Contents tagged with Office 365 Groups

  • Configuring Office 365 Groups creation the right way

    Tags: Office 365, Office 365 Groups, Azure AD

    Over the last few days the issue on how to prevent users to create Office 365 Groups has popped up in all sorts of conversations. This blog post will show you how to do it in the correct way, and serve as a future reference. I'm not the only one who have blogged about this, it's in many places including official documentation. But in many places both scripts and some caveats are either wrong or outdated. One post covers this topic really well, and in a good and correct way and it's this post by John P. White - Disable Office 365 Groups, part 2. Read it! This post however will show you how to do it in a more direct way, using PowerShell.

    Background

    We used to prevent end-users from creating Office 365 Groups (from now on referred to as only Groups) using an OWA Mailbox policy. Even I have a blog post on that topic. But this way to do it is outdated. That mailbox policy only applies to Groups being created from OWA (Outlook Web Access, Outlook on the web…whatever) and Outlook. It did not prevent people from creating Groups using Microsoft Teams, Planner, StaffHub, PowerBI, Dynamics 365 and what not.

    How to do it properly

    Instead of continuing to building the settings on the Mailbox policy setting, this setting has now moved to Azure AD. You can even see it in the "new" Azure Portal, although it doesn't really reflect the real settings and not all settings.

    Azure AD Settings for Office 365 Groups

    The way to do it is to use PowerShell and essentially follow the official documentation. The problem with that article however is that it contains a few errors, is not updated, has some weird scripts and is just to darn long to read through. So, here's a my PowerShell for this. You can find the complete script in this Gist.

    Prerequisites

    To be able to run the PowerShell you need to install some stuff

    • The Microsoft Online Services Sign-in assistant
    • The Windows Azure Active Directory Module for PowerShell - and here's a big thing. You MUST (at the time of writing) only use the preview version, with version number 1.1.130.0-preview found here. Do not try to download the higher version with version number 1.1.166.0 - it will not work.

    Now, we got that out of the way, let's get to the fun stuff.

    Scripting FTW

    First we need to log in to our tenant using an admin account. I prefer to use a the Get-Credential method over the dialog option, makes everything more smoother.

    # Store the credentials in a variable
    $creds = Get-Credential
    
    # Connect to the Microsoft Online services
    Connect-MsolService -Credential $creds 
    
    

    The next thing is to make sure that users are allowed to create Groups, we'll limit it later. Make sure you use the script below and not the one in the official article as they have spelling errors on the variable.

    # Get tenant setting (misspelled in official docs)
    Get-MsolCompanyInformation | Format-List UsersPermissionToCreateGroupsEnabled
    
    # If false, then use the following
    Set-MsolCompanySettings -UsersPermissionToCreateGroupsEnabled $true
    
    

    To limit the users allowed to create Groups we need to have a security group with members in Azure AD. And we need the Id of that group, so we'll grab it with some PowerShell:

    # Retrieve ID of Group that should have the option to create groups
    $group = Get-MsolGroup -SearchString "Group creators" 
    
    

    The settings we need to set are contained in an Azure AD object, created from a template. We retrieve that template using the following command and create our settings object like this:

    # Retrieve the Group.Unified settings template (assuming you have not done this before)
    $template = Get-MsolAllSettingTemplate | Where-Object {$_.DisplayName -eq "Group.Unified"}
    
    # Create the settings object from the template
    $settings = $template.CreateSettingsObject()
    
    

    Once we have the settings object, we can start setting properties.

    • EnableGroupCreation - should be set to false. We negate the tenant setting here, and we'll override it soon again for the specific security group
    • GroupCreationAllowedGroupId - this is the Id of the security group that are allowed to create Groups
    • UsageGuidelinesUrl - a URL pointing to your usage guidelines. Optional, but recommended
    • GuestUsageGuidelinesUrl - a URL pointing to usage guidelines for external users. This link will be shown in the external sharing e-mails and should of course be on a public available location. Optional, but recommended
    • ClassificationList - a comma separated list with your classification labels. Optional. Currently the first one in the list will be the default one. (does not work in all tenants at the time of writing)

    There's some more properties that you can take a look at, and over the last few weeks even some more popped up (without any documentation).

