SharePoint Online is a critical piece of the Microsoft 365 ecosystem. Its document management service is consumed by many apps like Teams, Yammer, and Planner. OneDrive for Business, the personal side of SharePoint Online, also contributes to SharePoint’s success with components like the synchronization client. Without SharePoint Online, Microsoft 365 would be a very different offering and a worse platform to work with.
Azure AD conditional access policies can now use an app filter based on custom security attributes to restrict access to specific apps. It’s a neat idea that should be popular in larger enterprises where the need exists to manage large numbers of apps. In other news, the Graph X-Ray tool is available in the Windows Store and a neat cmd.ms tool is available to provide shortcuts to Microsoft 365 sites.
Surprisingly, Microsoft has decided to retire the SharePoint Inside Look feature. This is where background processes extract three points from the text of Word documents and use them to help users understand the essence of the document. The text is also used in SharePoint sharing notifications. It’s a pity that the feature is going, but it’s English only and the resources needed to accommodate other languages might be too much for the predicted return.
In a March 4 update, Microsoft announced that Microsoft 365 web apps will get a new account switcher to allow users to run multiple signed-in sessions and switch between the accounts seamlessly. Not every Microsoft 365 web app supports the new feature, with Teams being a notable miss, but there’s enough there to make this a very useful feature.
A post by the Exchange development group tried to explain why mailboxes have SharePoint Online proxy addresses. It’s all down to the Microsoft 365 substrate, which needs the proxy addresses to ingest digital twins from SharePoint Online into Exchange Online for use by shared services like Microsoft Search. The upshot is that you can’t remove a mailbox permanently without some background processes kicking in to make sure that SharePoint is taken care of.
Microsoft Lists is now available in a preview for users with Microsoft Service Accounts (MSA). The preview is tagged as a lightweight version of the enterprise capabilities available in SharePoint Online. When generally available, we might see this as a premium consumer offering. In other news, an opinion says that Lists should replace Planner. I disagree, and say why.
SharePoint Online and OneDrive for Business will soon gain the ability to apply default sensitivity labels to document libraries. The feature is currently in preview and requires some complicated PowerShell to configure, but Microsoft is working on the GUI and expects to make the capability generally available later this year.
On January 10, Microsoft announced that the base Office 365 workloads support Continuous Access Evaluation (CAE) for critical Azure AD events like password changes or account deletions. Although you can take CAE even further with conditional access policies, giving Exchange Online, SharePoint Online, and Teams the ability to react to critical events in almost real-time is a very big thing indeed.
A new tweak to the sharing link dialog used by OneDrive for Business, SharePoint Online, and other Microsoft 365 workloads block downloads of video and audio files by default. This is probably what you want to happen as, unlike Office documents, when you share a video or audio file, it’s likely to be final content ready to be consumed rather than being worked on.
A new sharing link dialog for OneDrive for Business and SharePoint Online is rolling out to Office 365 tenants. The new dialog makes it easier to configure settings for copy links. This might sound like a small thing on the overall scale of Microsoft 365, but making it absolutely clear how to configure sharing links is a good step towards helping users send the right kind of links when they share documents with others.
When SharePoint users share information, Office 365 captures events in its audit log. By analyzing the events, we can build a picture of how people share information. The sad thing is that the audit events logged when someone extends the validity of a sharing link doesn’t contain as much information as you might like. Even so, we can still analyze the sharing events to build a picture of what happens in an Office 365 tenant.
The SharePoint Online expiring access policy controls how long external users can use a sharing link. You don’t have to use this policy, but it’s a good idea to configure it. And once the policy is active, users will see notices when their sharing links approach expiration. The process to renew (extend) sharing links is quick and easy. And if you want even more protection, consider combining this policy with sensitivity labels.
Teams meeting recordings can contain a lot of confidential information. It’s a quick and easy task to create a Data Loss Prevention (DLP) policy to stop people sharing these files externally, In this post, we show just how simple the required policy is, and just how effective it is at stopping external sharing.
To help you recover from the blizzard of Microsoft 365 information released at Fall Ignite 2021, here are some notes about features and functionality you might have missed. Like any list created by a conference (virtual) attendee, it reflects my interests and what I was looking for. Feel free to disagree on the importance of any or all of the topics discussed here… and suggest some of your own in the comments.
The site property bag is SharePoint Online’s way to allow tenants to add custom properties. This is useful if you want to add custom properties for search purposes, which is what you might need to do to use the new adaptive scopes for Microsoft 365 retention policies to find and process SharePoint sites. In this article, we explain how to add values to the site property bag, and how to make sure that you don’t leave sites in a position where custom scripting remains enabled.
Users attempting to delete SharePoint Online files assigned Microsoft 365 retention labels are blocked. That is, until a change arrives in November to make SharePoint Online and OneDrive for Business behave in the same manner. It’s a good change because it avoid the scenario where users remove retention labels to delete files, which undermines the organization’s compliance strategy. Now, deleted items go into the preservation hold library and stay there until their retention period expires. My only complaint is that the control over the mechanism is not as simple as it should be, but that’s a small and relatively unimportant flaw in the overall scheme of things.
The preservation hold library is an important component of SharePoint Online retention processing. A change coming in November should simplify file handling and reduce the amount of storage taken up by retained files in the library. Basically, instead of storing multiple versions of a file, SharePoint Online will hold a single file containing all the updates. It seems like a good change to make. We’ll know more when it rolls out.
Microsoft has simplified Microsoft 365 administration by moving controls from the OneDrive for Business admin center into the SharePoint Online admin center. It’s a good step because the two workloads are really two sides of the same file and document management function within Microsoft 365. With many apps moving storage of their data to OneDrive for Business, its role is becoming increasingly important. Even so, OneDrive doesn’t deserve a dedicated management portal.
The longstanding problem where the renaming of a Teams channel did not rename the folder in the SharePoint document library is being fixed. First flagged as an issue in 2016, this is one of the oldest bugs in Teams and it’s taken far too long for Microsoft to squash. The good news is that the fix will deploy in mid-September to close off the problem once and for all.
The OneDrive for Business sharing control (also used by SharePoint Online) now shows thumbnails of the set of people who already have access to an item. The idea is to give owners of information an at a glance view of who has access. It’s a nice change which adds something that probably no one thought was missing, The little things add all the difference!
In September Microsoft will introduce a new auto-expiration feature for Teams meeting recordings stored in OneDrive for Business and SharePoint Online. By default, recordings will be moved to the recycle bin 60 days after creation (30 days for users with Office 365 A1 licenses). Tenants can control the default expiration period using Teams meeting policies while users can override expiration for individual files. And if you use retention policies to control Teams meeting recordings, their instructions take precedence over auto-expiration.
A change being made to SharePoint Online in August will make the deletion process for files with retention labels consistent with OneDrive for Business. The intention is to achieve consistency across the two browser interfaces and to remove a little friction for users who might become confused when they SharePoint Online stops them deleting labeled files. Everything will happen in August. We wonder if anyone will notice?
Microsoft will soon impose a limit on the number of PST versions kept by SharePoint Online and OneDrive for Business. PST files have no business being in cloud storage, so this is a reasonable step. People shouldn’t keep PSTs in SharePoint or OneDrive document libraries and organizations shouldn’t let them. In fact, you should block PSTs from OneDrive synchronization and make plans to eradicate these pesky files.
The latest update for sensitivity labels allows them to control the external sharing capability of SharePoint Online sites. It’s a powerful example of policy-based management in action and demonstrates just how useful sensitivity labels will be as Microsoft steadily builds out the set of controls available through labels.
Sensitivity labels are a great way to protect confidential documents stored in SharePoint Online. Sometimes the documents must be decrypted. This article explains how to build a PowerShell script which uses Graph API calls to navigate to a folder in a SharePoint Online document library and decrypt the protected documents found in the folder.
