users still hanging on? SuperToast will work for you too.

That said, here’s a brief mention of SuperToast’s limits. It has 3 that I can determine:

  1. No Mac version yet.
  2. I am not certain if SuperToast will work with the Teams desktop client.
  3. As many commenters pointed out on my 2016 post, this IS a third-party app. Some organizations block third-party apps from user’s devices on security grounds. That is perfectly valid—we see malware apps all the time on customer PCs!
    In such cases, I’d recommend using SuperToast for Business. Its central management and Modality’s reputation should dissuade any security concerns.

I do know that Modality continues to work on SuperToast. We may see these limits resolved fairly soon. If I hear of timetables for such, I’ll update this post accordingly.

SuperToast in Taskbar
Runs in the taskbar. Quiet. Unobtrusive.

Super for Putting Missed Calls/Conversations in Front of Your Eyes

SuperToast is a single-purpose app. It does one job…and it does it well. Plus it’s cheap to buy. I always like simple apps like this; they don’t require a high learning curve, and provide an immediate benefit.

For those who miss a lot of notifications in the course of a workday, SuperToast makes for a quick, valuable solution.

SuperToast Page – Modality Systems

Used SuperToast before? How was your experience?

Facebooktwittergoogle_plusredditlinkedinmail

5 Ways to Conceal a Teams Channel

We can’t make fully private channels in Teams yet. But we can conceal a channel from other Teams users.

Private Channels has taken the top spot at UserVoice, as the most-requested Teams feature. Microsoft is, as of this post, “Working on it” with no indication of a release date.

Support for Private Channels – UserVoice

You can make a Team private, of course. But within that Team, channels are visible and searchable. If you really need to keep a conversation private, that kind of defeats the purpose, doesn’t it?

So what are Teams users doing in the meantime? Using workarounds, naturally. Or staying outside of Teams altogether (email, Slack, Skype for Business, etc.).

What kind of workarounds do people use? I’m going to list 5 in this post. Together they form a framework for ‘concealing’ Teams channels & their contents. Privatizing them, essentially, as best you can.

Dog Hiding
Hopefully your channel’s a little better-hidden than this…but you get the idea.
Photo by Pippalou on Morguefile.

When to Conceal a Teams Channel

Why would Teams users need private channels in the first place? A multitude of reasons exist, all valid. In my research I came across several compelling ones:

  • The channel would contain a set of information involving legal or compliance processes, which means it must fall under those same requirements.
  • The channel would contain, and thus need to protect, a customer’s private data.
  • The channel would discuss internal tests or R&D data.
  • You’re planning an office party for the CEO/CIO/COO/VP’s birthday and they can’t find out early. (Hey, it’s possible!)

I’m sure you can think of other reasons to conceal a Team conversation. But please remember: Teams conversations are hosted on Microsoft’s servers. That doesn’t mean Microsoft spies on them. But the servers may reside outside the U.S., which could jeopardize regulatory compliance adherence like SOX or GDPR.

Okay! Let’s see what “concealment tactics” we have in Teams. You can use any combination of these, including all of them (they don’t conflict with one another).

 

Concealment Tactic #1 – Make a new Private Team

When you make a new Team, you have the option to set them to Public or Private. The first step, then, is to set the entire Team to Private. Then create your channel. You don’t have a Public/Private switch at channel level; that comes from the Team setting.

Private Team
Creating a Private Team.

Make a Public Team Private in Teams – Office Support

What This Accomplishes: Prevents unauthorized users from joining. Locks the gate.

 

Concealment Tactic #2 – Equip the Team with an Access Code

Generating an access code is simple within Teams. In your Team, click the Options menu (the ‘…’). Click “Manage Team.” In the Manage window, click the “Settings” tab.

You should see a “Team Code” section. Click it and you’ll get a Generate button. One more click and poof, a randomly-generated access code to that Team. Copy the access code and give it to your selected members.

If a member doesn’t have the access code, they don’t get in. Nice, huh?

Teams Code Access
Generating a Teams Access Code.

How to Enable Join Code Feature in Microsoft Teams – TechCommunity

What This Accomplishes: Provides a secondary authentication for Team members. “What’s the password?”

 

Concealment Tactic #3 – Limit Team member permissions

In the Team’s settings (accessible via “Manage Team” under the Team’s Options menu), remove permissions to add bots, add connectors, or delete channels from invited Team members.

Teams Member Permissions
Your Team permissions should look similar to this.

What This Accomplishes: Guards against information leaks. Shuts the back door.

 

Concealment Tactic #4 – Lock down the files with SharePoint permissions

Maybe you’re not too concerned about others viewing your Teams conversation. But you want to make sure the files you’re discussing stay private.

Since Teams files are stored in the Team’s SharePoint site, you can block people from viewing those files. Bob German showed us all how to do it in an April blog post:
Using SharePoint Permissions in Microsoft Teams Channels – Vantage Point [MSDN]

What This Accomplishes: Privatizes file permissions, including viewing. Stows the valuables in a locked chest.

