Accomplish More with Your Remote Meetings – 5 Tips from Remote Meeting Experts

There are very few things we truly have control over, and a pandemic is not one of them.

In these past few months spent in isolation, our DevFacto UX team has reflected over the processes that made us successfully pivot into remote working – what works, what doesn’t, and why the mute button is so much more elusive whenever there’s more people in a meeting. Early on, we shifted all of our discovery workshops online and developed a formula for facilitating effective remote meetings via Microsoft Teams. Here, we share our top tips on how to make remote meetings work.

See, for us, UX professionals, being in the same room with our customer early in the project is incredibly beneficial to the final product. It is actually one of the reasons why we turn our software discovery sessions into collaborative ideation workshops.

Normally, we run these sessions in person, sometimes even in a specially designed room. During ideations, the group comprised of client stakeholders generates divergent ideas and converges on an action or decision to move forward. As a UX designer, this is usually the longest stretch I get to communicate with clients in person. It’s also my best shot at gaining a full understanding of the complex business problems they face. Being so, the workshop becomes a crucial step in establishing the necessary amount of trust to build software that humans love to use. Understandably, the stakes for our remote meetings are high because the success of the final product starts with expert meeting facilitation.

How do we understand a problem, gather requirements, and design a solution when we can’t meet our customers face to face? It starts by following these five tips during our Microsoft Teams meetings (but you use these with any remote meeting tool):

Tip 1: Turn on your camera

When we think about remote working, the most difficult barrier is the inescapable awkwardness of trying to collaborate while we are physically alone. Where the solution begins, is us – the facilitator of these sessions.

It was my eighth-grade teacher that told me, “trust takes years to build but just a moment to break”. I can’t imagine how long it would take to build trust trying to facilitate workshops remotely with your camera off.

Tip 2: Acknowledge that virtual meetings are awkward.

The first step in eliminating something is to acknowledge it. There is a spirit to human connection that a computer could never replicate. The subtleties in facial expressions. The cues we get from an intake of breath. Shifts in posture. The presence a person brings to a room.

What we found was the most pivotal in creating an engaging environment was to acknowledge firstly, that this can be awkward, probably will feel awkward, and it is not ideal. Then to establish a human connection, we start by turning our cameras on, looking into it when we speak, and making it apparent that we are not bots on the other side of the screen. We are humans enduring something that is completely out of our control and making the best of it.

Tip 3: Energize meeting participants

Another barrier we have come to identify is the lack of eagerness to asking questions.

Think about it in a typical workshop setting. Questions come up when a facilitator gives space for participants to feel comfortable asking them. We take these cues from a facilitator when that space has been created in the pauses in their speech and the open air, they let fill the room. When we find ourselves in remote settings, those kinds of cues are gone, resulting in fewer questions and less engagement.

Our solution is to start off with an ice breaker, aka energizer activity, at the beginning of these remote sessions. These serve to get everyone involved in a meeting, but they also come with another purpose – to create confidence through education. At DevFacto, we specifically choose exercises that can introduce concepts related to the workshop we are running to equip participants with the knowledge and confidence needed to share opinions.

This knowledge usually comes in the form of guidelines and terminology. We found that by doing so, participants felt more comfortable and assured in voicing their opinions and, at the same time, we were able to give them deeper insight on why we were making certain recommendations.

Tip 4: Plan silence

Another method we use at DevFacto is to frequently pause to ask for questions and have slides with questions to serve as a prompt to participants. My advice to remote meeting facilitators is to be comfortable facilitating to silence – it’s necessary for reflection.

Tip 5: Give your meeting participants a sense of control.

Our final barrier that we’ve identified is the distraction that comes from working in a home environment. Part of creating a space for collaboration is making sure the participants know what is expected of them in a meeting. Do not surprise your participants with tools they need to download and links they need to visit on the spot.

Give your participants a sense of control with a more transparent approach and send out a detailed agenda prior to a remote meeting. Include how long each activity will take, any links or tools they should have ready, and when the breaks are going to be scheduled.

For each break, encourage the participants to turn off their cameras, mute their mics, and stand up. Once everyone has settled back into the meeting, re-energize them again with a light-hearted activity.

