Deploying Microsoft Teams Room Premium

Contents

Welcome

• What is Teams Room Premium

Prerequisites

• Networking Requirements
• TPM

Getting Set Up

• Obtaining and Assigning Licensing
• Using Microsoft Teams Room Premium with Intune, MDM or a GPO
• How Updates are installed
• Accessing the Teams Room Premium Portal

Deploying Teams Room Premium

• Deploy the self-enrollment key to your MTRs
• Room Enrollment

Room Information

• Room Status
• Room Settings
• Room Activity
• Room Actions
• Room Updates
• Room Call History

Managing Rooms

• Managing Updates
• Managing and Responding to Issues

Troubleshooting

• Troubleshooting Steps

Final Thoughts

• Final Thoughts

What is Teams Room Premium?

The Microsoft Teams Rooms Managed Service is a cloud-based IT management and monitoring service that keeps Microsoft Teams Rooms devices and their peripherals up to date and proactively monitored, supporting an environment optimized for a great user experience.

There are three key aspects of the service:

• Intelligent operations
  Software and machine learning that automates updates, problem detection, problem resolution
  for Microsoft Teams Rooms.
• Dedicated experts
  A team of experts who provide 24×7 service operations, tiered support, and incident resolution
  assistance.
• Enhanced insights
  Rich analytics, reporting and proven learnings at scale across many customers.

Microsoft Teams Room Premium (MTR-P) handles:

• The Microsoft Teams Room App
• Device firmware (for USB attached cameras, speakers, mics)
• OS Updates
• Driver Updates
• Licensing for Teams including Audio Conferencing, Phone System, Whiteboard, Skype for Business Online and Microsoft Intune – which is all you’ll need to assign to a meeting room!

Prerequisites

Networking Requirements

To ensure your MTRs are able to communicate with the MTR-P cloud-based service, you’ll need to ensure you allow the MTR to access the following URLs on port 443:

• agent.rooms.microsoft.com
• global.azure-devices-provisioning.net
• gj3ftstorage.blob.core.windows.net
• iothubsgagwt5wgvwg6.azure-devices.net
• blobssgagwt5wgvwg6.blob.core.windows.net
• mmrstgnoamiot.azure-devices.net
• mmrstgnoamstor.blob.core.windows.net
• mmrprodapaciot.azure-devices.net
• mmrprodapacstor.blob.core.windows.net
• mmrprodemeaiot.azure-devices.net
• mmrprodemeastor.blob.core.windows.net
• mmrprodnoamiot.azure-devices.net
• mmrprodnoamstor.blob.core.windows.net

If you’re using a proxy server in your environment, you’ll need to run the following commands as a local admin to allow the MTR-P app running on the MTR through your proxy:

If using single proxyserver:
bitsadmin /Util /SetIEProxyLOCALSYSTEM MANUAL_PROXY <proxyserver>:<port> “”

Example:
bitsadmin /Util /SetIEProxy LOCALSYSTEM MANUAL_PROXY contosoproxy.corp.net:8080″”

If using pacfile:
bitsadmin /Util /SetIEProxy LOCALSYSTEM AUTOSCRIPT <pac file url>””

Example:
bitsadmin /Util /SetIEProxy LOCALSYSTEM AUTOSCRIPT http://contosoproxy.corp.net/proxy.pac “”

TPM Requirements

You may find that TPM on your MTR is disabled. If this is the case, you’ll need to enable it in the bios:

1. Plug in keyboard to NUC device.
2. Restart device.
3. Rapidly press F2 key to display BIOS screen.
4. Select Advanced.
5. Select Security.
6. On the right-hand side under security features, Enable Intel Platform Trust Technology.
7. Press F10 to save your settings.
8. Select Yes to save.
   
   

Getting Set Up

Obtaining and Assigning Licensing

If you’d like to trial Teams Room Premium, you can do so via a free 90 day trial for up to 100 rooms.

To sign up for the free trial, just go to https://rooms.microsoft.com/premium and sign in with your Office 365 Administrator account.

You can also purchase paid Teams Room Premium licensing via the Office 365 portal. Simply go to Billing > Purchase Services and search “Teams Rooms Premium”.

Whether you’re using trial or purchased licensing, you’ll need to assign a Teams Room Premium license to each of the rooms you wish to activate with the service. You can find the steps to do that here: https://docs.microsoft.com/en-us/microsoftteams/rooms/obtaining-assigning-license

Using Microsoft Teams Room Premium with Intune, MDM or a GPO

If you’re already managing Windows Updates through Intune, Mobile Device Management or a Group Policy Object, Microsoft advise you remove the Windows Update policies from Intune/MDM/GP that are assigned to MTR’s so that you can manage updates through MTR-P instead.

MTR-P is designed to keep the MTR updated with the latest supported version of Windows. At the time of writing, this is windows 10 20H2 (OS Build 19042.572).

If you don’t remove the policies that manage updates for your MTRs, MTR-P will try to install the most up to date version of Windows supported on the MTR anyway, but Intune may prevent this.

How Updates are installed

The MTR-P service deploys updates to MTRs on a Wednesday. Critical updates are allowed to bypass this schedule if Microsoft determine a service-critical issue.

When you install the MTR-P agent on an MTR, it automatically disables the Microsoft Store updates, so that MTR-P can handle updates to the Teams app running on the device.

Updates are typically applied between 12am and 5am in the rooms local time zone.

Accessing the Teams Room Premium Portal

Login to the portal:

1. Browse to https://portal.rooms.microsoft.com
2. Login using an Office 365 Admin account

The first time you login to the MTR-P portal, you may wish to configure an MTR-P admin account (rather than logging in as the Office 365 global admin going forwards).

Do to this, go to Roles > Managed Service Administrator > Add and add the user account(s) you wish to give admin access to the Teams Room dashboard.

