Need to Know podcast–Episode 237

FAQ podcasts are shorter and more focused on a particular topic. In this episode I’ll talk about the differences between OneDrive for Business and SharePoint.

This episode was recorded using Microsoft Teams and produced with Camtasia 2019

Take a listen and let us know what you think – feedback@needtoknow.cloud

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-237-odfb-vs-sharepoint/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

CIAOPS Patron Community

Introduction to file collaboration in Microsoft 365, powered by SharePoint

@directorcia

Transcription

Robert Crane  0:00 
Welcome along to the Need to Know podcast. My name is Robert Crane and this is episode 237. Now, these episodes are shorter episodes known as FA Q’s and they are aimed at a deeper dive into some of the technologies in the Microsoft Cloud. Now these episodes are brought to you by my CIAOPS Patron community and again, you’ll find information about that at http://www.ciaopspatron.com. Check it out if you’re interested in learning more and keeping up to date with everything in the Microsoft Cloud. Now what I want to cover today is a very common question I see out there around the differences between OneDrive for Business and SharePoint. Now the first point of order is to note that SharePoint is a technology, a service that OneDrive for Business takes advantage of. So the way to think about it is that SharePoint is the overarching technology that OneDrive for Business runs on and will also designate the common area as team sites. So again, think of SharePoint, the top of the tree, and that’s providing the storage capabilities for files and folders for OneDrive for Business and for team sites. And also for Microsoft Teams as well. So think of, again SharePoint as the manner in which items files are stored in Microsoft is five, four, which OneDrive


takes advantage of it, and so does team sites. Now one of the other differentiators here is to appreciate that OneDrive for Business is designed as personal storage per user. And team sites are designed for shared data. So think about a OneDrive for Business as what is on your desktop, my documents or a home drive or traditional home drive, you would have had potentially with a on prem server, and think of team sites as location for shared file. So this is going to be you know, the F drive in the old style file, so therefore shared location used by multiple people. Now, OneDrive for Business, as I said, is aimed at personal storage. And basically all you get is a single document library, right? So inside SharePoint technology, there are these apps or these locations where you can put information. The location that you put files into in SharePoint technology is called a document library.


And you only get one of those with OneDrive for Business. Whereas with team sites, you can have as many document libraries as you want. So the first differentiation point around these two technologies is that OneDrive is you get one document library with team sites, you can create as many document libraries as you want to help you separate out and manage your different files in their environment. So when we open our OneDrive for Business, we see one document library, and basically just see a list of files and folders. So think about the fact that we get no width. We don’t get the ability to add additional apps. We can’t add document libraries to OneDrive for Business. We can’t add calendars, contacts, lists all the other things that our intranet into OneDrive for Business or OneDrive for Business is a solely aimed at allowing users to store they follow information. Now this is really good to allow users to get information off there.


My Documents off their desktop off their home drive from a server and put it into an area in the cloud, which is backed up manage, maintain controlled and accessible remotely. Now, the most important thing I think about any SharePoint technology bit OneDrive for Business or team sites, is the fact that it’s all searchable. So once we put information up into SharePoint technologies, we’re able to take advantage of the fact that all the data will be indexed and can be recovered or can be viewed basically using search. Alright, so OneDrive for Business, one document library, you can’t add more document libraries. And you can, for example, add sub areas, you just get one single area with no width and no depth. It’s just a storage location. Now when you start out, in most cases, users will get at least one terabyte of space in their OneDrive for business to be able to store their own personal files. Okay, so one terabyte per user.


Generally is what is provision and is aimed at the users personal documents is not a place for parsers. It’s not a place largely for common documents, right? That is what we use team sites for. Now, the idea here with team sites is that it’s designed for this shared storage concepts. divined for designed for users to work on files in a group environment. Right. Now, as I mentioned, in SharePoint, you can add as many apps as you want to broaden what is available in that location. So you can add multiple document libraries. So you may have one location for your policies, your procedures, maybe a templates areas where you can keep building these out. And the advantage of having different document libraries, for example, is you can format them in a different way. And you can also have different permissions. But with team sites, we can also add things like calendars, contacts, lists,


We can build it out into a true intranet environment. So the idea with team sites is that it is for a group of people. And we can add more content in there besides just pure files and OneDrive for Business, largely designed for pure file storage. Now, when we basically configure our environment with our team sites, we get one terabyte of total storage across all of the teams I separate. So remember that when we create a Microsoft team, we get a team site, a SharePoint team site, into which we can put our documents for our Microsoft team, that and all the other SharePoint team sites when added together their total storage is or cannot exceed, generally one terabyte now, you get that one terabyte standing space which is shared across your Microsoft team, the team’s site environment and you also then get an additional 10


gigabytes per user added onto that space, you start with one terabyte. And then for every licenced user you have, using SharePoint team sites, you will get an additional 10 gig of storage capacity added on to that one terabyte, right? So if you have 10 users, you’re going to get 10 times the 10 gigs, you’re going to get hundred gigs of additional storage. And that means you’re going to get basically 1.1 gigs worth or sorry, 1.1 terabytes worth of data out there that you can use to put all your shared documents in. Now, not only can you get the one terabyte starting space with SharePoint team sites, you get the 10 gig per licence use as well, but you could also buy additional storage. So one of the advantages of SharePoint team sites is the fact that you get the one terabyte 10 gig per licence user