 

Concealment Tactic #5 – Archive the Team when no longer necessary

If you want a private Team/channel for a specific purpose, and that purpose completes, then you don’t need the Team/channel active anymore. As with older data, it’s best to archive the Team.

Archive Team
Archiving a Team with One Click.

Archive or Restore a Team – Office Support

Now we see why you need to make a dedicated Team…you can’t archive a channel. Archive works at the Team-level. (Note: You can restore an archived Team later if you need to.)

What This Accomplishes: Locks down the Team’s data in cold storage. Closes the blast doors.

 

Next-Best Thing to Teams Private Channels While We Wait

Many commenters on UserVoice said they’d left Teams, or wouldn’t switch to Teams from another chat app, because of Private Channels. Hopefully these tactics will help dissuade you from the more drastic steps!

It’s a bit of a stopgap, I know. But Teams does have these tools for a reason. Concealing channels through private, secured Teams will serve most privacy needs. Until we get Private Channels.

How do you protect your chat conversations?

 

Facebooktwittergoogle_plusredditlinkedinmail

The Future of Enterprise Skype for Business Server: Your Feedback

What will enterprises do with their on-prem Skype for Business deployments after 2020? What factors weigh upon those decisions? I asked you…and you answered!

I received several responses from enterprise admins, all running Skype for Business Servers on-prem. Some went as I expected…while others gave me a few surprises!

Dog Sounding Off
Sounding Off!
Photo by Robert Szadkowski on Unsplash

Thank you to everyone who responded. Now it’s time to collate the feedback and see what the future may hold.

These are my overall feedback impressions:

  • All respondents knew about the 2020 on-prem ‘deadline’
  • Most have a plan to address it already, but those plans have either not begun or are still in debate with Management
  • Cost is one major factor, but Call Performance and Maintenance are equally important
  • Approximately half were in favor of moving to Teams. Half were not.

Let’s go through all of these.

Expected Costs, and What’s More Important

I didn’t get much in the way of direct numbers. Some admins had their Skype for Business costs wrapped into larger server stacks; others had third parties supporting their Skype4B and would have to take time away from other projects to request numbers. C’est la vie.

What numbers I did get indicated the following…

Costs for (virtual) servers averaged around $1500-1800 per, over 5 years. However this didn’t appear to weigh heavily on future updates/migrations. Since deployments are complete by now, install costs aren’t seen as a consideration. Neither is power, curiously enough…no one brought it up as a cost concern OR post-2020 savings.

The bigger cost concerns are:

  1. New user licenses & phones. If we assume a deskphone like the Polycom VVX 300, then the phone cost is about $100. Add $36 for a user CAL and you have $136 per new user. Not a huge cost, but one that adds up over time.
  2. Maintenance. Costs for monthly server maintenance ranged from almost $0 to nearly $500. This concerned the majority of respondents. While server maintenance is a part of every admin’s life, it takes up time we could use productively elsewhere. Regaining that time through a reduction in servers – or a cloud migration – appeals to most.

Which costs would they save on with Teams? Most said administrators. Going from 4 admins to 1-2, for example. Reduced need for maintenance = less admin time required = fewer admins ultimately needed.

(This is not to say you should drop all admins when going to Teams. Our own experience shows that Office 365 is NOT 100% maintenance-free!)

One respondent, Rob G., said it wasn’t really a matter of cost—but rather performance. From his feedback:

“The reality is, enterprise security teams/policies will end up pushing many companies to ‘as a service’ solutions not due to any inherent cloudy advantages but simply because it’s the cheapest way to shadow IT any latency-sensitive applications out of a dynamic security agent network.”

Interesting position to take…and illuminating. Whether or not costs change, at least one enterprise will move to Teams for performance’s sake. I have to admire such a position, honestly.

The Skype for Business ecosystem advanced real-time, Internet-based voice communications a LONG way in the past few years. Still some hiccups though, depending on bandwidth and systems architecture. Focusing on performance makes a lot of sense for any company with thousands of employees under its roof.

After 2020, Skype4B Enterprises Will Scatter

So, the original question:

Is moving to Teams/Office 365 at enterprise-level really a cost savings over on-prem Skype for Business?

In some cases, yes. In some cases, no. But it turns out that the question itself is immaterial.

Some enterprises will move to Teams, even if it costs more. Others will move to another on-prem UC solution. A few will cling onto Skype for Business Server until the very last.

When that time comes, we’ll have to check back in with everyone. See what factors are in play then!

Future Planning
“I’m not sure this is the best way to plan our next systems deployment, Alex.”
“Too late to back out now, Mike. Oh, and check.”
Photo by rawpixel on Unsplash

Running an on-prem Skype for Business Server? What are your plans for the future?
 

Facebooktwittergoogle_plusredditlinkedinmail

Is Skype for Business GDPR Compliant? What About Teams?

I’ve received feedback from several enterprise sysadmins and consultants about on-prem costs. Thanks very much! It’s not quite enough to comfortably make some 2020 predictions though…if you haven’t responded yet, please take a moment. It really can help us all.

