More Granular Permissions for Office 365 Groups: A Work in Progress?

There are changes afoot in the way we can manage permissions in an Office 365 Group Team Site. (Naming for this stuff is getting really tricky. I continue my habit of capitalizing “things” that have a name in the product, to avoid confusion with the “concepts” behind them.)

In the last few days, we’re seeing some new ways to manage Group permissions behind the cog in a “modern” Team Site, aka, the site for an Office 365 Group.

Dan Holme (@danholme) posted an image to Facebook – which I think is visible to his friends, thus basically public – that shows his view of what’s going on.

I see slightly different things in several tenants. I *think* First Release has to be on for you to have these capabilities, but I’m not positive about this. If you have the Site Permissions option behind the cog in a “modern” Team Site, like this…

…you’ll see a panel which looks something like the one below. The red box is what seems to be new. From a Group Team Site life cycle management perspective, being able to “flip” a site from Edit to Read mode is a Very Good Thing. I’m not a huge fan of the “archive” idea, but I often want to stop people from using a site after it’s usefulness has waned. At that point it can be an historical record, but people shouldn’t be able to add new content to it or change existing content.

It took me some fiddling around to figure out how this works, but by clicking on the “Edit” underneath the Group members, I can change the permissions from Edit to Read.

The effect of this is basically to slide the Group members down into the Read bucket.

What I’d really like to be able to do is add *different* people into the Read bucket – maybe we want the executives to be able to drop into a project Team Site, but not edit stuff, for example – but I can’t figure out how to do that with the UI as it is. Note that the “go to Outlook” text at the top of the panel is actually a link (sort of invisible, but it’s there) to take you over to Outlook to manage Group membership. I don’t see anything over in Outlook which reflects this Read idea, but I expect that’s coming.

One of the joys of a living and breathing service is we get to see things as they roll out, sometimes even in the middle of changes. I expect this will all gel in the near term, but at the moment, it’s pretty confusing, IMO. I’ve reached out to Dan to gather more info, and I’ll add it here as I understand things better. In the meantime, we know that more granular permissions control for Groups is really coming!

<UPDATE 2017-03-03>

Yesterday I had a chat with Dan about where this is all heading. It was one of those “I can’t tell you what he showed me” conversations, but I can say that I see the sense in where it’s heading.

It’s a tricky line they are walking as they move SharePoint from “classic” to “modern” pages. Many of us long-time SharePoint folks are looking for the same terminology and UI that we’re used to – even though we’ve been clamoring for improvements for years!

The upshot is I think we will have the right combination of the old SharePoint (that’s probably why we see “Site Members/Owners/Visitors” in the UI above) and the “modern” SharePoint (probably more role-based?). It’s going to continue to feel weird as we move from one world to the other, but we’re getting there.

Finally, Dan and I talked about a few things I think they could communicate a bit better. I expect Dan and others will be doing posts around some of those topics (did you know you can remove the News Web Part from a “modern” Team Site home page now?) and more very soon.



The Arctic SharePoint Challenge: A Hackathon for Office 365 Enthusiasts

This is an expanded version of the article I wrote for BZ Media‘s SPTechReport – the folks who bring you SPTechCon – last week. (Use my code ANDERSON when you register for SPTechCon Austin and save an additional $200!)

Last week I had the honor of being a judge at the Arctic SharePoint Challenge in Oslo, Norway. This is an annual challenge put on by a group of SharePoint-focused consulting companies in and around Oslo, though occasionally teams come from further afield.

Each year, there is a different theme. Two years ago when I was a judge the first time, the theme was Star Wars (apt, given the Hoth-like landscape outside the hotel where ASPC is held), last year was Marvel, and this year was The Matrix.

The Mission: #ASPC2017 aims to stimulate collaborative learning, networking and stimulation of ideas for participants through hands-on, time-limited challenges. We are fiercely competitive, yet vastly helpful and extremely sharing (also across teams), realizing that collective learning is more important than personal gain!

More informally, I see several great outcomes of the challenge.

  • Demonstrate, use, and learn about the latest developments in the SharePoint ecosystem
  • Work together in teams that – though generally from the same company – may rarely get to work together. (On site client work keeps them separated much of the time.)
  • Step outside a normal comfort zone, outside a client context, and try some crazy stuff.
  • Meet and work with teams from other consulting companies in the region.
  • Have a truly great time.

The challenge is held at a beautiful hotel in the mountains outside Oslo. When it’s raining in the city, it’s usually snowing near the hotel. It’s a great facility with fantastic food – no cold pizza for this hackathon.

View from the bridge of the Nebuchadnezzar – courtesy David Parker – Tap or click to see the 3D version at Theta

So, we had all the ingredients for a great event:

  • Smart, motivated people
  • Fantastic facilities
  • Judges from far away (we get the best deal, I think!). Joining me for the judging were: Benjamin Niaulin (Sharegate), Fabian Williams (K2), Yina Arenas (Microsoft), Scott Durow (Develop1), and David Walker (BVisual).

Each team decides what to build, with some connection (sometimes rather obscure) to the theme. The theme makes the event a lot more fun, and provides many opportunities for movie line quotes and strange scenarios.

We had a predefined list of categories upon which to judge each team’s work.

  1. Awesome Code–  Best practice around different technologies; What type of framework; BP on Platform chosen; Having a GitHub Repo; Nice Code / Commit / Issues // Commented
  2. Go with the Flow– Workflow automation; Webhooks; Forms and process automation; Event receivers; CRM workflows
  3. User Experience– User friendly, Usability, User interaction, Accessibility; Mobile; Responsive design
  4. Geeky Bastards– Use iOT and other tech outside of O365 area; Mention Azure ML; Python or R; Bot Framework; Hololens; Tesla; AI, Cortana, Alexa, etc
  5. Power User Love– Your solution can easily be extended or used by “Power Users” to do more with it.
  6. Mile High Club– Cloud services; Azure functions; Microsoft Graph; AWS, Lambda; Cloud APIs
  7. Team Spirit– Open your code so others can use it; Be a good team; Happy camper; Help others; Blogs sharing what you have learned
  8. Dynamics Dynamite– Use of Dynamics 365 in the solution. This was a new area for many of the teams, but a few found some CRM experts to bring along with them.

Bonus Challenge – Visio – Develop custom shapes, connect them to data, and embed them in SharePoint. Hint: There’s some great new stuff coming here very soon, so keep an eye out for an announcement! We got a bit of a preview as part of the challenge, and it’s not your grandfather’s Visio anymore. (Did you know Visio first came out in 1991?)

Scott Durow did a yeoman’s job of keeping score during the event using Dynamics 365 to capture the data as we went along, and Power BI to display it. If you click on the image below, you can see the final, live scoreboard.

As you can see, the PuzzlePart Appsters took the competition this year. I believe that makes it 3 / 7 for them. If you’d like to see some of what they were able to build, take a look at the Team Blogs on the ASPC site. The Appsters’ intro video for the final presentation is over on YouTube:

I’d love to see this hackathon / challenge idea reproduced elsewhere. I’ve been to several other hackathons as a judge, and this one has something special going for it. The combination of factors: great location, company-based teams, entertaining theme, and admirable goals truly makes for something special that people return to year after year.

It’s very interesting and important to have events like these, made me realize how little I know. A perfect time to step out of the comfort zone and the work routine to explore ideas with like-minded folks in the industry. Seeing Bots interact with the Microsoft Graph, Hololens recognizing faces and storing the information in SharePoint, integrating Flows and PowerApps to CRM and our beloved platform…very exciting and more importantly, a great learning experience – Benjamin Niaulin

Reports from afield tell us that SharePoint user group participation has flagged (at least in the US). Perhaps events like these are the next evolution of the “user group” concept?

If you’d like to know more about ASPC so you could try to run a similar event, feel free to ping me and I can put you in touch with the appropriate person. Also, it would be great to see a few new teams at ASPC 2018!

Additional Information

David Parker’s posts

Some particularly tricky problems solved:

Greetings from Oslo, Where I’m Co-Authoring a Document

Today Julie (@jfj1997) and I were working on a document together. As usual, since we’re “cobbler’s kids”, we were emailing a Word document back and forth.

No way! We decided to share the document from one of our OneDrives and started editing online. I’m in Oslo, Norway at the Arctic SharePoint Challenge (more about that in another post) and Julie is back home in New Hampshire, so we were working with both a geographical and time zone difference, just like many people do these days.

The co-authoring experience seems a lot better than either of us remembered it. (In fact, there have been improvements to the experience over the last few months – it’s hard to keep up!)

Here are the things we really liked about this little experience…

By clicking on Review / Show Edit Activity, we could see what the other had been up to. Because I’m at ASPC2017 as a judge, I was interrupted several times (which was totally appropriate), and when I turned back to the document, I could see what Julie had been up to.

As we were editing, we could easily see what the other was doing, as there were little colored flags which moved along with the edits as they happened. In essence, it meant that we could see each other’s cursors in the document. This helped not just to see what the other was doing, but also as we were each adding new ideas into the document, we were able to avoid stepping on each other’s toes.

At one point, it felt like it would be a good idea to discuss a certain point we were making in the document. By clicking on the Chat button, we got an embedded chat window within the editing experience where we could have that discussion (and give each other a little crap when it was merited).

