Archive

Posts Tagged ‘Azure’

Microsoft Releases SharePoint Framework Developer Preview!

August 18, 2016 Leave a comment

Microsoft just made the SharePoint Framework Developer Preview available via GitHub which was originally announced back in May 2016.  Please see the links below for more details:

Dev Center announcement: http://bit.ly/2bAkSKC
GitHub repository: http://bit.ly/2bq2ENg

The post Microsoft Releases SharePoint Framework Developer Preview! appeared first on blog about technology….

from blog about technology… http://bit.ly/2bAkmMJ

Jin Kang
I am an ECM Solutions Architect with over 7 years of experience envisioning, architecting, and implementing enterprise solutions using various technologies including Azure, Office 365, and SharePoint.

Currently I work at ConocoPhillips, providing problem resolution capabilities for systemic environment faults and outages, assist with automating and improving operational process, and collaborate with Operations and Support teams to evaluate, design, and introduce technologies to solve real business problems. I also provide subject matter expertise support to customers.

This article has been cross posted from jinkang.us (original article)

OneDrive for Business – Configurable Retention Period for Orphaned OneDrives!

August 11, 2016 Leave a comment

Hello again! It’s a well-known fact in On-Premise SharePoint world that ever since SharePoint 2010, My Site Clean Up Timer Job is set up 14 days before the MySite is deleted, and there’s nothing you can do about that other than disable the timer job and/or write your own timer job. Matter of fact, I recall countless SP conferences recommending you disable this timer job and handle retention via custom process where you have more visibility and control. In SharePoint Online world, this was changed to 30 days and if you’re like me and have corporate retention policies that are longer than 30 days, you would have to go thru series of workarounds to extend the retention period by leaving the Office 365 account active one way or another.

Well let me tell you that the days of that for SharePoint Online are gone now! I was surprised to see that the May 2016 release of the SharePoint CSOM (v 16.1.5312.1200) introduced ad new property called OrphanedPersonalSitesRetentionPeriod that allows you to get or set the default retention days to OneDrive for Business sites. Even better, the values can be set between 30 to 3650. That’s measured in DAYS! Which means max value is 10 years!!

I’m glad Microsoft has added this option as it now gives a lot of flexibility for organizations to ensure OneDrive retention meets their corporate retention policies.

Easiest way to change the retention is via SharePoint Online PowerShell commands:
…and you can download the latest SharePoint Online PowerShell from here

#Connect to SharePoint Online Admin (change URL to your SPO tenant Admin URL)
Connect-SPOService -Url http://bit.ly/2bkvM95-Credential (Get-Credential)

#Set Retention period – change the value of ‘3650’ to value you prefer
Set-SPOTenant -OrphanedPersonalSitesRetentionPeriod 3650

#Run the following command to confirm value has been applied
(Get-SPOTenant).OrphanedPersonalSitesRetentionPeriod

Here are some links to where you can find out more about this:

Good luck!

The post OneDrive for Business – Configurable Retention Period for Orphaned OneDrives! appeared first on blog about technology….

from blog about technology… http://bit.ly/2bkvHCr

Jin Kang
I am an ECM Solutions Architect with over 7 years of experience envisioning, architecting, and implementing enterprise solutions using various technologies including Azure, Office 365, and SharePoint.

Currently I work at ConocoPhillips, providing problem resolution capabilities for systemic environment faults and outages, assist with automating and improving operational process, and collaborate with Operations and Support teams to evaluate, design, and introduce technologies to solve real business problems. I also provide subject matter expertise support to customers.

This article has been cross posted from jinkang.us (original article)

#O365 #SharePoint Online–#IRM #RMS – what works, what doesn’t in a business context-Part 6

October 16, 2015 Leave a comment

This article is part of a series:

In the first article of this series we discussed what IRM was, some scenarios and high level device supportability.

Parts 1 to 5 discuss IRM capability from a SharePoint perspective.  Details:

Part 1: https://spandps.com/2015/09/21/o365-sharepoint-onlineinformation-rights-management-irmwhat-works-what-doesnt-in-a-business-context-part-1/

In the second article we covered file type support.

Part 2: https://spandps.com/2015/09/22/o365-sharepoint-onlineinformation-rights-management-irmwhat-works-what-doesnt-in-a-business-context-part-2/

In the third article we covered file type support in detail as well as the document library experience.

Part 3: https://spandps.com/2015/09/23/o365-sharepoint-onlineinformation-rights-management-irmwhat-works-what-doesnt-in-a-business-context-part-3/

In the fourth article we covered IRM permissions in comparison with SharePoint permissions.

Part4: https://spandps.com/2015/09/24/o365-sharepoint-onlineinformation-rights-management-irmwhat-works-what-doesnt-in-a-business-context-part-4/

In the fifth article we looked at the different clients across Windows, Mac and Mobile to see how they reacted to a protected file.

Part 5: https://spandps.com/2015/10/03/o365-sharepoint-onlineinformation-rights-management-irmwhat-works-what-doesnt-in-a-business-context-part-5/


So we have covered the SharePoint IRM capabilities a lot and in the conclusion to this series of articles, we shall discuss the various merits of the IRM implementation in SharePoint vs. AD RMS capabilities.

