SharePoint Email Notification to Active Directory Users without Exchange License

I’m currently involved in a project where is it requiered to team up with other companies and provide their employees access to my client SharePoint sites but nothing else. Why? because the business core is very restrictive and is not allowed to share documents or sites with external users and being internal users is more feasible to control which actions they can do.

The main point here is to create Active Directory account synchronized with O365, but thise users have not licenses associated to them, so is it possible to be add to SharePoint using their Active Directory account, but not to access to other resources

As you can imagine, the main requirement is to not assign extra licenses to this users to receive emails, so we have to spin the wheel. So the main point here, is when we create the user in OnPrem, is it necessary to include the work email address.

Once this user has been synchronized in O365, we can check the SharePoint Online user profiles parameters, so we are able to see if this user has been synched correctly or not.

So we go to sharepoint admin center > user profiles > people > manage user profiles> input the user name which you want to change in the find profiles dialog box and click find.

Once we have checked that the information shown in the profile is the correct one, we can go on and test if its possible to send notifications to this external user using the mail previously configured.

That’s all, at first moment I thought that it would be more complicated to receive notifications without and Exchange Online license, but the only thing to take into account in this equation is to inform the user email address OnPrem or change the info of the user in the User Profile of SPO.

Cheers!

Advertisement

Rolling out: tenant admin tools to connect existing SharePoint team sites to new Office 365 Groups

What??? This roll out is fantastic!! “providing the ability for tenant admins to connect existing SharePoint Online classic team sites to new groups.”

You can read more about it in the following post: https://techcommunity.microsoft.com/t5/SharePoint-Blog/Rolling-out-tenant-admin-tools-to-connect-existing-SharePoint/ba-p/188750 

Microsoft is increasing the SPO storage allocation!

Yes you’re reading well, recently, Microsoft has announced an increase of Storage Allocation and we will have an 20x increase in the SharePoint Online per user license storage allocation. This means that we’ll obtain 10GB for each licensed user instead of the initial 500 MB.

I think that this is a great new, because you have to be aware that all the O365 services like Teams or O365 Groups, consume space from the SPO storage.

The roll out will start in July and is pretended to be finished in August, so stay vigilant!

You have more information in the following link

Error connecting to SharePoint Online with PowerShell

While I was doing some PowerShell scripting for a client, I received a weird error in SharePoint Online, the console it was throwing errors like “Unauthorized” and “…the web site does not support SharePoint Online credentials” even though my username and password is fine.

I tried with Connect-PnPOnline and other legacy commands, with the same bad result, but what is happenning backwards?

SharePoint Online has a setting named “LegacyAuthProtocolsEnabled” with the purpose “Prevents Office clients using non-modern authentication protocols from accessing SharePoint Online resources .”.

By default this is allowed in all tenants. But as an administrator it is possible to tighten up the security and disallow us to login with these non-modern approaches.

More details can be found here: https://technet.microsoft.com/en-in/library/fp161390.aspx

Solution

1. Start using modern authentication (recommended)

Check if your application support the use of modern authentication through either WebLogin or using application credentials (ClientId/ClientSecret) authentication. This is advice to be the recommended and a more secure approach.

2. Re-enable support for legacy apps

connect-sposervice “https://tenant-admin.sharepoint.com”
set-spotenant -legacyauthprotocolsenabled $True

Updating SharePoint Online tenant settings does not take immediate effect. So is it possible that you will need to wait a while, exact how long can be from from minutes to 24 hours with the different settings.

Till next time!

 

Testing out SPO Hub Sites

As many you know, Microsoft has recenlty launched SPO Hub Sites, I only have this option in a tenant where I have first release option, but I can try out some of the new features that this new implementation brings to SPO platform.

First of all, it is necessary to convert one existing site to SPO hub site, this can be done by executing the following command:

connect-sposervice https://domain-admin.sharepoint.com
Register-SPOHubSite https://domain.sharepoint.com/sites/CS

Once this have bee done, we can join an existing SharePoint Team Site to the Hub Site:

The first thing to notice is the global Navigation bar, that is configured across all the sites associated to the main HubSite

Also, once a site has been configured as a Hub Site, a new option appear to configure the name of the HubSite:

One thing I found interesting is in the Webparts inside the HubSite, is it possible to configure the Webparts to extract the information from the associated sites, at least from news and documents

When this is configured, is it possible to view all the information from the child sites, I supose that all the information that is shown, will be security trimmed. ** I have to dig deeper in this new features to know how do they work exactly.

I hope that in a few days I will have more information about this 🙂

** I can confirm that the security is trimmed, I invited a user to the HubSite but not to the joined site, and the user is able to see the navigation bar, but not to enter inside the joined site. Also, the user does not have the possibility to see the content of the news or even the documents inside the library, so by the moment this new feature looks fantastic 🙂

Idle session timeout in SPO and ODFB

Idle session timeout is a feature that kicks off after a period of inactivity, allowing O365 administrators to automatically signing out inactive sessions preventing the overexposure of information in case a user leaves a computer unattended. This is done, first by displaying a warning prompt and then signing the user out of SharePoint Online and OneDrive for Business.

