Wednesday, May 8, 2019

PowerApps Illustration

All,

I have created some illustration around PowerApps in Office 365. Initially it was creating many confusion about below questions.

What is environment?
What is CDS?
What is CDM?
Why all these needed?

Thought about some pictorial representation around it understand in a better way. Find the details below and share your views and comments to make it more accurate.

1. Overview of PowerApps in Office 365

2. Tenant admin can control or administrate and app or environment or resources or DLP etc

 3.  Whenever a new user signs up for PowerApps, they are automatically added to the Maker role of the default environment. The default environment is created in the closest region to the default region of the Azure AD tenant
 4. If user assigned with contribute, maker and environment admin access

Sunday, March 17, 2019

Office 365 StaffHub retirement-

Effective October 1, 2019, Microsoft StaffHub will be retired. We're building StaffHub capabilities, including schedule and task management, into Microsoft Teams. To learn more, read Microsoft StaffHub to be retired.
Microsoft has announced that Office 365 StafHub will be replaced by Shift. Find more details here https://docs.microsoft.com/en-us/microsoftteams/teams-for-firstline-workers/microsoft-staffhub-to-be-retired

Allow corporate announcements to StaffHub members 

StaffHub has a feature to make this announcement to all StaffHub users. Find the details below

Send corporate announcements to all StaffHub members


But it is bit challenge to inform only StaffHub Team managers. The PowerShell module does not any commends to get list of Team Managers.

Find the script which will give all StaffHub Team managers from current tenant.

Function ConnectToStaffHub
{
    #install StaffHub module
    #InstallInstall-Module -Name MicrosoftStaffHub  

    #Capture global administrator credentials
    $cred=Get-Credential

    try{

        #connect to StaffHub
        Connect-StaffHub -Credentials $cred
        MsgLog -Msg "Connected to StaffHub successfully" -Cat "1"
    }
    Catch{
    
        MsgLog -Msg "StaffHub connection failed"  -Cat "3"
        MsgLog -Msg $_.Exception.Message -Cat "3"
    }
}

function MsgLog($Msg,$Cat)
{
    # set the new color based on category
    if($Cat -eq "1"){
        $foreColor="Green"
        $Msg= "Success : " + $Msg
    }

    if($Cat -eq "2")
    {
        $foreColor="Yellow"
         $Msg= "Warning : " + $Msg
    }
    if($Cat -eq "3"){
        $foreColor="Red"
         $Msg= "Error : " + $Msg
    }
   
    # output
    Write-Host $msg -ForegroundColor $foreColor

}

Function GetStaffHubManagers($csvPath)
{
try{
    #Get all staffhub teams for tenant
    $teamsColl=Get-StaffHubTeamsForTenant   
    $hubColl = New-Object System.Collections.ArrayList

    for($a=0; $a -lt $teamsColl.Id.Count; $a++){
        
        $members=Get-StaffHubMember -TeamId $teamsColl.Id[$a] `
        | where IsManager -EQ "True" `
        | select Email, State, DisplayName
        
        $temp = New-Object System.Object
        $temp | Add-Member -MemberType NoteProperty -Name "TeamName" -Value $teamsColl.Name[$a]
        $emails=""
        $DispNames=""

        foreach($mem in $members){
            $emails =$emails+$mem.Email+";"
            $DispNames =$DispNames+$mem.DisplayName+";"
        }        
        
        $temp | Add-Member -MemberType NoteProperty -Name "Email" -Value $emails
        $temp | Add-Member -MemberType NoteProperty -Name "DisplayName" -Value $DispNames

        $hubColl.Add($temp) | Out-Null
    }
    $hubColl | Export-Csv -Path $csvPath

    MsgLog -Msg "StaffHub information exported" -Cat "1"

    }
    catch{
        MsgLog -Msg "Error : Extract failed" -Cat "3"
        MsgLog -Msg $_.Exception.Message -Cat "3"
    }


ConnectToStaffHub
GetStaffHubManagers -csvPath "C:\KMSlab\StaffHub\Export-Csv new.csv" 

Get it from GitHub https://github.com/kmsrajan/O365/tree/master/StaffHub

Sunday, March 3, 2019

Enable IRM in OneDrive For Business

Information Rights Management (IRM) can be used for restricting permission to content in documents, workbooks, and presentations with Office. IRM lets people set access permissions to help prevent sensitive information from being printed, forwarded, or copied by unauthorized people.

