SharePoint

SharePoint Online & Sign-In Acceleration – SSO for SPO

Posted on

SPO

For those using SharePoint Online, you may have noticed that it does not provide the same home realm discovery that Exchange Online does, with Home Realm discovery meaning the services knows what domain/upn is being used and leveraging that authentication type for the user (Managed/Online versus Federated/ADFS).  SharePoint Online support now supports Sign-In Acceleration, which allows SPO to understand whether a browsing user is a Federated user and send to https://login.microsoftonline.com, with a directive that instructs login.microsoftonline.com to then forward the authentication request on to their ADFS deployed endpoint (i.e. https://sts.contoso.com).

Note – To enable this for your Office 365 tenant, please log a support case for this request and they can fulfill your request!

Explanation

Once auto-acceleration is enabled, the SPO authentication process works as follows:

  1. The user navigates to https://contoso.sharepoint.com in their web browser.
  2. SharePoint receives the request and detects that auto-acceleration is enabled for this tenant by leveraging the domain name in the domain.sharepoint.com URL being used to access SPO.
  3. The user is then sent to login.microsoftonline.com with extra information in the URL (a whr tag). This tag indicates to AAD that it is safe to accelerate the user directly to the ADFS endpoint, login.contoso.com.
  4. Once there, the user may enter their credentials and sign-in. In the case of domain-joined machines, the user will be signed in immediately based on browser settings for SSO.

This effectively allows SPO to provide home realm discovery and SSO for users, like Exchange Online does today and will make your SPO users much more happy, reducing the authentication prompts and requests for UPNs/Passwords.

Managing the New Exchange Online OWA Document Collaboration Feature

Posted on

exchange_online_banner_sm

For those Office 365 Admins who are responsible for Outlook Web Access (OWA) and the new Document Collaboration feature, allowing Office 365 Web Apps to render the attached document and provide document editing and collaboration. While this is a great new addition, as Exchange previously would not allow or provide the ability to edit these attached documents, as the Exchange Information Store did not have that capability.  So now instead of having to save the attached document to a local PC, fileshare, SharePoint Online, etc and then edit the document, the attached documents can now have full editing capabilities, which is FANTASTIC!

OWA_Doc_Collaboration

So your next question might be “How do I manage this?  While I like this capability, my users may not be ready, I need to get everyone trained on this before rolling this out. How do I manage this?

special thanks to Bala K. for the following information

Steps to Manage Enablement/Disablement of OWA Document Editing

  1. Connect to Exchange Online via PowerShell
    1. http://help.outlook.com/en-us/140/cc952755.aspx
      1.  $LiveCred = Get-Credential
      2. $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
      3. Import-PSSession $Session
    2. Once connected, you will manage this OWA Document Editing Capability by managing the OWAMailboxPolicy attribute for the Exchange Online tenant level for all users:
      1. Tenant
        1. Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -WacViewingOnPublicComputersEnabled $False -WacViewingOnPrivateComputersEnabled $False

Note – When using this new feature notice that the attached document has three elipsys (dots) which give users the ability to select if they want to download, otherwise clicking the document will open the attached document into Editing View:

doc_edit_download

New SharePoint Online Menu Management Options

Posted on

SPO

For SharePoint Online of Office 365 Global Administrators who need to control what links your SharePoint Online users see when browsing throughout SharePoint, this article is for you.

The SharePoint Online Admin Center now has a new option to control which links are provided for your end users.  To manage these options, use the following steps:

  1. Browse to your SharePoint Online Admin Center, similar to:
    1. https://<domain>-admin.sharepoint.com
    2. Browse to Service Settings
    3. Note the very first option displayed, allowing you to manage which links are provided for your users, regarding OneDrive for Business, Yammer/Newsfeed or SharePoint “Sites”:

SPO_Menu_options

What Happens to SkyDrive Pro Sites When Removing an SPO License

Posted on Updated on

SPO

For those SharePoint Online Admins who are responsible for licensing and site cleanup, this post is for you.  A great write-up on this can be found here, however for brevity’s sake, the important information is listed below:

Source: http://blogs.msdn.com/b/kaevans/archive/2012/06/25/top-recommendations-for-managing-the-my-site-cleanup-timer-job.aspx

Note – While the above references SharePoint 2010, using the MySites Moniker for people’s personal SharePoint sites, SharePoint Online 2013 references SkyDrive Pro as the new name for this feature.  While the above reference is to SharePoint 2010, the SkyDrive Pro/MySite “clean-up” process is still used in SharePoint 2013.

The My Site Cleanup Job is responsible for deleting user profiles and My Sites of those users.  This includes the following activities:

  1. Remove user profiles that are queued for deletion.
  2. If those users have a My Site, assign the  user’s manager as the SPSite.SecondaryContact.  Email the manager letting them know that the user’s My Site will be deleted in 14 days.
  3. 11 days after the first notification, email the manager again letting them know that the My Site will be deleted in 3 days.
  4. After a total of 14 days, delete the MySite.