Join the CIAOPS Office 365 Tech email newsletter

One of the greatest challenges faced by IT Professionals today is simply keeping up with the technology. The problem is there are so many different sources that it comes from as well as the volume that it flows at.

What makes it even more difficult for todays IT Professional is that they need to be able to administer the systems as well as assist end users get the most from the same systems. This means understanding both the front and back end of systems. In effect that means keeping abreast of the twice the amount of information.

I do my best to provide the best quality of technical information via a number of sources but not all information is relevant to all audiences. With that in mind I have created an new email list dedicated to IT professionals and administrators of products like Office 365. It is aimed at providing technical information about the products in more depth to help administer them better.

You can sign up for this new CIAOPS Tech email list directly at:

If you are also interested in end user information via email I’d encourage you to sign up to my free 23 part SharePoint Online training course at:

because after the end of the SharePoint course the information continues with detailed emails about getting the best from Office 365 products like OneDrive, Delve and more.

Why via email? Email provides the ability to automatically collect the information, store it for later review. I have found that many people still prefer to use email as their primary source of information for these reasons.

There’ll still be plenty of detailed information in this blog and via my other social media sources as usual but if you want to receive information from me about Office 365 and the Microsoft cloud then subscribe to one or both of the above email lists as suits your needs. Of course you should also feel free to send me any suggestions, at any time, about what topics you’d like to see covered on these lists as I want them to be as relevant as possible.

As always, I appreciate people consuming what I produce via various channels and I look to continue to improve what is offered.

Office 365 Service Trust Portal


Security is a journey not a destination and that’s what makes it so hard when dealing with technology. One of the things that I believe that makes Office 365 the best product on the market is Microsoft’s commitment to security and compliance. A great place to start if you aren’t already aware is the

Office 365 Trust center

which has a huge amount of information around security for products like Office 365. If you have a security question about Office 365, start there.

What you may not be aware of is that Microsoft has just made available a dedicated an Office 365 Service Trust Portal for each Office 365 tenant. Once you sign up, you’ll find a vast array of security and compliance information tailored specifically for your Office 365 tenant. Here’s how you sign up.

Start by visiting:


You’ll be presented with the page shown above which you’ll need to login as an Office 365 global administrator.


After successfully logging in you need to approve access from the Office 365 Service Trust Portal to your Office 365 tenant. Simply select the Accept button to proceed.

(now for some reason I’ve had to repeat the login and accept twice a couple of times for different tenants I enabled, so if it doesn’t work the first time, simply try again)


You’ll then be asked to enter you region and industries. Simply select from the pull down options.


When you have made your selections select the Save button to the right.


In a moment or two you’ll receive a message that your configuration has been save and the Trust Portal has been updated with relevant information.


You can now navigate to the menu options on the left of the page, like Compliance Reports which are shown above. Here you will see all the security and compliance information available to you as you can see. You can also use the options at the top of the page to easily search for specific information.


One of the first options I suggest you take a look at is the Office 365 Customer Security Considerations spreadsheet. You’ll find details of this here:


You’ll find it by selecting Trust Documents from the menu on the left,


From the options on the left locate Office 365 Customer Security Considerations Preview. Selecting this will download a spreadsheet which you can save locally.


When you open the spreadsheet you should see something like that shown above.

If you take a look at all the content in the spreadsheet you’ll find links, PowerShell commands, best practices and more. There is also an Office 365 Customer Security Considerations Preview Reference Guide available from the portal to help you use the spreadsheet.

Security is a very important aspect of cloud computing and given resources like the new Office 365 Service Trust Portal I am confident that Microsoft is making available the best information needed to help both customers and resellers understand and better secure their information in their commercial services like Office 365. This is yet another reason why Office 365, for me, stands out from the pack when it comes to being serious about business cloud computing.

Wanna transform your current technology business?


One of the most common frustrations I see when I speak with IT businesses is the fact that they are still struggling to transform their business to the new cloud model. The challenge is independent of technology, it is about the business model and many simply don’t know what to do.

Nigel Moore and myself, who also head up Cloud Business Blueprint, have decided to address these frustration head on with a new offering called My Cloud Business.

How is My Cloud Business different? It is totally business focused and technology independent. So if your business is Office 365, Amazon, Google, etc it doesn’t matter. If you want to transform your technology business to the new cloud model then My Cloud Business is for you.

Cloud Business Blueprint will remain doing what it does so well, providing technology resellers a community to share, learn and obtain both technical and business resources from. My Cloud Business however will be the place for people who want to take the step outside the technology and learn how to structure, build and grow their business to not only adapt to the world of cloud but also thrive in it. You’ll need to be committed to this transformation. My Cloud Business is therefore not for everyone but is designed to fully support those who want to ‘step up’.

