Weeknote 16: Anonymous? (Week 17, 2018)

This week has been another one split between two end-user computing projects – one at the strategy/business case stage and another that’s slowly rolling out and proving that the main constraint on any project is the business’s ability to cope with the change.

I can’t say it’s all enjoyable at the moment – indeed I had to apply a great deal of restraint not to respond to lengthy email threads that asked “why aren’t we doing it this way”… but the inefficiencies of email are another subject, for another day.

So, instead of a recap of the week’s activities, I’ll focus on some experiences I’ve had recently with “anonymous” surveys. I’m generally quite cynical of these because if I have to log on to the platform to provide a response then it’s not truly anonymous – a point I highlighted to my colleagues in HR who ask a weekly “pulse” question. “It’s not on your record”, I was told – yet progress is logged against me (tasks due, tasks completed, etc.) and only accessible when I’m logged in to the HR system. It’s the same for SharePoint surveys – if I need to use my Active Directory credentials, then it’s not anonymous.

I’m approaching my third anniversary at risual and I picked up an idea for soliciting feedback (for my annual review) from colleagues, partners and customers from my colleague James Connolly, who has been using a survey tool for a couple of years now. Rather than use one of the tools on the wider Internet, like Survey Monkey or TypePad, I decided to try Microsoft Forms – which is a newish Office 365 capability. It was really simple to create a form (and to make it anonymous, once I worked out how) but what I’ve been most impressed with is the reporting, with the ability to export all responses to Excel for analysis, or to view either an aggregated view of responses or the detail on each individual response within Microsoft Forms.

I went to pains to make sure that the form is truly anonymous – not requiring logon, though I did invite people to leave their name if they were happy for me to contact them about the responses. Even so, with a sample size of around 50 people invited to complete the form and a 50% response rate, I can take a guess at who some of the responses are from. By the same token, there are others where I wish I knew who wrote the feedback so I could ask them to elaborate some more!

I won’t be doing anything with the results, except saying “this is what my colleagues and customers think of me and this is where I need to improve”, but it does re-enforce my thinking that very little in life is truly anonymous.

Next week includes a speaking gig at a Microsoft Modern Workplace popup event (though I’m not entirely comfortable with the demonstrations), more Windows 10 device rollouts and maybe, just maybe, some time to write some blog posts that aren’t just about my week…

Weeknote 9: SharePoint as a CMS, with a little Power BI to help visualise dynamic data (Week 6, 2018)

2018 is flying by but the last couple of weeks have been exciting. After a period of working on short-term engagements (which can be a challenge at times), I’ve landed myself a gig on a decent sized Modern Workplace project that’s going to keep me (and a lot of other people) busy for the next few months. Unfortunately, I can only devote 50% of my time to it for a couple of weeks as I need to clear a few other things out of the way but that will all change soon.

One of those “things” is a project I’ve been working on to provide supplementary information to operators in a part of the critical national infrastructure (I wish I could be less cryptic but I can’t just yet – I hope that maybe one day we can create a case study…). It’s replacing a bespoke system with one built using commercial off-the-shelf (COTS) products, with a little customisation – and it’s been my first “software” project (cf. infrastructure-led engagements).

Basically, we’re using SharePoint as a content management system, receiving both static and dynamic data (the latter via a service bus) that needs to be displayed to operators.

All of the data is stored in SharePoint lists and libraries and then presented to a browser running in kiosk mode. The page layouts then use web parts to either display data natively, or we use Power BI Report Server (this solution runs on-premises) to create visualisations that we embed inside SharePoint.

And, because the service bus isn’t available yet, we had to demo the dynamic data arriving using another tool… in this case, SoapUI populating SharePoint using its REST/OData API.

It’s been an interesting project, not just because I’ve had to step back and focus on just the architecture (leaving others to work on the detail) but because it’s been software-led. I must admit I was nervous hearing status reports from the team about the page layouts they had created, or the webparts they were scripting, and I was thinking “but didn’t you do that last week?” but, once I saw it come together into something tangible, I was really impressed.

Yesterday was our first opportunity to demonstrate the system to our stakeholders and the initial feedback is positive, so that’s a really big tick in the box. Now we need to document the solution and get it production-ready, before progressing from what’s currently just a framework to something of real value.

Next week will be very different: I’m taking most of half term off work but Monday is the bi-annual risual summit, and I’m responsible for the Technology Track again.

Before then, it’s a weekend of kids football and cycling, plus Six Nations and Winter Olympics on TV. So I’m signing off now to (hopefully) watch Wales beat England at Twickenham!