Read more about  Information Rights Management in Office 365

IRM can be used in SharePoint Online and OneDrive For Business contents. SharePoint Administrator or Global Administrator has to enable IRM at tenant level, so that Office 365 tenant users can use this service on their contents.

How to Enable IRM in OneDrive For Business?

Make sure IRM enabled at tenant level. If not enabled then follow this article


  • Login to Office 365 Portal
  • Open OneDrive For Business
  • Change the modern mode to classical mode
  • Click on Settings
  • Search "Site Contents"
  • Click on Site Contents
  • Hover over mouse on Document and click on ellipses icon (⋮) and click on Settings
  • Click on "Information Rights Management" link under "Permission management" Section
  • Enable & configure IRM feature for OneDrive For Business
  • Click on OK button to save the settings



Enjoy protecting your information in Office 365.


Tuesday, February 12, 2019

O365: Create Planner task from Teams Message

There are many new feature keep coming in Office 365 but there are room for more improvements. Now a days Microsoft and their customers promoting MS Teams for easy collaboration.

MS Teams promoted as easy collaboration tool. Yes, with certain extend. We stopped sending email to team member instead sending Teams message.

How to do any follow up when lot of messages floating in any channel
How to mange tasks from multiple teams and channels

If project team wish to create a new Planner task from MS Teams then there is no feature available in MS Teams. It is be disappointing and question comes on "Is it easy collaboration tool?"

How to create new Planer task from MS Teams message using MS Flow?

  • Create a new MS Flow from empty template
  • Set MS Flow trigger as "When I am mentioned in a Channel message"

  • Initialize a variable
  • Check if Teams message contains subject. If Yes, then set Subject as title else set Teams messaged by as title.

  • Create a new Planner task using planner connector and configure remaining parameters

  • Use Conversion connector to convert the message body to plain text from HTML content type.

  • Update the Planner task description

  • Save the change, Enjoy doing follow up on Teams message.

Verification


Run the flow
Create a demo task and tagged to an team member
Find a new task created and assign to a team member



Tuesday, January 1, 2019

Setup free Office 365 subscription

Microsoft offers a developer 1 year free Office 365 subscription for 25 user licenses. Go ahead, subscribe yourself  and enjoy with Office 365

https://docs.microsoft.com/en-us/office/developer-program/office-365-developer-program-get-started

Thursday, May 10, 2018

The user or administrator has not consented to use Azure Analysis Service Client

Happy today because spent too much time to find out the issue happened in our Azure Tenant. The issue is very simple but took more time to reach the location.

Background:
Our development team have registered a AAD app for automatic refresh of Azure Analysis Service model using Azure Function Apps
The App Registered successfully in AAD and added Azure Analysis Services API Read&Write All model permission (It is bit confusing as the permission text is  Read&Write All Models)
The function App was not refreshing the model as expected.
Then  in addition the AAD App url is updated as “https:// northeurope.asazure.windows.net” (Does anybody think any thing wrong here) by development team.
Suddenly all Azure Analysis Service authentication got broke in our tenant including production services.  Unfortunately this incident happened in a long weekend(4days off 😝)
A support ticket raised with Microsoft and Azure support team asked us to delete the newly registered AAD App, then all service got started working.
As expected a huge escalation by customer, all appreciation got in the past is wiped off.
Unfortunately our team did not get  a chance to interact with Microsoft Support team and no error details shared.

