不知道哪天就走到尽头,做好最坏的打算,争取最好的结果
Sunday, August 31, 2025
Wednesday, August 27, 2025
what's the difference in MS 365, users, guest users, contact ~~~ answered by Copilot
In Microsoft 365 (MS 365), Users, Guest Users, and Contacts are different types of identities used for collaboration, access control, and communication. Here's a breakdown of each:
1. Users
These are licensed members of your organization.
- Who they are: Employees or permanent members of your organization.
- Where they exist: In your Azure Active Directory (Azure AD) or Microsoft Entra ID.
- Access: Full access to Microsoft 365 services (e.g., Outlook, Teams, SharePoint, OneDrive).
- License required: Yes (e.g., Microsoft 365 E3, E5, Business Premium).
- Management: Fully managed by your IT team.
2. Guest Users
These are external collaborators invited to work with your organization.
- Who they are: Partners, vendors, freelancers, or clients.
- Where they exist: Added to your Azure AD as guest accounts (via B2B collaboration).
- Access: Limited access to shared resources (e.g., Teams channels, SharePoint sites).
- License required: No license needed for basic collaboration (some features may require licensing).
- Management: Limited control; they authenticate using their own organization's credentials (or personal Microsoft accounts).
3. Contacts
These are external people or organizations used for communication only.
- Who they are: External email addresses you want to appear in your address book.
- Where they exist: As Mail Contacts in Exchange Online.
- Access: No access to your Microsoft 365 environment.
- License required: No.
- Use case: For sending/receiving emails, showing up in the Global Address List (GAL), but not for collaboration.
Quick Comparison Table
| Feature | Users | Guest Users | Contacts |
|---|---|---|---|
| Internal/External | Internal | External | External |
| License Required | Yes | No (basic use) | No |
| Access to M365 Apps | Full | Limited (shared only) | None |
| Appears in GAL | Yes | Yes (optional) | Yes |
| Collaboration | Full | Yes (limited) | No |
Would you like a visual diagram of this comparison or help setting up any of these in your environment?
Sunday, August 24, 2025
my one year old Dell latitude laptop is a disgrace ; just out of warranty ...
fully charged and
only lasted 14 mins
then cut off the power
what a shame
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Tuesday, August 19, 2025
To ensure Queue1 is assigned a phone number, you should add a resource account that has an associated service number.
To ensure Queue1 is assigned a phone number, you should add a resource account that has an associated service number.
Explanation
Resource Accounts: A resource account is an object in Teams that represents a specific resource, such as a call queue or an auto attendant. To assign a phone number to a call queue, you must first create a resource account for it.
Service Numbers: Service numbers are a special type of phone number used for call queues, auto attendants, and conference bridges. These numbers can handle multiple simultaneous calls and are used for inbound calls to your organization's call-routing resources.
Subscriber Numbers: Subscriber numbers are typically assigned to individual users and are used for personal calls. They are not used for call-routing resources like call queues.
Call Agents: While you do need to associate a group or user as a call agent to the queue, this step is for routing calls to the agents after they enter the queue. It does not assign a phone number to the queue itself. The phone number is assigned to the resource account, which is then linked to the call queue.
✅ Operator Connect
✅ Operator Connect
📌 Explanation:
To meet the following requirements:
- Maintain an existing contract with a local PSTN carrier
- Retain all existing phone numbers
- Minimize on-premises hardware
You should recommend Operator Connect, which allows organizations to:
- Use their existing telecom provider (if they are a certified Operator Connect partner)
- Assign and manage phone numbers directly in the Microsoft Teams admin center
- Avoid deploying and managing on-premises SBCs (Session Border Controllers), unlike Direct Routing
🧩 Comparison of Options:
| Option | Use Existing Carrier | Retain Numbers | No On-Prem Hardware | Notes |
|---|---|---|---|---|
| Calling Plans | ❌ No | ❌ No | ✅ Yes | Uses Microsoft as the carrier |
| Direct Routing | ✅ Yes | ✅ Yes | ❌ No | Requires on-prem SBC |
| Microsoft Teams Rooms | ❌ No | ❌ No | ❌ No | Not related to PSTN connectivity |
| Operator Connect | ✅ Yes | ✅ Yes | ✅ Yes | Best fit for this scenario |
According to Microsoft documentation, the number of subscriber phone numbers you can obtain is calculated based on the total number of Domestic Calling Plan and International Calling Plan licenses you have
According to Microsoft documentation, the number of subscriber phone numbers you can obtain is calculated based on the total number of Domestic Calling Plan and International Calling Plan licenses you have. The formula is:
Total numbers = (Total number of licenses) x 1.1 + 10
You can assign a phone number to the following three resources: Call queue Conference bridge User
You can assign a phone number to the following three resources:
Call queue
Conference bridge
User
Explanation
Call Queue: A call queue is a resource that routes incoming calls to a group of users (agents) who can answer the call. It requires a phone number to be accessible from outside the organization.
