Author Archives: jstocker

OneDrive NGSC for SharePoint Team sites is now GA

Yesterday 1/24/17, Microsoft announced (here) that the OneDrive Next Generation Sync Client (NGSC) which replaces the older Groove.exe sync client now supports syncing SharePoint Online document libraries (sorry, no NGSC for on-premises SharePoint).

First verify that the build number is 17.3.6743.1212

It is supposed to automatically update but you can also download it from: http://onedrive.com/download

If you were previously participating in the preview build so that you could test out this feature, you previously had to deploy a registry key called “TeamSitesPreview” to enable syncing SharePoint Team sites.

Now, as long as you have the client build 17.3.6743.1212, then the registry key is no longer necessary.

However, if you don’t have the registry key then you will need to change a brand new setting that just appeared in the SharePoint Online Admin Center called Sync Client for SharePoint.
As you can see in the screen shot below, the setting for ‘Sync Client for SharePoint’ defaults to ‘start the old client’.

Important: This needs to be changed to ‘start the new client.’

So if you don’t have access to your SharePoint tenant to change the default sync client for SharePoint to use the new client, you can use the registry key to override it locally on your system.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive]

“TeamSiteSyncPreview”=dword:00000001

 

Tip: If you are in there modifying the tenant, you might as well change the “OneDrive Sync Button” is set to “Start the new client.”

These changes take several hours to propagate. To check that they’ve propagated, go to a SharePoint Online site and click Sync. In the browser dialog box that confirms the request to open a program, the “Program” should appear as “Microsoft OneDrive” and the “Address” should start with “odopen://”

Troubleshooting

If you see either the OneDrive Setup Wizard or a dialog box asking “Which library do you want to sync?” after clicking “Allow” in Internet Explorer, then see Known issues for instructions on how to enable SharePoint site setup in Internet Explorer. There is a known issue that is actively being investigated by Microsoft: If you are using Windows 7 and your SharePoint Online site is still using the classic UI rather than the new modern UI, then you will need to use Edge, Chrome or Firefox until the integration issue with Internet Explorer is resolved.

 

On a Mac, you may find that you need to perform these additional steps:

  1. If you are currently using the OneDrive Mac Store app, you must first uninstall it before installing the latest build of the new OneDrive sync client.
    1. Open Finder and Search for “OneDrive.app” or “OneDriveDF.app” from “This Mac.”
    2. Move all returned items to the trash.
    3. Once you’ve removed the Mac Store app, you can install the preview build of the new OneDrive sync client.
  2. Exit the new OneDrive sync client by clicking on the OneDrive cloud icon in the Menu bar and selecting Quit OneDrive.
  3. Open a terminal window by using cmd+space and searching for “Terminal.”
  4. Run the following commands:
  5. Defaults write com.microsoft.OneDrive TeamSiteSyncPreview -bool True
  6. Defaults write com.microsoft.OneDriveUpdate Tier Team
  7. Killall cfprefsd
  8. Restart the sync client and log in again if prompted.

Reference: https://support.office.com/en-us/article/Enable-users-to-sync-SharePoint-files-with-the-new-OneDrive-sync-client-22e1f635-fb89-49e0-a176-edab26f69614?ui=en-US&rs=en-US&ad=US

How to restrict Office 365 Groups Creation to IT Department Only

Currently, an Office 365 Group can be created in OWA, the Outlook 2016 Client, Office 365 Planner, SharePoint, Microsoft Teams and PowerBI.

You may want to restrict Office 365 Group Creation to a group of authorized users (example: the IT Department): for testing, preparing support desk & training materials, etc. Then when ready, you can add additional authorized users to this group. Decide if you will use an existing Office 365 Group or Distribution Group, or create a new group, ex: “O365GroupCreators.” The catch is that the group cannot have other groups in it, group members must be users directly added.

Note: Users with higher tenant roles will always have the ability to create O365 Groups (ex: Global Admins).