Keep in mind to choose activities that require collaboration and interaction to keep your participants engaged. At DevFacto, we’ve adapted by introducing online collaboration tools like Mural into our workflow with features that allow participants to add, remove, and vote. Some of the best exercises to facilitate remotely are retrospectives, problem framing discussions, and journey mapping.

When we remember the human side of facilitation, doing it remotely doesn’t seem so overwhelming. The thing is a good facilitator is a good facilitator. Enter any space and make it safe to share ideas, offer yourself in an honest way, and recognized the value in the insights of your participants. Remote collaboration is a unique experience that requires an adaptable and flexible way of facilitation. Once you overcome the barrier that is your screen, you will see the amazing connections humans can build.

For consulting on getting the most out of your company’s new remote working landscape, contact us at https://www.devfacto.com/contact-us/.

5 Practical Power Automate Examples Your Business Will Love

Formerly known as Microsoft Flow, Power Automate is a web-based service that helps to create automated workflows between your favorite apps and services to synchronize files, get notifications, collect data and more. Power Automate is a part of the Office 365 suite and is available in most Office 365 subscriptions. While its new name does not roll off the tongue quite like the old one did, it certainly flows (pun intended) with the Power Platform.

For those that have a deep SharePoint Server background, you might think that Power Automate is a replacement for the SharePoint Designer workflow. For us SharePoint aficionados, that’s certainly a selling point. But while Power Automate does provide you with a rich UI tool to handle automated processes in SharePoint, it is really a universal automation tool that connects all kinds of applications by utilizing custom and standard connectors.

So, what exactly can you build in SharePoint by using Power Automate? In this blog post, I will demonstrate 5 practical Power Automate examples that maximize SharePoint functionality.

For these use cases, we will create a couple of solutions for DevFactonaut, a fictitious company, and discuss various automation scenarios that provide value to its specific departments.

1. Deploying Lists and Libraries with Power Automate

Deploying Lists and Libraries with Power Automate (1)

If you wanted to reproduce a site structure in multiple environments, Power Automate is great for deploying lists and libraries. For example, you might need to provision several lists and several libraries to promote a Site Lifecyle Management process through environments used for Development, User Acceptance Testing, and Production. Another use case scenario could be that as a consultant, you might want to build out a structure on your development tenant and deploy the structure to a client’s tenant using Power Automate (assuming the option is available for you).

You can also choose to complement the Power App you built that has a data connection to a SharePoint site containing lists and libraries. Power Automate would deploy the dependencies associated to the Power App. Typically, you would execute a PowerShell script but this is another option to consider when automating these site artifacts rather than performing the task of creating the lists and libraries manually.

  1. First, set the trigger for this flow to Manually trigger a flow.Manually Trigger a Flow
    I chose this as our trigger because we want to only run this flow manually to provision the dependencies to a targeted site.Manually Trigger a Flow - Add Input
  1. Next, hover your mouse on the arrow downward and click the (+) to add an action after the trigger.
    We will initialize a variable that would be used to define the targeted site.Variable - Target Site
    Optionally, you can opt out of this Initialize Variable action, and choose to create inputs on the trigger by clicking the + Add an input, see the Manually trigger a flow image above.
  2. Next, we will define the list or library you want to create. For this, we will use the Send an HTTP request to SharePoint (SharePoint) action ALOT.
    HTTP Request to SharePointThe following properties within this action are populated using the REST API,POST https://{site_url}/_api/web/listsdocumented here.Working with Lists using REST list
    Based on the example shown above, it would help us determine how to populate our Send an HTTP request to SharePoint (SharePoint) action.

    • Site Address – populated using our variable called varSitePrefix.
    • Method – set to POST as we will be using to create lists, and libraries.
    • Uri – set to this value: /_api/web/lists to create the list or library.
    • Headers – contains information regarding the connection of the HTTP request such as the connection type, authentication token, proxies, etc.
    • Body – specifies the data related to the POST request.

    Sent HTTP request to SharePoint
    The Base Template of 100 is the Template ID and it would be using the Custom List template. For your reference, below is a table outlining the corresponding Template ID to a few List Templates.

