Browse Tag

O365

Locking a SharePoint Online Site Collection

Within SharePoint Online you have the ability to completely lock down a site collection so no one can get access to it.  This is set via PowerShell and the SharePoint Online Management Shell.  Here are instructions on how to get started using connecting to SharePoint Online via PowerShell.  This lock can also be set on a user’s OneDrive for Business site collection.

Along with the ability to lock a site collection you can also set a redirect URL for the tenant for any locked sites that are accessed.  That means that when a user tries to access that locked site they will be redirected to the URL that you provided at the tenant level.  This could be helpful to provide instructions or further info for anyone letting them know that the site they were trying to access has been locked.  If no redirect URL is set they will receive a 403 error. 

NOTE: As of writing this post you are not able to set a lock state of a site provisioned with an Office 365 Group even though the PS cmdlets say it should be possible.  I will demo the actions later in this post but I have contacted Microsoft on this error and they state it is currently as designed and the error received is incorrect. 

The PowerShell cmdlets that are used to set this up are:

Steps to lock or unlock a site collection

1 – Connect to SharePoint Online

Connect-SPOService

2 – Locking – Set the -LockState of the site collection to “NoAccess” while replacing the domain and sitecollection info to lock the site

  • This can also be a OneDrive for Business site collection (i.e. https://domain-my.sharepoint.com/personal/usersite)
Set-SPOSite -Identity https://domain.sharepoint.com/sites/sitecollection -LockState "NoAccess"

 

2(a) – Unlocking – Set the -LockState of the site collection to “Unlock” while replacing the domain and sitecollection info to unlock the site

Set-SPOSite -Identity https://domain.sharepoint.com/sites/sitecollection -LockState "Unlock"

3 – Navigate to the URL to confirm and use PowerShell to confirm locked state

Get-SPOSite -Identity https://domain.sharepoint.com/sites/sitecollection | select Title,URL,LockState

Steps to set a tenant redirect URL

1 – Connect to SharePoint Online

Connect-SPOService

2 – Set the NoAccessRedirectURL of the tenant to a URL while replacing the domain and sitecollection info

Set-SPOTenant -NoAccessRedirectUrl "https://domain.sharepoint.com/Pages/Locked-Site.aspx"

3 – Navigate to the URL to confirm the redirect.  This may take a few minutes

To remove the NoAccessRedirectURL you can pass in an empty string

Set-SPOTenant -NoAccessRedirectUrl ""

Trying to lock an Office 365 Group site

Here is the error you receive when trying to lock a group site:

 

Set-SPOSite : https://domain.sharepoint.com/sites/drewtesto365group is a OneDrive for Business site collection. The only valid parameters for this type of site collection are ‘-Identity’, ‘-StorageQuota’, ‘-StorageWarningLevel’, ‘-LockState’ and ‘-SharingCapability’.
At line:1 char:1
+ Set-SPOSite -Identity https://domain.sharepoint.com/sites/dre …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Set-SPOSite], ServerException
+ FullyQualifiedErrorId : Microsoft.SharePoint.Client.ServerException,Microsoft.Online.SharePoint.PowerShell.SetSite

The error declares it as a OneDrive for Business site collection and says that -LockState is a valid parameter yet still doesn’t work.  I opened a support ticket with Microsoft and this was their resolution:

“It is by design Issue. We can lock a site collection however we cannot lock a unified group site.”

If this is something that you need I would recommend adding to to Uservoice.  If you need to “lock” an Office 365 Group site the best way as it exists when I am writing this is to remove permissions within the group.

Getting status of all locked site collections in a tenant

Get-SPOSite | Where-Object {$_.LockState -eq "NoAccess"}

At this point Get-SPOSite will not return any OneDrive for Business or Group sites.  There is new parameter called “-IncludePersonalSite” which at some point should return OneDrive sites via this cmdlet.  If you run this now you get the error:

WARNING: SharePoint Online does not support these new features yet.

Get-SPOSite -IncludePersonalSite $true | Where-Object {$_.LockState -eq "NoAccess"}

 

SPTechCon San Francisco 2016 Slides and Content

Thanks to SPTechCon and all the folks that attended my sessions last week in San Francisco.  This was my first time in San Francisco and it was a great time to see some familiar faces, meet some new friends, and explore a very cool city.  I did 2 sessions and I thought both turned out great.  

Here are the session abstracts and link to the slides and any other supporting content.

Essentials for the SharePoint Power User

LINK TO SLIDES

Are you a newly minted site owner and you want to know how to get started?  Or did your company just roll out SharePoint and you want to learn more about what it can do?

In this session, I will walk through what Power Users need to know when they become site administrators, champions, ninjas, or owners. I will be going through things at an overview level.  I will go into detail on some areas in which I have seen the biggest gaps while working with different companies.  This session will go through such things as:

·       Managing security
·       Managing libraries and lists
·       Managing search
·       What are the features available and what do they do?
·       Building a useful site with pages, views and web parts

Office 365 Groups from the Ground Up

LINK TO SLIDES

LINK TO SCRIPTS

Office 365 Groups enable teams to work together by establishing a single identity in Office 365. Office 365 Groups are a new and modern solution for collaboration in Office 365. There is a lot of confusion on what Groups can do and should be used for. This session will be a deep dive into all things Office 365 Groups focusing on the technical aspects..
We will spend a large amount of this session demoing Office 365 Groups. This session will include demos of:

  • How to create, access, and navigate
  • What are the core things to do
  • How are they technically structured
  • What administration is available and how to do it
  • What extensibility options are there

I will also walk through the pros and cons of using Groups vs other collaboration options in Office 365. Groups are also one of the fastest changing solutions in Office 365, so this session will bring everyone up to speed on the most recent updates that Microsoft has rolled out and what innovations are next. By the end of the session you should have a better understanding of what Groups can do and if they are right for your enterprise right now or in the future!

And here’s a fun picture of some crabs that I took. 

Configuring Office 365 Group Classification

group1

Recently Microsoft released the ability to create classifications for Office 365 groups that allow end users set.  For example, you can now set classifications such as: internal, confidential, external, secret, top secret, low, medium, high, etc..  Group classifications are new and I am not sure the full story of how these will be utilized moving forward.  There are enhancements coming around classification within the security and compliance center that I hope this will be able to tie into at at some point.

Here is some info on the current setup of group classification (as of 10/31/2016):

  • They don’t actually technically do anything yet…
  • They are not on by default
  • The choices can only be set via PowerShell
  • They currently don’t show anywhere else other than “edit group” via Outlook
  • You can only have 1 set of classifications for a tenant
  • If you change a classification value, it does NOT go back and update existing groups that were classified but the existing groups that were classified do not lose the classification
  • It takes some time for classification changes to be visible in the GUI
  • Don’t put spaces between the comma delimited values (i.e. “internal,external” NOT “internal, external”)
  • You can use spaces within comma eliminated values (i.e. “secret,top secret”)
  • I tested some special characters such as ? and ! and they worked
  • I am not aware of a classification limit, i did a test with 15 without an issue

Here is the description of the new property:

2016-10-30-16_07_07-start

Prerequisites:

NOTE: Version 1.1.143.0 of the Azure AD PowerShell module includes many changes to renew the existing MSOL PowerShell cmdets. Over time the existing MSOL cmdlets will be replaced. The new module is called “AzureAD.” So where e.g. an existing cmdlet was named “New-MSOLUser”, which adds a new user to the directory, the new cmdlet’s name is “New-AzureADUser.

