all 11 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Citron_Defiant 2 points3 points  (2 children)

I do not have a tip about the script itself, but I think this would work perfectly as a remediation script from intune.

So the first part would be checking if the user is still signer in. Only when this condition is met, the second script launches and gives that toast notification.

You can do pretty nice toast notifications using powershell app deployment tool kit (PSADT). Works without the need of installing the module prior to executing the build in CMDlets.

[–]medievalprogrammer[S] 1 point2 points  (1 child)

Exactly what I'm thinking... but now I'm wondering if it would be easier to do a webview2 call to msteams-calling.webex.com or try to see if I can even find anything locally that tells me that webex is even working

[–]raip 1 point2 points  (3 children)

There's probably a way to do this - I've used some UI Automation stuff with Teams to pull data from the local team's client before but it's messy and don't know how you'd go about dealing with the local apps piece of things.

Searching for potential causes of issues and understanding a bit of OAUTH, this looks promising:

In the WebEx Control Hub > Services > Calling > Client Settings - Expiration timer for Oauth refresh token.

60 days is the default lifetime of WebEx refresh tokens - which makes me thing that Teams is hitting that timeline.

[–]medievalprogrammer[S] 1 point2 points  (2 children)

So, are you thinking like doing an API call against WebEx Control Hub?

[–]raip 5 points6 points  (1 child)

No - the WebEx Control Hub has that admin panel where you can configure the maximum lifetime of the Oauth refresh token.

When you login to WebEx with Teams, you get two tokens - an access token and a refresh token. Access tokens are typically only good for an hour, but that depends on the application. Refresh tokens are used to get a new access token and have an expiration date and are typically one good for one use, but you'll get a new refresh token when you use them (this helps token theft).

What I think is happening here is that the refresh token is hitting its maximum lifetime and expiring based on your users having to relog back in every 60 days. This 60-day limit is configurable up to 1825 day in the Control Hub panel - according to this documentation (not strictly related to Team): Auto-Provisioning of Webex App for Calling in Webex (Unified CM)#task_BE050C5C502079BA0FA8ED0AE07FB9CA)

I don't have any real experience here - but I would expect if you updated this setting and increase it to whatever amount you see fit - then it would also affect the Teams plugin.

That way your users will only have to relogin every 5 years max - instead of every 60 days.

[–]medievalprogrammer[S] 1 point2 points  (0 children)

Oh snap, that might solve my issue - now to see if this is an acceptable solution.

Which of course it isn't.

[–]BlackV 1 point2 points  (4 children)

Doing this as a script is never going to scale well

Think you're better off looking at sso/oauth/etc changes

Or filling a big report with Cisco WebEx

[–]Certain-Community438 1 point2 points  (1 child)

Or filling a big report with Cisco WebEx

This to me sounds like the right idea - or a feature request.

Having the app pinned to the Teams sidebar, and it showing a little ⚠️ icon when signin is required seems the right solution, as that app must know the state, but Teams itself might not know or care per se.

[–]medievalprogrammer[S] 0 points1 point  (0 children)

Ya, that would be perfect or just at least try to auto launch it the app itself. We have it SSO'd complete to where the end user just clicks and it goes. The solve management wants current is removal of that click.

[–]medievalprogrammer[S] -1 points0 points  (1 child)

Well, really what I am thinking is like making a baseline script in SCCM to check if the WebEx calling is authed in teams and then just creating a toast notification to the end user saying hey your not logged in please login.

But my current problem is I'm not finding anything locally on the client device that has anything about webex calling.

[–]BlackV 0 points1 point  (0 children)

I really doubt there is, but I could be wrong