    NameTemplate IDDescription
    Announcements104A list of news items, statuses and other short bits of information.
    Calendar106A calendar of upcoming meetings, deadlines or other events. Calendar information can be synchronized with Microsoft Outlook or other compatible programs.
    Contacts105A list of people your team works with, like customers or partners. Contacts lists can synchronize with Microsoft Outlook or other compatible programs.
    Custom List100Using a list gives you the power to share information the way you want with your team members. Create your own list from scratch, add any other columns you need, and add items individually, or bulk edit data with Quick Edit.
    Document Library101Use a document library to store, organize, sync, and share documents with people. You can use co-authoring, versioning, and check out to work on documents together. With your documents in one place, everybody can get the latest versions whenever they need them. You can also sync your documents to your local computer for offline access.
    Form Library115A place to manage business forms like status reports or purchase orders. Form libraries require a compatible XML editor, such as Microsoft InfoPath
    Issue Tracking1100A list of issues or problems associated with a project or item. You can assign, prioritize and track issue status.
    Links103A list of web pages or other resources.
    Picture Library109A place to upload and share pictures.
    Survey102A list of questions which you would like to have people answer. Surveys allow you to quickly create questions and view graphical summaries of the responses.
    Tasks171A place for team or personal tasks.
    Wiki Page Library119An interconnected set of easily editable web pages, which can contain text, images and web parts.
  3. Next, we will continue to use the Send an HTTP request to SharePoint (SharePoint) action to create columns for the list. This time the properties for this action will contain the following:
    • Site Address – populate using our variable varSitePrefix
    • Method – set it to POST as we will be using to create the columns
    • Uri – set to: _api/lists/getbytitle(‘<Site Title>’)/fields to create a custom field to a list or library
    • Headers – should contain information regarding the connection of the HTTP request such as the connection type, authentication token, proxies, etc.
    • Body – should specify the data related to the POST request

    Refer to the FieldType Reference link listed at the end of this blog post to identify the FieldType Number to the Field . Now, let’s create a Status field with a datatype of Choice that contains choices of In Progress, Approved, and Rejected.

    Add column status in sharePoint

  1. To create additional columns for your list, continue to use the Send an HTTP request to SharePoint (SharePoint) action and repeat the steps we did for the Status field. When you’re done, you could group all the actions together using a Scope (Control) action for easier interpretation when reviewing your flow. The Scope action is helpful to group actions and conditions in your flow especially if your flow is complex and is too busy to understand from a glance.Scope - Vacation Request app in SharePoint
  2. Lastly, click the Save button when you are done defining the lists, libraries and columns to be deployed from this Power Automate flow. Now, you can run the flow manually to have it provision the lists, libraries and columns defined.New Flow Overview in Power Automate

If successful, then the SharePoint site would appear to show the Vacation Request list and a Status custom field. I created additional columns that will be used in the next use case.

Power Automate Samples

2. Populating a List OR Migrating a simple Excel Table contents to a SharePoint List

Migrating Excel file to a SharePoint list with Power Automate

If your organization is planning a migration to Office 365 this can come in handy. You might already have a defined file plan for files that will be migrated to a specific Document Library or folder, but what about those simple excel tracking sheets? A Simple Excel file contains a large table without macros, conditional formatting, VB code, or referencing to another sheet. Using the SharePoint UI to perform a bulk import to a SharePoint list can be tedious and inconvenient especially if you do not already have the privileges to execute a PowerShell script. One option to resolve this is converting the Excel table into a SharePoint list.

In the previous example, we created a simple Vacation Request list. Now, we will add on to it a list to demonstrate the migration from an Excel table to a SharePoint list.

  1. Set the flow type to instant and use the Manually trigger a flow After the trigger, add the List rows present in a table (Excel Online Business) action. This action queries the rows from the table in an Excel file.mapping excel rows to SharePoint list
  2. Next, you’ll need to upload the Excel file to either OneDrive or SharePoint and define in the Location property of this action. In this example, I uploaded the file in the Documents library of the SharePoint site that contains the Vacation list. Then we will comb through each row using an Apply to each (Condition) and perform a Create item (SharePoint) action to the Vacation Request list. The condition will step into each row returned from our List rows present in a table (Excel Online Business)Create a SharePoint Item in Power Automate Flow

When running an instance of the flow, you might encounter this error when dealing with Date columns in an Excel Table.

