Microsoft Defender Vulnerability Management
The value proposition for the services in the EM+S E5 suite does not seem like it has been...
With the work from home going on due to the COVID-19 crisis there’s an increasing demand for tools like Zoom, Skype for Business and Teams. While Zoom is doing a great job for personal use, I prefer Skype for Business or Microsoft Teams for business use.
Rolling out Skype for Business in your organization is not something you will do on a Friday afternoon (remember that Microsoft will decommission Skype for Business Online) so Teams is a great candidate for cloud-based messaging and collaboration.If you have a Microsoft E1, E3 or Microsoft 365 Business license you already have Microsoft Teams available, but when you have Exchange running on-premises chances are that you don’t have these licenses. That’s where the Microsoft Teams Exploratory licenses can be useful. The Microsoft Teams Exploratory license is a free subscription for trial purposes. At the moment of writing the Microsoft Exploratory license is free at least until January 2021. After this date you have to buy a regular license that fits your needs. But until that time it’s free of charge.
To activate the Microsoft Exploratory License you have to logon to Microsoft Teams (via https://teams.microsoft.com) with a user account that has no license assigned to it. It takes 20 or 30 seconds after the initial logon, but then it automatically activates the Exploratory License and one (out of 100 available) is assigned to the account you just used to logon to Teams. The tenant administrator will receive an email that the Exploratory license is activated:
Teams as part of the Microsoft Exploratory License is just a regular Teams license with all the features and functionality available in all Teams licenses, but the Exploratory License contains a lot more services then just Teams, for example SharePoint Online, Exchange Online (P1), Office for the Web, PowerApps and Whiteboard are also available in this trial license:
But the starting point of this blogpost is that you have an on-premises Exchange environment, and you want to integrate this with the Microsoft Teams environment we just activated. For this to work you need to connect your on-premises Active Directory to Azure Active Directory using Azure AD Connect and you need to have Exchange 2016 CU3 or higher. I’m sorry to say, but it does not work with Exchange 2013 or Exchange 2010, not even when you have a mixed Exchange 2010/2016 or 2013/2016 environment. But the good news is, you don’t need any hybrid configuration for integrating Teams into your on-premises Exchange 2016 environment, only a fully operational Azure AD Connect server will do.
Microsoft Teams is using Oath to authentication client requests on the Exchange 2016 and this needs to be configured. The latest versions of the Hybrid Configuration Wizard should configurate this automatically, but so far I haven’t seen this in real life. And if you don’t want or don’t want any hybrid configuration you must configurate OAuth manually.
Configuration Oath in your on-premise environment consists of the following steps:
I have written a blogpost before () where these steps are explained. The blogpost I have was written for an environment where the Hybrid Configuration Wizard has been run, but the first five steps are identical, but step 6 was executed by the Hybrid Configuration Wizard.
I have written a blogpost before (Configure OAuth Authentication in Exchange 2016) where these steps are explained. The blogpost I have was written for an environment where the Hybrid Configuration Wizard has been run, but the first five steps are identical, but step 6 was executed by the Hybrid Configuration Wizard.
So, if you haven’t run the Hybrid Configuration Wizard you have to run step 6 as well which actually consists of two steps:
To create an IntraOrganizationConnector from your Exchange 2016 environment to Office 365 you have run the following Command in Exchange Management Shell on your Exchange 2016 server:
$ServiceDomain = Get-AcceptedDomain | where {$_.DomainName -like "*.mail.onmicrosoft.com"} | select -ExpandProperty Name
New-IntraOrganizationConnector -name ExchangeHybridOnPremisesToOnline
-DiscoveryEndpoint https://outlook.office365.com/autodiscover/autodiscover.svc
-TargetAddressDomains $ServiceDomain
Note. If you don’t have an accepted domain in your on-premises environment like @contoso.mail.onmicrosoft.com you can retrieve this domain from your Microsoft Online Portal (under domains).
To create the inbound IntraOrganizationConnector you must use the Exchange Online Management Shell (use Connect-ExchangeOnline in your local PowerShell and login using your tenant admin credentials). In the Exchange Online Management Shell execute the following command:
New-IntraOrganizationConnector
-name ExchangeHybridOnlineToOnPremises
-DiscoveryEndpoint https://autodiscover.contoso.com/autodiscover/autodiscover.xml
-TargetAddressDomains contoso.com
For testing purposes, you can use the Test-OAuthConnectivity commands in both Exchange 2016 and Exchange Online. To test the Oauth part from Exhange 2016 to Exchange Online execute the following command in Exchange 2016 Management Shell:
Test-OAuthConnectivity -Service EWS
-TargetUri https://outlook.office365.com/ews/exchange.asmx
-Mailbox <onpremuser@contoso.com> -Verbose | Format-List
This will give big chunk of output on the console, but the ResultType should be Success as shown in the following screenshot.
To test the Oauth part from Exchange Online to Exchange 2016, execute the following command in an Exchange Online Management Shell:
Test-OAuthConnectivity -Service EWS
-TargetUri https://webmail.contoso.com/metadata/json/1
-Mailbox <onlineuser@contoso.com> -Verbose | Format-List
Again, this will give a lot of output on the console, and it should look similar as shown in the previous screenshot.
When you have all this in place and start the Teams client you will see that the Calendar icon appears in the Teams client and that the contents of the calendar will be visible as shown in the following screenshot.
When you have an on-premises Exchange environment and you want to use Microsoft Teams you can use the Microsoft Teams Exploratory License. This is an extended trial license, which is in trial mode to at least January 2021.
To integrate this into your on-premises Exchange 2016 environment you have to enable Oauth Authentication in your on-premises environment.
Once enabled the Exchange 2016 calendar will be visible in the Microsoft Teams client, which will make your users happy.
One remark though, although chat history will be stored (in Microsoft Azure) it will not be visible in the on-premises Mailbox. This feature is only available for mailboxes in Exchange Online. The process for copying content from the central storage into the user’s mailbox simply cannot access the on-premises mailbox to accomplish this.
Monitor Teams in a single pain of glass with ENow's OneLook dashboard. Mailscape 365 uses synthetic transactions to actively probe for faults and failures, so you can trust the results to accurately mimic what your end-users see and experience.
Have questions on Teams monitoring? Chat with our bot and it will connect you with one of our representatives.
Jaap is a Microsoft MVP for Office Apps and Services. Jaap is an independent consultant, primarily focusing on Exchange server, Skype for Business and Office 365.
The value proposition for the services in the EM+S E5 suite does not seem like it has been...
Microsoft Defender for Office 365 (MDO) is Microsoft’s response and feature set when it comes to...