3. M365VIRTUALMARATHON.COM #M365VM
Microsoft MVP | MCT | MSAS
Community Leader in Microsoft 365
Houston Office 365 Community President
Houston HOU365 Saturday Chair
Twitter: @Rockett_15
Youtuber: The Rockett Channel
JOHNNY LOPEZ
Principal Consultant @ CoreBTS
4. MICROSOFT 365 VIRTUAL MARATHON 2022 MAY, 4. – 6. 2022
https://forms.office.com/r/zzULt1dHLi
Feedback
5. M365VIRTUALMARATHON.COM #M365VM
This session will take a deep dive into the Teams Connect component in Microsoft 365.
Teams Architecture
Standard Channels
Private Channels
Shared Channels
External Collaboration
Agenda
8. M365VIRTUALMARATHON.COM #M365VM
1:1 Chats
Group Chats
Channel messages
Messaging
Meetings
Calls
Apps and workflows
Collaboration
Secure and
compliant
Explore capabilities in Microsoft Teams
Chats
9. M365VIRTUALMARATHON.COM #M365VM
A team
Org-wide | Public | Private team
Channels
Standard | Private | Shared channel*
Chats
Meetings
Calls
Apps and workflows
Secure and
compliant
* Microsoft Teams Connect - Shared channel is in public preview. For the latest status, check the roadmap with the feature ID_70766.
Explore capabilities in Microsoft Teams
Collaboration
11. M365VIRTUALMARATHON.COM #M365VM
Image
Files
Voicemail
Message
Meeting recording
Calendar meeting
Contacts
Telemetry
Ingested to Exchange to enable compliance
Team files SharePoint
Chat files OneDrive
Individual mailbox in Exchange
Ingested to Exchange to enable compliance
Saved to SharePoint, OneDrive, or Azure Media Services (AMS)
Individual mailbox in Exchange
Exchange
Microsoft Data warehouse (No customer content)
Entity Storage
Key data entities and location where data is stored at rest
Illustrate Microsoft Teams architecture
17. M365VIRTUALMARATHON.COM #M365VM
Only team owners can create shared
channels
Team owners can see the name and
description of all shared channels in a
team without being a member
Team owners can delete shared channels
without being a member
Only team owners can accept Share with
team invites
Team owners can terminate sharing
relationship with shared channels from
other teams
Shared channels inherit labels from the
team on creation
Team owners are always in control
18. M365VIRTUALMARATHON.COM #M365VM
Only in-tenant members can be channel
owners
Channels owners manage the membership
and channel life cycle
Removing a member from the team does
not remove them from shared channels if
the channel was shared with them directly
Last owner of a shared channel cannot be
removed from the team
If a shared channel becomes ownerless
(user leaves company), an existing in-tenant
channel member is auto-promoted
Can override default channel settings
inherited from the team
Channel owners are in empowered
22. M365VIRTUALMARATHON.COM #M365VM
Share and co-author files
Meet with your team directly
Collaborate on Apps in real-time
Security and Compliance capabilities
More Shared Channel Features
25. M365VIRTUALMARATHON.COM #M365VM
Azure Active Directory (AAD) is Microsoft Azure’s
cloud-based identity and access management
service.
Features in Azure AD
Authentication (employees sign-in to access
resources)
Single sign-on (SSO)
Azure AD Business to Business (B2B)
Understand features in Azure Active Directory
Azure AD - Contoso
Identities
26. M365VIRTUALMARATHON.COM #M365VM
Define external users
User A : Member user in your organization
User B : Business account ( Azure AD account )
User C : Consumer email account (with
Outlook.com, Gmail.com, or others).
User D : Anonymous user without authenticating
Work with external users in Microsoft Teams
Azure AD - Contoso
User A
User C
( Social identities )
Azure AD - Fabrikam
User B
User D
(Anonymous user )
27. M365VIRTUALMARATHON.COM #M365VM
Enable access permission to an entire external domain
Allow find, call, chat, and set up meetings
External access (federation)
Azure AD - Contoso
User A
Azure AD - Fabrikam
User B (External)
28. M365VIRTUALMARATHON.COM #M365VM
Gives access permission to an individual
Allow chat, teams, channels
Guest access
User B
Azure AD - Contoso
User A
Azure AD - Fabrikam
User B (Guest)
User C (Guest)
User C
29. M365VIRTUALMARATHON.COM #M365VM
Powers external collab on Shared channels
A new way to collaborate with people from other AAD orgs
Search for people from other AAD orgs using their email address
Share apps and other resources with people from other AAD orgs
without adding them to your directory as guests
External users can access a Teams shared channel without having to
switch orgs or sign in with a different account
People from other AAD orgs can be identified using (External)
annotation
B2B direct connect
30. M365VIRTUALMARATHON.COM #M365VM
Per-user policy for creation of shared channels. Default On.
Per-user policy for who can initiate/accept external sharing. Requires B2B
direct connect to be configured.
