Features added in previous versions

There are several minor improvements to how some layout features are displayed:

• The text-based in-conference messages that are temporarily shown at the top of the layout (which indicate states such as a locked conference, live captions, recording/streaming/transcribing/AI enabled, raised hands, and audio-only participant names when speaking), have been restyled. By default they are now shown in white text on various different background colors. For example:

  

  

  The text and background colors can be customized via a new indicator_color_config setting in the theme configuration file.

• There is a new "AI" indicator, shown when Google Meet AI features are enabled.
• Any content classification messages are now shown in an overlay banner at the top of the layout. If a banner message is also being displayed then they are combined into the same overlay.

Conference layouts and speaker names

Theme configuration file (themeconfig.json)

There are several improvements and updates to themes and splash screens:

• There is a new dtmf_conference_control_command in the base theme: toggle_raise_hand, which is assigned to *3 by default, and toggles the raised hand status of the participant in a VMR.
• There are two new supported fonts for overlay text: "Inter" and "Inter Medium".

• In support of the new AI indicator for Google Meet, there are:

  • New audio files: conf-ai_started_48kHz_mono.wav and conf-ai_stopped_48kHz_mono.wav.
  • New fields in the themeconfig.json file: "disable_ai_indicator" and "ai_indicator_text".

Rules and requirements for customized themes

Using a DTMF keypad to control a conference

Pexip's Cloud Video Interop (CVI) integration with Microsoft Teams has been enhanced:

• Improved interoperability with Microsoft Teams Rooms:

  • Pexip app Hosts can now admit a Teams Room into a locked Pexip conference.
  • Dual-screen Teams Rooms are now automatically detected and will display conference participants across both screens when joining a Pexip Infinity VMR, providing it uses the Teams Room calendaring service* when using "Cross-platform meetings via SIP join for Teams Rooms". to join the conference. Local or external policy can also be used to provide similar behavior (by modifying the dialed alias) when calling into a Zoom meeting.
  • Improved support for sending DTMF commands from a Teams Room into a Pexip conference. This includes toggling receiving presentation content in the layout mix (*4), and toggling multiscreen participant display (*9).
• Any in-lobby notification messages are now displayed at the top of the screen. Previously they were displayed as slide out indicators. The displayed message is still generated from the conference_locked_indicator_n_waiting_text theme configuration setting, but the conference_locked_indicator_text and conference_unlocked_indicator_text settings are no longer used in this context.
• We now recommend assigning *2 to the DTMF command for toggle_teams_large_gallery in any customized theme for Teams integration. This is because *3 was previously recommended but this digit is now assigned by default to toggle_raise_hand (which is not currently supported in Teams meetings).

Breakout rooms, which are separate sessions that are split off from a main VMR or Virtual Auditorium that allow smaller groups of people to meet together, is now a fully supported feature. Updates in this release include:

• The ability to customize the length of time the transfer modal is shown to Webapp3 users being moved to or from a breakout room.
• Updates to workflow and dialogs in the breakout rooms panel when managing rooms via the web app.

Breakout rooms

transferTimeout

Support for Safe Links URL rewriting:

• One-Touch Join now supports meeting invitations that include URLs rewritten by Safe Links in Microsoft Defender for Office 365.
• There is a new custom jinja filter, pex_safelinks_decode, which can be used to decode strings that have been encoded by Safe Links.

Custom Pexip filters

Local and external policy has the following additions:

• In participant policy you can control whether a participant's overlay text (display name) is disabled.
• You can specify a DTMF sequence to send in a Infinity Gateway service type response.

• When a Microsoft Teams Room joins a call via One-Touch Join the following fields are now included in service configuration requests (external policy) and call information (local policy):

  • display_count: the number of screens signaled by the Teams Room.
  • third_party_passcode: the passcode field provided by the Teams Rooms calendaring service* when using "Cross-platform meetings via SIP join for Teams Rooms"..
• You can specify the live captions source (audio) language and captions language.
• External policy registration alias requests include support for single sign-on (SSO). Requests now include the remote_address field, plus a new policy request field of auth_type which can be either "credentials" or "sso".

Administrators can now opt to remove the use of pop-up windows for Webapp3 participants when authenticating using SSO in order to join a meeting. There are two new options in the Administrator interface associated with this feature:

• Disable pop-up windows (Users & Devices > Identity Providers > Add Identity provider) enables and disables this feature.

• External Webapp Host address (Web App > External Web App Hosts) is required if you have disabled pop-ups and you either host the web app externally, or access the web app from a URL that is not a Conferencing Node's Configured FQDN.

About pop-up windows

Adding external hosts to Pexip Infinity

This release contains the following administrative improvements:

• You can now view a history of registered devices via History & Logs > Registration History.
• In Status > Participants:
  • A new field Is locally muted has been added which indicates whether the participant is muted locally on the client side.
  • The On Hold field has been removed (from the Administrator interface only — it is still available via the Management Status API).
• When generating a diagnostic snapshot you can now navigate away from the page while the file is being generated and then download it later when the process has completed.
• When performing a packet capture you can now filter it on IP address / subnet and you have more flexibility in selecting the type of traffic captured.