{

"status": 400,

"message": "String was not recognized as a valid DateTime"

}

This is because the flow is reading the value of the ‘Start Date’ column and ‘End Date’ column as a serial number of the date. For example, the serial number 43946 represents April 25, 2020. To resolve this error, we will need to alter the column format from Date to Text or copy and paste it in a new column of Text format. Rerun the flow once the changes have been done to the file. Once your flow is completed successfully, navigate to your SharePoint list to view all the newly created list items.

Excel table turned into a SharePoint list

3. Provisioning an AAD (Azure Active Directory) User with Power Automate

Another example of a common SharePoint and Power Automate automation is provisioning new users in Azure Active Directory. This is a great way to automate the onboarding process that is helpful to both HR and IT departments. For this use case, we will provision a new user once a department manager submits a New User request.

The request or service ticket to setup the Active Directory Account can be stored in a SharePoint List or any 3rd Party application and will trigger the flow once the Status is set to Approved. To keep the scope of this use case simple, I’ll refer to a “Click a button to create a new Azure AD user account” template that is available in the Templates section.

Create a new Azure Active Directory User

Keep in mind that the account used to create this automation will need the necessary permission to use the Azure AD connector used in this template.

User permissions AAD

The trigger in this template has inputs that prompt the user running a new instance of this Power Automate flow. For simplicity’s sake, I’ll call this user the flow initiator. The flow initiator is prompted for the following input properties and their responses will be used as the properties in the Azure Active Directory User.

  • Mail Nickname (i.e. username)
  • Display Name
  • User Principal Name (UPN)
  • Given Name
  • Surname
  • Business Phone
  • Mobile Phone
  • Department
  • Job Title
  • Office Location
  • Preferred Language
  1. First, create a password for the user (it is a Initialize Variable (Variable) action), which autogenerates a password for this account with a concatenation of the text “Pwd” and a formula of substring(utcNow(), 20,8).
    Create a password for a Azure AD user in Power Automate
  2. Next, use the Create User (Azure AD) action to populate the properties based on the responses entered in the inputs from our trigger. Once this action is successfully completed, send an email to the flow initiator with the autogenerated password for the newly created account.Complete the AAD user flow in Power Automate

So, what does this workflow look like in practice? In this scenario, the flow initiator is likely an HR professional or a Hiring Manager. This person receives the email sent in the last action, Send an email (Outlook) and pass it on to the new hire. After the new hire goes through an orientation session and gets settled at their workstation, they get a print out with their credentials from the flow initiator.

high level flow in Power Automate

4. Automated approval process – From approval request to a response

The days of printing out a Vacation Request form, filling it out, and leaving it on your manager’s desk for are hopefully a thing of the past. With Power Automate, organizations can modernize legacy ways or mundane processes and introduce technology effectively.

In this example, we will use Power Automate to start the approval process for a type of document, notify the approver that there is an action task pending their approval, and allow the approver the option to respond on their workstation or on a mobile device using the Outlook app or the Power Automate app. Both apps can be downloaded from the iOS App store or Android Play store.

To demonstrate the approval request and approval response using Power Automate, let’s modify the Vacation Request list that we used previously.

  1. For this flow, use the automated flow type and the When an item is created (SharePoint) This means that whenever a new item is created in this list, it will trigger an approval flow requesting an approve/reject action from the manager.
  2. Next, add the Create an approval (Approvals) action and the Wait for an approval (Approvals) These two actions represent the requesting portion of this use case. I choose the Approve/Reject – First to respond choice for the Approval type. Alternatively, you could define custom outcomes instead of ‘Approve’ and ‘Reject’.Setting up an Approval Process in Power Automate
  3. If you have a requirement where there are multiple Approvers and the Approval must run in parallel, then you could wrap all the approval actions in a For each {approver] condition. To do this, click the ellipsis menu of the for each condition and click Settings. Set the Override Default toggle to true under the Concurrency Control setting and set the degree of parallelism to the max. By default, a ‘for each’ condition is executed in sequential order. To learn how to accomplish this, read the Advanced | Flow of the Week: Send parallel approval requests to a dynamic set of approvers blog post.

