The blog of Wictor Wilén

  • What's new in the Office Roadmap - 2015-03-26

    Tags: Office 365, Yammer, Delve

    Here we go, another round of updates of the Office Roadmap. Don't we love them! And sometimes they roll out even before the roadmap is updated ;-)

    Changes 2015-03-26

    These are the change since yesterday.

    Now Launched

    • Office 365 Admin App Update: Directly to launched status

    Features now rolling out

    • Office 365 Groups: adding Like to Conversations: New stuff on the roadmap. Seems like the Office 365 (Exchange) team is building a whole new Yammer…
    • Notifications...Office 365 Notification Pane: (from development) This feature seems to cause some disturbance in the force. It's rolling out, but it seems like it is just half finished… It does not (at the time of writing this) work and the user experience is…confusing.
      Worth mentioning here is that it is rolling out for Groups to start with (something that was changed today as well from yesterday ;-)
    • Option for Passwords to Never Expire: (new on the list) Allows admin to use the UI to configure this rather than only PowerShell
    • Tighter Yammer Integration with Delve: (new on the list) More Yammer in Delve. Why not more Groups in Delve?

    Features now In Development

    • Office 365 Setup Wizard: (new on the list) The replacement for the basic and advanced setup options. The wizard will include migration from on-premises, Google Apps and more! Really neat!

  • What's new in the Office Roadmap - 2015-03-25

    Tags: Office 365

    Another day with some changes in the Office Roadmap, and some really interesting ones actually!

    New Office 365 Profile PageChanges 2015-03-25

    These are the changes since last time.

    Now launched

    • Compliance Center for Office 365: From rolling out. Now no one can be less compliant than anyone else, or…
    • Office 365 Groups Notebooks: Coming from nowhere direct to launched. Each Office 365 Group now has a OneNote Notebook.

    Features now rolling out

    • Edit Office 365 profile details page update: Another newcomer on the list, only this one didn't make it directly to production :).  By clicking on the Gears in the upper-right corner, choosing Office 365 Settings, then choosing Me you will (if your tenant has this feature rolled out) find the new responsive page (https://portal.office.com/profile)

  • SharePoint Online and Azure AD Dynamic Groups

    Tags: Azure AD, SharePoint Online, Office 365

    One very common requirement in SharePoint, and other portal solutions for that matter, is to have the possibility to target content to a dynamic audience of users and even secure information based on dynamic rules. Traditionally this has been done with Audiences in SharePoint. Audience is a dynamic set of users that is compiled, usually once a day, and at compile time the rules of the Audience is evaluated. A SharePoint Audience is used to target information, but cannot be used to protect content - ie as a security group.

    The Azure Active Directory released a new feature the other week, called Dynamic Membership, which is a very similar feature to the SharePoint Audience feature. But, does it work with SharePoint Online? Let's have a look!

    Enabling Dynamic Groups in Azure AD

    Delegated Group ManagementFirst of all we need to enable Dynamic Membership in Azure Active Directory. To do this you need to be an Azure AD admin and you must have Azure Active Directory Premium subscription, and also the administrator you're logging in with must have an Azure AD Premium license assigned to him. Once you have the licensing sorted out you need to enable Delegated Group Management. This is done in the Azure Portal under Azure AD > Configure.

    Creating a Dynamic Group

    When you've enabled the Delegated Group Management you can create a new group or configure an existing group in Azure AD. Remember if you change an already existing group to dynamic that group will loose all members. Click on the created or already existing group and choose the Configure tab. On that tab you can enable Dynamic Memberships. When you do that the screen changes into an interface where you can specify the rules; either through a simple guide or using a more advanced syntax.

    In the screenshot below you can see that we have a group called "CVP" (Corporate Vice Presidents) and we would like everyone with the term CVP in their title to be a part of this group. Click Save when you are done with your configuring of the dynamic group.

    Dynamic Memberships

    To create the group we can use most of the Azure AD attributes. Note that the SharePoint Online user profile specific attributes cannot be used, so there are still some reasons to use SharePoint Audiences.

    Group memberships are almost immediate. You might have to wait a minute or two when you do changes. There is no way to force a recalculation of the group (as far as I know).

    Does it work in SharePoint Online?

    The final test - can I now use this dynamic group in SharePoint Online (Office 365). The answer is YES! The newly created dynamic security group is immediately available for usage in SharePoint Online.

    Dynamic Groups in SharePoint Online

    Summary

    Dynamic Groups in Azure AD is a really great feature. We can use it in SharePoint Online, Office 365 and even our custom applications to provide a better way to control security or target information. Although it requires you to have an Azure AD Premium subscription this is just one those small features that should make you consider that upgrade!

