Skype for Business Hybrid deployment guide (with Cloud PBX)

Overview: Skype for Business hybrid deployment is mixed environment with Skype for Business Online and On-Premises configuration. In Hybrid environment has existing on-premises deployment with users that were created in your on-premises Active Directory - with Skype for Business Online. Hybrid deployment allows you keep yours users on your Skype for Business or Lync Server on-premises and on Skype for Business Online using the Active Directory Synchronization to keep your on-premises and online users synchronized. Below are the topics are discussed in this document:

Sr. No. Topics

1 Description

2 Pre-requisite for Hybrid deployment

3 Details steps for Hybrid configuration

4 User migration to Skype for Business Online

5 User migration to Skype for Business Online with Cloud PBX.

6 Auto discover Configure for Hybrid deployment

7 Lesson learned

8 Office 365 health, readiness, and connectivity checks

Author: Balu Ilag Microsoft MVP (Office Servers and Services) © 08.13.2016, Balu Ilag, System Administrator, Microsoft MVP Office Servers

and Services. Version 1.0

Contact me at: balasaheb.ilag@hotmail.com

Blog: http://communicationsknowledge.blogspot.com/ . This document covers Skype for Business Hybrid deployment process. Target audience for this admin guide are Skype for Business / Lync Administrator, Skype for Business Online (Office365) Administrator and System Administrator who manages Skype for Business and Lync server 2013 environment.

You must have the following configured in your environment in order to implement

and deploy a hybrid deployment:

A Microsoft Office 365 tenant with Skype for Business Online enabled. Note that you can use only a single tenant for a hybrid configuration with your on-premises deployment.

A single on-premises deployment (infrastructure) of Skype for Business Server 2015, Lync Server 2013, or Lync Server 2010 that is deployed in a supported topology.

Skype for Business Server 2015 administrative tools. If you are using Lync Server 2013 or Lync Server 2010, you can use the Lync Server 2013 administrative tools.

To support Single Sign-on with Office 365 so that users can use the same login credentials for signing in to Office as they do on-premises, you can use the password sync features of Azure Active Directory (AAD) Connect. You can also use Active Directory Federation Services (AD FS) for single sign-on with Office 365.

A single directory synchronization solution to keep your on-premises and online Active Directory objects synchronized. For details about Directory Synchronization, see Directory Integration Tools.

For this document purpose I have used ADFS and DirSync.

Assuming that you already have setup ADFS for Office 365 and single sign-on and your On-prem ADDS accounts synced with Office 365. If not then you can refer below Microsoft article Set up ADFS for Office 365 for Single Sign-On.

Skype for Business client supportability:

There are some differences in the features supported in clients, as well as the features

available in on-premises and online environments. Before you decide where you want

to home users in your organization, you should review the Client comparison tables for

Skype for Business Server 2015 to determine the client support for the various

configurations of Skype for Business Server. The following clients are supported with

Skype for Business Online in a hybrid deployment:

Skype for Business 2015 Skype for Business 2016 Lync 2013 Lync 2010 Lync Windows Store app Lync Web App Lync Mobile

Lync for Mac 2011 Lync Room System and Skype for Business Room System Lync Basic 2013

Here are the steps:

1. Install Skype for Business online PowerShell module connector to configure

hybrid environment.

a. My OS is windows 7 and Service Pack1. With 64 bit operating system.

b. Install PowerShell 3.0 or higher. If you have PowerShell 2.0 then install

“Windows Management Framework 3.0” URL

(https://www.microsoft.com/en-us/download/details.aspx?id=34595)

c. Time to install Skype for Business Online, Windows PowerShell Module

(https://www.microsoft.com/en-us/download/details.aspx?id=39366)

d. Then install the Microsoft Online Services Sign-In Assistant for IT Professionals

RTW from the Microsoft Download Center. Then install the Azure Active

Directory Module for Windows PowerShell (64-bit version), and click Run to

run the installer package.

e. Check what version PowerShell do you have. Running Get-Host | Select-

Object Version

f. Now time to connect PowerShell to Skype for Business Online.

Open Windows PowerShell as administrator on computer where you install

above pre-requisites.

Import-module skypeonlineconnector

$cred = Get-Credential

$session = New-CsOnlineSession -Credential $cred-

OverrideAdminDomain "brcd.onmicrosoft.com"

Import-PSSession $lyncSession

Below is the Result:

2. You must have Hosting provider setup. . Run this command on Skype for Business

connector Online PowerShell. To seehosting Provider details:

Get-CsHostingProvider

If hosting provider is not setup then you have to setup new new hosting provider.

I used hosting provider with the Identity "OCO" and VerificationLevel property is

set to UseSourceVerification for my environment.

New-CsHostingProvider -Identity OCO -ProxyFqdn "sipfed.online.lync.com" -

Enabled $True -HostsOCSUsers $True -EnabledSharedAddressSpace $True –

VerificationLevel “UseSourceVerification”

You can AutodiscoverUrl later.

3. Enable your Office365 tenant for Skype Meeting Broadcast. [This is optional.

Require if you are going to use Skype Meeting Broadcast] make sure

EnableBroadcastMeeting should be True. Run this command on Skype for

Business connector Online PowerShell.

Set-CsBroadcastMeetingConfiguration –EnableBroadcastMeeting $True

4. Now run Get-CsTenantFederationConfiguration - Run this command on Skype for

Business connector Online PowerShell.

SharedSipAddressSpace must be True.

Run command Set-CsTenantFederationConfiguration -SharedSipAddressSpace

$true

Run again Get-CsTenantFederationConfiguration to see shared Sip addressSpace

is true

5. Currently Presence policy and Meeting configuration not set. All is default.

6. Configure Skype for Business / Lync Server on-premises for Hybrid mode:

a. On front End Server, open the PowerShell console of Skype for business/ Lync

Server and run:

Get-CsAccessEdgeConfiguration

Check if the following parameters are enabled:

AllowFederatedUsers : True

EnablePartnerDiscovery : True

AllowOutsideUsers : True

RoutingMethod : UseDnsSrvRouting

EnableSharedAddressSpace : True

HostsOcsUsers : True

If not, then run the following command:

Set-CsAccessEdgeConfiguration -AllowFederatedUsers $true -

EnablePartnerDiscovery $true -UseDnsSrvRouting -AllowOutsideUsers $True

Note: To check if these value was changed to correct values, you can run Get-

CsAccessEdgeConfiguration again.

b. Check if you already have a Hosting providing on premises Skype for Business/

Lync Server.

Open Skype for business / Lync management Shell and run

Get-Cshostingprovider –Localstore

If the Hosting providing do not exist, then create one typing the following

command:

New-CsHostingProvider -Identity "LyncOnline" -Enabled $True -

EnabledSharedAddressSpace $True -HostsOCSUsers $True -ProxyFqdn

"sipfed.online.lync.com" -IsLocal $False -VerificationLevel

UseSourceVerification

If your environment has Exchange Hybrid, then run this command as well:

New-CsHostingProvider -Identity "Exchange Online" -Enabled $True -

EnabledSharedAddressSpace $True -HostsOCSUsers $False -ProxyFqdn

"exap.um.outlook.com" -IsLocal $False -VerificationLevel

UseSourceVerification

If you setup hosting provider then you need initiate the replication, run the

below command to invoke replication.

Invoke-Csmanagementstorereplication

Note: To check the creation of your host providing you can type

Get-Cshostingprovider -localstore again to see hosting provider information.

7. As far as Federation policy. Your On-Premises and Skype for Business Online

federation policy must be identical.

a. Domain matching must be configured the same for your on-premises deployment and your Office 365 tenant. If partner discovery is enabled on the

on-premises deployment, then open federation must be configured for your online tenant. If partner discovery is not enabled, then closed federation must be configured for your online tenant.

b. The Blocked domains list in the on-premises deployment must exactly match the Blocked domains list for your online tenant.

c. The Allowed domains list in the on-premises deployment must exactly match the Allowed domains list for your online tenant.

d. Federation must be enabled for the external communications for the online tenant, which is configured by using the Skype for Business Online Control Panel.

