Two weeks after my visit to SharePoint Saturday Paris I visited SharePoint Saturday Netherlands.
The schedule for today was a bit more relaxed than in Paris. We had 4 session slots of 75 minutes with great sessions and more time in between the sessions to have a chat with sponsors, trying out the HoloLens and playing some games.
The HoloLens is a very cool device and I tried it here for the first time.

I arrived around 9 to start with a coffee and seeing our Sogeti booth with coworkers.

Embracing the long term view to build a true digital workplace

The first session of the day started at 9:30 and was delivered by Andries den Haan (@asdhaan).

This sessions was about the mindset of creating a true digital workplace, Andries started out with some history of the intranet.
The first versions of most intranets consist of only some news and a phonebook. It really was a one-way street of pushing information. This evolved into some more advanced intranets where you could actually do some work like sharing documents and collaboration on those documents. The current versions of the intranet contains even more like CRM integrations, better collaboration options like real time working on the same documents and of course mobile access.
This will probably evolve into more advanced versions with IoT, Virtual assistants and machine learning like we see with Delve already.

A suggested link to watch is a Ted talk about Nothing by Will Stephen (https://vimeo.com/161104464)

With the rapid changes we can definitely say that “The only thing remaining constant is Change”. This in not only true for the technology but also for the procedures, how information flows around and organizational structures.

You also see that information flows much faster in a network structure than in a hierarchical structure. A suggested book to read about this is “Pieter Hinssel – The network always win

There is no long term strategy or model that you can use. In the short term there is, but are quickly out dated

“It’s not the strongest of species that survives, nor the most intelligent that survives. It is the one that is the most adaptable to change” – Charles Darwin

Some initial patterns to set things in motion

  1. Embracing the long term view -> focus on the short term, smaller projects and not multiyear projects
    Backlog and priority management: avoiding waste
  2. Combining two modes of IT; Marathon Runners (Reliability, waterfall, long cycles) and sprinters (agility, agile methods, short cycles); you need both modes; Avoid getting stuck between these two modes
  3. The joined venture called Business & IT; business and IT is aligning again; DevOps
  4. Optimizing infrastructure to adapt to change

He closed with the quote “There is no change without leadership”

Kickstart with Azure AD Applications and Microsoft Graph API

This session was delivered by Adis Jugo (@adigjugo)

I was a few minutes late to this session because I had a great talk with Waldek about the products of Rencore.

This session is mainly about how you can leverage the possibilities of Azure AD within your solutions and how to connect to your calendar or SharePoint files.

He started out what Azure AD is and what protocols are supported.
Azure AD

  • Fully managed multi-tenant service
  • Offers identity and access capabilities
  • Apps registered in Azure AD
  • Azure AD != Windows Server Active Directory
  • Azure AD does not replace Windows Server Active Directory
  • Only available in the old portal for now

Protocols that are supported

  • WS-Federation
  • SAML-P
  • OAuth 2.0
  • OpenID Connect (Google)

Protocol endpoints can be found on MSDN

Be aware that when you create an Office 365 trail and that expires you cannot delete the associated Active Directory

When you register your application within Azure AD you have to options

  • Web applications -> everything that runs in the browsers including Web API and workers
  • Native App -> Windows, IOs and Android applications; they will always run in the user’s context

If you choose “web applications”, the URI parameter must be a domain that you own; TIP: use your “onmicrosoft.com” domain name. after creating your application, you need to create a secret, save this immediately because it will not be visible after you pressed save. This secret is valid for one or two years. Set a reminder to create a new one just before the ending of that period.

You also need to be an Azure AD administrator to add or trust an App.

After this Adis showed how you can use Fiddler to use the Graph API.

When you are building an application you do not need to do all the plumping that he showed. For all major platforms Microsoft has made NuGet packages.

  • ADAL; this is for the authentication and re-authentication.
  • Microsoft Graph Client library

To learn more Sahil Malik created a course on udemy (https://www.udemy.com/office365dev/)

Engage in effective collaboration with Azure AD B2B

The third session after the lunch was from Anco Stuij (@ancostuij)

He did a session what Azure AD B2B is how you can use it in SharePoint Online

He first started with explaining what AD B2B is and that this is different from AD B2C (AD B2C is the consumer version and only works with social accounts like Facebook and Microsoft Accounts)

Azure AD B2B is an identity as a Service (IDaaS) and it features

  • Authentication
  • Single sign-on
  • Federation
  • Provisioning

According to Gartner Microsoft is one of the leaders
You can use Azure B2B also for accessing other applications then Office 365 like Exact, SAP, Salesforce or Bitbucket.

Azure B2B is still in preview just like B2C. The expectation is that B2C will come out of preview first and then B2B.

He then showed in a demo how it works by adding a few users from outside his organization to Azure AD. The steps are

  • Create an CSV file with the users you want to add; the format can be found in the documentation
  • Upload this CSV file into Azure AD
  • An invite is send out to all users in the CSV
  • Once they accept the invite they have access to the resources you gave then access to.

The invite email can be branded but you need Azure AD Premium for that.

How to manage, control and govern external sharing for Office 365

The last session of the day was from Bram de Jager (@bramdejager)

Within Office 365 it is very easy to share content, it is completely self-service. There is no need for an IT person to create accounts and such.

The Office 365 and SharePoint administrators can set some limits on how and even if sharing is possible.

There are two types of external users

  • New external users; A user (email address) that is never be added before
  • Existing external user; A user (email address) that is already known in Office 365

There are three levels of settings for external sharing

  • Tenant level
    • Not allowed
    • Only authenticated users
    • Guest link (no authentication needed)
  • SharePoint admin level
    • Not allowed
    • Allow with existing users
    • Allow external sharing
    • Guest links -> possibility to let the link expire after a set period of days

    Here you also have the option to black of white list domains that sharing is available for (max 50.000 domains) separated by a space. The other option is that the invite link only can be accepted with the email address that the link was send to. This you want to enable, although the validation is only on the email address.

  • SharePoint site collection level
    • Same four options as above
    • Allow non-owners to invite new users

External sharing is heavily relying on Access Requests.
You can disable sharing for non-owners with Power Shell (Set-SPOSite -url <URL> -DisableSharingForNonOwners)
the behavior is a bit odd.

Default behavior without the above setting

  • Visitor -> only internal users (results in an access request)
  • Members and owners -> can share without problems

After setting the disable sharing option

  • Visitor and members -> people picker gives an error for internal users and is blocked for external users
  • Owners -> can share without problems

When you use your own groups is might be a good idea to add your own groups to the SharePoint associated groups or assign them.
The associated groups can be found with the URL /_layouts/permsetup.aspx.

Within Office Dev PnP there is a great example how you can get notified and remove the external sharing after a set period of time (https://github.com/OfficeDev/PnP/tree/master/Solutions/Governance.ExternalSharing)
More samples can also be found here (https://github.com/OfficeDev/PnP/tree/master/Solutions).

Ending the day

The day ended with a SharePint and the giveaway of some great products and we ended up at a diner with a lot of fun.

0 Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.