Manage channel lifecycle – create on behalf of, update, delete
Manage members – add/remove, promote/demote
External Access: 1-1 Chat, calls and meetings among cross tenant users
PowerShell & Graph API support
Granular controls for Team admins
31. M365VIRTUALMARATHON.COM #M365VM
Built for seamless collaboration with internal and external partners
Rich set of Governance, Compliance and Management capabilities
Sharing with externals OFF by default, with controls for sharing with
selected tenants
Host tenant and team policies apply to all channel members
No change to standard and private channel behavior
Currently in Public preview
Summary
32. MICROSOFT 365 VIRTUAL MARATHON 2022 MAY, 4. – 6. 2022
Follow the Road Map
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=Microsoft%20Teams
With Microsoft Teams Connect, Microsoft is making it easier to collaborate with anyone outside your organization. You can use Team’s full suite of collaboration capabilities with external partners in other Azure AD orgs, the same way you use them with colleagues from your organization. Shared channels enables people from different orgs to work together as one team in a shared space for a more structured, deeper and longer-term collaboration.
Microsoft Teams is a hub for teamwork, which brings together everything a team needs: chat and threaded conversations, meetings & video conferencing, PSTN calling, content collaboration with the power of Office 365 applications, and the ability to create and integrate apps and workflows that your business relies on.
Microsoft Teams Connect
One question that we hear a lot from customers is:
Where is my data stored?
Let’s first talk about Chat
Chat in Teams is persistent- which means that it is stored in its entirety – and it uses its own storage.
1:1 and group chats are already stored in Cosmos DB today and we are working to move channel conversations soon.
We also keep a copy of your conversations in Exchange – to enable some our security and compliance capabilities.
For 1:1 or group chat: The messages will be stored in a hidden folder in each participant’s mailbox.
For conversations that take place within a channel: The messages are stored in the mailbox of the O365 group that is attached to the Team.
Any media is stored in a media store, separately.
In terms of files, Teams leverage SharePoint and OneDrive
If I share a file in a 1:1 or group chat, it gets stored in my OneDrive for Business and all participants on that chat are automatically given permission to access it.
Similarly, if you share a file in a channel, it is stored in the corresponding folder within the SharePoint site that is attached to the Team. All members of the Team automatically have the right permissions to access it.
This makes it really easy for people to collaborate and share files because they don’t have to take an extra step to grant permission, it all happens automatically.
Voicemail is stored in your exchange mailbox, Calendar and Contacts are also stored exchange as you can imagine
Meeting Recording is initially stored in the same media store we use for images, but it is then encoded and stored in SharePoint and OneDrive for consumption. The recording is purged from the media store within 24 hours
Finally, we capture Telemetry data and we have very strict rules for this. For example, it cannot contain what we call end-user identifiable information or customer content. We scrub things like email addresses and channel names.
When you chat in Teams, that goes down to the chat service. And then we have a service internally that we refer to as substrate. That looks at the chat and decides what to do with it.
If you have a 1:1 chat with someone, then that chat is posted to a hidden folder in the user mailbox of all participants of that conversation
If you have a team conversation, that chat is posted to the group mailbox.
Then files, we talked about that, either SP or ODfB.
And OneNote/Wiki is actually physically stored in the SP as well
In doing that, all the information protection tools that you might be using with Exchange and SP today become available for you.
Worth calling out: Today the information protection features only work when the mailbox is online (it will not work when the mailbox is on-premise), but we are working on it in the first half of the next calendar year to provide support for On Prem users.
Funny Story for Audit Logs: Developer delete and we found out.
Each shared channel backed by a dedicated SharePoint site collection.
• Custom template ID TEAMCHANNEL#1
• Enhanced SPO admin experience for managing channel sites
• No default channel folder in the document library
• Host tenant users can share with any member user within their tenant
• External users can seamlessly access Shared Channel site via B2B direct connect
• External users can share the file with members of the channel
• External audience/tenant awareness - External label on site header/usernames
• Shared channels support Meet now and Scheduled meetings
• Channel members are not, by default, added as meeting participants (like standard channels)
• Only host tenant users will be able to start a meet now or schedule a meeting
• External members can join an ongoing meet now meeting and join a scheduled meeting
Shared channels support tabs and connectors
• Support for Bots, message extensions and LOB Apps support in the works
• App SDK available in developer preview
• Apps must be installed in the team before they can be used in a shared channel
• Certain Office 365 group connected apps such as Planner coming later
Host compliance policies apply when a channel is shared with other tenants
Team continues to be unit of management. Channel inherits team sensitivity label & geo
eDiscovery – channel messages in dedicated mailbox, team eDiscovery search includes all associated
SharePoint sites for channels in team
Legal Hold – Only host tenant members can be put on legal hold
Information Barriers – Applies to host tenant members
Retention & DLP – Policy applied on the team will apply to all shared channels in the team
Monitoring & Auditing – Teams audit logs & AAD sign-in logs available.
Access Reviews - Will include B2B Connect users
Communication compliance – Supported on shared channels
Guests are added to your organization's Azure Active Directory as B2B users and must sign in to Teams using their guest account.
This means that they may have to sign out of their own organization to sign in to your organization.