My Involvement:
I am beginner in Azure but a bit curios to analyze what went wrong and took the responsibility but did not aware of the  pain at that time.
Spent around a week time, created multiple scenarios and different combinations but finally ends with nothing. The error was not reproduced.
Posted in Microsoft technical forum, but public contributors replied “I am wrong” , “We will not address the resolved issue”
Then again digged futher and got  clue from developer that  AAD APP url is updated  as “https:// northeurope.asazure.windows.net”
Then narrowed the investigation towards that direction

Investigation:
Registered a new app in AAD
Added Azure Analysis Services API Read&Write All Model  permissions
Updated the AAD URL as “https:// northeurope.asazure.windows.net”
Prepared following PowerShell Script

Install-Module -Name Azure.AnalysisServices
Install-Module -Name SqlServer
$UserCredential = Get-Credential
Login-AzureRmAccount -Credential $UserCredential
$Rolloutenv = "northeurope.asazure.windows.net"
Add-AzureAnalysisServicesAccount -RolloutEnvironment $Rolloutenv -Credential $UserCredential

Tried connecting to Azure Analysis Services using common resource name as specified in the script
Got following error

Add-AzureAnalysisServicesAccount : AADSTS65001: The user or administrator has n
ot consented to use the application with ID 'cf710c6e-dfcc-4fa8-a093-d47294e44c
66' named 'Azure Analysis Services Client'. Send an interactive authorization r
equest for this user and resource.
Trace ID: 257d729a-680e-4bea-8b43-86ac839e2f00
Correlation ID: 257d729a-680e-4bea-8b43-86ac839e2f00
Timestamp: 2018-05-09 13:09:27Z
At line:3 char:1
+ Add-AzureAnalysisServicesAccount -RolloutEnvironment $Rolloutenv -Credential
$Us ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
    + CategoryInfo          : CloseError: (:) [Add-AzureAnalysisServicesAccoun
   t], AdalServiceException
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.AnalysisServices.Datapl
   ane.AddAzureASAccountCommand


Understood that the AAD App Url wan the culprit which has stopped all authentication of Azure Analysis Services
When I checked the GUID in internet I got below post where GUID used a resource in the source code.

https://www.csharpcodi.com/vs2/3376/BusinessPlatformApps/Source/Test/Microsoft.Deployment.Tests.Actions/AzureTests/ServicePrincipalTests.cs/

The I was able to relate the GUID and Error massage.

Conclusion:
Admin consent error thrown when accessing Azure Analysis services by any application or source code in our tenant.
o Application requested for Azure Analysis Service Access in AAD
o ADD found a AAD APP with “https:// northeurope.asazure.windows.net” as application url.
o AAD redirect the request to AAD app created by development team
o But the AAD App was neither actually requested resource nor Azure Analysis Service API Read & Write All model permission consented
o As a response from AAD, “application is not consented”

Learning:
AAD is common  instance for a tenant. All development, QA and Production resources registered and maintained in same AAD.
So when we register a AAD app, we have to be more conscious and aware for consequences before giving permission to it.
Do not update AAD App url with any resource URL because it will create a huge impact.
Microsoft need to apply a additional validation on AAD app Url that “Common resource Url should not be allowed”

Wednesday, March 28, 2018

Access SharePoint online documents using Microsoft Graph API

Hi,

Microsoft Graph API is one of the great feature which allows to access most of Office 365 services/objects from single endpoint. Recently I was asked to check the possibilities of accessing SharePoint Document libraries using Microsoft Graph API.

Well it is possible, find below the procedures used for accessing the document libraries.

Format:
https://graph.microsoft.com/v1.0/sites/{domain name}:/{named space}/{site collection name}:/drives

Example:
https://graph.microsoft.com/v1.0/sites/kmsys2.sharepoint.com:/sites/accounts:/drives

kmsys2.sharepoint.com: is my SharePoint online domain
accounts: is my SharePoint online site collection
drives: is signature for SharePoint document libraries