8. What is DNS requirement for Hybrid?

When creating DNS records for hybrid deployments, all Skype for Business

external DNS records should point to the on-premises infrastructure.

DNS record Resolvable by

DNS requirement

DNS SRV record for _sipfederationtls._tcp.<sipdomain.com> for all supported SIP domains resolving to Access Edge external IP(s)

Edge server(s)

Enable federated communication in a hybrid configuration. The Edge Server needs to know where to route federated traffic for the SIP domain that is split between on premises and online.

DNS A record(s) for Edge Web Conferencing Service FQDN, e.g. webcon.contoso.com resolving to Web Conferencing Edge external IP(s)

Internal corporate network connected users’ computers

Enable online users to present or view content in on-premises hosted meetings. Content includes PowerPoint files, whiteboards, polls, and shared notes.

Above both are available in my environment.

9. Firewall requirement for Hybrid deployment:

Refer complete firewall port requirement for Skype for Business online:

complete firewall requirement

In addition to the port requirements for internal communication, you must also configure the following ports.

Protocol / Port Applications

TCP 443

Open inbound

Active Directory Federation Services (federation server role)

For more information, see Directory Integration Tools.

Active Directory Federation Services (proxy server role) either on-premises or in Azure.

Microsoft Online Services Portal My Company Portal Outlook Web App Client (communication between Skype for Business Online

and your on-premises deployment.

TCP 80 and 443

Open inbound

Microsoft Online Services Directory Synchronization Tool

TCP 5061 Open inbound/outbound on the Edge Server

PSOM/TLS 443 Open inbound/outbound for data sharing sessions

STUN/TCP 443 Open inbound/outbound for audio, video, application sharing sessions

STUN/UDP 3478 Open inbound/outbound for audio and video sessions

RTP/TCP 50000-59999

Open outbound for audio and video sessions

Verified for my deployment.

Now your environment is ready for user migration. Assuming that above steps are

completed.

How to move Skype for Business / Lync Server On-premises user to Skype for Business

Online (Cloud tenant)?

Requirement: You can move users using either Skype for Business Server Control Panel

or Skype for Business Server Management Shell in your on-premises deployment, but

you must have administrator credentials for your Office 365 deployment and Skype for

Business.

Before actually moving the user to Skype for Business Online (O365 cloud), you should

first confirm that the user accounts are synchronized to the cloud, and account has

required license like E3, E5 etc.

Steps: To Move user using Skype for Business / Lync server On-Premises to Skype for

Business Online /Cloud:

Open the Office 365 admin center for your tenant > click Users> Active Users> Click

Search for a User, and type the name of the user.

Confirm that you see the user, and that their status is synched with Active Directory.

Note: If the user is not yet synchronized, then the next automatic synchronization

should happen within three hours per by default schedule.

Assuming your users already synchronized and assign appropriate license. Below Image

shows how to assign cloud E5 license to user:

Now you can move user to Skype for Business Online, there are two option to move

user:

1. Using Skype for Business Control Panel:

a. Login to Skype for Business control panel user account that is part of

CsUserAdministrator role or the CsAdministrator role.

b. Users > Search Users > type First name, last name or SAM account, SIP

address > Find

c. Click on Users > Action > Move selected users to Skype for Business Online.

d. On the Move users to Skype For Business Online page > Next > Sign in to

Office 365 > OK >Next

e. On Confirm page > Next > Close.

Note: I have not moved user using Skype for Business Control Panel to cloud so

don’t know if option available or not above steps written based out of TechNet.

Using Lync Server 2013 Control Panel there is no option to move user to cloud

that I am sure for.

