Donnerstag, 19. Oktober 2017

Ignite 2017 recording - explore PnP Partner Pack for IT pros admins and architects

Session recording at Ignite 2017. Me talking about PnP Partner Pack for IT pros admins and architects in the cloud and on-prem.

(Sadly bad video and audio)

Samstag, 9. September 2017

Using site classification for SharePoint Sites

Site classification is a must-have when we talk about Governance, Compliance and also topics around GDPR.
Beside 3rd party solutions focusing on site and content classification we have also some out of the box options and developer opportunities in Office 365 and SharePoint on-prem. Depending on if we are talking about classic SharePoint Site Collections or if we talk about modem Team Sites, being part of an Office 365 Group, we have different szenarios.

To create a new SharePoint site in Office 365 we know two different ways.

  1. We can create a SharePoint Online Site using the SharePoint Online Administration. This will create a SharePoint Site based on WebTemplate STS
  2. We can go to SharePoint Home and click “create” in the upper left corner or we can go to Outlook Online and create a new Group. Both will create a SharePoint Site based on WebTemplate GROUP
To provide a site classification solution for classic Team Sites created by option 1 we need to implement the following: Implement a SharePoint site classification solution. This works also for SharePoint 2013 on-prem. The article describes a full solution including policies for site closing and deletion depending on the classification setting. As you can see the article describes some steps to do:
  • Define and set site policies
  • Insert a custom action
  • Custom site classification
  • Add a classification indicator to site page
Using the opportunities we have with Groups and Group Policies some of these things can be automatically put to a SharePoint Site based on WebTemplate GROUP.
This video by Vesa Juvonen is showing the steps and the final results:
As you can see we need to create the site bases on option 2.
(Dialogs already including policies)
SharePoint Home - Create:
Outlook Online -> Create Group:

Final result:

Step by Step

To enable this functionality in Office 365 we need to set up an “Settings Object” and a “Settings Template” in Azure AD. To do this we can use the Azure Active Directory cmdlets for configuring group settings.

First of all we need to install the preview of Azure Active Directory V2 PowerShell Module:

Install-Module -Name AzureADPreview

To set up the site classification options and configure properties like ClassificationList and ClassificationDescriptions etc follow these steps also shown in Vesas video:


$Template = Get-AzureADDirectorySettingTemplate -Id 62375ab9-6b52-47ed-826b-58e47e0e304b
$Setting = $template.CreateDirectorySetting()
$setting["UsageGuidelinesUrl"] = ""
$setting["ClassificationList"] = "Public, Internal, TopSecret"
$setting["DefaultClassification"] = "TopSecret"
$setting["ClassificationDescriptions"] = "Public:no restrictions,Internal:all internal users can access,TopSecret:only special users can access"
$setting["GuestUsageGuidelinesUrl"] = ""
New-AzureADDirectorySetting -DirectorySetting $setting

Get-AzureADDirectorySetting -All $True
(Get-AzureADDirectorySetting -Id %%YOUR ID%%).values

As described in the video we can now use the CLASSIFICATION property to assign a site policy or any other custom action. Details about site policies are part of Implement a SharePoint site classification solution.

Here the script taken from the video to get the CLASSIFICATION property:

#Get PnP PowerShellOnline
Install-Module SharePointPnPPowerShellOnline
#Get Site classfication value
Connect-PnPOnline https://%YOUR SITE%
Get-PnPProperty -ClientObject $Site -Property Classification

Sonntag, 30. Juli 2017

Overview of shared with Externals and shared Anonymous in Office 365

The GDPR highlights the need for protection of personal data held by organizations. To be able to do this Microsoft inverted a lot in new features and functions like the Office 365 Security & Compliance Center or the GDPR Assessment.
One of the backend systems helping to fulfill those regulations is the SharePoint Online Search Service. In the SharePoint Online Search schema, we can find two managed properties focusing on sharing and access from outside of your organization.
ViewableByExternalUsers and ViewableByAnonymousUsers
Both had the same setting: Query, Retrieve, Refine and Sort. So we can use them to create some reports based on search queries.

Personal overview

Office 365 let every user search in his SharePoint Online sites, OneDrive for Business files and also in Emails for content. In this scenario Email is of topic. But using this search function at the landing page of Office 365 a user can create a personal overview of content he shared to externals or anonymous.
To do this a user needs to fill in the following query in the search box at the Office 365 landing page:

In this example, I search for documents located in SharePoint Online sites or in my personal OneDrive for Business which are shared based on an anonymous guest link.
Using the query ViewableByExternalUsers=true shows me the files shared with external users through a sharing link that requires them to log in before they can view the file.
This gives a user an overview of documents he has shared from his OneDrive for Business with externals or anonymous. Because the URL is generic you can use this link for all your users and every user get his person overview:
Also you can use this link to create a tile in the Office 365 App Launcher as described in the article: Add custom tiles to the app launcher
The result may look like this:

Team Site overview

Microsoft integrated a new out the box reporting capability in every Team Site. The article: View usage data for your SharePoint Online site is showing all details you need to know. There is also a new tab called “Shared externally”.
The article says: List of files you have access to that have been shared with users outside your organization through a sharing link that requires them to log in before they can view the file. Files shared with anonymous users or files available to users with guest permissions are not included.
To get a list of files shared anonymous in this Team Site we can again use the query: ViewableByAnonymousUsers=true followed by a path filter like for example: path:https:\\

Using Search Center to get an overview

As an administrator, you can also use the search center to get an overview of anonymous shared content or about data and also SharePoint Online Sites them self, shared to externals. The queries are basically the same and you can extend them with additional keyword queries properties.
For example, search all Office 366 Groups external users can access:
ViewableByExternalUsers=true contentclass:sts_site WebTemplate:GROUP
(Because of security trimming in SharePoint Search the user who runs the query needs access to all Team Sites to gets an complete report.)
Of cause there are also options archiving this using PowerShell for Office 365 Groups or using Reports in the Office 365 Security & Compliance Center. Using the SharePoint Online search gives you the power and flexibility to integrate all managed properties as metadata in you report like for example ViewsLifeTime, LastModifiedTime, CreatedBy or ModifiedBy. In addition you can easily scope your report to only show documents using the IsDocument=true query parameter or to focus to special Site Templates like WebTemplate:GROUP to only show Office 365 Groups Team Sites etc.

Using PowerShell to get the report

Using PowerShell to get results from SharePoint Online Search also offers the option to save the report as an *.csv file. To call SharePoint Online Search API using PowerShell and save the result to an *.csv file you can follow the steps explained by Prasham Sabadra in his article Office 365/Sharepoint Online - PowerShell Script To Call Search API And Get The Result.
This example is based on his description. The report is showing all external shared content and sites in an Office 365 Tenant and is saving the result to C:\Temp\ViewableByExternalUsers.csv
# add references to SharePoint client assemblies and authenticate to Office 365 site - required for CSOM   
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"   
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"   
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Search.dll"
#Specify tenant admin and URL 
$User = ""   
#Configure Site URL and User 
$SiteURL = ""  
$Password ="yourPassword"   
$securePassword = ConvertTo-SecureString -String $Password -AsPlainText –Force  
$Creds = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($User,$securePassword)
#client context object and setting the credentials  
$Context = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL) 
$Context.Credentials = $Creds
#Calling Search API - Create the instance of KeywordQuery and set the properties 
$keywordQuery = New-Object Microsoft.SharePoint.Client.Search.Query.KeywordQuery($Context)  
#Sample Query - To get the last year result 
$keywordQuery.QueryText = $queryText 
#Search API - Create the instance of SearchExecutor and get the result 
$searchExecutor = New-Object Microsoft.SharePoint.Client.Search.Query.SearchExecutor($Context) 
$results = $searchExecutor.ExecuteQuery($keywordQuery) 
#Result Count 
Write-Host $results.Value[0].ResultRows.Count
#CSV file location, to store the result 
$exportlocation = "C:\Temp\ViewableByExternalUsers.csv" 
foreach($result in $results.Value[0].ResultRows) 
Add-Content $exportlocation $outputline