    # Use this settings object to prevent others than specified group to create Groups
    $settings["EnableGroupCreation"] = $false
    $settings["GroupCreationAllowedGroupId"] = $group.ObjectId
    
    # (optional) Add a link to the Group usage guidelines
    $settings["UsageGuidelinesUrl"] = 
      "https://contoso.sharepoint.com/Pages/GroupUsageGuidelines.aspx"
    
    # (optional) Add a link to Guest usage guidelines
    $settings["GuestUsageGuidelinesUrl"] = 
      "http://contoso.com/usageguidelines"
    
    # (optional) Add classifications to be used for Groups
    $settings["ClassificationList"] = "Public,Internal,Top Secret"
    
    # Verify
    $settings.Values
    
    

    Now we have the settings and all we need to do is to add them to Azure AD:

    # Add the settings to Azure AD
    New-MsolSettings -SettingsObject $settings
    
    

    And from now on, only members of the security group can create Office 365 Groups using all endpoints such as Planner, Teams, PowerBI, Microsoft Graph REST etc. BUT StaffHub still ignores this setting!!!!! Aaargh!

    Need to update the settings?

    If you need to update the settings, or there are new properties that you want to configure, then use the PowerShell below. The one(s) in the official documentation is really weird written…

    # Retrieve settings
    $settings = Get-MsolAllSettings | Where-Object {$_.DisplayName -eq "Group.Unified"}
    
    # Check the values
    $settings.Values
    
    # Update a property
    $settings["GuestUsageGuidelinesUrl"] = "http://www.wictorwilen.se"
    
    # Save the updates
    Set-MsolSettings -SettingId $settings.ObjectId -SettingsValue $settings.GetSettingsValue()
    
    

    Summary

    That's it. It's not rocket science. Looking forward to further settings and also a proper UI in the Azure portal for the lazy people.

    The PowerShell is a bit weird though, should have had a review by the PowerShell team before going into the production in my opinion.

  • SharePoint Team Sites are back - stronger than ever!

    Tags: SharePoint, Office 365, Office 365 Groups

    SharePointAbout a year ago I wrote a blog article called SharePoint Team sites are dead. An article that stirred up many feelings in the community and started an interesting (and somewhat harsh) discussion - which was kind of the point. Fast forward to May 2016 and this is a totally different ball game! SharePoint Team Sites are back!

    Modern team sites

    Jeff Teper, CVP at Microsoft, writes in the just now published The Future of SharePoint blog post: "Team sites has always been at the heart of collaboration with SharePoint", a statement I absolutely agree with. Team Sites is what made SharePoint such a successful product. The post I wrote about how Team Sites are supposed to be dead are still true though - Team Sites are not what they used to be, they have transformed and merged with Office 365 Groups into something more powerful - the new Modern Team sites.

    For the last year or so I've been fortunate and been part of a smaller group that has had a continuous interaction with the product team (both marketing and engineering) and we've been shown what they have been working on and we've given them feedback. The product team has been awesome in this dialogue, and in the way they have taken Team Sites out of the dark ages and into a new more modern way of working and at the same time listening to our opinions.

    Team Sites and Office 365 Groups

    If you've been following my blog or me on Twitter, or met me in person, you couldn't have ignored the fact that I've been a huge fan of Office 365 Groups. Although I also been very transparent that they have not been the silver bullet, given some of their shortcomings, of which almost all has been resolved over the last few months. And the Roadmap of features and improvements of Office 365 Groups are just top notch. The power of these new Modern team sites is the fact that they have merged with Office 365 Groups, giving team sites many of the features that we previously had to build and customize.

    SharePoint team site and mobile app

    Yes, this new experience will prevent some customizations that we've previously been used to doing. But this is a good thing. This allows for a much better life cycle management of SharePoint Team Sites. We all know what's the most expensive part of any SharePoint project - the upgrade piece, the thing that happens a couple of years after the initial project. In this new world of evergreen services - I expect to see this coming to the on-premises version of SharePoint as well - we are in a continuous upgrade mode. We don't have time to spend on upgrades, it should just work. This new model; including the new page experience and extension framework; allows for this.

    SharePoint home and the SharePoint mobile app

    SharePoint homeAlso back in December 2013 I wrote another blog post (seems like ages ago) in which I questioned the fact that the brand SharePoint was going to survive. At that time there was no mention of SharePoint at all in the end user interface in Office 365 - it was just known as Sites and Microsoft was very mellow on the whole on-premises piece. Worth noting is at that time the leadership of the SharePoint team was not as it is today.

    Fast forward to 2016, Sites will be renamed to SharePoint. Finally! This is something that I have been longing for. But this is not only a rename of the tile in the waffle. SharePoint home is your new start page, an aggregated view of your most active sites as well as the ones recommended to you by the Office graph, from both the cloud and on-premises. Not only that, the SharePoint home is also a new entry point for enterprise search and I also believe that this is just the first of many steps.

    This SharePoint home experience is also the heart of the new SharePoint mobile app. Another experience that I've been trying out for a while. The "Intranet in your pocket" is what Microsoft calls this app. It's not really there yet (as an Intranet), but the vision and ideas they have look great. Currently the app gives me great insights in the Team sites I'm participating in, the activities happening in them, the documents and even plain ol' SharePoint lists, and I can search for documents and people. Another great feature is that they by default have built-in account switching and it works for Office 365 and on-premises. Good job!

    Intranet!

    I find it very interesting that Microsoft finally talks about SharePoint as an Intranet. They haven't done that for a long time. The versatile SharePoint development platform is now being more streamlines to a specific set of workloads within the Digital Workplace and employee experience. I think this is a good move and hopefully customers can get started with SharePoint without spending to much money and time on building the Intranet features. I wouldn't be surprised if we see more Intranet features, like news and portals, in the near future.

    The SharePoint Framework

    Not only is this new modern team sites equipped with a great user experience, it is also customizable through the new page model and the new extension model called The SharePoint Framework. This new model allows you to still do the the customizations that once made SharePoint so famous and feature rich. This time the improved extension model is all based on client side technologies; no WSP, no sandbox, no weird SharePoint hosted apps. What we get is something more modern that potentially can attract new developers to the realm of SharePoint. This part I'm particularly excited about and please read this post I've written, that is dedicated to the SharePoint Framework.

    One of the most important aspects of the SharePoint Framework and the approach to base it on solely client side technologies, is that this allows the SharePoint team to slowly move away from the (deprecated) ASP.NET Web Forms model that has over the years caused us so much headaches.

    And what about Yammer

    These new announcements are all about SharePoint. Yammer is not a part of SharePoint. None of the blog posts from today mention the Yammer service and during the virtual event today, Yammer was just mentioned briefly. I draw my own conclusions from this and you have draw your own.

    Summary

    What we've seen today and moving forward is just the beginning of the Future of SharePoint. I'm very excited about what we will get over the next few months and following that.

  • What's new on the Office Roadmap - 2015-12-04

    Tags: Office 365, Office 365 Groups

    December updates incoming! The Office Roadmap has once again been updated and this time with quite a few new additions to the roadmap. Note that there is very anticipated and important updates to Office 365 Groups - have a read and enjoy!!

    Changes 2015-12-14

    Now Launched

    • Capacity Management capabilities in Project Online: Colored heatmaps and stuff in Project Online (from Rolling out)
    • Compliance Search Conditions: Improved search experience in the compliance center (from Rolling out)
    • Data Loss Protection (DLP) for Office desktop: Data loss prevention features in the Office client (Excel, PowerPoint and Word). Cool! (from Rolling out)
    • DKIM Outbound for Exchange Online Protection: outbound validation of e-mails (from Rolling out)
    • FastTrack | Data migration to OneDrive from Google Drive: Fast track center now offers migration from Google Drive to OneDrive (from In Development)
    • FastTrack | Skype for Business Onboarding Expansion: onboarding guidance for PSTN Conferencing and Calling Plans, Cloud PBX etc (from In Development)
    • FastTrack | Azure Rights Management Onboarding: RMS Onboarding, isn't this just checking a check box? (from In Development)
    • FastTrack | Project Online Onboarding: Get them projects in the cloud (from Rolling out)
    • New per-user licensing for Sway: license Sway per user! Which essentially means, we can now shut down Sway on a per user basis. (from In Development)
    • Office 2013 Windows client modern authentication public preview: ADAL based sign in for ye old Office client (2013) is now in PUBLIC PREVIEW.  (From Rolling out)
    • Office 365 Groups: auditing: Office 365 audit reports now includes changes in Office 365 Groups. This is huge in making Office 365 ready for enterprises. Go Groups! (NEW)
    • Office 365 Groups: Support compliance requirements: Another awesome Groups update. You can now put holds on Groups - which will put a hold on mailboxes, files, calendars etc in the Group! (From In Development)
    • OneNote Online: Record Audio clips & Insert File: OneNote Online is a bit more pimped with Audio clips (NEW)
    • Project Online content pack for PowerBI: Project Online data in PowerBI - a match made in the clouds (from In Development)
    • Resource Engagement Workflow in Project Online: improvements for Resource Managers in Project Online (from Rolling Out)
    • Sway admin controls over Insert tab content sources: Important enterprise focused update of Sway that allows admins to control from where the Sway users can insert data (from In Development)
    • Sway in Service Health Dashboard: Sway traffic lights in the admin portal (from In Development)