As with many of the new things that roll out to Office 365, I have been skeptical of the utility of this co-authoring experience. However, having been through this single experience working on a document with Julie, I think both of us are likely to use it many more times. It’s not necessarily useful in every editing scenario, but in this case it moved us forward much more quickly than any of the previous ways we might have worked.

Get Julie’s take on her co-experience co-authoring with me in her post Greetings from New Hampshire, Where I’m Co-Authoring a Document


SharePoint Online Search Isn’t Displaying What I Expect – Part 1 – Trimmed Duplicates

This entry is part 1 of 1 in the series SharePoint Online Search Isn't Displaying What I Expect

For years, I’ve been skeptical about search indexing in SharePoint, especially in SharePoint Online in Office 365. The fact that we can’t know when a search crawl has run – thus updating the indices – is a huge part of the problem. In the early days, before Content Search Web Parts (CSWPs) were available in SharePoint Online, we routinely saw delays between content creation and that content showing up in search results of days or even weeks. Later the CSWP was enabled on SharePoint Online, and it is a fantastically powerful tool, far better than the Content Query Web Part (CQWP) which it nominally replaced.

But the value of any search-driven mechanisms in SharePoint is directly tied to the recency and frequency of updates to the search index. While the CQWP is quite inefficient – since it actually goes out to look for content at the source every time it runs (though there may be some caching) – the CSWP uses the search index and can thus return results using fewer server resources in some cases. (One downside is that you can only retrieve up to 50 results with the CSWP.) Since we don’t know when the search crawls run in SharePoint Online, and we often seem to not see the results we expect, we tend to blame to indexing for the problem.

There are many things that can contribute to the indexing issues. Load on the indexing servers can mean that your tenant isn’t crawled as frequently as you might want – taking hours or in the worst cases days to display items you know should be there. Unfortunately, there is no way to know if the index is the issue. Based on what I’ve heard, there are usually multiple indexing servers per tenant, and those indices can supposedly get out of sync. Search is also a very complex beast: probably way too complicated for most use cases, as it is based on the old FAST search platform. Most people simply want to be able to see content they add to a SharePoint list or library right away if they search for it. Period. So simple, yet often not what happens.

The other day, Julie and I were certain we had an ironclad instance where search indexing simply wasn’t working correctly. The scenario seems to be a very common one, and we stripped it down to as minimal an example as possible and sent it off the the Product Group.

In the example, we were making a REST call to the search API:

to retrieve all of the events in calendars across an Intranet. The use case is a very common one: we have a calendar per department, office, etc., and in some cases we’d like to promote those calendar events to display on the home page of the Intranet. Put aside the governance questions here, and just assume that everyone who can create events gets to decide whether to check the Show on the home page box. To make this all work, we have a few custom content types which inherit from Event with a few extra columns. We have some nice, fancy display mechanisms on the home page using AngularJS and on a Company Calendar page using fullcalendar. But most of that doesn’t matter: we were seeing the issue in the call to the search API.

Our query looked something like this:

This query will return all (we thought!) list items which inherit from the Event Content Type, because its ContentTypeId is 0x0102. Of course, our actual query was more complicated: we requested specific fields with selectproperties, asked for more items by setting the rowlimit to 50, etc. But again, at the core we were simply asking for a bunch of events.

But we weren’t seeing all the events we expected. We assumed that the search index wasn’t working correctly, just like most site admins would.

There was a series of meetings going on about some HR changes, and the company was giving employees a set of webinars from which they could choose one to attend. The events were at four different times during the day. In our call to the search service, we were only getting one of those events. It happened to be the first one added to the calendar; all events had been added over 24 hours before.

When we tried searching for the title of the events in the regular old search box, we still only saw one result. At least that was consistent, and it showed we weren’t doing something stupid in our REST call. I’ve had to blur a number of things out in this screenshot, but here’s what we saw on the search results page. In this case, the results were coming to us in /_layouts/15/osssearchresults.aspx for the particular subsite where the events were, but it didn’t matter if we tried using the search center.

I included Mikael Svenson (@mikaelsvenson) in my email to my Product Group friends because if there’s something about search Mikael doesn’t know, it isn’t worth knowing. I probably should have just asked him in the first place, but we truly believed we had found a bug.

Mikael spotted that all four of the events we expected to retrieve had the same title. This isn’t so unusual: a couple of meetings on a given day with the same title. Maybe we have five interview slots set up for a new candidate, or have several different times when the Red Cross is running a blood drive on the same day, or exactly the example we have here.

We probably should have realized something was wrong when we looked at the search results above. As you can see below – now that I’ve highlighted it – there were three plus one items shown in the histogram for the Modified date.

It turned out that because the four events were so similar, search was considering them duplicates. Of course they weren’t duplicates to us: each is a unique event with its own value to end users.

