Skip to main content

Azure DevOps and creating your Cloud Adoption Framework

· 5 min read
Luke Murray
Luke Murray
Author

Do you want to make a start on Azure Adoption and Governance, Server Migration or Azure Virtual Desktop and do not know where to start, or whether you are asking the right questions?

If you want to create a framework for your cloud adoption or migration plans, you can look at... using Azure DevOps Demo Generator

Azure DevOps is not only a continuous integration and deployment tool, along with the Repos, Pipelines, Test plans and Artifacts – there is Azure Boards, with Boards you can plan and track your work items and use the Kanban board functionality to easy update or track your work in progress items and add to the backlog, although Agile squads and sprint planning organizations primarily use Azure Boards – it does not have to be.

The Azure DevOps Board’s come with your MSDN license or free under the Basic plan for the first 5 users.

The Azure DevOps Demo Generator can create projects in your Azure DevOps organization, already prepopulated with relevant Epics, Features and Tasks that can help you on your cloud journey!

Azure DevOps Demo Generator

There are many prepopulated projects in the Demo Generator, from Security to Learning; you can even import prepopulated templates from other people.

The ones we are going to concentrate on is the: Cloud Adoption Framework projects.

Azure DevOps Generator - Choose a template

The following projects are available under the Cloud Adoption Framework heading to help you on your journey (as of the date this article was published):

ProjectDescription
Cloud Adoption PlanThe Cloud Adoption Plan template creates a backlog for managing cloud adoption efforts based on the guidance in the Microsoft Cloud Adoption Framework.
CAF Strategy-Plan-Ready-GovIn this checklist we share all the decision points needed to successfully build a Cloud Adoption Plan as well as the Landing Zone with Governance
ServerMigration_CAF_DevOps_ProjectTaskListServer migration has many different activities. In the Azure DevOps Project we will provide the steps necessary to go from zero to a complete Server migration and management.
AKS_CAF_DevOps_Project_TaskListAKS deployment has many different activities. In the Azure DevOps Project we will provide the steps necessary to go from zero to a complete AKS deployment and management.
SQL MigrationSQL migration has many different activities. In the Azure DevOps Project we will provide the steps necessary to go from zero to a complete SQL migration and management.
Windows Virtual DesktopProject work plan templates in Azure DevOps that provide the steps necessary to go from zero to a complete WVD deployment with ongoing management
Knowledge MiningKnowledge project simplifies the process of accessing the latent insights contained within structured and unstructured data. Use this project to help you address all the steps.
Azure Governance ReadinessThe standalone Azure governance project provides guidance and tools on how to ensure that your Azure environment is governed in the correct way.
Modern Data WarehouseBuild your modern data warehouse using this ADO checklist of items, in this checklist we have links to assets, code and learning material.
Retail Recommender with Azure SynapseThis Solution Accelerator is an end-to-end example on how to enable personalized customer experiences for retail scenarios by leveraging Azure Synapse Analytics, Azure Machine Learning Services, and other Azure Big Data services.
Modern IOTConnected sensors, devices, and intelligent operations can transform businesses and enable new growth opportunities. In this project you will get the work items needed to plan and implement your IOT solution using the Azure IoT Platform.

Once the project has been created, you can go into Azure Board and click on: Work Items.

If we take a look at the CAF Strategy-Plan-Ready-Gov Team one, we can see the Epics, Features and Tasks associated with Cloud Adoption:

Azure DevOps - Cloud Adoption Strategy

If we click Boards, we can see the Kanban board, the state of the Epics, features etc. and where they are.

Azure DevOps - Kanban

Depending on the Tasks, it may have a description of the task with links to the relevant documentation, such as this SQL Deployment and Migration testing:

Azure DevOps - Kanban

As you can see, the Azure DevOps Generator offers not only a place to track your progress but relevant data to help you put a framework around your cloud journey, and these projects work well with the Microsoft Cloud Adoption and Azure Well Architected Framework!

These are guidelines, and they do not need to be followed to the letter; however, in my opinion, they offer an excellent base to build your cloud adoption and implementations upon.

