Skype Academy: What’s New in Cloud Connector Edition V2 Summary

With the recent release of Cloud Connector v2 there’s some great new features and updates to CCE so wanted to summarise the Skype academy video.  There’s tons of useful information in here so hope you find it useful.

CCE v2.0.0 was released and straight after Microsoft provided some great content and learning on what’s new. Thanks Microsoft for very speedy information to the community. Check out the resources at bottom of post as well.

Useful links on great info on CCE v2

CCE manual download here

Skype Academy video link here


Lets start the video, the session is presented by Carolyn Blanding from Microsoft



Usual training disclaimer on Office 365 being subject to change and this ther July 2017 edition.


Also a member of extended hybrid voice team and working with developers on CCE since the first release.

Key Learning’s


CCE v2 bring media bypass ! wohooo

(Great link on Media bypass planning for CCE here

support for 16 CCEs in one pstn site up from 4 ! it now has 4x capacity !

Additional improvement

Session Scope


This session assumes you already know about CCE and have an understanding on deployment and management if not there’s a link on further learning here http://aka/ms/sa-cce

What’s new in CCE V2 ?



Wow what a list !!!

  • Media bypass
  • support for 16 CCEs per one pstn site
  • ability to manipulate sip headers for billing and interop
  • Hybrid voice flag in mediation server agent for CQD
  • Disable SSL 3.0 by default
  • automatic installation of .NET 4.5.2 which is dependency on current SfB
  • New Cmdlets

More details on each further on. Lets breakdown.

Media Bypass


This was top ask from customer

by removing mediation server in path for media we can improve voice quality and reliability by reducing latency, packet loss and points of failure

also reduce number of CCE to support greater number of voice streams

Media bypass requirements


CCE V2 deployed at all sites

tenant admin is required to enable media bypass feature in office 365 tenant this is not enabled by default

media bypass enablement needs to be replicated from office 365 to all CCEs

DNS must be configured to allow client resolution for the media bypass service url

Currently only supported version for CCE media bypass is office 365 pro plus click to run 32 and 64bit version 16.0.7870.2020 or later.

Microsoft Office MSI is not supported ! this again show new features are coming cloud first and the push to move your office installs to office 365 pro plus.

More info on Media bypass with CCE

Plan –

Deploy –

16 Cloud Connectors appliance per site



previously there was support for 4 CCES per PSTN site in a N+1 config where one CCE was was reversed for HA. Each CCE could support 500 simultaneous calls so totalling 1500 simultaneous calls per pstn site.

Now with 16 CCEs per pstn site in N+1 it provides 7,500 simultaneous calls and that’s without media bypass !!

This means can support more sim calls in single pstn site, for example before V2 if a company needs to support 5000 calls in one DC where CCE is deployed previously they would need to setup 4 pstn sites and split users across pstn sites even though all CCEs were physically located on the data centre, by supporting 7500 its reduced the requirement for more pstn sites and users dont have to be split up. Makes its easier to manage.

Modify SIP headers in CCE V2


Prior to v2 the only way to modify sip[ headers was administrators connecting to mediation servers and modifying sip trunk setting but during upgrades the settings while lost. CCE updates then had to set to manual, CCE then updated and then setting configured back again.

This is now persistent and the following settings if changed are kept during CCE upgrades.

Enablefastfailover timer – default is true, when true the 183 progress must return in 10 seconds. Certain network conditions has caused this to not response in 10 second so this can be set to false.

Forward call history – default is fales, history info useful in sim ring and call forward and refereed by useful for call transfer, this is useful for billing purposes and caller id purposes when sbc to replace caller id.

Forward PAI – default false, when true the P asserted identity headers with sip and tel uri from cce mediation to sip trunks. used when call history not available. please see url below for more info.

Hybrid Voice flag in mediation server agent


Set to unique flag so CCE calls can be easily identified from calls placed by other trunks. The user agent was previously reported as “Mediation Server” which is indistinguishable from other SfB Trunks.

Now it shows unique CCE-MediationServer example above show version number as well.


Examples in online reporting.

This is Call analytics preview in sfb admin centre, in this example a user search is done and a call is selected.

Alex is an online user and Alex uses CCE for PSTN calls, under systems you can see the mediation server that part of CCE, and under user agent we see CCE mediation server agent.

Lets look at session details

searched for Alex again and we can see CCE mediation server agent.


if you look before CCE v2 you will see the old Mediation Server


Disable SSL 3.0 by default


CCE does not use SSL and does not require SSL enabled. Please url for security advisory and recommendation on disabling when not needed.