Nigel and I are busily building content for release very shortly but this is an opportunity to be an early adopter. If you sign up right now you’ll go on our mailing list to be kept abreast of everything we have planned. We also expect to provide early adopters significant benefits for supporting us early in the piece.

So, if you are struggling to transform your business to the new cloud model and are looking to step up and really exploit the opportunity it now presents then I suggest you sign up to our notification list today to get in on the ground floor. There is no obligation if you do, you’ll simply receive updates via as we bring them online.

Getting more from Office 365 means understanding SharePoint

Would you accept purchasing a new car and it running in first gear? Of course not! You’d immediately return it to the dealer and have it fixed. I however see so many businesses running Office 365 suites that include SharePoint Team Sites and them never being used. Even worse I see SharePoint being used in first gear constantly, yet people never opting to change up gears to the next level of what SharePoint has to offer.

Why is this? I believe the answer is simply a lack of understanding about what SharePoint is, and like any knowledge, you don’t gain such insight over night or by reading a few web pages. To gain the most from SharePoint you need to change the way you view information sharing. You need to shift your mindset from storage to collaboration as I have written about previously:

The Classic SharePoint Online Migration Mistake

First gear with SharePoint is generally using it as file storage which I see many people do. The problem is if web storage is all you have planned for SharePoint how is that any different from where you store that data today? All you are doing is simply moving that data from one storage ‘bucket’ to another. Where that bucket maybe is irrelevant because it is just being used as container. Simply moving data from one location to another makes no sense. Where is the value add? What is the business benefit of data being in bucket number two? Where is the business benefit of going to all the trouble of migrating the data? Being purely pragmatic about things here, it make no business sense and generally is just incurring expense.

With SharePoint wedged in first gear many now continue to ‘load’ SharePoint up with more and more data and wonder why things aren’t magically becoming more productive. They do nothing more than just uploading files to one document library. Doing the same thing and expecting different results is the definition of insanity is it no? In short, you are burdening SharePoint with structures and concepts that bog the service down. In short, it is like constantly driving around in first gear.

Much like a modern car, SharePoint Online has a significant number of forward gears that you can and should take advantage of. Problem is most people don’t invest the time to learn how to do this. The essence of productivity is that you invest some time up front learning how to do something better and then apply that. The payoff is never immediate, it is down the track. However, the payoff is always much greater than the initial investment because productivity scales.

In my books, you cannot use or sell Office 365 without making some investment in learning SharePoint. Everyone, I mean everyone, using Office 365 must appreciate the basics of SharePoint. They must be at least able to take the product out of first gear. Beyond that is a choice. You can certainly skill yourself up on SharePoint or you can get assistance from someone already skilled who can provide a shortcut for you.

Every top professional sports person/team has a coach. Why? Because they are looking to improve so they can be more competitive. How come the same doesn’t apply to businesses with Office 365? Why aren’t they trying to use the product to its fullest extent? Why are they not seeking the skills and knowledge to become more competitive? Why are they using it’s most mundane functionality?

SharePoint knowledge and experience is not simply going to materialise overnight. It is a transformational process that requires learned experience. There are certainly ways and means to accelerate this but it means making the commitment to making the most of a tool like SharePoint and aspiring to open the product up beyond first gear. The benefits there are well worth the effort.

Of course, the next road block people raise is about how they go about learning SharePoint? The best option is to start with a problem you need solved and try and use SharePoint to solve that. Maybe you have a need for an automated vacation request process. Maybe a need to create a shared team calendar and so on. In essence SharePoint is a tool, a very powerful tool that is at your beckoned call. Use it to solve a problem. That’s what it does best.

The next resources I will point you to are my own. Although that may appear self serving I have taken what I have learned in the field and created offerings that are tailored to exactly these introductory needs.

If your SharePoint is stuck in first gear take my

Free email SharePoint course

there you’ll get an email a day for 3 weeks with a video tutorial about one aspect of SharePoint Online including downloadable lesson notes.

If you want training immediately take a look at my online courses at the

CIAOPS Academy

which include a number of SharePoint and OneDrive for Business (which is SharePoint) courses you can sign up for immediately.

Beyond that have a look at these resources:

SharePoint courses at Microsoft Virtual Academy

SharePoint 2013 training for IT Pros

Discover SharePoint

SharePoint Online Videos and Training

Start using your Team Site and OneDrive for Business

SharePoint can transform your business productivity but you will typically need to transform the way you think about SharePoint. That transformation is not simply going to drop in your lap, you need to invest some time up front to reap the rewards as with anything worthwhile.

