Getting started with MS Teams guest access

Finally guest access for Teams is RTM as you can read here and here.

I know pretty much every user in Ms Teams has been dying to start using this feature, but before you start inivting your external contacts en masse for all your teams and projects, there are a few things you should know.

  1. Read up on the feature with its capabilities and restrictions! No, really! Do it first! It’s the top sentence in this blog post for a reason.
  2. The guest user must reside in Azure AD, Microsoft account (MSA) is not supported yet
  3. Before you invite, you must at a minimum be a Limited admin in your Azure AD with “Guest inviter” role. Normal users can’t invite guests by default. Also the Team admin must allow you to invite guests.dfsfgeh2rwdf
  4. You need to enable guest access in your tenant
  5. The guest account can’t browse your Azure AD314ewdfsdfsg
  6. In the Teams client you must manually select which tenant you want to access. Teams in other tenants won’t show up side by side with yours.sdf346tgff

 

That’s it, a nice and quick blog post this time. See you in a Team I hope 😉

Setting up Office 365 using Azure DNS

Do you use Azure DNS? Azure DNS provide hosting of your DNS zones in the Azure infrastructure meaning that not only do you get the fault-tolerance, audit logging and SLA (99.99%) but you can also manage your DNS zones using Powershell. I recommend you read about it on https://docs.microsoft.com/en-us/azure/dns/dns-overview including the FAQ and pricing information.

Implementing Office 365 requires a bit of DNS changes, and using Powershell this is very, very easy in Azure DNS. You need an account in Azure with admin-rights for Azure DNS, the name of the zone and the resource group it belongs to.

Change the input values to match the your environment and run this script from an editor (Powershell ISE or Visual Studio Code)