I have extracted the following work items from the projects as CSV, in case you prefer to start with excel or want to take a look at the epics, features and tasks that come with these projects:

Azure Resource Graph Explorer and the PowerShell Azure Resource Graph

· 6 min read
Luke Murray
Luke Murray
Author

Every now and again you come across something that you pay little attention to until you actually spend the time to sit down, work through and try to break stuff! The Azure Resource Graph was that for me!

The idea was to create an export of Azure Recommendations, directly from the Azure Advisor into PowerShell, Microsoft Azure has this functionality out of the box with a few tools:

Azure Graph Resource Explorer

The Azure Graph Resource Explorer is built into the Azure Portal, it can be found by going to https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade or by logging into the Azure Portal and typing in 'Resource Graph' and select Explorer.

Azure Resource Graph

The Azure Resource Graph Explorer, allows you to explore the Microsoft Azure Resource Graph, using inbuilt Sample Queries and the Kusto Query language.

The Powershell queries mentioned in the section below, started by clicking on the 'microsoft.advisor/recommendations' field and selecting Run Query.

advisorresources
| where type == "microsoft.advisor/recommendations"

Azure Resource Graph Explorer

I then clicked on the 'See Details' on the right-hand side to see all the details that were being brought in, in each object or row. Example below:

{
    "recommendationTypeId": "7262dc51-c168-41b5-b99b-b5b98f8fe50a",
    "extendedProperties": {
        "assessmentKey": "7262dc51-c168-41b5-b99b-b5b98f8fe50a",
        "score": "0"
    },
    "resourceMetadata": {
        "resourceId": "/subscriptions/0673a0bd-0c9b-483f-9aee-c44795ae739f",
        "singular": null,
        "plural": null,
        "action": null,
        "source": "/subscriptions/0673a0bd-0c9b-483f-9aee-c44795ae739f/providers/Microsoft.Security/assessments/7262dc51-c168-41b5-b99b-b5b98f8fe50a"
    },
    "shortDescription": {
        "solution": "Subscriptions should have a contact email address for security issues",
        "problem": "Subscriptions should have a contact email address for security issues"
    },
    "suppressionIds": null,
    "impactedField": "Microsoft.Subscriptions/subscriptions",
    "impactedValue": "0673a0bd-0c9b-483f-9aee-c44795ae739f",
    "lastUpdated": "2021-04-08T13:15:54.2870000Z",
    "category": "Security",
    "metadata": null,
    "impact": "Low"
}

And no, that isn't my real Subscription ID etc, I've replaced the field with randomly generated GUIDs.

We can see that there is a good amount of actionable data here such as:

  • This is a Security Category recommendation
  • It is Low Impact
  • The problem is that the Azure subscription should have a contact email address to be used for Security alerts and it does not have one set up (Oops!)

So we need to turn it into something a bit more useable, I know that the Azure Advisor has the following categories:

  • Cost
  • HighAvailability
  • OperationalExcellence
  • Performance
  • Security

The same syntax can be used for any of these categories, for my example, we will continue with Security, Looking at the Details (or Example above) we can see that Category is simply listed on its own at the top level, inside the 'microsoft.advisor/recommendations' field, so we now need to add another pipe to the query:

| where properties['category'] == 'Security'

This will now only select the 'Security' category. However as you can see below, it's hardly something you can action on or read.

Azure Resource Graph - Category 'Security'

The next step is to look into making it a bit more readable because we know this is a Kusto Language, its time to hit the Microsoft Docs page and read up about the 'Project Operator' - https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/projectoperator. Project = "Select the columns to include, rename or drop, and insert new computed columns." That sounds like what we want.

