Category: Uncategorized

If you deploy the all new AIP Unified Labeling Client to your machines, every user has to enable the status bar in Office if they want to apply some labels. This behavior can be changed through some Powershell Commandlets.

First of all, download the client MSI and deploy it through Intune https://www.microsoft.com/en-us/download/details.aspx?id=53018

 

Then, we need to create the required Labels in Office 365 (will cover that in a separate blog some days):

 

Next step is to connect the Office 365 Security & Compliance Center Powershell, easiest way if you are using MFA (which I hope you do), is to download the Exchange Online Powershell Commandlets in Internet Explorer (no comment), this can do your modern auth (connect-ippssession -userprincipalname asfd@asdf.com):

 

Then you can run a single command line to automatically enable the status bar for every scoped user in you label publishing (just replace the label policy name):

Set-LabelPolicy -Identity “Schützenswert / Sensible” -AdvancedSettings @{HideBarByDefault=”False”}

so, thats it, now the bar will be displayed automatically on the next start of the Office App.

 

The last part is about creating a Roomlist, to get the Surface Hub as Resource in Teams Meetings Requests. Learned from Yoav (https://y0av.me/2018/11/07/add-surface-hub-and-srs-rooms-to-microsoft-teams-meetings/)

#1: Connect Exchange Online with MFA

If you are using MFA for you Admin Accounts: Download Exchange Online Powershell in Exchange Online Admin Center with Internet Explorer (had to Install IE again first haha), then connect with Powershell

#2Create the Roomlist and Add you Surface Hubs into it

#3: You can now select your Surface Hub as a resource in Teams

Go back to Part 1 or Part 2

In the first part, Resource, User and License has been provisioned. Now it’s time to configure some Intune Polices for the device. The following Settings has been defined for deployment:

• App Deployment from Microsoft Store (Win32 is not Supported)
• Teams as Default Phone Client
• PIN for Projection
• Custom Start Layout

For AppDeployment, the Store for Business needs to be synchronized into Intune, Offline Licensing is required for every deployed App.

#1: Enable Store for Business Offline Apps

#2: “Buy” Teams and sync it into Intune

#3: Deploy it to your Surface Hubs

#4: Create Device Configuration Settings

Create a Custom Settings Profile for the 2 required OMA/URIs and deploy it to your Surface Hub (Details over here: https://docs.microsoft.com/en-us/microsoftteams/teams-surface-hub)

#5: Create Device Restriction Profile for Start Layout and PIN

To create the Startlayout, you can download and modify this template: https://docs.microsoft.com/en-us/surface-hub/surface-hub-start-menu (could not test that one yet)

In Part III, a Roomlist will be created for Teams Meeting Requests: Part III

Last week I was lucky and could get some hands on a brand new Surface Hub 2s; of course managed through Intune. A few printscreens and experiences from setup and configuration:

#1: Create Resource

#2: Set Auto-accept and Booking window

#4: Assign License to the User (we decided to go for the Meeting Room license wich contains Intune, Teams, and Phone System as well)

Part II: Intune Policies & Settings