Monday, October 26, 2020
What's New in Microsoft Teams | Microsoft Ignite 2020
What's New in Microsoft Teams | Microsoft Ignite 2020: Today at Ignite, we are announcing a ton of new capabilities to help people stay connected, collaborate, and build solutions in Teams. Here’s what’s new in: Meetings Meeting room experiences Calling Chat and collaboration Microsoft 365 integrations Firstline Workers Healthcare Security and compli...
Sunday, May 24, 2020
Self Service Password reset (SSPR) in Azure
Self service password reset is a Azure Active Directory feature which enabled end user to reset their password by them self without contacting IT support.
Platform
Azure
Affected platform
Azure
Office 365
License requirement
Implementation roles
Global admin
Enabled Self Service Password Reset
Create dynamic membership groups
What is dynamic membership group?
Rules can be used to determine group membership based on user or devices attributes. Basically it is a security group and the members inside the security group keep coming in or going out based on user's device's properties.
Find all properties and operands that can be used in the rule at below article.
How to create membership group
1. Go to Azure Active Directory
2. Click on Groups --> New group and select membership type as dynamic user
3. Add membership rule, In this case get all users from country INDIA
4. Click on validate tab to check the rule
5. Add users who country set as INDIA
6. Verification is success
7. User added in the group
Thursday, May 21, 2020
Layers of access in SharePoint Online
Office 365 SharePoint Online is providing multiple layer access to the customers. Many of us spent lot of effort to protect the content and grant the correct access to the content that resided in SharePoint.
There are multiple layers of access is available in SharePoint Online. Look at all layers in below image.
e,g scenario for above image
Allow external users with signing-in using their account. Site owner can decide upon content access to external. If need restricted access to a site then SPO Admin can restrict specific site from externals.
1.
There are multiple layers of access is available in SharePoint Online. Look at all layers in below image.
e,g scenario for above image
Allow external users with signing-in using their account. Site owner can decide upon content access to external. If need restricted access to a site then SPO Admin can restrict specific site from externals.
1.
Monday, March 2, 2020
Microsoft 365 Enterprise - Identity and Authentication
There are two types of identity in Microsoft 365
1. Cloud only: The user account created and resides in Azure Active Directory
2. Hybrid: User accounts are stored in both on-opem and Azure. Active Directory Domain Services (ADDS) stores the users credentials. It is an authorized source and Azure Active Directory is synched set
Hybrid Identity:
1. AD Connect is responsible for synching user account to Azure Active Directory
Hybrid Identity Authentications
1. Managed Identity
2. Federated Identity
Managed Identity types:
1. PHS
2. PTA
1. Cloud only: The user account created and resides in Azure Active Directory
2. Hybrid: User accounts are stored in both on-opem and Azure. Active Directory Domain Services (ADDS) stores the users credentials. It is an authorized source and Azure Active Directory is synched set
Hybrid Identity:
1. AD Connect is responsible for synching user account to Azure Active Directory
Hybrid Identity Authentications
1. Managed Identity
2. Federated Identity
Managed Identity types:
1. PHS
2. PTA
Saturday, February 22, 2020
Office 365 security & compliance role groups
Microsoft is introducing lot of new feature very often in Office 365 platform. Some of the are belongs to Security and Compliance. But as usual there are some issues with administration. The issue is very simple for e.g if any body wants to drink juice then the customer will have buy minimum 5 liter juice.
Yes, that is the situation. If the same user wants to get retention, records and disposition management then this scoped role groups are not available in user admin center. To assign the role, the tenant administrator have to create the separate custom role groups to achieve similar requirement.
Even after creating custom roles, those roles will not be visible in either in Azure or Office 365 portal. The tenant admin need to add the user directly in the role groups.
Therefore, I would like to recommends below roles for Record management.
Custom Role Group Name: Record operator
Roles to be added: Record management, Audit log view only
Custom Role Group Name: Retention management
Roles to be added: Record management, Retention management, Dispassion management
Yes, that is the situation. If the same user wants to get retention, records and disposition management then this scoped role groups are not available in user admin center. To assign the role, the tenant administrator have to create the separate custom role groups to achieve similar requirement.
Even after creating custom roles, those roles will not be visible in either in Azure or Office 365 portal. The tenant admin need to add the user directly in the role groups.
Therefore, I would like to recommends below roles for Record management.
Custom Role Group Name: Record operator
Roles to be added: Record management, Audit log view only
Custom Role Group Name: Retention management
Roles to be added: Record management, Retention management, Dispassion management
Challenges with SharePoint Online store app
We had worked on requirement for one of our customer. Customer bought license for on-prem product. As a compliment the product offers a free app for SharePoint from Online store.
But the licensed product is not for entire organization, only 10% employees using that on-prem product. We were asked to make the app available to only those 10% people but no luck.
If user request app from SharePoint Online site, Once it is approved by SharePoint Tenant Admin then the app status shows approved from pending approval but now able to add the app to the site.
Raised a support case with microsoft, Microsoft reported the the app has to be first deployed in the SharePoint Online tenant catalog which is very unfortunate.
If the app is deployed at tenant catalog level then the app is visible to all Site Onwer/Site collection administrators.
Another issue is that, the deployed app is not available in the app catalog.
But the licensed product is not for entire organization, only 10% employees using that on-prem product. We were asked to make the app available to only those 10% people but no luck.
If user request app from SharePoint Online site, Once it is approved by SharePoint Tenant Admin then the app status shows approved from pending approval but now able to add the app to the site.
Raised a support case with microsoft, Microsoft reported the the app has to be first deployed in the SharePoint Online tenant catalog which is very unfortunate.
If the app is deployed at tenant catalog level then the app is visible to all Site Onwer/Site collection administrators.
Another issue is that, the deployed app is not available in the app catalog.
Subscribe to:
Posts (Atom)