What is Customer Lock box in Office 365?

1.png“Customer Lock box” –This terminology was something new to me until I heard it at Microsoft Tech Summit this year .There was one of these sessions which I was attending on Office 365 and the speaker was talking about this feature .Sadly only few folks in the room were aware of it and I was one among those folks who haven’t heard that terminology before.

Anyways, now that I’m aware of it I decided to write an article on it so that my readers get to understand about this cool feature in Office 365 and they can start using it in their Office 365 tenants.

So what is Customer Lockbox? To put it in simple words, it’s a feature that’s available in Office 365 to ensure that there’s zero interaction by Microsoft on your contents that’s saved in Office 365(i.e. SharePoint Online, Exchange Online, Skype for Business Online etc…)

Roughly around couple of years back Microsoft has come up with this feature to maximize the data security and privacy for Office 365 customers by ensuring that there’s zero interaction with the customer’s content by Microsoft engineers.

Almost all the service operations performed by Microsoft are either fully automated so there is no human interaction, or the human involvement is abstracted away from the customer’s content that’s stored in Office 365.

Only during some circumstances where something is broken in your tenant and you raised a support case for that , Microsoft engineers will access your content to fix it .So with this feature  Microsoft enforces access control through multiple levels of approval, providing just-in-time access with limited and time-bound authorization. In addition to that all access control activities performed by the Microsoft engineer does gets logged and audited.

The below mentioned image depicts the complete approval process:


So with this feature Microsoft has given their assurance to its customers that their content will not be accessed by Microsoft employees without their explicit approval. It brings customers into the access approval process, requiring the customer to provide explicit approval of access to their content by a Microsoft employee for service operations.

Now that we have understood about this feature lets take a look on how this complete process works ….


Let’s consider a scenario where-in something is broken in SharePoint Online or Exchange Online and you raised a support case for that. The engineer upon reviewing your request feels that he/she might need access to your Exchange/SharePoint Online content to fix it .So this is how the process flows when you have Customer Lock box turned on in your tenant.

  1. Administrators in the customer’s Office 365 environment are notified via email that there is a request for access as shown in the image below.


2. In addition to this the Office 365 Admin Center portal will also display requests that have been submitted to the customer for approval as shown in the image below.


3. You as an Office 365 administrator can approve or reject Customer Lock box requests. Check the image below where you get the option to approve or reject a request.


4. Microsoft can only proceed following approval of a Customer Lock box request. See the image below where the customer has approved a request by the engineer.


5. If a customer rejects a Customer Lock box request, no access to customer content will occur.

Note: Customer Lock box requests have a default lifetime of 12 hours; after which they expire. Expired requests do not result in access to customer content.

Enabling Customer Lockbox in the Office 365 admin center:

  1. Sign in to Office 365 admin center
  2. Go to the Office 365 admin center.
  3. Navigate to Settings > Security & privacy and scroll to locate Customer Lock box


4. Click Edit and move the toggle on or off to turn lock box requests on or off.

9.pngApprove or deny a Customer Lock box request in the Office 365 admin center:

  1. Sign in to Office 365 admin center
  2. Go to the office 365 admin center
  3. Navigate to Settings > Support > Service requests.


4. Select a customer lock box request, and then select Approve or Reject.

5. This is how the view looks in the new Office 365 admin center .Check the image below.



How to avail Customer Lock box for Office 365?

Customer Lock box for Office 365 will be available as part of a new premium Office 365 Enterprise Suite called E5

Thanks for reading this post ….I hope you will enable this feature in your Office 365 admin center which gives an extra layer of security to your contents in Office 365.

Terminologies one must be aware of in Office 365:

Listed below are the few important topologies one must be aware of while working on Office 365.Office 365

  1. Active Directory Federated Services (AD FS):

On-premises security token service (STS) that provides simplified, secure identity federation and Web single sign-on (SSO) capabilities for users who want to access applications within an AD FS-secured enterprise, in federation partner organizations, or in the cloud. Federated identities with Modern Authentication-enabled clients interoperate with EvoSTS, which is the Azure AD STS.

AD FS indirectly supports CA scenarios, as it offers a set of controls known as client access filtering that allow the creation of perimeter network-based policies for IP range filtering, accessed workload, or client type (browser vs rich client).

  1. Multi-Factor Authentication (MFA):

Protects access to data and applications by requiring a second form of authentication. Strong authentication is available through a range of verification options.

  1. Azure Active Directory Premium:

All CA scenarios that leverage Azure AD require Azure AD Premium. Azure AD Premium adds feature-rich enterprise-level identity management capabilities and enables hybrid users to seamlessly access on-premises and cloud capabilities. It includes everything you need for information worker and identity administrators in hybrid environments across application access, self-service identity and access management, identity protection and security in the cloud.

  1. Azure Rights Management Services (RMS):

Uses encryption, identity, and authorization policies to protect files and email. Information protection that is applied by using Azure RMS stays with the files and emails independently of the location, allowing customers to remain in control of their data even when this data is in motion.

  1. Conditional Access (CA):

CA allows customers to selectively allow or disallow access to Office 365 based on attributes such as device enrollment, network location, group membership, etc.

  1. Device-based CA restricts access to devices that are managed by the organization and are in a healthy state. Device-based CA is a feature of Intune. Users must enroll their devices in Intune and validate that the device meets the organization’s access rules regarding device health and security.
  2. There are other CA scenarios that do not require device enrollment, such as restrict access only from specific locations. These scenarios do not require Intune and are provided through Azure AD Premium access control features.
  1. Data Loss Prevention (DLP):

Helps identify and monitor sensitive information, such as private identification numbers, credit card numbers, or standard forms used in your organization. DLP Policies enable you to notify users that they are sending sensitive information and to block the transmission of sensitive information.

