Secure Extranets Get Real in SharePoint Online with White Listing!

For quite some time, SharePoint Online has been the easiest way share data securely folks partners from other companies.  For anyone unfortunate enough to have attempted this on-premises there are no firewall ports to open, no custom member and role providers or custom claim augmentation services to tear your hair out with.  Sharing with external folks just works.

 

Until now I’ve always had just a little bit of consternation around the fact that if I enabled Sharing outside my company anyone with sharing rights can share with anyone they like.  As an example, a contractor on your team can share with their personal gmail account or any other account they choose so long as it is associated with a Microsoft Account or a Work and School Account.

 

Recently 2 additional options have appeared (not in all my tenants so still rolling out)

  1. Allow sharing only with the external users that already exist in my organizations directory.  This option leverages Azure B2B when as an admin, you can preload authorized external users into your Azure Active Directory.  The big advantage here is that they are using a federated sign-in.  So if their company terminates them, they can no longer sign into your site as well.
  2. Limit external sharing by domain.  This enables on a site collection by site collection basis to control who this data can be shared with.  For example if i have a site for collaboration with Microsoft i can enable sharing to only take place with Microsoft on this site collection.  This prevents users from accidentally inviting someone who shouldn’t have access to the site.

 

Really excited about this innovation and with it, the ability to prevent a whole class of accidental data leaks

 

Enjoy!

Dave

 

Actionable insights post-ignite

As always, Ignite this year was a fantastic event not just for the sessions but for the many conversations on convention center floor talking to folks from various teams and comparing the stories and demos.  This quick post will highlight a few things not yet in first release that are coming in the near future, things i expected to see that are further off

 

Super exciting Coming Soon or in Preview:

  1. Yammer and Office 365 Groups Integration:  Yammer is far from dead.  In fact, users of yammer can create a new yammer group and automatically create a team site, planner board and powerbi workspace.  When you manage the users in the yammer ux the changes in membership can also be seen in O365 Admin Center.  While i haven’t been able to get my hands on it yet, this would imply the ability to create dynamic groups using rules in AAD.
  2. Modern Team Sites:  This one feels very close but is not yet rolled out.  If you create an Office 365 Group and check out the sitepages library you can see the scaffolding that stores modern pages, create your own pages, add client side web parts and publish the page as your welcome page.  Still no ability to add new apps or lists and the navigation story is a bit inconsistent.    Very exciting stuff and can’t wait to see this become real.
  3. Custom Client Side WebParts with SPFX.  The SharePoint Framework gives developers a way to create new experiences using the same tooling as the product team for client side, responsive custom solutions.
  4. Team Site Pages: for now these really area a partial replacement for wikipages with a super intuitive ux but lots of limits in terms of layout or functionality.  Very promising
  5. PowerApps and Flow: these are really maturing into solutions that companies could plan to use early next year.
  6. External Members in O365 groups: This is partly here, but lacks support in planner and some other workloads.

 

Totally Missing for now:

  1. Modern Publishing: The screen shots have existed since the future of SharePoint event but nothing was shown in terms functional equivalents to master pages, page layouts, themes, or real branding capabilities
  2. Page and List Apps with SPFX
  3. Search Results Templating in modern pages
  4. List View Templating in modern pages
  5. Replacement for JS Embedding in modern pages
  6. Site Templating
  7. APIs to manipulate modern pages: how can i add modern webparts to preconfigure modern pages as a part of provisioning
  8. Planner Import / Export
  9. Ability to manage o365 group members for non-OWA users

 

As you can see, a ton of focus in sharepoint around the modern experiences, integration with groups, and next generation development stories.   Amazing things have been accomplished in months since May 4th, but tons is still to be done.  We’re used to seeing 3 years of development innovation by the time we get access to it and for platform level capabilities it looks like the cadence shift will mean that things will take a bit to mature into real usable mature platforms.  None the less great things to start bringing back value quickly.  One of my biggest takeaways was the need for a detailed roadmap to help customers understand what’s happening when as we roll out new capacities.  In a future post i’ll share more on that topic as well.

Ready for Ignite

On my way to Atlanta for what I’m expecting to be an epic event for the SharePoint and Office 365 world.  This past may the future of SharePoint was revealed at a much smaller and intimate event in San Francisco on May 4th.  Over the course of the summer we’ve seen a number of changes hit in rapid succession and many folks have seen only a few of the new innovations.