Conference Bridge: A conference bridge is used for dial-in conferencing, allowing multiple users to join a meeting by calling a specific number. This number is assigned to the conference bridge.
User: A phone number can be directly assigned to an individual user, enabling them to make and receive phone calls through Teams Phone.
The following options are incorrect because they cannot be directly assigned a phone number in the Teams Phone system:
Microsoft 365 Group: While a Microsoft 365 group can be associated with a team or other resources, it does not directly get a phone number for calling.
Team: A team itself does not have a direct phone number. Instead, the number would be assigned to a call queue or an auto attendant associated with the team.
To allow User1 to review permissions and grant consent to App1 on behalf of all users in the organization, the required role is: Global Administrator
✅ Global Administrator
📌 Explanation:
To allow User1 to review permissions and grant consent to App1 on behalf of all users in the organization, the required role is:
Global Administrator
This is because:
- Granting tenant-wide consent to apps (especially for Microsoft Teams apps that require permissions like reading user profiles or accessing calendars) requires elevated privileges.
- Only Global Administrators can consent to applications on behalf of the entire organization in Microsoft Entra ID (formerly Azure AD).
❌ Why the other options are incorrect:
- Billing Administrator: Manages billing and subscriptions, not app permissions.
- Teams Administrator: Manages Teams settings and policies, but cannot grant org-wide app consent.
- Teams Communication Administrator: Manages calling and meeting features, not app permissions.
🛡️ Principle of Least Privilege Note:
While Global Admin is required for this specific task, it's best to remove the role after consent is granted or use Privileged Identity Management (PIM) to assign it temporarily.
To remotely provision a new Teams device, you should first generate a verification code.
To remotely provision a new Teams device, you should first generate a verification code.
Explanation
Generate a Verification Code: The first step in provisioning a new Teams device remotely is to create a verification code from the Microsoft Teams admin center. This code is a unique, one-time password that links the physical device to your organization's Teams account. This process ensures a secure and authenticated connection.
Enter the Code on the Device: After generating the code, you'll enter it on the device itself. This action initiates the remote provisioning process, allowing the device to download its configuration settings from the Teams admin center.
No IP or MAC Address Needed: You do not need to add the device's IP or MAC address to the Teams admin center for remote provisioning. This is because the process is initiated by the secure, one-time verification code, not by network-level identifiers. Device tags are used for organization and management after the device has been provisioned.
To control what external (guest) users can do in Microsoft Teams — such as screen sharing, editing sent messages, and deleting messages — you need to configure the Guest access settings in the Microsoft Teams admin center.
✅ Guest access
📌 Explanation:
To control what external (guest) users can do in Microsoft Teams — such as screen sharing, editing sent messages, and deleting messages — you need to configure the Guest access settings in the Microsoft Teams admin center.
These settings allow you to:
- Enable or disable screen sharing for guests
- Allow guests to edit or delete their sent messages
- Control other collaboration features like calling, meeting participation, and file sharing
❌ Why the other options are incorrect:
- External access: Controls federated chat with users from other domains (not guest users added to teams).
- Teams policies: Apply to internal users, not guests.
- Teams settings: Org-wide settings for Teams features, but not specific to guest permissions.
The correct action to ensure that guest access to Project1 content expires automatically after 90 days is to configure the External sharing settings in the SharePoint admin center.
The correct action to ensure that guest access to Project1 content expires automatically after 90 days is to configure the External sharing settings in the SharePoint admin center.
Explanation
While guest access is managed in multiple places (Teams, Microsoft 365 Groups, and Microsoft Entra ID), the specific setting to automatically expire access for guests on a site is controlled by SharePoint's external sharing policies.
SharePoint is where the underlying files and folders for a Teams channel are stored.
The guest expiration setting is configured at the SharePoint site level, which in this case is the site associated with the Project1 team.
This feature allows you to set an expiration period (e.g., 90 days) for guests who have been invited to a specific site or who have been given access via a sharing link.
The other options are incorrect for the following reasons:
Microsoft Teams admin center settings for Guest access and External access are for general, organization-wide permissions for guests and external users. They don't provide a per-site or time-based expiration policy.
Microsoft 365 admin center is where you manage settings for Microsoft 365 Groups and user accounts, but the specific, granular expiration of access to a team's content is managed through the SharePoint site's sharing policies.
Privileged access settings are for managing highly-privileged administrative roles and are not related to guest user access to a team's content.
Subscribe to:
Comments (Atom)