# This script automatically configures Azure DNS for O365
# Written by Per-Torben Sørensen (per-torben.sorensen@advania.no)
#
# Version: 1.0
#*********************************************************************************************
#
# Input values below
$azureadmin = “me@example.onmicrosoft.com” # admin user in azure portal with DNS rights
$ttl = “600” # TTL for all records (in seconds)
$zonename=”azure.contoso.com”
$rgname = “testazuredns” # Use Get-AzureRmDnsZone after login to find this
$proofvalue = “MS=ms12345678” # Proof of ownership from the Office 365 portal
#
#*********************************************************************************************
#
# Variables below
$cred = Get-Credential -Message “Log on” -UserName $azureadmin
$runscript = $false # Failsafe for accidental running
#*********************************************************************************************
if ($runscript -eq $false)
{
Write-Host -ForegroundColor Red “Do NOT run this script non-interactively! Run from editor”
return
}
# Log on Azure RM and set DNS variable
Login-AzureRmAccount -Credential $cred
$dnszone = Get-AzureRmDnsZone -Name $zonename -ResourceGroupName $rgname
#
# Creating first TXT record (Proof of domain ownership)
New-AzureRmDnsRecordSet -Zone $dnszone -Name “@” -RecordType TXT -Ttl $ttl -DnsRecords (New-AzureRmDnsRecordConfig -Value “$($proofvalue)”)
#
# Create CNAME records
New-AzureRmDnsRecordSet -Zone $dnszone -Name “autodiscover” -RecordType CNAME -Ttl $ttl -DnsRecords (New-AzureRmDnsRecordConfig -cname “autodiscover.outlook.com”)
New-AzureRmDnsRecordSet -Zone $dnszone -Name “sip” -RecordType CNAME -Ttl $ttl -DnsRecords (New-AzureRmDnsRecordConfig -cname “sipdir.online.lync.com”)
New-AzureRmDnsRecordSet -Zone $dnszone -Name “lyncdiscover” -RecordType CNAME -Ttl $ttl -DnsRecords (New-AzureRmDnsRecordConfig -cname “webdir.online.lync.com”)
New-AzureRmDnsRecordSet -Zone $dnszone -Name “msoid” -RecordType CNAME -Ttl $ttl -DnsRecords (New-AzureRmDnsRecordConfig -cname “clientconfig.microsoftonline-p.net”)
New-AzureRmDnsRecordSet -Zone $dnszone -Name “enterpriseregistration” -RecordType CNAME -Ttl $ttl -DnsRecords (New-AzureRmDnsRecordConfig -cname “enterpriseregistration.windows.net”)
New-AzureRmDnsRecordSet -Zone $dnszone -Name “enterpriseenrollment” -RecordType CNAME -Ttl $ttl -DnsRecords (New-AzureRmDnsRecordConfig -cname “enterpriseenrollment.manage.microsoft.com”)
#
# Modifies the existing TXT record
$txtrecord = Get-AzureRmDnsRecordSet -Zone $dnszone -Name “@” -RecordType TXT
Add-AzureRmDnsRecordConfig -RecordSet $txtrecord -Value “v=spf1 include:spf.protection.outlook.com -all”
Set-AzureRmDnsRecordSet -RecordSet $txtrecord
#
# Create SRV records
New-AzureRmDnsRecordSet -Zone $dnszone -Name “_sip._tls” -RecordType SRV -Ttl $ttl -DnsRecords (New-AzureRmDnsRecordConfig -Priority 100 -Weight 1 -Port 443 -Target sipdir.online.lync.com)
New-AzureRmDnsRecordSet -Zone $dnszone -Name “_sipfederationtls._tcp” -RecordType SRV -Ttl $ttl -DnsRecords (New-AzureRmDnsRecordConfig -Priority 100 -Weight 1 -Port 5061 -Target sipfed.online.lync.com)
#
# Set MX record – THIS CHANGES THE MAIL FLOW!
#
$exchadr = ($zonename -replace “\.”,”-“)
$exchadr +=”.mail.protection.outlook.com”
$mxrecords = @()
$mxrecords = New-AzureRmDnsRecordConfig -Exchange $exchadr -Preference 0
New-AzureRmDnsRecordSet -Zone $dnszone -Name “@” -RecordType MX -Ttl $ttl -DnsRecords $mxrecords
#
# This line allows you to select one or several DNS records and delete them from zone
Get-AzureRmDnsRecordSet -Zone $dnszone | Out-GridView -Title “Select record to delete” -OutputMode Multiple | Remove-AzureRmDnsRecordSet
#

Welcome to Hyper-V (and my blog)

Hello and welcome to my very first blog post ever. I’ve decided to start blogging about all the wondrous technology and solutions I bump into on a daily basis and if you are reading this I hope this can provide both entertaining and educational value to you. I’ll kick it off nice and easy with a quick introduction to Hyper-V and server virtualization.

Hyper-V is a type 1 hypervisor which Microsoft provides both as a free product and included in the 64 bit versions of the Windows server 2008 (and later) server family with some restrictions. Hyper-V provides an easy, cost-effective and secure way to implement server virtualization without having to purchase additional 3rd party products. But why should we virtualize our servers?

In the traditional serverroom scenario we have dedicated server hardeware for each server which leads to a tremendous amount of hardware to purchase, power consumption, heat and maintenance. In addition these servers tend to be very underutilized so the benefits of the powerful hardware is mostly wasted. Using virtualization you can create and run several virtual servers on one physical box and get a lot more computer power in return of your investments. The heat generated and power consumption falls drasticly and there’s alot less hardware then needs maintenance and replacement. One should be a little careful however and keep in mind that if one server breaks it can bring many servers down, but there are several ways to provide redundancy in such a scenario. Once again planning and designing is half the job.

Another clear advantage with virtualization is that servers can easily be provided with more disk, memory and CPU power when needed, for example by providing more resources or even moving the virtual server over to a physical box with more resources. In addition, backup and restore of servers are siginifically easier as the entire server and its configuration basically is a small set of files.

I will wrap this up for now, but there will be many more posts about virtualization in different forms. I hope you all have enjoyed this post and I’ll go much deeper into this in my later posts. Feel free to add any comment you may have. Thank you