Information about SharePoint, Microsoft 365, Azure, Mobility and Productivity from the Computer Information Agency
The slides from this month’s webinar are available at:
https://www.slideshare.net/directorcia/september-2023-ciaops-need-to-know-webinar
If you are not a CIAOPS patron you want to view or download a full copy of the video from the session you can do so here:
http://www.ciaopsacademy.com.au/p/need-to-know-webinars
Watch out for next month’s webinar.
Recently, this appeared in the Microsoft 365 message center:
[OneDrive for Business, SharePoint Online] New Tenants as of March 31 will have Azure B2B Integration with SharePoint enabled by Default [MC526130]
Description
Message ID: MC526130
Published date: 11/03/2023
Category: Stay informed
Tags: Admin impact
Relevance: Processing
We’re making some changes to the default configuration for new tenants for Azure B2B integration with SharePoint & OneDrive.
When this will happen:
Starting March 31, 2023, new tenants will have Azure B2B Integration with SharePoint & OneDrive enabled by default.
How this will affect your organization:
This message is for your information and there is no impact to existing tenants or tenants created before March 31, 2023.
What you need to do to prepare:
No change is needed for existing customers. New tenants can opt out of using Azure B2B Integration using the SharePoint Online Management Shell.Please click Additional Information to learn more.
The major impact of this is that going forward, all newly created tenants will have this Azure B2B integration enabled by DEFAULT. That changes the way many have become familiar with when it comes to sharing files with specific users via an email address.
With this Azure B2B integration enabled the process now looks like:
The initial sharing process is identical. You select the files to share from the source location. Next, select the external user to share the file with, typically using their email address. Then you share the file as per usual. Nothing different yet.
The external user (in this case a Gmail account) gets a normal sharing message like shown above. They click on the link as usual and see:
They click Next and see:
They then select Send code to obtain an access code via email. Still nothing appears to be different.
In the background however, things are quite different. As you can see above, an Azure B2B account is created in the source Azure AD for this external user.
After the destination user enters the sharing code they receive in email, the experience changes.
Because the sharing process has created a new guest Azure B2B account in the source tenant, all the security of the source Azure AD environment is enforced.
In this example, the tenant has Security defaults enabled, which is also now on by default in new M365 environments.
This will force the destination user who wants access to the document to enrol in MFA for M365 as shown above.
Only after they complete that process are they able to view the document as seen above.
Depending on how the source environment where the originating sharing is coming from is configured, the external user may also need to Accept the permission consent like shown above.
The key change now is that Azure B2B integration with SharePoint & OneDrive. is now ON by default.
The other unfortunate thing is that I don’t believe there is option where you can control this in the M365 administration portal. You must use PowerShell.
To view whether Azure B2B integration is on, you’ll need to connect to SharePoint Online with PowerShell. You can use my free script to do so here:
https://github.com/directorcia/Office365/blob/master/o365-connect-spo.ps1
Once you have successfully done that, as shown above, run the command:
Get-SPOTenant | Select *B2B*
If the result of this is True as shown above, then Azure B2B integration is enabled.
In summary then, if you have a new tenant in Microsoft 365 it will have Azure B2B integration with SharePoint and ODFB ENABLED and Security defaults ENABLED. That means when you share a file with a specific email address, that user will be required to complete MFA enrolment.
If you have a tenant that also includes Conditional Access, which would be operating in place of Security defaults, then the external user that the document is shared will be subject to your Conditional Access policies like any other user! This means, for example, if you have a Conditional Access policy that does location blocking (by IP address typically), and the external user is outside the allowed configured locations, their access to that document will be blocked.
For example, if you have a Conditional Access policy that only allows compliant devices, the email received by the external looks like:
and clicking on the document link results in:
given that the device the external user is on is not compliant as it is not part of the source Azure AD.
The official Microsoft documentation on this is here:
SharePoint and OneDrive integration with Azure AD B2B
and importantly, if you want to disable the Azure AD B2B integration you must return to PowerShell and run the command:
Set-SPOTenant -EnableAzureADB2BIntegration $false
When the Azure B2B Integration feature is enabled is makes a big change to the way that specific sharing is done. Having that now enabled by default on tenants is going to be a surprise to those who are not aware of this. Hopefully though, given you have read this far, you’ll be prepared for and can make an informed decision as to whether you want the additional security for external user sharing to be subject to your Azure AD policies. You’ll also know how to turn it off if you don’t want it.
On February 14th 2023 I’ll be running a collaboration framework training course for Microsoft 365 environments. Training will held remotely via Microsoft Teams. The session will be two (2) hours and run from 9am Sydney time.