.Net Framework 4.5.2


.NET Framework 4.5.2 will auto install and is a dependency for CCE v2

CCE host must always have internet connectivity and it required this to download 4.5.2 to host machine so its available.

Admins of large deployments can prepare the vhds with .Net 4.5.2 to speed up deployment times. to do this admins can use convert-ccisotovhdx cmdlet and use pause before update switch this allows admin to connect to base vm and install windows updates and .NET 4.5.2 on the base vhd.

New Cmdlets – Online


The new cmdlet are added to SfB Online one for media bypass and two on network. Please refer.

New Cmdlet – CCE Host


On the CCE Host there is also a new Cmdlet

Used to update configuration, if you update CCE config file. cloudconnector.ini after changes you must use import-ccconfiguration. It does auto run but still best practice after any manual change to use the cmdlet.

Example if you you change config file to use WSUS server.



  • Skype for Business administrator role instead of global administrator
  • Reduce number of passwords needed when deploying CCE
  • user corporate network switch instead of management switch for most tasks
  • improvement to auto detection
  • change cmdlets

Let breakdown each one

Skype for Business Administrator Role


CCE requires an O365 tenant admin account to manage CCE services online, prior to V2 this required an account that was a global administrator.

With V2 its supported to use a tenant admin account with Skype for Business administrator role is sufficient for managing CCE services online.

If password expiry is set you need to use set-cccredential to update credentials.


To reduce password for CCE in V2 and reduce complexity.

In V2 the following password will be requested

  • CCEService – used for CCE service account and domain admin, VMAdmin
  • CABackupFile – used to import Root CA when deploying appliances
  • ExternalCert – used to import Edge certificate when deploying appliances
  • TenantAdmin – used to deploy and maange CCE Online

Note CCEService and CABackupfile must be the same for all CCE per site.

Corporate Management Switch


previously we used the cce management switch for all connectivity between host and vms for PowerShell. feedback to customer was that this was great as it caused network disrupts.

CCE v2 now reduces the amount or connections and disconnections, now only used for new deployment or upgrade.

The SfB CCE Corpnet switch will not be used which reduces the number of connections and disconnections. search of clslogging will now be alot faster as network connections are already established.

Since corpnet switch is used now the network adapter bound the cce corpnet network switch must have an ip address assigned in the same subnet as the CCE corporate network. This can be an alternative ip address. before the management switch was matched on the same subnet.


Improvements to Auto Detection


  • There has been some updates to auto detection for CCE recovery to avoid call failures.
  • In HA we want to mark any appliance that is down to avoid issues and call failures
  • Maintenance you have to out CCE in maintenance mode so its doesn’t.
  • All server roles are monitored

Cmdlet Updates – Online


cannot be set from false to true.

with CCE a online dial plan is a hard requirement

Updates to Get-CsHybridPSTNAppliance

Cmdlet Updates – CCE Host


PowerShell verb update from renew-cc to update-cc

You can change domain admin or vmadmin using set-cccredentials as above.

Upgrading to V2



For customer with CCE already deployed to new build

Supported path from version 1.4.2 to version 2 if auto update available then it will autoupdate at scheduled update window.

Manual update process is available if autoupdate disabled.

InPlace upgrades are NOT Supported with version BELOW 1.4.2

In this case you need to unregister appliance, uninstall appliance and deploy new CCE.

To confirm CCE several ways, hyper v console, remote PowerShell and SfB admin centre. more details above.

Update Cloud Configuration File


when upgrading to V2 you need to update cloud connector configuration file with the new sip header setting to cloudconnector.msi.


Open file


Copy three lines from sample file


paste into your file, save and import.



If advanced notice is possible or more likely to have auto upgrade off due to trunk config you can modify trunk config file prior to v2 upgrade.


1.4.2 did not prompt for CABackup pasword the domain admin password was used and its used to encrypt root CApassword. It must be the same for all appliances,

If different domain admin password may be in place if password changed after deployment. You can use the get-cccredential. if you have this the steps are listed above.


from 1.4.2 we don’t prompt for CCEService password the VMAdmin password aka local admin password will be used for cce service password. This password needs to to be same so best to confirm password are the same across all appliances.



Key Learning’s






Skype for Business Online Cloud PBX with PSTN Calling – Phone Number Requests Forms

Noticed this on twitter over the weekend from @RandyChapman, so wanted to have a bit of look at this. Thanks Randy.

Seems this is a manual process for requesting new subscriber telephone numbers for users using SfBO Cloud PBX with PSTN Calling. This is where Microsoft is your Telco provider and all PSTN services are delivered by Microsoft in Skype for Business Online.

Its noted there are some countries/regions that you can’t get phone numbers using the Skype for Business Online admin centre. Instead you will need to download the correct country/region form and submit it to Microsoft. Once Microsoft receive the request , their service desk will help customers with getting new phone numbers.

It doesn’t say which countries specifically you have to use the forms for as all PSTN Calling countries have a form available it seems, but it does note – Belgium, Germany, Ireland and the Netherlands are only available to preview customers (early adopters).

Perhaps after countries are out of preview the online new telephone provisioning process may be added to admin centre.

This is noted for requesting only new “subscriber” phone numbers and NOT service numbers. Subscriber numbers are numbers that are assigned to your users.

To request new telephone number manually and not via the Skype for Business Online admin centre there are some forms available for download.

You can use these forms to request new subscriber (user) phone numbers that aren’t listed in the Skype for Business admin center.

List of Forms for download

  • New Phone Number Request for Belgium (Geographic numbers) (v.1) (en.US).pdf
  • New Phone Number Request for France (Geographic numbers) (v.1) (en.US).pdf
  • New Phone Number Request for Germany (Geographic numbers) (v.1) (en.US).pdf
  • New Phone Number Request for Ireland (Geographic numbers) (v.1) (en.US).pdf
  • New Phone Number Request for Spain (Geographic numbers) (v.1) (en.US).pdf
  • New Phone Number Request for the Netherlands (Geographic numbers) (v.1) (nl.NL).pdf
  • New Phone Number Request for the U.K. (Subscriber geographic numbers) (v.1) (en.US).pdf
  • New Phone Number Request for the U.S. (Subscriber numbers) (v.1) (en.US).pdf

Download link HERE

Quick look at a form



The form for each country looks the same but the example text in the table is different.

Also all form except the Netherlands are in English.

Notes the following as important on each form

1. Please submit requests for different type of numbers in different form submissions. You
can only request one number type per request/form. More Info.
2. You can list only one “emergency calling address” per request/form.
3. Please submit requests for different cities in different form submissions. You can only
request one city per request/form.

It also doesn’t list where to send the forms so perhaps these will be updated soon.


Skype for Business Online Cloud PBX Voicemail transcript Summary

Well this announcement came out of the blue for me but its awesome its here! its a new feature to Azure Voicemail for SfB Online Cloud PBX users but has been available with Exchange UM for a while.

I don’t often use voicemail a lot but anyway to quickly view what a voicemail is about is great as i can hopefully see how urgent it is, also phone numbers left in VMs are now in text in your inbox and also for users with hearing impairments its great to have voicemail as text as well.

Cloud PBX voicemail doesn’t use Exchange UM as it utilises Azure Voicemail platform. There are currently it seems seven language available for transcribing which I’m sure will grow and grow.

Language recognition is based on users language setting in voicemail and is changeable on user and tenant level. For users level Sign in to the Office 365 portal. In the portal, go to Settings and change the language to the language of your choice


This feature is enabled by default now so you don’t have to do anything ! unless as an administrator you want to disable that is.

As admin Turn off at tenant level

Set-CsOnlineVoicemailPolicy -EnableTranscription $false

or for a user Grant-CsOnlineVoicemailPolicy -PolicyName TranscriptionDisabled -Identity


So heres a test drive of the new feature.

I called my Cloud PBX PSTN number from my mobile and call was forwarded to voicemail and i left a message as Dave.

In the voicemail i said “ Hi Martin, its Dave just wondering if you could give me a call back please as i don’t to talk to you about something, thank you, bye bye.

So it didn’t transcribe it 100% but overall it transcribed the message well but missed out the person name.

Also it mentions below “Transcription service is in preview state”


If you follow the feedback you can leave feedback and comments on the transcription


I left some  more messages and it wasn’t catching peoples names or numbers, suggested a few times i said I’m off today which i didn’t say and added a time for a meeting which i didn’t say so its work in progress.

Tried to leave phone number and this message didn’t transcribe at all.


No name mentioned and it suggested a time for the meeting which i didn’t say.


This one had a phone number but missed the first zero and added extra numbers.



I think the transcription will without a doubt get better as it learns more and it does mention transcription in preview and will improve.

I think its great to have and Exchange UM transcription wasn’t 100%. I do wonder how it will cope with accents though.

Also i think its a good idea to let your users know this feature is enabled now.


Change VM Language for whole tenant

Cloud Connector Edition Update 1.4.2 Key Points and useful info

Been looking around what information is available about the pending 1.4.2 update for Cloud Connector Edition (CCE).

This will be the first automatic update release so if your on version 1.4.1 or below i recommend just looking over and checking your setup. Also the update will follow the update schedule that has been defined on the Hybrid PSTN site. Its worth checking what time is set now before the update is released.

The noted expected release date is 20/3/2017 so not long to go but this date is pending final testing and confirmation it mentions.

Below are some great links from TechNet Blogs i recommend looking over before the 20/03/2017 so you can check over your existing deployment, understand the automatic update process and also automatic recovery process. Its always good to know the process just in case.

Brief Update Summary

Please prepare for the auto update and spend some time checking you have everything in place and your ready.

Auto Update will follow the update time windows that specified for the HybridPSTNsite, if an update is found at this time the update will start. The CCE Appliance will go into Maintenance mode (only one per site can enter maintenance mode at a time) the update tasks will run and following update the appliance will be taken out of maintenance mode and repeated for any other appliances in the site. You can monitor the update process.

For updates Cloud Connector version is downloaded and management service stopped, Cloud Connector updates which removes old version and install new version, new Virtual machines are built side by side from existing VHDX file but note if the VHDX is older than 90 days the intall instance script will log a warning. Once all updates are complete and services runing the switch to the new version will takes places by changing virtual network connections to new vms, shut down n-1 version and remove n-2 version and appliance is take out of maintenance mode. Windows updates is then performed. As the older version is kept you can revert back to it if required.

There are also tasks to look at following the update as well so make sure to check your update version and tasks after update.

Prepare for Cloud Connector Edition Release 1.4.2

Also some key points i found on prepare

  • Expected release date for this is 3/20/2017 pending final testing. Look for release announcement here
  • If you are running version 1.3.8, refer to the manual update instructions Upgrade a single site to a new version in the Cloud Connector Edition (CCE) configuration guide.
  • make sure to export a new sample Cloud Connector configuration file after 1.4.2 is installed for reference, and update your existing configuration file with two new parameters defined in the Common Section: HardwareType and WSUS Server.
  • This update is important, as it is the first to automatically update all existing installed Skype for Business Cloud Connector 1.4.1 appliances, based on the update schedule that administrators have configured for their Cloud Connector Hybrid PSTN Sites.
  • Confirm Group Policy is Configured
  • Use of Forward PAI has been deprecated in 1.4.2 as it’s no longer required to resolve missing caller ID for outbound calls from Skype for Business Mobile clients which has been resolved with changes in outbound routing logic for Cloud Connector.
  • A bug in prior builds caused Cloud Connector account passwords to expire. If the passwords have expired, then the update will fail
  • If your Cloud Connector Office 365 tenant administrator password has been changed, update the cached credential
  • Also, make sure to export a new sample Cloud Connector configuration file after 1.4.2 is installed for reference, and update your existing configuration file with two new parameters defined in the Common Section: HardwareType and WSUS Server.

Understanding Cloud Connector Edition Auto Update

Key Points i found on Auto Update

  • If you do not update the Cloud Connector to the latest release, you might end up in the situation when your Cloud Connector will not work properly
  • Microsoft supports only the latest version of Cloud Connector software. Also, to accommodate Update Window, we support the N-1 version for 60 days after releasing a new version.
  • Auto Update Requirements
    • Outbound internet access to install, manage, and update Cloud Connector on Host Appliance.
    • Outbound internet access on all Cloud Connector VM’s to download Windows updates, or, access to WSUS server as defined in Cloud Connector configuration file.
    • Skype for Business Online PowerShell Module installed on Host Appliance.
    • CCE Management Service is running on Host Appliance.
    • Group Policy to prevent forcefully unloading user registry at log off (required for 1.4.1).
    • Skype for Business Tenant Admin account.
  • Confirm or Modify the Update Schedule for Hybrid PSTN Site(s)
  • When auto updates are enabled, the Cloud Connector management service will check for updates during the update time window configured. If updates are found, then the update process will proceed with the update.
  • Monitor Update Process – The Cloud Connector management service will log events to the Windows Application log with a source of CCEManagementService and detailed information will be written to “C:\Program Files\Skype for Business Cloud Connector Edition\ManagementService\CceManagementService.log”. You can also see the status of the appliance by running Get-CsPSTNHybridAppliance in Remote PowerShell or by viewing in on premises PSTN tab in the Voice section of the Skype for Business Admin Center.
  • Bits Update Process – During this process, the running version remains in service, and an interim switch is used to connect to the new VM’s. Once the new version installation is complete and services are confirmed to be running, the old version is drained stopped and the network connections are switched to the new version.
  • New virtual machines are built from the existing VHDX file. If the VHDX is detected to be older than 90 days, the Install Instance script will log the following warning:
    SFBServer.vhdx was generated more than 90 days before. Use Convert-CcIsoToVhdx to generate it again and apply windows updates.

Note: It is recommended that a new VHDX be built periodically to reduce the amount of time to perform Windows updates for new and updated Cloud Connector machines. It’s not supported to update the VHDX with Windows update and re-run Sysprep as there are a limited number of times that Sysprep can run on a computer.

Understanding Cloud Connector Edition Auto Recovery

Key Points on Auto Recovery

  • Cloud Connector will try to automatically recover an appliance if the Cloud Connector management service detects a service is not running.
  • Detection: Process for detecting an appliance status runs every 60 seconds and status is updated in the online tenant and cached locally in “CCE Site Directory\Site_EdgeFQDN”.

Monitoring: The following services are actively monitored:

  • Mediation Server: RTCSRV and MEDSVC
  • Edge Server: RTCSRV

To manually recover the appliance, first review the Cloud Connector management service log for details on what prevented automatic recovery from being successful.

If the current version of the appliance cannot be recovered, run Switch-CcVersion to switch to the backup version. After the backup version is confirmed running, uninstall the non-working version with: Uninstall-CcAppliance -Version “# of non-working version”.

Note that when the backup version is running, there will be no High Availability support due to inconsistent running and Cloud Connector script versions. Update to the current version as soon as possible, either by modifying the auto update schedule, or manually. For manual update instructions see Upgrade a single site to a new version in the Cloud Connector Edition configuration guide.

Cmdlets to check versions

  • Installed Cloud Connector script version: Get-CcVersion
  • Appliance running version: Get-CcRunningVersion

Useful References

RSS Feed –

Upgrade to a new version of Cloud Connector

Modify the configuration of an existing Cloud Connector deployment

Skype Academy presents: Hybrid and Online Migration Summary

Recently some new videos were published to the Skype Academy training and one i think a lot of people will be interested in is Skype for Business Hybrid and SfB Online Migrations. A list of the new videos available is here

This video covers all aspects of Hybrid at a high level including

  • Lync / SfB Server Topology requirements
  • Identity Requirement
  • AAD Connect ADFS
  • High Level Network and Firewall Information
  • Managing and configuring Hybrid
  • Also some troubleshooting scenarios
  • Links to Skype operations Framework as well

Definitely worth a watch

Also definitely worth a read is Josh Blalocks Hybrid Handbook download here

Below is a summary of the Skype for Business Academy video here.


This is the January 2017 version of this training.

This content is subject to change as with all Cloud technology information and training.


There’s a lot to cover and the video is around 45mins long. It great this video doesn’t just cover Lync / SfB it also talks over identity AAD Connect and ADFS


Skype Operations Framework (SOF)

With Hybrid this fits into Cloud Migration as customer may be looking to migrate from on premises to online and also customers may require to keep and have users homed on premises and online due to functionality not being available online.


For Hybrid we are looking a Cloud Migration workflow of the SOF. Recommend you take out SOF and the great download and assets that are available here. To Quickly get started use the Quick Start on the home page.

Goal of Hybrid

Is to have a shared SIP namespace  Online and On premise. Where you can have users home on premises and online using the same SIP address space. This allows customer to move users between on premises and online and back from online to on premises and also provides a migration method from on premises to online which also migrates existing contacts, then allows the on premises environment to be decommissioned once all services and users have moved.

You could look at a hard cut over if you wanted to move to Online only but you would lose existing contacts and the experience is not as seamless. I would recommend hybrid if possible.

For example is available on premise and online.


Hybrid Benefits


  • Move users from On premise to Online and also you can move from online to on premises.
  • Allows user to leverage CLOUD only features and functionality such as Skype meeting broadcasts and Cloud PBX.
  • GET the best of both worlds ! Users on premise can leverage full enterprise voice functionality.

Topology Requirements for Hybrid


Full server deployment on premises and Administrator tools of the following:

  • Skype for Business Server 2015
  • Lync Server 2013
  • Lync Server 2010

Please note the latest Cumulative updates are always recommended.

Please note for Cloud PBX with on premises PSTN connectivity you require SfB Server 2015 or Lync Server 2013. Lync Server 2010 is not supported.

Lync Server 2013 – Support Cloud PBX

Lync Server 2010 – DOES NOT support Cloud PBX

Allowing for Mixed Topologies



You can have a mix of Skype for Business Server and Lync Server but note the requirements above.

Certain roles need to be Skype for Business 2015.

For more detailed information please refer to TechNet here

CLOUD PBX with On premises PSTN connectivity Hybrid requirements

Must be SfB Server or Lync Server 2013.

Please note for Cloud PBX you need to have the following server roles with the supported versions


Office 365 and Identity Requirements

Identity is Key and in alot of cases customers already have this deployed if they have Exchange Online for example. If new to Office 365 this is a key requirement.


Also consider Interop with Exchange and Networking Requirements


Skype for Business Edge Connectivity

HA and DR is key on premises as sign in is pointed to on premises servers

If you want Outlook web access integration you must have your mailbox homed Online.

Azure voicemail can also utilise on premises exchange if required.

Networking – Need to open ports on firewall.

Please check Office 365 IP and Ports here

Please check bandwidth requirements as well as traffic will go over the internet to SfB Online. Please check out Skype for Business bandwidth calculator here

MMS Training here

HA and DR Considerations

Hybrid is very very reliant still on the on premises Lync / SfB infrastructure and dont overlook the requirement. All SfB Public DNS records point on premises and are redirect to SfB Online. If clients cant get to the on premises infrastructure then they cant get to SfB online as well.

Please see examples below

The SfB client registration process client does DNS lookup for which resolves to the on premises reverse proxy server NOT SfB Online.


This returns back the internal web services url which redirect the client to SfB Online.


Http Analyse below.

The on premise SfB external web services does a redirect to SfB Online web services



Open all ports for an On premises edge and reverse proxy server deployment and also open port requirements for SfB Online.

On premises Edge Server requirements here

Server Firewall requirements – Server to SfB Online


Always check

SfB Clients to SfB Online  Firewall



Identity Requirements

High level overview only but gives a good overview of Identity requirements for Hybrid. Don’t overlook this requirement.


Identity Management


Authentication and Authorization and definitions above.

Identity Options – Three options for identity with Office 365 only two are suitable with Hybrid.

CLOUD ONLY is NOT an identity option for Hybrid.


  1. Cloud Identity (Not available with Hybrid)
  2. Synchronized Identity (Directory and Password Sync)
  3. Federated Identity (Directory and Federation)

View the differences in Synchronised and Federation including server counts and SSO. Also consider requirements on where authentication will take place.

Password Sync (Synchronized Identity)

AAD Connect only with Password Sync.



Two User IDS but one username and Password

Authentication happens in the CLOUD

Federated Identity

AAD Connect and ADFS and ADFS Web Proxy



True SSO

Higher Server Count

Authentication happens on premises !!! Again reliance on premises infrastructure.

Note password management and resets are on premises.

ADFS 3.0 deployment Options with federation identity

Can be single server but not recommended due to NO high availability.


Recommended to have ADFS server farm deployment for HA an example below.


AAD Connect – Azure Active Directory Connect

How do we sync out user object into Office 365 AAD Connect which was DirSync.



Required for Synchronized and Federated identities.

What does AAD Connect synchronise ?


Not every sync by default. You can use filtering and additional sync features

Common AD sync questions


Licencing of users is seperate

You can still create users in Office 365 but not recommended. Crate on premise and sync up to the Cloud.

How to Deploy Skype for Business Hybrid and Steps required

So we looked at the prereqs now lets see them all. The following prereqs must be in place before you can configure SfB Hybrid.


Please note ALL of the above items must be in place.

Configure AAD Connect


Various tool consolidated into a deployment assistant

AAD Connect – Express Settings


Start with Express and add other options if required.

SfB Enable Federation and Split Domain

Federation must be configured the same on premises and online. IF you use closed federation and have added allowed domain then you these must be added online as well.

he following requirements must be met to successfully configure a hybrid deployment:

  • Domain matching must be configured the same for your on-premises deployment and your Office 365 tenant. If partner discovery is enabled on the on-premises deployment, then open federation must be configured for your online tenant. If partner discovery is not enabled, then closed federation must be configured for your online tenant.

  • The Blocked domains list in the on-premises deployment must exactly match the Blocked domains list for your online tenant.

  • The Allowed domains list in the on-premises deployment must exactly match the Allowed domains list for your online tenant.

  • Federation must be enabled for the external communications for the online tenant, which is configured by using the Skype for Business Online Control Panel.

This is from


This can be done via Management Shell on premises and online



If you have Skype for Business Server you can use the Hybrid Configuration Wizard in SfB Control Panel to configure Hybrid for you via a GUI. This will also run some configuration checks to ensure all prereqs are met for Hybrid.


Please Note the SfB  Front End server do require Internet Access

The Hybrid Control Wizard will do a number of checks to ensure everything is configured before enabling Hybrid.


If it detects an item is not configured it will flag this


After addressing any flagged items run again and


Move Users

Now that the SfB Hybrid is configured its time to move users and we can move them both ways.

BUT before we move them please note

  • User contacts   The limit for contacts for Lync Online users is 250. Any contacts beyond that number will be removed from the user’s contact list when the account is moved to Lync Online.

  • Instant Messaging and Presence   User contact lists, groups, and access control lists (ACLs) are migrated with the user account.

  • Conferencing data, meeting content, and scheduled meetings   This content is not migrated with the user account. Users must reschedule meetings after their accounts are migrated to Lync Online.

Also don’t forget about SOF people !

Remember to refer back to the Skype operations framework


Refer back to the workshop and SOF to ensure you move the correct group of users together.

ALSO KEY to remember user adoption and training, dont skip this in all the excitement.

Before we can move the users we need to determine the migration URL which is a manual process.


Once Migrated URL is determined you can move users.

REMEMBER create users on premises then move Online ! Also key to remember is licence the user in office 365 first otherwise it will error.

What information gets migrated with the users?


Contacts will get migrated but note there’s a 250 contact limit in SfB Online so you need to make sure you don’t have more than 250 contacts otherwise only the first 250 will be migrated.

For Meeting if you mailbox is in Exchange Online you can utilise the new Meeting Migration Service to update existing scheduled meeting URLs.

If your mailbox is in Exchange on premises then there is a Meeting Migration Tool that you can download and install on each users computer that will run and search the user mailbox for scheduled meetings and update the URL and send updated meeting invites to meeting attendees with the new meeting details. MMS does all this as well but its an automated service if your mailbox is online only. Sorry on prem exchange people.

Also note users will now have to use SfB Online policies to your online.

Also note client supportability and On premises SfB / Lync policies are not carried over to online.

  • Client support    Some users may require a new client version when they are moved to Skype for Business Online. For Office Communications Server 2007 R2, users must be moved to a Skype for Business Server or Lync Server 2013 pool prior to migration to Skype for Business Online.

  • On-premises policies and configuration (non-user)   Online and on-premises policies require separate configuration. You cannot set global policies that apply to both


Moving users back to On premises

Perhaps there are features that are only available on premises that are not available in online.



What happens to AD user attributes ?

When enabling for SfB online and on premises.



On premises users need to be ware of online users


SfB Online user NOT enabled for SfB. No attributes set.




Moving Online user to on premises



Attributes populated for on premises details

Manage SFB

Next we look at management of users, moving from Control Panel and searching for users online.



In control panel you can search for online users only using the filter

Also you can use PowerShell


Online users you can modify some option not all.


Here you can move the user.


Front End Server needs internet access to move users


Error Example – You must licence user online for SfB

Move to on premise example




CQD – Call Quality Dashboard

Good tool for checking call quality please note there is an on premises CQD and CQD Online. Theses are separate dashboards.


More details on CQD here

CQD training here

Troubleshooting Scenarios


Cant sign into SfB Control Panel for Hybrid Configuration Wizard

Issue above if due to Front End Server not having Internet Access










Client Support

This isn’t referenced in the video but is important to note

The following clients are supported with Skype for Business Online in a hybrid deployment:

  • Skype for Business

  • Lync 2013

  • Lync 2010

  • Lync Windows Store app

  • Lync Web App

  • Lync Mobile

  • Lync for Mac 2011

  • Lync Room System and Skype for Business Room System

  • Lync Basic 2013

  • Microsoft Surface Hub



Skype Academy presents Cloud PBX Voicemail with Exchange Server on-premises Summary

I’ve seen this video available for some time on Skype academy and i finally got round to watching it so here’s a summary of the session and some added information. I hope this useful.

Great to see Cloud PBX users can leverage an on premises Exchange deployment for Cloud PBX Voicemail.

Watching the video there are a number of prerequisites and requirements for enabling this and there could be an element of confusion around the use of Azure Voicemail and Exchange UM. Azure VM is still used for voicemail with Exchange server on premises. Also key to note there are some feature missing when using Azure VM Sad smile and also check supportability of existing Exchange Server deployment first and check endpoints compatability.

Link to video –


Speaker Lynnn Roe

Agenda of the session

Previously voicemail options for Cloud PBX relied on having your mailbox in Office 365 (Exchange Online). Voicemail uses Azure Voicemail not Exchange UM and this still seems to be the case if you have Exchange server on premises.

But now Azure Voicemail can leverage your on premises Exchange mailbox with Cloud PBX users. This is great to see this as it allows more flexibility. So now you have mailbox on premises or in Exchange Online Smile


What’s is voicemail for Cloud PBX


KEY POINT – Voicemail is ALWAYS provided by Azure Voicemail it will NOT be provided by Exchange UM.

However Exchange UM policies are required to enable client side features. Voicemail play in Outlook. voicemail displayed in voice tab in SfB client.

Does require a basic exchange dial plan to be configured. UM Mailbox policy to be defined manually with on premises.

Voicemail policy is automatically assigned when online. Manual process on premises.

Some Exchange UM VM feature are not available when using Azure voicemail

  • Play on phone
  • No subscriber Access – not available for Azure Voicemail. Callers cant call into voicemail, listen to calendar or email via PSTN
  • No personal auto attendant – the ability to configure AA is there but it wont work with Azure VM. No real UM functionality

Requirements on end users – No impact on end users

For admin you have to manual configure voicemail on premises! must remember this.



Requirements for mailboxes homed on premises and theres a few of them here


  • Azure AD Sync
  • Exchange DNS points On premises with EWS and autodiscover – Azure VM can learn mailbox is homed on premise
  • Fully configured Exchange Hybrid in place (Mailboxes not migrated)
  • OAuth is configured between Exchange on premises and Office 365 – Enable Azure VM to gain access to users mailboxes on premises
  • Users NOT licenced for Exchange Online – Azure VM
  • Users IS licenced for SfB Online with Cloud PBX
  • Users enabled for UM Dial plan (ON PREMISES Exchange)

The link below expands on the prereqs


KEY POINT – Also published is a supportability matrix which is key to check first.

Note version of Exchange must be Exchange 2013 CU12 which single AD forest.

There are a number of endpoints as well so check this. Lync 2013 client seems be classed as SfB 2013 MSI.




Azure VM elevates mailbox based on licencing to discover mailbox locations.

  • If it has Exchange Online it accesses online mailbox
  • If it doesn’t have a Exchange Online licence it fails and access on premise exchange via EWS and Autodiscover. DNS must be available and accessible externally.

Provides best experience for end users and callers by utilising caching.

DOES require Exchange UM policies

Having Exchange UM policies may cause confusion! i believe it will. Although UM is not used for voicemail processing UM policies are required to be configured. Ouch.

Experience and config requirements for UM policy is the same for on premise and online, difference with online is auto config, on premise is manual by admin


Bit more details on why it works

  • Callers routed initially to Azure voicemail, playback custom voicemail greeting cached
  • Caller experience for person leaving vm is optimised
  • prevents delays for caller leaving vm
  • After vm recorded Azure VM perform lazy back end ops to ensure the next caller has better experience. Lazy ops outside of user experience so no delays or long pauses.
  • Does require and leverage EWs and Autodiscover externally.
  • SMTP failback process, if EWS fails then SMTP will be sent to users inbox.


With diagram as well. Difficult to read fully but you can see how it works.


Calls come in

Azure VM checks for cached custom recordings

If it find cached information this is played to use, if greeting not found a default greeting will be played.

Azure VM will try and authenticate online first, if found send to Exchange online vm if not found route on premises exchange. EWS and Autodiscover used to locate mailbox location. this process could take up to 30 seconds.

After this the information will be cached for the next caller.

SMTP is fall-back if EWS if unavailable.



KEY POINT – SfB Cloud PBX users homed in Office 365 WILL ALWAYS use AZURE VOICEMAIL

KEY POINT – Azure relies on Exchange UM only for client side features to work and be visible. NO UM engine is leveraged for used.

Exchange Hybrid deployment required for Azure VM to locate on premise mailbox


Hope this helps and you found it useful.