CHUVASH.eu

CHunky Universe of Vigourous Astonishing SHarepoint :)

Tag Archives: Sharepoint

Renaming site urls

I saw a demo of it on the European SharePoint Conference in Copenhagen in 2018. Sebastian Fouillade, who showed this, compared this big change with brain surgery. All the urls, all the connections. But now it is possible. Today I have seen it even in my standard release tenant.

It is really appreciated. Soon it will be possible to rename misspelled sites, like “devlepment” to “development” etc.

To rename you need to go the SharePoint Admin, find your site among Active sites and click on “Edit” in the site url area.

I also can image, it will be very handy to change the url of a SharePoint site that was automatically created for a Team (through the Office 365 Group). The team might have some longer name, but a simpler url is often appreciated.

I have tried and seen that also the automatic redirects from an old site url to a new site url works.

Caveats and Limitations

mailNickname ≠ site url

Now it is even more important to not to rely on the fact that mailNickname of an Office 365 Group and Site url are the same. As Elio Struyf describes, it is not a good idea to compose a URL from the group name. I have used in PoCs the site url to get the group id:

GET https://graph.microsoft.com/v1.0/groups?$filter=mailNickname eq 'my-group' 

Now it the amount of cases where it will work, will be less.

Not all site types can change url

I have found that the App Catalog site cannot get a new url, neither sites with Publishing Features.

The official message from Microsoft

We’re making it possible for SharePoint administrators to change site URLs.

  • We’ll be gradually rolling this out to customers in mid-October.
  • The roll out will be completed worldwide by the end of October.

This roll out does not apply to Office 365 subscriptions for EDU tenants.

This message is associated with Microsoft 365 Roadmap ID 56205.How does this affect me?

As a global or SharePoint admin in your organization, you will be able to change the URL for the following types of sites (previously called “site collections”):

  • Classic team sites
  • Communication sites
  • Modern team sites that don’t belong to an Office 365 group
  • Office 365 group-connected team sites

For example, if you have a site named https://contoso.sharepoint.com/sites/Develpment, you can rename the site to correct the incorrect spelling of “development” via the SharePoint admin center.

Automatically-generated redirects will ensure that old links do not break.What do I need to do to prepare for this change?

There is nothing you need to do to prepare for this change, but you may consider updating your user training and notifying your help desk.

Learn more about changing a site address.

A user can only create 250 groups

A non-admin user can create no more than 250 resources in Azure AD. That is one of the many Azure AD service limits and restrictions. A “resource” can be an app registration, an Office 365 Group etc. But I would like to discuss Groups more in detail.

Imagine the following scenario: Your organization has disabled Office 365 Group Creation. Only IT can create new groups. A service account has been set up for creation of team sites. The application permissions are “binary”, either everything or nothing: Group.ReadWrite.All. This service account will hit the limit very soon.

To prove that, I have created a small script that creates 251 groups.

By the way, just for clarification, when create a new group, that will also create a SharePoint site.

Please don’t try this with your real account in production. The 251st request will fail:

Directory_QuotaExceeded

The directory object quota limit for the Principal has been exceeded. Please ask your ad
ministrator to increase the quota limit or delete objects to reduce the used quota.

Even if you remove, it will take time to get free slots in this limit:

Deleted Azure AD resources that are no longer available to restore count toward this quota at a value of one-quarter for 30 days.

There is not much to do about it. For App Registrations you can create and assign a custom role. But for groups there is no custom roles available.

Exceptions

It might be obvious, but still:

Admins

Admins do not have this limit. But not all “admin roles” are really admins. Those roles are excepted:

  • Global Admin
  • SharePoint Admin

Those roles are not excepted:

  • Message Center Reader

I don’t have time to try every admin role, but I suppose only admins that can change global configuration, are excepted, not the reader ones.

Communication Sites

Since communication sites do not have an Office 365 Group behind the scenes, a non-admin user will still be able to create such sites even after the limit is hit.

Workarounds and Solutions

Since my scenario for creating groups with a service account does not work, we need to seek workarounds and solutions.

Do not restrict Group Creation

That is the best one. If users can create groups/sites by themselves, then none of this would be a problem. But still, in my scenario, there is a business requirement to control the creation of groups.

Application Permissions Group.ReadWrite.All

That is exactly the opposite of my scenario. This gives that application full access to all groups and files (!). This means, that application can access all Group-Connected SharePoint Sites as well.

Microsoft creates permissions for groups

If we also had “groups” permissions for custom roles, then we could do the same way as with app registrations. Today (2019-10-25), there are only permissions for applications.

Microsoft creates new permission Group.Create.All

If there were a permission for only creating groups, that would solve the problem.

What we have today

There is a similar role: User.Invite.All, it allows only invitations, not editing All Users.

Microsoft allows exceptions per user

If there were a switch for the 250-limit per user, that would also solve the problem.

Granting the service account admin rights

Granting SharePoint Admin would solve the problem, but at what price? That is safer than Application Permissions Group.ReadWrite.All, since you need to actively add this account to the groups in order to read all the files, but this is still less secure than just a non-admin account.

Having multiple service accounts

If we had account 1..100 and we used every account 250 times. Theoretically it should work, but it is a cumbersome process. You need to keep track of how many groups an account as created, or having the right error handling. How should the password be kept safely. Should the accounts be removed when they have reached the 250 limit?

Group Creation Microservice

To overcome the limits and the ungranularity in the built-in permissions in Office 365, one way to solve it would be a tiny, but a dedicated, and secured service for creation of groups (and sites). It would still need the “hefty” Group.ReadWrite.All Application Permissions, but making it do the only thing and do it right, would mitigate the risks.

It could be a simple Azure Function that few have access to. That could be just a couple of lines of code.

Snabba diagram i SharePoint Online

Ett nytt tips på svenska: det finns en webpart i SharePoint Online: snabbdiagram.

När du har lagt till ett snabbdiagram, kan du skriva välja mellan stapel och cirkeldiagram

Du kan bara välja mellan stapel- och cirkeldiagram.
Data går att mata in direkt.

Resultatet får du direkt:

Använd data från en lista

Det går att visualisera data från en SharePoint-lista. Det är inte så mycket mer komplicerat, men det öppnar nya möjligheter. Du behöver bara hålla listan uppdaterad.

Nyttan med snabbdiagram

Det finns många olika sätt att visualisera data: PowerBI, Excel diagram, man skapa egna webparts. Men det är inte så sällan när man vill bara en liten visuell hjälp för att kommunicera ett budskap. Istället för att fastna på teknikaliteterna, kan man snabbt smälla upp ett diagram. Det gör inte heller att man behöver manuellt uppdatera sidan/listan.

Bra jobbat, Microsoft!

Bara moderna sidor

Snabbdiagram finns bara i “moderna” sidor, inte i klassiska sådana (wikisidor, webbdelssidor).

Mer SharePoint på svenska

Jag tänker använda taggen “svenska” för alla mina poster skrivna på svenska.

Troubleshooting Performance in SharePoint Online

This is my personal list of links and thoughts on troubleshooting performance in SharePoint Online.

Resources

Health info in Response Headers

Every response from SharePoint Online contains some health information:

Following Response Headers could reveal the health:

  • x-sharepointhealthscore, 0-10 score, the higher score the more loaded is the SharePoint Server.
  • spiislatency, time in ms that the request waited to be processed by IIS. Unfortunately, I cannot see this value as of writing (2019-10-14)
  • sprequestduration, time in ms IIS took to process the request. Unfortunately, I cannot see this value as of writing (2019-10-14)

Min första kolumnformatering

Jag har precis börjat med kolumnformatering, bara testat. Det är annorlunda, jag är nöjd med första resultatet. Även om det påminner om jslink som jag har jobbat mycket med, så är det mycket lättare att sätta igång:

Det är enklare att ändra, även för en icke-utvecklare. Man får en början:

Med hjälp av dokumentation av List Formatting och Office UI Fabric Icons, har jag skapat en enkel formatering som jag är riktigt nöjd med:

Det är tre Ja/Nej-kolumner, som ska sättas till Ja under processen, listan representerar beställningar. Ja/nej-kolumnerna är actions för den som tar emot beställningar. Nej är en tom röd cirkel. Ja är en full grön cirkel. Du kan se koden här.

Det är lätt som en lek att börja med. Det är där för en Citizen Developer, en användare (ägare på siten) kan lätt sätta upp mer visuella vyer. Man behöver inte längre uppdatera JSlink-attributet i kolumnen eller vyn programmatiskt, man behöver inte stoppa in en Script Editor webpart. Med lite meckande av json, kan mycket anpassas. Json som man ändrar valideras direkt.

Om det skulle bli fel (att det inte visar något värde i kolumnen), går det lätt att nollställa formateringen. Jag hade lite problem först med att sätta in alla element på sin rätta plats i json-strukturen, då kändes det bra att kunna ta bort det snabbt, innan man fortsätter att experimentera.

Sammanfattningsvis kan jag säga att det är en intressant och uppskattad funktion i SharePoint för enklare vy-visualiseringar som är lättare att sätta upp och ta bort.

P.S. Vad tycker du om att jag skriver på svenska. Om du vill ha mer innehåll på min blogg på svenska, lämna en kommentar.

Get totals from a list view using PowerShell

Today I will share a short script for getting totals from a list view in SharePoint. Imagine this scenario: you have set up a list view with totals and you want get the totals every day for statistics or some other reasons. Instead of getting all items, and/or fiddling around with CamlQueries, there is a better and quicker way – List.RenderListData. This combined with a tip from Piyush K Singhs blog post Get Aggregate Values… I came up with an idea to read the ViewXml from an existing view and retrieve the totals (in my case Count and Sum). Enough talking, let’s take a look at the code:

The good part of that approach is that you can let your view evolve over time and work together with colleagues on that, your script does not need an update every time you change the view. The only thing it alters is the RowLimit – that’s for better performance. Why load 30 or more list items when 1 is enough.

I have tested it in SharePoint 2013 and SharePoint Online.

English vs. Non-English

This post is about the default language of a new site in SharePoint Online. There are some pros and cons of using English as the default language for Non-English sites.

In my case I want to know what is better for Swedish users:

  1. A site with English as default and Swedish as an alternate language (among many other alternate languages)?
  2. A site with Swedish as default?

Today, when you create a site, English is pre-selected in the form, you have to choose Swedish actively. When you create a team, the underlying SharePoint Site will have English as the default language.

English is pre-selected when you create a new site

There are a couple of advantages of starting from English:

  • Stream-lined urls for Document Libraries and Lists. For an admin or a support guy, it is better to know that the Url for the first document library is ../Shared Documents/ and not Delade dokument. It is easier to find things and provide help if needed.
  • In scripts you can skip if-statements or comments like this: “Step4(c): Upload Pages (Check for swedish sites it may be Sdior instead of SitePages)” or “if swedish, $doclib = “Delade dokument”
  • It is less error-prone to create and update Calculated fields from templates.
  • Unfortunately the (display) names of the default language are used as identifiers in CAML and in CSOM. That means, it is more cumbersome to support sites with different default languages in Add-Ins, apps etc.

The disadvantages are:

  • The choice fields are in English. While the most of the UI is available in all alternate languages by default, the values in choice fields can only be in one language, and it will be in English, e.g. Task status.
  • More a big caveat: Sort order, a tiny but an important setting for how things should be sorted. More on that below.
Choice Field Values are in English even for a Swedish user

Sort order caveat

If you keep the General Sort Order, the Swedish ÅÄÖ will be treated as AAO, which means Ö-words that are expected to be in the end of a list, will show up in the middle. An important setting for business. And the bad part is you need to change it to Finnish/Swedish Sort Order before you add an indexed column (or a built-in list (e.g. Tasks) that adds indexed columns) .

For a Swedish site (a site where the majority of users are Swedish who expect the right sort order, the very first thing you have to do is to change the sort order (and also the time zone, and 24h clock, and Monday as the first day of week etc). Once you get an indexed column, no matter if you have zero list items, you will get an error like this:

Switch back to Modern UI

Just a little tip. When you switched to a Classic View of Site Contents, you can switch back by removing a cookie called “splnu”.

Tips and tricks for Site Collection App Catalogs

Site Collection App Catalogs (SCAC) are much appreciated, thank you, Office 365 Team. Here is a couple of tips and tricks for SCAC.

Tip #1 You don’t need Tenant Admin rights to add a new Site Collection App Catalog

I have seen many blogs, forum threads etc that state that only Global Tenant Administrators can add new Site Collection App Catalogs. The truth is that a SharePoint Admin rights are enough. The trick is to make that SharePoint Admin Account to a site collection administrator of the app catalog site. To be precise the account that adds a new SCAC must have Manage Web Permissions, as stated in error message:

Add-SPOSiteCollectionAppCatalog : Must have Manage Web Site permissions or be a tenant admin in order to add or remove sites from the site collection app catalog allow list

Tip #2 List all Site Collection App Catalogs

To list all the SCACs in your tenant navigate to that url:

<appcatalog>/Lists/SiteCollectionAppCatalogs/

The official MSDocs state (2019-08-26):

Currently, it’s not possible to list all site collections in the tenant that have the site collection app catalog enabled.

The fun fact was that I sherlocked it since I knew my account needed access to the main App Catalog site. So there must be some information that is stored. How is it done a là SharePoint – yes, it is stored in a hidden list. Like in the olden days. 🧐

Just because I can should I use Private Office 365 CDN

This is about a topic brought up by Waldek Mastykarz: Just because you can should you use the Office 365 CDN. In my post I want to take a closer look at the private CDN option in Office 365. Please note, the whole thing is subject to change, and it reflects the circumstances at the time of writing – 2019-08-26.