The sessions will be recorded and other materials from the sessions (checklists, etc) will be available to attendees afterwards.
The aim of this training is to help you better prepare for the move to the Microsoft 365 collaboration environment utilising services such as Teams, SharePoint, OneDrive for Business, and so on. You’ll be shown a tested framework that you can use when designing a modern collaboration environment to ensure a business gets the most from their investment in Microsoft 365. You’ll also learn tips and tricks on how to implement this successfully inside a modern organisation, whether large or small. If you want to get the most from your Microsoft 365 collaboration environment, this course is for you. The price for this event will be:
Gold Enterprise Patron = Free
Gold Patron = Free
Silver Patron = Free
Bronze Patron = $33 inc GST
Non Patron = $99 inc GST
You can learn more about the CIAOPS Patron community at www.ciaopspatron.com.
I hope that you’ll join me in February for this event as I believe it help you improve how to get the most from the Microsoft 365 to improve day to day operations.
You can register you interest in attending this course here – http://bit.ly/ciaopsroi after which I’ll be in contact with you to arrange payment and get you enrolled.
As always, if you have any questions about this training please email me on – director@ciaops.com.
I hope to see you there.
You’ll find plenty of advice about creating Microsoft Teams and a collaboration environment out there. None of it should be considered absolute but instead, guidelines when creating your own Teams environment. However, the most important rule should be that Teams should be a planned process, not something randomly generated. Actually taking time to think and plan your Microsoft Teams environment will make your life a whole easier.
The first major suggestion is to plan an environment that is wide, not deep as I have outlined here;
Your collaboration structure should be wide note deep
Unlike traditional file server environments, you have the benefit of powerful search functions and AI surfacing relevant material now in Microsoft 365. Having a flat structure also make it easier to re-arrange if you need to down the track and it also make permissions much easier to handle. If you need some form of hierarchical structure for navigation you can create this using hyper links but underneath the covers, keep the structure of what you build as flat as possible. This means creating lots of Teams and SharePoint sites as needed and then linking them together, using hyperlink, into whatever you need, NOT creating subsites.
Also, as I have outlined in
A framework for file migrations to Microsoft 365
Don’t dump your information into a single location, Team , SharePoint site or Library, etc. There are lots of places for collaboration inside Microsoft 365 and certain types of information works better in different places. Break your information up and put in where it makes sense. You have all these areas available to you, use them.
Along these lines, another guideline I can give is that when information requires pure storage (no conversations or chat around it) then use a SharePoint site. If however, there will need to be conversations around that information then a Team is a much better option. For example, a SharePoint site is a great place for an archive, with finalised forms and documents like manuals and marketing material. A Team works better when creating documents that when finalised, will end up in a SharePoint. Using Teams chat correctly will cut down back and forth emails as well as making all these conversations searchable for all members of the Team.
Further, I’d suggest is to limit the depth of the structure to three (3) levels per:
Making a structure deeper than 3 levels generally results in people hunting up and down a structure looking for the information they are after. At the lowest level you should be able to go into a Document Library and see everything, including one level of folders below. Going deeper means you lose the initial context and when you come out you need to get re-orientated again to continue. This wastes time and creates frustration for users.
Next, when you create a new level, Team, Library, folder, etc always ask yourself the question, “Will be this be by function or location”?”. For example, if you want to create a new Team, ask the question. You then decide with Team will be for Human Resources (i.e. function). Then, when you create a channel below that Team, ask the question again. This may result in channels by State (i.e. by location). When you create a folder inside that channel, ask the same question and maybe create folders like CV, jobs, application, etc (i.e. function again)
Asking this simple question at each level provides a surprising logical structure very quickly. This is in fact where I find most people get hung up when creating a new collaboration environment and having very simple guidance you can follow helps overcome this and get on building what you need.
It is also important to follow some basic guidelines when naming each item in your structure.
– Keep the names you use as short as possible i.e. HR is far better than Human Resources
– Avoid using spaces and special characters i.e. Customer-Service not Customer Service
– Avoid having duplicate items. For example calling your Team “Projects” and then each channel something like Project-1, Project-2, Project-3, etc is redundant and consumes space.
Settling on a naming convention prior to creating your collaboration structure is a very worthwhile investment of your time. For example, settling on how to name a location like a state which could be New South Wales, NSW, N.S.W., Nsw, just to name a few possible iterations. Having a consistent approach to how you name all items in your environment will greatly assist users when they are searching for information and avoids duplicated areas. This is why a small amount of timed invested up front planning your collaboration structure pays huge dividends down the track. Unfortunately, I see too many rushing in and just creating items on the fly and then having issues down the track.