Instructions:

Uninstall preview versions of Azure Active Directory Powershell

Download and install Azure Active Directory Powershell v1.1.130.0 Preview from Connect:

http://connect.microsoft.com/site1164/Downloads/DownloadDetails.aspx?DownloadID=59185

Launch Azure Active Directory Powershell, then run these commands:

  1. Connect-MSOLService
  2. Set-MsolCompanySettings – UsersPermissionToCreateGroupsEnabled $True
    ^^If this is set to $false, then the settings below will not take effect.
  3. $template = Get-MsolAllSettingTemplate | where-object {$_.displayname -eq “Group.Unified”}
  4. $setting = $template.CreateSettingsObject()
  5. New-MsolSettings –SettingsObject $setting
  6. $group = Get-MsolGroup -All | Where-Object {$_.DisplayName -eq “ENTER GROUP DISPLAY NAME HERE”}
  7. $settings = Get-MsolAllSettings | where-object {$_.displayname -eq “Group.Unified”}
  8. $singlesettings = Get-MsolSettings -SettingId $settings.ObjectId
  9. $value = $singlesettings.GetSettingsValue()
  10. $value[“EnableGroupCreation”] = “false”
  11. $value[“GroupCreationAllowedGroupId”] = $group.ObjectId
  12. Set-MsolSettings -SettingId $settings.ObjectId -SettingsValue $value

References:

https://support.office.com/en-us/article/Manage-Office-365-Group-Creation-4c46c8cb-17d0-44b5-9776-005fced8e618?ui=en-US&rs=en-US&ad=US

http://drewmadelung.com/managing-office-365-group-creation-via-azure-ad/

Sample Office 365 Group Syntax:

https://github.com/dmadelung/O365GroupsScripts/blob/master/DrewsO365GroupsScripts.ps1

OneDrive Admin Center First Look

[Post Updated 12/19 to correct the statement on Device Access with MAM settings]

At the Ignite conference, Microsoft announced (Here) that a new OneDrive Admin Center was coming before the end of 2016. It’s here now!

 

Accessing the new Admin Center is available via the hyperlink below for Office 365 tenants configured for ‘First Release.’ It is currently in preview ‘aka Beta’ and will eventually get added into the Admin menu. Until then, you need to access it via direct URL:

https://admin.onedrive.com

 

Here are my first impressions of the new admin center.

  • Better visibility into some settings that were previously only available through PowerShell

 

  • Some new MDM capabilities that previously required an Intune license

 

  • Nicely summarized Compliance Page with links for Auditing, DLP, Retention, eDiscovery, and Alerting. (No new capabilities, but it’s informative, educational and convenient to have them all listed for OneDrive Admin)

 

  • Several new settings are available in the OneDrive Admin Center that were previously not exposed in the SharePoint Admin Center:
    • Default Storage (ability to increase from 1TB to 5TB) (was previously only available in PowerShell)
      • Days to retain files in OneDrive after a user account is marked for deletion (was previously only available in PowerShell)
      • NEW Features: Device Access
        • Control access based on network location (this was briefly available in the SharePoint Admin center but was subsequently removed, but still configurable in PowerShell).
        • Control access from apps that can’t enforce device-based restrictions
        • Mobile Application Management (Requires Intune License, as this uses the Intune API to change the Intune MAM settings).

      • Allowing syncing only on PC’s joined to specific domains (was previously only available in PowerShell) here is a TechNet article on how to enumerate domain guids.
        • Block sync on Mac OSX (was previously only available in PowerShell)
      • Block syncing of specific file types (was previously only available in PowerShell)
  • Eleven OneDrive settings are not yet available in the OneDrive Admin Center (use the SharePoint Admin Center to manage these OneDrive settings)
    • External users must accept sharing invites using the same account that the invites were sent to
    • custom link expiration dates
    • Configuring the OneDrive experience (New or Classic)
    • Controlling whether all users or only specific users will get OneDrive sites created when a SharePoint license is assigned
    • Notifications (external sharing, or mobile push)
    • Show/Hide OneDrive Button
    • Script Setting that controls whether or not the ‘Copy to SharePoint’ button will appear in OneDrive
    • Ability to enable/disable IRM for OneDrive Globally
    • Ability to enable/disable IRM for individual OneDrive Sites
    • My Site Cleanup Access Delegation
    • My Site Cleanup Secondary Owner
    • My Site Secondary Admin
  • The following OneDrive settings are still only available in PowerShell and have not yet been surfaced in the SharePoint or OneDrive web admin interfaces:
    • Get-SPOTenant | ft ProvisionSharedWithEveryoneFolder
    • Get-SPOTenant | ft ShowEveryoneExceptExternalUsersClaim
    • Get-SPOTenant | ft ShowEveryoneClaim
    • Get-SPOTenant | ft ShowAllUsersClaim
    • Get-SPOTenantSyncClientRestriction | ft OptOutOfGrooveBlock
    • Get-SPOTenantSyncClientRestriction | ft OptOutOfGrooveSoftBlock
    • Get-SPOExternalUser

