Monday, October 26, 2020

What's New in Microsoft Teams | Microsoft Ignite 2020

What's New in Microsoft Teams | Microsoft Ignite 2020: Today at Ignite, we are announcing a ton of new capabilities to help people stay connected, collaborate, and build solutions in Teams. Here’s what’s new in:   Meetings Meeting room experiences Calling Chat and collaboration Microsoft 365 integrations Firstline Workers Healthcare Security and compli...

Sunday, May 24, 2020

Self Service Password reset (SSPR) in Azure

Self service password reset is a Azure Active Directory feature which enabled end user to reset their password by them self without contacting IT support.



Affected platform

Office 365

License requirement

Implementation roles

Global admin

Enabled Self Service Password Reset

Create dynamic membership groups

Rules can be used to determine group membership based on user or devices attributes. Basically it is a security group and the members inside the security group keep coming in  or going out based on user's device's properties.

Find all properties and operands that can be used in the rule at below article.

How to create membership group
1. Go to Azure Active Directory
2. Click on Groups --> New group and select membership type as dynamic user

3. Add membership rule, In this case get all users from country INDIA

4. Click on validate tab to check the rule

5. Add users who country set as INDIA

6. Verification is success

7. User added in the group

Thursday, May 21, 2020

Layers of access in SharePoint Online

Office 365 SharePoint Online is providing multiple layer access to the customers.  Many of us spent lot of effort to protect the content and grant the correct access to the content that resided in SharePoint.

There are multiple layers of access is available in SharePoint Online. Look at all layers in below image.

SPO layered security

e,g scenario for above image

Allow external users with signing-in using their account. Site owner can decide upon content access to external. If need restricted access to a site then SPO Admin can restrict specific site from externals.


Monday, March 2, 2020

Microsoft 365 Enterprise - Identity and Authentication

There are two types of identity in Microsoft 365

1. Cloud only: The user account created and resides in Azure Active Directory
2. Hybrid: User accounts are stored in both on-opem and Azure. Active Directory Domain Services (ADDS) stores the users credentials. It is an authorized source and Azure Active Directory is synched set

Hybrid Identity:
1. AD Connect is responsible for synching user account to Azure Active Directory

Hybrid Identity Authentications
1. Managed Identity
2. Federated Identity

Managed Identity types:
1. PHS

2. PTA

Saturday, February 22, 2020

Office 365 security & compliance role groups

Microsoft is introducing lot of new feature very often in Office 365 platform. Some of the are belongs to Security and Compliance.  But as usual there are some issues with administration. The issue is very simple for e.g  if any body wants to drink juice then the customer will have buy minimum 5 liter juice.

Yes, that is the situation. If the same user wants to get retention, records and disposition management then this scoped role groups are not available in user admin center. To assign the role, the tenant administrator have to create the separate custom role groups to achieve similar requirement.

Even after creating custom roles, those roles will not be visible in either in Azure or Office 365 portal. The tenant admin need to add the user directly in the role groups.

Therefore, I would like to recommends below roles for Record management.

Custom Role Group Name: Record operator
Roles to be added: Record management, Audit log view only

Custom Role Group Name: Retention management
Roles to be added: Record management, Retention management, Dispassion management

Challenges with SharePoint Online store app

We had worked on requirement for one of our customer. Customer bought license for on-prem product. As a compliment the product offers a free app for SharePoint from Online store.

But the licensed product is not for entire organization, only 10% employees using that on-prem product.  We were asked to make the app available to only those 10% people but no luck.

If user request app from SharePoint Online site, Once it is approved by SharePoint Tenant Admin then the app status shows approved from pending approval but now able to add the app to the site.

Raised a support case with microsoft, Microsoft reported the the app has to be first deployed in the SharePoint Online tenant catalog which is very unfortunate.

If the app is deployed at tenant catalog level then the app is visible to all Site Onwer/Site collection administrators.

Another issue is that, the deployed app is not available in the app catalog.