  • What's new in the Office Roadmap - 2015-03-19

    Tags: Office 365, Yammer, Exchange Online

    Some small but interesting additions on the roadmap today.

    Changes 2015-03-19

    New stuff on the roadmap

    • Yammer support for Android Wear devices: (Directly to Launched) Yammer on your wrist! Ok, where's the Microsoft Band app?
    • Enhanced NDRs: (In Development) Microsoft will now help you understand the cause and reason of NDRs in a much easier way.
    • ExpressRoute for Office 365: (In Development) You want your own redundant fat pipe to the Office 365 Data Centers - then this is your feature. Will be launched this fall.

  • What’s new in the Office Roadmap – 2015-03-13

    Tags: Office 365, SharePoint Online, Yammer, Exchange Online, OneDrive

    RoadmapIt’s not easy to keep up on what is happening in the Office and Office 365 world. Everything is changing so fast. Fortunate for us Microsoft and the Office product group has created the Office Roadmap site (http://office.com/roadmap) with all (almost at least) the details on what is in development and rolling out etc. It became quite famous the other week when the new forms solution went from In Development to Cancelled.

    Unfortunately it is quite hard to stay up to date on what’s changing in the Roadmap, and until Microsoft provides us with better details with regards to this, I thought that I could help out. Actually a while back I built a PowerShell script that automatically notifies me of any changes to the Roadmap – and why keep that a secret?

    I’ll try to blog the changes as soon as I discover them, and I’ll add my personal thought on the change…

    Changes 2015-03-13

    (Sorry, about the wrong date at the first edition of this post...)

    These are the changes as of today and I divide them into a couple of sections

    New stuff on the roadmap

    • AzureAD sync for Yammer: (In Development) We’re getting there
    • Clutter for your inbox on by default: (In Development) I don’t generally like stuff turned on by default, but this might be an exception
    • Office 365 ProPlus user activation management: (In Development) looking forward to this!
    • OneNote Staff Notebook for Education: (Launched) Brand new addition to the roadmap
    • Quarantine Message Body Preview: (In Development)

    Now launched

    • Exchange Transport Rule: Recipient Notification Action: From In Development
    • Improved Yammer thread visuals with Card View for iOS/Android: From In Development
    • OneDrive for Business Sync for Mac: Wonder if we’ll see the OD4B app on the fancy watch?
    • Outlook Web App options update:
    • PIN lock and other updates for Outlook for iOS & Android: directly to launched
    • Quarantine Bulk Release: Another direct to launch feature
    • RMS support for document libraries: From In Development, awesome stuff!
    • Touch Design Enhancements for SharePoint Online and OneDrive for Business

    Features now rolling out

    • Compliance Center for Office 365: Went from In development to rolling out
    • DLP in Office 365 to protect Externally classified content: Now rolling out
    • eDiscovery Center Scale Increase: Went directly from In development to Launched
    • Partner Admin Center New Customer List Filters: From In development.
    • Partner admin mobile app: From In Development
    • Workload-specific admin roles: From In Development. This is the best news this time! Finally!
    • Yammer groups prioritization: From In Development

    Other changes

    • SharePoint Online storage usage model: Moved from Rolling Out to In Development?

    Moved off the list, into the previously released bucket

    • Enhanced Bulk Mail Protection for Exchange Online Protection
    • Group Search in Yammer
    • Groups in Office 365 for Outlook Web App and OneDrive for Business
    • New wave of Yammer web and mobile language localization updates
    • Office 365 IRS 1075 Compliance Support
    • Office 365 Message Encryption- Apps for iOS and Android
    • Office 365 services hosted from Microsoft Japan datacenters
    • Office 365 sign-in for Yammer
    • OneDrive for Business for Office 365 ProPlus subscription plans

  • SharePoint Online: App Only policy PowerShell tasks with ACS

    Tags: SharePoint, Office 365, PowerShell, Apps

    Here’s a little nugget that I’ve planned to blog about for some time, that I needed today for a small task. I needed to do a background job to SharePoint Online that at a scheduled interval downloads list data, process them and optionally updates some data in my site. This can of course be done by creating an executable storing username and password combos, and with the help of the TokenHelper.cs class from the App for SharePoint Web Toolkit NuGet package and some stored username and password combos we can make the Auth pieces quite easy. I don’t like that approach. There’s two big drawbacks with that approach. The first one is storing the username and password – we can solve that with an AppOnly policy, which I blogged about in the SharePoint 2013: Using the App Only policy and App Principals instead of username and password combos post. The second issue is that I very much prefer to script these kind of tasks, it makes it more flexible. Problem with that approach is that we need to manually do the Auth pieces. But from now on you just copy and paste from this post.

