Some musings about Skype, Teams ,Lync, System Center, working as a Microsoft Certified Trainer and Microsoft and other products in general.
My Zulu nickname is Ufudu - tortoise. I am older and wiser now, but still look like Ufudu.
Technology, the Hare, moves a lot quicker though, and this is my attempt to beat that Hare...
Rob Edwards
Wednesday, 11 April 2018
Manage Teams during the transition to the new Microsoft Teams and Skype for Business Admin Center
In this training, we introduce calling
capabilities in Teams, which are powered by the Phone System feature in
Office 365. We’ll explain the technical planning that’s required to
implement Phone System, how to configure it, and how to monitor usage
and call quality in your implementation.
This training is for you if you're:
An IT pro.
Responsible for planning, deploying, or managing Teams.
Planning to introduce calling capabilities in your Teams deployment.
Understand the journey from Skype for Business to Microsoft Teams
IT Pro (Intermediate)
In this training, we introduce the new intelligent communications
vision and explain the future for Skype for Business and Teams.
This training is for you if you're:
An IT Pro
Responsible for planning, deploying, or managing Skype for Business
Interested in understanding how to introduce Teams in your organization
We'll go into detail on how these two products come together and
explain what steps you can take today to prepare an existing Skype for
Business environment for Teams. The key learnings of this tutorial are:
Understand the Intelligent communications vision
Understand the journey from Skype for Business Online to Teams
Understand what actions should be started today
We won't cover "How to" procedures for turning on Teams or running
Skype for Business and Teams side by side. For this information, see the
following:
Microsoft published several tutorials that help IT pros to learn how to plan, enable and manage Microsoft Teams.
No matter if you’re a customer or a partner, it’s always helpful to
have a deep understanding of Teams to plan, enable and manage Microsoft
Teams for your organization. A lot of great documentation and practical
guidance is available on different platforms—which is great on the one
hand because there are so many resources you can leverage but can also
be intimidating. It’s not always obvious where to start.
The tutorials Microsoft built will help to navigate and deepen your understanding:
Tutorials provide a curated, structured path through existing
documentation and guidance with a clear starting point and end point
Additionally, tutorials provide customer scenarios as well as exercises with suggestions for what to test in your tenant
Tutorials help track your progress—so you always know where you left off
The infrastructure for your application is typically made up of many
components – maybe a virtual machine, storage account, and virtual
network, or a web app, database, database server, and 3rd party
services. You do not see these components as separate entities, instead
you see them as related and interdependent parts of a single entity. You
want to deploy, manage, and monitor them as a group. Azure Resource
Manager enables you to work with the resources in your solution as a
group. You can deploy, update, or delete all the resources for your
solution in a single, coordinated operation. You use a template for
deployment and that template can work for different environments such as
testing, staging, and production. Resource Manager provides security,
auditing, and tagging features to help you manage your resources after
deployment.
Terminology
If you are new to Azure Resource Manager, there are some terms you might not be familiar with.
resource - A manageable item that is available
through Azure. Some common resources are a virtual machine, storage
account, web app, database, and virtual network, but there are many
more.
resource group - A container that holds related
resources for an Azure solution. The resource group can include all the
resources for the solution, or only those resources that you want to
manage as a group. You decide how you want to allocate resources to
resource groups based on what makes the most sense for your
organization. See Resource groups.
resource provider - A service that supplies the
resources you can deploy and manage through Resource Manager. Each
resource provider offers operations for working with the resources that
are deployed. Some common resource providers are Microsoft.Compute,
which supplies the virtual machine resource, Microsoft.Storage, which
supplies the storage account resource, and Microsoft.Web, which supplies
resources related to web apps. See Resource providers.
Resource Manager template - A JavaScript Object
Notation (JSON) file that defines one or more resources to deploy to a
resource group. It also defines the dependencies between the deployed
resources. The template can be used to deploy the resources consistently
and repeatedly. See Template deployment.
declarative syntax - Syntax that lets you state
"Here is what I intend to create" without having to write the sequence
of programming commands to create it. The Resource Manager template is
an example of declarative syntax. In the file, you define the properties
for the infrastructure to deploy to Azure.
The benefits of using Resource Manager
Resource Manager provides several benefits:
You can deploy, manage, and monitor all the resources for your
solution as a group, rather than handling these resources individually.
You can repeatedly deploy your solution throughout the development
lifecycle and have confidence your resources are deployed in a
consistent state.
You can manage your infrastructure through declarative templates rather than scripts.
You can define the dependencies between resources so they are deployed in the correct order.
You can apply access control to all services in your resource group
because Role-Based Access Control (RBAC) is natively integrated into the
management platform.
You can apply tags to resources to logically organize all the resources in your subscription.
You can clarify your organization's billing by viewing costs for a group of resources sharing the same tag.
Resource Manager provides a consistent management layer for the tasks
you perform through Azure PowerShell, Azure CLI, Azure portal, REST
API, and development tools. All the tools use a common set of
operations. You use the tools that work best for you, and can use them
interchangeably without confusion.
The following image shows how all the tools interact with the same
Azure Resource Manager API. The API passes requests to the Resource
Manager service, which authenticates and authorizes the requests.
Resource Manager then routes the requests to the appropriate resource
providers.
Guidance
The following suggestions help you take full advantage of Resource Manager when working with your solutions.
Define and deploy your infrastructure through the declarative syntax
in Resource Manager templates, rather than through imperative commands.
Define all deployment and configuration steps in the template. You should have no manual steps for setting up your solution.
Run imperative commands to manage your resources, such as to start or stop an app or machine.
Arrange resources with the same lifecycle in a resource group. Use tags for all other organizing of resources.
There are some important factors to consider when defining your resource group:
All the resources in your group should share the same lifecycle. You
deploy, update, and delete them together. If one resource, such as a
database server, needs to exist on a different deployment cycle it
should be in another resource group.
Each resource can only exist in one resource group.
You can add or remove a resource to a resource group at any time.
A resource group can contain resources that reside in different regions.
A resource group can be used to scope access control for administrative actions.
A resource can interact with resources in other resource groups.
This interaction is common when the two resources are related but do not
share the same lifecycle (for example, web apps connecting to a
database).
When creating a resource group, you need to provide a location for
that resource group. You may be wondering, "Why does a resource group
need a location? And, if the resources can have different locations than
the resource group, why does the resource group location matter at
all?" The resource group stores metadata about the resources. Therefore,
when you specify a location for the resource group, you are specifying
where that metadata is stored. For compliance reasons, you may need to
ensure that your data is stored in a particular region.
Resource providers
Each resource provider offers a set of resources and operations for
working with an Azure service. For example, if you want to store keys
and secrets, you work with the Microsoft.KeyVault resource provider. This resource provider offers a resource type called vaults for creating the key vault.
The name of a resource type is in the format: {resource-provider}/{resource-type}. For example, the key vault type is Microsoft.KeyVault/vaults.
Before getting started with deploying your resources, you should gain
an understanding of the available resource providers. Knowing the names
of resource providers and resources helps you define resources you want
to deploy to Azure. Also, you need to know the valid locations and API
versions for each resource type. For more information, see Resource providers and types.
Template deployment
With Resource Manager, you can create a template (in JSON format)
that defines the infrastructure and configuration of your Azure
solution. By using a template, you can repeatedly deploy your solution
throughout its lifecycle and have confidence your resources are deployed
in a consistent state. When you create a solution from the portal, the
solution automatically includes a deployment template. You do not have
to create your template from scratch because you can start with the
template for your solution and customize it to meet your specific needs.
You can retrieve a template for an existing resource group by either
exporting the current state of the resource group, or viewing the
template used for a particular deployment. Viewing the exported template is a helpful way to learn about the template syntax.
To learn about the format of the template and how you construct it, see Create your first Azure Resource Manager template. To view the JSON syntax for resources types, see Define resources in Azure Resource Manager templates.
Resource Manager processes the template like any other request (see the image for Consistent management layer).
It parses the template and converts its syntax into REST API operations
for the appropriate resource providers. For example, when Resource
Manager receives a template with the following resource definition:
It converts the definition to the following REST API operation, which is sent to the Microsoft.Storage resource provider:
PUT
https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/mystorageaccount?api-version=2016-01-01
REQUEST BODY
{
"location": "westus",
"properties": {
}
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage"
}
How you define templates and resource groups is entirely up to you
and how you want to manage your solution. For example, you can deploy
your three tier application through a single template to a single
resource group.
But, you do not have to define your entire infrastructure in a single
template. Often, it makes sense to divide your deployment requirements
into a set of targeted, purpose-specific templates. You can easily reuse
these templates for different solutions. To deploy a particular
solution, you create a master template that links all the required
templates. The following image shows how to deploy a three tier solution
through a parent template that includes three nested templates.
If you envision your tiers having separate lifecycles, you can deploy
your three tiers to separate resource groups. Notice the resources can
still be linked to resources in other resource groups.
For information about nested templates, see Using linked templates with Azure Resource Manager.
Azure Resource Manager analyzes dependencies to ensure resources are
created in the correct order. If one resource relies on a value from
another resource (such as a virtual machine needing a storage account
for disks), you set a dependency. For more information, see Defining dependencies in Azure Resource Manager templates.
You can also use the template for updates to the infrastructure. For
example, you can add a resource to your solution and add configuration
rules for the resources that are already deployed. If the template
specifies creating a resource but that resource already exists, Azure
Resource Manager performs an update instead of creating a new asset.