Remember, that you don’t have to build the complete structure on day one. What is the minimum viable solution required? Maybe it is something for a limited group of your users. Build it, learn, test, adjust and then move forward. Typically, you are introducing major changes inside an organisation and best method to see how this is adopted is to take a slow and sure approach while seeking feedback from users. You certainly still have your overall plans but taking one step at a time is going to allow you to quickly adjust if you need to.
Don’t forget that you’ll also have to invest in user training as I have detailed previously here:
Stop making your users feel stupid
This will be especially true if you have moved from a traditional server. Collaboration is very different from storage and failing to help users come to grips with all the features Microsoft 365 provides is going to make adoption of any new system hard. Remember, you can create the greatest collaboration structure in the world, but if people fail to use it, then that investment is wasted. In the end, technology serves humans, so help your humans come to grips with the new system and you’ll be surprised at what they can achieve it with. In my experience, the single biggest point of failure when building a new collaboration system is a failure to train the people who will be using it every day. Fail to do that, and you will struggle to make things better.
As I have outlined in
Process for file migrations to Microsoft 365
Assigning permissions comes AFTER you have created the structure. Remember, by default, Microsoft 365 is an environment designed to make it easier for users to collaborate. This means, by default, users are encourage to share, edit, and so on. For example, Teams is largely designed so that all members have the same permissions inside a Team and can read, write and delete documents by default. The more restrictive permissions you wish to apply to a structure the harder it becomes to bend the technology to accommodate this. Can it be done? Of course, but the more complex and restrictive the permissions, the harder it becomes to accommodate these inside a structure. In short, Microsoft 365 is primarily designed to allow people to work together not blocking them from getting to information. Think of it as allow more than deny.
As I said initially, there are not hard and fast rules when it comes to creating a collaboration structure in Microsoft 365. It is a tool that can be structured in just about any way to suit a business. However, following the above guideline, is going to make your life much easier and will mean you are not fighting the technology to achieve what you want. Because you want to create a structured environment it is always recommended that you design this prior to actually building it. Cleaning up afterwards always takes more time and causes more frustration in my experience. Always start simple and build from there.
Hopefully, these guidelines, based on my experience, will help you get the most from your Microsoft 365 collaboration environment. In the end, build something that work for you.
Slides from this month’s webinar are at:
https://www.slideshare.net/directorcia/september-2022-ciaops-need-to-know-webinar
If you are not a CIAOPS patron you want to view or download a full copy of the video from the session you can do so here:
http://www.ciaopsacademy.com.au/p/need-to-know-webinars
Watch out for next month’s webinar.
Slides from this month’s webinar are at:
https://www.slideshare.net/directorcia/july-2022-ciaops-need-to-know-webinar
If you are not a CIAOPS patron you want to view or download a full copy of the video from the session you can do so here:
http://www.ciaopsacademy.com.au/p/need-to-know-webinars
Watch out for next month’s webinar.
Slides from this month’s webinar are at:
https://www.slideshare.net/directorcia/november-2021-microsoft-365-need-to-know-webinar
If you are not a CIAOPS patron you want to view or download a full copy of the video from the session you can do so here:
http://www.ciaopsacademy.com.au/p/need-to-know-webinars
Watch out for next month’s webinar.
i speak with MVP and Digital Workplace expert Rebecca Jaskson. Rebecca is fascinated by what makes people and organisations tick. She specialises in the digital workplace, employee experience and change management. We do a deep dive into the main collaboration tools that Microsoft provides such as SharePoint, with an especial focus on the value of the modern Intranet.
There is also a round up of the latest Microsoft Cloud news at the front of the episode.
This episode was recorded using Microsoft Teams and produced with Camtasia 2020.
Brought to you by www.ciaopspatron.com
Take a listen and let us know what you think – feedback@needtoknow.cloud
You can listen directly to this episode at:
https://ciaops.podbean.com/e/episode-276-rebecca-jackson/
Subscribe via iTunes at:
https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2
The podcast is also available on Stitcher at:
http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr
Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.
Resources
Rebecca Jason – Linkedin, Twitter, Blog, Instagram
AI-based Privacy Management for Microsoft 365 [VIDEO]
3 ways to support frontline workers in a hybrid world
Introducing Android™ Apps on Windows 11 to Windows Insiders
Microsoft achieves a Leader placement in Forrester Wave for XDR
Windows 11 security: Protect it all with Windows 11 chip to cloud security
CIAOPS 