A new preview feature allows the resources available to an Azure AD guest account to be reassigned to another email address. It’s a nice feature, but Teams has some problems with it at present. On the upside, everything works great with SharePoint Online and Planner, and we’re sure that Microsoft will fix the problem with Teams soon.
The OneDrive sync client is an important Microsoft 365 component which underpins features like autosave and coauthoring of Office documents. During the March 15 Azure AD outage, the client had a meltdown and removed all the local copies of files stored in a SharePoint Online folder, seemingly because it couldn’t authenticate. The problem was easily fixed, but it’s a bad example of handling what could be a transient authentication issue.
Audit records are a great way to gain an understanding of what happens inside Office 365. We use PowerShell to report actions taken with sensitivity labels such as protecting files and containers. The latest development is the addition of support in the Microsoft 365 apps for enterprise (Office desktop) to log audit events when users interact with sensitivity labels. Unsurprisingly, more events are often logged by the desktop apps than their online equivalents.
Microsoft’s Edge browser recently introduced sleeping tabs to conserve resources. Although this is a good idea, putting SharePoint Online tabs to sleep stops them reconnecting. I suspect it is because a refresh token times out and isn’t renewed. The solution is to add SharePoint Online sites to the list of sites that don’t sleep. Always-on document management is the best approach.
Microsoft says that SharePoint Online now has 200 million monthly active users. Teams is the major influence driving SharePoint growth with an increasing number of touchpoints between the two Microsoft 365 workloads.
The container management settings of sensitivity labels can now manage the external sharing capability of SharePoint Online team sites. The same settings as available in the SharePoint admin center or PowerShell can be applied through a label. Caching means that new settings in a label might not be picked up by SharePoint Online for up to 24 hours.
Sensitivity labels are spreading across Office 365. Now you can search SharePoint Online to find documents with a specific label. And if you make an extra tweak to the search schema, you can find labeled sites too. All of which seems boring and uninteresting until you actually need to do it.
Support for sensitivity labels is generally available for SharePoint Online. Users can apply labels to classify and protect documents, but a mismatch can happen between labels applied to documents and the sites where the documents are stored. When this happens, SharePoint Online emails site owners to tell them that a mismatch exists.
SharePoint Online generates a lot of events in the Office 365 audit log. You can interrogate the log with PowerShell to create per-user reports of their activities. The Search-UnifiedAuditLog cmdlet finds all the necessary data; after that it’s just a matter of filtering and refining the data and then creating the reports.
Microsoft has published updates for the Exchange Online management and SharePoint Online PowerShell modules. Generally it’s a good idea to install the latest version of PowerShell modules for the different Office 365 products, but beware of some gotchas that await the unwary…
Do you need to find out who updated a SharePoint Online or OneDrive for Business document? Use PowerShell to search the Office 365 audit log for document events and the complete history is available. Well, at least the last 90 days’ history – or 365 days if you have the necessary licenses.
Word users range from casual to professional writers. Those involved in collaborative co-authoring can now @mention others in comments. The feature is available in Word and PowerPoint (click to run) and the Office Online apps now and Excel desktop is due to get it too. Documents must be stored in SharePoint Online or OneDrive for Business to allow @mentioned people access the files.
Large Office 365 tenants with more than 10,000 seats can now use the SharePoint Online site swap feature to replace an old root site with a new communications site. The site swap must be done with PowerShell and needs a new version of the Invoke-SPOSiteSwap cmdlet. Once you prepare your new site for swapping, everything goes smoothly.
Like many other parts of Office 365, you can manage SharePoint Online with PowerShell. At least, you can manage some aspects of SharePoint Online with PowerShell. Microsoft has made it easier to keep up to date with the latest SharePoint Online module and the PnP module, so there’s lots of cmdlets to help Administrators do a better job of automating different aspects of SharePoint Online.
Now that SharePoint Online supports Office 365 Sensitivity Labels, it’s time to consider how to protect files stored in document libraries. When you compare the two approaches, there’s really only one winner. And there’s no surprise in saying that the winner is Office 365 Sensitivity Labels.