Deploying Teams Room Premium

Deploy the self-enrollment key to your MTRs

You’ll need to deploy the self-enrollment keys to any MTR you wish to manage via MTR-P. 

To access the key, browse to Settings > General

Manually download the key and copy it to c:\Rigel on the MTR, then download and run the MTR-P installer from https://aka.ms/serviceportalagentmsi

Once installed, the MTR-P agent runs in the background on the MTR, reporting to the Teams Room Premium dashboard every 5-10 minutes.

After waiting aprox 10 minutes for my MTR to sync, I can now see it in the Teams Room Premium Dashboard

Creating a group

If you want to organise your MTR-P managed rooms into groups to easily identify and manage them, you can do so by creating one or more groups.

Roles

Many orgs have different people that may want to access the Teams Room dashboard to view reports, or perform room maintenance. You can delegate access to other Office 365 accounts for a range of different roles:

Room Enrollment

The Rooms dashboard shows you the current health status of your Windows-based MTRs that are enrolled in MTR-P.

You can see that the current status of my Test Meeting Room 1 is Onboarding. Let’s enroll the room to start receiving alerts, be able to create tickets and open incidents against this room.

Click on the room to open the rooms properties, then click Enroll

This then updates the status of the room to Enrolled

Room Information

Room Status

To see detailed information about a particular room, click on it in the room list.

For each segment of the MTR, you’re able to view the current Status (good or bad) as well as Historical information from the last 7 days, up to 50 entries

Room Settings

The settings tab allows you to edit various settings on the MTR itself remotely, without having to physically touch the in room controller.

The About tab shows you current information about the room, including its location (address), and internal IP address

The Accounts tab shows you information about the room account, and allows you to set Configured domains and the Supported Meeting Mode (which is a super simple way of updating these rooms to TeamsOnly mode! You can also enable/disable modern auth too.

Note: You cannot change the room sign in address here.

The Meetings tab allows you to change settings on the device for things like automatic screen sharing, dual monitors, the ability to show or hide the meeting name on the device and more.

The Device tab shows you specific information about the in room hardware, including cameras, mics, speakers and displays.

Lastly, the Peripherals tab allows you to change the set Content Capture Camera, Mic and Speakers for the room remotely.

Room Activity

The room activity pane lets you view device logs from the MTR.

Room Actions

The actions pane lets you remotely restart the room

Room Updates

The Updates tab lets you set the rooms’ assigned Ring to control when the device receives Windows Updates

Room Call History

The call history tab shows call data for up to 90 days.

Managing Rooms

Managing Updates

You can manage updates through MTR-P. Updates include:

• Updates to the Teams Room App
• Firmware
• Drivers for connected devices
• Windows Updates

Updates are deployed via Update Rings

By default, MTR-P comes with 3 pre-configured rings: Staging, General and Executive

Most customers will find these rings suitable for their environment. An explanation of what the rings mean is below:

Staging
Assign rooms to the Staging ring, which is your testbed. All new updates will roll out here first.
Generally, you will want to ensure that your staging ring represents rooms with the diversity of device
types in your environment. If there are certain types of rooms with an uncommon configuration or a
history of seeing issues, please consider representing them in Staging.

General,
By default, all rooms are placed in this ring. Most of the room devices being used across the enterprise
would fall into this category.

Executive
This group should include your most high-profile rooms where you want to minimize disruption
proactively. A good example of such a room could be a large conference room used for executive
meetings or large team meetings.

You can of course add additional rings if you wish.

Within each ring, you can define the following parameters to control how and when updates are installed on any MTR within that ring:

Deferment Period
Once an update starts with the first ring, the deferment period is the delay in days before the update is initiated on this ring.

Rollout duration
Once the update commences on this ring, this is the time to deploy in this ring. For example, if the duration is 5 days, it will deploy over 5 days to the rooms in this ring once the update starts on this ring.

Test Period
The number of days to test/validate the update in a ring once applied to the ring. The test period starts after the rollout is completed, and once complete, the update moves to the next ring.

Completion Time
The “Completion time” column indicates the total number of days (rollout duration + test period) for this ring to  complete.

Total Time At the bottom is the “Total” row, which indicates how long it will take an update to complete from the first to the last ring.

Important: A rollout of a new version across all rings is restricted to 60 days maximum total in order to keep rooms current.

Managing and Responding to Issues

One of the best things about MTR-P is how the Microsoft operations team can automatically take steps for you to resolve issues with failed updates, or other issues relating to your premium rooms.

If an update fails to install, a ticket is automatically generated with the Microsoft Managed Services Operations team. This team can take steps on your behalf to attempt to resolve the issue for your room automatically. They can also engage you if necessary.

If for some reason you want to pause an update from rolling out further within your org, you can do so. Pausing updates will create a ticket for the operations center to investigate. You’ll be asked to provide details on why you’re pausing an update to assist with investigation and remediation.

You can also decide to install updates earlier than scheduled via the Force Updates button which allows you to either install the update immediately, or whenever the room next becomes available.

The service will automatically send you emails about any issues with your rooms too, which may include automated information, or information from the Microsoft Operations Team with remediation steps you need to take

Troubleshooting

Troubleshooting Steps

All Microsoft Teams Rooms –Managed Services monitoring errors are logged on a specific Event Log file named Microsoft Managed Rooms.

Application runtime log file location = C:\Windows\ServiceProfiles\LocalService\AppData\Local\ServicePortalAgent\app-x.x.x\ServicePortalAgent\ServicePortal_Verbose_LogFile.log
(Note: x.x.x = app version number)

Final Thoughts

MTR-P allows you to automate the management of your most important rooms, ensuring that they stay patched, up to date and online at all times.

Are you considering using MTR-P in your environment?