Office 365 Multi-Geo Part03 (Configuring)

This is the part 03 of this article series where we will be going through the technical part of enabling Multi-Geo in Office 365.

Part 1: Get Started

Part 2: Planning and recommendation

Part 3: Configuration

Let’s ensure that we have the following in place before get started.

1. Office 365 Multi-geo capability is added to the tenant. As the introductory article stated, this capability is a user-level service plan that is optional for you to add. If you have worked closely with your account team this might be all set to go by now.

2. Test users created and are ready to use.

If you have enabled the Multi-geo, a new tab call “Geo Location Tab” should now appear under the settings in SharePoint and OneDrive admin panels.

To add new geo locations, open the SharePoint admin center –>
Navigate to the Geo locations tab. Click Add location –> Select the location that you want to add, and then click Next –>
Type the domain that you want to use with the geo location, and then click Add –> click Close.

Every new location that you add here are called “satellite locations”

If everything went well, you will receive an email notification in few hours after provisioning. It could take up to 72 hours which is up to the size of your tenant.

As the new geo location appears in blue on the map on the Geo locations tab in the OneDrive admin center, you can proceed to set users’ preferred data location to that geo location. Usually a new satellite location comes with the default settings, it gives you the freedom of localizing as per your compliance needs.

After you enabling the satellite locations, it is recommended to set the preferred Data Location (PDL) for every user in the directory. In Azure AD there are two types of identities as Cloud and Synchronized. You have to follow the right instructions to deal with each of them when it comes to setting PDL.

Setting PDL for cloud only users (Azure Users)

User objects that are not synchronized from a local AD are the cloud ones. You have to use Microsoft Azure AD PowerShell to set this configuration for such users. This procedure needs Azure AD Module for Windows PowerShell

1. Launch Microsoft Azure Active Directory Module for Windows PowerShell

Run the following line and enter the Admin Credentials for your Office 365 tenant.

Connect-MsolService

2. Now let’s run the next line to set the PDL for a specific user.

Set-MsolUser -userprincipalName manoj@mantoso.onmicrosoft.com -PreferredDatalocation AUS

3. To find out if this has executed properly, you can use the following command. It should return the new PDL value.

(Get-MsolUser -userprincipalName manoj@mantoso.onmicrosoft.com).PreferredDatalocation

Notes: During the new user creation process, its recommended that you include setting PDL command at the end of the workflow, so that you do not have to do it as a separate task.

User with no OneDrive provisioned yet, better be wait for at least 24 hours in order to allow the change to propagate in the backend. This ensures that  OneDrive sites are provisioned in the correct PDL for such users.

Setting PDL for Synchronized users (Hybrid Users)

Setting the preferred data location for Hybrid users is a bit lengthy process and is well explained in this post.

Search Experience in a Multi-Geo Setup

Every geo location acts as a Search Index (you must be familiar with this term if you are a SharePoint guy) in a Multi-Geo setup. When there is a search query, the results are usually returned as a merged result out of all indexes, which means all these satellite locations we added are works together behind the scenes towards one goal.

Following search clients are supported in Multi-Geo

• OneDrive for Business
• Delve
• The SharePoint home page
• The Search Center
• Custom search applications that use the SharePoint Search API

Consult this detailed article to understand and configure the search experience in a Multi-Geo setup.

End user experience validation

Validation is utmost important before you roll out the change widely across the organization. Following are some key scenarios for you to try out using test users before make it to everyone.

OneDrive Portal

Click on to OneDrive from the Office 365 App Launcher. You should be directed to the defined geo location automatically, and it will now begin to provision the service in that PDL. After provisioning, try to upload and download some files and ensure everything works as expected.

OneDrive App

Use a mobile device to login to the OneDrive App using the test account that you used to upload the files and verify if the files are available in the mobile and you have to the control to perform actions on those files.

OneDrive Client

Use a laptop or a desktop to verify if the OneDrive Sync client works are expected. You can download the latest client by heading on to the OneDrive Library and click “Sync”. this will prompt you to download the client automatically if it doesn’t exists in the particular device.

Office Integration

Open up Word or Excel and check if your OneDrive location appears there. Try to save a file to OneDrive from there and ensure they are synchronized across your devices.

Sharing Experience

Despite any of these changes we did, you should be able to share a OneDrive file seamlessly (based on your compliance settings). To verify, try to share a file from OneDrive and confirm that the people picker allows you to add any user within the organization regardless of their location.

