ESPC19 - Microsoft Teams Architecture Deep Dive
•Download as PPTX, PDF•
2 likes•486 views
This document provides an in-depth overview of the Microsoft Teams architecture including: - The logical architecture showing how messages, files, tabs, apps, and other components are stored and connected. - A deeper look at the various Microsoft services that power Teams like Exchange, SharePoint, and Azure. - Details on where different types of Teams data like messages, files, voicemails are stored. - The compliance boundary and how third-party services and data interact with Teams. - An overview of the Teams client architecture across different platforms and technologies used. - Settings and admin roles for managing Teams at the tenant, team, and channel level including with PowerShell.
Recommended
More Related Content
What's hot
What's hot (20)
Similar to ESPC19 - Microsoft Teams Architecture Deep Dive
Similar to ESPC19 - Microsoft Teams Architecture Deep Dive (20)
More from Maarten Eekels
More from Maarten Eekels (20)
Recently uploaded
Recently uploaded (20)
ESPC19 - Microsoft Teams Architecture Deep Dive
- 1. MICROSOFT TEAMS ARCHITECTURE DEEP DIVE MAARTEN EEKELS - @maarteneekels CHIEF DIGITAL OFFICER PORTIVA MICROSOFT MVP & REGIONAL DIRECTOR
- 2. MICROSOFT TEAMS LOGICAL ARCHITECTURE Message Images, Emojis, Stickers, Recordings Contacts Teams Chats Voice Chat OneDrive for Business Tabs Apps Calling Meetings Voice mail Team Office 365 Groups Channel SharePoint Reply Chain Tabs Activity Feed Apps Folder SharePoint Folder TEAMCHANNEL#0
- 3. ARCHITECTURE – A BIT DEEPER Services Most recent files Telemetry Files Files Web Companions Notes Calendar AAD MessagingSettings and O365 access OneNote OneDrivefor Business WAC Other Workloads Connectors Audio / video Search Notification service SMTP SharePoint Publish / Subscribe Push Notifications Exchange Experimentation MRU Teams services Calling / Meeting PSTN Teams Clients Desktop iOS App Android AppElectron Web Chat & Presence services Exchange Information Protection Graph Webhook Stream Recording Bots Graph API Email service Policy
- 4. WHERE IS EVERYTHING STORED? Image Files Voicemail Message Recording Calendar meeting Contacts Media service on Azure (using Blob storage) Team files SharePoint Chat files OneDrive for Business Individual mailbox in Exchange Chat service table storage (moving to Cosmos DB) Media service on Azure (using Blob storage) (<24 hours) Individual mailbox in Exchange Exchange Ingested to Exchange to enable compliance Ingested to Exchange to enable compliance Encoded to Stream Telemetry Microsoft Data warehouse (No customer content)
- 5. DATA FLOWS AND THE COMPLIANCE BOUNDARY compliance boundary Microsoft Teams Email a channel Connectors Calling Plan (PSTN) Push Notifications (Mobile) Other Cloud storage (3rd party) Giphy 2-way communication Inbound data Outbound data Data posted to a channel Data posted to a channel Query to Giphy Push notifications to Apple or Google to notify mobile client Optional Box, Dropbox, Google drive, Citrix ShareFile Tabs Any third-party tab is hosted outside the compliance boundary Apps/Bots Any third-party App/bot or line of business app is hosted outside the compliance boundary Graph API Graph APIs can be exposed to line of business apps or 3rd party apps Enables inbound/outbound calling outside the organization User Browser, Desktop ,MobileStandard Teams user Guest userGuest added via AAD B2B Anonymous join to a meeting Anonymous user joining a meeting Federation communication Communication between multiple tenants URL Preview Get a preview of a URL that is posted to a message
- 6. TEAMS CLIENT ARCHITECTURE Web Windows Mac iPhone/iPad Android Angular → React Electron Desktop Mobile jQuery, lodash, etc. (200+ Open Source Components) iOS Android TypeScript, Node, SASS Swift Java HTML5/CSS C++ Objective C (Some) React Native
- 7. MEMBERSHIP AND ROLES Team Owner Team Member Team Guest Create team - - Leave team Edit team name/description - - Delete team - - Add channel * * Edit channel name/description * * Delete/restore channel * * Edit messages * * Delete messages * * * Add members - - Add tabs * - Add connectors * - Add bots * - * Can be restricted through Team Settings by the owner
- 8. TEAMS ADMIN ROLES • Teams Service Administrator: The overall Teams workload admin, who can also manage and create O365 Groups. • Teams Communication Administrator: This role can manage meetings and calling functionality in Microsoft Teams. • Teams Communications Support Engineering: Users who are assigned this role have access to advanced call analytics tools. • Teams Communications Support Specialist: This role has access to basic call analytics tools. • Group Administrator: Users in this role can create/manage groups and its settings like naming and expiration policies.