This a useful feature in the scenarios where shared pc’s are used by multiple users. We have to take into account that this feature is activated for the entire tenant (is not possible to configure it to specific users) and only applies on web browser session 🙂

By default, this new feature is disabled, so in order to enable it we have to use SPO PowerShell module and execute the following commands:

Connect-SPOService -Url “https://yourtenant-admin.sharepoint.com”
Set-SPOBrowserIdleSignOut -Enabled $true -WarnAfter (New-TimeSpan -Seconds 100) -SignOutAfter (New-TimeSpan -Seconds 120)
Disconnect-SPOService

Once the idle session timeout has been activated, is it necessary to know that shis setting only will take place fore the new sessions. So once the timespan is reached (in my case 100 seconds), the user will be notified like the following:

If the timespan for log out is reached (in my example 120 seconds), the user will receive the following message

And the user will need to log in again into O365

If by any chance, you need to deactivate the Idle Session time out into your tenant, will be necessary to execute the following command:

Set-SPOBrowserIdleSignOut -Enabled $false

Also, it is necessary to be aware that the following actions are counted as O365 actions and restrictions/limitations:

1. Mouse movement or scrolling up and down is not included as activity. Activity is counted as requests sent to SharePoint Online.  Mouse clicks within the context of a site are considered activity.
2. Idle-session timeout is limited to SharePoint Online browser sessions; however, will sign users out of all Office 365 workloads within that browser session.
3. It will not sign out users who are on managed devices or select Keep Me Signed In during sign-in.
4. Idle session timeout is currently limited to Classic sites.  A fix will be rolled out to support Modern sites soon.
5. The WarnAfter and SignOutAfter values cannot be the same.
6. The policy scope is Tenant-wide.

For more info:

https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_shareon-mso_o365b/idle-session-timeout-in-sharepoint-and-onedrive/d128a00e-7c66-482b-abca-96b4e2b89436

https://techcommunity.microsoft.com/t5/SharePoint-Blog/Introducing-Idle-Session-Timeout-in-SharePoint-and-OneDrive/ba-p/119208

Internal Server Error while creating SharePoint Online Team Site

Today I bring a weird error, it has been hard to follow the error and reproduce it, but finally I have been able to solve it. The error was the following:

• The user tries to create a SharePoint Team Site from the portal
• The user selects a Team Site and starts to fill the parameters
• The problem here, is that it stucks on the “Checking” action to verify if the site exists wether or not, and after a few moments it shows a message to exit from the creation site page. In case the user selects “Stays on this webpage” the system does nothing, but in case the user selects “Exit from this page” it automatically fires the following error:
• 500 Internal Server Error, a great error take into account that we are talking about SharePoint Online…

Things that I checked before finding a solution…

• Check if the problem was reproduced with other navigators… I tested with IE, Edge, Chrome, Firefox and SAfari, all of them had the same behaviour.
• Check if the client has configured a group to restrict the creation of O365 groups
• Check if it happens with all the users, yes it happens
• Check if it happens with global administrators, nop the GA were able to create the groups

After digging a lot, I decided to check the traces with Fiddler, after that I was able to see a kind of redirection in the traces, so I decided to go to the Home of SharePoint tenant https://domain.sharepoint.com and check the site collection features at that level.

I was reviewing which features were activated, in order to try to clarify what was the point of that error. After checking all the features, I decided to deactivate the feature “Limited-access user permission lockdown mode”

I remember that this feature gave me some problems in the past while I was involved in OnPremises projects were we were deploying anonymous portals, so I decided to deactivate the feature.

After deactivating the feature, I checked the creation of SharePoint Team Sites with the user that was giving me problems at the beginning…. and BAM! problem solved!! Wiiiiiii

So I wonder that this SharePoint Team Site Creation Page has something related with anonymous permissions or something like that. It has been a weird problem, but finally the mistery has been resolved.

SPO – Which MP should I use for Search?

This is a reminder for myself, sometimes I forget which type of Managed Propery I have to use in SPO in order to make search by CQWP, so, depending on the type of column you will need to use different type of preset Managed Properties.

Managed property name	Data type for mapping
RefinableDate00 – RefinableDate19	Dates.
RefinableDecimal00 – RefinableDecimal09	Numbers with max three decimals.
RefinableDouble00 – RefinableDouble09	Numbers with more than three decimals.
RefinableInt00 – RefinableInt49	Whole numbers.
RefinableString00 – RefinableString99	Strings, Person or Group, Managed Metadata, Choice and Yes/No

So, after you have configured this, you’re ready to go. Remember that before you can configure a MP, it is necessary to have values in the column in order to be able to crawl this column and then be able to do the correct mapping.

Get a list of O365 groups

The inclusion of O365 groups is great, it enables users to share documents, planner, calendar. Also taking into account that everyone is able to create a group.

However the problem starts when a user ask for the group url of the site collection, at first glance, you will thinlk to go to the SharePoint Admin Center and search for the site collection, and then you realize, that this site collection that has been created by groups, simply does not exist.

So what we can do? A simply approach will be use a Search Results Web Part in SharePoint Online to show those Site Collections, so let’s use it 🙂

So by doing this, we will be able to show all the groups that has been created in O365 and also taking into account that the security trimming will be respected.

The only drawback to this solution will be that the private groups won’t be listed in the search results. Also to improve this query, will be great to be able to show the Yammer groups or other locations where we store the documents.

SPO and O4B Per Group Sharing Controls

This new feature – which hits first release tenants in June 2017 – will give extra control over who and how information can be shared with external/third party users in SharePoint Online and OneDrive for Business.

This control allows to limit the share with external users based on an specific AD security group, providing the ability to configure more than 1 security group to that control.

In order to configure this feature, we have to take into account that provides 2 options:

• Users in selected security groups share with authenticated external users: Only users in the assigned security groups will be able to share with external users. If you are not included in these groups you cannot share with an external user who is not in your organization.

• Users in selected security groups share with authenticated external users and using anonymous links: Users will be able to share with external users and also create anonymous links.

An important thing to note about this new sharing control is that the site collection policy will always take precedence. So, If the anonymous sharing is disabled at site colletion level (wether it is SPO or OneDrive personal site), users in the security group that will not be able to do so in that site collection.