 

 

Here is a side-by-side comparison with the settings available in the existing SharePoint Admin Center (that apply to OneDrive)

Setting SharePoint Admin Center OneDrive Admin Center
Sharing outside your organization Same Capabilities
Anonymous Links Expiration Setting Unable to specify custom expiration date
Default Link Type Same Capabilities
Limit External sharing using domains Checkbox Same Capabilities
Prevent external users from sharing files they don’t own Checkbox Same Capabilities
External users must accept sharing invites using the same account that the invites were sent to Checkbox [Not Available]
Notifications [Not Available]
Show or Hide Options [Not Available]
OneDrive for Business experience [Not Available]
OneDrive Sync Button Same
Mobile Push Notifications – OneDrive for Business [Not Available]
Custom Scripts (determines whether or not the ‘Copy to SharePoint’ feature will be available in OneDrive) [Not Available]
Enable/Disable IRM for OneDrive [Not Available]
My Site Cleanup Access Delegation [Not Available]
My Site Cleanup Secondary Owner [Not Available]
My Site Secondary Admin [Not Available]
Controlling whether all users or only specific users will get OneDrive sites created when a SharePoint license is assigned [Not Available]
Delegating access to a OneDrive Site SharePoint Admin Center > User Profiles > User Profiles > Find the profile

Right Click > Manage site collection owners

This is not available in the OneDrive Admin Center, however, it was recently added to the main ‘Active Users’ options

SIP 500 internal server error “from or target user pool or deployment assignment is incompatible with split-domain traffic type”

Problem: User could not transfer a phone call.

Symptom: Bogus error message about split-domain traffic, with almost no articles on the internet or forums to help. Equally bogus error message was “request target is not assigned to a pool or deployment and is not a server GRUU”

Solution: Disable SIP Refer on the SFB Trunk

Explanation: Not all SBC gateways support SIP Refer, but this is the default option when creating a trunk in Skype for Business.

How to prevent Cortana from mining your web browsing history

When Cortana is enabled, information such as your calendar, contacts, speech, handwriting patterns, typing history, location, and browsing history are sent to Microsoft so that Cortana can provide recommendations.

Disabling Cortana is not as easy as you might think. In Windows 10 RTM, you could disable Cortana as shown in the screen shot below.

However, the Windows 10 Anniversary update, this toggle was removed. Home users now have to use the registry to disable Cortana, but business users can use group policy as described (here) and (here).

However, in my case, Cortana continued to send information to Microsoft. Task Manager shows she is still lurking…

 

You have to admit, that is a little creepy, right?

 

It turns out that you have to also go to the Bing settings page and clear your personal info and then turn Cortana off there too (Kudos to this Windows Central article for the tip).

https://www.bing.com/account/personalization

Click on Search History Page

Then click the Off button

Cortana is no longer leaking information but as you can see from her CPU counter in Task Manager’s “App History”, she is still alive.

At least she isn’t leaking information though! That is 1 for the Humans and 0.5 for the Robots. Hopefully that doesn’t make her mad and send her AI friend Morgan after me.

 

 

Outlook gets “Play” Button for Microsoft Cloud PBX VoiceMail

Recently, while checking my voicemail in Cloud PBX, I noticed that I now have the Play button in Outlook

Now instead of opening up the .MP3 attachment to listen to voicemails, I can simply click the play button.

image

The ‘play on phone’ button errors out, but the Edit Notes button works.

This feature became enabled when the “Microsoft Exchange Add-in” was added as a COM Add-in inside Outlook

SNAGHTML1017d3c

The timestamp on UmOutlookAddin.dll is July 31, 2016

image

I have not been able to find any announcement about this new capability.

Why PSTN Conferencing Dynamic Conference IDs are so important

Microsoft announced on Friday, August 12th that Dynamic Conference IDs are coming September 1st to Office 365 E5 PSTN Conferencing.

This is an important because it solves a privacy limitation with the current static conference ID’s in service today.

Without dynamic conference IDs, there are no great options to prevent new external callers from interrupting an in-progress meeting (that may be running long). The default ‘out of box’ configuration allows unauthenticated external callers to be admitted into the conference. The option to override this behavior is to change the policy ‘these people don’t have to wait in the lobby’ to “Only me, the meeting organizer.”

However, when that option is selected, the meeting organizer does not receive any pop-up notification to admit PSTN callers who are waiting in the lobby (they just sit there forever). This particular scenario is not directly mentioned in the “Dial-in conferencing known issues” support article. And that is why Dynamic conference IDs will be such a great thing starting September 1st! Note: Any previously scheduled meeting will not automatically have this option, only new scheduled meetings going forward after 9/1 will have this option. Also, any recurring meetings will need to be rescheduled with a new dynamic conference ID to benefit from this privacy feature.

The most useful and controversial changes in Office 365 (Part 2 of 2)

This is part 2. To read part 1, click (here).

In general, Corporate IT Departments want to control the end-user computing experience. Surprises are to be avoided. Pop-ups are anathema to Corporate IT because they result in annoying helpdesk tickets “should I click on this button?” (anyone who has ever served on a helpdesk, God bless them, is rolling their eyes because they know that non-technical people somehow cannot deal with pop-up messages. My favorite: “Should I accept this end-user agreement?” My sarcastic response: “Just click no, we can end this call now and close the ticket.” In all seriousness, surprise pop-up messages that are not communicated first by a trusted source, (“The IT Department”) can cause non-technical end-users to freeze up and panic. Therefore, changes in Office 365 that disrupt the end-user in any way (pop-up messages, etc) are seen as highly controversial (to put it mildly).

Here is a summary of the most controversial changes in Office 365 over the past six months.

The What’s new dialog prompt:

Why is this controversial? First, because this pop-up cannot be suppressed. The ‘What’s New’ dialog box will appear approximately once every 30 days to communicate changes directly to end-users. If the IT Department doesn’t proactively notify end-users about the contents of the pop-up, then this could lead to questions by end-users on whether it is a virus pop-up; many users have been conditioned (wisely) to not click on unfamiliar pop-ups.
Second, because it can advertise features that that IT Department may have disabled, leading to confusion among end-users. For example, if IT has disabled ‘Office 365 Groups’ then do you want a pop-up message to advertise features about it?

The “One-Click Archive” button in Outlook, announced on Feb 25th (here).

Why is this controversial? First, because it generates a pop-up message in Outlook that causes a non-technical person to have to make a decision.

This can lead to helpdesk requests from users seeking advice on what to decide (anyone who disputes this has never worked on a helpdesk before).

Second, because IT has no administrative controls to disable this feature. Why would someone want to disable this? Because if an Enterprise has enabled the Personal Archive feature then this button does not integrate with it, and instead creates a 2nd location to store archived messages. This leads to confusion by the end user on where to look for messages.

OneDrive for iOS App – take data offline -announced May 4th (here)

The OneDrive iOS can now take OneDrive and SharePoint files offline.

Why is this controversial? If you don’t have a Mobile Device Management (MDM) solution such as Intune deployed, how will you wipe the offline files when the employee leaves your organization?

Docs.com – announced August 4th

Docs.com
provides a way for users to Publish Office Documents externally, directly within Word/Excel/PowerPoint, or by browsing to docs.com.

Why is this controversial? If your organization has limited external sharing (for security reasons) then Docs.com allows your users to bypass controls setup by IT/Security. IT Departments who have configured URL filtering to block Google Drive, DropBox and other 3rd party file sharing sites may elect to block Docs.com, since Microsoft currently does not provide any IT controls to disable this feature. For more information click (here).

Second, because your users will be receiving a pop-up notification to advertise this feature. So even if you block docs.com via a URL filter, you cannot suppress the what’s new dialog box.

Clutter is replaced with “Focused Inbox” – announced July 26th (here)

Focused Inbox is essentially a way to quickly filter an inbox to show the most important items, similar to what Clutter promised, but with the advantage of not moving it to a separate folder. This is the same feature that has already been available to the Outlook for iOS (if you are using it).

Why is this controversial? Users will receive a pop-up prompt in Outlook to opt-in to Focused Inbox. After they opt-in, Clutter will no longer move items to the clutter folder. Read this help article for more details on the prompts users will see and how to turn Focused Inbox on and off.

IMHO – Focused Inbox is really a much better way to solve the same problem of decluttering an inbox by simply providing a user a ‘view’ of their inbox. IT should communicate the value of Focused Inbox rather than resisting it or scrambling to disable it. Office 365 admins will have mailbox and tenant level control of the feature to stage the rollout in a manner that works best for their organization. However, I feel this is a good feature that should be left on when it rolls out to first-release subscribers in September.

Honorable Mentions:

Modern UI in SharePoint/OneDrive. Did I miss any controversial changes in the past 6 months? If so, please leave a comment.

Have you been caught off-guard by changes in Office 365? Patriot Consulting offers a monthly subscription service to help IT Departments understand and prepare for upcoming changes in Office 365. Watch a brief video about our service (here) or drop us a note at hello@patriotconsultingtech.com to learn more.

The most useful and controversial changes in Office 365 (Part 1 of 2)

This is the first of a 2-part blog series highlighting the changes in Office 365 in the last 6 months (April 2016 to present).

When it comes to human attitudes toward change, I have found there are three types of people:

  • Those who embrace change
  • Those who resist change
  • Those who are indifferent towards change

This blog post (part 1 of 2) should satisfy those who embrace change, while my second post should intrigue those who resist change. Wait, why not a 3rd post for those who are indifferent towards change? People who are indifferent towards change are probably not reading this blog, as they would have read the title and sighed ‘meh’ before continuing on with their day.

  1. March 18th: Common Attachment Types Filtering for Exchange Online Protection (EOP)

    There is a new configuration setting in EOP feature that provides an easy-to-setup method of filtering out unwanted and potentially malicious attachments by their file types. This feature requires a single click to enable, and can be configured from a list of the file types commonly found to be dangerous. For more information click (here).

  2. April 19th: Office Deployment Tool allows Visio and Project (MSI) to be deployed

    alongside Click-to-Run versions

    This enables IT to deploy the the MSI versions of Visio and Project side-by-side with Office 365 ProPlus click-to-run, as long as they are deployed using the Office Deployment Tool. For more information click (here).

  3. April 14th: OneDrive for Business Next Generation Sync Client (NGSC)

  • The NGSC is 4x faster than the old engine (groove.exe)
  • Includes the highly anticipated ‘Selective Sync’ where users can leave some content in the Cloud and only sync the folders they want
  • Large file limit increased from 2GB to 10GB
  • The sync engine now supports the ‘takeover’ feature, which eliminates the need to re-download all OneDrive content after the NGSC is installed
  • Note: The last feature we are still waiting for is the ability for the NGSC to sync SharePoint document libraries and Office 365 Groups. Until then, Groove.exe must run side-by-side with the NGSC OneDrive.exe

Honorable Mentions:

Flow, Planner, Gigjam, ASM, Bookings, & “Toll Free Numbers in Cloud PBX PSTN Conferencing”

Top 3 reasons I should have adopted Outlook App for iOS a long time ago

 

1. Send Availability

How often do we get an email like “are you available to meet tomorrow.”  Now, when I reply, I can click a button and select available time slots, and with one more button press, I can quickly send my availability! In this manner, it is actually more efficient than the current Outlook full client!  The closest thing we have to this in the full Outlook  client is the  ‘FindTime’ app in Outlook.

imageIMG_0035IMG_0036

 

2. Attach Files or Photos while composing email

This is a huge advantage over the native iOS mail client, I still remember when I used an iPhone for the first time and could not find any way to attach a file to an email I was drafting. My friend snickered, “that’s because you have to go to the photo first, then click share, then draft your email.” Hmmm.. okay… I guess but that wasn’t completely obvious to me. So I love the more natural ability to attach a file after I start composing a new email. What I like even more is that it shows me files that have recently been sent to me in email, as well as files I have in my OneDrive (and other storage providers too).

imageSNAGHTML124db2f0

3. Consume RMS protected attachments sent from “RMS sharing app”

One of the main obstacles for adoption of RMS is the lack of support for it on mobile devices. Now, with the Outlook App for iOS, I can open RMS protected content when it is sent from the RMS Sharing App.  What doesn’t work is opening RMS protected email messages although it is apparently supposed to work according to this article (here). Perhaps it is a bug in the latest iOS client since it is listed as being a supported feature.

IMG_0030

No Significant Drawbacks

One of the features I liked about the native mail client in iOS is the ability for multiple mail accounts to be added (for example, the ability to quickly check both business and personal email accounts). Happily, this feature works the same in Outlook App for iOS,, and I have not found any other productivity loss.

I have occasionally come across a few instances where the Outlook App for iOS is not detected as a mail client, for example, in Safari it was not one of the default actions when I needed to forward a URL via email. I was able to easily add it to the Safari quick actions, so that wasn’t too difficult. I think there was one other native app that was looking for an account registered as a native account, which I no longer have, so it failed to work. Other than that one drawback, I am very happy with the new productivity enhancements I have gained.

So I have switched from using the native mail client in the iOS to using the Outlook App for iOS and so far I am only wishing I made this switch earlier!