- 9. SETTINGS ON TENANT LEVEL
- 10. SETTINGS ON TEAM LEVEL
- 11. SETTINGS ON CHANNEL LEVEL
- 12. MANAGE TEAMS WITH POWERSHELL Install-Module -Name MicrosoftTeams Get-Team $groupId = (Get-AzureADGroup -SearchString “<group name>").objectId Get-Team -GroupId $groupId | fl Set-Team -GroupId $groupId -<setting name> <boolean>
- 13. RESTRICT TEAMS CREATION Azure Active Directory versie 2 PowerShell module required Connect-AzureAD Get-AzureADDirectorySetting $Policy = Get-AzureADDirectorySettingTemplate –Id 62375ab9-6b52- 47ed-826b-58e47e0e304b $Setting = $Policy.CreateDirectorySetting() $Setting[“EnableGroupCreation”] = “false” $Setting[“GroupCreationAllowedGroupId”] = “your group ID” New-AzureADDirectorySetting -DirectorySetting $Setting https://docs.microsoft.com/en- us/powershell/azure/overview?view=azureadps-2.0
- 14. EXTERNAL GUEST ACCESS • Default setting: Off for tenants / On for individual Teams • Disabling or enabling external guest user access for individual Teams is only possible through PowerShell $template = Get-AzureADDirectorySettingTemplate | ? {$_.displayname -eq "group.unified.guest"} $settings = $template.CreateDirectorySetting() $settings["AllowToAddGuests"]=$False $groupID = (Get-AzureADGroup -SearchString “<your group name").ObjectId Get-AzureADObjectSetting -TargetObjectId $groupID -TargetType Groups | fl Values New-AzureADObjectSetting -TargetObjectId $groupID -TargetType Groups -DirectorySetting $settings Get-AzureADObjectSetting -TargetObjectId $groupId -TargetType Groups | Set-AzureADObjectSetting -TargetObjectId $groupId -TargetType Groups -DirectorySetting $settings
- 15. DEMO
- 16. GROUPS EXPIRATION POLICY • Activity based renewal is on by default
- 17. NAMING CONVENTIONS Get-AzureADDirectorySetting $directorySetting = Get-AzureADDirectorySetting -Id 92efeacc-89c6-4c16-b1cf-107aaf87f7dc $directorySetting.Values $directorySetting["PrefixSuffixNamingRequirement"] = "Grp_[Department]_[GroupName]" $directorySetting["CustomBlockedWordsList"]="Payroll,CEO,HR" Set-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ).id -DirectorySetting $directorySetting
- 19. ARCHIVING TEAMS
- 20. GRAPH API
- 21. DEMO
Editor's Notes
- To add your image, first delete the place holder image as shown in the white box. Then insert your picture and scale it to be bigger than the size of the white box shown. Finally, right click on your image and select ‘Send to back’ – your image should now be framed correctly.
- This is the Pre-Title Screen. Please do not place any content on this screen.