Viewing current and historic registrations

Viewing participant status

Downloading a diagnostic snapshot

Performing a network packet capture

Pexip Infinity now includes support for JWK Set URL (JKU), which may be required in a future release of Epic.

If your planned upgrade to Epic means your organization will be impacted, you should upgrade to v36 or later and then work with your Epic support representative to make the required changes on the Epic side, quoting Epic reference SLG 8598020.

Managing administrator access via OIDC

Authentication overview

You can send a banner message that is displayed at the top of the screen to all conference participants. It is supported in Virtual Meeting Rooms and Virtual Auditoriums, and in all layouts.

A new "1+1" conference layout is available. It displays one large main speaker with one overlaying participant.

When configuring a custom layout you can now specify within the layout's JSON file:

• Where to position the watermark.
• Whether to use a dark or light mode for the indicator display area at the top-center of the layout.

Pexip's Cloud Video Interop (CVI) integration with Microsoft Teams has been enhanced:

• The Teams-like layout has improved framing logic.
• An alarm is now raised in Pexip Infinity if the CVI app certificate is due to expire, or has expired.

Pexip now recommends the use of a blue-green deployment model for Teams Connectors to make upgrades easier and minimize downtime.

There are several improvements to participant policy:

• There is a new display count configuration option which allows the display count (the number of screens possessed by the endpoint) to be overridden. This could be used, for example, to override multiscreen participant display.
• You can now override the call tag that is assigned to a participant.
• You can specify a spotlight priority value to a participant.

Ducking reduces the volume of certain participants when another participant is speaking. If a participant is set to prominent, the audio of all non-prominent participants will be ducked when the prominent participant is speaking.

Ducking is for use as part of the Human Interpreter feature in Pexip Secure Meetings for Justice deployments only, and can be controlled from participant policy, or the client REST API with the new functions receive_from_audio_mix and send_to_audio_mixes.

Pexip Secure Meetings for Justice

Participant configuration responses

Pexip client REST API

Writing local policy scripts

This setting controls whether Guests see other Guests during a Virtual Auditorium.
Previous setting options were Yes or No to Guests seeing other Guests when the last Host left the conference. These have now been replaced with the following options:

• If no hosts are present (default): Guests see other guests only if no other Hosts are present.
• Always: Guests are always shown to other Guests (if there is space in the layout after Hosts).
• Never: Guests never see other Guests.

Note that this setting still does not effect the behavior at the start of a meeting — Guests always still see the "Waiting for the host" screen.

Changes to local/external policy:

The data type of the Virtual Meeting Room / Virtual Auditorium service type response field guests_can_see_guests has changed from a boolean to a string.

• true is now no_hosts. This is the default. Guests see other Guests only if no other Hosts are present.
• false is now never. Guests never see other Guests.
• always is a new option. Guests are always shown to other Guests, if there is space in the layout after Hosts.

If you are currently providing a value for guests_can_see_guests then you need to revise your policy response to use the new data type / values.

The behavior of Pexip's classic layouts has been updated. All of the classic layouts now have a similar look and feel to the Adaptive Composition layout:

• All in-conference indicators, such as participant counts, audio participants, recording indicators and locked status are now shown at the top-center of the layout. This replaces the previous "slide out" indicators. The only exceptions to this are the "in-lobby" notifications in Teams CVI calls which still employ the slide-out mechanism.
• Active speaker text overlays are now supported in all layouts.
• Any classification indicators now appear below any in-conference indicators for all layouts.

Note that the classic layouts still do not apply any face detection or framing technologies.

When deployed in O365 environments, Secure Scheduler for Exchange now supports authentication using an app registration with relevant application permissions to allow use of EWS Impersonation, rather than a service account that is granted the Application Impersonation role.

This is because the Application Impersonation role assignment to service accounts is being deprecated by Microsoft. From May 2024, Microsoft prevented new Application Impersonation role assignments. From February 2025, this role will be removed completely (for more information, see Microsoft's announcement). For Office 365, all new Secure Scheduler for Exchange deployments must use the alternative option using application permissions, and all existing deployments must be updated to enable this option as soon as possible.

Custom layouts has the following improvements:

• You can define presentation modes for defining the layout when a presentation is in progress and the client is receiving the presentation as part of the layout mix.
• You can specify the background color for the custom layout.

• The base theme includes a new custom 1+9 layout which has one large main speaker and up to 9 other participants, and includes support for receiving the presentation stream as part of the layout mix.

  

• Webapp3 users can now select any of the custom layouts that are available to the current conference when changing the layout via the Meeting layout tab.
• Custom layouts is now a fully supported feature (it was a technology preview feature in previous releases).

