Terminologies one must be aware of in Office 365:

Listed below are the few important topologies one must be aware of while working on Office 365.

Active Directory Federated Services (AD FS):

On-premises security token service (STS) that provides simplified, secure identity federation and Web single sign-on (SSO) capabilities for users who want to access applications within an AD FS-secured enterprise, in federation partner organizations, or in the cloud. Federated identities with Modern Authentication-enabled clients interoperate with EvoSTS, which is the Azure AD STS.

AD FS indirectly supports CA scenarios, as it offers a set of controls known as client access filtering that allow the creation of perimeter network-based policies for IP range filtering, accessed workload, or client type (browser vs rich client).

Multi-Factor Authentication (MFA):

Protects access to data and applications by requiring a second form of authentication. Strong authentication is available through a range of verification options.

Azure Active Directory Premium:

All CA scenarios that leverage Azure AD require Azure AD Premium. Azure AD Premium adds feature-rich enterprise-level identity management capabilities and enables hybrid users to seamlessly access on-premises and cloud capabilities. It includes everything you need for information worker and identity administrators in hybrid environments across application access, self-service identity and access management, identity protection and security in the cloud.

Azure Rights Management Services (RMS):

Uses encryption, identity, and authorization policies to protect files and email. Information protection that is applied by using Azure RMS stays with the files and emails independently of the location, allowing customers to remain in control of their data even when this data is in motion.

Conditional Access (CA):

CA allows customers to selectively allow or disallow access to Office 365 based on attributes such as device enrollment, network location, group membership, etc.

Device-based CA restricts access to devices that are managed by the organization and are in a healthy state. Device-based CA is a feature of Intune. Users must enroll their devices in Intune and validate that the device meets the organization’s access rules regarding device health and security.
There are other CA scenarios that do not require device enrollment, such as restrict access only from specific locations. These scenarios do not require Intune and are provided through Azure AD Premium access control features.

Data Loss Prevention (DLP):

Helps identify and monitor sensitive information, such as private identification numbers, credit card numbers, or standard forms used in your organization. DLP Policies enable you to notify users that they are sending sensitive information and to block the transmission of sensitive information.

Microsoft Enterprise Mobility + Security (EMS):

Provides identity and access management, MDM, MAM and Azure RMS. Intune is a part of EMS.

Microsoft Intune (Intune):

Intune is a cloud-based service that helps you manage Windows PCs, and iOS, Android, and Windows mobile devices. Intune also helps protect corporate applications and data. You can use Intune alone or you can integrate it with Microsoft System Center Configuration Manager 2012 R2 to extend your management capabilities.

Mobile Application Management (MAM):

Controls how corporate-managed applications work and interact with other managed applications and unmanaged applications (e.g., provides the ability to restrict user actions such as copy, paste, download, etc.). Available through Intune.

Mobile Device Management (MDM):

Provides the ability to configure mobile device policies, such as enforcing complex PINs or passwords, blocking devices that have been jail broken or rooted from syncing email, disabling Bluetooth, etc. Available through Office 365 MDM and Intune.

Modern Authentication:

Provides OAuth-based authentication for Office clients against Office 365 using Active Directory Authentication Library (ADAL). Replaces the Microsoft Office Sign-In Assistant. Allows for CA policies, so administrators can define granular applications and device-based controls for corporate resources.

Thanks for reading this post ….Good luck with Office 365 !!!

Report on external users in SharePoint Online:

SP Online image

Alright in this post I’m going to introduce you all to a small PowerShell script which will help you in getting the list of all the external users in your SharePoint Online tenant. Unlike the “Get-SPOExternalUser” PowerShell command this will display the list of all sites in SharePoint Online , the external sharing status of those sites as well as with whom the sites are shared with externally . This can be used handy by Offic6 365 global admins or SharePoint Online admins to get a report of external sharing/users in their tenant.

Let’s take a look at the script now …

Step1:

Run this command in the SharePoint online management shell to connect to your tenant.

Connect-SPOService -Url https://office365admin123-admin.sharepoint.com-credential $credentials

Step 2 :

Once done with the first command run the below mentioned command to get the report.

$i = 0

ForEach ($site in Get-SPOSite) {

$i++

Write-Host “*********”

Write-Host “Site number: ” $i

$site.Url

$site.Owner

$site.SharingCapability

Get-SPOExternalUser -SiteUrl $site.Url

}

This is how the result of this script will look like, check the image below ….

Result 2

I hope this helps you to get the report may be once in a week or a month. Thanks for reading this post…Happy SharePointing !!!

Extending the Retention period of orphaned personal site collections up to a year:

One drive 1.png

Alright , I guess you might have figured out what this post is going to be about by seeing the title .So yes , I’m going to show you how to extend the retention period of the One Drive for business content up to a year even after the user has left the company .

So I guess all the Office 365 folks as well as SharePoint folks out there would be aware of the “My site cleanup policy” that runs in SharePoint once a user’s account has been deleted in AD. If you’re not aware of this yet, please check my article on that. Also to understand how this works on SharePoint Online, you can take a look at the link below. Microsoft has did an awesome job on writing a detailed article about this and hence I’m not going to spend my time writing a detailed article explaining the same stuff once again .

https://support.microsoft.com/en-in/help/3042522/onedrive-for-business-retention-and-deletion

So here in this article I’m going to introduce you to a PowerShell command that will extend the retention period of the contents in the personal site (i.e. One Drive for Business) up to a year so that you have a year’s time to copy the contents from a user’s One Drive for business folder even after he/she has left the company.

I guess scenario’s like this are quite possible when a user has been terminated and his account has been deleted or may be a user left the company and the default retention period was not sufficient for you to copy the important contents from his One Drive for business folder .

So here’s the PowerShell command for that ….

Set-SPOTenant -OrphanedPersonalSitesRetentionPeriod 365

You need to run this as a SharePoint Online command as shown in the image below.

one drive 2.png

Once done it will update the retention policy for all the orphaned One Drive for Business sites in your tenant. The other way to do this is by putting a hold on the user’s One Drive for Business as a part of an eDiscovery case and the site won’t get deleted until the hold is removed. But this command will make your life even easier by making the change for the entire tenant.

Happy SharePointing …..I hope this helps someone. Thanks to Chris Bortlik for showing this to us.

SharePoint Online -Sync button missing issue on Project sites is fixed .

So couple of days back , I blogged about an issue on SharePoint Online where the “Sync” button in SharePoint Online document library went missing in Project sites and this was identified as a bug by MS and the Product Group team was working on it . So initially we were told by MS that it would take at least 3 to 6 months to get this fixed and there was also a notification on the Service Health dashboard yesterday about this issue (please check the screenshot below ….)

Sync issue.png

But the PG team was quite ahead of their schedule as always and they managed to fix this so soon. Today we got an update from the support engineer that the issue was fixed. This is really super-fast and kudos to MS and the PG team for this quick turnaround. So this issue is fixed now on all the tenants which were having this issue.

I verified this now and I can see the Sync button now on the document library on a SharePoint Online Project site. So please pass the word to all your end users now if your tenant had this issue .

Happy SharePointing…..Thanks for reading this post.

Sync button missing in SharePoint Online doc library -Project site template:

Alright, so this article is going to be a simple one where I’ll be sharing my recent experience with SharePoint Online where the ‘’Sync Button “which you see on the document library went missing all of a sudden. If you’re not sure about what I’m talking, this image below should help you understand.

Sync 1.png So couple of days back , a user who’s always known for finding bugs in SharePoint called me and said , ‘”Hey the Sync button is missing in SharePoint Online doc library ….” . I felt like, that’s not possible and I wanted to double check that. So I went ahead and took a look at the document library on a SharePoint Online team site and found that nothing is wrong with the “Sync button” and it was showing up perfectly fine.

So I took a look at the URL which he was referring to and found that it was missing which was really bizarre to me. Upon digging further I found that the site which he was referring to was a “Project Site “and the one which I tried first was a “Team site”. Now things got really interesting and I did some testing to isolate this issue. I tried reproducing this issue in different site templates and found that this was something specific to “Project site “(top level sites as well as subsites that make use of Project site template) alone. As this is on SharePoint Online I raised a premier support case to know what Microsoft had to say about this. The support engineer checked with the product group team and informed that this is a bug which was caused post the “New Experience” rollout which was released by MS few months back and it seems that many customers have already reported this issue to them.

If you’re hearing this for the first time, please take a look at this link below to understand this feature named “New Experience”.

https://support.office.com/en-us/article/Switch-the-default-experience-for-lists-or-document-libraries-from-new-or-classic-66dac24b-4177-4775-bf50-3d267318caa9?ui=en-US&rs=en-US&ad=US

Finally, based on my testing what I identified is listed below:

On SharePoint Online Team sites, I don’t see this issue. Please check the image below …

Sync 1.png

2. On SharePoint Online Project sites, I can see this issue .Please check the image below (the sync button is missing)….

Sync 2.png

Note: MS has checked and confirmed that this issue is a known bug and will take at-least 3 to 6 months to get this fixed. Also as per MS it seems that this issue persists on other site templates also apart from “Project sites “.However, I didn’t get a chance to try them yet. So just in case you get a call or may be an email from users about this issue, please be informed that this is a known bug at the moment and will be fixed in 3 to 6 months’ time.

Workaround: The workaround for this is to…. Go to the library settings –> Go to advanced settings –>Change the option in the list experience from New to Classic experience as shown in the image below. By doing so you’re switching back to previous document library experience.

Sync 4.png