    Rolling out

    • Multiple timeline bars in Project Online: a new and pimped and more efficient timeline bar in Project Online (from In Development)
    • Office 365 Groups: creation policy in Azure Active Directory: A new policy option in Azure AD that allows admins to restrict group creation to certain users. Previously this could only be controlled through the Exchange policy settings - but that policy only affected creation through Exchange, Outlook and the Outlook Groups app. This new policy applies to all endpoints (read Microsoft Graph, PoSh etc). (NEW)
    • Office 365 Groups: dynamic membership: AWESOME! We will be able to create Office 365 Groups and base them on dynamic memberships, for instance have all users with the value "Project Manager" in their title in one group etc. (NEW)
    • Office 365 Groups: naming policies for aliases: the naming policies only applied to the display name of the group previously, now it will also apply to the e-mail alias. (NEW)
    • Office 365 Multi-Channel Catalog Support:: Improvement to the Education, Government (Public), and Charity sections allowing them to purchase any commercial service (NEW)

    In Development

    • FastTrack | Office 365 ProPlus Upgrade Assistance: Onboarding center will help ProPlus customers to upgrade to the 2016 version. **giggles** (NEW)
    • Office 365 Admin app - Group functionality: Group Administration is coming to the Admin App (from In Development, previously this one was called Office 365 Admin app updates October 2015)
    • Office 365 Admin app - Push Notifications for Message Center: opt-in or out to push notifications (NEW)
    • Office 365 Groups: data classification & extensible policy: This one is HUGE folks. And it just explains how important Office 365 Groups is for Microsoft and Office 365. This update states that we will be able to classify Groups (secret, confidential, unclassified etc) AND we will have the option to specify an endpoint that is called whenever a Group is created! BOOM! Take that Yammer! (NEW)
    • Office 365 Groups: deletion recovery: get them Groups back from the dead with a single click (NEW)
    • Office 365 Groups: expire inactive groups: Awesomeness just keep coming! (NEW)
    • Office 365 Groups: files quota management: Get better control of the amount of data your groups use (NEW)
    • Office 365 Groups: general usage reporting: Usage and Engagement reports in the Admin Center (NEW)
    • Office 365 Groups: hidden membership support: Currently the membership is open, this update will allow you to have hidden memberships, very good for privacy reasons (NEW)
    • Office 365 Groups: mobile application management: The Outlook Groups app will be a managed app in Intune (NEW)
    • Office 365 Groups: multi-domain support: This one has been high on my whish list. Have control of the e-mail domain used by the Groups (NEW)
    • Office 365 Groups: naming policy in Azure Active Directory: the description on this one is a copy of the dynamic membership one, see above, but I do think it is about having the naming policies not only in Exchange but also in AAD. (NEW)
    • Office 365 Groups: Office Delve discovery & insight: Groups in Delve! Can't beat that! (NEW)
    • Office 365 Groups: usage guidelines: Better options for you to have guidelines about the usage of Groups within your organization. I'm thinking like the TOU in Yammer. So one more feature from Yammer is moving into Groups (NEW)
    • Outlook on the web: Addition of “Distribution Groups” Option and Removal of “Other” link: Just a re-org of the menus in OWA. (NEW)
    • Per user licensing for Yammer: I see this as we can now turn of Yammer and only let the handful of people that still likes it use it… (NEW)
    • Project Online - Portfolio Dashboard: More reports based on best practices and industry standards (NEW)
    • Project Online - Portfolio Dashboard for iPad: Same as above but for the illiterate. (NEW)
    • Skype for Business Mac Client Preview: Them Appleheads will love this, we gotta give them a chance to participate in our meetings sometime :). (NEW)

  • Enhancing your Office 365 Groups using custom Connectors and Cards for Groups

    Tags: Office 365, Office 365 Groups

    Wow, what a day for developers in the Office 365 land! Tons of new features was announced at the Microsoft Connect(); 2015 virtual conference. We've seen the GA of the Microsoft Graph and a bunch of new API's added to the Microsoft Graph beta end-point and more. One of the features that I really have been waiting for is the Office 365 Connectors for Groups and the  Office 365 Connector Cards.