Breakout rooms have been enhanced with the following additional features:

Request assistance

Guests in breakout rooms can now request assistance from the Host. When someone asks for help then all Hosts who are not already in that room see a message and can join the room requesting assistance.

Guests can directly rejoin the main room

A new optional configuration setting when opening breakout rooms can give Guests using the web app the ability to return to the main room from the breakout room via a Return to main room button.

Note that this does not prevent guests leaving a breakout room by disconnecting and then redialing the same conference and rejoining the main room.

Bypass locked conference state

There is a new bypass_lock configuration option in participant policy which allows a participant to bypass the locked state of a conference and enter the conference as if it was not locked.

Virtual Auditoriums support

Breakout rooms can now be enabled for Virtual Auditoriums. Previously only VMRs could be enabled for breakout rooms. You can also use the new Guests can see other guests configuration option to control the behavior when no Hosts are present in the Virtual Auditorium.

Host chat message visibility

Hosts can no longer see all chat messages from all breakout rooms at all times. They must now join the breakout room to see chat messages belonging to that room.

Note that breakout rooms are still a technology preview feature and can be enabled via Platform > Global settings > Tech preview features > Enable Breakout Rooms.

Breakout rooms

Configuring Virtual Auditoriums

Participant configuration responses

Pexip client REST API

Writing local policy scripts

The indicator bar at the top of the Adaptive Composition layout now shows the number of participants with a raised hand.

The indicator bar also alternates every 5 seconds to show a message containing the name of the first participant in the list of participants with a raised hand.

Any WebRTC device with a portrait aspect ratio (such as 9:16) can now receive a layout specifically designed for a portrait display in all layouts (previously this was limited to the Adaptive Composition layout).

This is still a technology preview feature and can be enabled via Platform > Global settings > Tech preview features > Enable portrait layouts.

Pexip's Cloud Video Interop (CVI) integration with Microsoft Teams has been enhanced:

• Scheduled scaling termination rebalancing: previously, an instance that was selected for termination was only stopped when all calls on that instance had drained. Now, to increase efficiency and to reduce compute costs, if another instance becomes empty in the meantime then that other instance is terminated instead.
• You can use local or external policy to enable the "Fit to frame" option within Teams for a VTC participant.

• Changes to the installation process and upgrade scripts are:

  • The default VM size for the Teams Connector has changed from Standard_F4s to Standard_D4s_v5, which is a more modern instance type.

    The supported instance types are now Standard_D4s_v5 (Intel), Standard_D4as_v5 (AMD), and Standard_F4s (old), and is now specified through a new $PxAzureVmSize variable and associated parameter in the installation/redeployment scripts.

    When selecting your instance type you should consider your VM quota, availability in the region you’re deploying to and pricing. The price and availability of Standard_D4s_v5 is very similar to Standard_F4s.

    You should review your VM quota and ensure that any requested increase is approved before performing the upgrade.

  • Certificate-based authentication (CBA) is the now the default behavior to authenticate the Teams Connector CVI application towards MS Graph.
  • If you need more control over the Teams Connector VNET, you can now deploy and use your own customized VNET.
  • Private routing is now a fully supported feature.
  • PowerShell 5.x, Powershell 7.x or PowerShell ISE x64 using PowerShell 5.1.x are supported.
  • The documented installation and upgrade processes now require you to import specific required versions of Az Powershell and Microsoft.Graph Powershell modules.

  When upgrading to version 34 you can continue to use your existing Teams Connector API app that you have previously deployed.

When using local policy, the service_config variable (which holds any existing service configuration data) can now be used in scripts run as service configuration, participant and media policy. Previously it could only be used in service configuration policy scripts.

When using participant policy (local or external) you can now specify a reason for rejecting a call, which is then subsequently shown to any Pexip app users.

You can now control whether Guests see other Guests when the last Host leaves the conference in a Virtual Auditorium via a new Guests can see other guests setting.

Note that this does not effect the behavior at the start of a meeting — Guests always still see the "Waiting for the host" screen.

Support for the Meeting Controls macro in Pexip VMRs

The Meeting Controls macro, which provides advanced conference controls on Cisco endpoints, is now available to use in Pexip VMRs.

Meeting Controls for Cisco endpoints

You can now allow administrator accounts connecting to the Pexip Infinity management API to authenticate using OAuth instead of, or in addition to, LDAP credentials. Doing so removes the need for every API request to first send an authentication request to the LDAP server.

This release contains the following administrative improvements:

• SSH keys can now be used for the admin account for authorized SSH access to your Management Node and Conferencing Nodes.
• X.509 certificates signed using ED25519/ED448 signature schemes can now be uploaded to the Management Node as TLS certificates.
• AWS EC2 instances now support IMDSv2.
• When configuring a Conferencing Node, the SIP TLS FQDN field has been renamed Configured FQDN. This is a label/name change only — the field still functions in the same manner as before.

Configuring SSH authorized keys

Managing TLS and trusted CA certificates

AWS security blog