If we take a gander back at the 'Full Details' (or Example above) there are 3 fields I am looking at that would add the most value to a report or digest for the security posture of my Azure ecosystem:

  • Solution
  • impactedField
  • impactedValue

We now need to add our final pipe to remove everything we don't want and add the properties that make the most sense to use, because we are using multiple properties we will do it separated by commas. It's worth noting that unlike the 'Security' property above (and the impactedField, impactedValue), which was a top-level property, the Solution property is a sub-properties of 'shortDescription', so we have to select the shortdescription property and then expand out to the extended solution property like below:

| project properties.shortDescription.solution

That now gives us a list of the security alerts on the subscription, but without a heading that makes sense:

Azure Resource Graph

To add a header called: Recommendation, we need to do the following

| project Recommendation=tostring(properties.shortDescription.solution)

Now we are ready to add the impactedField and impactedValue.

The final query should look like this:

advisorresources
| where type == 'microsoft.advisor/recommendations'
| where properties['category'] == 'Security'
| project Recommendation=tostring(properties.shortDescription.solution), ImpactedType=tostring(properties.impactedField), ImpactedResources=tostring(properties.impactedValue )

and the Azure Resource Graph Explorer should display something like this:

Azure Resource Graph

Protip, on the Azure Resource Graph Explorer page, click on 'Get Started', underneath the Query window to view Example Queries, such as Listing all Public IP addresses or even getting the Security Center Recommendations. They are really good to use as a base and see how they work.

Azure Graph PowerShell

Using the Azure Resource Graph Explorer is a good way to create the Kusto queries you want, which you can then run the queries in PowerShell and turn them into PowerShell objects, which opens up a few possibilities for things like:

  • Automated Reporting on Cost, Security etc
  • Proactive remediation actions.

First things first you need to install the Az.ResourceGraph module, then you can use the Search-AzGraph to run the queries that you created above. I am going to rely on the gist below to give you a few examples.

Azure Resource Graph

AzGraph.ps1

   <#
      .SYNOPSIS
      Installs the Az.ResourceGraph Module and has example queries
      .NOTES
      Version:        1.0
      Author:         Luke Murray (Luke.Geek.NZ) 
      Website:        https://luke.geek.nz/azure-resource-graph-explorer-and-the-powershell-azure-resource-graph
      Creation Date:  09.04.21
      Change History: 
      09.04.21 - Intital script development

  #>
  
  # Install the Resource Graph module from PowerShell Gallery
Install-Module -Name Az.ResourceGraph -Scope CurrentUser

# Imports the Resource Graph module into the PowerShell session
Import-Module -Name Az.ResourceGraph

#Connects to Microsoft Azure
Connect-AzAccount

#Grabs the acount of all recommendations under each Category that the Azure Advisor Has

Search-AzGraph -Query "advisorresources | summarize Count=count() by Category=tostring(properties.category) | where Category!='' | sort by Category asc"

#Following on from the Blog post, this is the query we created to list all Security recommendations, their resource type and what resources were impacted

Search-AzGraph -Query "advisorresources
| where type == 'microsoft.advisor/recommendations'
| where properties['category'] == 'Security'
| project Recommendation=tostring(properties.shortDescription.solution), ImpactedType=tostring(properties.impactedField), ImpactedResources=tostring(properties.impactedValue )"

#List of Performance recommendations

Search-AzGraph -Query "advisorresources | where type == 'microsoft.advisor/recommendations' and properties.category == 'Performance' | project Solution=tostring(properties.shortDescription.solution) | summarize Count=count() by Solution | sort by Count"

#List of Cost recommendations

Search-AzGraph -Query "advisorresources | where type == 'microsoft.advisor/recommendations' and properties.category == 'Cost' | summarize Resources = dcount(tostring(properties.resourceMetadata.resourceId)), Savings = sum(todouble(properties.extendedProperties.savingsAmount)) by Solution = tostring(properties.shortDescription.solution), Currency = tostring(properties.extendedProperties.savingsCurrency) | project Solution, Resources, Savings = bin(Savings, 0.01), Currency | order by Savings desc"

Keep up to date with Azure changes using PowerShell

· 3 min read
Luke Murray
Luke Murray
Author

Keeping up with what is happening with changes and previews in Microsoft Azure is difficult, change happens all the time - and being able to stay informed on what is happening with the Azure ecosystem is half the battle, whether it is a new feature or security fix.