 

Big Wins to Date

  • The OneDrive for Business mobile app delivered on the ability to access SharePoint libraries on the go
  • Modern Document Libraries improved the efficiency of editing page meta data and refreshed the core user experience for managing files in SharePoint
  • Modern Lists have a slick new ux that makes editing items and meta-data faster
  • Great PowerApp performance against SharePoint lists makes real mobile app experiences a reality for SharePoint, even during Preview
  • Human workflow Exchange Approvals in Flow are fast and perfect.
  • Cross system integration is easy with systems that have flow connectors
  • A common on-premises gateway for PowerBI and PowerApps to integrate corporate data sources
  • External members of office 365 groups are critical for enabling cross company collaboration.  This doesn’t yet support planner and powerbi, but hoping to see it soon.
  • The refreshed SharePoint site contents page starts to give users actionable metrics about site usage

 

Some New Challenges

  • Uploading new versions of files in the Modern Document Library is an unintuitive step backwards
  • Client side customizations to document libraries need to be redesigned as urls instead of JavaScript, reducing functionality
  • Modern Pages and Modern Experiences can’t be extended (think content panda, sharepoint videos, or a number of the analytics tools)
  • Flows are tied to individual users rather than lists introducing complexity trying to manage solutions used by more than one person
  • No good way to extend SharePoint user interface without building a full custom solution.. there’s no current replacement for JSLink and Display Templates that i use every week.
  • For those of us using exchange in hybrid mode, connecting Modern Team Sites to Office 365 Groups is a mixed bag since hybrid users can’t edit group properties and have to use workarounds like using Planner or the Outlook Groups mobile app to managing users.  If groups are going to be central to SharePoint, you MUST enable users to edit them with just a SharePoint license.  We don’t care that the outlook team wrote them.

 

 

Potential for Greatness

  • Modern pages are fast and easy to edit, but not yet viable with a single column layout and no ability to customize look and feel.  I hope to hear more about future publishing and branding plans this week.
  • The SharePoint framework is a real modern development story but is waiting for visual studio support and support for anything other than modern webparts right now.  Want to see some new announcements on timing for GA of webparts and preview of pages and list apps
  • Modern Team Sites with News, Pages, Modern Lists and Libraries tied to Office 365 groups feel like they are almost real.  Would love an update on when we get these
  • Site classifications in SharePoint to let you tag a sites data sensitivity or business impact and reuse hopefully reuse this in future conditional access logic.  Imagine requiring two-factor auth for high business impact sites when not on the network.
  • The SharePoint mobile app finally gives users access to SharePoint sites from a mobile client, but having to switch over to OneDrive to access files feels like a fragments half-hearted effort.  The Outlook Groups app was much a cleaner user experience.  Want to hear about how this is evolving into something businesses will be excited to rollout.
  • Still waiting for the PowerBI content pack for Office 365

 

Overall, I’m incredibly exciting by the pace of innovation and excited to see what the team has been hard at work on over the summer months.  For topics areas that didn’t get much love at the May 4th event such as development, customization, branding, and publishing i’m hoping this is the place where Microsoft takes us all on a deeper dive and hope we start to see some of these items continue to become real this calendar year.  If you’re at ignite, please feel free to reach out @bostonmusicdave on twitter

New settings in AAD to control guest users in Office 365 Groups.

Within the old school Azure Portal (http://manage.windowsazure.com) there’s a new section you’ll want to be aware of called user access.

 

The default is that all 3 of these options are enabled.  From my perspective i wouldn’t want a guest user to be able to add additional guests so i flipped that one off.

 

Love the way these controls are surfaced in the Admin center and can’t wait for Guest Users in Groups to finally hit my tenant so i can try it out.

 

image

Wiring up a modern team site / group

Anyone else excited to see modern pages and team sites?  Ever since the May 4th Future of SharePoint event I’ve been super excited to get my hands on it and start to play around.  Since the blog post last week announcing that they were rolling out i’ve been checking my office 365 groups daily to see if anything is new.

 

Noticed today that gear now has “Add a page”

image

 

In fact if you navigate to https://tenant.sharepoint.com/sites/groupname/SitePages/ you’ll find a modern library showing all your modern pages.  It’s simple to go create a few and play around with the webparts that are in there today: Text, image, Document, Video, Embed (script editor?), Highlighted Content (Content Searchish), Quick links, and Activity.  Add a list doesn’t work for me yet on my tenants, but i’m sure that’s coming soon.

 

image

 

The other item worth noticing is that the system account created Home.aspx.  I wonder what that could be…..

image

 

So it’s not set as the homepage of the groups team site but i’ll bet we can fix that…

 

image

 

Voilla!  Group HomePage is now a modern team site!   Oh.. one more thing.. i also set up an alert on the homepage.aspx.  Since it’s just a file in the library it makes sense we’d be able to see when Microsoft updates it just by using alerts inside SharePoint.  Let the fun begin!

image

iPhone 7, Win8, & Modern SharePoint : Client Side Rendering as the “headphone jack”

iPhone 7 – No more headphone jack

I’ve been an fan of the iPhone since it was first released in 2007.  I’m still using an iPhone 5s and have been holding off for a while to see what Apple had to announce today about the iPhone 7.  There had been a number of rumors about the removal of the headphone jack leading up to today’s event.  Buzzfeed wrote a solid article after interviewing a few members of the product team about the motivations behind the move, primarily saving space to make way for new innovations removing something they regarded as antiquated.  For me, the math doesn’t add it and it has convinced me to hold off on a new phone and to seriously examine other eco-systems.  Firstly, I’m on my phone more than 8 hours a day.  I have it plugged in our use a battery to charge it so the lightning connector is already in use.  I’m not really a fan of wireless headphones as I have enough devices to keep charged on a daily basis.  Second, I have a nice investment in that old jack, some incredible headphones including the Dunu DN2000J and Logitech Ultimate Ears TripleFi as well as the Bose SoundSports which i use for phone calls pretty much all day Monday-Friday.  Before the announcement today, Apple had plenty of feedback including online petitions with a few hundred thousands signature encouraging them to rethink the decision, but the general messaging was that we’re killing a dinosaur to make way for progress.  They could be correct, but for years wireless headphones have been around and have never caught on, a very different scenario than the floppy disk and cd-rom drive.

 

Windows 8:  change management is critical and evolution can work better than revolution

I finished reading the article and i was thinking about the lead up to the release of Windows 8.  Microsoft had a ton of feedback from users that the new start menu wasn’t intuitive, the touch focus wasn’t aligned with most people PCs, and the development eco-system just wasn’t ready as it was heavily fragmented across the WinRT, real windows and of course the mobile platform.  The community provided a ton of feedback up front and early but sometimes it’s hard to know if the feedback from your most passionate advocates is representative of the broader market.  In the case of Windows 8, it was of course and the past few years Microsoft has turned it around in Windows 10 and the updates that have happened since that point.  One of my favorite changes is not in the operating system, but the openness, transparency, and willingness to listen that has emerged within Microsoft and the product teams.

 

SharePoint – What was new is old and what’s new is almost ready

This brings me to SharePoint.. There’s a whole lot of exciting change happening right now most of which was announced at the Future Of SharePoint event on May 4th.  Basically every user interface in SharePoint is being reimagined and rebuild with a cloud first mobile first spin.    With the level of change happening across the platform I’ve spent a lot of time describing to people the state of the SharePoint ecosystem; both during the day at work and in broader SharePoint community.

 

I’m working on a new website that i hope to have ready in the next month or so to enable folks to interact and have the conversation about best practices and real world usage guidance on a feature by feature basis.  The general format is a matrix with one axis grouping features by the level of complexity (Out of the Box, Configuration Only, Extending SharePoint, or Totally Custom.  Those classifications were taken from a presentation by Dan Kogan from the SharePoint product team at the Ignite conference last year when he was talking about how the team thinks about customizing SharePoint.  I’m a big fan of this classification scheme as it’s easy to group things like lists, libraries, content types under OOB, forms and workflow under Configure, JSLink, Display Templates, and JavaScript Embedding under Extend, and all the APIs and app patterns under the Custom header.

image

The second axis is designed to provide transparency and guidance to users.  Things in the stop column either have been deprecated or there’s been guidance that these are not the right way to build solutions.  Examples for me are InfoPath forms and Farm Solutions, you can do them, but really not something I’d recommend to a customer.  Sunset focuses on things that we know are going away, but in many cases there just isn’t another options that’s viable today, some easy examples are SharePoint designer workflows, JSLink, and Display Templates.  Finally the items on the Horizon are the up and coming new investments that have promise but either are not generally available or just haven’t yet had the time to mature to their full potential where you’re ready to roll them out to the whole company yet.    A great example of this is the SharePoint Framework, PowerApp, and Flow.  I grabbed a quick capture of the general concept and would truely appreciate any feedback you have as I work to build out the backend of this project.

Over the past 3 years I’ve spent a huge amount of time working with partners and clients to build solutions that work in SharePoint online or on-premise and helped them move away from farm solutions and master pages to more modern approaches focused on client side rendering with JSLink, DisplayTemplates, and JavaScript Embedding or User Custom Actions.  These are 3 newer development techniques that were introduced in SharePoint 2013 to give developers the ability to customize the user interface of SharePoint in a lightweight client side framework.

 

JSLink enables a user to customize the html and css that SharePoint uses to render list items.  It’s pretty incredible as it doesn’t take a really deep developer to create unique and wonderful experiences such as this news list from a simple list.

image

Display templates provides a similar concept for for search results enabling the rapid development of compelling search driven experiances with flexible user interfaces developed entirely client side on top of the wonderful SharePoint search system via the search results webpart and content search web parts.

image

 

A bridge to the future…

As Microsoft is focused on developing the next generation of the development at a furious pace, those of us building solutions today are keenly aware that the technologies available today as on their way out and won’t work in modern pages while the next generation of technologies are still being evolved and just aren’t ready.   The roadmap for the SharePoint framework talks about webparts, full page apps, and list apps each of which provide an ability to engineer custom solutions for SharePoint.  As modern pages and modern webparts begin to replace today’s publishing pages there will be new webparts (real soon) focused on viewing lists and content search but nothing has been shared about a future for these client side rendering technologies.

Think of this as a nice compatible SharePoint “headphone jack”.  Today it feels like there’s a chasm between old and new where investments customers have made in office 365 based portals or customized user experiences made following patterns and practices don’t have a clear transition to the future of modern team sites and modern pages.  The ability to bring forward some of the client side rendering technologies into the next generation of the list view and search results web part could ease the transition and provide customers with a way to take their recent investments forward in the cloud or on-prem.   Over time as the SharePoint Framework matures and evolves they may not be needed.  Today, the ability to build something today that works onprem, in office 365 today, and in the modern experiences of the future is critical.   Just like the headphone jack that may not be as new and shiny as wireless audio, having a  mature, tested approach to bring forward customers investments (just like my awesome headphones i love) would really help us make the transition.

Normally my posts are more focused on a technical snipit rather than commentary.  Let me know what you think and if you want more opinion or if you’d prefer i stick to the code.

 

…Dave

Sandbox Solutions removed from SharePoint Online–Here’s the fix for your Visual Studio developed WSPs to get them to activate

Today, Microsoft removed the ability to activate sandbox solutions with code in them.  That’s cool, we’ve all known for a couple years that coded sandbox solutions were going away and there’s a post on the office dev blog describing the change,  What wasn’t talked about was the fact that any time someone created a no code sandbox solution in visual studio, an assembly was automatically generated which will block it from being deployed as of today! 

This feel like a huge deal when you’re trying to deploy an update and things aren’t working, but the fix is pretty easy.  Lets walk it through:

 

First, you’ll see the issue preventing you from activating your solution. 

image

There are two different ways to solve this problem depending on if you still have access to the source code and visual studio.  If you do, you can update the project property Include Assembly In Package to false as shown in https://support.microsoft.com/en-us/kb/3183084

 

If you don’t want to rebuild your package in visual studio, follow the steps below to remove the assembly from the sandbox solution.

 

Click on the name of the .wsp file to download it to your computer.  We need to open it up and remove the dll from inside.

Once you’ve downloaded it, rename the .wsp to a .cab file. If you double click it now to open it with explorer you’ll see that dll file inside.

image

 

After extracting to the file system we have 2 changes we need to make.

  1. Delete the DLL
  2. Update the manifest

So in windows explorer lets just delete the dll.

image

 

Right click on the manifest.xml file and open it in the editor you love most.  I chose code here.  Then delete the entire Assemblies section of the file and save it.

image

image

 

Next we need to recreate our cab file.  I like using a free app called IZArch that will give you a GUI instead of using makecab.  Just create a new archive and give it a file name ending in .CAB

image

 

Add your files, close IZArch and find the CAB file with windows explorer.  Just rename it back to .WSP and you’re ready to upload it to SharePoint

image

 

As you can see below, the .WSP with no dll activates just fine and everyone is happy.

 

image

 

 

 

 

 

 

 

 

 

 

 

Update Flow passwords easily!

“Passwords are like underwear, don’t show them to strangers and change them regularly.” said an old friend of mine.  Most companies have a standard password change policy where every 60-90 days everyone needs to change their active directory passwords.

Unfortunately inside Microsoft flow, I hadn’t found a super easy way to update the stored token for the services i connect to after changing my password.

image

When you open up the design surface to take a look at your flows, it will show you what service you are connected to, but your only option in the Flow ux is to change the connection.  In fact when things stopped working after a password change, that’s exactly what i did.  I created a new connection which got me up and running and sent a frown that a better story was needed to handle password changes.

image

 

Today, While poking around the web ux for PowerApps i noticed a wonderful Manage Connections tab on the left navigation bar.

In fact I had error messages next to the two connections that still stored my expired credentials.

Super easy to hit the Key icon and walk through your sign-in flow to update the stored tokens and everything is happy.

image

 

Get started automating your world with Microsoft Flow knowing that when your password expires it’s super easy to change it over in PowerApps.

I built out a few PowerApps demos this week as well so expect some more posts on PowerApps shortly.

Using Microsoft Flow to automate things in SharePoint – Part 1, approving stuff

If you haven’t had a chance to play with it yet, Microsoft Flow is one of the most exciting new technologies spinning up in the Office 365 space.  Unlike workflow in SharePoint it’s designed from the ground up for orchestrating things across systems rather than just basic human approvals in SharePoint.   Flow is in preview right now and my guess is that general availability isn’t going to happen till closer to the end of the year, but it’s such an exciting and transformational technology that in some cases i’m using in production right now.

 

 

 

There are many articles about what flow is and really basic intro stuff, so i wanted to instead focus on some usecases and why i really love what i’m seeing so far.  For anyone who has used SharePoint workflow in the past, the idea of assigning a task that a user had to open up, then have them navigate to the related list item or document to see what they are approving was never an outstanding user experiance.  When having users do this from a mobile device, it’s even worse because i need to pop a browser, login, and then hack around on a tiny little screen.

I had a use case where i needed to have users request permission for specific document libraries and couldn’t use the out of the box sharepoint capability because the site owners were not the approvers.  Instead every library had an approver and i needed a way to get those approvals and dynamicly apply the permissions.

One of the new activities you can perform with Flow is called Send Approval Email.  As you can see below, it’s easy to wire up fields from a sharepoint list item when that item is created and combine them with some narative to craft your subject, recipients, body, and your choices that a user will be shown.

image

 

Unlike a traditional task form that forces me to open a browser, this new approval experiance is designed from the ground up to mobile friendly with just an email with the buttons that you design in the user options field.  When a user clicks the button, the response is recorded, the user gets a confirmation page and the flow moves on.  What’s amazing is that when this seems like a really little thing, super simple mobile approval has a huge impact on the user experiance and the rate at which things get approved.

 

image

 

In the next post i’ll dig a little deeper into the rest of the activities i’m using in this flow and the powershell i’m using to actually apply the permissions to sharepoint once the flow is approved.

Storing password information securely in PowerShell Scripts

When folks are getting started with PowerShell logging into Office 365, often one will user Get-Credential to force PowerShell to prompt for a username and password.  That credential is then passed into operations such as logging into Office 365 or using the SharePoint PNP PowerShell modules.

When it comes time to automate these operations, I’ve seen far too many folks just hardcode a username and password in the script.  From my perspective, not the best idea from a security standpoint.  This simple script will allow you to securely capture your password and store it securely in a file on your system.  I would strongly suggest using NTLM permissions to lock access to the password file to only the user account your script will be running as.

 

Hope you find this useful:

 

SetPassword.ps1
$baseFilePath = “e:\PowerShell\”
$filePath =  $baseFilePath + “password.txt”

(Get-Credential).Password | ConvertFrom-SecureString | Out-File $filePath

 

Get Password Function

Function Get-StoredCredential
{
param( [string]$UserName, [string]$BasePath)

 

$File = $baseFilePath + “password.txt”
$FileContent = Get-Content $File
return New-Object -TypeName System.Management.Automation.PSCredential ` -ArgumentList $UserName, ($FileContent | ConvertTo-SecureString)
}