Now, on to today’s topic. GDPR.

I know, I know. “I got a hundred ‘privacy update’ emails already! I don’t want to hear about GDPR ever again!”

Hopefully this post will come as something of a relief. You may not need to worry about GDPR compliance (yet). Even if you do, Microsoft’s actions make the problem easier to tackle. Let’s see how, and why.

What GDPR Requires

GDPR mandates certain privacy announcements, policies, and rights for the consumer in the European Union. It’s all about the data users generate. Not just banking numbers either—personal information, text about their activities, etc.

Essentially, GDPR says you must:

  1. Tell users what data you’re collecting about them;
  2. Tell them about the sales/marketing campaigns to which they’re agreeing; and
  3. Comply with any request to remove data about them from your systems.

Just an extension of what most responsible businesses already do.

GDPR privacy agreements
“Is this contract compatible with GDPR?” “Uhm…”

Photo by rawpixel on Unsplash

“But we’re not based in the EU,” you might say. Even so, you will need to make sure you’re GDPR compliant if you:

  • Have European offices,
  • Store customer data in the EU, or
  • Have European customers/users.

At this point, if these stipulations apply, I’d expect you’ve already prepared for GDPR compliance. But what about your Microsoft software, like Skype for Business or Teams? Did Microsoft already make them GDPR compliant, or do you have to do anything?

Microsoft and GDPR: A Little Proactivity Goes a Long Way

Skype for Business is not a customer marketing system. Neither is Teams. They’re meant for communications.

However, some companies will use them to communicate with customers, and possibly market to them (say via a customer’s dedicated Teams channel, or Skype Meeting-hosted webinars). If that’s you, and the above requirements apply, then you must comply with GDPR.

Fear not! Microsoft has provided many resources for us. Starting with the GDPR Privacy Center – Microsoft.com. It includes several ebooks, a Compliance Manager tool, and a GDPR Assessment tool.

The tools will come in handy, as we’ll see in a moment.

When it comes to Skype for Business/Teams and GDPR, these MS resource pages give us guidelines:

  1. GDPR for Skype for Business Server and Lync Server – Microsoft Docs
  2. Overview of Office 365 Information Protection for GDPR – Microsoft Docs
  3. GDPR for Exchange Server – Microsoft Docs

In general, the on-prem versions are compliant by default, provided you secure the physical/virtual servers & limit permissions. Existing data export cmdlets facilitate GDPR privacy requests, like “Export-CsUserData.”

Now, Office 365 compliance. Since MS controls the Office 365 servers, it has to enforce GDPR compliance at server-level. That’s good news for Teams users. As long as you’re only working with US customers and have no European offices, you can probably relax.

GDPR Privacy in Skype4B/Teams
Your data is behind this door.

Photo by Dayne Topkin on Unsplash.

This site provides a list of MS O365 data locations worldwide: Where is your data located? [USA] – Office.com. Teams data is stored in:

  • Blue Ridge, VA
  • Cheyenne, WY
  • Chicago, IL
  • Des Moines, IA
  • Santa Clara, CA
  • Quincy, WA

All US-based datacenters. This alleviates the ‘Store customer data in the EU’ stipulation from earlier.
(Santa Clara though…I don’t want to know what they paid for THAT real estate!)

I checked France and the UK too; native datacenters store their Teams data. U.S. data in the U.S., EU data in the EU. Makes sense. Makes things easier for everyone too.

You should still check your current data though. The Compliance Manager tool I mentioned will determine if you possess data subject to GDPR. If so, you’ll have to classify that data in your Office 365 tenant, and maybe use labels to notify customers.

“We have X data on you, you must pay 1 Bitcoin to—” Whoops, sorry, wrong line of thought.

If you market via Skype for Business/Teams to EU customers, then you must comply. If not, relax.

Adjusting Skype for Business/Teams for GDPR compliance may take a little configuration. But if you have data protection policies in place (and you should), then most of the work’s already done for you.

What changes (if any) did GDPR mandate in your Skype for Business/Teams deployment?

Facebooktwittergoogle_plusredditlinkedinmail

The Call Goes Out – Enterprise Skype for Business Admins, Sound Off on On-Prem Costs!

Well, my last post certainly poked a hornet’s nest, didn’t it?

First things first: I DID oversimplify the comparison. Not intentionally, but that’s what came out. Mea culpa.

I was aiming to do as straightforward a comparison between Skype for Business on-prem and cloud as I could. However, it seems a strict apples-to-apples comparison won’t work.

Skype for Business requires other Microsoft servers to work at full capacity. These servers are already bundled into Office 365…and a few more besides. Microsoft has stacked the proverbial deck away from its on-prem offering. That’s their call, of course. In fairness, it does have benefits for businesses—even enterprises.

So, let’s see what I can do to sharpen my prognostication.