Microsoft publishes the latest updates on Azure Products and features to their Azure Updates blog: https://azure.microsoft.com/en-us/updates/

So you can browse the website each week, or... monitor the RSS feeds. Sometimes this isn't enough, you may want to do something with this information such as:

  • Create Alerts or Notifications to specific teams who may work with Azure SQL, or Azure Automation and not care about any other product.
  • Not have to go to the website to keep up-to-date with what is happening, maybe your happy with it popping up in your PowerShell session each time you open it.
  • Publish the information to Microsoft Teams channels to keep people informed.

I have created a basic PowerShell function, that will retrieve the latest updates from the Microsoft Azure Updates RSS Feed and turn it into a PowerShell object you can actually use to keep informed.

The Script - Get-AzureBlogUpdates

The script is hosted on my Github repository. Feel free to clone/recommend improvements or fork, I can add parameter sets instead of relying on the PowerShell methods listed in the examples section - if you find this script useful:

Get-AzureBlogUpdates.ps1

function Get-AzureBlogUpdates {
    <#
      .SYNOPSIS
      Retrieves the latest Updates of Azure, from the Azure Blog RSS feed.
      .DESCRIPTION
      Retrieves the latest Updates of Azure, from the Azure Blog RSS feed.
      .NOTES
      Version:        1.0
      Author:         Luke Murray (Luke.Geek.NZ) 
      Website: https://luke.geek.nz/keep-up-to-date-with-latest-changes-on-azure-using-powershell
      Creation Date:  03.04.21
      Purpose/Change: 
      03.04.21 - Intital script development
      .EXAMPLE
      Get-AzureBlogUpdate

  #>
  #Retrieving RSS Feed Content - as XML, then converting into PSObject
    $xml = [xml](Invoke-WebRequest -Uri 'https://azurecomcdn.azureedge.net/en-us/updates/feed/').content
    $Array = @()
    foreach ($y in $xml.rss.channel.selectnodes('//item'))
    {
        $PSObject = New-Object -TypeName PSObject
        $Date = [datetime]$y.pubdate
        $PSObject | Add-Member NoteProperty 'Title'  $y.title
        $PSObject | Add-Member NoteProperty 'Date' $Date
        $PSObject | Add-Member NoteProperty 'Category'  $y.category
        $PSObject | Add-Member NoteProperty 'Description'  $y.content.InnerText
        $PSObject | Add-Member NoteProperty 'Link'   $y.link
    
    
        $Array += $PSObject
    } 
    #Some article had multiple categories, to make it easier for reporting, joined the categories together and got rid of duplicates.

    $results = @()
    ForEach ($item in $Array) {
        $Category = Foreach ($title in $item.Title)
        {
            $results += [pscustomobject]@{
                'Title'          = $item.Title
                'Category'       = $item.Category -join ',' | Select-Object -Unique
                'Published Date' = $item.Date
                'Description'    = $item.Description
                'Link'           = $item.Link
            }
        }
    }
    $results
}

Examples

#Runs the actual Function:
Get-AzureBlogUpdates

Get-AzureBlogUpdates

#EXAMPLE - Gets Azure Blog Updates, that have been published in the last 7 days.
$PublishedIntheLastDays = (Get-Date).AddDays(-7)
Get-AzureBlogUpdates | Where-Object 'Published Date' -GT $PublishedIntheLastDays

Get-AzureBlogUpdates

#EXAMPLE - Gets all Azure Blog Updates, and displays it as a Table, organised by Category
Get-AzureBlogUpdates | Sort-Object Category -Descending | Format-Table

Get-AzureBlogUpdates

#EXAMPLE -Gets the latest 10 Azure Blog Articles
Get-AzureBlogUpdates | Select -Last 10

Get-AzureBlogUpdates - Select Last 10 Articles

#EXAMPLE - Gets the Azure Blog Update articles, where the title has Automation in it.
Get-AzureBlogUpdates | Where-Object Title -match 'Automation'

Get-AzureBlogUpdates - Title matches Automation

Microsoft Teams Recommendations

· 13 min read
Luke Murray
Luke Murray
Author

In the age of remote working and collaboration, Microsoft Teams is one of the most popular tools being used to increase communication and productivity.