Then you also can add additional storage on there as a paid option if you so choose. So that makes it a little bit more extensive, a little bit more flexible to achieve what you want. Now, remember that this total space is one terabyte you can manage that you can make that automatically allocated, you can control that by the different team site, if you wish. Now, what are some of the other differences between my SharePoint team sites versus OneDrive for Business? Well, in a SharePoint team site, you get something called check in check out. So what that means is that when users work on typically we’re typically Office documents inside these technology inside SharePoint technologies. Then what happens is, is they are co authored by default, which means that multiple users can edit them, update them, change them at the same time by default. Now, there are probably times when you want to make sure that only as


single author has access to a document. In that case, you can check the document out, the author can update the file, everybody else can view the last version of it. And then when they’re finished, when the author’s finished with that they check the document in and make it available later on. So, SharePoint team sites gives us the ability to do these document manage which we management, which we don’t see with OneDrive for Business, because OneDrive for Business, again, is designed for a single user to work with. Now, probably the biggest difference between OneDrive for Business and SharePoint team sites is the fact that you get metadata. So metadata is available in SharePoint team sites, what use metadata for us think of it like tagging files. So the idea is is you will put a file into a SharePoint team site document library, and then you would tag it so instead of creating folders or very deep structure, you would use the tagging to keep that structure as flat as possible. The advantage of


Doing and using metadata which you can now filter, you can now sort. And you can now launch automated processes based on the metadata, you have now, a file an item inside, a SharePoint team site can have as many metadata tags effectively as you wish. So you can tag a file lot by, for example, an author by location by whatever you wish by a customer. And then you can start using that to filter and sort and we don’t see that metadata capability in OneDrive for Business. Now, the other thing with SharePoint team site is we can create a hierarchical structure so we can create something called sub sites inside our SharePoint team sites to allow us to organise our data in a hierarchical structure. Now generally best practices not to do very deep data structures these days, but it is possible and again, it’s one of the differentiation points between


A SharePoint team site and OneDrive for Business so they get ticked off. At SharePoint team sites. It’s much more like a traditional file server with data located in a hierarchical structure, and OneDrive for Business as just a single location with no sub area that you can put your files and folders if you want. So just in summary, again, the idea here is that the technology the storage technology, then the Microsoft Cloud typically uses easy storage technology, known as SharePoint that’s been with us probably for over 20 years now. Now, that technology allows us to build OneDrive for Business, which is a limited subset of the full features of SharePoint, as well as team sites. So team sites are aimed at grouping together information files, Contacts, Calendars, for a group of people, a team of people, where I OneDrive for Business is purely designed as a


storage location for a user’s files, right. So every user generally, by default, will get their own OneDrive for Business, they can put their own files in there, they can then access them in any location, they can share the odd file in and out of that. But if they’re working on a group of files, like your traditional file server, the idea is to put it into SharePoint team sites. Now, there are some differences between the two and what’s available and what surfaced and you get more of the functionality in SharePoint team sites. So you get things like check in check out, you get the ability to add additional metadata. You can, for example, pin files to the top of a document library list. To highlight them. You can also add calendars, contacts lists a number of different apps into a SharePoint team site to make it more like an intranet, right? So you want to gather all your information in there. Now importantly, remember that other components of the Microsoft Cloud like Microsoft Teams, do you


Use SharePoint team sites. So every time you create a Microsoft team, it will create a SharePoint team site in which you can put your files and folders in there that is surfaced in the Microsoft team’s interface. But you can dig in behind that. And you can go and get access to that full SharePoint team site from that Microsoft team if you want. Alright, so remember that the storage for a group of users is going to be in a SharePoint team site. And the individual data location for users and their files is going to be OneDrive for Business. And both of these are built on SharePoint technology giving us a lot of these enterprise capabilities, document management that is available in that. So hopefully that has given you a bit better clarification as to the difference between OneDrive for Business and SharePoint Online. And it sort of boils down to the fact that they both stores locations, they’re both built on SharePoint, OneDrive for Business is


individual users with SharePoint team sites are four groups of users. And that’s where you’re going to get the best usage and functionality out of that. Now, of course, you can use those services for other things, but they really shine when they are used in the correct way for storing data. So with that, Have you enjoyed that episode? Thank you very much for listening. You have been listening to the Need to Know podcast from CIA ops training on using technologies like SharePoint online or Microsoft 365, visit www dot CIA ops academy.com. by purchasing from the selections available, you’ll be directly supporting this podcast. To provide feedback on this episode, visit www.ciaops.com slash contact


