Using Microsoft Teams as a Walkie Talkie for Frontline Workers

There are an amazing number of great apps available to integrate into Microsoft Teams. Some of these apps are published by Microsoft and many more are third part integrations ranging from handy productivity tools to line of business apps surfaced in a users Teams console. One cool app that is now available is the Teams ‘Walkie Talkie’ app. ‘Walkie Talkie’, essentially brings Push to Talk (PTT) functionality to Teams. Among the many use cases for this app, allowing Frontline Workers to communicate efficiently and quickly is a great application of Teams functionality and something that many third party vendors are currently providing.

Deploy Walkie Talkie

To deploy Walkie Talkie, we can create an App Setup Policy and deploy to the users we want the app available to. We add it into the pinned apps and deploy the policy to whoever needs it.

Given a little time to replicate, when our user logs in, they’ll see the app available in their App bar.

Using Walkie Talkie

Using Walkie Talkie is very easy. Simply open the Walkie Talkie app and select that Teams Channel we want to talk in.

Now when we hit ‘Connect’ we simply push the button to talk!

We can see how many other users are connected and also perform our other Teams tasks while remaining connected.

While this functionality is pretty straightforward, the value it provides is pretty impressive. I can definitely see this being used to replace a lot of legacy third party PTT systems.

eDiscovery Functionality Moves to Microsoft 365 Compliance Center

eDiscovery and content search has been a staple of Microsoft 365 compliance since the early days of Office 365. Providing extremely flexible and efficient searching and actioning of data that resides anywhere in Microsoft 365, it has improved over time with a lot of extra functionality and is one of the most widely used compliance tools in the Microsoft 365 platform.

eDiscovery, which has first found in the Exchange Online Admin Center for mail discovery, was subsequently moved to the Microsoft 365 Security & Compliance Center (https://protection.office.com). The Security & Compliance Center itself has undergone a lot of changes recently and is coming near its end of life, being replaced with the Microsoft 365 Security Center (https://security.microsoft.com) and the Microsoft 365 Compliance Center (https://compliance.microsoft.com) which cater to Security tools and Data Governance/Compliance tools respectively.

The splitting of the SCC into two different portals makes sense as a lot of the time, in enterprise scenarios, these aspects of the tenancy are managed by two, completely separate teams. There will often be a dedicated security team, who deal with the identity protection and security aspects of the tenancy, and a dedicated Data Protection Team who are more concerned with the information governance side of things.

As of Oct 30th 2020, the eDiscovery suite of tools will be moving fully to the Microsoft 365 Compliance Center and the Security & Compliance Center links will redirect to the new page. This is the next step in the process of moving all the features from the old portal to the new model so if you haven’t checked out the two new pages, see below for more information.

Microsoft 365 Compliance Center: https://docs.microsoft.com/en-us/microsoft-365/compliance/microsoft-365-compliance-center?view=o365-worldwide

Microsoft 365 Security Center: https://docs.microsoft.com/en-us/microsoft-365/security/mtp/overview-security-center?view=o365-worldwide

Direct links:

SCC: https://protection.office.com

MCC: https://compliance.microsoft.com

MSC: https://security.microsoft.com

Azure Active Directory Administrative Units

Segregation of admin roles in Microsoft 365 has always been a challenge. Different admin roles help to apply the principal of least privilege for admins but there was always an issue where multiple logical groupings existed in a single tenant. They are not always managed globally and not every admin should have access to every user where divisional barriers exist. Exchange Online Management Role Scopes do a good job of facilitating different groupings in Exchange Online but for user management in Azure AD or Microsoft 365, this became a challenge.

Do we give the local IT support for a particular division access to our entire userbase or do we take on the support of the M365 accounts for these users at a group level?

When we use AD Connect and local Active Directory as our identity source, we can use delegated permissions to provide a lot of the required access. Couple this with some cool features like group-based licensing and we can effectively delegate management to local or divisional IT support.

With more organizations forgoing local AD completely for cloud based Azure AD/Intune, this management delegation became trickier. Microsoft appreciate this challenge in the platform and have made available (in preview) Azure AD Administrative Units.

Administrative Units allow us to define logical groupings of users and delegate admin roles for these specific groups to our administrators.

To achieve this we first create an Administrative Unit in the Azure AD Portal.

From here we can add our users / groups to the unit so they can be managed.

We can then assign our administrators and grant the the appropriate roles.

Once complete, our administrator can log in to the Admin Portal and only see the Administrative Units they have been assigned.

This feature is bound to be a blessing for large organizations who can now feel more confident to delegate day to day management to divisional or local IT, reducing the management overhead involved in new user creation, Group Membership, Licensing and password resets