Office 365 and more

I just kept thinking why can't I just use the Azure Information Protection (AIP) Label as an Office 365 Label. If you think about it using the AIP label sounds so logic. You have the security with AIP your data is encrypted and secured. However you want to enable other things like Data Loss Prevention (DLP) on the content Making an AIP Label visible in Office 365 label is not possible at this moment BUT Microsoft is working on it. I heard the planning is somewhere end of Q1 2018 or later. I understand from Microsoft standpoint that it's not easy combining a tool they bought (AIP was bought from Secure Island back in the end of 2015) with other technology the fact they got AIP up and running so quick is a big achievement.  In a demo they gave during Ignite 2017 Microsoft showed that it is going to be possible to combine AIP and labels so that's pretty cool. You can find the video here . I created an image so you get an idea of what I'm talking about. Left is AI...

I didn't want that the search results were being loaded before I had fired of a query in the search box. To prevent SharePoint from starting you can use the Query below. {?{SearchBoxQuery} (path:"<URL>") (IsDocument:"True" OR contentclass:"STS_ListItem")} This way you can search in a specific library for a certain contenttype but it won't load the data till the SearchBox has been entered.

In this article I'm describing the 5 levels of security for BYOD (I know Level 0 is 6 but I'm not counting that one). These 5 levels can help your environment to work open and safe with data on an enterprise environment. Level 0 - Lock Don't leave phones/tablet's/laptops un-locked on your desk. This is a no-brainer. Level 1 - Password The Password! I'm not talking about the pattern you have to draw on your Android phone or the swipe action to unlock the phone. No, real passwords! The password creates the feeling of security for the user. However the password is also the most vulnerable. We all have the password managers and the Camel method we all talk the Breezer language as they used to call it. Passwords like P @Ssw0rd123  are not uncommon. Or we all know the Welcome01 introduction passwords or what about @ppForApplication01. Do you want to check if your password has been Pwned you can check at https://haveibeenpwned.com/passwords . My 10 cents ...

I was asked to look at an Excel sheet that was giving an error stating that an external connection could not be established. Excel online was stating that there was a link in it and so did Excel. That was the easy part, the hard part was finding the external connection and removing it. Excel (desktop) will warn you of any link that cannot be established, and Excel will ask you what to do with the error. You can do a few things (see image below) Edit links options   Everyone would normally choose "break link" and let the problem be fixed, however Excel doesn't allow this. Excel won't state why not or where the reference is but   it won' t remove it either. So how to go about finding this link and removing it? Below I have put my questions I asked myself and the steps I took to see if the link was there. In which worksheet is the problem? The answer to this question is pretty simple, remove the worksheets one by one. Excel shows in the info if there...

Editing meta-data is something you might want to do during the use of a library. However if you adjust meta-data you also adjust the modified date. This you don't want because you don't need people to know that you adjusted something, that's confusing. A great solution for this is using the export to Excel feature in Sharegate to adjust the metadata. First you click on the icon Excel in the top left corner of the tool  Export selection to Excel to export the data into Excel Adjust the meta-data in Excel  Using the Excel button Import the data from Excel Sharegate wil adjust the metadata but not the modify date, very cool feature!

Security is /has been booming for a while now. Everywhere you read about the amount of data being leaked. Now just yester day a  contractor named  Deep Root Analytics put a database online with 198 million potential voters open to download for the public on an Amazon S3 storage server. Well that person will have the worst day of his or her life.  Is this an uncommon thing? Well no, people are leaving data everywhere. We are very sloppy with our or the data of someone else. USB sticks, phone or laptop stolen, e-mails with data, We dump data everywhere and it's scary. In this article I'm going to talk about what my solution would be to prevent any harm being done after a data breach. Methods Let's start by just going through some possible solutions. Not just talking about the data itself but also the identity and the devices that a company uses. Lost or stolen credentials Try using Multi factor authentication (MFA) to enhance the security of the identity. You cou...

So the world of tech is not slowing down at all at this moment. Some very cool stuff has been going on recently. Let's start one by one and talk through what the tech is and what it can do. Everybody get's a blockchain! I think the word blockchain has been shouted out in recent weeks/ months. If it's about the price of bitcoins (currency that runs on a blockchain) going through the ROOF or how Ethereum is taking over the world with it's new blockchain. So what is the blockchain? The video below explains it pretty short and sweet. The possibilities are endless. The easiest ones are removing banks from the process of transactions. But you could also use blockchain to register what steps a product has been through before it reached it's destination. OK, so we got the blockchain covered but what about Ethereum or Ether. Ether was created as a new and improved version of Bitcoin. Ether is not only decentralized money but also a decentralized computer making the po...

Taking care of your identity is in this world one of the most important things to do. Loosing your (virtual) identity can cause a lot of problems for yourself (reset account, password, data loss etc.) and the company (risk of data loss). Managing an organization with a lot of accounts can be a time consuming job. Luckily Microsoft gives you Azure AD Identity protection to help you manage this. To play around with Identity protection you should try this playbook  here . Do keep in mind that it takes a while to show the message. I installed a Tor browser and logged-in onto the O365 environment but it took at least 10 minutes before a message popped up. A good way of keeping up-to-date without having to log-in into the portal is by e-mail. Microsoft can send you an e-mail daily with an update of accounts that are in danger. You want to know more about Azure AD Identity Protection? Take a look at the sites below. https://docs.microsoft.com/en-us/azure/active-director...

So last night I was working on something I don't do very often, upgrade an old phone to a new ROM. Long ago I upgraded my Nexus tablet (2003) to new Cyanogenmod version. That went pretty smooth but I forgot to note all the steps down. So when I wanted to update this old Samsung Galaxy Nexus (Maguro) to a new lineage OS I had to look-up all the steps I had to do. Now to make my life easy I'll just note them down here. Let's start with installing ADB, Fastboot and drivers ( XDA developers ) So I set it all up, got my phone running in Fastboot mode but now I ran into the problem that the command prompt was "Waiting for device" when typing in a command. - I was able to fix this issue by installing the tool "PDA+" ( http://pdanet.co/ ) that works really well.  So I unlocked my phone by using the command Fastboot oem unlock Now I was able to move on to setting up a recovery tool on my phone. Off course I chose TWRP - Setting it up is explained  Here -...

I always wonder why Microsoft would use a word like "Modern" or "Power" to emphasize on the tool. For example you have Power BI and now the Modern Approval. What happens when Power BI is replaced by another BI tool? Do you get Power+ BI or a "More modern" approval? So Microsoft introduced their "Modern" version of an approval,  they called it Modern Approval. It enables users to get a new approval experience and more functions that come with it for example: Approve an item directly from your phone Approve an item in the Flow app on your phone Approve item on the Flow website Here is the first thing I find a little disappointing. There is no approval in Outlook directly, you have to go to the Flow site to approve or reject an item. On the phone it's fine, you get a notification from the Flow app (if you have that installed) and you can directly approve or reject but if you get an e-mail you will be sent to the Flow App.  The video...

Wow somebody said about 2 years ago "Azure is going to be big" well no shit sherlock back then it was already BIG now it's just getting BIGGER. I've been trying out all sort of features in Azure and I'm amazed how it's all possible in the Cloud. From Stream analytics, VM's, Storage to Bots, AIP , Privilege identity management  etc.. So many possibilities! Sure some things are not new and just arrived from the On-premise environment to the Cloud but still. My hat is of to the guys that make it all possible. So I've talked to colleagues about it for a while now but I've never really gotten anything on Paper. BOTS! Recently I saw an article on Twitter about the QnA maker from Microsoft in Azure and that was the starting point of building my own bot. Now you want to build your own Bot? Below is the steps you can take that will help you build one. Get an Azure subscription  Go to  https://www.microsoft.com/cognitive-services/en-us/qnamaker Here is...

A client kept telling me he was having issues adding new columns to a SharePoint (Office 365) list. He would add the field named Order  and SharePoint would name the field name N0G23  or something other random. I tried finding the issue and I just couldn't understand, I never got this problem. So what seems, it's the Quick edit mode in SP that's the killer. It seems that SharePoint doesn't check if the field already exists or not it just adds a random name as field name to prevent it from having a conflict somewhere. It's pretty nice if you just want to use a column but it's not cool if you need to access that list and you expected a column to be named Order instead of N0G23.  Reference: https://whitepages.unlimitedviz.com/2014/12/this-column-name-is-not-what-you-think-be-careful-with-column-names-in-sharepoint-2013-office-365/

What a way to start of the month with another Blog on Privilege Identity Management (PIM), great stuff! In my last blog on PIM  here  I talked about some of the features that are possible. In this blog I want to talk about whats inside, how does it look and feel. Let's start by the beginning. PIM Starting 1. Activating PIM - to do this you should have Azure AD premium Plan 2! If you don't have this you can request a 30 day trial. Once you have that up and running the next step is to activate PIM. 3. There you go that wasn't very hard now? Let's continue by selecting the Role you want to define further. Click on "Global administrator" and click on Next. 4.You can now choose the people you want to make eligible for this role. Note: Eligible means this person only has this role for a period of time not permanent. 5. Click on Next to see the last screen and to confirm by clicking Ok.  Your all done now. So now you enter the PIM environment. The...

I needed a way to add multiple secondary  site collection admins to a single SharePoint site with the use of PowerShell. The script below helps me with this. There are multiple ways of doing this however I found that using the PnP version enables to set the Secondary owner and not the default. You can use Set-SPOSite  if you want to set the default site collection admin. ---------------------------------------------- #Admin Variables $Adminurl = "SharePoint admin URL" $adminAccounts = "Admin 1 comes here","Admin 2 comes here" #$cred = Get-Credential #Sitecollection $SiteCollection = read-host "Put your sitecollection URL here" #Connect to SPO $credential = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $SecurePWD Connect-PnPOnline -url $Adminurl -credential $cred write-host "Connected" -foregroundcolor green #Set secondary siteCollection Administrators of site collection Set-...

PIM(P) your role Sometimes you just come across an awesome feature in Azure. I find PIM (Privileged Identity Management) to be one of them. Let's discuss a scenario. Your the IT Manager of a big/small company and want to have someone from outside/inside the company to create something in Office 365. However you want to prevent this user from being able to have Admin credentials after the job is done. Normally you would have to keep an overview of who has admin rights in Office 365 and remove the permissions once their done. Here is where Privileged Identity Management comes into place. I've had a few companies that granted me Admin rights but once I was done didn't take me of the list. I could access the admin center even a YEAR  later. I told them but this could have been prevented by using PIM. Question: Do you keep track of everyone that is Admin of some sort in Office 365 (e.g. Global, SharePoint, Exchange, Skype etc.)?  I find PIM a good way to manage this...

I had been looking for a way to "reset" SharePoint Designer so it would ask me for my credentials again. After a lot of searching on the web I came across this tip and it worked! Step 1: Go to User Accounts in the control panel > User Accounts and Family safety > User accounts Step 2: Click on Manage Credentials in the left menu. Step 3: Click on Windows Credentials  to see the list of sites that Windows has stored your credentials for. Step 4: In the list find the account that you want to remove. Select it and click on remove . Step 5: Restart SharePoint Designer and click on the site you want open. SharePoint designer should ask for your credentials now. Credits go to: http://stackoverflow.com/questions/1098282/sharepoint-caches-incorrect-credentials

When you have content approval activated on your library and you want to use a workflow, the following statuses are being used. Status ID Approved 0 Rejected 1 Pending 2 Draft 3 Scheduled 4 This makes it easier to use workflows in combination with the content approval. Do keep in mind that when you are to update the metadata of the item you are "approving" once you update the item the status will be put back to "Pending".

I love to see how AI is evolving in the past years. AI recognition of items getting better day by day. In the past I played around with AI draw from Google a few times. Now Google has a new one called Auto Draw. Auto draw recognizes items you drew and shows a (well) drawn version of it. For example my drawing of the Eiffel Tower in Paris. I know, I'm a natural;) I think most people would say it's a letter or something stupid but not AI, it saw it's possibly the Eiffel tower. Input Result Great stuff! I drew a perfect Eiffel tower with minimal input. I just love the power of AI.  Try it yourself at:  https://www.autodraw.com/  or try the AI game to draw an object that AI can recognize.  https://quickdraw.withgoogle.com/

I think an import feature I wanted for a long time. Multi task members. How often I came across moments where I wanted to have 2 people working on one task, till now this wasn't possible in Microsoft Planner. Now it is! Now I'm going to wait till they make it possible to customize the Progress status.

