FIGURE 1.14 Policy list for a user in the TAC
You can typically assign policies directly to users (either individually or in bulk) or auto-apply them based on group memberships. If no specific policies are assigned, the org-wide policy (this will be called global if you are using PowerShell) will apply. This gives good flexibility when deciding how best to apply policies, but does mean that you need to carefully consider what settings you want to place in the org-wide versus individual policies and weigh the administrative overhead of managing/assigning policies. For example, do you put the most restrictive settings into the org-wide policy and then remove these restrictions as required with individual policies, or vice versa? This will mostly depend on your company culture and what the risks might be of having a user picking up the wrong policy by mistake. The best rule of thumb is to try to keep things simple and not make things too complex, which usually means putting the most common settings into the org-wide policies and then only modifying them as required for users after that.
As a user can have only one effective policy, there is an order of precedence applied to determine which settings a user will get. They are applied as follows:
1 Policy directly assigned to a user
2 Policy inherited from groups (by rank order)
3 Policy inherited from org-wide policy
This is great until you realize that you can have a user who is a member of more than one group that you are using to apply policies. Fortunately, when you assign policy objects to groups, you have to specify a policy ranking. The rankings are a numerical value with number 1 being the highest rank. If a user who does not have an individual policy assigned is a member of more than one group with a group policy assignment configured, they will take their settings from the highest rank (but lowest number!) policy. Group assignments for policies are dynamic, so as users are added or removed from the groups, their settings will be modified, but these changes will be subject to O365 replication delays, so they are unlikely to apply immediately. The TAC will show you what policies are being applied to a user if you look up their specific user account and find the Policy tab.
To learn more about assigning policies, visit docs.microsoft.com/en-us/microsoftteams/assign-policies.
Summary
In this chapter, while we have not covered any specific exam content, we have looked at some of the basic principles behind what Teams does and how you can manage it. It is essential that you have a good grasp on the fundamentals of how Teams operates and where it can add value to an organization so that you can understand the context for the chapters to come.
We started by looking at why Teams is a product that is seeing such rapid growth across many organizations today and how you can split its functionality into two broad categories of collaboration and communications.
Next we covered how Teams relies on some of the other O365 services and uses them to store its own information, as well as how it is licensed as part of the different O365/M365 offerings.
Then we covered some of the management fundamentals. You should have a good idea of how and where you can configure different elements of Teams, which is the knowledge you will need to follow along with the rest of the book as we delve deeper into all of the configuration options that you will need to be aware of.
Exam Essentials
Understand how and why an organization would benefit from using Teams. Understand what benefits a product like Teams can bring to a company by improving both its collaboration and communication capabilities. These benefits can apply equally for internal and external users.
Understand how Teams fits into the O365/M365 offerings. You should understand how Teams is positioned at the heart of Microsoft's O365 and M365 offerings and that it works by drawing a lot of other components together under one umbrella. For example, understand Team's use of SharePoint to support file sharing inside channels.
Understand the principles of Microsoft licensing plans. While no one could accuse Microsoft's licensing plans of being simple, you should have an understanding of the differences between the Personal, Business, and Enterprise plan options available. At the least, be familiar with the differences between the E1, E3, and E5 licensing types.
Know about the Teams management interfaces. Know about the Teams admin center, how to access it, and broadly what sort of configuration options are available—do not worry about specifics at this point as we will cover them as needed in the subsequent chapters. You should also be familiar with the basic workings of PowerShell and how it works by manipulating objects.
Understand the basic principles of Teams policies. Most Teams functionality is controlled through policies; be aware that you can apply policies at multiple levels (user, group-based, or org-wide) and what happens when a user has more than one applicable policy configured.
Exercises
EXERCISE 1.1 Opening the Microsoft 365 Admin Center
In this exercise, you will log into the M365 admin center and check your user licensing status just to familiarize yourself with the portal.
1 Open your browser and navigate to portal.office.com/adminportal.
2 Log in with an account that has tenant admin permissions.
3 Expand Users and select Active Users.
4 Use the search box on the right side to find your user account.
5 Select the user and look through the tabs in the pop-out window.
6 Under the Licenses and Apps section, view what licenses are assigned to your account.
7 If you are not licensed for Teams, enable it.
EXERCISE 1.2 Opening the Teams Admin Center
In this exercise, you will log into the TAC and check your user licensing status just to familiarize yourself with the portal.
1 Open your browser and navigate to admin.teams.microsoft.com.
2 Log in with an account that has Teams administrator permissions.
3 Select Users from the left menu.
4 Use the search box on the right side to find your user account.
5 Select the Policies tab and look at what policies you have configured for the account.
EXERCISE 1.3 Connecting to Teams PowerShell
In this exercise, you will set up and connect to the Teams PowerShell management interface.
1 Open a PowerShell window with administrative permissions.
2 Install the Microsoft Teams module using this:Install-Module -Name MicrosoftTeams
3 Connect to the Teams PowerShell interface using this:Connect-MicrosoftTeams
4 Return a list of teams in your environment using this:Get-Team
5 Now connect to Skype for Business Online using this:$SfBOnlineSession = New-CsOnlineSession Import-PSSession $SfBOnlineSession
6 Return a list of online users using this:Get-CsOnlineUser