2. Using Skype for Business /Lync Server Management Shell:

You can use this PowerShell command to move usere:

Move-CsUser -Identity username@domain.com -Target sipfed.online.lync.com -

Credential $cred -HostedMigrationOverrideUrl <URL> -ProxyPool

<FEPool_FQDN>

Format of the URL specified for the HostedMigrationOverrideUrl parameter must be

the URL to the pool where the Hosted Migration service are running,

URL Format: Https://<SfB online FQDN>/HostedMigration/hostedmigrationService.svc.

Note: The URL is case sensitive so type exactly same what you have.

To find Skype for Business online admin URL, you can login to

https://portal.office.com/AdminPortal/ then expand 'Admin Centers' > Click on “Skype

for Business” > Copy the URL. The SfB Admin URL will looks like below URL.

e.g. URL looks like: https://admin0a.online.lync.com/lscp/?language=en-

US&tenantID=eb833f80-e9e8-440f-a994-d16889564dd5

Copy the first part of URL till lync.com and add

HostedMigration/hostedmigrationService.svc to Complete URL:

https://admin0a.online.lync.com/HostedMigration/hostedmigrationService.svc

Below is correct command to move user with hosted migration override Url:

$cred = Get-Credential

Move-CsUser -Identity "stril-test-brm@mydomain.com" -Target

"sipfed.online.lync.com" -Credential $creds -HostedMigrationOverrideUrl

“https://admin0a.online.lync.com/HostedMigration/hostedmigrationservice.svc" -

ProxyPool "FEPool.mydomain.com.com"

Wait for 5 min and find user in Skype for Business / Lync Server on-premises and see the

hosting provider show as “Sipfed.online.lync.com”.

Our mentioned users move to cloud. Now time to login on Skype for Business and

test.

I was able to sign-in on Skype for Business client using moved account e.g. stril-test-

hq@mydomain.com

Check Skype for Business client configuration information (Press Ctrl button + Right click

on SfB icon and click on “Configuration Information”.

You can see there Skype for Business Server shows as Microsoft Online pool server

“sippoolbl20a06.infra.lync.com” mean our users sign-in on Skype for Business Online

pool. Refer the below screenshot.

How to use On-Premises PSTN connectivity for Skype for Business Online users?

Simple answer yes, you can use cloud PBX as solution for Skype for Business online user

to use your on-premises PSTN connectivity.

Details answer is here:

Microsoft offers a variety of options for enabling your users to call landlines and mobile

phones through the Public Switched Telephone Network (PSTN) whether their accounts

exist in Office 365 on Skype for Business Online or in your on-premises Skype for

Business Server or Lync Server 2013 deployment.

If you want to move users to Skype for Business Online but your organization already

invested On-Premises PSTN connectivity then still you can move users to Skype for

Business Online with on-premises PSTN connectivity through Cloud PBX. Your users are

actually homed in the cloud and are enabled for Cloud PBX, but their calling is processed

through on-premises PSTN connectivity (either through a PBX, Gateway, Session Border

Controller, or SIP Trunking connection) to source PSTN for the users who you move to

the cloud).

There are two option:

1. Skype for Business Cloud Connector Edition (CCE) - Cloud Connector is a hybrid

offering that consists of a set of packaged Virtual Machines (VMs) that implement on-

premises PSTN connectivity. By deploying a minimal Skype for Business Server topology

in a virtualized environment, users in your organization, whether homed in the cloud

are on premises, will be able to send and receive calls with landlines and mobile phones

through the existing on-premises voice infrastructure.

Refer complete article: https://technet.microsoft.com/en-us/library/mt605227.aspx

2. Skype for Business Server existing deployment -This is a hybrid offering that consists

of a Skype for Business Server on-premises deployment modified for hybrid PSTN. Users

in your organization, whether homed in the cloud or on-premises, will be able to send

and receive calls with landlines and mobile phones through the existing on-premises

voice infrastructure.

This document is focusing on Skype for Business online and Skype for Business / Lync

Server On-premises hybrid deployment with On-premises PSTN connectivity through SIP

trunk and PSTN Gateways).

