Getting Set Up
- Obtaining and Assigning Licensing
- Using Microsoft Teams Room Premium with Intune, MDM or a GPO
- How Updates are installed
- Accessing the Teams Room Premium Portal
Deploying Teams Room Premium
What is Teams Room Premium?
The Microsoft Teams Rooms Managed Service is a cloud-based IT management and monitoring service that keeps Microsoft Teams Rooms devices and their peripherals up to date and proactively monitored, supporting an environment optimized for a great user experience.
There are three key aspects of the service:
- Intelligent operations
Software and machine learning that automates updates, problem detection, problem resolution
for Microsoft Teams Rooms.
- Dedicated experts
A team of experts who provide 24×7 service operations, tiered support, and incident resolution
- Enhanced insights
Rich analytics, reporting and proven learnings at scale across many customers.
Microsoft Teams Room Premium (MTR-P) handles:
- The Microsoft Teams Room App
- Device firmware (for USB attached cameras, speakers, mics)
- OS Updates
- Driver Updates
- Licensing for Teams including Audio Conferencing, Phone System, Whiteboard, Skype for Business Online and Microsoft Intune – which is all you’ll need to assign to a meeting room!
To ensure your MTRs are able to communicate with the MTR-P cloud-based service, you’ll need to ensure you allow the MTR to access the following URLs on port 443:
If you’re using a proxy server in your environment, you’ll need to run the following commands as a local admin to allow the MTR-P app running on the MTR through your proxy:
If using single proxyserver:
bitsadmin /Util /SetIEProxyLOCALSYSTEM MANUAL_PROXY <proxyserver>:<port> “”
bitsadmin /Util /SetIEProxy LOCALSYSTEM MANUAL_PROXY contosoproxy.corp.net:8080″”
If using pacfile:
bitsadmin /Util /SetIEProxy LOCALSYSTEM AUTOSCRIPT <pac file url>””
bitsadmin /Util /SetIEProxy LOCALSYSTEM AUTOSCRIPT http://contosoproxy.corp.net/proxy.pac “”
You may find that TPM on your MTR is disabled. If this is the case, you’ll need to enable it in the bios:
- Plug in keyboard to NUC device.
- Restart device.
- Rapidly press F2 key to display BIOS screen.
- Select Advanced.
- Select Security.
- On the right-hand side under security features, Enable Intel Platform Trust Technology.
- Press F10 to save your settings.
- Select Yes to save.
Getting Set Up
Obtaining and Assigning Licensing
If you’d like to trial Teams Room Premium, you can do so via a free 90 day trial for up to 100 rooms.
To sign up for the free trial, just go to https://rooms.microsoft.com/premium and sign in with your Office 365 Administrator account.
You can also purchase paid Teams Room Premium licensing via the Office 365 portal. Simply go to Billing > Purchase Services and search “Teams Rooms Premium”.
Whether you’re using trial or purchased licensing, you’ll need to assign a Teams Room Premium license to each of the rooms you wish to activate with the service. You can find the steps to do that here: https://docs.microsoft.com/en-us/microsoftteams/rooms/obtaining-assigning-license
Using Microsoft Teams Room Premium with Intune, MDM or a GPO
If you’re already managing Windows Updates through Intune, Mobile Device Management or a Group Policy Object, Microsoft advise you remove the Windows Update policies from Intune/MDM/GP that are assigned to MTR’s so that you can manage updates through MTR-P instead.
MTR-P is designed to keep the MTR updated with the latest supported version of Windows. At the time of writing, this is windows 10 20H2 (OS Build 19042.572).
If you don’t remove the policies that manage updates for your MTRs, MTR-P will try to install the most up to date version of Windows supported on the MTR anyway, but Intune may prevent this.
How Updates are installed
The MTR-P service deploys updates to MTRs on a Wednesday. Critical updates are allowed to bypass this schedule if Microsoft determine a service-critical issue.
When you install the MTR-P agent on an MTR, it automatically disables the Microsoft Store updates, so that MTR-P can handle updates to the Teams app running on the device.
Updates are typically applied between 12am and 5am in the rooms local time zone.
Accessing the Teams Room Premium Portal
Login to the portal:
- Browse to https://portal.rooms.microsoft.com
- Login using an Office 365 Admin account
The first time you login to the MTR-P portal, you may wish to configure an MTR-P admin account (rather than logging in as the Office 365 global admin going forwards).
Do to this, go to Roles > Managed Service Administrator > Add and add the user account(s) you wish to give admin access to the Teams Room dashboard.
Deploying Teams Room Premium
Deploy the self-enrollment key to your MTRs
You’ll need to deploy the self-enrollment keys to any MTR you wish to manage via MTR-P.
To access the key, browse to Settings > General
Manually download the key and copy it to c:\Rigel on the MTR, then download and run the MTR-P installer from https://aka.ms/serviceportalagentmsi
Once installed, the MTR-P agent runs in the background on the MTR, reporting to the Teams Room Premium dashboard every 5-10 minutes.
After waiting aprox 10 minutes for my MTR to sync, I can now see it in the Teams Room Premium Dashboard
Creating a group
If you want to organise your MTR-P managed rooms into groups to easily identify and manage them, you can do so by creating one or more groups.
Many orgs have different people that may want to access the Teams Room dashboard to view reports, or perform room maintenance. You can delegate access to other Office 365 accounts for a range of different roles:
The Rooms dashboard shows you the current health status of your Windows-based MTRs that are enrolled in MTR-P.
You can see that the current status of my Test Meeting Room 1 is Onboarding. Let’s enroll the room to start receiving alerts, be able to create tickets and open incidents against this room.
