SharePoint Email Notification to Active Directory Users without Exchange License

I’m currently involved in a project where is it requiered to team up with other companies and provide their employees access to my client SharePoint sites but nothing else. Why? because the business core is very restrictive and is not allowed to share documents or sites with external users and being internal users is more feasible to control which actions they can do.

The main point here is to create Active Directory account synchronized with O365, but thise users have not licenses associated to them, so is it possible to be add to SharePoint using their Active Directory account, but not to access to other resources

As you can imagine, the main requirement is to not assign extra licenses to this users to receive emails, so we have to spin the wheel. So the main point here, is when we create the user in OnPrem, is it necessary to include the work email address.

aa3

Once this user has been synchronized in O365, we can check the SharePoint Online user profiles parameters, so we are able to see if this user has been synched correctly or not.

So we go to sharepoint admin center > user profiles > people > manage user profiles> input the user name which you want to change in the find profiles dialog box and click find.

aa1

Once we have checked that the information shown in the profile is the correct one, we can go on and test if its possible to send notifications to this external user using the mail previously configured.

aa2

That’s all, at first moment I thought that it would be more complicated to receive notifications without and Exchange Online license, but the only thing to take into account in this equation is to inform the user email address OnPrem or change the info of the user in the User Profile of SPO.

Cheers!

Advertisements

Rolling out: tenant admin tools to connect existing SharePoint team sites to new Office 365 Groups

What??? This roll out is fantastic!! “providing the ability for tenant admins to connect existing SharePoint Online classic team sites to new groups.”

You can read more about it in the following post: https://techcommunity.microsoft.com/t5/SharePoint-Blog/Rolling-out-tenant-admin-tools-to-connect-existing-SharePoint/ba-p/188750 

Microsoft is increasing the SPO storage allocation!

Yes you’re reading well, recently, Microsoft has announced an increase of Storage Allocation and we will have an 20x increase in the SharePoint Online per user license storage allocation. This means that we’ll obtain 10GB for each licensed user instead of the initial 500 MB.

I think that this is a great new, because you have to be aware that all the O365 services like Teams or O365 Groups, consume space from the SPO storage.

The roll out will start in July and is pretended to be finished in August, so stay vigilant!

You have more information in the following link

Error connecting to SharePoint Online with PowerShell

While I was doing some PowerShell scripting for a client, I received a weird error in SharePoint Online, the console it was throwing errors like “Unauthorized” and “…the web site does not support SharePoint Online credentials” even though my username and password is fine.

I tried with Connect-PnPOnline and other legacy commands, with the same bad result, but what is happenning backwards?

SharePoint Online has a setting named “LegacyAuthProtocolsEnabled” with the purpose “Prevents Office clients using non-modern authentication protocols from accessing SharePoint Online resources .”.

By default this is allowed in all tenants. But as an administrator it is possible to tighten up the security and disallow us to login with these non-modern approaches.

More details can be found here: https://technet.microsoft.com/en-in/library/fp161390.aspx

Solution

1. Start using modern authentication (recommended)

Check if your application support the use of modern authentication through either WebLogin or using application credentials (ClientId/ClientSecret) authentication. This is advice to be the recommended and a more secure approach.

2. Re-enable support for legacy apps

connect-sposervice “https://tenant-admin.sharepoint.com”
set-spotenant -legacyauthprotocolsenabled $True

Updating SharePoint Online tenant settings does not take immediate effect. So is it possible that you will need to wait a while, exact how long can be from from minutes to 24 hours with the different settings.

Till next time!

 

Testing out SPO Hub Sites

As many you know, Microsoft has recenlty launched SPO Hub Sites, I only have this option in a tenant where I have first release option, but I can try out some of the new features that this new implementation brings to SPO platform.

First of all, it is necessary to convert one existing site to SPO hub site, this can be done by executing the following command:

connect-sposervice https://domain-admin.sharepoint.com
Register-SPOHubSite https://domain.sharepoint.com/sites/CS

Once this have bee done, we can join an existing SharePoint Team Site to the Hub Site:

hubsiteassoc

The first thing to notice is the global Navigation bar, that is configured across all the sites associated to the main HubSite

hubsitemain

Also, once a site has been configured as a Hub Site, a new option appear to configure the name of the HubSite:

hubsitesettings

One thing I found interesting is in the Webparts inside the HubSite, is it possible to configure the Webparts to extract the information from the associated sites, at least from news and documents

hubnewsHubSiteshighlightedcontentt

When this is configured, is it possible to view all the information from the child sites, I supose that all the information that is shown, will be security trimmed. ** I have to dig deeper in this new features to know how do they work exactly.

I hope that in a few days I will have more information about this 🙂

** I can confirm that the security is trimmed, I invited a user to the HubSite but not to the joined site, and the user is able to see the navigation bar, but not to enter inside the joined site. Also, the user does not have the possibility to see the content of the news or even the documents inside the library, so by the moment this new feature looks fantastic 🙂

Idle session timeout in SPO and ODFB

Idle session timeout is a feature that kicks off after a period of inactivity, allowing O365 administrators to automatically signing out inactive sessions preventing the overexposure of information in case a user leaves a computer unattended. This is done, first by displaying a warning prompt and then signing the user out of SharePoint Online and OneDrive for Business.

This a useful feature in the scenarios where shared pc’s are used by multiple users. We have to take into account that this feature is activated for the entire tenant (is not possible to configure it to specific users) and only applies on web browser session 🙂

By default, this new feature is disabled, so in order to enable it we have to use SPO PowerShell module and execute the following commands:

Connect-SPOService -Url “https://yourtenant-admin.sharepoint.com”
Set-SPOBrowserIdleSignOut -Enabled $true -WarnAfter (New-TimeSpan -Seconds 100) -SignOutAfter (New-TimeSpan -Seconds 120)
Disconnect-SPOService

Once the idle session timeout has been activated, is it necessary to know that shis setting only will take place fore the new sessions. So once the timespan is reached (in my case 100 seconds), the user will be notified like the following:

o365ts

If the timespan for log out is reached (in my example 120 seconds), the user will receive the following message

o365lo

And the user will need to log in again into O365

If by any chance, you need to deactivate the Idle Session time out into your tenant, will be necessary to execute the following command:

Set-SPOBrowserIdleSignOut -Enabled $false

Also, it is necessary to be aware that the following actions are counted as O365 actions and restrictions/limitations:

  1. Mouse movement or scrolling up and down is not included as activity. Activity is counted as requests sent to SharePoint Online.  Mouse clicks within the context of a site are considered activity.
  2. Idle-session timeout is limited to SharePoint Online browser sessions; however, will sign users out of all Office 365 workloads within that browser session.
  3. It will not sign out users who are on managed devices or select Keep Me Signed In during sign-in.
  4. Idle session timeout is currently limited to Classic sites.  A fix will be rolled out to support Modern sites soon.
  5. The WarnAfter and SignOutAfter values cannot be the same.
  6. The policy scope is Tenant-wide.

For more info:

https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_shareon-mso_o365b/idle-session-timeout-in-sharepoint-and-onedrive/d128a00e-7c66-482b-abca-96b4e2b89436

https://techcommunity.microsoft.com/t5/SharePoint-Blog/Introducing-Idle-Session-Timeout-in-SharePoint-and-OneDrive/ba-p/119208

Internal Server Error while creating SharePoint Online Team Site

Today I bring a weird error, it has been hard to follow the error and reproduce it, but finally I have been able to solve it. The error was the following:

  • The user tries to create a SharePoint Team Site from the portalCTS
  • The user selects a Team Site and starts to fill the parametersCTS2
  • The problem here, is that it stucks on the “Checking” action to verify if the site exists wether or not, and after a few moments it shows a message to exit from the creation site page. In case the user selects “Stays on this webpage” the system does nothing, but in case the user selects “Exit from this page” it automatically fires the following error:CTS3
  • 500 Internal Server Error, a great error take into account that we are talking about SharePoint Online…

Things that I checked before finding a solution…

  • Check if the problem was reproduced with other navigators… I tested with IE, Edge, Chrome, Firefox and SAfari, all of them had the same behaviour.
  • Check if the client has configured a group to restrict the creation of O365 groups
  • Check if it happens with all the users, yes it happens
  • Check if it happens with global administrators, nop the GA were able to create the groups

After digging a lot, I decided to check the traces with Fiddler, after that I was able to see a kind of redirection in the traces, so I decided to go to the Home of SharePoint tenant https://domain.sharepoint.com and check the site collection features at that level.

I was reviewing which features were activated, in order to try to clarify what was the point of that error. After checking all the features, I decided to deactivate the feature “Limited-access user permission lockdown mode”

CTS4.png

I remember that this feature gave me some problems in the past while I was involved in OnPremises projects were we were deploying anonymous portals, so I decided to deactivate the feature.

After deactivating the feature, I checked the creation of SharePoint Team Sites with the user that was giving me problems at the beginning…. and BAM! problem solved!! Wiiiiiii

So I wonder that this SharePoint Team Site Creation Page has something related with anonymous permissions or something like that. It has been a weird problem, but finally the mistery has been resolved.