Tuesday, May 14, 2019

Installing Multi-Factor Authentication for your Office 365 Users

Understanding MFA

In today's world passwords and pin numbers are simply not enough and muti-factor authentication (MFA) is increasingly required to combat fraud. MFA means that you need to use a secondary form of authentication, such as an app on your phone, in addition to a password when signing into systems. 

These instructions walk you through the process of setting up MFA for a user. You may need them if your user switches phones or has to have MFA disabled and re-enabled.

In the Admin Portal

While technically you could skip this step and go directly to the console via its url, it's probably easier for most people to find their way from the Admin portal, so that's where I'll start.
  1. Open the Office 365 Admin Portal. (https://admin.microsoft.com/)
  2. Click on Users, then on Active Users
  3. Click on the dots at the end of the menu and choose Setup Multifactor Authentication.
  4. This will take you to the MFA console. 

In the MFA console

  1. Click on the Magnifying Glass icon to search for the user you want to modify.
  2. Type their name in and press enter
  3. Click on their name to open a panel to the right.
  4. In the panel, click on the link marked Enable
  5. Click on the button marked Enable Muti-factor auth.
  6. If you're new to multi-factor authentication, Microsoft encourages you to read this guide
  7. It will take a few seconds then dialog box can be closed.

Note: there's a handy link marked manage user settings that will appear once MFA is enabled. It lets you push the following settings to users;
    • Require selected users to provide contact methods again
    • Delete all existing app passwords generated by the selected users
    • Restore multi-factor authentication on all remembered devices 

Adding the App

Your users should now install the Microsoft Authenticator App on their phones. It can be accessed via the Apple App store or the Google Play store.
Sometimes, the easiest way to help your users get the app is to send them to this page.
Once the Microsoft Authenticator app has been downloaded and installed;
Open it
  • Choose Add Account (you might have to push the three dot menu in the top right corner to get this option).
  • Choose Work or School Account
  • You'll be prompted to scan a QR Code. 

The QR Code

You should send your users this link: https://aka.ms/MFASetup via Email.
  • They'll be prompted to add secondary information, such as a backup email address and mobile number. 
  • They'll also have a QR Code displayed on their computer screen. 
  • If they point their phone with the Microsoft Authenticator message on it, at the computer screen, it will scan it in and connect. 

Finalising

The QR Code will activate the app on your phone, this takes a few moments (under a minute) and then it will do a test. You'll need to watch your phone and push Approve when the message appears.
From here on, the user will be prompted to approve the sign-in on their phone when they login to Office 365. Since the authenticator app isn't tied to a phone number, it will work on Wi-Fi overseas. 

Helping with Setup

If your user experience issues with the setup process and you have their device, you can do this via the Azure Portal.
  1. Go to the Azure Portal 
  2. Search and Locate your User under Users, All Users, Profile
  3. Under Authentication Contact Info, click the link marked Manage your other authentication contact information in your Access Panel Profile
  4. In the Access Panel Profile screen, click edit Security Info
  5. If you see any authenticator settings already on this screen, you may want to delete them (there's a warning but it's okay) -- this will clear any old authenticator information. 
  6. Click Add Security Info
  7. Choose Authenticator App
  8. The QR Code will be displayed and you'll be able to use the authenticator app on the user's device to scan it. 

Thursday, January 24, 2019

How to Do Email Mail Merges using Excel and Outlook


This is probably a bit of an "oldie" but I have been asked about it a lot recently, so I figured it was worth documenting. 

Why would you use this?

There's a few reasons why you might need to do an email mail merge.


  1. You've got an email that you've got to send to a few people, perhaps it's an invoice or just a seasonal greeting. Whatever it is, you don't have a group to send it to and you don't feel like just pasting everyone's email address into the BCC field.
  2. You need to reference specific pieces of data in your email -- data attached to an individual. For example, on an invoice reminder run, you might have a due date, an invoice number, an amount and a project code. 

The Procedure


1. Create an Excel Spreadsheet with your people's details in it. 
You should use the first line to have column headings like Name, Email and FirstName. 

You only really need name and email but if you want to refer to other things (eg: like the project number/job number, invoice number etc) in your email merge, then you just invent a column header and add it. 




Save it somewhere where you'll be able to find it; 
eg: C:\temp\MergeData.xlsx

 
(Obviously, you'll also want to save a copy of that list somewhere else because it will probably be a matter of corporate record). 


2. Open Microsoft Word and write your email leaving spaces where you want things filled in. 
Don't forget your signature because it probably won't get attached otherwise.

If you're sending a greetings card or some other kind of email marketing hook, you might want to set up an image and links. To do this, just use the normal word image import and hyperlink functions. 



3. On the ruler at the top of Word, click Mailings then Start Mail Merge. 
Choose "Email Messages" from the drop down menu.

4. Click on Select Recipients and choose "Use an Existing List".
A file open dialog box will appear.  
Browse to where you saved your excel file. Click on it and click Open

5. A dialog box will appear. 
If your sheet doesn't contain other data, the values here will be right. 
Make sure that the [x] First row of data contains headers is ticked. 
Then click Ok



6. If you're going to insert any fields, like the first name;
a. Position the cursor where you want it to go (ie: after dear but before the comma) then 
b. Click Insert Merge Field and 
c. Choose the field. In this case FirstName.  

In the case of an invoice reminder, you might insert the project number, due date, dollar amount etc.

If you're not using any merge fields, just skip this step.


7. Click on Preview Results
You can walk through the results by clicking the forward and backward arrows

Check carefully because if you've used an old spreadsheet you might have left data near the end (ie: if you have more than 2 results and you only have two names ... you'll need to check your spreadsheet). 

If you're using a few merge fields, you'll want to check things over pretty carefully -- at least until you have the procedure working perfectly. 


8. If it all looks okay, you're ready to send. 
Note that if you're doing something complicated, like Images and links, you should do a test run and send to internal recipients as well as gmail and hotmail accounts. That way you can see how the message looks on different platforms and you can test the links.

Before proceeding, make sure that Outlook is already open.... that way you can be sure that there will be no crashes or plugin problems on startup.

Then, in word, click on Finish and Merge, and pick Send Email Messages from the list.

9. You'll see a dialog box, 
You can leave most things as they are but you'll want to put a subject on your email.
Then click Ok.


10. It might seem like nothing has happened but it has. 
Click over to Outlook and check your SENT folder.

Tuesday, January 15, 2019

Getting Teams and SharePoint Sites to Appear in the Outlook Lookup

Office 365 Groups are No Longer Automatic Mail Groups

Until recently, if you created an office 365 group (usually by creating a Teams or a SharePoint site), you would also be able to send that group mail directly via outlook. Unfortunately, with everyone having the ability to create teams and sites on demand -- and very few people following good naming standards, it's very easy to get your corporate address books cluttered.



Microsoft received a lot of feedback about this clutter and as a result, they disabled the functionality. Existing Office 365 groups are unaffected but if you create a new one, you'll find that you can't locate them in the typeahead when you want to send mail.

You can however, still have your cake and eat it too. You just have to use PowerShell.



Procedure

Since this is an admin feature and I'm presuming that all admins should be on Multi-Factor authentication now, the instructions are for MFA.  If you're not using MFA, you might want to use different connection commands.

Note that you'll need to replace the pink bits with your own details;


  1. Launch Microsoft Exchange Online PowerShell Module as admin
  2. Connect-EXOPSSession -UserPrincipalName youremail@yourdomain.com
  3. If your PC is already connected under MFA and you've elected to not be prompted for 15 days, PowerShell now seems to take note of this YAY....
  4. Set-UnifiedGroup -Identity "Office 365 Group Name" -HiddenFromExchangeClientsEnabled:$False

That's it.


You'll probably want to refresh your mail screens but they should start working immediately.






Tuesday, September 18, 2018

How to Get Internal Policy Acknowledgement via Microsoft Forms and SharePoint Pages


Recently I was asked to find a way for a HR manager to circulate a new policy and collect acknowledgements from staff members. In the domino world, we'd already have custom databases to do this (or we could whip one up in a matter of minutes) but I needed to find an Office 365 equivalent. 

I put the idea to the excellent Office 365 facebook group and got a number of good suggestions that I'll follow up later to see where they lead me.

I was also reminded of the Voting Buttons in outlook which are certainly the fastest method, though not the prettiest.

Since I'm determined to use mainly "the new things" in Office 365, I wanted to see if there was a really simple way to do this without getting too technical for my users. The way I found involves SharePoint and Microsoft Forms (but I'm sure that you could just as easily swap out Yammer or even Teams for SharePoint).

Procedure

1. Go to a (Modern) SharePoint site that all staff members have access to.
2. Create a new Page (Click New, then Page)
3. Give the Page a Heading



(Interlude)
I have a little trick when it comes to naming pages.
I use short headings with no spaces, then I save the page as a draft. 
This FORCES the URL into something that I like with no funny characters. Something easy to remember/type etc.
Then I edit the page and change the header to something presentable. The heading will change but the URL remains the same. 

4. Next, add a section for Microsoft Forms (click the plus symbol at the bottom of the header and choose Microsoft Forms).


 5. The form will appear with some buttons on it.  New Form or Add Existing form.  Choose New Form.

6. You'll be prompted to name your new form. Type a short name. eg: PolicyAcknowledgement and click Create.

7. Microsoft Forms will open and you might be prompted to sign in.

8. Click the button marked Create a New Form.

9. The title and description will be blank. Fill them in. Then click the button marked Add Question.



10. The next menu is graphic. Choose the circle option.

11. The next steps are to type a question (eg: "Do you agree with the policy?") and add some possible answers (Yes and No).  Since you want the users to only choose ONE of these answers, you'll want to make sure that "Multiple Answers" is set to OFF.  You'll also want to turn "Required" ON.


12. As with most Web things today, your form will already be saved. So you can switch back to your SharePoint Page and refresh it. The form won't look quite the same in edit mode, don't worry about this for now. 

13. You'll want to add your policy. There's several different ways that you can do this but all of them require adding a section. You can either add a section above or below (using the plus signs) or you can drag sections into layouts to make something creative.

14. Add a section that is either Text, an embedded document, quick links or a combination of these. Add your document and any explanatory text required.  You might also want to take advantage of some of the cool formatting options available in pages. 

Note: I had some problems getting my form to display, possibly because I changed the name during editing so I copied the URL from the forms page and pasted it into the settings for the container. This fixed the problem. 


15. Click Publish

If you're happy with the look of your policy page, you can use the promotion facilities to push it to email, to Yammer, or to make it "News" for your site.  You can also tie the form into your induction processes for the new staff and even use Microsoft Flow to send the URL annually. 