Short takes: SharePoint/Delve and shortlinks; CESG guidance on Office 365; removing Sway from the App Launcher

So, it’s Christmas Eve and I’ve run out of annual leave this year so I’m still working… looks like everyone else has gone home though so I’m really just clearing down my mailbox, searching for Inbox Zero nirvana. As I do, there are lots of little snippets that I might like to remember, so here’s a little Christmas compilation…

SharePoint, Delve and short links

We have a URL shortener at work and one of the things it’s really great for is taking reallyreallylongandundigestibleurisfromsharepoint and making them risu.al/short. Unfortunately Alex Eggar, who leads our Business Productivity group, highlighted to me that I’m better off using SharePoint’s sharing functionality… otherwise Delve won’t know what’s going on…

There’s loads of information on Delve for Office 365 administrators and Paul Olenick (SharePoint MVP) has an interesting post the describes more about Delve. What I haven’t managed to get clear in my head yet is why a short URL bypasses the Office Graph… I’m still accessing the content… but I’ll leave that one to the experts!

CESG Guidelines for use of Office 365 at OFFICIAL

I had an interesting meeting with a customer recently, discussing how their Office 365 implementation aligned to UK Government (CESG) guidelines. Whilst they are guidelines, and this customer is only loosely affiliated with the Government, the CESG guidance on Office 365 could be considered as a useful benchmark.

The guidelines are available on the gov.uk website. Currently they include:

Turning off the App Launcher tile for Sway

As I wrote a couple of months ago when describing how to selectively remove tiles from the Office 365 App Launcher, disabling Sway in Office 365 didn’t used to remove the tile from the launcher. Since earlier this month, that behaviour has been changed with more details in Microsoft knowledge base article 3075256.

Restore the Shared with Everyone folder in OneDrive for Business

For a long time now, the default behaviour in OneDrive for Business has been to provide a folder (called “Shared with Everyone”) which is an easy way to share files with everyone in the organisation. By default, the permissions on this allow editing of files in the folder by “Everyone except external users” (and guest links can be provided for others – either on a view-only or an edit basis).

From 1 August 2015, Microsoft changed the default setting for OneDrive for Business so that the Shared with Everyone folder is no longer provisioned.  It can be created manually by a user, or the tenant settings for the entire organisation can be set to provision the folder by default:

Set-SPOTenant –SharingCapability Disabled –ProvisionSharedWithEveryoneFolder $true

It’s also possible to remove users’ ability to use the “Everyone,” “All Users” and “Everyone except external users” groups from the people picker in OneDrive for Business and SharePoint Online with the following commands:

Set-SPOTenant -ShowEveryoneClaim $false
Set-SPOTenant -ShowEveryoneExceptExternalUsersClaim $false
Set-SPOTenant -ShowAllUsersClaim $false

Enabling them is achieved with the equivalent commands but set to $true.

Problems setting storage quotas in OneDrive for Business? Check that site collection storage management is set to manual!

A few weeks ago, I wrote a blog post about controlling OneDrive for Business syncing to prevent data copies on non-domain-joined PCs. Since then, I’ve had to add a post script to highlight a known issue with domain joined PCs failing to sync OneDrive for Business, even when added to a safe list, which is fixed by the 12 May 2015 update for OneDrive for Business (see Microsoft knowledge base article 2986244).

I also wrote in that post about problems setting storage quotas in OneDrive for Business using Set-SPOSite -Identity https://tenantname-my.sharepoint.com/personal/firstname_lastname_tenantname_onmicrosoft_com -StorageQuota 2048

Set-SPOSite : Cannot get site https://tenantname-my.sharepoint.com/personal/firstname_lastname_tenantname_onmicrosoft_com.
At line:1 char:1
+ Set-SPOSite -Identity
https://tenantname-my.sharepoint.com/personal/firstname_lastname …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Set-SPOSite], ServerException
+ FullyQualifiedErrorId : Microsoft.SharePoint.Client.ServerException,Microsoft.Online.SharePoint.PowerShell.SetSite

After raising a service request with Microsoft (which took over a week to be escalated after a few days of the initial team failing to resolve it) and then engaging the Microsoft Onboarding Center instead, I finally got to the bottom of the issue. The problem was that Site Collection Storage Management in SharePoint Online was set to Automatic. Once this was changed to Manual, I could successfully apply the quotas to users’ OneDrive for Business sites.

Office 365 (SharePoint Online) Site Collection Storage Management settings

As well as using PowerShell (Get-SPOSite -Identity https://tenantname-my.sharepoint.com/personal/firstname_lastname_tenantname_onmicrosoft_com), you can check the current storage quota in the browser, under Site settings, Storage Metrics:

One Drive for Business storage quota reduced to 2GB

Unfortunately this setting has to be applied on a per-user basis, after the user has already logged on to OneDrive for Business (which provisions the storage).

Default site collections in SharePoint Online

When an Office 365 tenant is created with SharePoint Online, several site collections are created.  It can be confusing to work out what each is for, so here’s a quick reference, based on the SharePoint 2013 sites – I guess this may change as SharePoint 2016 is rolled out.

  • https://tenantname.sharepoint.com – team site for the company – you can always create more, but this is the “top of the tree”.
  • https://tenantname.sharepoint.com/portals/community – not sure about the purpose of this one, although I suspect it’s a SharePoint 2013 community forum.
  • https://tenantname.sharepoint.com/portals/hub – Office 365 Video.
  • https://tenantname.sharepoint.com/search – the search site for the tenant
  • https://tenantname-my.sharepoint.com – the site collection for all of the users’ OneDrive for Business sites, each one named https://tenantname-my.sharepoint.com/personal/UPN (with the .s replaced by _s).

Note that the SharePoint URL is one of the few places where the Office 365 tenant name is exposed to users.

Control OneDrive for Business syncing to prevent data copies on non-domain-joined PCs

One of the recently announced changes to Office 365 is the ability to better control OneDrive for Business. Specifically, it’s now possible to control OneDrive for Business syncing to prevent data from being copied to non-domain-joined PCs, based on a list of approved domains, as well as to change the storage limit for users (perhaps 1TB is just too much data and something more restrained might reduce the impact on your network). There are also some changes around the “Shared with Everyone” folder, which used to be created by default but isn’t anymore.

The full details are in an Office Mechanics video, linked from a Microsoft blog post but I recently had the chance to try them out for real.

Step 1 was to determine the ObjectGuid for each of the domains in my customer’s Active Directory Forest, using Active Directory PowerShell:

$domains = (Get-ADForest).Domains; foreach($d in $domains) {Get-ADDomain -identity $d | Select ObjectGuid}

Step 2 is to connect to Office 365 using PowerShell:

$cred=Get-Credential
connect-sposervice –url https://tenantname-admin.sharepoint.com/ –credential $cred

Step 3 is to take the ObjectGuid from step 1 and use the Set-SPOTenantSyncClientRestriction cmdlet to restrict synchronisation:

Set-SPOTenantSyncClientRestriction -enable -DomainGuids "a0083dbb-e136-4f48-a048-2ec3a4c40cab"

It’s worth noting that, initially, this failed for me – SetSPOTenantSyncClientRestriction wasn’t a valid command in the version of the SharePoint Online Management Shell I had installed. I checked the version with Get-Module -ListAvailable | Format-List version, name and found I had version 15.0.4569.0 of Microsoft.Online.SharePoint.PowerShell. After updating to the latest version, I was at version 16.0.4316.0, which worked a treat:

TenantRestrictionEnabled AllowedDomainList

———————— —————–

True {a0083dbb-e136-4f48-a048-2ec3a4c40cab}

It’s important to understand how the restrictions are enforced though:

  • Not only will OneDrive for Business Sync client requests originating from a domain that is not on the safe recipients list be blocked but all OneDrive for Business Mac Sync client requests will be blocked. This also means that a sync relationship will not be established unless they are joined to an allowed domain.
  • However:
    • Mobile clients are not blocked (there are separate MDM controls for this) and any files that have been previously been synced to the computer will not be deleted.
    • New or existing files added to the client will still be uploaded to the server and will not be blocked.
    • OneDrive for Business sync client prior to version 15.0.4693.1000 will stop syncing existing libraries.

Controlling the storage quota was a little more tricky. I found that I could use Get-SPOSite -Identity https://tenantname-my.sharepoint.com/personal/firstname_lastname_tenantname_onmicrosoft_com to view the properties of a users’ OneDrive for Business site, but attempting to set the quota on the same site presented an error:

Set-SPOSite -Identity https://tenantname-my.sharepoint.com/personal/firstname_lastname_tenantname_onmicrosoft_com -StorageQuota 2048

Set-SPOSite : Cannot get site https://tenantname-my.sharepoint.com/personal/firstname_lastname_tenantname_onmicrosoft_com.
At line:1 char:1
+ Set-SPOSite -Identity
https://tenantname-my.sharepoint.com/personal/firstname_lastname …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Set-SPOSite], ServerException
+ FullyQualifiedErrorId : Microsoft.SharePoint.Client.ServerException,Microsoft.Online.SharePoint.PowerShell.SetSite

I haven’t fixed that yet, so I’ll be returning to the topic again soon, no-doubt…

Post Script

There is a known issue with domain joined PCs failing to sync OneDrive for Business, even when added to a safe list, which is fixed by the 12 May 2015 update for OneDrive for Business (see Microsoft knowledge base article 2986244).

The OneDrive that’s really two drives…

Jamie Thomson and I have long since lamented the challenges of Microsoft’s two directories for cloud services and it doesn’t stop there. Take a look at cloud storage:

  • OneDrive is Microsoft’s cloud-based storage offering, accessed with a Microsoft Account (formerly a Windows Live ID, or a Passport if you go back far enough…)
  • OneDrive for Business is Microsoft’s cloud-based storage offering, accessed with an Organizational Account (which lives in Microsoft Azure AD)

Similar names, similar purpose, totally different implementation – as the OneDrive for Business product is still Groove (which later became SharePoint Workspace) under the covers (have a look at the filename when you download the client).

And look what happens when you have both products with the same email address used to access them:

Still, at least the site detects that this has happened and gives you the choice. And there is some hope for future convergence as Jamie highlights in this blog post from earlier in the year.

Earlier this week, I was helping a customer to get ready for an Office 365 pilot and they were having challenges with the OneDrive client. The version available for download from the Office 365 portal is a click-to-run installation and it didn’t want to play nicely with their .MSI-based Office 2013 installation (which should already include the client anyway). Actually, that didn’t really matter because the OneDrive client is also included in Windows 8.1, which was the operating system being used.

The confusion came with setting up the connected services inside Office:

  • To set up a OneDrive account, click on OneDrive – but that will only accept Microsoft Account credentials and, after configuration it will show as something like “OneDrive – Personal”.
  • To set up OneDrive for Business, don’t click OneDrive but select SharePoint instead. After logging on with your Organizational Account credentials, that will be displayed as “OneDrive – organisation name” (with SharePoint sites appearing as “Sites – organisation name”).

Some illustration might help so, below is a shot of my connected services. Because I’m connected to multiple Office 365 tenants, you can see that I have multiple OneDrive [for Business] and Sites entries:

If you’re trying to get hold of the OneDrive for Business sync client for SharePoint 2013 and SharePoint Online, Microsoft knowledge base article 2903984 has the links for the click-to-run install.  If you want an MSI version, then you’re out of luck – but you can create a customised Office 2013 installation instead as OneDrive for Business (formerly SkyDrive Pro) was originally released as part of several Office 2013 suites (as described in Microsoft knowledge base article 2904296.

Finally, if you’re trying to work out how to get a OneDrive for Business app on Windows Phone, the OneDrive app can connect to both OneDrive and OneDrive for Business.

Confused?

Short takes: Symbols in Office applications and converting numbers to text in Excel

A few snippets I found on scraps of paper whilst sorting out my office this week…

Shortcuts to symbols in Office applications

Many people will be familiar with typing (c) to generate a © symbol in Microsoft Office applications but you can also use (R) or (TM) for trademark symbols ® and ™. One more that’s useful to know is (e) for the European currency symbol € (at least, it’s useful if your keyboard doesn’t recognise the Euro!).

Another useful code to know is the shortcut to create the symbol used to denote “therefore”, which is ? (and doesn’t appear in any dialogs I’ve seen to insert a symbol/special character). In Office applications running on a Windows PC, it’s possible to type ALT+8756 to generate the symbol.

I’ve tried these in Word and OneNote but see no reason why it shouldn’t work in other Office applications.  Unfortunately the functionality is limited to Office rather than part of the operating system – it doesn’t seem to work in a browser, or in NotePad for example.

Converting numerical data to text in Excel, or SharePoint, or something like that…

A few months ago I was creating a SharePoint list and wanted to display a unique ID for each entry but couldn’t use calculated values in the title column to base it on the actual ID for the list item (at least not when provisioning via the GUI). I can’t remember the exact circumstances but, looking back at my notes it appears I used the following formula in Excel to create a text version of a numerical cell:

=TEXT(A1,"0000")

I probably then uploaded that to SharePoint as a list and messed around with the columns displayed in a particular view… although it’s all a bit vague now. I no longer have access to the list I was working on, but it might jog my memory if I have to do something similar again…

Authentication issues with SharePoint in Windows Explorer mode resolved with browser proxy settings

Every now and again I get infuriated by our Microsoft Office SharePoint Server (2007) platform as it prompts for credentials (before failing to authenticate and repeating the process) when I go to open a document library in Windows Explorer mode.  Today I found the cause of that issue.

I’d been working at Microsoft’s offices yesterday and had disabled the proxy server settings in my browser.  After returning home and VPNing to our network, I was able to access both Internet and intranet resources as normal and I forgot about the proxy server change. Only when trying to work out why I was being asked for authentication as I tried to use SharePoint in Windows Explorer mode did I remember to turn it back on again – after which everything worked as it should.

It may be peculiar to our infrastructure, or it may be a wider issue that’s worth mentioning so, if you experience authentication issues when trying to open a SharePoint library in Windows Explorer mode, double-check your browser’s proxy server settings!