Especially those undergoing implementation and migrations from Skype for Business to Microsoft Teams - it is a good opportunity to take a step back and evaluate and clarify your implementation, the recommendations below as good as a place to start as any.

Please keep in mind that like any recommendations, do not blindly follow them, make sure to determine the impact on your users on enabling some of this functionality, there may also be recommendations that you will not be able to apply, do to business constraints.

RecommendationDescription
Add the Microsoft Teams SMTP domain as an allowed list in Microsoft Exchange Online Spam filter protectionWhether you create an Office 365 Group in the admin console or by using Outlook, Exchange Online is used to send notifications of a team member being added to a Group. These messages are generated from your tenant as they represent your default domain SMTP FQDN.Teams uses Microsoft Exchange Online as well to send notifications to team members when they’ve been added. The difference being the domain FQDN of the SMTP message is “@email.teams.microsoft.com” and could be caught by spam filtering. Outlook considers message from Teams as an external sender which is subject to standard security features such as blocking images and certain content.
Allow the following User Agent Strings for Microsoft Teams within the EWS configurationTeams users may not be able to access Teams meetings/connectors though their mailboxes are in Exchange Online.
Assign a valid security group that can be used for controlling who can create Office 365 groups as well as Office 365 services that depends on groups such as Teams, Planner, etcA security group is configured to restrict which users are allowed to create groups. However this security group does not exist anymore which prevents the creation of new groups.
Assign Teams Meeting Room license to your Teams meeting room accountWithout the proper license, you may have some Teams Meeting room features that are not working properly or not available such as the ability to dial-out attendees into your meeting.
Associate registered SBC with Office domainCheck as part of the Direct Routing configuration is missing the domain name associated with one of your SBCs.
Check Skype for Business to Microsoft Teams meeting migration failuresSome of your user’s meeting may not have been successfully migrated from Skype for Business to Teams. Users might be unable to join the affected meetings.
Check Microsoft Stream license is assigned to users if cloud recording is allowedYour users who can do Teams meeting and recordings may not have the necessary Microsoft Stream license to store /upload meeting recordings / playback to Microsoft Stream.
Check the SBC gateway(s) associated with voice routesMakse sure that none or more of your SBC gateway(s) defined in Voice Routes are in disabled state. This could cause unexpected call failures.
Configure your Meeting Room accounts with the recommended setting of AddAdditionalResponseMicrosoft Teams Rooms will only work in a properly configured Microsoft Teams or Skype for Business environment where the device accounts are set up correctly. To provide optimal meeting experience, you should configure your meeting room accounts meeting the recommendations.
Configure your Meeting Room accounts with the recommended setting of AddOrganizerToSubjectMicrosoft Teams Rooms will only work in a properly configured Microsoft Teams or Skype for Business environment where the device accounts are set up correctly. To provide optimal meeting experience, you should configure your meeting room accounts meeting the recommendations.
Configure your Meeting Room accounts with the recommended setting of DeleteCommentsMicrosoft Teams Rooms will only work in a properly configured Microsoft Teams or Skype for Business environment where the device accounts are set up correctly. To provide optimal meeting experience, you should configure your meeting room accounts meeting the recommendations.
Configure your Meeting Room accounts with the recommended setting of RemovePrivatePropertyMicrosoft Teams Rooms will only work in a properly configured Microsoft Teams or Skype for Business environment where the device accounts are set up correctly. To provide optimal meeting experience, you should configure your meeting room accounts meeting the recommendations.
Create meeting room lists for room mailboxes to allow for searching and booking rooms with Microsoft TeamsYou need to create room list distribution group to be able to specify a meeting room when you schedule a Teams meeting.
Create multiple Microsoft Teams IP Phone Policies to cater for the different phones and meeting rooms devices that you have in the organizationTo provide more tailored user interfaces to different phones and meeting room devices that you've, it is recommended to create different IP Phone policies to them.
Create Office 365 Groups ClassificationYou can create classifications that the users in your organization can set when they create an Office 365 group. For example, you can allow users to set "Standard", "Secret", and "Top Secret" on groups they create. Group classifications aren't set by default and you need to create it in order for your users to set it. Use Microsoft Entra ID PowerShell to point your users to your organization's usage guidelines for Office 365 groups.
