Microsoft Is Removing Code-Based Sandbox Solutions in SharePoint Online – Be Prepared!

Though Microsoft announced that sandbox solutions with “code” (this is becoming a more confusing distinction than ever with JavaScript becoming a first class coding citizen!) were deprecated back in 2014, last week’s announcement that sandbox code was being shut off caught many people by surprise.

There was a post that went up last Friday, July 29th, 2016, on the Office Dev Center blog that let us know that they were Removing Code-Based Sandbox Solutions in SharePoint Online. Unfortunately, there’s no date on the post, so quite a few people I shared it with doubted its relevance. But if you go up a level, you can see it was posted on the 29th.

Removing Code-Based Sandbox Solutions in SharePoint Online SharePoint team - Published 07/29/2016

Removing Code-Based Sandbox Solutions in SharePoint Online
SharePoint team – Published 07/29/2016

Here at Sympraxis, we’ve never used Sandbox solutions (client side rulez!), but this quick shutdown seems to be hitting many people hard. I would have thought there would have been  series of reminders, maybe a countdown clock, and some targeted emails to people who are still running this type of solution to help them prepare for the eventuality.

There’s been an active discussion on reddit, confusion in the SharePoint group on Facebook, complaints in the SPYam Yammer network, etc. In other words, the communication either didn’t hit or it hit too late.

Even worse, it seems as though the support people had no idea this was going to happen. As late as last Friday afternoon, this was considered a service issue, with updates coming into the Office 365 Admin Center to explain why it was happening.

Custom Solutions and Workflows - Service degradation

Custom Solutions and Workflows – Service degradation

I really try not to be publicly critical of my friends at Microsoft (I know some of you may find that hard to believe!), but this one could have been handled far better. Microsoft is learning how to be more open, and this is one place where I think they are going to learn some things. There may be good reasons why this shutdown is happening ex post haste, and letting us know what those reasons are would be helpful. With SaaS, whether we like it or not, we’re all riding in the same ship. When it springs a leak, not just the women and children need to know it’s time to head to the lifeboats. And it’s August, when not that many people are running at full steam.

There are clear ways to solve this for your own organization, and good articles explaining how to go about it. But you don’t have a lot of time (we’re hearing as little as 30 days, at least in the rumor mill), so you’d better get cracking!


Update 2016-08-01: Check out this post from Dave Feldman (@bostonmusicdave) about getting some non-code solutions to activate: Sandbox Solutions removed from SharePoint Online–Here’s the fix for your Visual Studio developed WSPs to get them to activate. It seems as though the change to SharePoint Online may be blocking some solutions it shouldn’t.

Update 2016-08-02: Apparently, some people are seeing a message like this in the Admin Center. If you aren’t sure if you have sandbox solutions, be sure to check!

MC73347 in the admin center:

We’ve detected that you are using a code-based sandbox solution with your tenant account. Please be advised that we’ve moved forward on our plans to remove code-based sandbox solutions as previously announced in 2014.

As part of the removal process, activation of new code-based sandboxed solutions, as well as updates of existing solutions are no longer available. In approximately 30 days, currently running, code-based sandbox solutions in the SharePoint Online environment will be disabled.

Update 2016-08-03: Be sure to read my follow up post New Script Available from Microsoft PnP: Generate list of sandbox solutions from SharePoint Online tenant

Response to Edin Kapic’s “The dark, hidden side of our technical communities”

I was going to just leave this as a comment on Edin Kapic’s (@ekapic) recent post The dark, hidden side of our technical communities, but I decided I wanted to put it up here instead to make it more visible. (A post usually gets more attention than a comment.)

Image source:

Image source:

Every time I read something like Edin’s post, it makes me feel truly bad. I want to treat everyone equally, but that doesn’t really work, either.

One of the joys in life is our human diversity. It goes way beyond what are called “protected classes” here in the USA. People are all different and that’s what makes life interesting. I want to have conversations about those differences and try to understand the ones that can be understood. If we treat everyone the same, we lose out on that festival of variety.

Image source:

Image source:

At the same time, tech is absolutely, no questions asked, a man’s game.

Image source:

Image source:

I don’t really understand why that is, where it starts for each promising young female, etc. But I do know that I can do my own best effort to make the women around me feel empowered to do tech if that’s what they want to do. Since hiring Julie Turner (@jfj1997) (in truth we started out more equals than anything else), we’ve had lots of discussions about this sort of thing. I value the different viewpoints she brings to my thinking when we talk about things like speaking at conferences, or business travel, or how to talk in a crowd of techies.

Unfortunately, at the same time that it seems like humankind is becoming more tolerant (LGBT-focused legislation, discussions about women in tech, etc.), it’s also becoming less tolerant (political-driven bigotry and xenophobia, religious zealots, etc.)

I think the best motto for all this might be the old “think globally, act locally”. If we each do our part to make the tech world a better place, it will be. Unfortunately, many other members of the community will also be doing their darnedest to do the opposite. And so it goes…

Understanding SOME of the Pratfalls and Pitfalls of Sharing in a Collaborative World

Digital content sharing with SharePoint is both a tremendously useful set of features and also a set of capabilities fraught with peril – depending on the type of content and the knowledge level of the person doing the sharing.

As most SharePointillists know, SharePoint provides a hierarchical security model. It can get extremely complex either by design or through ongoing usage, but the general scheme goes as follows…

Web Application – This is also known as your Office 365 tenant. Think of this as your collection of offices: your entire company.

Office buildings

Site Collection – Think of this as a “walled security garden”. Your might have an Intranet in one Site Collection at and a Project site in a different Site Collection at Think of these as rooms in your offices that can lock securely.

Locked Office

Sites – Sometimes also referred to as Webs (mainly by developers), these include the root site of any Site Collection as well as any subsites. Think of these as standalone filing cabinets.

Filing Cabinets

List and Libraries – These are content “containers” inside each site. Think of these as the drawers in your filing cabinet.

Filing Cabinet Drawer

Folders in lists or libraries – While we sometimes discourage the use of folders because of the impact on useful metadata tagging, people will probably always continue to use them – and they aren’t always bad. Think of these as the green (or orange or red or whatever) hanging folders in your filing cabinet. You might use them and you might not.

Filing Cabinet Drawer Folder

Individual list items or library documents – Finally we get to the real content! These are the papers or stapled sheaves of papers in the manila folders in the hanging green folders in the drawers in your filing cabinet in the room where you keep your content in your office building in your office in your company.

Manila folder

By the way – metadata? That’s the stuff you write on the manila folder to summarize what’s in it. It’s data about the data in the folder. Very meta.

Manila folder with metadata

Permissions can be applied at any of those levels. Applying permissions at too high a level (say, just at the tenant level) means you don’t really have any security or governance at all. If you apply permissions at too low a level (say, on individual documents), then you have an administrative nightmare and rarely really know who has access to what content. (There are performance implications with item-level security too, but I find that the other pitfalls hit you long before the performance ones do.)

OneDrive for Business

Add to the mix that we each have our own OneDrive for Business (OD4B). (We’ll leave personal OneDrive [OneDrive for Pleasure?] out of this conversation, but they also add a wrinkle. At the very least, many of us have two OneDrives. See: OneDrive, TwoDrive, ThreeDrive by John White (@diverdown1964).) Your own OD4B is really meant for you to store your own documents. These documents may be personal, but generally will be work-related in some way. In other words, this is not the place to store your music library.

You may want to occasionally share a document in your OD4B with others, either inside or outside the company. You’ll usually do this from the synced folders on your PC or laptop, but you can also do it through the Web interface or using Office applications like Word, Excel, PowerPoint, etc. Think of this level of sharing as “I have a document and I’d like to show it to you.” You may also want the person you share the document with to make some edits, but it’s more of an ad hoc thing.

If you find yourself working with others regularly on a document or if it will be accessed regularly by a group of people, then it doesn’t really  belong in your OD4B. In this case, it ought to live in a library in a SharePoint site. The permissions for that site or library should reflect the membership of the group of people who will play a role in the lifecycle of that document (and its companions in that location). These roles – in a simplistic way – tend to fall into three categories: owner, editor, or reader.

My recommendation is to always try to keep permissions set at the site level, where possible. If you don’t have a key for that specific filing cabinet, you simply can’t see anything in it. Setting permissions at a lower level – either at the list or library level or for individual documents – means you’d have access to the filing cabinet, but only some of the content within it. Knowing who has access to what is confusing, and each person’s view of the site will probably look different, adding to the support issues. Plus, when people don’t understand the permissions, they are likely to just grant highest permissions (everyone has Full Control!) to “clean up permissions”, which actually makes it even worse!