    Creating the App Principal

    In order to create our PowerShell script we need to create an App for it. This step is exactly the same as we did in the blog post mentioned above. But let’s repeat it. Note! I do use the traditional way of registering apps in this scenario using ACS – I do not use an Azure AD app. The reason for this is I want every Site Collection admin to be able to script like this. Azure AD apps requires way to much permissions for the normal user.

    imageIn your site collection, navigate to /_layouts/15/appregnew.aspx. Click on both Generate buttons, so that you get one Client Id and one Client Secret. Next enter a Title, an App Domain and the Redirect URI. The App Domain and Redirect URI can be basically anything in this scenario. Then click Create to create the App Principal. On the next screen you will get all the details of your App. Copy and paste that data so you don’t loose it.

    Next head on over to /_layouts/15/appinv.aspx. Paste your Client Id in the App Id (Microsoft has never been good in naming conventions) text box and click Lookup. This will retrieve the rest of the app details. Since we will not have any UI or install any App we need to manually ask for permissions and then grant the permissions. What we do is that we create a permission request XML. Depending on your requirements your XML may be different from the one below. The following permission request XML asks for Full Read permissions on the whole web.

    <AppPermissionRequests AllowAppOnlyPolicy="true">
      <AppPermissionRequest
        Scope="http://sharepoint/content/sitecollection/web"
        Right="Read"/>
    </AppPermissionRequests>

    Note the AllowAppOnlyPolicy=”true” attribute – that one is the key to allowing the App to run without username and password. Once you paste the XML into the permission request XML textbox and then click on Create. You will see the Trust screen for your app. Make sure the permission request is what you expect and if so, click on Trust it!.

    Auth in PowerShell

    Now, let’s get to the core of this post and let’s create a PowerShell script that uses this app to read items from a list. I split it up in a few different parts to make it easier to follow. In the end of the post you will get a link to the full code sample.

    Defining some constants

    Let’s start by defining some constants:

    $clientId = "16119847-8ac7-4a3a-a2e5-18debd9fc9d2"
    $secret = "KuZj5UD22oy2.....=";
    $redirecturi = "https://localhost"
    
    $url = "https://tenant.sharepoint.com/sites/thesite/"
    $domain = "tenant.sharepoint.com"
    $identifier = "00000003-0000-0ff1-ce00-000000000000"
    
    

    The $clientId, $secret and $redirecturi are copied directly from the results of my app registration. The $url parameter is the URL of the site where I registered the app, and $domain is just the server part of that URL. Finally the $identifier is a static Guid value, which represents SharePoint (Exchange, Lync, Workflow etc has their own Id’s).

    Retrieving the Realm

    The next step is to retrieve the Realm or Tenant Id. You might already know this or you might just run these commands once and store it as a static variable.

    $realm = ""
    $headers = @{Authorization = "Bearer "} 
    try { 
        $x = Invoke-WebRequest -Uri "$($url)_vti_bin/client.svc" -Headers $headers -Method POST -UseBasicParsing
    } catch {
        #We will get a 401 here
          $realm = $_.Exception.Response.Headers["WWW-Authenticate"].Substring(7).Split(",")[0].Split("=")[1].Trim("`"")
    }
    

    What we do here is to send a request to the client.svc endpoint and actually expect to get thrown a 401 back. When we get the 401 we’ll locate the WWW-Authenticate headers and retrieve the Realm property. Yea, that PoSh line could be a bit more prettier and failsafe, but it works on my machine.

    Retrieving the access token

    When we have the realm we can create the authorization code. This is how we combine all our variables into an authorization code:

    [System.Reflection.Assembly]::LoadWithPartialName("System.Web") | Out-Null
    $body = "grant_type=client_credentials"
    $body += "&client_id=" +[System.Web.HttpUtility]::UrlEncode( $clientId + "@" + $realm)
    $body += "&client_secret=" +[System.Web.HttpUtility]::UrlEncode( $secret)
    $body += "&redirect_uri=" +[System.Web.HttpUtility]::UrlEncode( $redirecturi)
    $body += "&resource=" +[System.Web.HttpUtility]::UrlEncode($identifier + "/" + $domain + "@" + $realm)
    

    Let’s walk this through. First of all I load the System.Web assembly, if you run this as a scheduled task this assembly is not loaded in your app domain, compared to when running it in PowerShell ISE for instance, and we need that assembly for some encoding.

    The actual authorization code starts with a grant_type which we set to the static variable of client_credentials, which means that we do not pass any user credentials or refresh tokens. Client_Id is not exactly the same Client Id as above, here we need to append “@” and the realm to scope the request to our tenant. The Client secret and redirect Uri is the same as when creating the app. Finally we have the resource token which is a combination of the SharePoint identifier, the domain and the realm. Note that if you’re targeting the anything in a Personal Site, you not only have to update the $url variable but also the $domain variable.

    We send all this data to the Azure Access Control Services (ACS), remember we did not use Azure AD, endpoint like this:

    $or = Invoke-WebRequest -Uri "https://accounts.accesscontrol.windows.net/$realm/tokens/OAuth/2" `
        -Method Post -Body $body `
        -ContentType "application/x-www-form-urlencoded"
    $json = $or.Content | ConvertFrom-Json
    
    When invoking the endpoint, using our authorization code above, we will get a JSON formatted string back. We convert this string into an object using ConvertFrom-Json.

    Use the access token

    Finally we can use the result from the ACS endpoint and get our access token which we’ll pass into the REST end point (as an Authorization Bearer token) of the site where we want to do operations.

    $headers = @{
        Authorization = "Bearer " + $json.access_token;
        Accept ="application/json"
    } 
    
    Invoke-RestMethod -Uri "$($url)_api/lists/GetByTitle('Documents')/Items" -Method Get -Headers $headers
    

    Summary

    That wasn’t to hard right? All we needed to know was the basic process of OAuth 2.0 and know how to create and pars the requests and responses. The full code sample can be found here: https://gist.github.com/wictorwilen/db67725a66a3e40789e3

  • Finally time for another SSUG meeting in Stockholm

    Tags: User Group, SharePoint

    It’s been way to long since we had a Sweden SharePoint User Group meeting in Stockholm, but the wait is now over.

    On the 26th of February we are all invited to the local Microsoft offices to learn more about SharePoint. Specifically this evening we will be able to hear from Erwin van Hunen, who will talk about the Office 365 Patterns and Practices project. We will also be able to hear from Microsoft about their Hybrid OneDrive for Business experiences. If this doesn’t get you fired up, then what would!

    We are limited to 100 seats, but have a waiting list. You can sign up for the event, starting at 12:00 today (2015-02-11) at the following link:

    https://www.eventbrite.com/e/ssug-mote-stockholm-26e-februri-2015-biljetter-15723746148

    Remember. If you register and don’t plan to show up, please unregister so someone else can take your place. If you don’t unregister, then we’ll call you out on the meeting!

    See you all there!

  • Joining Avanade

    Tags: Personal, Business

    AvanadeI’m very excited and glad to announce that this is my last day at Connecta/Acando and starting on Monday I will be joining the Avanade forces here in Sweden. I will take the role as the Collaboration lead, continuing my passion for SharePoint and the future of collaboration on the Microsoft stack.

    Joining Avanade and in this role seems like one of the most exciting things I could do at the moment. We’re standing on the brink of huge changes going on in our collaborative environments. Cloud, devices, services, security and identity – there’s so many things going on right now and there’s so many things to think about, plan for and execute on.  Also Avanade, being such a global company but being fairly small here in Sweden, brings a lot of opportunities on the table for me and my future customers. I’m looking forward to expanding and building the Collaboration team here in Sweden in combination with the Nordic and global teams – and build the best Collaboration delivery team on the Microsoft platform! If you want to be a part of this, then just ping me!

    The last five years has been a great ride with Connecta. I need to thank my colleagues for all the inspiring moments. And I also need to thank my former managers who believed in me and allowed me to aim for and pass the MCM, MCA and MCSM certifications! And good luck with the Acando deal – you’ll need it, and don’t let the Google clone droids assimilate all of you…

    That’s it for now – 2015 will be a great adventure, and you can if you want to join me in it!

  • Summing up the year of 2014 and embracing 2015

    Tags: Personal, SharePoint, Microsoft Azure, Office 365, SharePoint 2013

    The time has come for me to do, as I’ve done now for eight years (2013, 2012, 2011, 2010, 2009, 2008, 2007 and 2006), my annual post to sum up the year. It is always fun to look back to what happened the past 12 months. This past year has been a somewhat “in-betweeners” year.

    We (me, my clients, colleagues etc.) are standing on the edge of something big and the bridge over to the other side is really, really long. Some hesitate to pass the bridge, thinks it is to steep down, some people are running across it in fear, some take it just easy and some pass it half-ways and then stalls there not knowing which direction to go. Microsoft has already passed the bridge to the other side, they ran as fast as they could. But, they dropped so many things on the way over, things that I and others need to pick up and fix and very often even remind Microsoft that they dropped it at all!

    Confusing – yes, stressing – hell yea, annoying – yup, new opportunities – oh YEA, wanting to go back – nope!

    Writing

    I think I hit an all-time low in blog postings this year. Not that it has been so little to write, rather that I’ve been having to little time. I have a bunch of posts in the works, that never has been published, due to various reasons.

    According to my telemetry this is what you peeps liked this year:

    I’m really glad that the last two of those posts ended up that high. Really liked working those scenarios out.

    Speaking

    I’ve been fortunate to be invited to a number of conferences the past year as well. The highlight of course is the SharePoint Conference 2014, where I had a total of three sessions. The most awesome experience from that conference was when the room after one of my sessions were empty and people stayed for an hour and a half just asking questions!

    See you in May at the new Microsoft Ignite conference. You can keep up to date on my past and future presentations on this page.

    MVP

    For the fifth time I was awarded the Microsoft MVP Award for my community contributions. Always an honor and passing the five year mark was a bit special.

    Predictions

    Each year I try to predict what is going to happen to us and our business in the future. Last year I talked a lot about SharePoint being a service (six years after the SharePoint Services announcement at PDC08), Azure dominating the cloud space and Microsoft focusing everything on Services. SharePoint may not yet be dead, this product has more lives than a cat. Azure is still growing faster than I can keep up with and I like it! And the Services piece – I think this is the most important of all my predictions last year. Microsoft is focusing on owning the services and the data – the device, product etc. is not the top prio. Take a look at the Microsoft Band – an awesome device but the service behind it is what makes the big difference, no other vendor is even close to competing in that space.

    So, 2015, what will happen? I think I stick to my Services, services, services prediction. 2015 is all about the services! I’ll leave it to that. If you don’t understand how the services will change our business you better look for a career change.

    What’s next?

    I have to admit that 2014 was not one of my favorite years, due to multiple reasons. I’ve been pretty tired of this whole “SharePoint & Office 365” situation and it has taken me some deep reflections and analysis to get my inspiration back. But 2015 will be a really interesting year. Too keep you on the hook a little bit more, head back to this blog on Friday!

    Happy New Year!

    I whish all of you a Happy New Year and I hope that your 2015 will be an awesome ride!

  • Solved: Shutting down VMWare Workstation Virtual Machines on Windows 10 Tech Preview

    Tags: VMWare, Windows 10

    Here’s a quick tip/solution on how to shut down your VMWare Workstation 10 and 11 Virtual Machines if you’re using the Windows 10 Tech Preview (basically all builds, but only tested on 9879).

    Currently if you’re using Windows 10 Tech Preview as your host operating system and if you’re trying to shut down a VMWare Workstation Virtual Machine you will crash Windows 10, and potentially corrupt your machine and virtual machines. You’ll see a Blue Screen of Death with a DPC_WATCHDOG_VIOLATION exception.

    I take no credit for this solution, all goes to piccolonicky, who found out the way to properly shut down the VM’s.  But I share it here so that those who reads this blog (mum?) and suffers from the same issue more easily can find the answer.

    The whole idea is to fake a system shutdown of your host OS. This can be done by using the Logo Testing Tools for Windows, which contains a small utility called Restart Manager (RMTool.exe). This tool can send a system shutdown signal to a process (identified using the PID), and for a VMWare (vmware-vmx.exe) process it will shut your VM down, properly.

    This is how you can do shut down all your VM’s using a line of PowerShell:

    get-process | ?{$_.Name -eq "vmware-vmx"} 
    | % {& 'C:\Program Files (x86)\Microsoft Corporation\Logo Testing Tools for Windows\
    Restart Manager\AMD64\RMTool.exe' -p $_.Id -S -F}
    

    This sends the Force (-F) Shutdown Application (-S) signal to the process (-p) identified using the PID.

    Shutting down the VMWare processes

    So, no need to revert to Windows 8.1 or earlier.

    Merry Christmas to you all, especially to piccolonicky!

About Wictor...

Wictor Wilén is a Director and SharePoint Architect working at Connecta AB. Wictor has achieved the Microsoft Certified Architect (MCA) - SharePoint 2010, Microsoft Certified Solutions Master (MCSM) - SharePoint  and Microsoft Certified Master (MCM) - SharePoint 2010 certifications. He has also been awarded Microsoft Most Valuable Professional (MVP) for four consecutive years.

And a word from our sponsors...

SharePoint 2010 Web Parts in Action