My scripts below are using Version 1.1.143.0.  Azure AD PowerShell Module Version Release History

Steps to set values for Group Classification

1 – Connect to Azure AD via PowerShell

Connect-MsolService

2 – Review if you have any MsolSettings currently configured in your tenant

Get-MsolAllSettings | ForEach Values

3a – If you have settings returned it will look like this (properties subject to change over time)

group2

Run this command to set ClassificationList to a comma separated list of values that you want.  (In my example I included “Internal,External,Confidential”)

$settings = Get-MsolAllSettings | where-object {$_.displayname -eq “Group.Unified”}
$singlesettings = Get-MsolSettings -SettingId $settings.ObjectId
$value = $singlesettings.GetSettingsValue()
$value[“ClassificationList”] = “Internal,External,Confidential”
Set-MsolSettings -SettingId $settings.ObjectId -SettingsValue $value

3b – If you have NO settings returned it will look like this a new template will need to be created

group3

Run this command to set ClassificationList to a comma separated list of values that you want.  (In my example I included “Internal,External,Confidential”)

$template = Get-MsolAllSettingTemplate | where-object {$_.displayname -eq “Group.Unified”}
$setting = $template.CreateSettingsObject()
$setting[“ClassificationList”] = "Internal,External,Confidential"
New-MsolSettings –SettingsObject $setting

4 – Review your updated settings; now Classification’s are available for Groups

Get-MsolAllSettings | ForEach Values

2016-10-30-16_14_29-start

You will now see it through the GUI when editing a group and will have the ability to set it.

2016-10-30-16_19_20-new-notification

And once you set a classification it will be viewable.

2016-10-30-16_20_55-photos

You can also set a classification using the Set-UnifiedGroup and New-UnifiedGroup cmdlets.

Set-UnifiedGroup interestgroup1@drewmadelung.com -Classification Internal

 

Ignite 2016 Info and Thoughts on Announcements for SharePoint – OneDrive – Office 365

2016-09-28-14_49_22-ignite-sharepoint-onedrive-office-365-info

I put together a Microsoft Sway through my Concurrency tenant that wraps up all of the announcements and my thoughts from the collaboration space at Ignite 2016.  This includes info on everything I was able to attend and intake while here in Atlanta.  I used Microsoft Sway so I could continuously update the Sway throughout the conference and after the conference for future review.  My changes are made in real-time and it’s super easy to update.

Link to Sway

Speaking at Collab365 Global Conference and SharePoint Engage

I was lucky enough to be selected to speak at a few more upcoming events this year! Both events I will be speaking about Office 365 Groups.

Here are the details on the sessions that I will be giving

Office 365 Groups enable teams to work together by establishing a single identity in Office 365. Office 365 Groups are a new and modern solution for collaboration in Office 365. There is a lot of confusion on what Groups can do and should be used for. This session will be a deep dive into all things Office 365 Groups focusing on the technical aspects.

We will spend a large amount of this session demoing Office 365 Groups. This session will include demos of:

  • How to create, access, and navigate
  • What are the core things to do
  • How are they technically structured
  • What administration is available and how to do it
  • What extensibility options are there

I will also walk through the pros and cons of using Groups vs other collaboration options in Office 365. Groups are also one of the fastest changing solutions in Office 365, so this session will bring everyone up to speed on the most recent updates that Microsoft has rolled out and what innovations are next. By the end of the session you should have a better understanding of what Groups can do and if they are right for your enterprise right now or in the future!

Collab365 Global Conference

Collab365 Global Conference 2016

The events ran by the Collab365 team (Collaboris) have evolved into must-attend events. These are fully online events so you can join from anywhere! They are now running 3 events that span a global audience. The best part about these events is that they are FREE to all. That’s right, you can get all of this amazing SharePoint and Office 365 content for free. These events continue to grow and the community for Collab365 has over 38,000 members now. I have spoken at these events before and really look forward to this one.

Register Now for FREE!

SharePoint Engage

SharePoint Institute SharePoint Institute

SharePoint Engage is ran by the SharePoint Institue which is an organization dedicated to the advancement of professoinals through real-world SharePoint certificaiton. The SharePoint Institute’s goal is to provide a standard for SharePoint professionals to gauge their knowledge and distinguish their SharePoint expertise from others. This will be my first SP Engage event and I am very excited to join a great collection of speakers down in Raleigh. If you are able to make it and see me wandering around make sure to come on over and say hello! I really enjoy speaking at conferences like this os I can get to know all the great people in our community and learn more about what other people are doing with SharePoint and Office 365.

Register Now!