The time will come very soon when your organisation will be looking to remove Skype for Business having migrated all your voice and collaboration workloads to Microsoft Teams. Before you do however, there are a couple of very important items you need to plan for with specific regards to voice. If you do not plan for this, then you can quickly get into a situation that is unmanageable.
Hybrid Application Endpoints
Hybrid Application Endpoints allow SfB Hybrid organisations to create resource accounts that can be used for PSTN termination to Cloud Auto Attendants and Call Queues when using Direct Routing. In fact, when in hybrid Skype Online requires you to create hybrid endpoints and will not permit you to create native cloud resource accounts.
The reason for this is so that during coexistence between Teams and Skype for Business On-Prem both applications need to be able to call and search for the account to access the Call Queue or Auto Attendant.
The account is created on-prem using the new-cshybridapplicationendpoint commandlet found in the Skype for Business On-Prem module. This creates a resource account in a specified OU in the On-Prem Active Directory and which adds in a few values into the attributes of the object. The most important ones are
- msRTCSIP-Line
- msRTCSIP-DeploymentLocator
The Line attribute will hold the telephone number of the resource account which is ultimately you want the caller to dial to reach the Queue or Attendant. The Deployment Locator is what is used to define where the account is homed. In this instance, it will always be sipfed.online.lync.com
Once this account is created, AzureAD Connect syncs the resource account to Microsoft 365 and it can be enabled with the Teams Virtual Phone System License before being assigned to its Queue or Attendant.
For the coexistence period, everything functions fine. You now come to remove Skype for Business On-Prem you ask yourself will these accounts still function?
You cannot create cloud native endpoints until you remove hybrid from your tenant.
As the accounts are homed in the cloud, the function of being able to call them will still work so there will be no functional loss to business as usual once Skype has been removed. However, because the account is On-Prem managed, it means that you cannot modify the LineURI in Skype Online PowerShell Module as the authority is On-Prem AD because the msRTCSIP-Line attribute is written.
But, removing Skype On-Prem, you lose access to the Skype On-Prem Powershell module so the only way to change a phone number is to manually do this in ADUC / Attribute Editor.
The good news in this story is that you do not need to combine your migration away from Hybrid Application Endpoints in tandem to your physical decommissioning of Skype for Business.
You should plan to migrate these to cloud native endpoints as soon as possible following the decommissioning.
Migrated Enterprise Voice Users
In a similar story, Users who have been migrated who where previously voice users on SfB On-Prem have a management problem with their telephone number.
Again, their msRTCSIP-Line attribute is set and as a result you cannot change their Line URI using the Skype for Business Online / Teams Powershell / Admin Center.
This is perhaps a larger problem than the Hybrid Endpoints because User number changes are a daily occurrence in MACD. The removal of Skype On-Prem means you no longer can change these using the Skype Control Panel or PowerShell. The only way is to change in AD directly.
This can cause a problem for many organisations because people tasked with number changes typically are not in charge of identity and may lack the permission to do so. In addition, changes to numbers can have a longer lead time because you have to factor in the AzureAD sync interval as well as Cloud replication.
Unfortunately, the only way I have managed to overcome this is to perform the arduous task of
- Copying the msRTCSip-Line value for a user
- Clearing the value
- Waiting for AzureAD Sync
- Applying the Line URI using SfBO PowerShell
These two processes can be scripted into two parts and there will be a user outage on their phone numbers.
I am not sure whether breaking hybrid in the first instance allows the attribute to be overwritten. I guess not because AzureAD will not allow the changes to an attribute that has been set on-prem.
One last VERY VERY IMPORTANT note is whatever you do, DO NOT remove the SfB On-Prem Schema and Attributes from AD as part of the decom process until you have fixed the above points! Or you’d better have a backup of people’s DDIs 😉