By adding trimduplicates=false to our REST call, we were able to retrieve all of the events we expected. It was a very simple fix, but given the black art of SharePoint search, not necessarily an obvious one. Perhaps we should have known better, but I don’t think this is an unusual problem. Add to that the fact that the standard SharePoint search results UI doesn’t give you any way to see the duplicates, and I think there is a significant issue.

I’ve made a suggestion on the SharePoint UserVoice to Allow easier management of the trimduplicates setting.

When we search for content, we often (some might say “usually”) need to see all results for our search query. It seems that by default, trimduplicates is set to true in SharePoint Online. This seems to be true in the search Web Parts and in the search API.

My suggestion is that we have far better and clearer ways to manage this setting, including:
* An easy toggle in the Content Search Web Part (CSWP)
* A clear way on the search results pages to choose to show duplicates where there are any. This was present in earlier versions of SharePoint, and I’m not sure when it was removed.

Deciding when duplicates are appropriate is a complex thing, and it varies greatly by use case. Giving people setting up SharePoint pages simpler control over the setting will both help build compelling user experiences on the platform and help confirm that search is indeed working properly. When someone searches for something they know is there and it doesn’t show up in search results, it undermines faith in the entire platform.

If you feel that my ideas have merit, please vote this suggestion up! Suggestions at UserVoice with enough votes truly do get the SharePoint Product Group’s attention.

If you find yourself in a situation like this, there is a tool that can be helpful to solve whatever might be going on. If you do much work with search, check out the SharePoint Search Query Tool on Codeplex. Mikael has contributed to this tool and it basically allows you to issue REST calls through a UI that “understands” SharePoint search very well.

In the screenshot below I’ve done a search against our Sympraxis tenant using the querytext='test'. That’s certainly nothing fascinating, but it points out a few of the useful aspects of the tool:

  • Simple querytext configuration
  • Easy on/off switches for the various query options; in this case unchecking Trim Duplicates was the winner.
  • An easy way to see the effect of your settings on the REST call on the URL (right at the top of the screen)
  • On the right side, a clear view of the results returned, using a number of useful formats. If you’ve written JavaScript to parse search results, you’ll know that this is really helpful.

As a little bonus, here’s the key JavaScript we use to parse the RelevantResults table from the REST call to the search API. Because we’re requesting items  which are all based on the Event Content Type, we can treat all search results the same way. In this example, we’re using AngularJS and jQuery, preparing the data for use with fullcalendar, as I mentioned above.

Hopefully this post gives you a little more insight into the inner workings of SharePoint search. To me, these little eddies and backwaters of search are what turns it into a black art. I’d love to see things get even simpler that the so-called “Quick Mode” in CSWPs.

Thanks again to Mikael and the Product Group folks who engaged on this with me. Notice that this is Part 1 – I expect to add more entries to this series.


Mikael pointed me to these two articles on duplicates and “shingling” in case you’d like to understand the underlying principles more fully.

Mikael’s post about duplicate trimming

SharePoint Search Query Tool

SharePoint UserVoice suggestion:

Fixing the “Bad Request – Request Too Long” Error with Office 365 in Chrome

Bad Request - Request Too Long

This one really bugs me when it happens, and it’s pretty frequent. If you try to navigate to your Office 365 Settings or the Admin Portal in Office 365 with Chrome, you may well get this error instead of arriving at your regularly scheduled destination. I believe you may have a similar experience in Firefox as well.

I’ve gone Bingling for clues more than once on this one and I find lots of complaints about it happening, but the only solution seems to be “delete your cookies”. This is not an acceptable answer by any stretch of my imagination, but apparently it actually does work.

Eagle-eyed Twitter follower Harold Gale (@1wisegeek – aptly named!) spotted my compaint about it today and came to the rescue with a post with a very targeted fix.

In the hopes that it will help a few more people (and maybe rise a little higher on the Bingling charts so that they can find it!), here are the steps to the solution, temporary as it may be.

  • Go to the the Chrome Settings – usually this will be under the three vertical dots (sideways elipsis? leaky |?) in the top right of your window.

  • At the bottom of the page, click “Show advanced settings…”
  • Under Privacy, click the “Content Settings” button
  • Click on the “All cookies and site data…” button

  • In the search box in the upper right, search for “”


I found all these cookies after that search. Note the *5* “testcookie” entries. Enterprise-class!

You can also search for “office365” and/or “” and delete some of those cookies as well.

Note that I have no idea what each of those cookies does, and you will want to be thoughtful about what you delete!

My hope is that this post gets few reads because Microsoft solves the issues here, but the Office 365 login “experience” has been less than stellar for many years now. I’m not going to hold my breath, and at least I know I have this post to help future me out more easily.