Azure Resource Manager updates the existing asset to the same state as
it would be as new.
Resource Manager provides extensions for scenarios when you need
additional operations such as installing particular software that is not
included in the setup. If you are already using a configuration
management service, like DSC, Chef or Puppet, you can continue working
with that service by using extensions. For information about virtual
machine extensions, see About virtual machine extensions and features.
Finally, the template becomes part of the source code for your app.
You can check it in to your source code repository and update it as your
app evolves. You can edit the template through Visual Studio.
After defining your template, you are ready to deploy the resources to Azure. For the commands to deploy the resources, see:
Resource Manager provides a tagging feature that enables you to
categorize resources according to your requirements for managing or
billing. Use tags when you have a complex collection of resource groups
and resources, and need to visualize those assets in the way that makes
the most sense to you. For example, you could tag resources that serve a
similar role in your organization or belong to the same department.
Without tags, users in your organization can create multiple resources
that may be difficult to later identify and manage. For example, you may
wish to delete all the resources for a particular project. If those
resources are not tagged for the project, you have to manually find
them. Tagging can be an important way for you to reduce unnecessary
costs in your subscription.
Resources do not need to reside in the same resource group to share a
tag. You can create your own tag taxonomy to ensure that all users in
your organization use common tags rather than users inadvertently
applying slightly different tags (such as "dept" instead of
"department").
The following example shows a tag applied to a virtual machine.
You can also view tagged resources through the Azure portal.
The usage report
for your subscription includes tag names and values, which enables you
to break out costs by tags. For more information about tags, see Using tags to organize your Azure resources.
Access control
Resource Manager enables you to control who has access to specific
actions for your organization. It natively integrates role-based access
control (RBAC) into the management platform and applies that access
control to all services in your resource group.
There are two main concepts to understand when working with role-based access control:
Role definitions - describe a set of permissions and can be used in many assignments.
Role assignments - associate a definition with an identity (user or
group) for a particular scope (subscription, resource group, or
resource). The assignment is inherited by lower scopes.
You can add users to pre-defined platform and resource-specific
roles. For example, you can take advantage of the pre-defined role
called Reader that permits users to view resources but not change them.
You add users in your organization that need this type of access to the
Reader role and apply the role to the subscription, resource group, or
resource.
Azure provides the following four platform roles:
Owner - can manage everything, including access
Contributor - can manage everything except access
Reader - can view everything, but can't make changes
User Access Administrator - can manage user access to Azure resources
Azure also provides several resource-specific roles. Some common ones are:
Virtual Machine Contributor - can manage virtual machines but not
grant access to them, and cannot manage the virtual network or storage
account to which they are connected
Network Contributor - can manage all network resources, but not grant access to them
Storage Account Contributor - Can manage storage accounts, but not grant access to them
SQL Server Contributor - Can manage SQL servers and databases, but not their security-related policies
Website Contributor - Can manage websites, but not the web plans to which they are connected
For the full list of roles and permitted actions, see RBAC: Built in Roles. For more information about role-based access control, see Azure Role-based Access Control.
In some cases, you want to run code or script that accesses
resources, but you do not want to run it under a user’s credentials.
Instead, you want to create an identity called a service principal for
the application and assign the appropriate role for the service
principal. Resource Manager enables you to create credentials for the
application and programmatically authenticate the application. To learn
about creating service principals, see one of following topics:
Resource Manager logs all operations that create, modify, or delete a
resource. You can use the activity logs to find an error when
troubleshooting or to monitor how a user in your organization modified a
resource. To see the logs, select Activity logs in the Settings
blade for a resource group. You can filter the logs by many different
values including which user initiated the operation. For information
about working with the activity logs, see View activity logs to manage Azure resources.
Customized policies
Resource Manager enables you to create customized policies for
managing your resources. The types of policies you create can include
diverse scenarios. You can enforce a naming convention on resources,
limit which types and instances of resources can be deployed, or limit
which regions can host a type of resource. You can require a tag value
on resources to organize billing by departments. You create policies to
help reduce costs and maintain consistency in your subscription.
You define policies with JSON and then apply those policies either
across your subscription or within a resource group. Policies are
different than role-based access control because they are applied to
resource types.
The following example shows a policy that ensures tag consistency by specifying that all resources include a costCenter tag.
There are many more types of policies you can create. For more information, see What is Azure Policy?.
SDKs
Azure SDKs are available for multiple languages and platforms. Each
of these language implementations is available through its ecosystem
package manager and GitHub.
Here are our Open Source SDK repositories. We welcome feedback, issues, and pull requests.
BlogMS Microsoft Team Blog – June 2016 Roll-up
-
212 Microsoft Team blogs searched, 48 blogs have new articles. 484 new
articles found searching from 01-Jun-2016 to 30-Jun-2016 BlogMS Monthly
Report July ...