Audio


Reporting on multiple tenants with the Microsoft Graph

The aim of this project has been to show you how to manage multiple Microsoft 365 tenants quickly, easily and securely using the Microsoft Graph. this article builds on a previous article so go and take a look at:

Using the Microsoft Graph with multiple tenants

The complete steps in this whole process are:

1. Embed a ‘static’ Azure AD application in all the tenants you wish to access.

2. Give those ‘static’ Azure AD applications, in all those tenants, the appropriate permissions to access the tenant values.

3. Run a Graph request against these Azure AD applications in each tenant and extract the desired results.

This article will show you how to complete Steps 2 and 3. Step 1 was covered in the previous article.

Step 2 requires granting appropriate permissions to the Azure AD application already in place inside each tenant. The manual process of how to achieve this is covered in my article:

Using interactive PowerShell to access the Microsoft Graph

image

However, why do it manually if you can automate it I say? With that in mind, I have created a self executing PowerShell script to add the appropriate permissions to multiple tenants and allow the reading of OneDrive for Business usage information for all users. You’ll find the program to do this in my GitHub repo here:

https://github.com/directorcia/Office365/blob/master/graph-adapp-per-add.exe

You’ll need to download the file into the location where all the XML configuration files are that were created in Step 1. These will be needed again as the program cycles through all those tenants adding the appropriate permissions.

image

When you run the program, it will read the XML configuration files it finds in the directory and then ask you to login to each tenant again. You need to do this as you are granting/consenting to permissions and that requires administrator access.

image

You’ll need to complete the process of opening a browser session to each tenant and Accept the permissions as shown above. You’ll note that, in this case, they are read only permissions.

For more details on this process if you haven’t seen it, take a look at the article I wrote about doing the same thing for a single tenant:

Making PowerShell automation easier with the Microsoft Graph

Remember, that you don’t necessarily have to open the default browser all the time as the consent URL is always copied to the clipboard, so you could just past it into existing active sessions for that tenant if you wished.

image

The program will work through all the domains available.

image

If you want to see what’s happened visit the Azure portal for each tenant. Navigate to Azure Active Directory, then App Registrations, All Applications. Select the name of the Azure AD application you are using, then  API permissions as shown above. You should see that the only permission it has is Read All usage reports. You should not that consent has also been granted.

That now completes Step 2 of the process.

We now have an Azure AD application in all the desired tenants and that Azure AD application has the appropriate permissions to do things. We can now start extracting information by continuing to  Step 3.

image

In this example, we’ll run a program that will retrieve usage information about OneDrive for Business for each user in each tenant, without prompting for a login!

You’ll need to download the program I’ve written to do this (graph-odfb-get.exe), which you’ll find here:

https://github.com/directorcia/Office365/blob/master/graph-odfb-get.exe

Again, you need to place it the same directory where all the tenant configuration files are, as shown above, so it can access all the tenants configured in previous steps.

image

When you run the program, you’ll see the program loop through all the domains and all the users in those domains, without asking for a login.

image

At the end of each domain you’ll see a summary of OneDrive for Business for that domain as shown above.

image

At the end of the process you’ll see an aggregate summary for all your domains, as shown above.

This may seem like a lot of work but remember, you only need to do Steps 1 and 2 ONCE! Once the Azure AD application is configured for each tenant and the Graph has the appropriate permissions you can run Step 3 as MANY TIMES as you wish, securely, WITHOUT be prompted for a login to each tenant! How easy is that to automate?

This example has used just one aspect of the Graph being OneDrive for Business. You can use the Graph to do just about anything in Microsoft 365 you need to, including actually changing and update parameters!. In fact that is what I’m off to do right now.

Viewing and removing OneDrive for Business Sharing with PowerShell

One of the great abilities of OneDrive for Business and SharePoint Online is the ability to quickly and easily share a link to a file with people outside your organisation.

image

I’m not going to show you how to do this in this article but if you need to see how this is done have a look at:

Share OneDrive files and folders

In the above example you’ll see that the file Employee Engagement Plan.docx has been been shared by the owner with an external user (Lewis Collins).

image

Somewhere else, you can see that this user (Lewis Collins) has the document open to work on.

One of the benefits of sharing using OneDrive for Business is that the sharing rights can easily be revoked by the original user if desired.

image

The easiest way to achieve this would be simply to hit the cross next to the external users name in the web interface as shown above.

image

The original user would then be prompted the Remove the external user, which they would do to remove access.

That all works fine when you have a small number of shared files and a small number of users working with a file. It becomes a lot more problematic when you start scaling to many users as you can see here:

image

What happens when you need to find just one user to remove sharing from amongst a list of hundreds of users?

PowerShell to the rescue!

1. Connect to SharePoint Online via PowerShell. You can use my script at:

https://github.com/directorcia/Office365/blob/master/o365-connect-mfa-spo.ps1

to do this. You’ll need to know the tenant name prior i.e. the part before the .onmicrosoft.com (e.g. mydomain.onmicrosoft.com)

image

2. Run the PowerShell command:

Get-spouser -site https://<mydomain>-my.sharepoint.com/personal/<user>_<mydomain>_onmicrosoft_com -limit all

to display of all the users who have access to the specific OneDrive for Business site.

image

In this list you should find your external user in the format of:

<user@externaldomain.com>#ext#<mydomain>.onmicrosoft.com

This may vary slight but you should also be able to identify the user by their Display name if needed.

3. Run the PowerShell command:

remove-spouser –site https://<mydomain>-my.sharepoint.com/personal/<user>_<mydomain>_onmicrosoft_com&nbsp; -loginname <user@externaldomain.com>#ext#<mydomain>.onmicrosoft.com

image

4. Run a sharing report

image

In the source OneDrive for Business, select the COG in the upper right corner and then the option OneDrive Settings.

image

Now select More Settings on the left and Run sharing report from the options that appear on the right as shown above.

image

Nominate a folder for this report to be sent to.

image

You’ll receive an email when the report is ready. It will be in Excel format as you can see above.

Open the file and do a search for the external email address of the removed users.

image

The removed users should not appear in the report as expected.

image

If you now look at the sharing option for file(s) in that OneDrive for Business you should find that the removed user no longer appears, as shown above.

If the external user, who has just been removed, actually has the file open at the moment that access is removed they will see:

image

and be prompted to Reconnect. If they then attempt to reconnect they will see:

image

and will be denied access going forward.

Note – This removes that users access to ALL files shared in the OneDrive for Business location, not just for a single file.

image

I also have another freely available script at:

https://github.com/directorcia/Office365/blob/master/o365-spo-extusr.ps1

that will display a list of all externally shared across your tenant as shown above.

If you do have a situation where you have large numbers of shared files or shared users in OneDrive for Business and you wish to make bulk removal easier, I’d encourage you to look at PowerShell as an option. However, remember, this option will remove ALL sharing for that user(s) across the WHOLE OneDrive for Business.

CIAOPS Need to Know Microsoft 365 Webinar–March

laptop-eyes-technology-computer

This month I’m going to closer look at OneDrive for Business and hopefully share with you some features that you may not know about. There is more to OneDrive for Business than meets the eye. I’ll have the  the latest Microsoft Cloud updates plus open Q and A as well.

You can register for the regular monthly webinar here:

March Webinar Registrations

The details are:

CIAOPS Need to Know Webinar – March 2020
Thursday 26th of March 2020
10.30am – 11.30am Sydney Time

All sessions are recorded and posted to the CIAOPS Academy.

The CIAOPS Need to Know Webinars are free to attend but if you want to receive the recording of the session you need to sign up as a CIAOPS patron which you can do here:

http://www.ciaopspatron.com

or purchase them individually at:

http://www.ciaopsacademy.com/

Also feel free at any stage to email me directly via director@ciaops.com with your webinar topic suggestions.

I’d also appreciate you sharing information about this webinar with anyone you feel may benefit from the session and I look forward to seeing you there.

That COG is pretty handy!

image

If you visit the page for your OneDrive for Business, you’ll notice a COG in the top right hand corner of the window as shown.

image

If you select that, you’ll see a menu like shown above. Select the OneDrive settings option as shown.

image

Here you’ll find a page with a whole lot more options. In this case select the option, Storage metrics as shown.

You should also note that there is a Run sharing report option as here well.

image

The Storage metrics option allows you to see a breakdown of the data storage in your OneDrive for Business as shown. You’ll also notice in the top right, the total and used capacity of your data.

image

You can drill further into directories by simply clicking on them. The above shows the data break down in the Documents directory below the OneDrive for Business home location.

Microsoft will also be adding more options to the COG over time so make you check there regularly.

Need to Know podcast–Episode 225

FAQ podcasts are shorter and more focused on a particular topic. In this episode I’ll talk about the recommended process for file migrations to Microsoft 365 collaboration.

Take a listen and let us know what you think – feedback@needtoknow.cloud

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-225-process-for-file-migrations/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

Process for file migrations to Microsoft 365

Need to Know podcast–Episode 223

FAQ podcasts are shorter and more focused on a particular topic. In this episode I’ll talk about my framework for file migrations to Microsoft 365 collaboration.

Take a listen and let us know what you think – feedback@needtoknow.cloud

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-223-file-migration-framework/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

A framework for file migrations to Microsoft 365