Before we do that however, we need to discuss Azure AD RMS (Active Directory Rights Management Server.

To put things into context, SharePoint IRM is essentially a subset of the functionality of Azure AD RMS (Source(s): https://technet.microsoft.com/en-us/magazine/2009.04.insidesharepoint.aspx?pr=blog, https://social.technet.microsoft.com/forums/windowsserver/en-US/d5c64cfe-0778-4a3b-a02e-4eae3ca9ac43/what-is-difference-between-ad-rms-and-irm) and in my initial interaction, the two capabilities don’t quite interact with each other in the way you would expect (the very reason this series of articles started in fact!)

Let’s get started….

What is Azure RMS?

So my biggest suggestion to answer this would be to take a look at these set of articles:

High level… like the SharePoint IRM O365 solution we have been looking at in the previous articles, it would appear that Azure RMS is a superset of the SharePoint IRM functionality.  By this I mean that Azure RMS is the overriding technology and SharePoint IRM is a small portion of the overall capability.

How does it work with standard office files?

Take a look at this article:

Which gives us a good indication of the potential support for this solution but is the reality for users… lets take a look:

Microsoft Office Interaction (Desktop)

After you install the Azure RMS client application in Windows or Mac OSX, you have an add-in added to your Microsoft Office suite like this:

image

By clicking on Share Protected the following screen pops up with various options including:

  • Policy selection (standard ones and corporate specific setup by your company)
  • Expiration of the permissions which will lock down the document once the date has passed
  • Document tracking notifications via email
  • Ability to revoke permission as required.

image

    You can target these permissions to specific user email address and the address entered can have blacklists (for example outlook.com etc.)

image

 

Once you click send, this pops up as it works its protection voodoo magic:

image

Then outlook pops up with a pre-formatted message with not just a Word document but also a Protected PDF also!  (This is also the case with the add-in for Excel and PowerPoint)

If you do this same option from within an Outlook email.  You must have an attachment on the email, it will then run through the same process, create a Protected PDF as well and send the email.

image

The Microsoft Azure RMS service also sends you a follow up email straight away with confirmation of who you sent it to and details on how to track and revoke access:

image

Clicking on the tracking link gives you an overview of the document, with tracking details and the ability to control the access.

image

From this screen you can see who has access currently, when  (Timeline) & Where (Map) they accessed the document.  Settings also controls your notifications.

At the bottom of the screen you can get an excel report of the activity on the document as well as the ability to revoke access.

How does it work with file formats outside of Microsoft Office?

For any other file type, extensions to Windows Explorer have been added in the right click context menu of the file(s) selected.  Just to note, you cannot protect a folder.

image

Once you select the permission type, the file is protected in place.

If you select Custom Permissions… the same dialogue appears as before whilst we were in the MS Office application allowing you to select permissions and notification options.

Now, because you are protecting a file that may not have built in support for the Azure RMS capabilities, as part of the client install for Azure RMS, you have a file viewer.

So for the Yammer Logo png that we have above, we get the following when we double click the protected file:

image

As you can see, it has changed the file extension to a ppng file type and now Windows opens it inside the Microsoft Rights Management viewer.  I wrapper if you will that will check the file permissions centrally within Azure RMS before you can open the file.

How can I get this capability – Server Setup?

Start by looking here: https://technet.microsoft.com/en-us/library/dn440580.aspx

Essentially you login to your tenant admin and you can choose to use Microsoft’s security keys and activate the service.

How can I get this capability – Client Setup?

The Office add-in and the Windows Explorer options are installed using a free client available here: https://portal.aadrm.com/home/download

Next Post(s)

Ok, these posts appear to get very long as I start to delve into things… so we are splitting things up further…  next up, we shall explore the permission options including revoking access to documents from a central location.

We will also, in a future post compare this solution with the SharePoint IRM capability, which we know is related but in my brief experience is not necessarily the same!

So until I find time to do the next post… stay nerdy peeps!

#O365 #SharePoint Online–Information Rights Management #IRM–what works, what doesn’t in a business context-Part 5

October 3, 2015 3 comments

This article is part of a series:

In the first article of this series we discussed what IRM was, some scenarios and high level device supportability.

Part 1: https://spandps.com/2015/09/21/o365-sharepoint-onlineinformation-rights-management-irmwhat-works-what-doesnt-in-a-business-context-part-1/

In the second article we covered file type support.

Part 2: https://spandps.com/2015/09/22/o365-sharepoint-onlineinformation-rights-management-irmwhat-works-what-doesnt-in-a-business-context-part-2/

In the third article we covered file type support in detail as well as the document library experience.

Part 3: https://spandps.com/2015/09/23/o365-sharepoint-onlineinformation-rights-management-irmwhat-works-what-doesnt-in-a-business-context-part-3/

In the fourth article we covered IRM permissions in comparison with SharePoint permissions.

Part4: https://spandps.com/2015/09/24/o365-sharepoint-onlineinformation-rights-management-irmwhat-works-what-doesnt-in-a-business-context-part-4/


Ok, next up is the client experience.  We all work in a connected world with multiple devices from mobile to desktop to web.

Let’s take a look at the experience people get across the various devices.  The devices I shall be looking at are:

  • Windows
  • Mac OSX
  • iOS – iPhone
  • iOS – iPad
  • Android
  • Windows Mobile
  • Web

For this test, I have a Word document which had its IRM rights applied last week with an expiry set to 1 day.

This is an example of the settings I am using against my list:

image

So without further ado:

Windows – Microsoft Word 2016

As per Word 2013 on windows, Word 2016 asks you to login to your work account to proceed.

image

Windows – Microsoft Word 2013

As we showed in earlier posts – expired content asks for it to be re-authenticated when off the network where the document came from.

image

Interestingly, if you are already on the same network, it re-authenticates in the background and it just opens the document.

Windows – Microsoft Word – Universal App

Now that we have Windows 10 upon us and the new rules around the Microsoft Office Mobile Apps being free (screens 10.1” or under), this feels likes a perfect opportunity to try this out on my HP Stream 7 running Windows 10 with the Microsoft Word Universal App.

As you can see, it recognizes the file and is prompting for the credentials to open the file!  Editing is not supported yet, but with the appropriate credentials it can call home and you can view the content.

Capture

Windows – Word Pad

The hacker in me likes to try other, non-standard avenues… WordPad doesn’t know what to do with the document…

image

Windows – Open Office

OpenOffice (Apache Foundation – 4.1.1 – latest) doesn’t know what to do either.  It doesn’t recognize the file format.

image

Windows – Libre Office

Libre Office, also based on Open Office, opens the file and it appears corrupted.  You cannot tell any of the original contents.

image

Mac OSX – Microsoft Word 2016

With the 2016 revision you can see it fully recognizes the file format and gives the ability to login with your work account!

clip_image001

Mac OSX – Word 2013

In Word 2013 on the Apple Mac, we can see that the document is protected but we do not have the ability to open with our work account.

image

iOS iPhone – Microsoft Word

Word on the iPhone supports IRM protection and in this scenario, I was off the network using my non-company account.

As you can see, it tries to load, tells me there’s a problem and states that it is under rights management.  Exactly the experience you would hope for from the Microsoft suite of applications.

I suspect a future release will expand on this area.

IMG_1685 IMG_1686 IMG_1687

iOS iPhone – Documents Free (Mobile Office Suite)

No support for IRM on a free MS Word alternative on the App Store.  Further proving that the protection is in the file as expected!

image

iOS iPad – Microsoft Word

As per the iPhone app, we get the same experience.  In a future release I suspect we will see a more expansive feature set when it comes to IRM.

image

iOS iPad – Documents Free (Mobile Office Suite)

No support for IRM on a free MS Word alternative on the App Store.  Further proving that the protection is in the file as expected!

IMG_0136

Android – Microsoft Word

As you can see, the Android version of Office also supports IRM in terms of detection, but not in terms of opening or editing.  I suspect this will appear in a future release.

image

Windows Mobile 8.1 – Microsoft Word

As we can see, Word on Windows Mobile as expected doesn’t open the protected file, but rather than recognizing that it is protected with IRM, we get this…

image

Web – Office Online – Microsoft Word

Office Online understands that it is protected by IRM and stops access.

image

Interestingly however you cannot edit IRM protected documents online, which means you have to use the desktop application to update the documents.

You get a clue when you try to preview the document from within the library:

image

Then when you open it in Word Online, you have no option to edit:

image

From a usability point of view, I will be recommending to my users to always ensure that this setting is enabled to avoid confusion:

image

This will stop the preview of the document showing and it will only open in Microsoft Word

Web – Google Docs

We just get an unknown error from Google Docs…

image

Conclusions

So there you have it.  Although this doesn’t consider all applications, it covers most common and some uncommon applications across the majority of platforms (Sorry Blackberry users… just didn’t have the platforms around to test.).

It is fair to say that whether the application supports the SharePoint implementation of IRM or not, you are protected.  It is also fair to say that really you should limit your experience of updating files to the Microsoft Office suite.

To summarize the above findings; take a look at the table below:

image

Although I focused on the Word application in this post, Excel and PowerPoint on the core platforms (Windows, Apple OSX) work in the same way.

We are assured that the mobile apps that Microsoft produce for iOS, Android and Windows Mobile will support IRM properly soon, but no timeline has been given at the time of writing for this article.  (Please note we will be looking at Azure RMS support in the next few articles where mobile capabilities are available with latest releases)

Next Post(s)

I think we have covered the SharePoint IRM enough… Let’s take a look at Microsoft RMS (Rights Management Server) in Azure next.  It is a similar technology but not the same as IRM (Information Rights Management).

After we have had a look at that, I’ll compare and contrast against my scenarios here at work!

Till the next time… stay nerdy!

%d bloggers like this: