SPO and O4B Per Group Sharing Controls

This new feature – which hits first release tenants in June 2017 – will give extra control over who and how information can be shared with external/third party users in SharePoint Online and OneDrive for Business.

This control allows to limit the share with external users based on an specific AD security group, providing the ability to configure more than 1 security group to that control.

In order to configure this feature, we have to take into account that provides 2 options:

  • Users in selected security groups share with authenticated external users: Only users in the assigned security groups will be able to share with external users. If you are not included in these groups you cannot share with an external user who is not in your organization.

sharing1.png

  • Users in selected security groups share with authenticated external users and using anonymous links: Users will be able to share with external users and also create anonymous links.

sharing2.png

An important thing to note about this new sharing control is that the site collection policy will always take precedence. So, If the anonymous sharing is disabled at site colletion level (wether it is SPO or OneDrive personal site), users in the security group that will not be able to do so in that site collection.

Advertisements

Audit logs for OneDrive

Last week, a colleague asked me what possibilities of auditing that Onedrive has, but to be honest, no one likes being audited.

At the beginning, I was not sure about what to aswer, because I was sure that the Admin center has information about the tenant, but at the same time I was sure enough that the Admin center will not fulfil the requirements of the project.

I started digging into the O365, and I realize that exists and amazing feature called O365 audit log report inside the Compliance Center, it allows to seach the audit log to view user activity in the O365 organization, for example:

· User activity in SharePoint Online and OneDrive for Business

· User activity in Exchange Online (Exchange mailbox audit logging)

· Admin activity in SharePoint Online

· Admin activity in Azure Active Directory (the directory service for Office 365)

· Admin activity in Exchange Online (Exchange admin audit logging)

· User and admin activity in Sway

· User and admin activity in Power BI for Office 365

· User and admin activity in Yammer

If you want to know all the activities that you can select per category, visit: https://support.office.com/en-us/article/Search-the-audit-log-in-the-Office-365-Protection-Center-0d4d0f35-390b-4518-800e-0c7ec95e946c?ui=en-US&rs=en-US&ad=US

Knowing how to audit your information, it is an important feature and skill. Therefore, I want to introduce you how to activate all this data:

Access to you O365 tenant, Inside the Admin, go to Security section:

od1

Then click on Office 365 audit report to access Audition and reports, take into account that before you are able to create new reports, you will need to activate the record. So, let’s begin:

od2.png

od3.png

And select “Turn On”

od4.png

Then, you will need to wait for some time… After this time, you will be able to create activity reports, with many other filters (like date range, folders, etc…)

od5.jpg

Currently, the audit history is retained for 90 days, I suppose that will be possible to tell MS to extend the audit log, but take into account that it is possible to export results to CSV.

Another wonderful feature, is to create activity alerts to automate process, imagine that you need to keep an eye on specific events, so you can execute a search, and then click on add an alert, you will need to specify a recipient for the alert

od6.jpg

Therefore, when the audit detects a match between the alert and an event, it will trigger an email to the recipient specified.

As you can imagine, there are other options to detect events from the compliance center, for example using the APIs of Office 365.

Hope it helps!!

Which version of OneDrive I am running?

As a user, probably one day you would ask this question to yourself, so I will explain how to know which version of OneDrive 4 Business you’re running.

First of all, you will need to go to “C:Program FilesMicrosoft OfficerootOffice16”

Take into account that the directory will change in case you are using the 32 bit version or if you have installed the SO in another language.

Try to locate the Groove.exe application, right click and select properties, navigate to details tab and you will see there the version you’re running:

groove.png

Also is it possible to do this by clicking Crtl+Shift+Esc, go to Details tab, click on Groove.exe, right click, Properties, details and you will see the same version as showed before. And then… compare if it the last version or if you need to update the client

Hope it helps!