Pre-requisite: You must have Office 365 Global Administrator role permission and Skype

for Business / Lync Server on-premises CsAdministrator and CsServerAdministrator role

permission in order to complete the configuration.

This is an optional step that is required only if you are moving on-premises users to

Skype for Business Online. Before you begin to move users to Skype for Business Online,

check that the Skype for Business Online Connector (Windows PowerShell module) is

deployed on your Front End Servers. If it isn't, you can download it from the download

center. Also, to prepare your AD, you'll need to configure Azure AD Connect. The version

of AAD Connect you use must be version 1.0.9125.0 or later. If you are using an earlier

version of AAD Connect tools or DirSync, please upgrade to the supported version. You

can upgrade your current installation and maintain any custom rules you have defined in

your environment.

Before moving user to Skype for Business online make sure below:

Enable user for Enterprise Voice before moving on-premises before moving to

cloud.

Setup Line URI for user with E.164 format (e.g. tel:+1234567890;ext=67890) on-

premises.

Assign Dial plan and Voice Routing policy in On-Premises.

User must have synced in Cloud and have to have cloud license assigned before

moving to the cloud.

Before moving user to Skype for Business Online tenant, assign the E5 license

which has cloud PBX feature or you can use Cloud PBX Add-on license if you have

existing E3 license.

Refer: how to move Skype for Business / Lync server On-Premises user to Skype for

Business Online section in this document.

Assumption: You already have Skype for Business Hybrid setup (Skype for Business

Online and On-Premises setup).

How to enable users for Enterprise Voice online and Cloud PBX Voicemail?

The final step is to enable users for Cloud PBX and Voicemail, which includes. To enable

these capabilities, you must be a user with the Office 365 Global Administrator role, and

be able to run remote PowerShell.

Assuming that you already have Skype for Business Online, Windows PowerShell

Module

1. Open Windows PowerShell and import SkypeOnlineConnector module

and get credential which has Office 365 Global Administrator role

permission.

Import-module skypeonlineconnector

$cred = Get-Credential

2. Open new online session with existing credential and import that session.

Refer below PowerShell commands.

$session = New-CsOnlineSession -Credential $cred -OverrideAdminDomain

"brcd.onmicrosoft.com" –Verbose

Import-PSSession $session

3. Now enable online user for Enterprise voice and hosted voice mail. You

must run this below command on online PowerShell to enable Enterprise

voice and hosted voice mail even though you enabled on On-premises.

Command: Set-CsUser -Identity "<User name>" -EnterpriseVoiceEnabled $true -

HostedVoiceMail $true

E.g.: Set-CsUser -Identity "strill-test-brm@mydomain.com" -EnterpriseVoiceEnabled

$true -HostedVoiceMail $true

After enabling user for EnterpriseVoice and hosted Voice mail, run the Get-CsOnlineUser

command to see users enabled for

Get-CsOnlineUser -Identity "stril-test-hq@brocade.com" | fl *voice*,*line*,*dial*

Above Get-CsOnlineUser command result shows ‘HostedVoiceMail: True and

EnterpriseVoiceEnabled: True means user is ready to use EV features.

In case you have not assigned Dial-plan and Voice Routing Policy to user before moving

user to Cloud then assign appropriate voice routing policy (call authorization) and dial-

plan (Phone number normalization) for user using on-premises Skype for Business/ Lync

Server control Panel or Skype for Business/ Lync Power shell.

Login to any Skype for Business / Lync Server Front End Server and open Skype for

Business Control Panel using account assigned member of CsAdministrator or

CsUserAdministrator

Control Panel > Users > Type first name and last name > once user found, double click

on it.

Then, enable Enterprise Voice, assign Dial plan and Voice Routing policy. Refer the

below image.

Enable EV assign Dial plan and Voice Routing policy using Skype for Business or Lync

Server Power Shell:

Grant Dial Plan:

Grant-CsDialPlan -Identity "stril-test-brm@mydomain.com" -PolicyName "US-CO-

Broomfield "

Grant Voice Routing Policy:

Cloud PBX users must have a Voice Routing Policy assigned to them for calls to route

successfully.

This is differs from on-premises Skype for Business voice users who require a Voice

Policy to be assigned to them to allow calls to route successfully. The Voice Routing

Policy should contain PSTN usages that define authorized calls and routes for Cloud PBX

users.

If you don't have Voice Routing Policies created then then you can create new Voice

Routing policy using existing PSTN usages coping from existing Voice Policies to new

Voice Routing Policies.

New-CsVoiceRoutingPolicy -Identity "US-CA-SanJose-Hybrid" -Name "US-CA-SanJose-

Hybrid" -PstnUsages "Long Distance", "Local", "Internal"

Now grant above created Voice Routing policy to User.

Grant-CsVoiceRoutingPolicy -Identity "stril-test-hq@mydomain.com" -PolicyName

"US-CA-SanJose-Hybrid"

How to assign Voice routing policy to multiple users?

Get-CsUser -LdapFilter "l=SanJose" | Grant-CsVoiceRoutingPolicy -PolicyName "US-CA-

SanJose-Hybrid"

How to unassigned or remove Voice Routing Policy?

Grant-CsDialVoiceRoutingPolicy -Identity "stril-test-hq@brocade.com" -PolicyName

$Null

After you assigned voice routing policy and dial plan you can run Get-CsUser to see

policy assigned correctly or not.

Now you can run Get-CsOnlineUser to see user if online user enabled for Enterprise

Voice, Hosted Voice Mail and Voice Policy ‘HybridVoice’.

Note: You will not see Voice Routing policy name on online power shell command. You

can only see Voice Routing Policy name on On-premises power shell command.

Testing:

Login to Skype for Business client using your, SIP address (User which moved to cloud)

and password. Refer below Image.

Able to login to Skype for Business and able to make inbound and outbound calls. Refer

the below Image.

Able to receive Voice Mail as well which is Awesome!. Refer the below Image.

How to configure Autodiscover service for Hybrid deployment?

Hybrid deployments are configurations that use both the Skype for Business Online

cloud service (Office 365) and the Skype for Business/ Lync on-premises deployment.

This document will talk about Hybrid deployment of Skype for Business online and Skype

for Business / Lync Server on-premises, in this type of configuration, the Autodiscover

service must be able to locate where the user is actually located. That is to say,

Autodiscover aids in finding the user account and where the server that hosts the user’s

account is, regardless if it is in the on premises deployment or in the Skype for Business

Online deployment.

For example, if a user’s account is hosted on a server in Skype for Business Online, the

attempt to locate the user will happen as follows, in a process known as discoverability:

E.g. bilag@mydomain.com

a. User initiates a connection attempt to the on premises deployment, using

domain mydomain.com.

b. The attempt is sent to lyncdiscover.mydomain.com, the DNS name associated

with the Autodiscover service.

c. Autodiscover refers to the assumed registrar pool at the mydomain.com on

premises deployment and is given information on the user’s actual home server

hosted in Skype for Bsuiness Online. Autodiscover then sends the user a referral

to the lync.com online Autodiscover service.

The user initiates a connection attempt to the lync.com online Autodiscover service and

is able to locate the user’s account and the user’s home server.

To enable mobile clients to discover the deployment where the user home server is

located, you must configure the Autodiscover service with a new uniform resource

locator (URL).

You use Get-CsHostingProvider to retrieve the value of the attribute ProxyFQDN.

From the Skype for Business / Lync Server Management Shell, type below command to

setup Autodiscover URL.

Set-CsHostingProvider -Identity [identity] -AutodiscoverUrl

https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root

Where [identity] is replaced with the domain name of the shared SIP address space.

Get-CsHostingProvider

Now you are seeing correct AutodiscoverURL for user.

Reference articles:

Plan: https://technet.microsoft.com/en-us/library/mt455212.aspx

Deploy: https://technet.microsoft.com/en-us/library/mt634319.aspx

https://technet.microsoft.com/en-us/library/mt612869.aspx

Lesson Learned:

Below are the lesson learned while moving Skype for Business / Lync Server On-

Premises user to Cloud (Skype for Business Online).

You may see below error when you have multiple federated Edge servers and you have

not specified the proxy pool FQDN.

When you don’t specify the correct proxy pool name as your registrarpool (FE) instead

of edgepool (Edge) then you will see below error. To resolve add correct front end pool

name.

You will see below error when you don’t have live Id module install on your FE server

from where you are running command. (Module called as “Microsoft Online Services

Sign-In Assistant for IT Professionals RTW”)

Download from URL: https://www.microsoft.com/en-

us/download/details.aspx?id=28177

You are seeing below warning message because when you move user from On-Prem to

Cloud (tenant) your existing meetings and recurring meetings will get affected. Or your

old meetings will not available in cloud because your registrarpool will be different

where meeting hosted.

If user do not have cloud license assign and you are moving that user to cloud then

you endup with below error.

So before moving user assign the appropriate cloud license to the user.

Issue: Move-CsUser: Unable to locate Windows Live ID token from the provided

credentials, or from Active Directory Federation Services (AD FS) credential cache.

If you don’t put credential of Office365 Admin then you may see below error. Before

moving user must put credential of Office365 Admin and then run move command.

You write credential which has Office365 tenant admin permission then move user to

cloud.

All Cloud PBX users are assigned the same Voice Policy named BusinessVoice which

defines the calling features allowed; for example, Allow Simultaneous Ring.

Error: Call was not completed or has ended.

When you move user to cloud and assign required policy with cloud PBX license and

make outbound call however call not complete and gives above error.

Then make sure you have assign the Voice Routing policy to user on on-premises to

route call.

Cloud PBX users must have a Voice Routing Policy assigned to them for calls to route

successfully.

You can grant voice routing policy using below power shell command:

Grant-CsVoiceRoutingPolicy -Identity "Balu Ilag" -PolicyName "US-CA-SanJose-Hybrid.

Now you can make outbound call and checks. You will be able to make outbound call.

How to run Office 365 health, readiness, and connectivity checks?

I would recommend that you run Office365 health, readiness, and connectivity checks before you set up Office 365, Skype for Business Online or Office 365 hybrid environment.

This test can find settings in your current environment that might cause problems when you start to set up or use your services.

If you know where the potential roadblocks are before you start, you can fix or work around them to make your deployment path easier to complete.

The readiness checks are looking at settings in your current local network environment and anything you’ve already set up in Office 365. The checks use

your credentials to make their inspection. Run the checks while connected to your current local network and logged in as an admin.

Check results are sorted into these categories:

Passed: the setting that we checked is correct for Office 365. You might want to review passed items to see what we looked at, but these results are informational only.

Warning: the setting that we checked won't break anything, but isn't optimized for Office 365. You can review the results to see if this is an important setting for you. If you want to learn more about the warning, or learn how to change the setting, you can get help from the panel to the right.

Error: the setting that we checked will negatively affect your setup and should be fixed before you continue. Definitely review these results and make changes as needed. Help on how to fix issues is available from the panel to the right. If you see an error for something you haven't set up yet, such as DNS records, you can ignore the error for now. But, we recommend you run the readiness checks again after you get set up.

How to run HRC?

Go to URL: Run HRC

Login with your tenant admin account. The HRC (check advanced) should be run from a regular user PC. It will check for outbound ports for Office 365 services.

Click on Next

Click Next.

Once you click on “Run checks”, You may see security warning say “Run” on security warning to check your environment health.

Click on “Run”

This test basically checks User Principle Name, Proxy Address, mailnickename, mail attribute for each AD users. Additionally it will check Directory Synchronization for AD DS objects.

Below is the RESULT:

https://support.microsoft.com/en-us/kb/2409256

Thank you.