PowerShell

Last two weekends I went to SharePoint Saturday in Paris and Belgium. It is always great to meet other SharePoint and Office 365 consultants, customers and suppliers.

SPS Paris

The first weekend I went to Paris where I did not read my emails to carefully, so I was at the wrong venue. I was not the only one. It took some extra time to get to the new location. Arrived there I was just in time for the first session; this was a session about the secure score site from Microsoft. The URL of the Secure Score is http://securescore.office.com. Here you can log in with an administrator account and see what security settings you can do to make your tenant more secure. You need to be a Global Administrator, SharePoint Administrator, Exchange Administrator or Compliance Administrator to access it.

The first thing that might come to your mind might be that modern authentication is enabled for Office 365. Well that is partly true. It is enabled for SharePoint online, not for Exchange and Skype for Business if your tenant is created before august 1st 2017. While writing this about 95% of the tenants are older then 1 month so modern authentication is not enabled for Exchange and Skype for Business.

This week I did a presentation at DIWUG about how to use Azure Automation in combination with Office 365

I told about the possibilities of Azure Automation, what you can do with it in general and then zoomed in on specific tasks within Office 365 like setting the useslocation of your users. When you need a Hybrid configuration and how you can use version control with your scripts.

[slideshare id=83741543&doc=20170518-watkanazureautomationbiedenvooroffice365klanten-171209194336]

As I described in a previous article you can add a partner to your Office 365 tenant to assist you with managing your tenant. This article goes deeper into what your partner can do in SharePoint Online

Your partner can do the same things as the SharePoint administrator can do, so they see the SharePoint admin portal and can change all the settings. By default, they do not have access to any site collection or the data in your site collections. If you have chosen to add the add the role SharePoint admin to every site collection like I described in this article, your partner is not able to access these site collections. From a security point of view this is great, but what if you need the help of your partner to solve an issue in a specific site collection, should you create a new account for them and use that or use a guest account to solve this?

Connecting to Exchange Online was only possible with an account that did not have MFA enabled because it only can handle basic authentication. This is an issue because Microsoft advises us to have accounts that can do administrative tasks to have MFA enabled. Now we must choose between an account that has no MFA and a possible security breach and an account that cannot connect to Exchange Online.

To solve this, we had an account that was disabled by default and when we had to do Exchange tasks we enabled it. This is a solution but not a great one.

This year of SharePoint Saturday’s started with the one in Munich last weekend. This time there was also a preconference session on Friday. The sessions on Friday and Saturday were held at the brand-new building of Microsoft Germany.

Friday session

This year they organized two preconference sessions. A developer one about Office Dev PnP and an IT Pro about SharePoint 2016. I went to the SharePoint 2016 session where they talked about all the aspects of SharePoint 20116. They started with the architecture and the differences between SharePoint 2013 and 2016. They also explained where the issues were and how to solve them. After the architecture session we went into the authentication options within SharePoint and the hybrid identity. Here we looked at the identity options within Office 365 and the options to get your on-premises users into the cloud. Also, the dependencies where discussed like ADFS on-premises and your local internet line is down. After the lunch break we had a session about PowerShell and the Office Dev PnP PowerShell module that is available for on-premises and Office 365. We ended the day with setting up Hybrid. Thomas did a complete hybrid setup in just 1 hour with some preparations that he did on forehand. The most important part of the hybrid setup of Office 365 is that your identities are available in Office 365. When you have, that part done and your SharePoint farm can talk to the internet you can run a simple wizard from the SharePoint Online admin portal to setup the hybrid farm. This wizard will setup:

Last week Microsoft announced the general availability of Managed Disk (https://azure.microsoft.com/en-us/blog/announcing-general-availability-of-managed-disks-and-larger-scale-sets/). Until now you always needed to manage you own storage for storing the VM disks. With this option you now have the option to create VM’s without caring about the underlying storage. Using managed disks is made very easy by just selecting Managed Disk while creating a new VM in the portal.

When you want to create a VM using PowerShell you just need to add configure type of storage while creating the OS Disk with this command “Set-AzureRmVMOSDisk”. See this page https://docs.microsoft.com/en-us/azure/virtual-machines/virtual-machines-windows-ps-create for the full manual.

Since a Microsoft Teams depends on Office 365 Groups and creating a Microsoft Team creates an Office 365 Group I wanted to know if it was possible to upgrade an already existing Office 365 Group to a Microsoft Team.

This is possible but you need to keep a few things in mind to have the ability to upgrade a Microsoft Team. So let’s first start at the beginning, creating a Microsoft Team can be done within the Microsoft Team application by clicking on “Create team” and you will get this simple screen to create a new team

The title of this post is a bit strange because you need Office 365 Groups to use Microsoft Teams, it is built on top of Office 365 Groups. But then you might ask, we do not want to enable Office 365 Groups yet for our organization but we want to use or test Microsoft Teams?

To get this working you need to give a select number of people access to create Office 365 Groups, the people that is going to use Microsoft Teams do not need the permission to create Office 365 Groups. These users will not be able to create a new team, which is an Office 365 Group. They will get this error in Microsoft Teams.

This week I was trying to find a good way to disable the creating of Office 365 Groups from creating. I love the functionality of Office 365 Groups but it is still missing some key elements from using in a large corporation. The main thing missing is the ability to have naming convention, now you say but they released that. Well that is partly true. The naming convention is only applied when you create an Office 365 Group in Exchange, Outlook or the Groups app. When you create a group from Planner or any other application using groups the naming convention is not applied. This is because the naming convention that you can set is done within Exchange. This naming convention is initially meant for distribution groups but also applies for Office 365 Groups when created from the Exchange endpoint. This also applies to the creation of Office 365 Groups. You can disable this, but that only applies to the same 3 applications as the naming convention