We all know the problem that Workflows don't work when an item has been adjusted by the system account (Online it could be called SharePoint App). To workaround this issue you can use Flow  instead of SharePoint Designer. Flow checks every now and then to see if the conditions are met, so Flow doesn't care about the account that has changed it. I used this fix to adjust a field and trigger the workflow that normally wouldn't work because of the system account. It's not the most beautiful solution but hey! It works!

So I bought a Raspberry PI III (3) a while back just to install Windows IoT core on it. Well after another power supply and getting Noobs to work I got Windows IoT core 10 on my RP. What do you see? Well not much to be honest (see below). It's running that's for sure. Well after the RP got running I hooked it up to Azure to do some cool things with it (in my mind). So connecting it to Azure wasn't that hard luckily, see below. Nailed it! Ok, now what? I think of building an App to just make a light go on and off via the RP in Azure. The Idea of having something connected to the cloud and making it work is so cool!  To be continued.

Well I wanted to talk a little more about Conditional Access. However because of the fact that you need Azure Active Directory Premium and I don't have that at this moment I'll skip this one for the time being and go on to another topic.

In my last post I talked about Azure Information Protection (AIP). It was a way of getting a good sense of security in the Cloud. Today I want to talk about a very important feature in Azure: Azure Active Directory (AAD). AAD is a good place to start with security. Users that are allowed or prevented from logging in is your first line of defense. In preview AAD is not something radically new. Microsoft created the Management portal om the new Azure Portal to make it look and feel like the new portal. At this moment the most users will have to use the old portal for AAD but once the new management portal is out of preview we are good to go! What has changed? So who cares? It's a new Mangement portal for AAD. To be honest nothing has really changed, Microsoft just changed the look & feel of the new portal. 3 versions There are 3 versions of the AAD: Free, Basis and Premium. See the link below to decide what versions of AAD you need. Overview AAD subscriptions F...

Let's start with one of my favorites (till now). Azure Information Protection (or AIP). Just imagine the following example: You are working on your Word document and you want to send this document to an external person. You e-mail that document as an attachment. The person opens this document, reads it and puts it on an USB stick to take with him. The USB stick get's lost! Now the document can have fallen into the wrong hands! Now what? OK this is a little bit of a roman but hey it could happen! Active Director Rights Management  First let us go back in time to when AIP didn't exist and there was  Active Directory Rights Management Services .  This was a server role that could be installed on Windows Server 2008 R2, it exists since Windows server 2003! Back then it was called RMS. The RMS client is available  from Windows 2000 and later. So what does RMS do? To explain in simple English: Information with RMS on it has certain policies with it  that ...

So, I decided to start making a set of blogposts about the different features in Azure. I think it's a good way for me to learn more about Azure. Every few days I'll discuss an Azure feature which I came across. Few days ago I showed Application insights. #WhatsInAzure For more info see my references below. Reference: https://azure.microsoft.com/en-us/ https://www.microsoft.com/en-us/learning/azure-skills-training.aspx https://azure.microsoft.com/en-us/blog/topics/security/

So here is the thing. I want to have some analytics on SharePoint online but I don't want to use Google Analytics. I know there is an Office 365 adoption package for PowerBi, been there done that. However I'm missing 1 big feature! That one feature is: User flow User Flow Google Analytics Where do users go when they're on SharePoint? What do they click what pages do they visit? I want to know where the users go in en come out again. Sure with Analytics of Office 365 in the Admin portal or the Adoption package you get a good sense of what is happening in your tenant but you never really know what path they walk. So let's get the grocery shopping list: Data, we need the data. Where do I find the correct data? Ok we need a dashboard, PowerBI Desktop should do the trick We need the Sankey Diagram, that's the diagram Google Analytics also uses Well part 1 is hard to find, I'm not sure if I'm looking in the right spot but I found Application Ins...