Testing out SPO Hub Sites

As many you know, Microsoft has recenlty launched SPO Hub Sites, I only have this option in a tenant where I have first release option, but I can try out some of the new features that this new implementation brings to SPO platform.

First of all, it is necessary to convert one existing site to SPO hub site, this can be done by executing the following command:

connect-sposervice https://domain-admin.sharepoint.com
Register-SPOHubSite https://domain.sharepoint.com/sites/CS

Once this have bee done, we can join an existing SharePoint Team Site to the Hub Site:


The first thing to notice is the global Navigation bar, that is configured across all the sites associated to the main HubSite


Also, once a site has been configured as a Hub Site, a new option appear to configure the name of the HubSite:


One thing I found interesting is in the Webparts inside the HubSite, is it possible to configure the Webparts to extract the information from the associated sites, at least from news and documents


When this is configured, is it possible to view all the information from the child sites, I supose that all the information that is shown, will be security trimmed. ** I have to dig deeper in this new features to know how do they work exactly.

I hope that in a few days I will have more information about this 🙂

** I can confirm that the security is trimmed, I invited a user to the HubSite but not to the joined site, and the user is able to see the navigation bar, but not to enter inside the joined site. Also, the user does not have the possibility to see the content of the news or even the documents inside the library, so by the moment this new feature looks fantastic 🙂


Idle session timeout in SPO and ODFB

Idle session timeout is a feature that kicks off after a period of inactivity, allowing O365 administrators to automatically signing out inactive sessions preventing the overexposure of information in case a user leaves a computer unattended. This is done, first by displaying a warning prompt and then signing the user out of SharePoint Online and OneDrive for Business.

This a useful feature in the scenarios where shared pc’s are used by multiple users. We have to take into account that this feature is activated for the entire tenant (is not possible to configure it to specific users) and only applies on web browser session 🙂

By default, this new feature is disabled, so in order to enable it we have to use SPO PowerShell module and execute the following commands:

Connect-SPOService -Url “https://yourtenant-admin.sharepoint.com”
Set-SPOBrowserIdleSignOut -Enabled $true -WarnAfter (New-TimeSpan -Seconds 100) -SignOutAfter (New-TimeSpan -Seconds 120)

Once the idle session timeout has been activated, is it necessary to know that shis setting only will take place fore the new sessions. So once the timespan is reached (in my case 100 seconds), the user will be notified like the following:


If the timespan for log out is reached (in my example 120 seconds), the user will receive the following message


And the user will need to log in again into O365

If by any chance, you need to deactivate the Idle Session time out into your tenant, will be necessary to execute the following command:

Set-SPOBrowserIdleSignOut -Enabled $false

Also, it is necessary to be aware that the following actions are counted as O365 actions and restrictions/limitations:

  1. Mouse movement or scrolling up and down is not included as activity. Activity is counted as requests sent to SharePoint Online.  Mouse clicks within the context of a site are considered activity.
  2. Idle-session timeout is limited to SharePoint Online browser sessions; however, will sign users out of all Office 365 workloads within that browser session.
  3. It will not sign out users who are on managed devices or select Keep Me Signed In during sign-in.
  4. Idle session timeout is currently limited to Classic sites.  A fix will be rolled out to support Modern sites soon.
  5. The WarnAfter and SignOutAfter values cannot be the same.
  6. The policy scope is Tenant-wide.

For more info:



Introduction to Azure AD: Part 1

After having some discussions about this technology, I have decided to post a series of posts about this technology, and which options do we have depending the scenario where we are involved, so let’s start!

Today, I’m gonna talk about Azure AD, which probably everyday everyone knows, but in case of not, this is post is also for you. Azure AD is the acronym of Azure Active Directory, which basically is a cloud service identity provider or identity as a Service, in other words, it’s a simpler version of the typical Active Directory that almost every company has.

Which is the main purpose? Extend your AD to support the cloud and to allow business users to work with cloud applications. Simply as is.

How you can imagine, when we are using Azure AD we are relying on Azure, but also, when we are using O365, we are also using Azure AD to store the synchronized identities on the cloud (in case we have configured the synchronization between OnPrem and the cloud), so even if you don’t have an Azure subscription to host services, you can enter to azure portal, enter into Azure Active Directory and manage your users.


So, resuming, if we have O365, we also have Azure AD, and we can manage the users from the O365 portal and from the Azure AD portal. In addition to that, managing users in the Azure AD portal, gives us a lot of possibilities, as conditional access, identity protection, etc…  But, to use some of these features, we need a valid license.

Licenses in Azure AD, are divided into Free, Basic, Premium 1 and Premium 2, each has some interesting features, in the following link, you can have a closer look to each of these features:


As we can see, depending of what we want to use, we will need a different license, also, we have to take into account, that every user that will use this “premium” features, will need a valid license, so take in to account we you are planning to implement a service like this into your business.

As we can see, until here Azure AD is easy peasy, but now comes the funny part, have you ever realized that Azure AD is divided into Azure AD Azure B2B and Azure B2C, don’t you? So, in next post I will try to focus more in B2C and B2B to at least show my vision about this technology and possible use cases.

For more info: https://docs.microsoft.com/es-es/azure/active-directory/active-directory-whatis

Private Teams will be discoverable in Search

Nowadays, if you want to join a Private Team, the only way to do it is by being invited by an admin of the group. But this will change in the next days, I found the following annouce in my tenant:


So, will be possible to find the groups in SharePoint Search or even searching the groups in the Microsoft Teams App. I think this make sense, you find the group and if it’s necessary you request access to the group.

The only thing that is it necessary to take into account is to be aware of the name policy that the groups will have, if you don’t want a certain name group in your tenant, check it before, and if it’s necessary, execute the Set-UnifiedGroup command with the attribute HiddenFromAddressListsEnabled to $true

It’s great to see how Microsoft is improving all the collaboration tools 🙂

Microsoft Support and Recover Assistant for Skype for Business

If you still thinking that Skype for Business is already dead, Microsoft is telling you the contrary, they are still improving their tools to do their best.

One of this, is that they had improved SaRA, this tool allows to fix many problems or at least it indicates you how to fix them.


The most important thing here, is that has been added support for Skype for Business. If you want to dig deepper in this tool, you can find more information in the following post: SaRA

Enable users to sync IRM-protected files with the OneDrive sync client

While I was searching information for a customer about IRM and AIP, I came across with the following post on MS Support: https://support.office.com/en-us/article/enable-users-to-sync-irm-protected-files-with-the-onedrive-sync-client-preview-6778d4de-b5f8-423c-af43-a1b2449e9b99?ui=en-US&rs=en-US&ad=US

It explains a new feature that it’s in Preview, which allows sync libraries with ODFB, but this libraries are protected with IRM. I found it great, so I decided to share it 🙂