Checking the Results

If you've got the URL (and the rights) over the Form, you'll be able to check on the results anytime by clicking on the responses part of the form. This gives you a nice summary.  If you want details (names etc), click on the button marked Open in Excel

Other Uses

Just a reminder that this is one of those things that has a variety of other uses beyond simple acknowledgement.  You can use it for all kinds of surveys and quizzes. 

Tuesday, August 28, 2018

How to Get your Microsoft Teams to Appear for mail and calendar operations


Depending upon your settings and circumstances, there's a chance that groups created in Microsoft Teams might play so well together. 

Specifically, your team might not be available for email.  As it turns out, the teams ARE available... they're just hidden.  

and a little PowerShell is enough to coax them out. 

Our Example

In our example, the site is called Application Redevelopment and you can see from the screenshot that it appears in teams but not in outlook.


The PowerShell Commands

Session Setup

The setup is as per usual;
Start PowerShell in Administrator Mode.

Set-ExecutionPolicy RemoteSigned

Press Y and Enter.

$UserCredential = Get-Credential

Enter your user name and password.

Create the session.

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

and activate it.

Import-PSSession $Session

The relevant command.

The command we need to use is Set-UnifiedGroup and the format we're using is as follows.

Set-UnifiedGroup -Identity "GROUPNAME" -HiddenFromAddressListsEnabled:$false

Where GROUPNAME is either the name of the group or the email address of the group.

In this example, it's;

Set-UnifiedGroup -Identity "Application Redevelopment" -HiddenFromAddressListsEnabled:$false

You can use the groups email address if it's easier.
Note that you can hide a Teams Group from email by ending in $true

Tidying Up

As usual, a tidy person will alway clean up their session.

Remove-PSSession $Session

and

Exit


The Proof. 

The screen shot below is probably enough proof.


Friday, August 24, 2018

Nesting Groups in Office 365


Nesting Groups has been a bit of a pain in Office 365 for a while now but there's apparently a few answers (and some updates on the way).  

Here's a PowerShell method. 

The Setup

To start with, we're going to create a group in Office365 Admin. It should be a mail enabled security group.

In our example the group will be called;

GRP MotherGroup
and it will have an email address of MotherGroup@mydomain.com
(obviously the domain will be different at your location).

For the purposes of this exercise, you'll also want to create several groups to be nested.
These are distribution groups and their names and emails for the purposes of our demonstration will be;
GRP BabyGroup1  babygroup1@mydomain.com
GRP BabyGroup2  babygroup2@mydomain.com
GRP BabyGroup3  babygroup3@mydomain.com
GRP BabyGroup4  babygroup4@mydomain.com


The PowerShell Commands

As usual, you'll want to run PowerShell in Administrator Mode.

Set-ExecutionPolicy RemoteSigned
Press Y and Enter.

$UserCredential = Get-Credential
You'll be prompted to logon with your user name and password.  If you have multi-factor authentication enabled, you'll probably have a few extra hoops to jump through here.

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication  Basic -AllowRedirection

This creates the session

Import-PSSession $Session

This activates the session.

The next command is specific to your group. It looks like this (boldfaced parts will be replaced).

Add-DistributionGroupMember -Identity -Member


If you're following our example, the commands would be as follows;
Add-DistributionGroupMember -Identity MotherGroup@mydomain.com -Member babygroup1@mydomain.com
Add-DistributionGroupMember -Identity MotherGroup@mydomain.com -Member babygroup2@mydomain.com
Add-DistributionGroupMember -Identity MotherGroup@mydomain.com -Member babygroup3@mydomain.com
Add-DistributionGroupMember -Identity MotherGroup@mydomain.com -Member babygroup4@mydomain.com


As usual, because we're neat people, we remove our session before exiting...
Remove-PSSession $Session
Exit

If you go into the Office 365 Admin console, you should be able to find your group, now with the nested subgroups below it. It's a painful process but it works.


Tuesday, August 14, 2018

What can OneDrive, Synch and SharePoint File Libraries offer Business?


I do a lot of reading on the Microsoft tech boards and I find the information that Microsoft provides around OneDrive to be both confusing and lacking in detail. I wrote this post as a means of clearing up some of the confusion.  

So, here's my interpretation and opinions on what OneDrive and File Libraries in SharePoint (via a proper Office 365 E3 or E5 subscription) can offer;

The Sync Client isn't all that Important

SharePoint file libraries can replace all of your networked drive needs and these facilities have come a long way in the last few years.

In fact, for the most part, SharePoint has finally eclipsed the need for the OneDrive Sync client. 

There's a few minor exceptions to this rule.

  • You still can't easily "link" files, so if you have an excel file which updates its data from other excel files, it a real pain to add and install those connections -- and it's much easier if you have a local synced connection.
  • Saving files in Office applications, Word, Excel, PowerPoint etc now works very well with pure SharePoint  (finally... after the July 2018 updates). Unfortunately, the same ease of use does not apply with non-Microsoft products, such as NitroPDF, PhotoShop, or any of the other programs that use the old style windows dialog boxes. You'll need local sync if you plan to use these too.
  • If you're often travelling and will need to work in places without an internet connection, then you're going to need your file available locally. For that you'll need OneDrive Sync.
  • My personal favourite reason for using the OneDrive sync application is to sync only the corporate templates folders (and point your local Word's Workplace Templates folder to the synced folder)
If, on the other hand, all of your work is in Office and/or the web browser and if you're only working in places where there's an internet connection then you can safely forget OneDrive file sync.


It's All About SharePoint

Having your files stored in SharePoint will allow you to access them via any PC, Mac, tablet or phone anywhere in the world without the need for dedicated security infrastructure such as a VPN.

Having your files there will also ensure that they are version controlled. This means that you can restore old versions of them if you overwrite or delete them -- up to about 90 days.  If you need longer, you'll have to invest in backup solution like Veem, StorageCraft or Veritas.

Internal and External sharing and Security can be achieved by storing your files in different SharePoint "sites" or in separate File libraries in a single SharePoint site, depending on how you set things up.

Essentially SharePoint's file library replaces all of your old-style network drives.

The OneDrive Sync Application

The OneDrive Sync Application will allow you to synchronise data between SharePoint File libraries and your computer.  This is important if you need to access and modify files on the go without an internet connection.  It's also a useful thing if you want to do local backups. 

Changes made to local OneDrive files will sync to the relevant SharePoint sites and to all other synched versions of the site (ie: to other people's synched copies on their own computers).  Deletes are also synched meaning that if someone deletes their synched files their own computer, it will delete them off the network and off all other computers. 

This makes the OneDrive sync application a bit of a liability -- and increases the importance of locking users out of the system once they leave employment. 

You can still restore files but prevention is better than a cure.

Until very recently (late July 2018), you really needed to sync your files because saving directly from Word to SharePoint was ridiculously difficult.  It's now changed and it's very easy, so the need for local OneDrive sync is drastically reduced.

Saving to SharePoint in Excel - Finding libraries has never been easier.

In my opinion, it's recommended that you don't sync if you can help it as sync provides malware (and accidents) with an easier path to data on your server.

The OneDrive Folder 

Not to be confused with the similarly named sync application, the OneDrive folder is actually for personal storage. If you have a home account like hotmail or outlook.com, you'll already have a personal OneDrive that you can use. 

If you're in a business with an Office 365 account, you'll also have a business-personal OneDrive. In the business, this is like your home drive on a network.  Nobody else can see it and it's a great place to store things that you're working on but aren't ready to release yet,

You can randomly share things out to other people from your home drive, so you have more flexibility than the old home drive concept.  Depending upon your organisation's settings, you can also share files and folders outside of your business making the security on your personal OneDrive much more flexible than a SharePoint document library.

Of course, just because you can, it doesn't mean that you should. Don't be tempted to use your OneDrive in place of your main business folders. SharePoint is a much better bet. 


Wednesday, August 01, 2018

How to Get the Members of an Office 365 Group via PowerShell

If you have a few big groups, you'll probably be asked to provide a list of their members on occasion. Like Notes, if you don't have a CRM on the front of your system, it's hard to get a list of group members that includes anything apart from their name... unless of course, you use PowerShell.

Note: If you're copying and pasting from this blog entry, it's worth pasting into notepad so that you can rejoin any lines before pasting into PowerShell. I only give you one command at a time, so it should all be on one line.

The Procedure

Start PowerShell (in Administrator Mode) and connect to Office 365

Set-ExecutionPolicy RemoteSigned

(and press Y )

$UserCredential = Get-Credential

Enter your email address and password.

If you're using 2 Factor Authentication...

You'll need to open the Microsoft Exchange Online Powershell Module which should be on your desktop if you've followed the instructions (see this post).

Enter the following command (changing the email address to be your own)

Connect-EXOPSSession -UserPrincipalName myemail@mydomain.com -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Authentication Basic -AllowRedirection

then...

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

then

Import-PSSession $Session

I got a lot error text at this point (WARNING: Proxy creation has been skipped for the following command -- followed by a large list of yellow commands). I think you can get around this by entering a session instead of importing it but my PowerShell experience doesn't really stretch that far -- and the command works in any case, so there's no need. (yet).

Make a note of your group's email address: mygroupemail@mydomain.com
and the path to a CSV file where you want to save the output. C:\temp\MemberList.csv

You'll want to change both of those bits in the next command.

Get-DistributionGroupMember -Identity "mygroupemail@mydomain.com" | Export-csv C:\temp\MemberList.csv -NoTypeInformation

Cleaning up afterwards

Exit the session...
Exit-PSSession

and then remove it. 
Remove-PSSession $Session

and then exit the PowerShell window.
Exit 

Looking at the Output

The output of your command will be a CSV file that you can open in Excel. At first glance, it's probably not going to look very nice. It's got columns from A-DH but they're mostly empty. Here's how to clean it up, obviously the columns are subject to change whenever Microsoft feels like it but it's probably worth creating a Macro for. 

  • Remove Columns A-C
  • Keep Column D and E (Identity and Alias)
  • Remove Columns F-G
  • Keep Column H (City)
  • Remove Column I
  • Keep Column J-L (Company,  Country and Postcode)
  • Remove Columns M-AP
  • Keep Column AQ (First Name)
  • Remove Columns AR-AS
  • Keep Column AT (Last Name)
  • Remove Columns AU-BC
  • Keep Column BD (Phone)
  • Remove Columns BE-BF
  • Keep Column BG (Email)
  • Remove Columns BH-BL 
  • Keep Column BM (State)
  • Remove Column BN
  • Keep Column BO (Position Title)
  • Remove Columns BP-CX
  • Optionally keep Columns CY-CZ (Create and Modify Dates)
  • Remove Columns DA-DH

The result should be a usable spreadsheet. 

