UCPrimer
  • Tech Blog
  • About UCPrimer.com

Deploying and Managing MTR on Android

12/31/2020

0 Comments

 
Picture
Formerly known as "Collaboration Bars", Microsoft Teams Room on Android (MTRoA) devices have become widely adopted in both large and small organizations that want a native Teams room experience in their small to medium sized meeting rooms. These devices are simple to setup and manage, and provide a rich Teams meeting experience thanks to many new features introduced since these devices began shipping last year. this blogpost focuses on some of the best practices deploying and managing MTRoA specifically on the Poly Studio X30/50 devices available today. 
As of this writing, the latest firmware version available on the Poly Studio X30/50 is 3.2.3 which contains the Teams Room Update #3 and we can keep track of new MTRoA app releases in this Microsoft webpage. This version hosts many new features such as:
  • 3x3 Video Layout (>10 participants)
  • Auto-answer on Proximity Meeting Join
  • Dual Screen support (X50 only)
  • Video Spotlight
  • Raise Hand
  • “Rate my call” experience
  • Large Gallery and Together Mode
There are many more features that Microsoft plans to add for MTRoA devices to make the experience even richer and better. To see a list of roadmap features, simply nagivate to aka.ms/office365roadmap and search for the term "Teams Room". With that, lets begin with the best practices:

#1. Accounts and licensing for MTRoA
Similar to its cousin the MTR for Windows (MTRoW), MTRoA devices are best licensed using the O365 Teams Room license as this provides the most cost effective solution than other licenses such as O365 E5 and includes all the necessary components such as Teams, Exchange, Skype for Business, Intune and Phone System licenses for PSTN calling. Of course, to make PSTN Calls, either a Calling Plan or Direct Routing has to be configured and enabled for the room account. Fellow MVP Jeff Schertz has an excellent blog post on that provides step-by-step to create Teams Room accounts.

#2. Web Proxies
Web Proxies are generally not recommended for Teams Room devices as mentioned in this Microsoft Docs article However, for some organizations Web Proxies are mandatory and therefore its still supported. However, note that Microsoft Teams Rooms does not support proxy authentication as it may interfere with regular operations of the room. Ensure that Microsoft Teams Rooms have been exempted from proxy authentication before going into production. The good news is that the Poly StudioX series does support Web Proxy configuration via the web admin UI as shown below:
Picture
In the options shown above, enabling WPAD will allow the StudioX to use DHCP Opt 252​ to obtain a URL to automatically download a proxy auto-configuration (PAC) file. When disabled, the system will not use DHCP but we can manually specify a URL for it to download the PAC file. When Automatic Configuration is disabled, then manual proxy configuration can be entered into the system. Its important to note that in Poly firmware versions earlier than 3.2, the system will not download a PAC file without any expiry header and an error message will appear "expired". Upgrading to 3.2 or later will resolve this issue.

#3 Implementing 802.1x Network Access Control
The StudioX devices supports implemtation of 802.1x Network Access Control for high security requirements. To begin the Root CA certificate must first be loaded using the "Install Certificate" button in the network settings screen as shown below:
Picture
The file being used to install the Root CA should be in DER format and not Base64. Next, use the "Create Certificate Signing Request (CSR)" button to create a new CSR request to submit to the CA. Make sure that the Common Name (CN) matches the DNS A record of StudioX device. Once the certificate is issued by the CA, install using the same steps earlier, making sure to use DER format for the certificate file. Once the certs are ready, then navigate to the 802.1x settings and configure as necessary as shown:
Picture
#4 Upgrading Firmware
Its always best practice to keep the StudioX firmware updated and there are several ways this can be done. The easiest is via the Teams Admin Center (TAC) where multiple devices can be upgraded within a schedule time or manually initiated by the TAC administrator as shown below:
Picture
To use the TAC for firmware updates, the StudioX must first be signed into Teams before it will appear in the TAC. Another method of upgrading the firmware without signing into Teams first is to use the device's Web Admin UI. First the firmware must be downloaded from the Poly Support website and thereafter, we can use the Web Admin UI and choose "Download Update From" = "Polycom Support Site" as shown below:
Picture
The device will automatically check for firmware updates and allow a manual initiation of the upgrade process. Note that this method cannot be scheduled. Using either of the above methods will update the firmware of both the StudioX and the TC8 if one is paired. Lastly, the firmware of the StudioX can also be updated by downloading the file from the Poly Support website and loading it into the root of a USB stick. Simply plug the USB device into the USB-A port of the Studio to initiate the update process.

#5. Company Portal Issues during Sign-in
There may be cases where during Teams sign-in, the device gets stuck at the Company Portal page or the system gets thrown back to the login page after clicking on the "Sign-in" button. When this happens, there are several things to check. Firstly, check the the system is able to contact a NTP server over UDP to get the correct time. There's no way to manually set the clock on the StudioX. Second, make sure that the necessary firewall rules are allowed for the device and the list of ports and addresses are provided by Microsoft in the Office 365 URLs and IP address ranges webpage. Make sure all ports and addresses stated as "Required" are allowed for the StudioX. Thirdly, make sure Intune is disabled or bypassed for accounts used by the StudioX. A good blogpost by fellow MVP Adam Jacobs shows how to create a dynamic group in AzureAD that can be used to bypass Intune policies that are implemented for regular user accounts. Fourthly, make sure that the accounts used to sign in on the StudioX are exempted from Azure AD Conditional Access policies as these are not supported for MTRoA devices. Finally, if Multi-factor Authentication (MFA) is enabled for the StudioX accounts, then the web sign-in method should be used to login to Teams as shown below:
Picture
That concludes this blog post on some of the best practices deploying and managing Poly StudioX devices. Hopefully, the 5 tips above are helpful for anyone hoping to successfully deploy and manage these MTRoA solutions in their O365 tenants.
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Picture
    Picture

    Important Links

    Microsoft Teams Docs
    Microsoft Learn

    ​Microsoft MVP Blogs

    Michael Tressler’s Blog
    Michael’s MTR Quick Tip Videos
    Jimmy Vaughan’s Blog
    Jeff Schertz
    Adam Jacobs
    James Cussen
    ​Damien Margaritis

    Archives

    September 2022
    August 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    June 2021
    April 2021
    March 2021
    December 2020
    October 2020
    September 2020
    August 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    March 2019
    November 2018
    October 2018
    September 2018
    August 2018
    June 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    August 2017
    July 2017
    April 2017
    March 2017
    February 2017
    January 2017
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    January 2016
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015
    May 2015
    April 2015
    March 2015
    February 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    August 2014
    July 2014
    June 2014
    May 2014
    April 2014
    March 2014
    February 2014
    January 2014
    December 2013
    November 2013
    October 2013
    September 2013
    August 2013
    July 2013
    June 2013
    May 2013
    April 2013
    March 2013
    February 2013
    January 2013
    December 2012
    November 2012
    September 2012
    August 2012

    Categories

    All
    Edge
    Exchange 2013
    Hybrid
    Lpe
    Lync 2010
    Lync 2013
    Mobility
    Oauth
    Office365
    Polycom
    Ucs

    RSS Feed

    This website uses marketing and tracking technologies. Opting out of this will opt you out of all cookies, except for those needed to run the website. Note that some products may not work as well without tracking cookies.

    Opt Out of Cookies