Polishing the Post-2019 Crystal Ball: Enterprise-Level Skype for Business Facts

Here are the facts we’re dealing with right now.Dog with glasses

  1. Microsoft is merging Skype for Business (Online) into Teams. Expected completion date: End of 2018.
  2. Skype for Business Server will get a 2019 on-prem version in late 2018/possibly early 2019.
  3. After 2019, no Skype for Business Server on-prem versions are expected. One more version is possible, according to the rumor mill, but nothing definite.
  4. In 2020, mainstream support for Skype for Business Server 2015 will expire. Enterprises which haven’t updated to 2019, or moved over to Teams, will need to pay for extended support.
  5. Using Teams requires a monthly fee for Office 365 subscription, but it eliminates the need for most on-prem server hardware and lowers overall power cost.
  6. When it comes to IT infrastructure, enterprises are not as nimble as smaller businesses. That’s a statement of their infrastructure’s complexity, not any form of criticism.

It’s therefore reasonable to state that enterprises currently using Skype for Business Server 2015 will, in 2019-2020, have to make a decision about their phone systems and related communications tools.

  1. Pay for extended support
  2. Move to Skype for Business Server 2019
  3. Move to Office 365/Teams
  4. Move out of the Microsoft ecosystem entirely

All of which involve additional costs.

With all this in mind…IS moving to Teams/Office 365 at enterprise-level really a cost savings over on-prem Skype for Business?

Work in Enterprise IT? I Request Your Feedback.

I’m putting the call out.

Most of our Skype for Business customers, on-prem and through Office 365, are small to mid-market. While we have several enterprise customers, only one runs Skype for Business Server. As such, my sample size is too low for a proper analysis.

That’s where you come in. If you work in Enterprise IT, please share your feedback on these 2 questions:

  1. Do you work for, or consult for, an enterprise currently using Skype for Business Server (on-prem)?
  2. If so, could you share approximated numbers on their Skype for Business Server installation and/or maintenance costs?

(Anonymized data, of course. I don’t even want the business name. We shall have no security leaks here!)

Dog ears
I’m all ears!
Photo by Claudie-Ann Tremblay-cantin on Unsplash

Comments are welcome. If you’d prefer to email me, here’s the address. Or message me on Twitter at @PlanetMagpieIT.

Support Skype for Business at a Non-Enterprise Level? I Also Request Your Feedback.

If you don’t work for an enterprise, but still support Skype for Business Server deployment, let me ask you this. What will you do after Skype for Business Server 2019 comes out?

Stick with it as long as you can? Move to Office 365? Hybridize? Switch to another Unified Communications solution?

I’d love to know what plans you have (if any at this time) for avoiding this little quagmire.

I will collect all feedback, including cost numbers given, and tabulate them. Hopefully we get a conclusive result from those numbers:

  • Yes, enterprises will save money moving from Skype for Business to Teams
  • No, enterprises will spend more money moving from Skype for Business to Teams

Thanks for reading, and for your feedback. Until next time!

Facebooktwittergoogle_plusredditlinkedinmail

The Skype for Business Quagmire Creeping Up on Enterprises

Skype for Business Server has one new version coming. After that, enterprises could get stuck between an economic rock & a financial hard place.

Skype for Business Server 2019 is coming. However, given all the pushes toward O365/Teams, it’s not unreasonable to presume that 2019 will be the last on-prem version of Skype for Business.

This presents a major problem for larger businesses. They will either have to move to Teams, or investigate another on-prem Unified Communications provider.

What’s wrong with moving to Teams? Nothing! …except possibly cost. When you scale up to enterprise-level user bases, a cloud service like Office 365 could really strain the budget. What if your business has 1,000 users? 5,000? 10,000+? Even if you’re paying a few dollars per user per month, the total monthly cost for all those O365 subscription licenses adds up fast!

Let’s look at the whole conundrum enterprises using Skype for Business will have to face. It’s a quiet, creeping financial snarl…and it’s coming in just a few years.

Does Teams Cost Less than Skype for Business Server? No, and Here’s Why.

First, let’s talk numbers. Microsoft touts Office 365 and Teams as its “Intelligent Communications” option for businesses, and wants everyone to move to the O365 platform. Okay, fine. How does that work out cost-wise for enterprises?

Let’s say we have three businesses—one with 1,000 users, one with 5,000 users, and one with 10,000 users. How much would these businesses spend if they all used Teams (and Office 365)?

I’ll use two subscription levels here: E1 and E5. Why these? Because we’re finding that our O365 customers, even smaller ones, need one of these two levels the most. They need the backend services E1-E5 gives them. If they already have Office licenses, they go to E1. If not, E5.

I am using the Office 365 ROI Calculator for the monthly cost per user. It gives slight discounts on the regular costs.

E1 Monthly Costs*:

  • $6.59 x 1,000 users = $6,590/month x 12 = $79,080/year
  • $6.38 x 5,000 users = $31,900/month x 12 = $382,800/year
  • $6.18 x 10,000 users = $61,800/month x 12 = $741,600/year

E5 Monthly Costs*:

  • $28.82 x 1,000 users = $28,820/month x 12 = $345,840/year
  • $27.93 x 5,000 users = $139,650/month x 12 = $1,675,800/year
  • $27.04 x 10,000 users = $270,400/month x 12 = $3,244,800/year

(*Monthly values do not include initial setup fees or hardware maintenance.)