Tuesday, July 31, 2018

If you use Multi-Factor Authentication, you need another Module to connect PowerShell

Last week, following best practice guidelines, we switched to Multi-Factor Authentication. While it was a little painful at first, it's working well now for our admin team. I'm not sure if or when we'll push this out to our users. It might be too difficult for them.

(in fact, personally, I think that Google's token system might be far easier)


In any case, as it turns out, we can't login to PowerShell now that MFA is running.

A little searching provided the answer. We had to install an extension for PowerShell.  The process is already very well documented, so I won't go over here except to add one observation;


  • You must install it via Edge (or possibly IE) -- it won't install via Chrome. 

Updating Contact Information in Office 365 from CSV via PowerShell

Some time ago, we did an export of our Domino contacts into the Office 365 address book. It was mostly successful and we got the users and their email addresses but missed a lot of detail on the phone numbers, company names and fax numbers. 

At the time it didn't matter but recently we reached a point where we needed this information to be present. 

The process was much fiddlier than it should have been, so here's how we did it.

Exporting out of Domino

This was easy, literally a five minute job for about 5000+ contacts. Domino has menu options to export as CSV, so I won't go into detail here.

The end result is that you should have a CSV file that looks something like this;

ExternalEmailAddress,FirstName,LastName,Name,Title,Company,Phone,MobilePhone,Fax,StreetAddress,City,StateorProvince,PostalCode,CountryOrRegion
atano@clonewars.com,Ashoka,Tano,Ashoka Tano,,Cartoon Network,08 8988 9889,,,,,,,
ynotfar@dagpbah.com,Yoda,Not Far,Yoda Not Far,Jedi Master,Food of this Kind Ltd,,,,GPO Box 1234,Dagobah,,1556,Dagobah System
pkoon@jeditemple.com,Plo,Koon,Plo Koon,Jedi Master,Plo's Mask Emporium,03 5468 4889,0417 650 456,03 5406 8790,"Jedi Temple, Suite 66",Coruscant,COR,1234,Central Systems
spalpatine@dualidentities.com,Sheev,Palpatine,Sheev Palpatine,Chancellor,Always Two Limited,02 1264 5640,0442 548 987,02 8987 9802,"Red Suite, Level 4000",Coruscant,,,Central Systems

Ideally, you'll be able to paste that test data into notepad, save as CSV and have a working template but just in case you can't, it's essentially 14 fields;



  • ExternalEmailAddress
  • FirstName
  • LastName
  • Name
  • Title
  • Company
  • Phone
  • MobilePhone
  • Fax
  • StreetAddress
  • City
  • StateorProvince
  • PostalCode
  • CountryOrRegion



PowerShell

From here, you start PowerShell (in Administrator Mode) and connect to Office 365

Set-ExecutionPolicy RemoteSigned

$UserCredential = Get-Credential

You'll be prompted to sign in with an Office 365 ID that has global admin rights.

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session

In this next step, we're presuming that your CSV file is saved as C:\temp\AllPeople.csv.  If you saved it elsewhere or under a different name, you'll need to update that line.

$Contacts = Import-CSV C:\temp\AllPeople.csv

The next section says which fields to import. We discovered that there were a lot of problems with this statement. 

  • If you include fields which aren't in your CSV, then no fields get imported. 
  • If ONE field breaks the rules (eg: a company with a length of over 64 characters, then that will eventually halt the processing of the entire input file). In our case, I used Excel to return Left(CompanyName, 62) where Len(CompanyName) > 62.  It fixed a big problem. 


$contacts | ForEach {Set-Contact $_.Name -StreetAddress $_.StreetAddress -City $_.City -StateorProvince $_.StateorProvince -PostalCode $_.PostalCode -Phone $_.Phone -MobilePhone $_.MobilePhone -Company $_.Company -Title $_.Title -Fax $_.Fax}

You should still expect quite a few errors when running this command as names which don't match perfectly from one system to another, particularly those with accent characters, will most likely fail.

As usual, you'll want to finish up with;

Remove-PSSession $Session
To clear any variables out 

and 
Exit
to close the Powershell window. 

You should be able to see the results in Office 365 immediately. 

Tuesday, May 01, 2018

How to Change the Domain of an Office 365 Group

It's not an unfamiliar scenario with all of the rebranding that's happening these days. Your Office365 group has the wrong mail domain and now you want to change it.

It's the kind of thing that you'd expect to be able to change via the admin portal. After all, there's a neat little domain selector box on the page.

Alas, that's not how Office 365 groups work.

You need PowerShell for that one.

PowerShell to the Rescue

PowerShell, the interface you have when you don't have an interface... 

Here's how to change the domain on your group.

Run PowerShell as an Administrator and type the following commands;


  1. Set-ExecutionPolicy RemoteSigned
  2. $UserCredential = Get-Credential
  3. $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
  4. Set-UnifiedGroup -Identity "Group English Name" -PrimarySmtpAddress "GroupNewEmailAddress"

    Where Group English Name is the English Name of the Group (ie: not the email address
    and
    GroupNewEmailAddress is the new email address that you want the group to have
  5. Remove-PSSession $Session
  6. Exit


A Walkthrough

The commands that you are expected to type appear below in boldface;

Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

PS C:\WINDOWS\system32> Set-ExecutionPolicy RemoteSigned

Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose you to the security risks described in the about_Execution_Policies help topic at https:/go.microsoft.com/fwlink/?LinkID=135170. Do you want to change the execution policy? [Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "N"): y

PS C:\WINDOWS\system32> $UserCredential = Get-Credential

cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential

PS C:\WINDOWS\system32> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection


PS C:\WINDOWS\system32> Import-PSSession $Session

WARNING: The names of some imported commands from the module 'tmp_vwnpqgxq.qak' include unapproved verbs that might make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of approved verbs, type Get-Verb.

ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Script     1.0        tmp_vwnpqgxq.qak                    {Add-AvailabilityAddressSpace, Add-DistributionGroupMember...


PS C:\WINDOWS\system32> Set-UnifiedGroup -Identity "All Staff" -PrimarySmtpAddress "AllStaff@newdomain.com"

PS C:\WINDOWS\system32> Remove-PSSession $Session

PS C:\WINDOWS\system32> Exit

Sunday, March 11, 2018

It's Easy to Send Attachments from SharePoint - Here's How.



Attaching files from SharePoint has gotten a little easier of late. I'm not quite sure when the changes happened but they're very welcome.  

The new functionality is available in the outlook client and outlook web access. It's available for most SharePoint groups right now, with SharePoint groups created via Yammer following at the end of May 2018.

Attachments in the Outlook Client

Use the following steps to attach a file via the Outlook client;

  1. Create a new Email
  2. On the Message Tab, click Attach,
  3. Below the list of recent documents, click Browse Web Locations
  4. When this expands to show a list, choose Group Files
  5. You should see your SharePoint libraries appear in a list.
There's a few reasons why you might not see all of your libraries. 
  • If this is the first time that you're using this feature, or if you're using a new installation of Outlook, it may take a while (up to 20 minutes) to fully populate the list of sites. You don't have to wait there with the list open, just come back in 20 minutes and try again.
  • If your SharePoint group was originally created from Yammer, it's not supported (yet). This is coming at the end of May 2018.
  • You may have too many groups to display. If so, you can expand the list by scrolling or by dragging the three dots at the very bottom of the menu option. 
Click on this to see a larger version.
Once you've selected your file, you'll be prompted to choose whether you want to attach it as a copy or share it as a OneDrive link. 


Bear in mind that the file will obey the security rules of the original SharePoint library, so if your library isn't available to outside parties, they won't be able to access the file.

Attachments in Outlook Web Access (OWA)

These days, I spend very little time in the outlook client (in fact, usually only when I'm troubleshooting for someone else). OWA is good enough to compete, and in many better, than the outlook client. 



Getting to cloud locations is much easier in OWA,

  1. In a new Email, click Attach
  2. Select Cloud Locations
  3. A large dialog box will appear showing you a number of different options. 
  4. Click on Group Files to see the SharePoint libraries.
  5. From there, you can click and browse your way to your attachment.



The OWA interface is quite slick but there's one significant omission for now...
While you can get to the default (Shared Documents) document library of any SharePoint site, I can't seem to find a way to get to any other libraries you've created.  

The feature is available in the outlook app however, so it's only a matter of time before it's implemented in the cloud. In the meantime, it's not a major issue because the full libraries are accessible via OneDrive in the Cloud and via SharePoint in the Cloud. 



Once you've selected a file in the outlook app, it's attached automatically as a link. This is essentially the same as choosing "Share as OneDrive Link" in the application. If your external party is unlikely to have access to the file (or if you want to protect your original file), you might want to send a copy instead.

To do this, simply click on the drop down arrow to the right of the attachment and choose "attach as a copy".



The Outlook App (iOS and Android*)

* All screen shots here are from Android... iOS may differ slightly. 

If you're using outlook on a mobile device, you have easy access to SharePoint libraries too.  You'll need to be using the official Microsoft apps though; OneDrive, SharePoint and Outlook (not the mail application that came with your phone).

Right now you can browse through your recent attachments in outlook but you don't have full access to SharePoint libraries directly from the mail app.  I'm sure that's coming soon. In the meantime, you still have full access via OneDrive. 

To access the full libraries on mobile devices;


  1. Open your OneDrive App
  2. Touch Sites (at the bottom of the screen)
  3. Choose your library
  4. Browse until you find your file.
  5. Open your file.
  6. Press the SHARE icon (it's the sideways triangle with balls).
  7. You have an option for outlook on the first share screen but if you choose this, it will paste a link to the live file in the outlook app.  This is fine if the person is an internal staff member or if they have access to that particular SharePoint library but if not...
  8. You should touch "Send Files'
  9. Then choose outlook on the next screen. This will give you an attachment. 



That's all there is to it. 





Thursday, January 04, 2018

Archiving Mailboxes in the Office 365 World

In the Domino world, we used to just change the access controls on NSFs and copy or replicate them directly from the server to a PC but since we've moved to Outlook, and specifically  to Office 365, getting those mail files from the cloud has been an increasingly difficult business. 

To be fair, this was difficult under IBM as well, once we moved into the Verse cloud. 

Your Current Procedures aren't Working

When I first started trying to get backups of files, I had a lot of people tell me how easy it was. I followed their advice -- and yes, it was easy.  After all, there's a menu option inside outlook that lets you export directly to a PST file.

It was too easy. I was suspicious though. Suspicious that a person with a 10 year occupation could have a mail file that was a mere 400 MB. I looked into it and sure enough, the outlook method only gives you a recent subset of your data.

If you've been backing up PSTs from the cloud using outlook, you're missing a lot of data. 


Does the Problem Need Solving?