Advertisement

OneDrive Quick Tip: How To Properly Stop OneDrive Syncing (Unlink)

OneDrive and OneDrive for business, both these usage types are now been centralized with a single sync (Known as NGSC-Next Generation Sync Client or simply ONEDRIVE) client. Microsoft is actively working on improving OneDrive offerings to give its users a better next level collaboration experience. Nevertheless, there can be some scenarios when you want the link between your local and OneDrive folders and you may decide to keep the file offline instead (this could happen due to various reasons). With this post I’m going to demonstrate how to properly stop syncing OneDrive folders and keep a local copy instead without any data loss.

Step1: First and foremost, you have to ensure that the entire target folder structure including its files are properly synced to your local drives.

To do that ,click on OneDrive icon from your task bar and hit on “Open Folder”

Now your local folders will be opened.  You must ! Ensure that you have enabled “Always available on this device” option for all necessary folders as this option will store a copy of your OneDrive files/folders locally on your device/s. Do not proceed to unlinking without having this enabled across all your folders which you plan to stop sync.

If you have not done this yet, you must do that before you stop syncing. To do that, simply right click on the desired folder and hit “Always available on this device“. With this option you will notice that your local drives getting filled as the files are downloaded to the device.

No we can stop the linking. Head back to your task bar and click on “OneDrive” icon. Hit “More” and go to “Settings” from there.

Direct to “Account tab” and hit “Stop Sync” on the desired location.

Note the message prompt. And hit “Stop Sync” to proceed.

That’s all ! you now have properly stopped syncing your desired location, yet, you have a local copy of your OneDrive location. You can head back to local folder to check if everything is there. I have tried this several times and its proven to work. Nevertheless, feel free to try it with a test location.files first before you do it for real ones.

DISCLAIMER NOTE: This is an enthusiast post and is not sponsored by Microsoft or any other vendor.

Choose when and how you want to receive Office 365 updates (all about rings)

One of the best thing you get from Office 365 or, any Microsoft Cloud stack related product for that matter is that, you are eligible to receive product updates (enhancements, fixes, security updates, new features and so on) regularly for no effort or massive costs on platform migrations every few years. It means Microsoft enhances your experience almost every month now, for no additional cost. ! Yes you go that right !

With this post, we will see how we can change the way cookie crumble !. Let’s find out how you can change the update ring so that your tenant will receive updates earlier than the other who are waiting for public release.

Important note (Microsoft): The Office 365 updates mentioned in this blog applies to Office 365, SharePoint Online, and Exchange Online. And do not apply to Skype for Business and related services. These release options are targeted, best effort ways to release changes to Office 365 but cannot be guaranteed at all times or for all updates.

There are 4 rings in Microsoft release management strategy. This is also known as Release Validation.

Any new update is first goes to the respective feature teams and then to the entire Office 365 product team. The entire Microsoft team is the next to receive this to validate the solidness before it goes out to customers. 3rd ring is the Targeted release who will receive it right after Microsoft’s. Finally the Worldwide release (general availability) to those who are waiting for the finest.  3rd ring here (or Targeted) has the advantage here to receive it earlier than the others in the final ring.

Login in to your Office 365 Work or School account with Admin privileges and click on the App Launcher to start.

Important Note (Microsoft): It can take up to 24 hours for the below changes to take effect in Office 365. If you opt out of targeted release after enabling it, your users may lose access to features that haven’t reached the scheduled release yet.

From the app Launcher –> Head on to Admin and click “Show all” to expand blades.

Expand Settings –> Click on “Organization Profile”. If you have not done this before, you would immediately see the release preferences stays in Standard release mode which means you are in the last ring.

There are a few things to be aware before you choose your option here:

1. If you setup target release for everyone, it’d better be a test (or POC, UAT) subscription as the change is going to affect for all users in the organization.
2. 3rd option is the best ! you do not need to have a dedicated test subscription here, as you have few set of users to enable this so it won’t affect to production users. In my case, I only have 5 users in my tenant and I will change the track for my account only. It means, you can have mixed experience users in a single organization (single O365 tenant). Once you choose the best for you, hit “Next” to proceed here.

You have to say “Yes” to this.

In just a second you will get this message if everything went well. 99,99 it does !

By adding people you can define the group you set as target release users. These are the only users going to get the latest during the ring 3 releases (Target) so in my case, it’s just going to be me only. Hit “Save” to complete it.

Close the message. And head back to Organization Profile.

You should notice the change here. And, you can change the target group of people by adding one or more people under Action menu.

To Add more, next to Release preferences, click Actions –> + Bulk add people for first release under the Standard release heading.
Choose Browse to select a file containing each person’s email address –>
Click Next and then Close.

Until next post, enjoy the updates !!

DISCLAIMER NOTE: This is an enthusiast post and is not sponsored by Microsoft or any other vendor.

Find and export the list of users who has not completed About Me section in their Office 365 profile

This is the article 08 in this series.

Having a complete profile in Office365 is not just a benefit for user himself, but for the entire organization which directly impacts on productivity. A finished profile leads to better visibility and eventually results in faster communications across hundreds of thousands of employees in an enterprise setup. Ultimate idea of Office Delve (latest interface of profile comes with more capabilities such as recent activities) is to provide overall insights of a user information and his activities/engagements which makes obvious sense for anyone.

Nevertheless, none of these would be in action unless you have a complete profile with basic details entered in. No matter how much HR would try to push, we still spot a lot of random users who haven’t completed their profiles.

With this short and sweet article series, I’m trying to give you the steps that we followed during the identifying process as requested by our HR. screenshots may differ than our production setup, but you surely will get the point here.

I had to use some PowerShell scripting to get this list out from Office 365 and generate a CSV file for each criteria so that HR can directly reach out to the user via emails and advice to take an action to update the profile on the spot. As a result, we were able to get 100% completeness of profiles across a 5000+ employee organization.

There is no out of the box reporting when it comes to Profile Completeness in Office 365, therefore we have no option other than PowerShell. PowerShell is the ultimate tool for O365 administration, whenever graphical interface has a barrier, hence, make sure you dig around it to understand its capabilities to go beyond.

FINDING USERS WITH EMPTY ABOUT ME SECTION IN THEIR PROFILE (This Article)

In this article I’m trying to explain the steps it takes to find out the users who has not filled “About Me” section in their Office 365 profile (or simply, delve profile).

So here we go, following are the requirements before we get started:

• Azure AD PowerShell Module – download here
• Azure AD Administrator rights
• SharePoint Online Administrator rights
• SharePoint Online PnP Module – Download here

Script steps breakdown:

First and foremost, we need to fetch the Office365 credentials and then connect to both SharePoint Online Admin Centre and Azure Active Directory.

$cred = get-Credential
Connect-AzureAD -Credential $cred
Connect-PnpOnline -Url https://mantoso-admin.sharepoint.com/ -Credentials $cred

Then let’s fetch all users in this tenant, who are internal to the company and that have at least one license assigned to them.

$Users = Get-AzureADUser | Where {$_.UserType -eq 'Member' -and $_.AssignedLicenses -ne $null}

Now to create an empty array in which we will later store the output (user list who has not filled the About me field).

$NoAMUsers = @()

Now we will dig in through each user, and check if they hold a SharePoint profile (This is because About Me field is hosted in SharePoint online, not in Azure AD). If the property exists, and empty, it simply means the About me section has not filled by this user.

foreach ($user in $Users) 
{
    $SPProfile  = Get-PnPUserProfileProperty -Account $user.UserPrincipalName -ErrorAction SilentlyContinue
        if ($SPProfile -ne $null)
        {
          if ($SPProfile.UserProfileProperties.AboutMe -eq "")
            {
               $NoAMUsers += $user
            }
        }
}

And, finally we can export the SharePoint result to a CSV through below part.

$NoAMUsers | Select DisplayName, UserPrincipalName | Export-Csv -Path "C:\Tools\reports\NoAMUsers.csv" -NoTypeInformation

If you need to obtain a similar report on other user criteria’s, here are the other articles of this series which would help you to achieve it.

1. Find and export list of users with no Manager Name set in Office 365 profile:
2. Find and export list of users with no Manager Name set in Office 365 profile:
3. Find and export list of users with no Profile Picture set in Office 365 Account:
4. Find and export list of users with no Birthday set in Office 365 profile:
5. Find and export list of users with no Country set in Office 365 Profile:
6. Find and export list of users with no Department set in Office 365 Profile:
7. Find and export list of users with no Skills Defined in Office 365 profile:
8. Find and export the list of users who has not completed About Me section in their Office 365 profile

DISCLAIMER NOTE: This is an enthusiast post and is not sponsored by Microsoft or any other vendor.

Microsoft Flow latest updates for October 2016

The new era of workflow automation was introduced recently as Microsoft flow in Office365. I have been in the preview program and the functionality is fantastic so far.

General Availability of Microsoft Flow (You are set to go production)

Microsoft announced today about the general availability of Flow which would be within this quarter. that’s a great news and we can expect the availability of Flow in 7 different geographies. with this release, you can use Microsoft Flow for production purposes.

Flow will have several options for you to chose, Free and paid depends on your usage scenarios.

Dynamic AX Integration Support

Flow will now support Dynamics AX integration for you to perform actions such as copying data from external systems in to Dynamics AX.

More new services

Blogger and PageDuty services are now supports in Flow. Page duty is a helpdesk tool that used by support teams to dispatch service requests and it can be integrated with Microsoft Flow.

Announcing the new Microsoft and Open Source Partner Community

It’s known for years now that Microsoft’s affair with Open source. Day by day this bound has been grown and now it’s obviously a blessed marriage. Microsoft’s one of the biggest strength is partner and technical community eco system. Unlike any other parties, Microsoft has done a lot to build the community eco system which connects every individual in the world with products and technologies in various ways.

In the other hand, Open source parties had this flaw where the community and support contribution to the product stack were very low.

Azure grown unbelievably faster unlike any other cloud service in past few years and open source migrations to the Azure has increased massively. Infect 1 in 3 VMs in Azure are Open source. This drastic growth rang the bells to Microsoft for the next button to be pressed. While open source resources are being moved to Azure, it is also a critical point to implement connectivity between open source vendors, partners and technical communities with Microsoft Partners and Technical Communities. This is a long due marriage which could have happened before but finally here we are.

At Microsoft Worldwide Partner Conference 2016, Microsoft announced the launch of Microsoft and Open Source partner community on Microsoft Partner Network, the place for us to connect and collaborate with the vast and diverse ecosystem of partners who develop and distribute open source solutions and services on Microsoft Azure.

This community is open to discuss about diverse range of open technologies runs on Azure. It will allow anyone to stay tuned with updates, Share information on various criteria’s of open technologies and even to simply start a discussion on your own topic which shall be responded by the community.

Eventually, Microsoft has implemented another bridge between open source and Microsoft community across the globe. 

Original Announcement on MPN

Azure AD Conditional Access for Office 365 (Exchange and SharePoint Online) Preview Release

Yesterday Microsoft announced one of the most awaited feature for Office 365, “Azure AD Conditional Access Preview” for SharePoint Online and Exchange.

What is Conditional Access and What it is for ?

Security has been one of the key elements in systems for decades but for the present time it needs to be much more comprehensive than ever before with the evolvement of the cloud and mobile era. With the rise of devices used by a person and the ability to access corporate resources from anywhere in the world, there is a massive demand of securing corporate resources. Ultimately the latest strategies of securing corporate resources are defined by the new ways which users are used to accessed them.

Microsoft has taken another big leap of security capabilities with this release today. Azure Active Directory Conditional Access Features Allows you to secure and manage your corporate resources in simple ways in cloud or even on premise. If you want to ensure an stolen user credential or unmanaged device will not harm your corporate resources, Azure AD Conditional Access if made for you.

How is the access Enforced

Generally when a user signs in to a service, Azure Active Directory checks whether the security inputs of this user meets the access requirements you defined. and if the requirements are met, user will be authorized to access the service or application.

The enforcement can be done in two ways. You can define policies to configure the access either way, for users or devices.

• User based Access (Control who you want to allow access)

User Attributes – User Attributes level can be used to define policies of which users can access organization’s resources.

Group Membership of a User – or either based on the Group/Groups of user which he/she represents in.

Multifactor Authentication (MFA) – Multifactor Authentication can be configured to ensure better security. User has to provide more than one factor (Password) which could be either a PIN or Phone Number. That ensures extra level of security for your organization’s resources.

Sign-in and User Risk – This capability known as “Conditional Access Risk Policies” comes with Azure AD Identity protection. This will allow you to track unusual sign in activities and risk events based on the access trends and implement advance protection. Global and Multi-region companies will benefit a lot with the capability.

• Device Based Access (Control what you want to allow access)

Enrolled Devices – Using Microsoft Intune, you can use Device Level Access to control only MDM (Mobile Device Management) Enrolled devices are allowed to access resources. Intune is capable to validate if the device is enrolled with MDM. Also device level access will ensure that only the matched devices with the policies (such as force file encryption on a granted device) you have configured are allowed to access. Even you can flush out the content of a device remotely which was stolen or misused using MDM solutions.

The best part is, It’s not just limited to the cloud, you can also use device based access policies to control your on premise resources or even cloud based SaaS or line of business applications.

What does this Preview Brings you?

This release is a much awaited capability for most of the organizations and a huge step on the Access Policy framework. Conditional Access for CRM and Yammer been already there but Specially for SharePoint and exchange, the call has been ringing there for quite long time.

These three conditions are released for SharePoint and Exchange online as preview. Microsoft Recommends to enable these policies alongside risk based conditional access policy available with Azure Identity Protection.

• Always require MFA
• Require MFA when not at work
• Block access when not at work

Conditional Access Policies are supported in Browser based access to Exchange Online, SharePoint Sites and OneDrive and even for Desktop Applications that uses modern authentication mechanisms.

Across the mobile devices, these are the tested desktop and mobile applications connects to Exchange and SharePoint so far by Microsoft.

• For Windows 10, Windows10 Mobile, Windows 8.1, Windows 7 and Mac
• Outlook, Word, Excel and PowerPoint in Office 2016
• Outlook, Word, Excel and PowerPoint in Office 2013 (with modern authentication enabled)
• OneDrive Sync Client (with modern authentication)

For IOS

• Outlook Mobile App

Resources:

Detailed Explanation of Azure Ad Conditional Access

Conditional Access Policy Support for Mobile Devices

Original Announcement

SharePoint 2016 Hybrid Options and Your Leap Towards Cloud

This is the part 1 of my Series: SharePoint 2016 Hybrid Options and Your Leap Towards Cloud

With the latest announcement of SharePoint 2016 releases in last few months, Hybrid has been the most popular word across the community and users. There are various scenarios and requirements yet Microsoft on its way of concluding this.

However, not to be surprised much because Hybrid isn’t that new ! It’s been there for 2013 as well.

First of all, What is Hybrid ?

The name says it all. Hybrid is when you have some set of SharePoint services runs On-Premise and some on cloud. This isn’t new in SharePoint as it has been already there from 2013 as well. Microsoft has made it much more broader and robust with SharePoint 2016.

Ladder towards the cloud (What’s Hybrid in SharePoint Perspective?)

Some of the organizations may not have an interest yet in going completely cloud based but to keep a foot on it with few services and that’s where SharePoint 2016 going to play a big role. SharePoint 2016 has been introduced to make that leap easier by providing better tools.

Hybrid Sites

Hybrid Sites allows you to keep some SharePoint sites on-premise and some on the cloud (Office 365 ultimately). As Regulatory Compliance is the main point blocks many organizations (Specially Government Entities) of moving to the Cloud, Hybrid Sites would be the strength to move forward.

A Simple Example: If ABC Corp has an intranet Built on SharePoint On-Premise and there are many legal and finance records stored in some of the sites in it. In this scenario Regulatory Compliances block ABC crop from moving to cloud entirely. Using Hybrid Sites capability, ABC can host selected set of Sites in Office 365 (SharePoint Online) and let the other (Legal and Finance) sites remain in On-Premise.

Hybrid Profiles

With Hybrid Profiles you don’t need to have a heavy On-Premise SharePoint Setup with User Profiles Services running on it. Instead just let the Office 365 play that role for you so that you can make your servers light weight and lesser management overhead. Having the Profile in Cloud will also a huge benefit as you will get the latest updates that Microsoft deploys to Office 365.

Having User profiles on Cloud will also benefit (Depends on the O365 Plan Mostly) users with latest features such as Planer. Planner is the latest replacement of “My Task” SharePoint feature which is now available in Office 365. This feature hits the ceiling of User adoption and productivity indeed.

With “Planner” my tasks and timeline is nicely presented and made user friendly. Isn’t this gorgeous dashboard impresses you to have your tasks over here ?

Hybrid OneDrive

Depends on your Decision to host services either On-Premise or Cloud, OneDrive can sit anywhere you want. If ABC Corp do not want to expose their user’s content to the cloud, they can keep OneDrive (MySites Ultimately) On-Premise. Or simply go for Office 365 and let it host the service so that there is no additional storage cost or management overhead for ABC Corp.

App Launcher Becomes Hybrid Ultimately

App Launcher was introduced in to SharePoint 2016 now. This was one of the attraction used in office 365 to make the navigation of Apps easier. With the configuration of Hybrid Services, you will get the App Launcher of your In-Premise SharePoint Portal modified accordingly. Each link will direct your users to relevant destinations without hassling around.

Hybrid Search What if you could get a single Unified Result set even though you have content in On-Premise Sites and SharePoint Online Sites ? That’s the whole idea of Cloud Search Service application which delivers the capability of Crawling your On-Premise and Online content centrally yet unified. The Results Highlighted are from On-Premise Content and others from Cloud (SharePoint Online). Cloud Search Service Application is a ultimate Standout here.

Lot more to write about and I will keep posting on configuration of Hybrid features soon as well. till then happy flying towards cloud folks !