I’ll skip the introduction of Office 365, let’s jump directly to the Private CDN option. Consider following scenarios.

I am developing SPFx solutions, is the Private Office 365 CDN something for me?

No, you can’t use private CDN for SPFx, because SPFx cannot handle changing Urls from a Private CDN.

I use Modern Team Sites and Communication Sites. Is the Private Office 365 CDN something for me?

No, the urls are changing. You cannot “hardcode” them. Automatic URL Rewrite works only on classic Publishing Sites.

I have Provider Hosted Add-Ins. Is the Private Office 365 CDN something for me?

No, the referrer needs to be a subdomain of sharepoint.com.

Security

The whole point of having a private CDN is that it is not available for strangers. But when you enable it, you’ll see an eligible warning:

WARNING: This is a feature built on a 3rd party application with privacy and compliance standards that differ from the commitments outlined by the Microsoft Office365 Trust Center. Any data cached through this
service does not conform to the Microsoft Data Processing Terms (DPT) and is outside of the Microsoft Office365 Trust Center compliance boundaries.

The risk might be low, but if an attacker gets a url that looks like this: https://privatecdn.sharepointonline.com/takana16.sharepoint.com/sites/cdn/privatecdnorigin/africa_private.jpg?eat=1566833073_cc22be0bd8c3534b83bbf38cfa3aa013923baa670e0874303efaaae1e9a86da7&oat=1566833073_5951c0c968da9de384f63b556ad42915aa01 then it is just a matter of downloading within 30-90 minutes. That’s how long those tokens in the URL are valid.

Adding Referer: <subdomain>.sharepoint.com as a Request Header is needed to download a resource.

If you remove an asset from the private cdn origins, it takes up to 15 minutes for the link to be invalidated. Opposed to an immediate effect for a direct link to an asset in a document library.

To keep it more secure, the default private cdn origins should not be included, especially */SITEASSETS, Because site assets can have important information, and this makes every single site assets library vulnerable, asterisk means all.

Even the CDN Policies should be restrictive.

Overall, if the usage area is small, the performance gain is little, we should not enable it at all. Because: any cached data in a private Office 365 CDN is outside of the Microsoft Office365 Trust Center compliance boundaries.

Performance

I have tried the private CDN. My setup was a document library with three versions of a picture that was 2,4MB that I put to three different libraries:

  • privatecdnorigin/africa_private.jpg
  • publiccdnorigin/africa_public.jpg
  • nocdnorigin/africa_nocdn.jpg

On the publishing site I inserted three images on a page and compared the load time in the DevTools. During this test I had Cache Disabled. I got following results:

  • private, public, nocdn
  • 3.04s, 3.03s, 3.24s
  • 1.78s, 1.77s, 1.75s
  • 1.99s, 1,95s, 3.32s
  • 1.67s, 0.73s, 0.72s
  • 1.73s, 1.71s, 1.97s
  • 1.60s, 1.58s, 1.67s

So only once I got a bigger difference, otherwise it took the same time to load a picture from a document library without CDN.

To be fair, it is a very simple performance test. Tests with bigger files, different geographical locations would probably give a more detailed view of that. And still, without a URL Rewrite that is only present on Publishing sites, you cannot take use private cdn origins.

Conclusion

Private CDN in Office 365 can be interesting in future, but today, the usage is narrow (only publishing sites can refer to assets in a private CDN), the performance gain is little and lower security makes it to a bad choice.

Вула Чăвашла

VulaCV - Чăвашла вулаттаракан сайт

Discovering SharePoint

And going crazy doing it

Bram de Jager - Architect, Speaker, Author

Microsoft 365, SharePoint and Azure

SharePoint Dragons

Nikander & Margriet on SharePoint

Mai Omar Desouki

PFE @ Microsoft

Cameron Dwyer

Office 365, SharePoint, Azure, OnePlace Solutions & Life's Other Little Wonders

paul.tavares

Me and My doings!

Share SharePoint Points !

By Mohit Vashishtha

Jimmy Janlén "Den Scrummande Konsulten"

Erfarenheter, synpunkter och raljerande om Scrum från Jimmy Janlén

Aryan Nava

DevOps, Cloud and Blockchain Consultant

SPJoel

SharePoint for everyone

SharePointRyan

Ryan Dennis is a SharePoint Solution Architect with a passion for SharePoint and PowerShell

SharePoint 2020

The Vision for a Future of Clarity

Aharoni in Unicode

Treacle tarts for great justice

... And All That JS

JavaScript, Web Apps and SharePoint

blksthl

Mostly what I know and share about...

SharePointDiver

SharePoint på ren svenska