    The Office 365 Connectors for Groups allows users of Office 365 Groups to add integrations to their Office 365 Groups. Connectors can be seen as services and events that you subscribe to and then the services when certain events happens posts information to the Group activity feed. There are a set of pre-configured Connectors that anyone can add or you can create your own Connector and customize it for your needs. For instance there are built-in Connectors for Twitter, Github, RSS feeds and Trello. The possibilities for this is endless!

    In this post I will show you how to create your own Connector and Connector Card. In this sample we assume that we have a CRM system that monitors incoming requests, such as RFI's and RFP's, and we want these events to be posted to a Group in Office 365.

    Enabling Connectors

    First of all, the Connector framework are in preview so in order to start working with them we need to enable this preview. This is done by navigating to a Group in Office 365 and then append &EnableConnectorDevPreview=true to the URL.

    Enabling Connectors

    Once we have enabled the Connector preview you will find a new option called Connectors under the "…" menu. Click on that to start configuring your Connectors. In the task pane that is shown you can see all the different default Connectors which you can add and configure without doing any kind of development.

    The Connectors

    Creating an Incoming Webhook

    In our case we want to do a completely custom Connector. We create these by choosing the "Incoming Webhook" Connector and then click Add.

    Incoming Webhook

    To configure our Incoming Webhook we need to give it a name and optionally add an image for the Connector. Once that is done we need to click on Create to create the Webhook. When it is created you will see an input box with a URL in it. This is the Webhook and we need this URL in our custom Connector handler. The URL is unique for this Group and Webhook and we can of course remove the Webhook if we want to disable it.

    Note that when the Webhook is created a notification of this will be sent to the Activity feed, the notification contains the Webhook URL.

    Posting a message to the Webhook

    Once we have the Incoming Webhook URL we can build our own custom solution that posts messages to the Activity feed within the Office 365 Group.

    All we need to do is to issue a POST request with JSON payload to this URL. There is no need for authentication - we assume that this URL is as unique and no one figures it out :) It is a Guid folks!

    The JSON payload describes the Connector Card. The Connector Card can have simple properties such as title, text, images and a color and more advanced properties such as actions and sections with facts. The image below shows a Connector card with (1) the Connector info, (2) the Connector card title and text, (3) a section with activity details and (4) facts connected to the section and finally (5) actions.

    Connector Card

    This Connector card can be added to the Office 365 using any kind of tool that can send a post request. Let's see how it can look like when doing it using Node.js. You can find a more exhaustive example at https://github.com/wictorwilen/Office365_Connector_Demo.

    var request = require('request')
    
    request({
        method: 'POST',
        uri: 'https://outlook.office365.com/webhook/.....',
        headers:{
            'content-type': 'application/json',
        },
        body: JSON.stringify({
            'title': 'New RFI added to CRM',
            'text': 'A new RFI from [Contoso](http://www.contoso.com) has arrivied',
            "potentialAction":[{
                "@context": "http://schema.org",
                "@type": "ViewAction",
                "name": "Lookup Contoso in CRM",
                "target": ["http://crm.fabrikam.com/customer/Contoso"]
            }],
            'themeColor':'#FF69B4'
        })
    }, function(error, response, body){
        console.log(response.statusCode)
    })

    We create a new HTTP POST request and as URL we use the Webhook URL that we generated previously. Then we need to make sure that we use application/json as the content type for the request. The body of the request is a JSON formatted payload. In the example above we provide a title and a text (note the Markdown formatting) as well as an action. The JSON payload is thoroughly described in the Outlook Dev Center, so there is no need to delve into that to much. When the request is sent it will return a status code of 200 if successful. If not successful you will see response code 400 if you have used the wrong format, 404 if you specify the wrong Webhook URL and you can even get throttled (429) if you send to many requests.

    Summary

    That was so easy! With just a few lines of code and a simple configuration we can make the Office 365 Groups experience into something integrated into your or your customers organization. Imagine the possibilities with this.

    I'm really impressed with how Microsoft build their products and services now, how they adhere to modern development techniques, how they innovate and how they make my job so much more fun! I've said it before - Groups are here to stay and they do it big time!

About Wictor...

Wictor Wilén is the Nordic Digital Workplace Lead working at Avanade. Wictor has achieved the Microsoft Certified Architect (MCA) - SharePoint 2010, Microsoft Certified Solutions Master (MCSM) - SharePoint  and Microsoft Certified Master (MCM) - SharePoint 2010 certifications. He has also been awarded Microsoft Most Valuable Professional (MVP) for seven consecutive years.

And a word from our sponsors...