7/1/2018 Update – Spreadsheet updated with latest Office365 configuration for Skype for Business Online Policies. Updated article to include information regarding new policy cmdlet access.
2/22/2016 Update – Spreadsheet updated with latest Office365 configuration for Skype for Business Online Policies
8/17/2016 Update – Spreadsheet updated with latest Office365 configuration for Skype for Business Online Policies
Some of the common questions companies ask when they begin a Skype/Lync Hybrid deployment (or even a Office 365 only deployment) are “How can I customize the environment?” or “What features/capabilities can I restrict for my users?”. While the questions themselves are logical and seem simple enough, the answer is actually a much more complex discussion that often doesn’t boil down to a simple answer of “X, Y and Z”.
The Dirty Details
Microsoft exterts total control over the policy options available within Office 365. What this means is that administrators can apply policies within their tenant but they cannot create/edit/delete policies. This often comes as a surprise to administrators who are used to being able to customize everything when the service is hosted on-prem, but this is the reality of the Office 365 shared infrastructure. Generally speaking, you’ll be able to run Grant-Cs cmdlets but no New-Cs or Set-Cs cmdlets. For the complete list of cmdlets available, please see this TechNet article.
In Q1 of CY2017, Microsoft added the ability for customers to create custom policies within their tenants. This was a huge addition to the service and definitely allows more flexibility in configuration. While you can create new policies or in some cases modify existing policies, not all parameters are editable by customers. Some parameters are restricted and Microsoft doesn’t tell you which can be changed. If you attempt to change a parameter that is not available, you’ll get the ugly red text and have to move on. Either way, the best practice suggestion is to use the default policies if possible and only create custom policies in the event a business or technical requirement needs to be met that requires the creation of custom policies.
The Proverbial Straw
Where this becomes an issue is that the policies available within Office 365 are not known to administrators prior to Microsoft enabling the tenant. This results in administrators often going in “blind” and having little to no time to investigate the options available for the service. It also causes problems for Hybrid scenarios because an organization’s on-prem policies may not exactly match up with the available policy options within Office 365. In the latter scenario you may find that you have two differing sets of policies depending upon whether your user is homed online or homed on-premises. While Microsoft does a pretty great job of publicly documenting each of the cmdlets and the various cmdlet parameters, they have no public resources that define what policies are available for the users of the Office 365 Skype/Lync service.
The Fix
Available above is a simple Excel spreadsheet that will help customers discern and track what policies are available for External Access, Conferencing, Client, Mobility, and External Communications. The spreadsheet is filtered so all it takes is flipping the switches on each of the policy options to begin determining if the various options you desire are available in an existing policy.
Please note that this spreadsheet is only a snapshot in time. Microsoft will continue to update the available policies within Office 365 so I will update the spreadsheet from time-to-time in reflection of those updates.
For the conferencing policies in the spreadsheet, please remember that you must first determine which policies your tenant has access to by utilizing the following cmdlet:
Get-CsConferencingPolicy -ApplicableTo [email protected]
Your tenant will not have access to all 200+ policies and will only have access to a subset.
HTH!