These numbers quickly move from ‘doable’ to ‘ridiculous.’ Dropping 3 million a year for Office 365?

Let’s compare these numbers to the cost of an on-prem Skype for Business Server. I’ll use numbers from a previous post on this topic:

Skype for Business Server with 1,000 Users:

  • 1 Front End Server License (MSRP) – $3,646.00
  • 1,000 Standard User CALs – $36.00 each, or $36,000 total
  • 1,000 Enterprise User CALs (Conferencing & desktop sharing) – $124.00 each, or $124,000 total
  • 1,000 Plus User CALs (Voice & call management) – $124.00 each, or $124,000 total

Total: $287,646

Exchange Server (for voicemail):

  • 1 Exchange Server (Enterprise) License – $4,051
  • 1,000 Standard User CALs (MS Open License) – $5.00 each, or $5,000 total
  • 1,000 Enterprise User CALs (MS Open License) – $55.00 each, or $55,000 total

Total: $64,051

Grand Total for 1,000 users: $351,697
(This is a three-year cost, and assumes no discounts.)

 

Skype for Business License Cost
You’ll need a few stacks of these…

Photo by Pepi Stojanovski on Unsplash

So if an enterprise with 1,000 users opted for an on-prem Skype for Business Server, it would cost roughly the same as 1 year of Office 365 E5. Fair enough. But the Skype for Business Server has a three-year usability period…

Assuming a 5% maintenance cost (about $17,500) for Years 2 and 3, they would end up paying $386,697 over those three years. If they went with E5 and didn’t have any maintenance costs at all, they’d end up paying $1,037,520.

At enterprise-level, Teams actually costs more than its predecessor!

The Quagmire: Skype for Business is Going Away

This is a serious cost discrepancy. Big enough to push larger businesses away from Office 365, back to on-prem.

Now, some enterprises would have no problem paying these amounts. They also get additional value from the related O365 services (see Addendum below). If so, great, more power to them! However, Accounting usually likes to save money. These numbers may cause them to balk.

What will the enterprise do if they want to save money? At these user counts, an on-prem server actually saves money. Sticking with Skype for Business Server makes economic and organizational sense.

But what about after Skype for Business Server 2019? Microsoft has not clarified if another version is on the roadmap. Given their merging all Skype for Business tools into Teams, it does not look likely. If there’s no on-prem version coming after 2019, then enterprises are stuck! They’ll have three choices:

  1. Move to Teams anyway,
  2. Keep their Skype for Business Server running as long as possible, and/or
  3. Switch to another on-prem Unified Communications provider.

On-Prem Skype for Business Alternatives for Future Succession

I cannot accurately speculate the Unified Communications landscape in 2020 and beyond. All I can do is look at what’s available now, and prognosticate their future offerings.

 

On-Prem Unified Communications Choices
2019 is coming fast.
Photo by Eric Rothermel on Unsplash.

If all you need is video conferencing and the cloud is OK, you should still have alternatives like Join.me, Appear.in, Workplace, or Slack. I don’t think any of these will go anywhere.

If you’ll need an on-prem, full-capability Skype for Business Server successor, I expect the following will still be around:

I’m NOT saying these solutions are better than Skype for Business Server (or Office 365 for that matter). Just presenting alternatives that have staying power.

Enterprises: The Time to Start Thinking about your On-Prem Skype for Business is Now

Microsoft’s push away from on-prem to the cloud has merits, in many respects. That said, just because a larger business has the budget to spend on lots of cloud services, doesn’t mean it’s the best use of the money. Office 365 may just not be the choice for them.

Unfortunately that presents a serious financial quagmire. It’s not here yet…but it’s coming.

(By the way, we will gladly support on-prem Skype for Business Servers into 2020. And beyond!)

Enterprise IT employees, what’s your Unified Communications outlook for the future?


ADDENDUM 5-17-18: As Mark pointed out in the comments, I didn’t factor in other Office 365 services as a pricing justification. This is true, and a good point for him to make. Office 365 does come with more than Teams – Exchange, SharePoint, OneDrive, etc. It also reduces the need for on-prem hardware and staff.

I don’t want to minimize the value here. O365 can be a huge help for businesses who need full-fledged IT infrastructures, and may not have the budget to build them on-prem. That said, I’m still not sure enterprises would gain financially from an Office 365 move as opposed to on-prem. At least as far as Skype for Business is concerned.

(I may do a follow-up post to address this part of the situation in more detail. Stay subscribed!)


Facebooktwittergoogle_plusredditlinkedinmail

Scenes from the ChatOps War

Group Messaging/Chat continues to expand, as each challenger battles its competitors. Here’s where we stand.