Look at it this way, the investment you make today means that you will be able to do tomorrow what your competition can’t.

I hope that the next time I see your SharePoint driving past it isn’t screaming in pain over the redline in first gear, it is instead accelerating away into the distance in eight gear. I’ve shown you how to start that process, now be fruitful and apply.

Introduction to SharePoint lookup columns

Introduction to Lookup Columns

One of the problems faced when implementing a good collaboration Team Site is that you need to reference the same material in multiple locations within the Team Site. It is not always possible and it is also not best practice to put all the information you require in a single SharePoint app such as a list. There are however, times when you need to reference fields from another list in a Team Site. SharePoint supports this ability natively via Lookup columns that you can insert into an app as unique columns.

Although SharePoint should not be considered as a true relational database, good design encourages the minimisation of duplicated information by separating out information into unique apps (like lists) so that it can be used in many different ways. A good example of this is a contact list that contains names, email addresses, employers, etc. That contact list may need to be referenced in an “items purchased” list as well as perhaps a “phone log” list. It doesn’t make sense to have multiple contact items, it makes more sense to have a single point of truth that once updated is valid throughout the Team Site.


In this case the lookup will be performed on an existing contact list as shown above called Members. This is why designing a good structure with Team Sites is so important, because you need the look up item needs to exist prior to using it elsewhere.


In the list in which you wish to perform the lookup from (here a list called Locations) go into the List Settings and then locate the Column area towards the middle of the page as shown above.

Select the option Create Column at the bottom of this section.


You will need to give the new column a name. Then you need select the option below Lookup (information already on this site). Scroll down the page when you have made these changes.


You can then add a description and select whether the column must contain information and have unique values. Below these options you will now be able to select where the lookup information for those column comes from.


If you select the Get information from: field you will see a list of existing Team Site apps that you can select from. In this case the Members list will be selected.


Once you have selected where to get the lookup information from the In this column: field will change to be a list of all the columns in that app as shown above (here all the columns from the Members list). Now simply select the field you wish to display from the list that is being referenced. In this case the selection will be Full Name to avoid confusion.


With these two options now selected you will see that you can also display additional columns from the list that is being looked up. This is handy because you may need to display more than a single field from the list being looked up. In the case with the members list, perhaps you need not only their full name but also their email and mobile number.

In this case the additional fields Email Address and Business Phone have been selected.


At the bottom of the list of fields that can be added from the lookup location is a selection option that also allow these fields to be automatically added to the default List View. Normally, you will leave this selected, however fields displayed by Views can easily be customised at any point in the future.


The last option that can be set is how the relationship between the two lists will be handled. Basically here you determine what happens to this list when an item in the list being looked up is deleted. If you select the option to Enforce relationship behavior and an item is deleted in the list being looked up then any items in the current list that refer to that now deleted lookuped up item will also be deleted from this list.

You want to consider this cascading delete option carefully before you enable it because it can result in unexpected data removal. Best practice is generally to always retain the data, even if it no longer refers to something in the list being looked up. Best practice is therefore to leave the Enforce relationship beahvior unchecked.

Scroll down to the bottom of the page and select the OK button to save the changes.


If you now view the list you will see the additional columns just added. Here the Person column is a lookup to the Full Name field in the existing list Members and the fields Person:Email Address and Person:Business Phone are also taken from this location.


When you add a new record to this list you will only see two options (as the other fields are referenced once the lookup is performed).


If you select the Person field (which is a lookup to the Members list) you should see a list of all the rows from that location as shown above.


If you now complete a new record and save it you’ll be returned to the list summary as shown above. Because the lookup field was selected the associated values for that entry (here from the record for member Robert Crane) will automatically be populated in the email and phone fields as shown above.


You will also see that lookup field (here Person) also becomes a hyperlink that you can select.


When you do that, a dialog window will open and display that record from the list being looked up (here Robert Crane’s record). You can now edit and make changes to this looked up item quickly and easily if needed.

It is important to remember that the lookup functionality between SharePoint lists is not a true relational database. This means that there may be times when you update one field and a dependant location doesn’t appear to be updated. In this case, the information has indeed been updated but the display simply hasn’t. By viewing or editing that item you should find that the dependent information that was changed is automatically updated and displayed.

Lookup fields are an important part of designing good Team Site structures to ensure that information is not replicated in multiple locations. This however means that more time needs to be devoted to planning these linkages up front, however the payoff can be a significant reduction in overhead and complexity.

Using Azure AD B2B Sharing with SharePoint Online

A common problem that many businesses have is securely sharing their Office 365 resources, like a SharePoint Team site, with users outside their organisation quickly and easily.

Microsoft have added a great new feature called Azure AD B2B sharing that greatly simplifies making Office 365 resources like a SharePoint Online Team Site available to users who are not part of the same Office 365 tenant.

There will be typically two types of external users who reside outside an Office 365 tenant:

1. Those with an existing Azure AD account thanks to being an user of a Microsoft commercial product such as Office 365


2. Those without an existing Azure AD account

Here is the typical process for sharing an Office 365 Team Site with both an external Office 365 user (i.e. already has Azure AD) and an external user who just has an email address (i.e. doesn’t have Azure AD).


In this case I want to share the above Test site ( with two external users. The Office 365 user will be and the standard user will be

The Azure AD B2B process does not allow you to use consumer domains like,,, etc. Youcan only use custom domains.

The first thing I need to do is ensure that the Team Site I want to share has been enabled for external sharing.

You do this by navigating to the SharePoint admin center after logging into the Office 365 portal as an administrator.


You select the site collection in question (here and then select the Sharing button on the Ribbon Menu.


This will reveal a dialog box like that is shown above. Ensure either Allow external users who accept sharing invitations and sign in as authenticated users or Allow both external users who accept sharing invitations and anonymous guest links is selected an save any changes made.


You should then return to the Office 365 admin center and create a new security group for these external users to reside in. You do this via the Groups option on the left hand side of the Office admin center.


When you create a new Office 365 security group using the portal you must add at least one member to that group. In this case the group was created with a single member and then immediately afterwards the group was edited and that initial user was removed. The end result here is a new Office 365 security group called Externals that contains no members.


You now need to return to the SharePoint Online Team Site and assign the appropriate permissions to this new security group. In this case the whole Team Site will be shared with any member of the security group Externals and they will be permitted Edit rights as shown above (i.e. they will basically have ‘Member’ rights on that site).


You’ll then need to run PowerShell and connect to the Office 365 tenant you wish to share. I have detailed how to do that previously here:

Configuring PowerShell Access in Office 365

I also have an online course available that covers the material in more depth:

PowerShell for Office 365

Once you have connected to the tenant you’ll need to the command:

get-msolgroup | fl displayname, objectid

This will return a list of Office 365 security groups as shown above. You then need to record the ObjectId for the security group you just created that will contain the external users (here Externals).

You will then need to visit:

and obtain the format for the CSV import file that is required.


Into the CSV file you enter the following information into the columns:

Email = users email address
Display Name = Firstname Lastname
InviteReplyURL = SharePoint Team Site being shared (here
InviteAppresources = leave blank
InvitegroupResources = ObjectID obtained from PowerShell step
InviteContactUsURL = A contact URL. Here just my normal web site.

Once each user you desire to have access to the SharePoint site has been entered in its own row, save the CSV file.

You’ll then need to access the Azure AD for the tenant. If you haven’t yet enabled this see my blog post:

Enabling your Office 365 Azure AD

or my online course:

Integrating Azure Active Directory Features with Office 365


You’ll then need to navigate to the users area of you Office 365 Azure AD as shown above.



You’ll then need to select the Add User button at the bottom of the page.


In the dialog window that appears you’ll need to select the Users in partner companies option in the Type of User field. You’ll also need to specify the location of the CSV file to upload with the users to be provisioned that you just created.

When this is complete, select the check mark button in the lower right.


The import process will now run. When complete you will receive a status message at the bottom of the Azure management console as shown above. You can select the option to view the report to verify there are no errors.


If you do view the report and everything has worked as expected the status should say Email generation started as shown above for the external user and


and Directory invite operation finished for the Office 365 user.


Each user should then receive an email like the one above with a link to access the shared application at anytime.


The first time that the non-Office 365 user clicks on the link they will be taken to an Application Invite page as shown above.

(Side note – if you are wondering how the image on the left of the Application Invite page has been customised, see my my online course:

Integrating Azure Active Directory Features with Office 365



You should see that the email address has already been entered. All the user needs to do is select the Accept button.


Since this user doesn’t have an existing Azure AD account they need to create a new one. They will therefore be prompted to complete a password as well as confirm their name and country.

When this is complete select the Sign up button to continue.


It will take a few moments for the new Azure AD account to be created


The user will then need to login with their email address and the password just entered.


Then they will have access to the shared SharePoint site as shown above.

If they select the link in the email again, they will taken to a standard Office 365 login page where they need to again use their email address and password to access the site.


