Saturday, February 22, 2020

Office 365 security & compliance role groups

Microsoft is introducing lot of new feature very often in Office 365 platform. Some of the are belongs to Security and Compliance.  But as usual there are some issues with administration. The issue is very simple for e.g  if any body wants to drink juice then the customer will have buy minimum 5 liter juice.

Yes, that is the situation. If the same user wants to get retention, records and disposition management then this scoped role groups are not available in user admin center. To assign the role, the tenant administrator have to create the separate custom role groups to achieve similar requirement.

Even after creating custom roles, those roles will not be visible in either in Azure or Office 365 portal. The tenant admin need to add the user directly in the role groups.

Therefore, I would like to recommends below roles for Record management.

Custom Role Group Name: Record operator
Roles to be added: Record management, Audit log view only

Custom Role Group Name: Retention management
Roles to be added: Record management, Retention management, Dispassion management

Challenges with SharePoint Online store app

We had worked on requirement for one of our customer. Customer bought license for on-prem product. As a compliment the product offers a free app for SharePoint from Online store.

But the licensed product is not for entire organization, only 10% employees using that on-prem product.  We were asked to make the app available to only those 10% people but no luck.

If user request app from SharePoint Online site, Once it is approved by SharePoint Tenant Admin then the app status shows approved from pending approval but now able to add the app to the site.

Raised a support case with microsoft, Microsoft reported the the app has to be first deployed in the SharePoint Online tenant catalog which is very unfortunate.

If the app is deployed at tenant catalog level then the app is visible to all Site Onwer/Site collection administrators.

Another issue is that, the deployed app is not available in the app catalog.