In today’s world, we also regularly want to share content with outside parties. This can be very temporary or quite permanent. We can email files, share individual files, share sites, etc., depending on the needs. “Collabotition” – especially the multidimensional types in some industries like pharma – means that you pretty much have to be good at this. In each case, the person doing the sharing needs to think about:

  • what the content is
  • why they are sharing it
  • who they are sharing it with
  • what the time span for the sharing should be
  • etc.

Few people consciously think through all of these aspects every time, and as humans we love to do things the same way over and over again. Thus we need to set things up in such a way that we can help or guide people to the right sharing mechanisms – ideally with as little training as possible, but there usually needs to be some.

Outlook logoOutlook adds ANOTHER wrinkle! Office 2016 is extremely “Office 365 aware”. When you attach a file to an email in Outlook from a shared location like your OneDrive for Business, it gives you the option of attaching the file the old way or by sending a link to the document instead. Taking the latter course effectively punches a hole through the firewall to make that document available to the person getting the link.

Other pieces of the governance puzzle that come in here are: retention policies, records management, templating, etc., but each of those are almost conversations in themselves.

All of this can become INCREDIBLY complex, but it only should become that complex when the business requirements dictate it. In many cases people want to over-engineer the technology to prevent people from doing dumb things, and that’s well-nigh impossible. If we lock things down too tightly, then people just start storing things in Dropbox or Google Docs instead, defeating the entire point! Be sure you’re setting things up to both provide a good user experience (UX) AND to protect your organization’s interests. Unfortunately, those two things can often be at odds.


Dear Microsoft: Please Make Modified Dates in Site Contents Reflect Content or Structure Changes Only Again

Looking at the modified values in Site Contents has always been a quick way to recognize where activity has occurred – if it has. Without running any code we can quickly see if a site has been used recently. (It was easier to eyeball this in SharePoint 2007 in the vertical listing than it is in SharePoint 2013+, but that’s a different UI issue – tiles aren’t helpful for every use case.)

Site Contents in SharePoint 2007

Site Contents in SharePoint 2007

Site Contents in SharePoint 2010

Site Contents in SharePoint 2010

For months now, a list no one has touched for over a year on Office 365 might say “Modified 23 hours ago”. It seems as though lists and libraries are being “touched” by some background process(es), changing the modified time incorrectly.

Site Contents in SharePoint 2013

Site Contents in SharePoint 2013

An example would be the site in my Sympraxis Office 365 tenant at

On that page, I see a number of lists and libraries that say “Modified 5 days ago”. I know for a fact that I have not modified any of those lists or libraries in quite a long time (at least months) and I’m the only person who would be in there.

False Modification Info

I’ve seen this in multiple tenants on Office 365, so it isn’t just something in my tenant. It’s VERY confusing to end users and brings into question the integrity of the platform.

I’ve been told by support that this is “expected behavior” and has been the case since SharePoint 2013. I believe this should be fixed.

I’ve added two UserVoice items to collect votes on this. It seems to be the best way to get some people in Redmond to pay attention to the issue, as my support conduits have failed.

It’s a shame when I feel I need to become an agitator to get  my friends out Seattle way to pay attention to this sort of issue. I know they are better and smarter than this, but large companies sometimes end up with processes that aren’t conducive to absorbing input. Things are SO much better in Redmond now, and I am sincerely enjoying working with the Product Group out there as an MVP.

In this case, let’s politely and constructively let them know this matters to us (and in my case, to my clients) by voting for the UserVoice items. Requests with more votes get more attention. so let’s let them hear us.

Today the SharePoint Mobile App Comes to iOS

One of the big May 4th announcements comes true today, with the release of the Microsoft SharePoint app on iOS. (Yes, we iPhone folks get to have most of the fun!) Read all the details about the release on the Office Blogs.

In case you missed the details, the Microsoft SharePoint app for iOS puts “your Intranet in your pocket” – though it’s probably more useful in your hand. Here are a few views of the app from the Office Blogs post. 
SharePoint appThe version they’ve release today looks a little bit different than the May 4 screenshots, but the basics are all there: Sites, Links, and People. I expect we’ll see continuous and rapid improvement on the app going forward, so keep an eye on it!

Learn more about the new SharePoint mobile app in this video, which was released for the May 4 event: