More Granular Permissions for Office 365 Groups: A Work in Progress?

There are changes afoot in the way we can manage permissions in an Office 365 Group Team Site. (Naming for this stuff is getting really tricky. I continue my habit of capitalizing “things” that have a name in the product, to avoid confusion with the “concepts” behind them.)

In the last few days, we’re seeing some new ways to manage Group permissions behind the cog in a “modern” Team Site, aka, the site for an Office 365 Group.

Dan Holme (@danholme) posted an image to Facebook – which I think is visible to his friends, thus basically public – that shows his view of what’s going on.

I see slightly different things in several tenants. I *think* First Release has to be on for you to have these capabilities, but I’m not positive about this. If you have the Site Permissions option behind the cog in a “modern” Team Site, like this…

…you’ll see a panel which looks something like the one below. The red box is what seems to be new. From a Group Team Site life cycle management perspective, being able to “flip” a site from Edit to Read mode is a Very Good Thing. I’m not a huge fan of the “archive” idea, but I often want to stop people from using a site after it’s usefulness has waned. At that point it can be an historical record, but people shouldn’t be able to add new content to it or change existing content.

It took me some fiddling around to figure out how this works, but by clicking on the “Edit” underneath the Group members, I can change the permissions from Edit to Read.

The effect of this is basically to slide the Group members down into the Read bucket.

What I’d really like to be able to do is add *different* people into the Read bucket – maybe we want the executives to be able to drop into a project Team Site, but not edit stuff, for example – but I can’t figure out how to do that with the UI as it is. Note that the “go to Outlook” text at the top of the panel is actually a link (sort of invisible, but it’s there) to take you over to Outlook to manage Group membership. I don’t see anything over in Outlook which reflects this Read idea, but I expect that’s coming.

One of the joys of a living and breathing service is we get to see things as they roll out, sometimes even in the middle of changes. I expect this will all gel in the near term, but at the moment, it’s pretty confusing, IMO. I’ve reached out to Dan to gather more info, and I’ll add it here as I understand things better. In the meantime, we know that more granular permissions control for Groups is really coming!

Advertisements

The Arctic SharePoint Challenge: A Hackathon for Office 365 Enthusiasts

This is an expanded version of the article I wrote for BZ Media‘s SPTechReport – the folks who bring you SPTechCon – last week. (Use my code ANDERSON when you register for SPTechCon Austin and save an additional $200!)

Last week I had the honor of being a judge at the Arctic SharePoint Challenge in Oslo, Norway. This is an annual challenge put on by a group of SharePoint-focused consulting companies in and around Oslo, though occasionally teams come from further afield.

Each year, there is a different theme. Two years ago when I was a judge the first time, the theme was Star Wars (apt, given the Hoth-like landscape outside the hotel where ASPC is held), last year was Marvel, and this year was The Matrix.

The Mission: #ASPC2017 aims to stimulate collaborative learning, networking and stimulation of ideas for participants through hands-on, time-limited challenges. We are fiercely competitive, yet vastly helpful and extremely sharing (also across teams), realizing that collective learning is more important than personal gain!

More informally, I see several great outcomes of the challenge.

  • Demonstrate, use, and learn about the latest developments in the SharePoint ecosystem
  • Work together in teams that – though generally from the same company – may rarely get to work together. (On site client work keeps them separated much of the time.)
  • Step outside a normal comfort zone, outside a client context, and try some crazy stuff.
  • Meet and work with teams from other consulting companies in the region.
  • Have a truly great time.

The challenge is held at a beautiful hotel in the mountains outside Oslo. When it’s raining in the city, it’s usually snowing near the hotel. It’s a great facility with fantastic food – no cold pizza for this hackathon.

View from the bridge of the Nebuchadnezzar – courtesy David Parker – Tap or click to see the 3D version at Theta

So, we had all the ingredients for a great event:

  • Smart, motivated people
  • Fantastic facilities
  • Judges from far away (we get the best deal, I think!). Joining me for the judging were: Benjamin Niaulin (Sharegate), Fabian Williams (K2), Yina Arenas (Microsoft), Scott Durow (Develop1), and David Walker (BVisual).

Each team decides what to build, with some connection (sometimes rather obscure) to the theme. The theme makes the event a lot more fun, and provides many opportunities for movie line quotes and strange scenarios.

We had a predefined list of categories upon which to judge each team’s work.

  1. Awesome Code–  Best practice around different technologies; What type of framework; BP on Platform chosen; Having a GitHub Repo; Nice Code / Commit / Issues // Commented
  2. Go with the Flow– Workflow automation; Webhooks; Forms and process automation; Event receivers; CRM workflows
  3. User Experience– User friendly, Usability, User interaction, Accessibility; Mobile; Responsive design
  4. Geeky Bastards– Use iOT and other tech outside of O365 area; Mention Azure ML; Python or R; Bot Framework; Hololens; Tesla; AI, Cortana, Alexa, etc
  5. Power User Love– Your solution can easily be extended or used by “Power Users” to do more with it.
  6. Mile High Club– Cloud services; Azure functions; Microsoft Graph; AWS, Lambda; Cloud APIs
  7. Team Spirit– Open your code so others can use it; Be a good team; Happy camper; Help others; Blogs sharing what you have learned
  8. Dynamics Dynamite– Use of Dynamics 365 in the solution. This was a new area for many of the teams, but a few found some CRM experts to bring along with them.

Bonus Challenge – Visio – Develop custom shapes, connect them to data, and embed them in SharePoint. Hint: There’s some great new stuff coming here very soon, so keep an eye out for an announcement! We got a bit of a preview as part of the challenge, and it’s not your grandfather’s Visio anymore. (Did you know Visio first came out in 1991?)

Scott Durow did a yeoman’s job of keeping score during the event using Dynamics 365 to capture the data as we went along, and Power BI to display it. If you click on the image below, you can see the final, live scoreboard.

As you can see, the PuzzlePart Appsters took the competition this year. I believe that makes it 3 / 7 for them. If you’d like to see some of what they were able to build, take a look at the Team Blogs on the ASPC site. The Appsters’ intro video for the final presentation is over on YouTube:

I’d love to see this hackathon / challenge idea reproduced elsewhere. I’ve been to several other hackathons as a judge, and this one has something special going for it. The combination of factors: great location, company-based teams, entertaining theme, and admirable goals truly makes for something special that people return to year after year.

It’s very interesting and important to have events like these, made me realize how little I know. A perfect time to step out of the comfort zone and the work routine to explore ideas with like-minded folks in the industry. Seeing Bots interact with the Microsoft Graph, Hololens recognizing faces and storing the information in SharePoint, integrating Flows and PowerApps to CRM and our beloved platform…very exciting and more importantly, a great learning experience – Benjamin Niaulin

Reports from afield tell us that SharePoint user group participation has flagged (at least in the US). Perhaps events like these are the next evolution of the “user group” concept?

If you’d like to know more about ASPC so you could try to run a similar event, feel free to ping me and I can put you in touch with the appropriate person. Also, it would be great to see a few new teams at ASPC 2018!

Additional Information

David Parker’s posts

Some particularly tricky problems solved:

Naming New Office 365 Groups Intelligently Is !Important

Sympraxis is starting a new Office 365 -based Intranet project with Sue Hanley (@susanhanley). Julie (@jfj1997) and I are really going to enjoy working with Sue!

As always when we’re starting a project, we want to start collaborating with the client project team in the tools we’re rolling out for their organization.

It’s a funny thing, but I often get push back on this, especially if the project team is IT-based. If the project team won’t use the tool set, then it’s not reasonable to expect everyone else to embrace it. As I always talk about in my Creating a Great User Experience session at conferences, excuses like “it’s too slow” or “I don’t like the UI” are serious problems that need to be addressed right up front. (And no, I’m not making this up.)

Anyway, Sue and I discussed this, and imagine the conversation going something like this…

Me: I think we should spin up a site where we can work with the project folks. Suggestions on the name and location? I would go with a subsite from https://[tenant]sharepoint.com, maybe “New Intranet”, with custom permissions.

Sue: Do you mean a team site for the intranet project? Why not a Group so we get a separate site collection?

Me: Doh! Of course! I’ll set it up. [Note: I’m still getting the hang of this whole “Groups” thing, clearly!]

Sue: Thanks! I am using one for [my other client] and it is actually great.

Me: Public or Private? And can you change that after the fact? (I sure hope so.) I’m thinking “Intranet Project 2017”, in case they want to do another Intranet Project later. Naming these Groups for good governance is a pretty tricky thing, IMO.

Sue: Private. That sounds good for a long name, but short name for the URL, right?

Me: Looks like I can shorten the Group ID. “IP2017”?

Sue: Works for me!

Me: This little exchange shows me that picking a good Group name and ID is REALLY important. Blog post!

Obviously, my first thought was not a new Office 365 Group, and I should really start thinking of it as at least one of the first options in cases like this. I’m simply too used to spinning up plain old Team Sites, which still serve their purpose well. A Team Site with a Document Library, Task list, and Calendar, is often enough to manage a SharePoint project, with other options added along the way. (See my older posts Simple Best Practices for Using SharePoint Task Lists and Recent Changes to Task Management Conventions on Office 365 for how I tend to use the Task lists.)

Office 365 Groups are really cool (they definitely didn’t strike me that way early on) and they make a lot of sense for project-based work. Because of the tight integration with Exchange (most important to end users via Outlook) and other Office 365 services, they really do make a lot of sense.

But the last point is what I want to dwell on most here.

One of the best – and to some people, worst – things about Office 365 Groups is that pretty much anyone can create them. You can shut things down to gain control, but then you lose the value of people spinning up a group whenever they need one to be productive. Your organization’s culture and governance will determine which way you go with this.

Let’s assume you keep things loose. Each time someone creates a new Group, they sort of “burn” the name they use for the group. Remember that creating a Group does a whole bunch of things behind the scenes that can’t realistically be “undone”, like creating a Site Collection for the Group, creating an Exchange mailbox for the Group, etc. This means we can run into all sorts of weird scenarios. For instance…

  • A couple of people could be going to a conference about marketing, so they create a Group called Marketing. Now the Marketing department can’t create a Group called “Marketing”.
  • We have a company meeting every year called the Extravaganza for the Company, so we create a group called EC so it’s simple to type. Now the Executive Committee can’t use that “handle”.
  • In the conversation above, Sue and I settled on the “short name” for the URL of IP2017. That’ great unless there’s a rotating Intellectual Property committee that starts work anew each year.
  • etc.

It’s not quite this cut and dried, but I’m exaggerating the problem a little bit to keep your attention.

A little planning can go a long way here. While you probably want to let people have the flexibility to create their own groups. making a few simple guidelines clear should avoid a lot of headaches down the road. Yup, another place where the dread governance word comes into play.

When you create a Group, there are two things to think about: the Group Name and the Group ID. The Group name can be changed at any time, but the Group ID cannot. Below, you can see that as I’ve typed the Group Name as testing, the Group ID has automatically been populated as testing as well. You get a hint of the significance of the Group ID because the email address the mailbox for the Group will get is listed in green below. (It’s a pretty yucky green, IMO.)

If you click on the pencil icon next to the Group ID field, you can edit the value. You’ll see the change to the email address as you type. As you type each character, there’s also a check to see if that Group ID is in use already. This is where things can get interesting.

In the screenshot below, you can see that when I type moderngroup, that Group ID has already been used. My example isn’t great, because I would be unlikely to want the URL to be moderngroup for a Group named testing, but hopefully you can see the point.

If you create the Group in the Admin interface, the UI is a bit different (Why, Microsoft???) but the result is the same: if the Group Id (note the different capitalization) has already been used, you can’t use it again.

So how can you keep things from going “off the rails”?

Odds are you’ll know about a big bunch of Groups you’ll need up front. For instance, if you want to create a group per customer team, you could use the customer number for the Group ID (12345) and then the Group could be named something like Big Realty Company (12345) or 12345 – Big Realty Company. You’d certainly want to create Groups for your departments and offices up front to reserve those names, etc.

So while there aren’t any hard and fast rules here, make sure you do some thinking about it. One of the reasons SharePoint became popular in the early days was that it grew like kudzu across the organization – it started out great, but things usually got out of hand. I feel that Groups may take the same path – and in early adopter organizations probably already have – without some rational thinking on the part of the planners in each organization.

Do you have a useful way for people in your organization to think about naming Groups? If so, please add a comment!

References

Greetings from Oslo, Where I’m Co-Authoring a Document

Today Julie (@jfj1997) and I were working on a document together. As usual, since we’re “cobbler’s kids”, we were emailing a Word document back and forth.

No way! We decided to share the document from one of our OneDrives and started editing online. I’m in Oslo, Norway at the Arctic SharePoint Challenge (more about that in another post) and Julie is back home in New Hampshire, so we were working with both a geographical and time zone difference, just like many people do these days.

The co-authoring experience seems a lot better than either of us remembered it. (In fact, there have been improvements to the experience over the last few months – it’s hard to keep up!)

Here are the things we really liked about this little experience…

By clicking on Review / Show Edit Activity, we could see what the other had been up to. Because I’m at ASPC2017 as a judge, I was interrupted several times (which was totally appropriate), and when I turned back to the document, I could see what Julie had been up to.

As we were editing, we could easily see what the other was doing, as there were little colored flags which moved along with the edits as they happened. In essence, it meant that we could see each other’s cursors in the document. This helped not just to see what the other was doing, but also as we were each adding new ideas into the document, we were able to avoid stepping on each other’s toes.

At one point, it felt like it would be a good idea to discuss a certain point we were making in the document. By clicking on the Chat button, we got an embedded chat window within the editing experience where we could have that discussion (and give each other a little crap when it was merited).

As with many of the new things that roll out to Office 365, I have been skeptical of the utility of this co-authoring experience. However, having been through this single experience working on a document with Julie, I think both of us are likely to use it many more times. It’s not necessarily useful in every editing scenario, but in this case it moved us forward much more quickly than any of the previous ways we might have worked.

Get Julie’s take on her co-experience co-authoring with me in her post Greetings from New Hampshire, Where I’m Co-Authoring a Document

References

SharePoint Online Search Isn’t Displaying What I Expect – Part 1 – Trimmed Duplicates

This entry is part 1 of 1 in the series SharePoint Online Search Isn't Displaying What I Expect

For years, I’ve been skeptical about search indexing in SharePoint, especially in SharePoint Online in Office 365. The fact that we can’t know when a search crawl has run – thus updating the indices – is a huge part of the problem. In the early days, before Content Search Web Parts (CSWPs) were available in SharePoint Online, we routinely saw delays between content creation and that content showing up in search results of days or even weeks. Later the CSWP was enabled on SharePoint Online, and it is a fantastically powerful tool, far better than the Content Query Web Part (CQWP) which it nominally replaced.

But the value of any search-driven mechanisms in SharePoint is directly tied to the recency and frequency of updates to the search index. While the CQWP is quite inefficient – since it actually goes out to look for content at the source every time it runs (though there may be some caching) – the CSWP uses the search index and can thus return results using fewer server resources in some cases. (One downside is that you can only retrieve up to 50 results with the CSWP.) Since we don’t know when the search crawls run in SharePoint Online, and we often seem to not see the results we expect, we tend to blame to indexing for the problem.

There are many things that can contribute to the indexing issues. Load on the indexing servers can mean that your tenant isn’t crawled as frequently as you might want – taking hours or in the worst cases days to display items you know should be there. Unfortunately, there is no way to know if the index is the issue. Based on what I’ve heard, there are usually multiple indexing servers per tenant, and those indices can supposedly get out of sync. Search is also a very complex beast: probably way too complicated for most use cases, as it is based on the old FAST search platform. Most people simply want to be able to see content they add to a SharePoint list or library right away if they search for it. Period. So simple, yet often not what happens.

The other day, Julie and I were certain we had an ironclad instance where search indexing simply wasn’t working correctly. The scenario seems to be a very common one, and we stripped it down to as minimal an example as possible and sent it off the the Product Group.

In the example, we were making a REST call to the search API:

to retrieve all of the events in calendars across an Intranet. The use case is a very common one: we have a calendar per department, office, etc., and in some cases we’d like to promote those calendar events to display on the home page of the Intranet. Put aside the governance questions here, and just assume that everyone who can create events gets to decide whether to check the Show on the home page box. To make this all work, we have a few custom content types which inherit from Event with a few extra columns. We have some nice, fancy display mechanisms on the home page using AngularJS and on a Company Calendar page using fullcalendar. But most of that doesn’t matter: we were seeing the issue in the call to the search API.

Our query looked something like this:

This query will return all (we thought!) list items which inherit from the Event Content Type, because its ContentTypeId is 0x0102. Of course, our actual query was more complicated: we requested specific fields with selectproperties, asked for more items by setting the rowlimit to 50, etc. But again, at the core we were simply asking for a bunch of events.

But we weren’t seeing all the events we expected. We assumed that the search index wasn’t working correctly, just like most site admins would.