Before I go into the details of how to solve this problem, it's worth mentioning that there is another workaround that might be more suitable. I'm talking about Shared Mailboxes.

In Office 365, you can convert a user's mailbox to a shared mailbox and allow other people to access it. The downside of this is that you no longer have a perfect legal representation of that mailbox as it was when the user left (as new users could potentially edit, delete and add to it).  The good news is that shared mailboxes don't consume office licences though unfortunately, you can't delete the original users from your active directory. They're still required to be present for the mailbox.

In our case,  we keep a copy of all mail files in PST format for our records - and we use shared mailboxes only when necessary to provide access when someone critical has left. Shared mailboxes of previous employees should generally be a fairly temporary thing. 


How to Archive to PST

The PST archiving process is a little convoluted but it's accurate as it gets the mail file information from eDiscovery. Once you have your PST, and you've tested it of course, you can delete the user (or convert the mailbox to a shared mailbox).

So, without further ado, here's the instructions via slideshare.

Tuesday, December 19, 2017

The Year in Review (2017)

It's just over 12 months since we made our first forays into the Office 365 space and I'm convinced that we made the right call at the right time.  Any earlier and it would have been wrong because SharePoint hadn't gained traction and OWA was undeveloped. Any later and we'd have lost our unique position.as innovators in this space. 

It hasn't all been smooth sailing and many of our legacy systems are still on IBM Domino. The approach to migration was rushed and flawed but I'm looking forward to 2018 when the dust settles and we can begin to move forward in a more orderly manner. 

All things considered though, I'm proud to have been part of the technological achievements of the year which included a complete revamp of the hardware and software in the office; including the replacement of all desktops with Microsoft Surfaces and Apple MacBooks, the replacement of our meeting room systems with Microsoft's Surface Hub technology, an office move, a rebranding, web site replacement, some major business milestones, server data centre migrations, change of file storage system and a move from Domino to SharePoint development.

There's a lot of insight that has come out of these changes which I'd like to share but that's next year. Right now, I want to focus on my perception the global office technology trends.

IBM Domino and Microsoft SharePoint

It's been an incredible year for both IBM and Microsoft. On the one hand, I was sad to be leaving the IBM Domino world after more than two decades.  I still use Notes on an almost daily basis - and that's not expected to end for a while yet - but over the past few months I've spent about 80% of my time on SharePoint and only 20% on Notes/Domino.

At the beginning of the year, it was clear that IBM Connections outranked Microsoft SharePoint as a collaboration platform in nearly every way. I'd noticed movement on the SharePoint front though and I knew that IBM's unchallenged time in that space was almost over.  IBM Connections still offers a lot of great features that I hope SharePoint will eventually acquire but the work that has been put into SharePoint over the last six months has put it firmly in the lead in the collaboration space.

IBM is prospering under Ginny Rometty's leadership which has improved drastically in the last twelve months but the welcome decision to extend the life of Domino indefinitely came far too late and well after the mixed-messages of "end of life".

This isn't the first time that IBM has mishandled communications in the Domino space and their marketing team really need to work on their messages. 

It's great to know that Domino will still be around and that it's made the transition to cloud services but IBM's future clearly lies within the services layer - and in particular, around Watson's AI services. 


Office 365 and the Web-Centric World

Microsoft Office 365 came of age this year and the company finally realised their dream of having a viable subscription-based service.  This guarantees funding for future versions of office while still engaging a service "lock-in", thanks to the file storage capabilities of SharePoint and OneDrive. At this point, Microsoft seems to be "out-googling" Google in the web services space.

A lot of this comes down to leadership. Had Steve Ballmer continued as CEO at Microsoft, the company would have remained "windows-centric" and posed much less of a threat. The vision of  Satya Nadella however is completely different and embraces the diversity of Operating Systems.

For me, this was most apparent when I was teaching SharePoint in a room full of people and the Mac users suddenly realised that the browser based systems levelled everything. The underlying system stops mattering when the OS is the browser.  This is something that Google demonstrated back in 2011 when they launched the first ChromeBooks.


I'm excited for the future of Office 365 and the continuing addition and upgrading of tools, such as the Wunderlist ported To-Do app, Microsoft Forms, SharePoint pages and the continually evolving "PowerApps". 


The Hardware Space

In the hardware space, the Windows SurfaceBooks have been fairly impressive although they've clearly had their share of quirks. In particular, Microsoft's port replicators misbehaves incredibly. The Surface Hubs are brilliant with their main fault being a complete lack of Apple support. We ended up having to attach an Apple TV to them because although other options exist, they were too complicated for our users. 

Samsung's S8 mobiles were a highlight this year and they more or less single-handedly restored faith in the Samsung brand. The Google mobiles sounded great but with the early signs  of stumbling in the Pixel 2, they obviously need a little work.  

The Decline of Apple

Much like IBM, the decline of Apple is often predicted but never actually happens. What happens instead is that they go through periods of innovation and exnovation. In case you're unfamiliar with the term;

"In commerce and management, exnovation, an opposite of innovation, can occur when products and processes that have been tested and confirmed to be best-in-class are standardized to ensure that they are not innovated further." -Wikipedia

This is exactly what IBM tried to do with Notes last year and it's what Apple has been doing with their products of late. The last couple of iPhones haven't been very revolutionary and the less said about the MacBooks, the better.


All in all, it's been an interesting year for office technology and I've learned a lot.  Hopefully next year will be a little less frantic and I'll be better positioned to explain how to make the best use of some of this technology. Stay Tuned and have a great end of year.

Tuesday, October 31, 2017

How to Duplicate the Mircrosoft Surface Hub's Screen on another Hub

So, you've got yourself a few Surface Hubs and now you're having a big meeting. Big enough to need to use both hubs together.

So... how do you do it?

The Problem

In our case, we have two meeting rooms, each with a Microsoft Surface hub on the wall.  The rooms have a removable partition which enables it to be opened up into a large board room. Unfortunately, when this happens, the meeting participants can't always see the "master screen". 

The ideal solution to this would be to have the display of the master screen duplicated on a "slave screen".  The diagram below illustrates this need.



Two Methods

There are two ways in which the screen can be duplicated.  Method 1 involves skype. It's fairly easy to set up and requires no cabling. Unfortunately, because of generally slow internet speeds, it doesn't cope with high motion slideshows -- and it certainly doesn't cope with video.

The other method involves cables.

In this post, I want to cover off both methods. I'll be referring to the hubs as the "source", which displays the images and the "target" which receives the images from the source.

The Skype Method

The skype method is really simple.

  1. Go to the target hub and turn off the volume. 
  2. You should also turn off the microphone (these first two steps are important because they prevent the microphone from going into a feedback loop -- ie: a squeal sound).
  3. On the source hub, invite the target to your skype meeting.
  4. On the target hub, join the meeting.
  5. On the source push "Present Screen" near the top of the screen. 
  6. On the target hub, maximise the screen.

You will now be able to present on the source hub and have it display on the target.  For extra points, you could optionally include a laptop and share the screen to both hubs from there.

Bear in mind that while this method works, it can be a little slow to change slides and it's terrible with animation and video.

The Cable Method

To use the cable method, you need to obtain a  DisplayPort to DisplayPort cable. The Microsoft specficiations suggest that 3 metres is the maximum length but you should be able to get it to about 5 meters without too much trouble if you use a quality cable.

In the diagram below, the red marks the things that need to be looked at if you're driving an 84" surface hub from a 55" one.  The purple indicates the things that would need to be changed if the target was another 55" hub.


The ports on the surface are confusing, to say the least as they're in reverse order on the 55" and 84" models.  They're also not labelled well at all, particularly not as a group of "input" or "output" ports. There's subtle arrows on the ports pointing into a box or out of a box. That's your indication of whether the port is an input or output one.  

Additionally, there's an important slide switch which is simply marked with an exclaimation mark in a trangle.  If you slide this to the left (looking from behind the surface screens), it "turns the onboard computer off"  -- except it doesn't. The onboard computer seems to function well enough regardless of how the switch is set. 

What the switch does do however is determine whether or not the surface will look at the input ports. This might be important if you were going to set up a permanent cable connection but only wanted it to be "active" sometimes.

Finally, on the target hub, you'll need to switch the input to Display Port. 

HDMI and VGA are options

While HDMI isn't supported as an output format, you can have HDMI as an input. That's good because HDMI cables can be longer and you can get them with built-in repeaters though I haven't tested one -- yet. 

You can also, apparently connect via VGA but since VGA doesn't carry sound, you'll want to connect the audio ports together too. I haven't tested this procedure. 

The official Microsoft documentation on this is here






Friday, October 27, 2017

Getting Started with SharePoint Lists


SharePoint lists are a great way to build quick "applications" and registers. 

If, like me, you've migrated from IBM Domino, and you were wondering where the Office 365 development functionality is, this is where it starts.  For everyone else, who has never heard of domino, don't worry, I'll explain what SharePoint lists are and why they're a great tool for you. 

What Are SharePoint Lists?

SharePoint lists are essentially a "cloud way" to store data that you want to share and search. You can put documents into lists but the best use of lists is to store and update "data".

Essentially, SharePoint lists are a kind of database. They're not incredibly powerful, like SQL server but they're usually going to be powerful enough to replace a lot of the things you might have in Microsoft Access.

One of the easiest ways to determine what applications are a good fit for SharePoint lists is to look at your spreadsheets.  Spreadsheets, like Excel are great for maths and finance but they're less suitable for simple lists -- especially if those lists need to be shared. If you're keeping track of things in excel but you're not doing maths or graphs, a list is probably a better fit.

What can I use them for? 

You can use SharePoint lists for almost anything but here's a few business ideas to get you started;


  • Inventories and Asset Registers; to track serial numbers, device allocations, IMEIs and even problems against devices.
  • Contracts; to store the actual contracts but also record information against them like start and end dates, terms and contacts.
  • Share Passwords; In most IT teams (and other business teams) there's a bunch of shared URLs, user names and passwords. Putting these into a central list makes it easier to search for them when you need them.
  • Keywords: Lists can be used to power other lists (I'll talk about that more in a future post).
  • Changes: If you're putting together a Change Management system, a list can be a good way to register a change and set a status on it.
  • Collection management; If you collect anything; books, dvds etc, Lists can be used to manage the collection. 

Building your own SharePoint List

Without further ado, here's a slideshow that walks you through the process of building a simple SharePoint list. I've ignored a lot of options and a lot of the opportunities for a slicker experience in order to keep this as simple as possible. 




Where to From Here?

This is just the tip of the iceberg when it comes to lists and there's a whole lot of other places we can go from here. In particular, we can "skin the list" to make it look nicer and we can built a mobile app using PowerApps (it's very easy), we can also add validation and security.