Avoid the Microsoft Teams “Islands Mode” Trap
Lately I have been approached by a fair number of customers (both small as well as large...
An integral part of Microsoft Teams is the ability to attend meetings and live events. The appointments for these event types are usually planned directly via the personal calendar in a Microsoft Teams client. The calendar also enables quick and easy participation in meetings.
Microsoft Teams is an app platform for very different application scenarios. As part of this app platform, Microsoft provides us with the calendar app. This calendar app has access to the personal calendar in the Exchange mailbox and is responsible for displaying the calendar information. The app also provides the functions for planning new Teams meetings or live events.
You will not encounter functional problems with a mailbox in Exchange Online. Microsoft Teams and Exchange Online are native Microsoft 365 components. It just works. If you use on-premises, the situation is entirely different. The use of Microsoft Teams with on-premises Exchange mailboxes has some stumbling blocks for a functional implementation.
There are a few requirements for using on-premises mailboxes with Microsoft Teams. These requirements automatically define the stumbling blocks you can expect when you implement this architecture. The same is true for the expected troubleshooting steps in case of errors.
A Teams client does not access a user mailbox directly. The calendar app receives the necessary calendar information from the Teams backend services, a core component of the Microsoft 365 cloud services. The backend services communicate with the user mailbox to read the data from the calendar folder, process it, and make it available to the Teams client. The services rely on the AutoDiscover functionality of Exchange and find the required endpoints via an AutoDiscover V2 query. In contrast to version 1, AutoDiscover V2 is an anonymous query that is only supported by Exchange Online and newer Exchange Server versions.
As already mentioned, Microsoft Teams and Exchange Online's interaction is an integral part of Microsoft 365. As a result of this interaction, the Teams backend services always first send an AutoDiscover V2 query to Exchange Online, as this endpoint is reliably available. The backend services use this query to find the Exchange Web Services endpoint for calendar access based on the user's email address.
Exchange Online replies to the Teams Backend Services with the EWS address of Exchange Online, provided the mailbox is in Exchange Online. Or, more precisely, if the requested email address is a mailbox user.
Suppose the requested email address is assigned to a mail user. In that case, the Teams backend services receive an HTTP 302 redirect response to the local AutoDiscover endpoint and query the endpoint for the on-premises Exchange Web Services endpoint address.
You can easily use your browser to test AutoDiscover V2 for any email address. This is one of the more straightforward steps when troubleshooting the calendar app.
Two examples for finding the EWS or REST endpoints:
https://outlook.office365.com/autodiscover/autodiscover.json?Email=john.doe@varunagroup.de&Protocol=EWS
https://outlook.office365.com/autodiscover/autodiscover.json?Email=john.doe@varunagroup.de&Protocol=REST
After receiving the Exchange Web Services endpoint address, the Teams backend services establish an OAuth authenticated connection to the user's mailbox. For this, the OAuth setup between the on-premises Exchange organization and Exchange Online as trusted partner applications requires proper configuration.
OAuth authentication is only the first step in accessing a user mailbox. The architecture of modern Exchange Server versions poses additional challenges in DAG and multi-server environments. Every incoming connection passes through four components and can include a switch to another server. The four components are:
The proxy connection from step 2 to step 3 can lead to another server if the target mailbox's active database copy is mounted on that server. You can see that the on-premises Exchange organization's configuration plays the most critical role for Teams backend services accessing an on-premises mailbox.
Ensure your local Exchange organization's correct configuration and secure publication on the Internet before you plan to use Microsoft Teams with local mailboxes. The Remote Connectivity Analyzer supports you in checking the connections to your Exchange organization.
However, the complexity of accessing the personal calendar in Microsoft Teams is not the end of the discussion. Planning Teams meetings in a delegate scenario are just as tricky. In this situation, the Teams backend services connect to the manager mailbox and check the delegates calendar permissions. In addition to the protocol access described above, Outlook permissions play an essential role. Meeting planning as a delegate is only possible if the manager granted the permission via the Outlook delegate assistant. Assigning direct folder permissions is not sufficient.
Follow Microsoft's recommendations for a standard implementation of Exchange Server and connectivity with Microsoft 365 services. If this proves too difficult for your on-premises IT infrastructure, consider migrating your on-premises Exchange mailboxes to Exchange Online.
Troubleshooting the Teams backend services connectivity is a complex matter. You can read more about detailed troubleshooting steps in my three-part mini-series on the Teams Community Blog:
The use of on-premises mailboxes with Microsoft Teams is limited to the personal calendar. Personal contacts are not available in Microsoft Teams.
In addition to Microsoft Teams, using other Microsoft 365 services is only possible to some extent when using a local Exchange mailbox, i.e., Microsoft To-Do does not work with local Exchange mailboxes.
Using Microsoft Teams with on-premises Exchange mailboxes is a complex scenario. Without a correct configuration of your Exchange organization, the use of the personal calendar will fail. You have to plan and test the technical implementation before your users can use this function reliably. It is also helpful to know the connection paths between Teams backend services and on-premises Exchange Server to master error situations successfully.
Do not underestimate end-user training either. Providing clear and easy-to-understand instructions to your users can reduce the number of helpdesk tickets. Educated end-users play a vital role in democratizing and simplifying IT operations.
To ensure your Office 365 collaboration goals are met, monitoring usage and adoption is just the start. Put your users at the heart of your monitoring strategy by measuring their ability to perform essential tasks within key Office 365 applications.
ENow’s Office 365 End User Experience Monitoring and Reporting:
Gain true end-to-end visibility into how users experience Office 365 applications with ENow’s Office 365 End User Experience Monitoring and Reporting solution. Access your free 14-day trial today!
Lately I have been approached by a fair number of customers (both small as well as large...
There is no denying that as IT Pros we are writing more ‘code’ than ever before. I like to think of...