Custom Background in Teams meeting

With all the hype with video chat and the customization of Teams now I figured a quick blog post of the “How-To” would be cool.

There are two ways you can do this, the first way is if the option has not made it out to your tenant yet. Get your custom picture and upload to %APPDATA%\Microsoft\Teams\Backgrounds then you can create a meet now to test.

Meet now can simply be created by going to the calendar tab –> Meet now in the top right

Once that is done you can click on the 3 … (More Action) Select “show Background effects” In the list you should see you custom background. Select it and you are all set.

Now, If your tenant has the latest update you can do the same as above but simply upload your custom background by selecting the “Upload Image” button.

Select your background that you would like

you can preview or apply and turn on video.

At this point you are all set.

Thanks for visiting #COYS!!

Configuring information barriers in Teams

Pre reqs:

  1. First make sure scoped directory search is turned on:

Teams admin center, select Org-Wide settings –> Teams settings

Under search, next to Scope Directory search in Teams using an Exchange address book policy (ABP), turn the toggle on.

Please note this can take up to 24 hours to replicate. https://docs.microsoft.com/en-us/MicrosoftTeams/teams-scoped-directory-search

2. Licensing and permissions:

  • Microsoft 365 E5
  • Office 365 E5
  • Office 365 Advanced Compliance
  • Microsoft 365 E5 Information Protection and Compliance

    3. To define or edit information barrier policies, you must be assigned one of the following roles:
  •  Microsoft 365 global administrator
  •  Office 365 global administrator
  •  Compliance administrator
  • IB Compliance Management (this is a new role!)

    4. Turn on audit logging
  • 0365 admin –> compliance –> Search –> Audit log search
  • Click “turn on auditing”

The banner is then updated:

You can also do this via the Exchange online Powershell:

Turn on audit log search:

Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true

Turn off audit logs search:

Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $false

To verify that audit log is off via Powershell

Get-AdminAuditLogConfig | FL UnifiedAuditLogIngestionEnabled

Or via the Admin Center 

5. Make sure no exchange address book policies are in place

https://docs.microsoft.com/en-us/exchange/address-books/address-book-policies/remove-an-address-book-policy

6. Provide admin consent for Microsoft Teams:

On this step first you need to make sure you have the permissions for the 0365 security and Compliance:

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center?view=o365-worldwide#permissions-needed-to-use-features-in-the-security–compliance-center

Login-AzureRmAccount $appId=”bcf62038-e005-436d-b970-2a472f8c1982″ $sp=Get-AzureRmADServicePrincipal -ServicePrincipalName $appId if ($sp -eq $null) { New-AzureRmADServicePrincipal -ApplicationId $appId } Start-Process “https://login.microsoftonline.com/common/adminconsent?client_id=$appId

Step 2 Segment users:

  1. Before we proceed to this section make sure your directory data has values that you can use to define segments. List of attributes you can use with information barriers can be found here:

https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers-attributes?view=o365-worldwide#reference

2. Create the “segment”

New-OrganizationSegment -Name “Sales” -UserGroupFilter “Department -eq ‘Sales'”

New-OrganizationSegment -Name “Research” -UserGroupFilter “Department -eq ‘Research'”

Now we set it so Sales and Research are not able to communicate

New-InformationBarrierPolicy -Name “Sales-Research” -AssignedSegment “Sales” -SegmentsBlocked “Research” -State Inactive

Since the above cmdlet is no symmetrical we need to also block research from talking with sales:

 New-InformationBarrierPolicy -Name “Research-Sales” -AssignedSegment “research” -SegmentsBlocked “sales” -State Inactive

Apply the information barrier policy:

  1. First run Get-informationbarrierpolicy to see a list of our policies we defined:

In this example the Guid from running the above cmdlet is 15912fe7-0dd5-4b90-b3e0-4b94168cb63e so we will run:

Set-InformationBarrierPolicy -Identity 15912fe7-0dd5-4b90-b3e0-4b94168cb63e -State Active

Then you must also run this same cmdlet for the other segment we created using its guid.

Now that we have defined our two segments  you must run the following cmdlet to “start” the policy:

Start-InformationBarrierPoliciesApplication

At this point you should be all setup. However, After approximately a half hour, policies are applied, user by user, for your organization. If your organization is large, it can take 24 hours (or more) for this process to complete. (As a general guideline, it takes about an hour to process 5,000 user accounts.)