Postpone the deletion of your SharePoint Online Public website

In March 2015, Microsoft announced the deprecation of the public website feature in SharePoint Online. New tenants were no longer able to create public-facing site collections, and existing ones were given two years grace period to move the website to a different solution.

Two years passed by, and the due date is almost upon us. The KB article has been updated with detailed schedule on the deletion process, as follows:

  • Beginning May 1, 2017, anonymous access for existing sites will no longer be available. If customers need more time to move their public website, they have a one-time postponement option for up to one year (March 31, 2018). Customers must select the postpone option by May 1, 2017.
  • On September 1, 2017, when Microsoft deletes the public site collection in SharePoint Online, customers will no longer have access to the content, images, pages or any other files that reside on their public website. Before September 1, 2017, customers should make a backup copy of all their public website content, images, pages, and files, so they don’t lose them permanently.
  • On March 31, 2018, Microsoft will delete all public sites that have been postponed.

The postpone option has been added under the SPO admin center (Office 365 admin -> SharePoint -> Settings -> Postpone deletion of SharePoint Online public website), and looks like this:

Should you miss the deletion timeline as well, you will still be able to recover the content via the Recycle bin.

Posted in Office 365, SharePoint Online | Leave a comment

A proper article on Smart links and their use with Office 365

For my latest article on ENow’s Solutions Engine blog, I’ve tried to put together all the bits and pieces involved in creating and using Smart links for your Office 365 applications. Well, at least as many as we can fit in 2000 words 🙂

Smart links have been around for ages, but for unknown to me reasons, there’s practically no proper article left on the internet that explains their use and benefits. Most of the articles on the subject that I had bookmarked are gone now and the others only cover part of the story, so I thought it’s time to have a proper article on smart links!

As usual, I’ve included as many links as possible to additional documentation, but in case you still have a trouble grasping the concept of smart links or simply have a question, drop a note here or under the original article.

Read the full article here: http://blog.enowsoftware.com/solutions-engine/using-smart-links-to-improve-the-login-process-to-office-365-applications

 

Posted in Office 365 | Leave a comment

Quickly list all groups a user is member of or owner of in Office 365

Continuing the “how to do this with the new Azure AD PowerShell module” series, in this article we will explore some useful cmdlets that quickly list all Groups a user is member of, or is configured as Owner/Manager.

To get the latest version of the AzureAD PowerShell module, click here. To get the documentation on installing and using the module, click here.

Getting group membership

As a reminder, here’s how to quickly get a list of all groups a user is member of via the EO Remote PowerShell cmdlets:

Get-Recipient -Filter "Members -eq 'CN=user,OU=tenant.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=EURPR03A001,DC=prod,DC=outlook,DC=com'"

where ‘CN=user,OU=tenant.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations, DC=EURPR03A001, DC=prod, DC=outlook, DC=com’ is the DistinguishedName of the user, obtainable for example via:

Get-User user@domain.com | select -ExpandProperty DistinguishedName

Now, there’s also one caveat you might want to consider when using the above cmdlet. Namely, the Get-Recipient cmdlet in EO doesn’t return Office 365 Groups objects (the new, “modern” groups) unless you specifically include them. An updated version of the above cmdlet that accounts for Groups will look like this:

Get-Recipient -Filter "Members -eq 'CN=user,OU=tenant.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=EURPR03A001,DC=prod,DC=outlook,DC=com'" -RecipientTypeDetails GroupMailbox,MailUniversalDistributionGroup,MailUniversalSecurityGroup

and will return all Distribution groups, Mail-enabled security groups and Office 365 groups the user is member of. Dynamic distribution groups are something else you might want to consider, but those aren’t a subject for the current article. You can add other recipient types to the above example as needed.

So, after covering the Exchange side, can we also do the same with the Azure AD cmdlets? The answer is yes, thanks to the Get-AzureADUserMembership cmdlet. Here’s an example:

Get-AzureADUserMembership -ObjectId 584b1b38-888c-4b85-8a71-c9766cb4791b

As usual, one probably wants to avoid using ObjectIds, so here’s an example that takes care of that:

Get-AzureADUser -SearchString user@domain.com | Get-AzureADUserMembership

The next problem you will run into is handling the output, which is also full of ObjectIds. We can use calculated properties to work around this:

Get-AzureADUser -SearchString user@domain.com | Get-AzureADUserMembership | ? {$_.ObjectType -ne "Role"}  | % {Get-AzureADGroup -ObjectId $_.ObjectId | select DisplayName,ObjectType,MailEnabled,SecurityEnabled,ObjectId} | ft 

where we have also excluded the Role groups from the output. If you want to keep them, change the above cmdlet to:

Get-AzureADUser -SearchString user@domain.com | Get-AzureADUserMembership | % {Get-AzureADObjectByObjectId -ObjectId $_.ObjectId | select DisplayName,ObjectType,MailEnabled,SecurityEnabled,ObjectId} | ft

DisplayName           ObjectType MailEnabled SecurityEnabled ObjectId
-----------           ---------- ----------- --------------- --------
Company Administrator Role                                   c25d133f-4944-481a-84d2-6e41d6a101f4
test                  Group      False       True            a1813eff-a80b-4ac9-bbdc-8e0821b76809
empty                 Group      True        False           74f09795-5028-4f89-bba3-f6f0e0d084b4
DG                    Group      True        False           c91cd116-a8a5-443b-9ae1-e1f0bade4a23
USG                   Group      True        True            9e629d33-d655-440c-89af-15738e59e667

Overall, the number of objects returned by the Get-AzureADUserMembership cmdlet should be greater compared to the Exchange cmdlets, because of the inclusion of objects such as Security groups and User Roles.

Get list of objects the user is Owner for

Similarly to group membership, we can also use PowerShell cmdlets to quickly get a list of all objects a user is configured as Owner for (or Manager in the Exchange world). Here’s how to do this with EO remote PowerShell:

Get-Recipient -Filter "ManagedBy -eq 'CN=user,OU=tenant.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=EURPR03A001,DC=prod,DC=outlook,DC=com'" -RecipientTypeDetails GroupMailbox,MailUniversalDistributionGroup,MailUniversalSecurityGroup,DynamicDistributionGroup

To get the Owner information with the Azure AD PowerShell, one can use the Get-AzureADUserOwnedObject cmdlet. Example use of the cmdlet:

Get-AzureADUserOwnedObject -ObjectId 584b1b38-888c-4b85-8a71-c9766cb4791b

or the more useful version sans the ObjectId obscurity:

Get-AzureADUser -SearchString user@domain.com | Get-AzureADUserOwnedObject

ObjectId                             DisplayName      Description
--------                             -----------      -----------
471b526b-a084-46c0-a649-986c4e2cb89d First group      First group
b6b27af5-7b64-4bd5-9dc5-8886974dcb51 All Users

A note is due here – the Azure AD cmdlet doesn’t look at the “ManagedBy” property. If you want to include Exchange related recipients in the output, such as (dynamic) distribution groups, use the Exchange cmdlet above.

Posted in Azure AD, Office 365, PowerShell | Leave a comment

Set Office 365 user password to never expire via the AzureAD PowerShell module

With the AzureAD module now in GA, we should start updating our scripts and skills to take advantage of the new cmdlets. In case you need additional information about the Azure AD PowerShell module, its installation and use, make sure to check the documentation here.

I plan to release a series of articles detailing on how to perform the most common tasks via the new module, at least the ones that aren’t obvious that is. The first such example is disabling password expiration for a user account. It was actually a question over at the Azure AD forums, but I guess it deserves a bit more visibility. So here’s how to do it:

Set-AzureADUser -ObjectId efd8f64f-a605-4a39-85ca-d78150b8765d -PasswordPolicies DisablePasswordExpiration

Of course, using ObjectIds will only get you so far, so here’s an easier to handle example:

Get-AzureADUser -SearchString user@domain.com | Set-AzureADUser -PasswordPolicies DisablePasswordExpiration

If you want to do this for all users:

Get-AzureADUser -All $true | Set-AzureADUser -PasswordPolicies DisablePasswordExpiration

To get a list of users with password set to never expire:

Get-AzureADUser | ? {$_.PasswordPolicies -match "DisablePasswordExpiration"}

Note the use of the –match operator above, reason being the poor handling of the PasswordPolicies parameter in the current version of the module. It’s a string parameter, with only two values allowed (DisablePasswordExpiration and DisableStrongPassword). Being a string however, you can easily overwrite it – setting DisablePasswordExpiration will remove the DisableStrongPassword value, and vice versa. While the latter value is hardly anything you would be using, a proper use of the cmdlet will need to make sure that values are preserved.

As a reminder, here’s how to disable password expiration via the old MSOL module:

Set-MsolUser -UserPrincipalName user@domain.com -PasswordNeverExpires $true

Or for all users:

Get-MsolUser -All | Set-MsolUser -PasswordNeverExpires $true
Posted in Azure AD, Office 365, PowerShell | Leave a comment

We now have 100GB Office 365 E3 mailboxes and 50GB Archives, Unlimited seems to be going away

This news went out few weeks back, but now we are actually seeing the 100GB mailboxes appear across the service:

The rollout seems to be happening on a per-server/DAG, rather per-tenant. If you are still not seeing the new limit and want it so bad you can’t wait few days more, you should now be able to increase the quota manually via PowerShell.

While the above information is hardly news by now, something more interesting can be spotted in the Exchange Online Limits article. Namely, the Archive mailbox size is now listed as 50GB across all options and the “unlimited” wording we had before seems to have disappeared. Effectively, Microsoft has swapped the size of the “regular” mailbox and the archive one, a change that probably makes sense only to the marketing guys.

On the topic of Unlimited (archive) storage that was promised years ago, but is yet to appear in the service, no clarity is given. As mentioned above, the “No limit” wording has disappeared and is now replaced with 50GB, and the footnote no longer mentions the 170 GB limit we had previously (100 GB initial size for the archive mailbox + 70 GB increase after you contact support). The Office 365 Roadmap on the other hand shows the Auto-expanding archives feature as “rolling out”, so hopefully that’s the good news here!

Just for fun, here’s how the table and wording looked like few months back:

And here’s the sad news, the “Archive” folder that appeared at the end of last year is here to stay. Seems like Microsoft is changing its recommendation as to where to store older messages, which is also confirmed by the above observations.

Posted in Exchange Online, Office 365 | Leave a comment