This week I did a presentation at DIWUG about how to use Azure Automation in combination with Office 365

I told about the possibilities of Azure Automation, what you can do with it in general and then zoomed in on specific tasks within Office 365 like setting the useslocation of your users. When you need a Hybrid configuration and how you can use version control with your scripts.

[slideshare id=83741543&doc=20170518-watkanazureautomationbiedenvooroffice365klanten-171209194336]

As I described in a previous article you can add a partner to your Office 365 tenant to assist you with managing your tenant. This article goes deeper into what your partner can do in SharePoint Online

Your partner can do the same things as the SharePoint administrator can do, so they see the SharePoint admin portal and can change all the settings. By default, they do not have access to any site collection or the data in your site collections. If you have chosen to add the add the role SharePoint admin to every site collection like I described in this article, your partner is not able to access these site collections. From a security point of view this is great, but what if you need the help of your partner to solve an issue in a specific site collection, should you create a new account for them and use that or use a guest account to solve this?

Connecting to Exchange Online was only possible with an account that did not have MFA enabled because it only can handle basic authentication. This is an issue because Microsoft advises us to have accounts that can do administrative tasks to have MFA enabled. Now we must choose between an account that has no MFA and a possible security breach and an account that cannot connect to Exchange Online.

To solve this, we had an account that was disabled by default and when we had to do Exchange tasks we enabled it. This is a solution but not a great one.

Last week I found out that the account name that you use in Azure automation are case-sensitive. We found this after a co-worker was adding a credential to the credentials assets. I had used some capital letters to read the account name a bit better in our local AD and my co-worker just wrote them down with small letters. He came back to me asking if the password was correct because the credentials did not work. After some tries and digging we found out that the casing of the account was the issue.

This year of SharePoint Saturday’s started with the one in Munich last weekend. This time there was also a preconference session on Friday. The sessions on Friday and Saturday were held at the brand-new building of Microsoft Germany.

Friday session

This year they organized two preconference sessions. A developer one about Office Dev PnP and an IT Pro about SharePoint 2016. I went to the SharePoint 2016 session where they talked about all the aspects of SharePoint 20116. They started with the architecture and the differences between SharePoint 2013 and 2016. They also explained where the issues were and how to solve them. After the architecture session we went into the authentication options within SharePoint and the hybrid identity. Here we looked at the identity options within Office 365 and the options to get your on-premises users into the cloud. Also, the dependencies where discussed like ADFS on-premises and your local internet line is down. After the lunch break we had a session about PowerShell and the Office Dev PnP PowerShell module that is available for on-premises and Office 365. We ended the day with setting up Hybrid. Thomas did a complete hybrid setup in just 1 hour with some preparations that he did on forehand. The most important part of the hybrid setup of Office 365 is that your identities are available in Office 365. When you have, that part done and your SharePoint farm can talk to the internet you can run a simple wizard from the SharePoint Online admin portal to setup the hybrid farm. This wizard will setup:

Last week Microsoft announced the general availability of Managed Disk (https://azure.microsoft.com/en-us/blog/announcing-general-availability-of-managed-disks-and-larger-scale-sets/). Until now you always needed to manage you own storage for storing the VM disks. With this option you now have the option to create VM’s without caring about the underlying storage. Using managed disks is made very easy by just selecting Managed Disk while creating a new VM in the portal.

When you want to create a VM using PowerShell you just need to add configure type of storage while creating the OS Disk with this command “Set-AzureRmVMOSDisk”. See this page https://docs.microsoft.com/en-us/azure/virtual-machines/virtual-machines-windows-ps-create for the full manual.

Since a Microsoft Teams depends on Office 365 Groups and creating a Microsoft Team creates an Office 365 Group I wanted to know if it was possible to upgrade an already existing Office 365 Group to a Microsoft Team.

This is possible but you need to keep a few things in mind to have the ability to upgrade a Microsoft Team. So let’s first start at the beginning, creating a Microsoft Team can be done within the Microsoft Team application by clicking on “Create team” and you will get this simple screen to create a new team

The title of this post is a bit strange because you need Office 365 Groups to use Microsoft Teams, it is built on top of Office 365 Groups. But then you might ask, we do not want to enable Office 365 Groups yet for our organization but we want to use or test Microsoft Teams?

To get this working you need to give a select number of people access to create Office 365 Groups, the people that is going to use Microsoft Teams do not need the permission to create Office 365 Groups. These users will not be able to create a new team, which is an Office 365 Group. They will get this error in Microsoft Teams.

In the last week of 2016 I was working on some issues that some users in certain groups were not synchronized to Azure AD. The users itself were in Azure AD but the group membership did not sync. The problem here was that the users were in another forest than the group.

At this customer, we have multiple forests with users from the different countries and they start to work together more and now we had some complaints that the users where not able to access resources while they placed them in the correct groups. The issue that we had was that the synchronization removed the users from the other forests from the group membership during the synchronization.

As the year ends it is a nice time to reflect on this year. In the beginning of this year I set some goals for myself, these goals were not only work related but also a few on personal development.

Work related goals

The work related goals were setup during the year, the first one was creating a blog post every week for at least three months, I started with this because the constituency of content was about one post a month or even less. I wanted to share my knowledge more and this gave me a great way to do it. At first I had trouble finding a subject to write about, but now I have a small backlog of items to write about. This goal made me create more content and also quality content. My other goal was to speak more at seminars, this year I did three presentations, one was at the DIWUG) and two where at our own Microsoft Heroes academy). Some of the posts were also posted on ITUnity.com and on microsofthelden.nl