There was a series of meetings going on about some HR changes, and the company was giving employees a set of webinars from which they could choose one to attend. The events were at four different times during the day. In our call to the search service, we were only getting one of those events. It happened to be the first one added to the calendar; all events had been added over 24 hours before.

When we tried searching for the title of the events in the regular old search box, we still only saw one result. At least that was consistent, and it showed we weren’t doing something stupid in our REST call. I’ve had to blur a number of things out in this screenshot, but here’s what we saw on the search results page. In this case, the results were coming to us in /_layouts/15/osssearchresults.aspx for the particular subsite where the events were, but it didn’t matter if we tried using the search center.

I included Mikael Svenson (@mikaelsvenson) in my email to my Product Group friends because if there’s something about search Mikael doesn’t know, it isn’t worth knowing. I probably should have just asked him in the first place, but we truly believed we had found a bug.

Mikael spotted that all four of the events we expected to retrieve had the same title. This isn’t so unusual: a couple of meetings on a given day with the same title. Maybe we have five interview slots set up for a new candidate, or have several different times when the Red Cross is running a blood drive on the same day, or exactly the example we have here.

We probably should have realized something was wrong when we looked at the search results above. As you can see below – now that I’ve highlighted it – there were three plus one items shown in the histogram for the Modified date.

It turned out that because the four events were so similar, search was considering them duplicates. Of course they weren’t duplicates to us: each is a unique event with its own value to end users.

By adding trimduplicates=false to our REST call, we were able to retrieve all of the events we expected. It was a very simple fix, but given the black art of SharePoint search, not necessarily an obvious one. Perhaps we should have known better, but I don’t think this is an unusual problem. Add to that the fact that the standard SharePoint search results UI doesn’t give you any way to see the duplicates, and I think there is a significant issue.

I’ve made a suggestion on the SharePoint UserVoice to Allow easier management of the trimduplicates setting.

When we search for content, we often (some might say “usually”) need to see all results for our search query. It seems that by default, trimduplicates is set to true in SharePoint Online. This seems to be true in the search Web Parts and in the search API.

My suggestion is that we have far better and clearer ways to manage this setting, including:
* An easy toggle in the Content Search Web Part (CSWP)
* A clear way on the search results pages to choose to show duplicates where there are any. This was present in earlier versions of SharePoint, and I’m not sure when it was removed.

Deciding when duplicates are appropriate is a complex thing, and it varies greatly by use case. Giving people setting up SharePoint pages simpler control over the setting will both help build compelling user experiences on the platform and help confirm that search is indeed working properly. When someone searches for something they know is there and it doesn’t show up in search results, it undermines faith in the entire platform.

If you feel that my ideas have merit, please vote this suggestion up! Suggestions at UserVoice with enough votes truly do get the SharePoint Product Group’s attention.

If you find yourself in a situation like this, there is a tool that can be helpful to solve whatever might be going on. If you do much work with search, check out the SharePoint Search Query Tool on Codeplex. Mikael has contributed to this tool and it basically allows you to issue REST calls through a UI that “understands” SharePoint search very well.

In the screenshot below I’ve done a search against our Sympraxis tenant using the querytext='test'. That’s certainly nothing fascinating, but it points out a few of the useful aspects of the tool:

  • Simple querytext configuration
  • Easy on/off switches for the various query options; in this case unchecking Trim Duplicates was the winner.
  • An easy way to see the effect of your settings on the REST call on the URL (right at the top of the screen)
  • On the right side, a clear view of the results returned, using a number of useful formats. If you’ve written JavaScript to parse search results, you’ll know that this is really helpful.

As a little bonus, here’s the key JavaScript we use to parse the RelevantResults table from the REST call to the search API. Because we’re requesting items  which are all based on the Event Content Type, we can treat all search results the same way. In this example, we’re using AngularJS and jQuery, preparing the data for use with fullcalendar, as I mentioned above.

Hopefully this post gives you a little more insight into the inner workings of SharePoint search. To me, these little eddies and backwaters of search are what turns it into a black art. I’d love to see things get even simpler that the so-called “Quick Mode” in CSWPs.

Thanks again to Mikael and the Product Group folks who engaged on this with me. Notice that this is Part 1 – I expect to add more entries to this series.

References

Mikael pointed me to these two articles on duplicates and “shingling” in case you’d like to understand the underlying principles more fully.

Mikael’s post about duplicate trimming

SharePoint Search Query Tool

SharePoint UserVoice suggestion: