Monday, March 2, 2020

Microsoft 365 Enterprise - Identity and Authentication

There are two types of identity in Microsoft 365

1. Cloud only: The user account created and resides in Azure Active Directory
2. Hybrid: User accounts are stored in both on-opem and Azure. Active Directory Domain Services (ADDS) stores the users credentials. It is an authorized source and Azure Active Directory is synched set

Hybrid Identity:
1. AD Connect is responsible for synching user account to Azure Active Directory

Hybrid Identity Authentications
1. Managed Identity
2. Federated Identity

Managed Identity types:
1. PHS

2. PTA

Saturday, February 22, 2020

Office 365 security & compliance role groups

Microsoft is introducing lot of new feature very often in Office 365 platform. Some of the are belongs to Security and Compliance.  But as usual there are some issues with administration. The issue is very simple for e.g  if any body wants to drink juice then the customer will have buy minimum 5 liter juice.

Yes, that is the situation. If the same user wants to get retention, records and disposition management then this scoped role groups are not available in user admin center. To assign the role, the tenant administrator have to create the separate custom role groups to achieve similar requirement.

Even after creating custom roles, those roles will not be visible in either in Azure or Office 365 portal. The tenant admin need to add the user directly in the role groups.

Therefore, I would like to recommends below roles for Record management.

Custom Role Group Name: Record operator
Roles to be added: Record management, Audit log view only

Custom Role Group Name: Retention management
Roles to be added: Record management, Retention management, Dispassion management

Challenges with SharePoint Online store app

We had worked on requirement for one of our customer. Customer bought license for on-prem product. As a compliment the product offers a free app for SharePoint from Online store.

But the licensed product is not for entire organization, only 10% employees using that on-prem product.  We were asked to make the app available to only those 10% people but no luck.

If user request app from SharePoint Online site, Once it is approved by SharePoint Tenant Admin then the app status shows approved from pending approval but now able to add the app to the site.

Raised a support case with microsoft, Microsoft reported the the app has to be first deployed in the SharePoint Online tenant catalog which is very unfortunate.

If the app is deployed at tenant catalog level then the app is visible to all Site Onwer/Site collection administrators.

Another issue is that, the deployed app is not available in the app catalog.

Wednesday, May 8, 2019

PowerApps Illustration


I have created some illustration around PowerApps in Office 365. Initially it was creating many confusion about below questions.

What is environment?
What is CDS?
What is CDM?
Why all these needed?

Thought about some pictorial representation around it understand in a better way. Find the details below and share your views and comments to make it more accurate.

1. Overview of PowerApps in Office 365

2. Tenant admin can control or administrate and app or environment or resources or DLP etc

 3.  Whenever a new user signs up for PowerApps, they are automatically added to the Maker role of the default environment. The default environment is created in the closest region to the default region of the Azure AD tenant
 4. If user assigned with contribute, maker and environment admin access

Sunday, March 17, 2019

Office 365 StaffHub retirement-

Effective October 1, 2019, Microsoft StaffHub will be retired. We're building StaffHub capabilities, including schedule and task management, into Microsoft Teams. To learn more, read Microsoft StaffHub to be retired.
Microsoft has announced that Office 365 StafHub will be replaced by Shift. Find more details here

Allow corporate announcements to StaffHub members 

StaffHub has a feature to make this announcement to all StaffHub users. Find the details below

Send corporate announcements to all StaffHub members

But it is bit challenge to inform only StaffHub Team managers. The PowerShell module does not any commends to get list of Team Managers.

Find the script which will give all StaffHub Team managers from current tenant.

Function ConnectToStaffHub
    #install StaffHub module
    #InstallInstall-Module -Name MicrosoftStaffHub  

    #Capture global administrator credentials


        #connect to StaffHub
        Connect-StaffHub -Credentials $cred
        MsgLog -Msg "Connected to StaffHub successfully" -Cat "1"
        MsgLog -Msg "StaffHub connection failed"  -Cat "3"
        MsgLog -Msg $_.Exception.Message -Cat "3"

function MsgLog($Msg,$Cat)
    # set the new color based on category
    if($Cat -eq "1"){
        $Msg= "Success : " + $Msg

    if($Cat -eq "2")
         $Msg= "Warning : " + $Msg
    if($Cat -eq "3"){
         $Msg= "Error : " + $Msg
    # output
    Write-Host $msg -ForegroundColor $foreColor


Function GetStaffHubManagers($csvPath)
    #Get all staffhub teams for tenant
    $hubColl = New-Object System.Collections.ArrayList

    for($a=0; $a -lt $teamsColl.Id.Count; $a++){
        $members=Get-StaffHubMember -TeamId $teamsColl.Id[$a] `
        | where IsManager -EQ "True" `
        | select Email, State, DisplayName
        $temp = New-Object System.Object
        $temp | Add-Member -MemberType NoteProperty -Name "TeamName" -Value $teamsColl.Name[$a]

        foreach($mem in $members){
            $emails =$emails+$mem.Email+";"
            $DispNames =$DispNames+$mem.DisplayName+";"
        $temp | Add-Member -MemberType NoteProperty -Name "Email" -Value $emails
        $temp | Add-Member -MemberType NoteProperty -Name "DisplayName" -Value $DispNames

        $hubColl.Add($temp) | Out-Null
    $hubColl | Export-Csv -Path $csvPath

    MsgLog -Msg "StaffHub information exported" -Cat "1"

        MsgLog -Msg "Error : Extract failed" -Cat "3"
        MsgLog -Msg $_.Exception.Message -Cat "3"

GetStaffHubManagers -csvPath "C:\KMSlab\StaffHub\Export-Csv new.csv" 

Get it from GitHub

Sunday, March 3, 2019

Enable IRM in OneDrive For Business

Information Rights Management (IRM) can be used for restricting permission to content in documents, workbooks, and presentations with Office. IRM lets people set access permissions to help prevent sensitive information from being printed, forwarded, or copied by unauthorized people.

Read more about  Information Rights Management in Office 365

IRM can be used in SharePoint Online and OneDrive For Business contents. SharePoint Administrator or Global Administrator has to enable IRM at tenant level, so that Office 365 tenant users can use this service on their contents.

How to Enable IRM in OneDrive For Business?

Make sure IRM enabled at tenant level. If not enabled then follow this article

  • Login to Office 365 Portal
  • Open OneDrive For Business
  • Change the modern mode to classical mode
  • Click on Settings
  • Search "Site Contents"
  • Click on Site Contents
  • Hover over mouse on Document and click on ellipses icon (⋮) and click on Settings
  • Click on "Information Rights Management" link under "Permission management" Section
  • Enable & configure IRM feature for OneDrive For Business
  • Click on OK button to save the settings

Enjoy protecting your information in Office 365.

Tuesday, February 12, 2019

O365: Create Planner task from Teams Message

There are many new feature keep coming in Office 365 but there are room for more improvements. Now a days Microsoft and their customers promoting MS Teams for easy collaboration.

MS Teams promoted as easy collaboration tool. Yes, with certain extend. We stopped sending email to team member instead sending Teams message.

How to do any follow up when lot of messages floating in any channel
How to mange tasks from multiple teams and channels

If project team wish to create a new Planner task from MS Teams then there is no feature available in MS Teams. It is be disappointing and question comes on "Is it easy collaboration tool?"

How to create new Planer task from MS Teams message using MS Flow?

  • Create a new MS Flow from empty template
  • Set MS Flow trigger as "When I am mentioned in a Channel message"

  • Initialize a variable
  • Check if Teams message contains subject. If Yes, then set Subject as title else set Teams messaged by as title.

  • Create a new Planner task using planner connector and configure remaining parameters

  • Use Conversion connector to convert the message body to plain text from HTML content type.

  • Update the Planner task description

  • Save the change, Enjoy doing follow up on Teams message.


Run the flow
Create a demo task and tagged to an team member
Find a new task created and assign to a team member