Now if the Office 365 external user clicks on their received email link they will be taken to a similar Application Invite page as shown before. Simply select the Accept button to proceed.


Because the Office 365 external user already has an Azure AD account they do not need to establish a password, they are instead taken to their own tenant login page as shown above.


But once they login they are automatically taken to the destination shared SharePoint Team Site just like the previous user.


If you return and view the securities of the SharePoint Team Site as an administrator you should see the Office 365 security group created previously as shown above.


If you then view the Office 365 security group from the Office 365 admin center you should see the two users as shown above.

So now both users can simply select the link in their email to return to the shared Team Site at any point in the future.


If the non-Office 365 user attempts to access Office 365 via the standard URL (i.e. they can login and when they do they see the above screen.


If they select the App Launcher in the top left they see the above tiles.


If they then select the Admin tile they are basically stepped through the process of verifying their own domain and creating a full office 365 account. Some guerilla marketing there maybe?

What I have shown here is only what is possible with SharePoint but as the recent video from Microsoft Mechanics highlights you can use a similar process to share apps from the Windows Azure Single Sign On Apps portal that is also part of Office 365.

If you want to know more about setting up the includes office 365 Azure AD portal then

see my my online course:

Integrating Azure Active Directory Features with Office 365

What’s coming soon will be the ability to use social media accounts like Twitter, Facebook and Google Plus to login to externally shared Office 365 resources. That is going to really make external sharing of Office 365 information easy. I can’t want for when that is available and I’ll make sure I write an article on it.

In summary, using the built in B2B collaboration that comes with Office 365 you can now more easily share information with external parties that have their own domain.

What this stuff should also illustrate is how important Azure AD is to Office 365 and how you really need to enable it to get access to the additional options that are available with Office 365. In short, if you are not using Azure AD with Office 365 then you are driving around everywhere in first gear!

Also, please don’t forget to take a look at all my online courses at:

You may even find a lesson about this very topic in there shortly.

Change SharePoint Online Team site logo

One of the challenges with SharePoint Online is around user engagement. A step towards solving this can be the branding of Teams Sites from the default. There are number of simple branding elements that can be configured via a browser, this first of these is to change the site logo.


The site logo is located in the top left of a Team Site, just below the Browse link as shown above. To change the site logo you’ll need to have appropriate permissions.


The first step in the process is to select the Cog icon in the top right of the page. From the menu that appears select Site Settings.



On the Site Settings page, in the top right, under the Look and Feel heading, select Title, description and logo.


On the Title, Description, and Logo page scroll down to the bottom to locate the Logo and Description section.


Here you can see that you can add a logo from either your computer or SharePoint. Select the From Computer link to upload a new image from your desktop.


You can now select the Choose file button and navigate to the location of the file you wish to use as the new logo.

By default, uploaded logo images will be saved into a hidden Document Library on the the Team Site called Site Assests. If you select the Choose Folder button you can alter this location.


Selecting the Choose Folder button will open a new windows allowing you to navigate the folder structure of the Site Assets Document Library. You will note that you can only navigate the Site Assets folder and below, you can’t navigate to anywhere else in the SharePoint Online Team Site.

In most cases the default location of the root of the Site Assets Document Library is suitable as a location for uploaded logos, so accept this and complete the process by selecting the OK button.


You should now see you logo displayed as shown above, you will also see the path in SharePoint Online where this file will be saved.

You can also enter a description of the logo. This description is visible when you mouse over the logo or when the images doesn’t display. It is always best practice to ensure that you enter some text here.

When you have finished making any changes, scroll to the bottom of the page and select the OK button to apply these changes to your Team Site.


If you return to the home page of your Team Site you should now see the new logo displayed as shown above.


If instead of uploading the image from yoru desktop you wish to select an image already saved in SharePoint Online you select the From Sharepoint link from the change logo region detailed above. When you do so, you’ll see a dialog appear like that shown above.

Depending on the permissions you have with the SharePoint Site Collection (i.e. all the Teams Sites under this URL), you can navigate to and select an image from anywhere in that Site Collection.

For example, you may have created a sub-site in which you want to change the logo. However, you may wish to store all the images in the parent location. All you need to do to use this parent location is navigate to it using the dialog shown above.

It is generally best practice to have the copy of the logo you wish to use in the same Team Site as it will appear. If you wish to use a logo from other locations in the Site Collection you’ll need to ensure that users have at least read rights to that location so they can view the logo when the site renders. If they haven’t got rights, then the logo will not display.

You typically use the From SharePoint option for the logo when the logo already exists in SharePoint Online. This ensure that there is only a single point of truth for that image, which is handy if it ever needs to be changed or updated.