you will see many organizations looking at how they can migrate their communications workloads to Teams. This is actually such an important part of the planning to deploy Teams that there is a whole part of the exam dedicated to it.
Teams is one of the most rapidly evolving products that Microsoft has ever produced and has come on in leaps and bounds since it was first launched in March 2017. This makes it exciting to work with but can also present challenges. What was not possible yesterday could be available tomorrow, buttons could move around the UI, or new sections could appear in the Teams Admin Center (TAC).
This section has set the scene for why Teams is a fun product to work with. It covers a lot of different areas, which may seem daunting a first, especially if you have not dealt with some of them before, such as PSTN telephony, but this is what makes Teams really rewarding to deploy. It is so powerful and can truly transform how companies operate, and you get to help them do that!
Managing Teams
It is important that we look at the different tools that are available to help you carry out management tasks in Teams and understand how different configuration settings take precedence when applied to your environment. For example, what happens when users have individual or group settings applied that are different from your company defaults?
Management Tools
Essentially, you will need to use two types of tools to accomplish the management tasks covered in the rest of this book: web portals and PowerShell (and if you advance, you can do some automations with the Microsoft Graph API, but that is beyond our scope for now).
Web Portals
Web-based portals are the bread and butter of modern management platforms; they can be accessed via pretty much any modern browser and are sophisticated in terms of the visibility and level of access they provide. For Teams, there are four main administration portals that you will be using:
Microsoft 365 admin center
Azure Active Directory admin center
Microsoft Teams admin center (TAC)
Call Quality Dashboard (CQD)
These portals will let you perform the most common configuration tasks and give you insights into what is happening in your tenant. Be aware that they are evolving rapidly, especially the Teams administration center, so you may find that items get moved or reorganized as new functionality is added.
Microsoft 365 Admin Center
This is the primary portal for managing your O365 tenant and is accessed via portal.office.com/adminportal/home (see Figure 1.8).
FIGURE 1.8 M365 admin center
The landing page for the portal can be customized with “cards” to give you an overview of things relating to your tenant such as service health, domain issues, billing information, and service tips. You are likely to see some Teams adoption advice posted here.
USER MANAGEMENT
You can view all the users who are part of your tenant and perform basic configuration tasks for them such as changing names, setting primary email addresses, and choosing what user level licenses to assign. There is also section that shows guest users who have been given access to resources in your tenant without requiring you to provide a dedicated account or provide licenses.
BILLING
Here you can see what licensing subscriptions you are signed up to and can modify payment methods and view past and present invoices. Be aware that for most enterprise tenants, the majority of license billing will be handled through a third-party large account reseller (LAR), which will deal with the subscription plans, terms, and discounts.
SETTINGS
From here you can configure some settings to apply across your entire tenant, especially for applications/services that do not have their own dedicated management consoles (for example, you can disable sharing lists with external users for To-Do here). You can also control and manage the different domains that are associated with your tenant. When you first create a tenant, you will have to specify a unique subdomain of <something>.onmicrosoft.com, but chances are for any normal tenant, you will want to use your own custom domain with the service (these are called vanity domains). From here you can view the status of each domain you have added and modify DNS records if you have given O365 control of them. Many O365 services, such as Teams, rely on special DNS records for their correct operation, so this part of the console can check for any anomalies that may affect your service.
REPORTS
This gives you access to some reports that provide an overview of user activity for your tenant; here you can see the number of active users for each core service. This can be helpful when you are doing your Teams deployment to make sure that usage is tracking along with your deployment schedule, and if not, it lets you re-evaluate your user adoption planning.
HEALTH
This section gives an overview of each O365 service and any issues or service degradations that might be affecting your environment. The Message Center is used to provide notifications of upcoming changes in the O365 service that may impact your users.
Azure Active Directory Admin Center
This is available at aad.portal.azure.com (see Figure 1.9). You might wonder why you need to be aware of the Azure admin center to manage Teams, because Azure is not strictly part of the O365 suites. Behind each O365 tenant is an Azure Active Directory (AAD). This acts as the identity management platform storing user accounts, groups, and other security/identity information needed to support the other Microsoft cloud-based products. Think of it in much the same way that the “traditional” Microsoft on-premises server products required Active Directory (AD) to operate.
The user data stored in Azure AD can be synchronized from an on-premises AD environment or it can operate in a stand-alone mode. It can have the following types of identities:
Cloud identity: Accounts that only exist in AAD.
Synchronized identity: Accounts that are synchronized from an on-premises AD along with their password information.
Federated identity: Synchronized from an on-premises AD but without a password. When an account needs to be authenticated this is done through some form of a federation gateway that checks the provided password against the one stored in the on-premises AD, for example using Active Directory Federation Services