  1. Microsoft Enterprise Mobility + Security (EMS):

Provides identity and access management, MDM, MAM and Azure RMS. Intune is a part of EMS.

  1. Microsoft Intune (Intune):

Intune is a cloud-based service that helps you manage Windows PCs, and iOS, Android, and Windows mobile devices. Intune also helps protect corporate applications and data. You can use Intune alone or you can integrate it with Microsoft System Center Configuration Manager 2012 R2 to extend your management capabilities.

  1. Mobile Application Management (MAM):

Controls how corporate-managed applications work and interact with other managed applications and unmanaged applications (e.g., provides the ability to restrict user actions such as copy, paste, download, etc.). Available through Intune.

  1. Mobile Device Management (MDM):

Provides the ability to configure mobile device policies, such as enforcing complex PINs or passwords, blocking devices that have been jail broken or rooted from syncing email, disabling Bluetooth, etc. Available through Office 365 MDM and Intune.

  1. Modern Authentication:

Provides OAuth-based authentication for Office clients against Office 365 using Active Directory Authentication Library (ADAL). Replaces the Microsoft Office Sign-In Assistant. Allows for CA policies, so administrators can define granular applications and device-based controls for corporate resources.

Thanks for reading this post ….Good luck with Office 365 !!!



Sync button missing in SharePoint Online doc library -Project site template:

Alright, so this article is going to be a simple one where I’ll be sharing my recent experience with SharePoint Online where the ‘’Sync Button “which you see on the document library went missing all of a sudden. If you’re not sure about what I’m talking, this image below should help you understand.

Sync 1.pngSo couple of days back ,  a user  who’s always known for finding bugs in SharePoint called me and said , ‘”Hey the Sync button is missing in SharePoint Online doc library ….” . I felt like, that’s not possible and I wanted to double check that. So I went ahead and took a look at the document library on a SharePoint Online team site and found that nothing is wrong with the “Sync button” and it was showing up perfectly fine.

So I took a look at the URL which he was referring to and found that it was missing which was really bizarre to me. Upon digging further I found that the site which he was referring to was a “Project Site “and the one which I tried first was a “Team site”. Now things got really interesting and I did some testing to isolate this issue. I tried reproducing this issue in different site templates and found that this was something specific to “Project site “(top level sites as well as subsites that make use of Project site template) alone. As this is on SharePoint Online I raised a premier support case to know what Microsoft had to say about this. The support engineer checked with the product group team and informed that this is a bug which was caused post the “New Experience” rollout which was released by MS few months back and it seems that many customers have already reported this issue to them.

If you’re hearing this for the first time, please take a look at this link below to understand this feature named “New Experience”.


Finally, based on my testing what I identified is listed below:

  1. On SharePoint Online Team sites, I don’t see this issue. Please check the image below …

Sync 1.png

2. On SharePoint Online Project sites, I can see this issue .Please check the image below (the sync button is missing)….

Sync 2.png

Note: MS has checked and confirmed that this issue is a known bug and will take at-least 3 to 6 months to get this fixed. Also as per MS it seems that this issue persists on other site templates also apart from “Project sites “.However, I didn’t get a chance to try them yet. So just in case you get a call or may be an email from users about this issue, please be informed that this is a known bug at the moment and will be fixed in 3 to 6 months’ time.

Workaround:  The workaround for this is to…. Go to the library settings –> Go to advanced settings –>Change the option in the list experience from New to Classic experience as shown in the image below. By doing so you’re switching back to previous document library experience.

Sync 4.png

Once you do that, you will notice the “Sync button” on a SharePoint Online Project site document library as shown in the image below.

Sync 3.png

Thanks for reading this post…. I hope this would save your time in troubleshooting this issue.  Happy SharePointing!!!


Microsoft Teams in Office 365


I hope everyone would agree to the fact that Office 365 has been one among the best products Microsoft has delivered till date and it’s good to see Microsoft adding a lot of new features and functionalities to the Office 365 suite every now and then. Today many organizations have started choosing Office 365 over on-premises Microsoft products as they’re easy to use and manage and in addition to that you get to remain up to date with all the latest updates.

  1. SharePoint provides intranets and content management solutions to more than 200,000 organizations and 190 million people.
  2. Yammer is the social network for work, enabling cross-company discussions for 85 percent of the Fortune 500.
  3. Skype for Business provides real-time voice, video and conferencing and hosts more than 100 million meetings a month.
  4. Office 365 Groups is our cross-application membership service that makes it easy for people to move naturally from one collaboration tool to another.

Today in this article, we will be discussing about “Microsoft Teams “, the new chat-based workspace in Office 365 that has built-in access to SharePoint Online, OneNote & Skype for Business Online. It was recently introduced by Microsoft couple of months back and acts as a hub for team chats, calls, meetings, and private messages.

Microsoft Teams mainly focuses on these four areas ….

  1. Chat for today’s teams
  2. A hub for teamwork
  3. Customizable for each team
  4. Security teams trust

Let’s look on all these areas and understand how Microsoft teams is built to support all these four areas that can enhance business as well as user experience.

  1. Chat for today’s teams:

It provides a modern conversation experience for today’s teams. Microsoft Teams supports not only persistent but also threaded chats to keep everyone engaged. Team conversations are, by default, visible to the entire team, but there is of course the ability for private discussions. Skype is deeply integrated, so teams can participate in voice and video conferences. You can also add emoji’s, stickers, GIFs and custom memes to make it their own.

  1. A hub for teamwork:

Microsoft Teams is built on Office 365 Groups and is backed by Microsoft Graph. So, it brings together the full breadth and depth of Office 365 to provide a true hub for teamwork. Word, Excel, PowerPoint, SharePoint, OneNote, Planner, Power BI and Delve are all built into Microsoft Teams so people have all the information and tools they need at their fingertips.

  1. Customizable for each team:

Since all teams are unique, Microsoft has invested deeply in ways for people to customize their workspace, with rich extensibility and open APIs available at general availability. For example, Tabs provides quick access to frequently used documents and cloud services. Microsoft Teams also shares the same Connector model as Exchange, providing notifications and updates from third-party services like Twitter or GitHub. In addition to that Microsoft has also included full support for the Microsoft Bot Framework to bring intelligent first- and third-party services into your team environment

  1. Security teams trust:

Microsoft Teams is designed in such a manner that it provides the advanced security and compliance capabilities that our Office 365 customers expect. Data is encrypted in transit and at rest. Like all other commercial services, Microsoft has implemented a transparent operational model with no standing access to customer data. Microsoft Teams will support key compliance standards including EU Model Clauses, ISO 27001, SOC 2, HIPAA and more. In addition to that, Microsoft Teams is served out of our hyper-scale global network of data centers, automatically provisioned within Office 365 and managed centrally, just as any other Office 365 service.

Availability of Microsoft Teams:

As of now Microsoft Teams is on preview mode and its general availability details can be found below.


Subscription details for Microsoft Teams:

If you have a personal Office 365 subscription, you won’t be able to access Microsoft Teams. To access the app, you need one of the following Office 365 license plans:

  1. Business Essentials
  2. Business Premium
  3. Enterprise E1, E3, or E5
  4. Enterprise E4 (for anyone who purchased this plan prior to its retirement)

Note: If you’re licensed for a suite plan like Office 365 Education or a non-suite plan like Skype for Business Online Plan 2, then you won’t be able to get the app. You need to change your license or purchase additional licenses for your company.

Alright, I guess we have now see enough about Microsoft teams. So, let’s see how to enable this in your Office 365 tenant so that your end users in your organization can start using this.

Note: I’ve chosen India in the county field while signing up for Office 365 and I’m able to see Microsoft teams in my tenant. If you’re not seeing that in your tenant it could be because you’re choosing a country where this feature is not available yet.

Turning on Microsoft teams in Office 365 tenant:

  1. Sign in to Office 365 with your work or school account.
  2. Go to the Office 365 admin center as shown in the image below and click on the app launcher. You can optionally click on “Admin” option as shown below.



3. Click on “Admin” as shown in the image below.


4. Navigate to Settings and click on “Services & add-ins” as shown below.


5. On the Services & add-ins home page, choose Microsoft Teams as shown in the image below.


6. On the Microsoft Teams settings page that opens, click or tap to switch the toggle to the on position to turn on Teams for your organization, and then choose Save.Once you’re done you will be redirected to the Microsoft teams home page as shown in the image below and this where you need to enable the features specific to Microsoft teams.


7. On the Microsoft Teams settings page, in the General section, you can choose if you want to show an organization chart in user profiles. By default, this setting is turned on. To change this setting, click or tap to switch the toggle next to Show organization chart in personal profile to Off or On, and then choose Save.


8. In the Teams & Channel section you can manage team owners and members by using the Groups control panel in the Office 365 admin center portal. At this time, you cannot create teams from the Groups control panel – teams must be created by using the Microsoft Teams desktop client or web app which we will be discussing later in his article.


9. In the Calls & Meetings section, you can choose if users can use video and screen sharing during calls and meetings as shown in the image below.


10. In the Messaging section, you can turn on or turn off media content such as animated images, memes, and stickers etc.


Note: To turn on or turn off animated images, click or tap the toggle switch next to Add fun animated images to the conversations, and then choose Save. When animated images are turned on, you can apply a content rating to restrict the type of animated images that can be displayed in conversations. You can set the Content Rating to be one of the following:

  1. Strict
  2. Moderate
  3. No restriction

To turn on or turn off custom memes, click or tap the toggle switch next to Add customizable images from the Internet, and then choose Save.

To turn on or turn off stickers, click or tap the toggle switch next to Add editable images to the conversations, and then choose Save.

  1. The Tabs section, let you customize a channel to include content and capabilities your team needs every day. They provide quick access to frequently used documents and cloud services. In the preview release, there are several built-in tabs such as Files and Notes. In the Microsoft Teams client, at the top of the channel, users can add tabs for Word documents, PowerPoint presentations, Excel spreadsheets, OneNote notebooks, Power BI reports, and plans from Planner.
  2. You can turn on Tabs as shown in the image below.


Please check the Tabs section in my “Microsoft teams” desktop client below.


13. Finally, you can enable Bots as shown in the image below


Note: Using Bots, Microsoft Teams users can complete tasks such as querying information and performing commands by using bots. Users can also integrate your existing LOB applications with Microsoft Teams by using a bot.

To prevent or allow side-loading of proprietary bots, click or tap to switch the toggle next to Enable side loading of external Bots, and then choose Save.

Finally, once all the features are enabled this is how the Microsoft teams home page will look like…



Point to Note:

Although the Office 365 Global administrator has turned on this feature in the tenant end users may not see the Microsoft Teams app tile in the app launcher after an admin turns on Microsoft Teams for an organization. Admins can direct end users to go to https://teams.microsoft.com/downloads to get the desktop apps. To access the web client, users can go to https://teams.microsoft.com. For mobile apps, go to the relevant mobile store for Google Play, Apple App Store, and Microsoft Store.

Desktop client for Microsoft teams:

The below mentioned image depicts the desktop client for Microsoft teams using which I can create my team. You can do the same using web client as well.

Desktop client for Microsoft teams:

You need to sign in with your Office 365 credentials in the desktop client.


Web client for Microsoft teams:

You can check the web client below which opens on a browser and you can also notice that I’ve created my team in the image below.



Creating a team:

You need to use the Create Team on the bottom left of your screen as shown in the image below to create teams. In addition to you also have a “settings” option on the left corner which can help you turn on and off certain features.



Conversations in Microsoft Teams:

You can notice some conversations happening between the users in my team in the image below. You can mention a user, reply to a message and like a conversation or a reply.


In addition to that as mentioned earlier, you can add emoji’s to your conversations, attach files and also use the video camera icon to create new video meetings.

Adding a Tab:

Finally, you can add tabs using the “+” symbol as shown in the image below to add documents & One Note files to your conversations. You can notice that I’ve added a One Note file to my conversations in the image below



Microsoft teams is truly phenomenal and is a great way for users to communicate within themselves in a team . Please turn this on for your users so that they can enjoy this great application.

Thanks for reading this post …. Good luck with Microsoft teams in Office 365!!!

First Release in Office 365:


In this article, I’ll  will be discussing about “First Release in Office 365 “using which you can manage how your organization receive the regular updates from Microsoft for Office 365. Now, it’s a known fact that unlike on-premises the updates for Office 365 are pushed regularly and using this new feature in Office 365 you can designate that only certain individuals receive the updates first before it’s made generally available to everyone in the organization. By doing so you have ample amount of time to test these updates and check whether it breaks something (i.e. may be some custom functionalities) or you can remain on the default release schedule and receive the updates later.

So, to put it in simple words, ““First Release” update for Office 365 allows you to get access to updates faster than GA (General Availability) “.

Now, before we look on how to enable this feature in your Office 365 tenant, let’s take a look on the two type of release options.

  1. Standard Release
  2. First Release

Standard Release:

This is the default option where you and your users receive the latest updates when they’re released broadly to all Office 365 customers. This gives you extra time to prepare your support staff and users for upcoming changes. This is how Microsoft puts it:

“You and your users receive a select set of significant service updates 3 weeks or more after the official announcement. For at least 3 weeks, you have time to learn about the updates and prepare your employees.”

First Release:

With this option, you and your users can be the first to see the latest updates and help shape the product by providing early feedback. You can choose to have individuals or the entire organization receive updates early. This is how Microsoft puts it:

“You and your users receive a select set of significant service updates as early as one week after the official announcement. Choose this option if you and your employees are comfortable with regular updates to the Office 365 service.”

However, the default is to remain with “Standard Release”, which means that new functionality is released to your tenant when it’s good and ready.

The image depicted below gives a detailed explanation on the Office 365 release cycle:


So, as we’re done explaining what’s First release in Office 365, let’s look on how to enable that in your tenant. Remember, by default your tenant will be on “Standard Release “mode  and you need to enable “First Release “option.

Note: The Office 365 updates described in this article apply to Office 365, SharePoint Online, and Exchange Online. They do not apply to Skype for Business and related services.

Steps to activate First Release in your Office 365 Tenant:

  1. Sign in to Office 365 with your work or school account.
  2. Go to the Office 365 admin center as shown in the image below and click on the app launcher. You can optionally click on “Admin” option as shown below.


3. Click on “Admin” as shown in the image below.


4. Navigate to Settings and click on Organization profile as shown below.


5. Once you’re on the Organization profile page you will see the “Release preference “option as shown in the image below. Please click the “edit” button to the change the settings for Release preference.


6. You will notice 3 options as shown in the image below.


7. Choose the option that best suits your need, I’m choosing the third option as I want to enable First release option only for selected users.


8. On the next screen where it asks for a confirmation, please select Yes.


9. On the next screen, you will be asked to add people for First release as shown below.



10. Please select users from the list of available users as shown in the image below. I’m choosing myself here. You can also search for a user in the search box.


11. Once done you will see an option which says your release preference has been updated.


12. Once you click on close you can check & verify the list of users subscribed for first release. Here in this case you can see my name.


13. Finally, you can check the Organization profile home page to verify the release preference settings.


This confirms that you I have turned on “First preference “for myself alone. The best practice is to enable this for power users or IT administrators so that they can check the features before it’s made generally available for all end users. However, it’s up to you on how you want to manage this for your users .

Thanks for reading this post …. Good luck with Office 365!!!!


Great opportunity for Office 365 folks:

office 365.png

Microsoft has  planned and set up 8 different Office 365 Labs webcasts that will be delivered during September and these are the topics that will be discussed in the webcast.

1. Office 365 Labs – Using PowerShell to automate tasks
2. Office 365 Labs – Mastering Azure AD Connect
3. Office 365 Labs – Mail flow
4. Office 365 Labs – Getting the best out of Outlook and Exchange Online
5. Office 365 Labs – OneDrive Synchronization 101
6. Office 365 Labs – Sharing and collaboration with internal and external users in SharePoint Online
7. Office 365 Labs – AD FS and multi-factor authentication explained
8. Office 365 Labs – Exchange Online compliance features (In-Place Archive, In-Place Hold, eDiscovery)

Please use this link below to enroll yourself for these sessions

Office 365 Labs webcasts coming in September

Part 2: Useful Office 365 cmdlets to generate SharePoint Online reports and also for SharePoint Online site administration:

Followed to my previous article about useful office 365 cmdlets in SharePoint Online, in this article I’ll be showing you some more useful PowerShell cmdlets to generate SharePoint Online reports /SharePoint Online site administration. I see a lot of misconception with my fellow SharePoint workers on understanding the difference between SharePoint on-premises cmdlets and Office 365(SharePoint Online) cmdlets, please note that they all don’t have the same functionality even though they almost look similar. There is a lot of difference in what they exactly do, so please pay close attention while utilizing them.