Define Office 365 Group naming policyTo enforce consistent naming conventions for Office 365 groups created or edited by your users, set up a group naming policy for your tenants in Microsoft Entra ID (Azure AD). For example, you could use the naming policy to communicate the function of a group, membership, geographic region, or who created the group. You could also use the naming policy to help categorize groups in the address book. You can use the policy to block specific words from being used in group names and aliases.
Enable Advance Threat Protection for TeamsPeople regularly share files and collaborate using SharePoint, OneDrive, and Microsoft Teams. With Office 365 Advanced Threat Protection (ATP), your organization can collaborate in a safer manner. ATP helps detect and block files that are identified as malicious in team sites and document libraries.
Enable connectors in your Exchange Online environmentWhen connectors are disabled in Exchange Online environment this is impacting connectors in Microsoft Teams. Users who are trying to add a connector in both Teams desktop client and a web app version will get the error: “Connectors have been turned off for this mailbox by the admin. Contact your admin if you want to have connectors turned on: Access to Connectors is disabled.”
Enable Teams license for some Office 365 UsersAt the user level, access to Microsoft Teams can be enabled or disabled on a per-user basis by assigning or removing the Microsoft Teams product license. Once the license is disabled, the user access to Microsoft Teams will be prevented and the user will no longer be able to see Teams in the Office 365 app launcher and homepage.
Enable users SharePoint Online, OneDrive for Business and Exchange OnlineFor the full Microsoft Teams experience, every user should be enabled for Exchange Online, SharePoint Online, and Office 365 Group creation.SharePoint Online is required to share and store files in team conversations. OneDrive for Business is required to share and store files in private chats. If users aren't assigned and enabled with SharePoint Online licenses, they don't have OneDrive for Business storage in Office 365. File sharing will continue to work in Channels, but users are unable to share files in Chats without OneDrive for Business storage in Office 365. In Microsoft Teams, security and compliance features like eDiscovery, Content Search, archiving, and legal hold work best in Exchange Online and SharePoint Online environments. For channel conversations, messages are journaled to the group mailbox in Exchange Online, where they're available for eDiscovery. If SharePoint Online and OneDrive for Business (using work or school account) are enabled across the organization and for users, these compliance features are available for all files within Teams as well.
Ensure a public IP associated with FQDN of the SBCsSBC needs to have valid public IP address to make it accessible from Internet by Teams Direct Routing components.
Ensure that the right ports and protocols are open across your network for optimum call experienceSkype for Business Online audio/video calls over TCP traffic do not perform as well as calls over UDP traffic.
Grant Teams Direct Routing users with appropriate Voice Routing PolicyList of users who are enabled for Teams DR/Hybrid Voice but not assigned with any OnlineVoiceRoutingPolicy
Implement Office 365 Groups governanceOffice 365 Groups has a rich set of tools to implement any governance capabilities your organization might require.
Improve Network Performance for Skype for Business Online/Microsoft TeamsThe quality of real-time media (audio, video, and application sharing) over IP is greatly impacted by the quality of end-to-end network connectivity. For optimal Skype for Business Online media quality, it is important for you to make sure there is a high-quality connection between your company network and Skype for Business Online. The best way to accomplish this is to set up your internal network and cloud connectivity based on the capacity of your network to accommodate for peak traffic volume for Skype for Business Online across all connections.
Info: Teams which have external/guest usersYou should review external users who had been invited to Teams in your environment.
Leverage the Teams RBAC to specify different levels of Teams administrative accessUsing Microsoft Entra ID (Azure AD), you can designate administrators who need different levels of access for managing Microsoft Teams. Administrators can manage the entire Teams workload, or they can have delegated permissions for troubleshooting call quality problems or managing your organization's telephony needs.
Limit the number of Office 365 Global AdministratorsHaving too many Office 365 Global Administrators might indicate that you’ve not assigned the right individuals to manage your overall Office 365 environment. This could result in unwanted configuration changes to Office 365 if some of these individuals does not have the right skills or capabilities.
Multi Factor Authentication (MFA) is not enabled for Skype for Business Administrators and/or Office 365 Global AdministratorsMake sure that any account who is in the Global Administrators or Skype for Business Online Administrators group are not enabled for Multi Factor Authentication (MFA). It is recommended to enable MFA for these accounts to add an additional layer of security during the authentication process.
Office 365 Groups usage guidelines has not been put in-placeWhen users create or edit a group, you can show them a link to your organization's usage guidelines. For example, if you require a specific prefix or suffix to be added to a group name.
Old version of Skype for Business Network Assessment Tool detectedUsing an older version of the Skype for Business Network Assessment Tool will impact the data collection. It is recommended to update to the latest version of the tool and run another data collection.
Review Teams meeting policy assigned to your usersMeeting policies are used to control the features that are available to meeting participants for meeting that are scheduled by users in your organization. Different users across your organization might need different meeting features based of what they do and other things. By providing them with the right meeting policy, not only you facilitate them to accomplish their jobs but also you help to optimize the Teams environment and organization resources.
Review the ability for Team owners to invite external users to teamsAllowing Team owners to invite external users to teams could improve work productivity and drive collaboration with external users.
Review the Direct Routing Users whose Skype for Business accounts are hosted in on-premises Skype for Business ServerMicrosoft Teams Direct Routing works only if SfB user accounts is hosted in Skype for Business Online.
Review the Teams user accounts which had some provisioning problemsUsers may experience issue when using Skype for Business Online or Microsoft Teams when they’re not properly provisioned.
Review the Teams users’ calling policyAll users are configured with the default Teams calling policy.
Review your Teams Co-existence mode and upgrade settingsYour current Teams and Skype for Business Global co-existence mode may be set to Island mode which might not be the best co-existence mode for the organization and could be limiting features.
Set AllowGuestsToAccessGroups on unified group setting to TrueThis setting indicates whether or not a guest user can have access to Files or OneNote content in your Teams. This setting does not require an Microsoft Entra ID Premium P1 license.
Set the UsersPermissionToReadOtherUsersEnabled to true in your Azure AD configurationWhen this value is set to false in AAD, Teams owner is unable to add external/internal members in Microsoft Teams, and the following error message is displayed: "We couldn't add member. We ran into an issue. Please try again later." However, members can be added directly to Office 365 groups.
Specify a security group who can create Office 365 groups and its related servicesBecause it's so easy for users to create Office 365 Groups, you aren't inundated with requests to create them on behalf of other people. Depending on your business, however, you might want to control who has the ability to create groups.
Teams Upgrade Status: Candidate - Check the Teams Upgrade Status using Get-CsTeamsUpgradeStatusMicrosoft initiates and performs automatic upgrade to Teams to organizations that meet certain requirements. You need to understand what Teams upgrade means and the impact it would have to your organization.
Teams Upgrade Status: Deferred - Check the Teams Upgrade Status using Get-CsTeamsUpgradeStatusMicrosoft initiates and performs automatic upgrade to Teams to organizations that meet certain requirements. You need to understand what Teams upgrade means and the impact it would have to your organization.
Teams Upgrade Status: Downgraded - Check the Teams Upgrade Status using Get-CsTeamsUpgradeStatusMicrosoft initiates and performs automatic upgrade to Teams to organizations that meet certain requirements. You need to understand what Teams upgrade means and the impact it would have to your organization.
Teams Upgrade Status: Paused- Check the Teams Upgrade Status using Get-CsTeamsUpgradeStatusMicrosoft initiates and performs automatic upgrade to Teams to organizations that meet certain requirements. You need to understand what Teams upgrade means and the impact it would have to your organization.
Teams Upgrade Status: ScheduledForUpgrade - Check the Teams Upgrade Status using Get-CsTeamsUpgradeStatusMicrosoft initiates and performs automatic upgrade to Teams to organizations that meet certain requirements. You need to understand what Teams upgrade means and the impact it would have to your organization.
Teams Upgrade Status: Upgraded - Check the Teams Upgrade Status using Get-CsTeamsUpgradeStatusMicrosoft initiates and performs automatic upgrade to Teams to organizations that meet certain requirements. You need to understand what Teams upgrade means and the impact it would have to your organization.
Validate licenses assigned to Teams Room SystemWithout the proper license, you may have some Teams Meeting room features that are not working properly or not available such as the ability to dial-out attendees into your meeting

Transfer Ownership of an Azure Subscription

· 4 min read
Luke Murray
Luke Murray
Author

Imagine you want to transfer Azure resources to another person or company? This could be because something may have been created in an external third-party subscription, to begin with, or you have created a product using Azure resources that you have just sold to the highest bidder!

Before you start rolling in that money bin of cash, you need to be able to give that person the Azure resources. The best way to do this is to transfer ownership of an Azure subscription.

It may be best to create a new Azure subscription, and then transfer (using the Move Resources in the Azure Resource Group) the resources to that new subscription. That way it is clean, then the recipient can just migrate the resources to their own Production subscription later, etc as they see fit.

Just a heads up IF you are selling services you have created in Microsoft Azure, whether freelance or professionally make sure you have spent time working on Azure governance to make sure you have a proper Azure Landing Zone stood up for standardization and naming conventions in place if you are a transferring a resource that has a Global Scope (ie these are usually Public-facing, the last thing you want is to transfer the resources to someone else and find out that you can't reuse the same unique name.

Please read this carefully, there are certain limitations when transferring Subscription Ownership - especially across to another tenancy that you need to be aware of, these limitations are the Type of Subscription it is and the type of resources, encryption status, etc.Transfer an Azure subscription to a different Azure AD directory In some cases, you may need to look at alternative ways, such as redeploying or recreating the resources in the other subscription/tenancy manually - via redirecting an Azure DevOps deployment or manual backup export and import.

Transfer a Subscription

Once you are ready to transfer a subscription, you can do the rest, simply through the Azure Portal:

  1. In the Azure Portal, navigate to Subscriptions
  2. Click on the Subscription you want to migrate
  3. Click on Transfer billing ownership
  4. Type in the Recipient's email address, in the email address field
  5. If you are moving the Azure subscription to another Azure AD tenancy (in this article, I am assuming we are), select the 'Move Subscription Tenant toggle: Yes Transfer Billing Ownership
  6. Click on Send Transfer Request, acknowledge the prompt and click Yes
  7. This will send an email to the recipient with a link to transfer the Azure subscription and all the resources. Transfer Billing Ownership

Note: The Transfer Request is not permanent, the recipient has only a few weeks to accept the transfer before you will need to it again, you can see the expires date in the screenshot above.

Note: Something to be aware of, only the user in the new account who accepted the transfer request will have access to manage the resources, they will need to add the necessary groups and rights on their end.

Cancel an Azure Subscription Transfer

If the recipient hasn't accepted the transfer, you can revoke or cancel the transfer request. To do this, do the following:

  1. In the Azure Portal, navigate to Subscriptions
  2. Click on the Subscription you want to migrate
  3. Click on Transfer billing ownership
  4. You will now get a Window indicating the Transfer Request is pending
  5. Click on Cancel the Transfer Request (bottom of the Blade) Transfer Billing Ownership
  6. Accept the prompt to cancel the transfer request.

Note: You can now click on the Transfer billing ownership, to confirm the request was canceled and if needed, open a new request. Just a heads up as well, that canceling the transfer, will also email the recipient.