Slack and Teams Stay Neck-and-Neck

These two are ‘the’ names when it comes to ChatOps (business-grade chat/messaging platforms).

Slack VS Teams
“En garde, Slack!” “I say, Teams!”

Teams continues to expand its user base. It’s up to 200,000 organizations as of March 2018. But we don’t know how many individual users that is; Microsoft hasn’t said. It has huge potential to grow further, especially once it’s finished absorbing Skype for Business by end of year (give or take).

Conversely, Slack has more than 6 million daily active users! 2 million of these are paying customers. Even without the free tier, Slack stomps all over Teams in terms of business usage.

Two heavyweights battling it out encourages good competition and ultimately benefits the user. However, the market has more contenders…and they aren’t sitting idle either.

Integration Comes to Workplace (though Slack and Teams are Well Ahead)

Facebook’s Workplace just added an integration feature with a bunch of potential add-ons. Thanks to the integration, Workplace users can now connect services like Microsoft SharePoint, Hubspot, Jira (project management), and so on.

Workplace by Facebook LogoThe full list is here: Workplace Integrations.

While this is a welcome move, it’s also a catch-up move. Slack and Teams have had third-party integration capabilities almost since inception. They also have many more integrations available.

Looks like Facebook wants to keep Workplace as a separate, work-friendly brand. If so, they’ll continue to face an uphill battle, due to the Cambridge Analytica scandal and ongoing privacy concerns. Because of these concerns, my Workplace trial ended with the question of whether businesses would try Workplace out.

So far, it would appear they have. At least 30,000 businesses now use Workplace. Still in third place, and they’ll have to keep pushing. But the user count does put Workplace in striking range of Teams. A new theater has opened up in Facebook vs. Microsoft.

Other Competitors Nipping at the Big Dogs’ Heels

There’s more than just Workplace to watch out for though. I’ve mentioned Atlassian Stride and Google Hangouts on this blog before. What’s going on with them?

Atlassian StrideStride (formerly HipChat) hit General Availability in March. As it’s so new, user numbers aren’t readily available. I’m curious to see how this one goes…it looks near-identical to Teams, although some beta users complained about audio/video quality.

Google split Hangouts in two last year, creating Hangouts Meet (video meetings) and Hangouts Chat (group chats, like Slack/Teams). Not sure why they split them, but hey, I don’t work at Google.Google Hangouts Icon

This strikes me as an after-the-fact change…after Slack roared past Hangouts, they had to race to keep up. However, there are two smart moves within the split:

  1. Voice is part of Meet only. Google restricted Chat to…chat. Meet focuses on video calls, of which voice is just a part, but it centralizes the audio/video experience into one app. Makes it easy to know which app to use.
  2. Google integrated Hangouts Meet/Chat into the G-Suite. Like Teams is part of Office 365, Hangouts Meet & Chat are there for G-Suite business users. The tactic worked for Teams; I bet Google’s hoping this will work for Hangouts.

The Reason Behind the Battle: Chat’s Multi-Generational Appeal

Why is chat so popular all of a sudden? I think it’s because chat is an intergenerational medium. It’s something the past few generations have grown up using. It’s also something that’s ‘grown up’ through successive generations of the technology.

In the Internet’s early days you had BBSes and IRC.
Then along came AIM, ICQ, and Yahoo Messenger.
Next came Skype, Facebook, and WhatsApp.
Now we have Slack, Stride, Teams, Fuze, Hangouts, and several more.

Each generation had a chat platform for communication. Chat itself went through generations, advancing in capability, expanding in reach. Now we have a generation of chat platforms that can handle almost any form of communication.

arm wrestling photo
Hey hey, no cheating!
Photo by mcgrayjr

But it’s all centered around the oldest, simplest, and most familiar communication method most of us have ever known…plain, direct, text-to-text messaging.

Where the Battle Goes Next: Long-Term Teamwork Value

ChatOps have one mission: to facilitate teamwork. You can generally tell how well they do this by adoption and frequency of use.

However, short-term numbers aren’t the best indication of value to a team. Long-term adoption rates, after the novelty wears off and the team becomes accustomed to using the platform, determine who will win the “ChatOps War.”

So far, Slack and Hangouts have been around the longest. Between those two, people obviously prefer Slack. It has greater long-term teamwork value. Teams and Workplace are coming up, and Stride is a wildcard. By this time next year, we may see the triumph of Teams, the emergence of Stride, or another challenger rise.

Which ChatOps platform does your workplace use? What are your thoughts on it?

Facebooktwittergoogle_plusredditlinkedinmail

How to Prevent Malware Infections via Skype for Business

Like all computer systems, Skype for Business is vulnerable to cyberattack. Let’s talk about how to prevent one from happening.

What a Skype for Business Cyberattack Can Look Like

Skype for Business Down
We lost Skype AND email?!

Unfortunately, real-life circumstances prompted this post. We recently had to help a customer deal with a ransomware infection that affected most of their servers. (I’ll keep details private of course.)

