PowerShell

At my customer we are using Privileged Identity Management (PIM) for all admin related tasks, no employee has standing access within the company.

What is PIM

Let’s first start by explaining Privileged Identity Management. It is a service that is available in Azure AD and is part of Azure AD Plan 2. For a user to use it, they need this plan enabled. PIM makes it possible to give a user the privilege to elevate his or her access rights for a preset amount of time to a higher role such as User Administrator or SharePoint Administrator. PIM gives access to about 35 different roles in Office 365 and Azure resources where the user is by default a reader and can elevate it to be an owner of a resource (group).

It was that time of the year again to visit Belgium for their SharePoint Saturday. An excellent day organized by BIWUG.

This year was a tribute to an amazing SharePoint teacher who passed away too soon, Patrick Tisseghem. I did not know him but heard and read about him, I only was working 1 year with SharePoint when he passed away. During the day there were videos and photos about the things he did for the community.

Some time ago I got the question if it was possible to start using AAD Connect while some of the users are already in Office 365 with a cloud account without losing their content and access. So this was a first that I had this question and found myself searching on the internet and found an article from Microsoft that this was possible. https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-existing-tenant

This article describes that you can start syncing an on-premises AD with Azure AD when you already have users in Azure AD. AAD Connect then tries to connect the on-premises user to the cloud user. There are two types of matching Microsoft does, Hard match and Soft match. A hard match is done on the “SourceAnchor/ImmutableId” in Azure AD, and a soft match is on the combination “UserPrincipalName” and “Proxyaddresses”, and then only the primary email address is used.

Today I saw a notification in the Office 365 Portal about the correct sizing of Shared Mailboxes.

It seems that Microsoft is creating Shared and resource mailboxes with a max limit of 100GB. As the documentation states these mailboxes can only have a size of 50GB and when you need more space you need to assign an Exchange Plan 2 license to that mailbox to get 100GB of space for that mailbox. https://technet.microsoft.com/en-us/library/exchange-online-limits.aspx#StorageLimits This change of the size limit will be applied on July 30th, 2018. See this roadmap item for more details https://products.office.com/nl-NL/business/office-365-roadmap?filters=&featureid=31391

In this post, I want to take you with me how you can use app credentials in an Azure Automation script to connect to SharePoint Online. Many PowerShell scripts use a username and password, but these are less secure than using an app credential and can also be used to login to SharePoint Online in the browser. By default, connecting to SharePoint uses basic authentication and many companies are on route to disable this to make use of conditional Access and MFA.

It was time again for the European Collaboration Summit. After the success of last year, I attended again. This time it was a bit closer to home in Mainz.

We started on Tuesday with a keynote from Dan Holme (@DanHolme) with a recap of the SharePoint Conference in Las Vegas from last week. The take a way’s for me were

• OneDrive can handle over 300 different filetypes with a preview; this works in the browser and on the mobile clients.
• The Scan feature will be placed more centered in the app so that you can scan receipts or whiteboards a lot quicker. No need for the separate app Office Lens anymore
• Text recognition for images so you can search for the content of the images.
• @Mentions in Word Document will send a notification to that user. If that user does not have access to that document, a share request is displayed.
• In Microsoft Teams there will come full support for SharePoint document libraries.
• Modern pages will get the ability to have extra metadata that can be used for user targeting
• Microsoft Training services will be available around the summer. This can help with the user adoption of Office 365
• Search extensibility will come to Office 365; this means search suggestions and SPFx extensions for search
• Modern Teams and Communication sites will be in SharePoint 2019

After the keynote, I went to the session “Enabling the protection, detection, and response to cyber-threats” of Martina Grom (@magrom)

When setting up a hybrid environment we usually first setup hybrid search and do not that much on hybrid profiles. I have noticed that there are some quirks in the hybrid profiles what might not get noticed while setting it up. At the moment of setting up hybrid profiles, there is not that much to configure. Only none, all in Office 365 or based on a group. As many of you know a good user profile consists of some basic data like a photo, name, contact details, manager and location.

There are various ways of security in office 365, this time I walk you thru the security possibilities for Email. As we start with the basics, we have the option to use an SPF record to protect us from spam on a very basic level. This is so basic and a requirement when you add the domain to Office 365.

As we go deeper into the security of the mail flow we see DKIM and DMARC. These two are not often used, but useful and easy to set up. So easy that it should be a requirement like SPF in my opinion.

A common situation in SharePoint is adding custom properties to a SharePoint profile. In an on-premises environment, it was very easy to link these properties to a property in AD. In SharePoint Online, you are not able to link these Azure AD properties. So how can we solve this?

There is a very simple solution for this in the Office Dev PnP PowerShell pack called ‘Set-PnPProfileProperty’.

This command sets any user profile property for the given user.

In 2014 I wrote a post on how to force the renewal of the content types in an on-premises environment and got a request on that post if it was possible to do the same in Office 365.

After a short research and some changes to the original script, see below for the result.
It uses the Office Dev PnP PowerShell CmdLets.

See below for the version for SharePoint Online