Click on the room to open the rooms properties, then click Enroll
This then updates the status of the room to Enrolled
To see detailed information about a particular room, click on it in the room list.
For each segment of the MTR, you’re able to view the current Status (good or bad) as well as Historical information from the last 7 days, up to 50 entries
The settings tab allows you to edit various settings on the MTR itself remotely, without having to physically touch the in room controller.
The About tab shows you current information about the room, including its location (address), and internal IP address
The Accounts tab shows you information about the room account, and allows you to set Configured domains and the Supported Meeting Mode (which is a super simple way of updating these rooms to TeamsOnly mode! You can also enable/disable modern auth too.
Note: You cannot change the room sign in address here.
The Meetings tab allows you to change settings on the device for things like automatic screen sharing, dual monitors, the ability to show or hide the meeting name on the device and more.
The Device tab shows you specific information about the in room hardware, including cameras, mics, speakers and displays.
Lastly, the Peripherals tab allows you to change the set Content Capture Camera, Mic and Speakers for the room remotely.
The room activity pane lets you view device logs from the MTR.
The actions pane lets you remotely restart the room
The Updates tab lets you set the rooms’ assigned Ring to control when the device receives Windows Updates
Room Call History
The call history tab shows call data for up to 90 days.
You can manage updates through MTR-P. Updates include:
- Updates to the Teams Room App
- Drivers for connected devices
- Windows Updates
Updates are deployed via Update Rings
By default, MTR-P comes with 3 pre-configured rings: Staging, General and Executive
Most customers will find these rings suitable for their environment. An explanation of what the rings mean is below:
Assign rooms to the Staging ring, which is your testbed. All new updates will roll out here first.
Generally, you will want to ensure that your staging ring represents rooms with the diversity of device
types in your environment. If there are certain types of rooms with an uncommon configuration or a
history of seeing issues, please consider representing them in Staging.
By default, all rooms are placed in this ring. Most of the room devices being used across the enterprise
would fall into this category.
This group should include your most high-profile rooms where you want to minimize disruption
proactively. A good example of such a room could be a large conference room used for executive
meetings or large team meetings.
You can of course add additional rings if you wish.
Within each ring, you can define the following parameters to control how and when updates are installed on any MTR within that ring:
Once an update starts with the first ring, the deferment period is the delay in days before the update is initiated on this ring.
Once the update commences on this ring, this is the time to deploy in this ring. For example, if the duration is 5 days, it will deploy over 5 days to the rooms in this ring once the update starts on this ring.
The number of days to test/validate the update in a ring once applied to the ring. The test period starts after the rollout is completed, and once complete, the update moves to the next ring.
The “Completion time” column indicates the total number of days (rollout duration + test period) for this ring to complete.
Total Time At the bottom is the “Total” row, which indicates how long it will take an update to complete from the first to the last ring.
Important: A rollout of a new version across all rings is restricted to 60 days maximum total in order to keep rooms current.
Managing and Responding to Issues
One of the best things about MTR-P is how the Microsoft operations team can automatically take steps for you to resolve issues with failed updates, or other issues relating to your premium rooms.
If an update fails to install, a ticket is automatically generated with the Microsoft Managed Services Operations team. This team can take steps on your behalf to attempt to resolve the issue for your room automatically. They can also engage you if necessary.
If for some reason you want to pause an update from rolling out further within your org, you can do so. Pausing updates will create a ticket for the operations center to investigate. You’ll be asked to provide details on why you’re pausing an update to assist with investigation and remediation.
You can also decide to install updates earlier than scheduled via the Force Updates button which allows you to either install the update immediately, or whenever the room next becomes available.
The service will automatically send you emails about any issues with your rooms too, which may include automated information, or information from the Microsoft Operations Team with remediation steps you need to take
All Microsoft Teams Rooms –Managed Services monitoring errors are logged on a specific Event Log file named Microsoft Managed Rooms.
Application runtime log file location = C:\Windows\ServiceProfiles\LocalService\AppData\Local\ServicePortalAgent\app-x.x.x\ServicePortalAgent\ServicePortal_Verbose_LogFile.log
(Note: x.x.x = app version number)
|You receive an error message stating
ERROR: Please run this application with elevated privileges
|Run the application with escalated privileges and try again|
|You receive an error message stating
TPM data cannot be found
|Ensure that your device has TPM (Trusted Platform Module) turned on in the BIOS. This is usually found in the security settings of the devices BIOS|
|You receive an error message stating
Local user account named ‘Admin’ or ‘Skype’ not found
|Ensure that the user accounts exist on the Microsoft Teams Room systems device.|
|You receive any error state messages that are not covered above||Provide a copy of the installation log to Microsoft Support for assistance.|
MTR-P allows you to automate the management of your most important rooms, ensuring that they stay patched, up to date and online at all times.
Are you considering using MTR-P in your environment?
Great article. Thank you.. We have this deployed on many Crestron devices. I feel this is a stupid question but going to ask anyway. Is premium supported on MS Surface Hub devices (the big 85 inch ones) ? I think we’re stuck with intune ?
Right now, the surface hub devices aren’t supported on MTR-P, so your options are to manage it with Intune
Thank you Craig for the confirmation.
So, trying to do some testing with premium license in our test environment. Global admin assigned the premium license to a room acct and assigned the Managed Service Admin role to my acct. Unfortunately I can’t seem to login to the portal with my account. Still get the “You don’t have access to this application” message after accepting the license terms. Are we missing something?
Ensure you’ve been added to the right role under Settings > Roles within the MMR portal