The customer called us in a panic. They’d lost email, Skype for Business, and several client desktops. Someone had clicked a phishing link & triggered a Locky infection. We did have some backups available, but wound up having to wipe/replace a couple systems.

While this wasn’t the first time we’d helped resolve a ransomware infection, it was the first time the ransomware hit someone’s Skype for Business Server. I’m not sure the exact route Locky took to reach it, but I believe it got in via an abandoned administrator’s account. They had a systems admin leave the company a few months prior—but they hadn’t shut off his account!

The aftereffects: Four days of lost business, a bunch of angry clients, unknown number of emails lost, thousands spent on emergency support and replacement IT hardware.

(At least they didn’t have to pay the ransom on top of all that!)

Where Malware Can Reach Skype for Business

Skype4B isn’t just vulnerable through its Internet connection. As our example shows, it’s vulnerable from client-level too.

Here are the routes most malware/ransomware would take to reach & infect yours:

  • Front End Server. Where Skype4B lives.
  • Exchange Server. The server with which Skype4B interacts most often…which means the most potential routes for malware to take.
  • File Share. A BIG vulnerability. A shared folder through which users exchange files? It only takes one infected file, and your entire deployment’s in trouble.
  • End User Devices. Not just desktops/laptops now…even phones can carry malware into the office.

Malware Reaching Skype for BusinessNow we know where to watch. What kinds of protections do we put in place?

8 Ways to Protect your Skype for Business Server from Malware/Ransomware

1. Limit the number of Skype for Business admins.
Good admin practice extends to Skype for Business. Create ONLY the fewest number of administrator accounts as you need to manage the system. This includes admin accounts for all of the physical AND virtual servers on which Skype for Business runs.

2. Lock down permissions to the file share.
Controlling the file share’s permissions plugs that hole inside your Skype for Business Server. This blog post illustrates how to lock down the permissions: Keeping your Lync/Skype Business Environment safe from Ransomware – Enabling Technologies

3. Use intelligent routing in your perimeter network.
Restrict open ports on your Edge Server and Reverse Proxy to only those needed for Skype for Business traffic. Here are the port and protocol requirements.

4. Keep the Skype4B Server and its server components up-to-date.
Are you up to the March 2018 Cumulative Update? If not, here’s the download link: Skype for Business Server 2015 Cumulative Update KB3061064 – Download Center
Don’t forget the security patches & updates for your Windows Server as well. If nothing else, the security patches help keep those servers safe.

5. Secure all email servers with anti-malware software & monitoring.
Your Exchange Servers should have anti-malware protection too. The easiest method, of course, is to use a network-wide security gateways from providers like Sophos or F5.

6. Disable Office macros company-wide.
Not many malware apps use macros anymore. But that doesn’t mean it’s impossible. Use a Group Policy to block macros and forget about it.

7. Educate users about phishing/ransomware emails.
If you only do one of these, make it this one. User education goes further to prevent malware infections than any other factor. Users are typically the “weakest link” in cybersecurity…but it only takes some training to make them stronger.

(By the way—we offer cybersecurity education for businesses in the SF Bay Area. Just saying.)

8. Keep current backups.
Always, always keep backups! All servers should have two sets of automatic backups running…one kept on-site in case of a crash, and one kept off-site in case of malware infection. You probably do this already. But it’s too important to take for granted.

—-

“What if we use Skype for Business Online?” you might ask. Well, Microsoft has pretty decent security protections built into Office 365. But you can always make it better.

As Teams and Skype for Business are still on the path to merging, I don’t want to speculate too much on the anti-malware precautions you must take. That said, these stalwarts should always figure into your office’s IT infrastructure:

  • Limit the number of Office 365 admins
  • Use perimeter network protections
  • If you run a hybrid configuration, secure the on-prem server to the same level as your other servers
  • Educate users about phishing/ransomware
  • Keep current backups

Frustrated System AdminIf you’re already Teams users, strengthen Teams’ security with our post from December: 3 Ways to Protect Teams Users from Malware-Infected Files.

Don’t Make Skype for Business the Weak Link in Your Office’s Cybersecurity

It’s always harder to secure a server (any server!) after it’s already running. People don’t want to lose the service, even for a moment. If security updates cause an outage…well, we’ve all heard that particular scream, haven’t we?

That said, 15 minutes of downtime beats 4 days of lost business any day.

There are many layers to protect in Skype for Business: The Windows Servers on which it runs, the perimeter network, the Front End pool, inter-network traffic, and client devices. But, think of it this way…either you find the security holes, or a malware infection will.

Have you ever experience a malware infection on your Skype for Business Server? Please share your experience in the comments.

Facebooktwittergoogle_plusredditlinkedinmail

How the Load Balancer Fits into Skype for Business

Our fourth entry in the “How It Fits” series is…the Load Balancer!

Load balancers show up in every level of a Skype for Business deployment. They’re an integral component of effective Skype for Business Online tenants as well.

If a load balancer does its job right, it’s pretty much invisible. If it doesn’t, it’s a loud and persistent pain. Which it is all depends on your configuration. As such, you’re most likely to work with a load balancer when first deploying Skype for Business.

This post is meant as an overarching take on the load balancer’s function and value. If you’re looking at a new Skype for Business deployment, on-prem or hybrid, this is a quick read that could help a lot!

The Load Balancer’s Primary Role

A load balancer distributes traffic among servers in a pool. In Skype for Business, this means it distributes traffic between role-based server pools. For example, between two Front End Servers.

It’s similar in some ways to a Reverse Proxy. (Some hardware load balancers even include reverse proxy functionality.) But instead of worrying about authenticating traffic from outside the network, it focuses on optimal traffic management inside the network.

Why use load balancing in the first place?Load Balancing Diagram from F5

  • Bolsters reliability. The load balancer helps prevent any one server from becoming overwhelmed.
  • Increases overall Skype for Business stability. Smart traffic management helps avoid traffic bottlenecks.
  • Some Skype for Business services require load balancing to function (e.g. managing HTTP traffic).

Main Components of a Load Balancer

At its core, a load balancer consists of:

  • A Distribution algorithm, and
  • A server pool monitor/health check

The distribution algorithm determines to which server it should send traffic requests. The server pool monitor, well, monitors the assigned server pool’s health and traffic responses.

What kind of traffic are we talking about? All kinds: HTTP/HTTPS, SIP, TCP, UDP. Basically, if you use server pools for any of the Skype4B Server Roles, you should use a load balancer for each.

Other Servers a Load Balancer Communicates With

In Skype for Business, you can load balance any Server Role which has (or can have) multiple servers in a pool. That includes:

  1. Edge Server
  2. Front End Server
  3. Director
  4. Office Web Apps Server

Load Balancers must communicate not only with the servers they’re balancing, but with the servers sending traffic to them. That means they’ll talk with the Mediation Server, PSTN Gateways, and our last “How it Fits” role, the Reverse Proxy.

What about Office 365? If you’re running a hybrid deployment, you’ll need load balancing on the on-prem side. From Plan for Network Devices that Connect to Office 365 Services:

Your organization needs to use a hardware load balancer (HLB) or a Network Load Balancing (NLB) solution to distribute requests to your Active Directory Federation Services (AD FS) servers and/or your Exchange hybrid servers.

In other words, load balancing between Office 365’s servers and your network!

What Kind of Load Balancer Should You Use?

Two types of load balancing exist in Skype for Business.

  1. DNS load balancing, and
  2. Hardware load balancing

This is an important distinction. It’s also the source of most load balancing grief.

DNS Load Balancing:
This is more a technique than a device. It involves mapping server pool names to not one, but a set of IP addresses in DNS.

Let’s say you have a Front End pool named “Headquarters.” The Headquarters pool has three IP addresses mapped to it – 10.10.10.1, 10.10.10.2, and 10.10.10.3.

When your Skype for Business client tries to connect to “Headquarters,” DNS sends it all three IPs. The client tries connecting to the first IP, 10.10.10.1. But this IP already has another client connected and cannot respond. So the client tries 10.10.10.2. That works.

Connections stable. Traffic load balanced.

DNS Load Balancing – Microsoft Docs

Hardware Load Balancers:
A hardware load balancer is a dedicated device which distributes traffic requests to a server pool. I think of these like a “Traffic Cop” inside your network.

We use an F5 hardware load balancer for our Skype for Business Server. Cost us a bit, but wow did it help with call quality!

Since hardware load balancers actively listen to incoming & outgoing traffic, they can mitigate traffic bottlenecks. Preventing call drops, static, and external connection troubles.

===============

When setting up load balancing in your topology, keep these restrictions in mind:

  • If your Edge pool uses load balancing, the internal Edge interface and external Edge interface must use the same type. Can’t use DNS load balancing on one, and hardware on the other. You’ll experience some serious traffic errors!
  • Some traffic types require a hardware load balancer (e.g. HTTP traffic). DNS load balancing does not work with client-to-server web traffic either.

Our experience confirms these restrictions. In Skype for Business Server’s early days, we observed that combining both load balancing types in one deployment caused havoc. Inconsistent delays, strange errors with no apparent cause, bottlenecks, etc. When we standardized on one load balancing type topology-wide, these issues evaporated.

Traffic Load Balancing
Traffic, nice and organized.
Photo by Fahrul Azmi on Unsplash.

Here’s a nice setup/overview video from A10 Networks if you’d like more.

Load Balancers Reduce TCO By Easing the Burden on Skyep4B Server Pools

Which load balancing method should you choose? There’s no universal standard. But we go by this rule of thumb: The larger the deployment, the more a hardware load balancer is necessary. They are more powerful, more intelligent, and more reliable.

It does add to up-front deployment cost. But it reduces TCO. Once load balancing is in place, configured, and running properly, it helps the Server Roles function at peak. Even (especially) under heavy load.

What kind of load balancing do you run in your Skype for Business topology?

Facebooktwittergoogle_plusredditlinkedinmail