So let’s get into the real meats and potatoes now…

  1. To create a new SPO Site collection:

SyntaxNew-SPOSite -Url https://vigx.sharepoint.com/sites/Vignesh -Title “Vignesh” -Owner “vigganesan89@vigx.onmicrosoft.com” -Template “STS#0” -TimeZoneId 10 -StorageQuota 200


Note: In the above mentioned command you need to specify the URL of your new site collection, Title Name, Template ID, Time Zone and Storage quota size. Please check my previous article on SharePoint Online command to get to know about SharePoint Online Template ID’s

Running this command will create a new site collection in SPO and you can verify this in your SPO admin center as shown below.


2.To list the groups, and all the group memberships, for all of your SharePoint Online sites.


$x = Get-SPOSite


foreach ($y in $x)


        Write-Host $y.Url -ForegroundColor “Yellow”

        $z = Get-SPOSiteGroup -Site $y.Url

        foreach ($a in $z)


                 $b = Get-SPOSiteGroup -Site $y.Url -Group $a.Title

                 Write-Host $b.Title -ForegroundColor “Cyan”

                 $b | Select-Object -ExpandProperty Users




Running the above mentioned command will display the results as shown below,


3.To list the groups, and all the group memberships, for a single site collection:


First let me assign the $siteURL variable to the site collection in question.

$siteURL = “https://vigx.sharepoint.com/teams/test”–> Site in question.

$siteURL = “https://vigx.sharepoint.com/teams/test”

$x = Get-SPOSiteGroup -Site $siteURL

foreach ($y in $x)


        Write-Host $y.Title -ForegroundColor “Yellow”

        Get-SPOSiteGroup -Site $siteURL -Group $y.Title | Select-Object -ExpandProperty Users



Running this command will display the results as shown below .


 4.To lock a SharePoint Online site:

SyntaxSet-SPOSite -Identity $site -Lockstate NoAccess

Specify the $site variable to the site which you want to lock.


Running this command will lock the site and when you try to access it you will get a 403 Forbidden error.

5.To unlock as SharePoint Online site:

Syntax:  Set-SPOSite -Identity $site -Lockstate Unlock


This will unlock the site that we just locked in the previous command.

6.To disable external sharing for a SharePoint Online site collection:


$siteURL = “https://vigx.sharepoint.com/teams/test”–> Site in question

Set-SPOSite -Identity $siteURL -SharingCapability Disabled


You can verify this in your SharePoint Online admin center as shown in the image below. The site in question will have external sharing disabled as shown below.


7.To enable external user and guest sharing:


Set-SPOSite -Identity $siteURL -SharingCapability ExternalUserandGuestSharing


Running this command will enable external user and guest sharing in a SPO site collection and you can verify that in the screenshot below.


Note: By default, this feature will be disabled for SPO sites and this has to be enabled if required.

8.To enable only external user sharing:

Syntax:  Set-SPOSite -Identity $siteURL -SharingCapability ExternalUserSharingOnly


 Running this command will only enable external user sharing in a SPO site collection and you can verify that in the screenshot below.


9.To get the list of sites where sharing capability has been enabled:

Syntax:    Get-SPOSite | Where {$_.SharingCapability -ne “Disabled”}


  1. To get the list of sites where sharing capability is disabled:

Syntax:  Get-SPOSite | Where {$_. SharingCapability -eq “Disabled”}


 11.To change the owner of site:


First let me assign the $siteURL variable to the site collection in question.

$siteURL = “https://vigx.sharepoint.com/teams/test”–> Site in question

Set-SPOSite -Identity $siteURL -Owner “pritham@vigx.onmicrosoft.com”


12.To change the storage and resource quota of a site:


Set-SPOSite -Identity $siteURL -StorgaeQuota 1000 -ResourceQuota 500

13.To change the Title of the site:


Set-SPOSite $siteURL -Title “New Title”


This will change the title of the site in question. You can verify this below.


Thanks for reading this article. This is all I have for this post and I’ll be back with Part 3 of this article very soon.

Happy SharePointing !!!

Configuring Windows PowerShell to support SPO management shell, Exchange Online Management Shell, Skype for Business Online Management Shell and Office 365 Compliance center:


Good evening  to all the Office 365 nerds out there, this article would be on how to configure Windows PowerShell in your client operating system to support Office 365 (i.e. SharePoint Online Management shell, Exchange Online Management Shell, Skype for Business Online Management Shell and Office 365 Security & Compliance center). Well it’s a known fact that Microsoft has released the PowerShell module for all these products (SharePoint Online, Exchange Online, Skype for Business Online and Office 365 Security & Compliance center) separately and you can use that to manage these products separately .Listed below are the links to download those modules .

SharePoint Online Management shell: _ https://www.microsoft.com/en-us/download/details.aspx?id=35588

Skype for Business Online module: _ https://www.microsoft.com/en-us/download/details.aspx?id=39366

Exchange Online module: _ https://technet.microsoft.com/en-us/library/jj984289(v=exchg.160).aspx

Office 365 Security & Compliance center: _ https://technet.microsoft.com/en-us/library/mt587091(v=exchg.160).aspx

Azure AD Module (this can be used for user and domain management tasks in Office 365): _ https://msdn.microsoft.com/en-us/library/jj151815.aspx .

So if you’re the guy who plays the IT administrator role in your company and if you’re the one who has Office 365 global admin role assigned to you and takes care of managing Office 365 then chances are that your desktop could look very messy as shown in the image below while you’re using the management shell and you’re definitely going to have hard time managing them .


So the idea here is to show guys how to configure PowerShell to support all these modules and be successful in managing Office 365 from a single PowerShell window.

Let’s get into the detailed steps now:

Note: Please bear in mind that you need to have Office 365 global admin access to perform these steps.

  1. Please install the Microsoft .NET Framework 4.5.x and then either the Windows Management Framework 3.0 or the Windows Management Framework 4.0. in your PC.

Windows Management Framework 3.0:_ https://www.microsoft.com/en-us/download/details.aspx?id=34595

Windows Management Framework 4.0:_ https://www.microsoft.com/en-us/download/details.aspx?id=40855

  1. For Skype for business online module to function, you need a 64-bit operating system and hence please make sure you’re running a 64 bit version of Windows. Else you will end up getting an error  message as shown in the image below.


3.  Listed below are the 64-bit version of Windows that you can use

                                Windows 8.1 or Windows 8

                                Windows Server 2012 R2 or Windows Server 2012

                                Windows 7 Service Pack 1 (SP1)*

                                Windows Server 2008 R2 SP1*

  1. Once that’s done you need to install the modules that are required for Office 365, SharePoint Online, and Skype for Business Online. Listed below are the links to download those modules.

Microsoft Online Service Sign-in Assistant for IT Professionals RTW

Windows Azure Active Directory Module for Windows PowerShell (64-bit version)

SharePoint Online Management Shell

Skype for Business Online, Windows PowerShell Module

5. Once you’re done installing all the modules you need to configure Windows PowerShell to run signed scripts for Skype for Business Online, Exchange Online, and the Security & Compliance Center. To do this, run the following command in an elevated Windows PowerShell session

Set-ExecutionPolicy RemoteSigned


6. Now inorder to identify whether you’re running Windows PowerShell using elevated permissions or normal mode, please check the prompt on your PowerShell screen.

PS C:\Windows\System32> –>Elevated permissions

 PS C:\Users\UserName>–>Normal mode

7. Now run the next below mentioned command to pass your Office 365 user name and password to Windows PowerShell in an encrypted way. Once that’s done you will get a windows dialog box prompting for your credentials as shown in the image below.

$credential = Get-Credential


8. Now key-in your Office 365 credentials and click on OK as shown below.


9. In-order to identify whether your credential object has been created successfully, please run the below mentioned command as shown in the image below and it should return the value.

Note: Windows PowerShell will never tell you anything when things go fine, it will silently pass on to the next line .It only yells at you when something went wrong. That’s the funny thing about Windows PowerShell.



10.  Now we are all good to and hence we can start connecting to Office 365, for that please run the below mentioned command.

Import-Module MsOnline


11. Once that’s done in-order to verify whether the module was imported successfully you need to run the below mentioned command. This should return the value as shown in the image below.                                Get-Module

12. Somewhere in the list of modules that are returned by this command you should see something that looks like this:  

  Manifest 1.0 MS Online {Add-MsolForeignGroupToRole, Add-MsolG…}.

If you see MSOnline listed, that means that everything went according to plan.

13. Since we have verified that the credential object has been created and also the MSOnline module has been loaded successfully the next step would be to connect to Office 365 using the Connect-MsolService cmdlet. For that run the below mentioned command as shown in the image below.

                                Connect-MsolService -Credential $credential


14. In-order to verify whether you have successfully logged into your Office tenant, please run the below mentioned command and verify your domain information as shown in the image below. In my case my domain name for Office 365 is “vigx” and you can see that in the image below.



15. After performing all the above mentioned we have successfully verified that we are able to establish a connection to the Office 365 tenant using our user name and password which has Global admin access in Office 365 . Now the next steps would be to create a connection to each modules separately (i.e. SharePoint Online, Exchange Online , Skype for Business Online & Security and Compliance center for Office 365 )

16 .Initially let’s get started with SharePoint Online by running the following command.   Import-Module Microsoft.Online.SharePoint.PowerShell –DisableNameChecking

Here the “DisableNameChecking” switch suppresses the below mentioned warning.

Warning: The names of some imported commands from the module ‘Microsoft.Online.SharePoint.PowerShell’ include unapproved verbs that might make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of approved verbs, type Get-Verb.

17. In order to connect to SharePoint Online, you need to supply two pieces of information: your credentials and the URL of your SharePoint Online admin site. This is how the format is going to look like.

Note: You can get your SharePoint Online tenant URL by opening the tenant admin page. Check the screenshot below.


This is how the format will look like,

Admin URL: – https://vigx-admin.sharepoint.com   Connect-SPOService -Url https://vigx-admin.sharepoint.com -credential $credential

18. Once that’s done, please go ahead and run “Get-SPOSite” command as shown below and see the results .This should list all the SharePoint Online sites.


19. If you successfully get the list of all SharePoint Online sites then your command ran successfully.You can verify that by visiting the SharePoint Online admin center as shown below.


20. Also try running Get-MsolUser and see the result , this will return the list of all the users in Office 365 .This means you can now manage both SharePoint Online and Office 365 from the same Windows PowerShell window .



21. Now, let’s take a look on how to connect to Skype for Business Online (formerly as Lync Online)

Note:  Connecting to Skype for Business Online (and to Exchange Online or the Security & Compliance Center) is different than connecting to Office 365 or to SharePoint Online. That’s because the Skype for Business Online and Exchange Online cmdlets don’t get installed on your computer like the Office 365 and the SharePoint Online cmdlets do. Instead, each time you sign in, the appropriate cmdlets are temporarily copied to your computer. When you sign off, those cmdlets are then removed from your computer.

22. In order to connect to Skype for Business Online, please run the below mentioned command to import the Skype for Business Online module. For that run the below mentioned command.

                         Import-Module SkypeOnlineConnector


Note: The first time you might see some warning message which can be safely ignored.

23. Once the module has been imported, run the below mentioned command to initiate a new Sfbo session by running the below command.

$sfboSession = New-CsOnlineSession -Credential $credential

Note: By running the above command we have successfully created a remote PowerShell session. The above command is used to connect to an instance of Windows PowerShell running on one of the Office 365 servers.


24. Once that’s done you need to run the below mentioned command to download the “Skye for Business Online scripts /cmdlets” and other items. As already mentioned before Skype for Business Online commands are not similar to SPO cmdlets, Sfbo cmdlets need to be loaded every time you plan to use PowerShell to manage Sfbo. So now let’s load sfbo cmdlets to PowerShell by running the below mentioned command(you can notice the progress bar in the image below loading the cmdlets to Windows PowerShell)

Import-PSSession $sfboSession


25. Once Windows PowerShell is done loading the sfbo cmdlets you should notice something like this as shown in the image below. If you notice this in your screen then you have successfully made a connection to Skype for Business Online.


26. You can verify your connection to Skype for Business Online by running the below mentioned command.

Get-CsOnlineUser -Identity vigganesan89@vigx.onmicrosoft.com 

Note: This command will give the information for the user who has his UPN/SIP ID as vigganesan89@vigx.onmicrosoft.com


27.  Alright, till now we have seen how to configure Windows PowerShell to support SharePoint Online and Skype for business online, now let’s take a look on how to configure Windows PowerShell to support Exchange Online.

28. In order to proceed further, please run the below mentioned command which creates a remote Windows PowerShell session with Exchange Online.

$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri “https://outlook.office365.com/powershell-liveid/” -Credential $credential -Authentication “Basic” -AllowRedirection

Note: Why is the command for connecting to Exchange Online more complicated than the command to connect to Skype for Business Online? Technically, it’s not: both commands do the exact same thing. However, the Skype for Business Online team created its own cmdlet—New-CsOnlineSession—that hides some of the parameters (like Authentication and AllowRedirection) that are used when connecting to Exchange Online. Instead of requiring you to type that information yourself, the Authentication and AllowRedirection parameters are effectively built in to the New-CsOnlineSession cmdlet. You have to type those parameters when connecting to Exchange Online because Exchange Online uses the standard New-PSSession cmdlet to connect to Office 365. The disadvantage is that you have a little more typing to do. The advantage is that you don’t have to download and install an Exchange Online module. This will start loading the modules as shown in the screenshot below.


29. Once you’re done running the above command, please run the below command to import the Exchange Online remote session, just as we did for Skype for Business Online. Please check the screenshot below.

        Import-PSSession $exchangeSession –DisableNameChecking


30. Once you’re done running the above command you would get the results as shown in the image above.

31. After you get the desired results in the screen, try running the below mentioned command , you should see information about your Office 365 domains that are configured for email addresses in Exchange Online.



32. This confirms that you have successfully connected to Exchange Online, you can also verify that by running the “Get-Mailbox” command as shown in the email below. This should return the Mailbox information of the users who are in Office 365.


33. So till now we have seen how to manage the user administration/license management for Office 365 , SharePoint Online , Exchange Online & Skype for Business Online using Windows PowerShell .Now let’s see how to manage the Security and Compliance center in Office 365 using Windows PowerShell .

34. The connection instructions for the Security & Compliance Center are very similar to those for Exchange Online, but with a slight difference .Let’s take a look at it. To get started with, please run the below mentioned command which creates a remote PowerShell session with the Security & Compliance Center

$ccSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $credential -Authentication Basic –AllowRedirection

35. This will start loading the modules as shown in the image below.


36. Now in order to import the cmdlets for “Security and Compliance center” run the below mentioned command .This should look similar to the Exchange Online cmdlet. The DisableNameCheckingswitch isn’t required here as there are no unapproved verbs in the Security & Compliance Center. But the additional -Prefix ccparameter and value is something different here. The Exchange Online and the Security & Compliance Center share some cmdlets that have exactly the same names and provide the same functionality. Get-RoleGroup is an example.                                                                                             Import-PSSession $ccSession -Prefix cc


37. Now you can verify the result of the above command in the screenshot above.

38. In order to verify whether you have been successfully connected to “Security and Compliance center” in Office 365, please visit the below mentioned link and try executing the cmdlets there and see the results.


39. So finally we have connected to all the instances of Office 365 (Office 365 user/license management, SharePoint Online, Exchange Online, Skype for Business Online & Security and Compliance center in Office 365) using Windows PowerShell and we also saw how to execute the appropriate cmdlets to manage them.

40. Now, run the below mentioned command to get the active sessions that are running .For that run the Get-PSSession

The Get-PSSession cmdlet should show you that you have at least three remote sessions open, one for Skype for Business Online, one for Exchange Online and one for the Security & Compliance Center (it’s possible you could have more than three remote sessions running, depending on whether you’ve used this instance of Windows PowerShell to connect to something else besides the Office 365 services). You should see something similar to the following.


41. Since we have verified the active sessions that are running, now run the below command one at a time to close the session. If you just close the Windows PowerShell window, your Skype for Business Online remote connection will remain active for the next 15 minutes or so. Because Skype for Business Online limits the number of simultaneous connections that any one person or any one domain can have open, that could be a problem. With Skype for Business Online, an individual administrator can have, at most, three open connections at one time, and a domain can have a maximum of nine open connections. If you sign in to Skype for Business Online and then exit without properly closing the session, that session remains open for the next 15 minutes or so. As a result, that’s one fewer connection available to you or to other administrators in your domain. So run the below mentioned command to close the remote sessions for Skype for Business Online, Exchange Online, and the Security & Compliance Center gracefully.


Remove-PSSession $sfboSession

                                Remove-PSSession $exchangeSession

                                Remove-PSSession $ccSession

 42. If you prefer to close all the sessions at the same time without doing it one at a time, please run the below mentioned command.


Get-PSSession | Remove-PSSession

 43. The above mentioned commands will stop the PowerShell sessions for Skype for Business Online, Exchange Online, and the Security & Compliance Center gracefully but not SharePoint Online and hence to stop the session for SharePoint Online , run the below mentioned command .



44. Now inorder to verify whether we have successfully disconnected from SharePoint Online service run the below mentioned command and it should throw you an error.


45. This confirms that you have successfully disconnected from SharePoint Online management shell.

So finally we have seen how to configure Windows PowerShell to support SharePoint Online Management shell, Exchange Online Management Shell, Skype for Business Online Management Shell and Office 365 Compliance center.




Office 365 Usage reporting:

Office-365-Cloud-Logo.pngUnderstanding how people in your organization are using Office 365 is an important step in driving more usage and ultimately getting the utmost value from your investment in Office 365. In regards to this Microsoft has recently introduced the new reporting dashboard feature in Office 365 admin center which gives the usage reports for SharePoint, One Drive for Business, Skype for Business and Yammer, which give IT greater visibility into usage across these services in Office 365.

Now let’s take a look at what you can find in these usage reports,

  • Activity dashboard (also called reporting dashboard)—Provides you with a high-level overview of how many people in your organization are using Office 365. Each service in the suite, such as Skype for Business and Exchange, has its own tile that surfaces key activity data, making it easy for you to get a quick understanding of the activity within that service. To view detailed information by service or by individual user, simply click the specific tile or use the drop-down menu at the top of the reporting dashboard.

  • Email activity report—Enables you to understand email usage, such as send, receive and read activity. It also enables you to monitor trends in email traffic, and can be especially helpful in scenarios such as user migration.

  • Office activations report—Shows which users who have been assigned an Office 365 license have signed into Office 365 on at least one device, including a breakdown by device type. This report helps you identify users who have been assigned a license but have not yet activated it, so you can provide assistance as necessary.

  • SharePoint site usage report—Provides you with storage consumption details across all your SharePoint sites. The report helps you see activity across sites, how much storage is available per site and how the sites are being used for file storage.

  • One Drive for Business usage report—This report helps you understand storage and sharing activity across One Drive for Business, including number and size of files stored, in aggregate and per user.

  • Skype for Business report—Shows Skype for Business usage, with details such as minutes spent in a Skype Meeting and with breakouts on peer-to-peer activity such as IMs and calls, meetings organized and meeting participation.

  • Yammer report—Provides details on Yammer engagement—breaking out Like, Read and Post activities.


 Details you can act on:

All reports provide you with both aggregate and user-level information, so you can effectively plan training and communication that helps your users to take full advantage of the potential of Office 365.

All reports also provide information for different time frames: 7 days, 30 days, 90 days and 180 days. You can export all reports into CSV format and open them with a tool like Excel to quickly filter or pivot the data for further analysis.


 While the reports do provide the ability to track usage at the individual user level, IT admins will only have access to information they already have permission to access in the service. Microsoft will also be rolling out a new privacy feature that allows you to anonymize user-level information before sharing it with other stakeholders in the company.

Global admins can turn on privacy settings by going to : Settings > Services & add-ins > Report.


 You can find detailed log information that allows you to audit and track specific user and admin activities in the Compliance Center.

Thanks for reading this post.


SharePoint Online limits across different Office 365 plans:


Found this good article on Tech Target Network about SharePoint Online limitations and wanted to share it with you guys ….

Depending on the Office 365 plan your business uses, there are several SharePoint Online limits to keep in mind when planning a SharePoint migration.

As with most software as a service deployments, Microsoft imposes limits on the SharePoint Online service across its various Office 365 plans. Organizations with the appropriate service plan can typically work within those limitations, but it’s important for IT planners to recognize restrictions in advance and ensure that any migration from a local SharePoint deployment to SharePoint Online will remain within the established limits. Otherwise, the online migration may experience problems or incur unexpected premium costs for additional resources.

SharePoint Online limits typically involve storage and maximums in the number of items, users, subsites and file sizes. Consider SharePoint Online in Office 365 Business Premium, which offers base storage of 10 GB per tenant plus up to 500 MB per subscribed user; additional storage can be purchased for a fee. For example, a business with 5,000 users would see a storage limit of about 2.5 TB. This might sound like a lot, but storage-intensive file collections across many users can easily consume a significant portion of that capacity. Other factors like Recycle Bin storage can also count against storage limits.

The Office 365 Business Premium plan imposes other limits such as up to 1 TB per site collection or group document library, synchronizing up to 5,000 items — such as folders and files — in site libraries, synchronizing up to 20,000 items in the OneDrive for Business library, and handling up to 500,000 site collections where each site collection can support up to 2,000 subsites. Users can upload files as large as 2 GB per file, but can only attach files up to 250 MB.

There are also SharePoint Online limits on site elements such as lists and libraries, pages and security. For example, a single wiki or webpage can only contain up to 25 Web parts, and a single user can belong to up to 5,000 security groups. Such limits may require changes to existing local SharePoint resources before migration.

The limits for other plans such as SharePoint Online in Office 365 Enterprise, Education and Government may differ from the Business Essentials or Business Premium plans. It’s always important to check the needs of your SharePoint deployment against the preferred plan to ensure that you’re getting the most appropriate and cost-effective service. It’s also worth checking the site elements to see which, if any, sites or wikis may require changes.