For the sake of simplicity, we will keep the scope of our flow to only one manager. In our example, the manager receives an email notification regarding the request. Then, they respond directly in the email by clicking either the Approve or Reject button shown in the body of the email, optionally, they add a reason and then click the Submit button.

Pending approval- Power Automate approval process

Depending on the response of the manager, the flow will move on to the outcome chosen. At which point, we change the value of the Status column to either Approve or Reject and send an email notification to the Requester (Created By – Email Address).

Approve or Reject Process in Power Automate

5. UI Flows in Power Automate – Intake form process to on-premise data source

UI Flows in Power Automate allow you to create and record Robotic Process Automation (RPA) capabilities to automate repetitive tasks in Windows and Web applications. With RPA, organizations can streamline business operations, reduce cost, minimize errors, improve compliance and productivity. Think for a moment of a task you need to complete on a reoccurring basis. Perhaps, you generate monthly financial reports for the financial department, or an inventory report for the procurement department, or you just want to get more done in less time. RPA is the way to do it. In this example, we’ll demonstrate the automated process of routing content from a Microsoft Form to an on-premise data source, Access.

For our next scenario, our fictitious DevFactonaut company wants to automate its sales process.  DevFactonaut has a Contact Us form on their public facing website. The form, built using Microsoft Forms, is configured for anonymous use. Potential customers visit the company website, fill out the form, and connect with sales about the services offered.

To handle that, we will set up a form that upon submission triggers a flow that saves the entry in an Access database file stored on the company’s server. We will be using Power Automate, UI Flows (Desktop), Microsoft Forms, and Access.

  1. First, let’s build the form using Microsoft Forms by signing into https://forms.office.com/ or clicking the Microsoft Forms from the Office 365 App Launcher.Build a Microsoft Form using app launcher
  2. Click the New Form button and build the form with a title of Contact Us, provide a description of the form, and add fields onto the form as shown.New Form
  3. In the top right corner click the ellipses and the settings to allow anonymous responses and a customized thank you message. Optionally, you can pick a theme or set a custom theme.microsoft Form settings
  4. Next, we will create our flow that will be triggered to route the contact request from Microsoft Forms to our UI flow that will store the value in the Access database. Navigate to Power Automate by going to https://flow.microsoft.com/ or clicking the Power Automate from the Office 365 App Launcher. Click the My Flows section shown in the left navigation pane, navigate to the UI flows group, and click the Create a UI flow connect a Microsoft For to Power Automate
  5. You’ll have the option of choosing a desktop app or web app. Choose Desktop app and click Next. Define a name for the flow, for example; Store Contact info to Database. Click Next.

Create a UI flow in Power Automate

  1. Afterwards, you’ll be prompted for the inputs fields that would be entered to the Access Database. Simply taking the values from our Contact Us form as our Input fields to be used in our recorded UI flow.Set up flow inputs in Power Automate
  2. We will then record the steps that the UI flow will perform. Make sure that you have downloaded and installed the package needed to record the steps.Record and edit steps in the flow
  1. You might have to restart your workstation after the package is installed.Record the UI flow
  2. A recorder control will appear and docked at the top center of your screen. Click the Record button when you are ready to perform the tasks.Record flow
  3. Click Done when you’ve finished your recording of tasks.start the UI flow record
  4. Click Next if you are satisfied with the recording. In our scenario, we won’t define any outputs as we are just submitting values from our Microsoft Forms (accessible outside our organization) and saving the contact info in our Contacts Management Database file. If you’d like, perform a test to validate that the recording will execute without any errors.Test UI flow in Power Automate
  5. Since our test is successful with our UI flow, the final step is to create an automated flow and run the UI flow when a new entry is submitted from the Microsoft Form. We will need to configure a On-premises gateway for the UI flow to connect to the server. For instructions, read how to install an on-premises data gateway.On-premises data gateway in Power Automate

This automated flow type uses the When a new response is submitted (Microsoft Forms) trigger. We will then add the Get response details (Microsoft Forms) action to retrieve the fields from the Contact Us form. The last action will be the Run a UI flow for desktop (UI flow) action, and we’ll map the Microsoft form fields to the UI flow’s input fields. This action is a premium action, and you’ll need to validate if you have the sufficient licensing associated to your account.

complete UI flow in Power Automate

With minimal effort, we were able to get a working UI flow to be recorded, have it invoked from an automated flow, and the automated flow to handle the data intake submitted from the Microsoft Forms. You may have reasons for and against using Access database. Here, I used Access, to show you that you can collect data externally and store it in an internal database.

Final Thoughts

So, what did you think? Does this interest you? Do you see possible scenarios on how to integrate these demos in your organizations? Let’s connect and continue the conversation.

That’s a wrap! We went through 5 use cases done with Power Automate in a very grounded and simplistic scope. However, I hope this gives you insights and showcases the powerful automation of Power Automate. Pun intended.

Streamline Office 365 multi-tenant collaboration with ADSS

We regularly talk to organizations that want to enable better collaboration between users of multiple Office 365 tenants. Some have structured their operating units across multiple tenants, others need to comply with strict regulations around internal information sharing or accommodate deep partnerships between various organizations. Not only is it cumbersome to manually invite each user of the other tenant, it’s nearly impossible to remove them once they leave the other organization without very close communication between tenants and ongoing monitoring. This spells trouble (and mess!) for a corporate active directory. So, what is the best way to enable multi-tenant collaboration? 

What is multi-tenant collaboration in Office 365? 

Consider a situation with two Office 365 tenants, tenant A and tenant B. 

When a user in tenant A shares a document or sends a Teams invitation to collaborate to an external contact in tenant B, what typically happens is: 

  1. External contact receives an invitation email.
  2. They sign in to authenticate. If they have an Office 365 account on a different tenant, they will sign in using their organizational account. 
  3. External contact from tenant B becomes a guest user in tenant A. 

Now, the external user has some collaboration capabilities on tenant A. This is straightforward for enabling collaboration on a case by case basis, but what if you needed to do this for hundreds of users in another tenant?  

Enabling multi-tenant Office 365 collaboration at scale 

Office 365 multi-tenant collaboration gets complicated in companies that have several subsidiaries with thousands of users, and those who undergo mergers and need to enable collaboration for existing employees under a different tenant.  

When mergers, acquisitions or divestitures happen, there is an urgent demand for quick collaboration across different Microsoft 365 tenants. This does not just mean Teams or document collaboration as in the example aboveEmployees across tenants will be looking to communicate across the tenants the same way they are used to and need to: 

  • Easily find other tenant’s users when sending emails or collaborating in Teams. 
  • Easily add other tenant’s users to calendar invites. 
  • See the other tenant’s distribution lists. 
  • Apply security restrictions based on the other tenant’s security groups. 

Up until recently, enabling this sort of capability to work with another tenant has been a challenging process. Think GalSync FIM/MIM heartache, lots of PowerShell scripting, CSV files, exports, and imports. This can quickly become a very difficult process to manage and maintain going forward. 

The good news is that Microsoft has an offering to meet that challenge 

Enter Active Directory Synchronization Service

At Ignite last year, Microsoft announced a new capability called ADSS that addresses all these difficulties. ADSS stands for Active Directory Synchronization Serviceand it’s a rather unfortunate acronym for those who remember Active Directory Sites and Services. As of writing this post, if you google ADSS, you’ll find anything, but content related to the service. 

Luckily, some fine folks at Microsoft were happy to respond an inquiry email I sent them about product specifics.  

What can you expect from Microsoft’s ADSS? 

ADSS is a Microsoft Services cloud service that’s designed for quick implementation, with no on-premise set up. The pricing is unit-based, keeping the costs predictable, and the service is offered on a consumption-based delivery model, so you’re paying only for what you use.  

What do you get with Microsoft ADSS: 

  • Global Address List and Day 0 Integration 
  • Quick single GAL setup for all your tenants 
  • Coexistence for Office 365 
  • Synchronize all the objects and attributes necessary to drive seamless collaboration between Office 365 tenants. This means synchronizing Users, Security GroupsDistribution Lists, Contacts & Guest accounts between tenants. 

The key point here, is that this is not a tool that you download and configure. It is a managed service offering that runs in Azure and is managed by Microsoft. You get the benefit of quick deployment and a hands-free operation. Microsoft handles all aspects of the service for you.  

If, at some point, you’ll need to merge Active Directories into a single tenant, the good news is, your investment into ADSS can be leveraged and evolve into a full user migration service by upgrading to ADMS (Active Directory Migration Service). 

Engaging ADSS 

As mentioned, ADSS isn’t an offering you can just add as a service in the Azure Portal. It is a managed service first and foremost. It requires engaging Microsoft Enterprise Services to implement the people, the process and the software to the specific needs of your organization. 

Pricing also depends on your specific organization requirements, but it’s fair to say this is a service geared towards the larger enterprise customers on Office 365. 

If this is something you are interested in exploring in more detail, reach out to us and we will be happy to help get you started! 

Automating Site Provisioning and Governance in Office 365

What is Site Provisioning? 

Site Provisioning is a process of creating SharePoint sites programmatically to meet business requirements.  

Site Provisioning deeply impacts both governance and site sprawl, and for that reason, it is one of the most important aspects of any Office 365 implementation. Nowadays, with more and more companies adopting Office 365, provisioning becomes increasingly relevant as it helps maintain structure in the digital workplace. This presents a whole new set of challenges for  IT and Office 365 administrators as they need to understand what are best methods for provisioning sites, teams and groups? How to ensure new sites, teams and groups fulfill governance criteria? And, finally how to automate the provisioning process? In this article we will address all of these questions.

Table of Contents

  1. How Site Provisioning affects governance 
  2. The benefits of automating site provisioning in Office 365 
  3. Automated provisioning: Real life example
  4. SharePoint site provisioning methods 
  5. How to automate the site, team or group provisioning process in Office 365 

How Site Provisioning affects governance 

Sites are the main structural element of SharePoint. There are different types of sites that organizations can use as a template to create their custom site structure. They may include classic sites, communication sites, team sites, publishing sites etc. In the previous versions of SharePoint on-premises, creating a new site was somewhat complicated. Nowadays, SharePoint Online lets us create a new site effortlessly through a simple 2-step process which, at least in theory, can be triggered by anyone in the organization. Users just need to navigate to the SharePoint site (/_layouts/15/sharepoint.aspxand click on + Create site” and that’s it.  

Create a site in SharePoint

However, this ease of use creates a problem. If users can create new sites on a whimeven a well-maintained internal site structure will soon turn into a messy, hard to manage bulk. 

Before we discuss the solutions, letexplain the difference between Site Provisioning processes in SharePoint on-prem and in Office 365 

In SharePoint on-premise, provisioning applies only to sites. However, in Office 365 this process applies to all structural elements of applications that make up the large modern work space: teams and channels in Microsoft Teams, channels in Microsoft Stream, and groups in Office 365. Considering the collaborative nature of all these tools, its easy to imagine that the sheer volume of Team, Channel and Group requests could quickly overwhelm the administrators.  

The benefits of automating provisioning in Office 365

There are numerous benefits to automating the provisioning process in Microsoft workplace collaboration apps, but the real game changer here is a truly enforceable governance. In a typical organization, governance policies live in a shared document. Employees refer to it from time to time, however the policies contained within are difficult to enforce across the organization. Keeping your governance documents up to date is rarely enough. By automating site provisioning processes with wizards or workflows, you’re helping employees do their jobs without worrying about non-compliance. 

Automated provisioning significantly reduces the chances of a human error. In fact, when automated, site or team provisioning on the front end is as simple as following an intuitive wizard that guides employees through the process, while ensuring business logic.  

Here’s how automated provisioning helps your organization: 

  • Sites, teams, channels are created by users in a self-serve system that follows business logic specific to your organization. 
  • Employees follow a step by step wizard that ensures new sites and teams adhere to corporate policies. 
  • Automation decreases the burden on your Office 365 administrators.    
  • The metadata that employees input during the process, helps manage the life cycle of the new site, team or channel. This means that deciding whether a site needs to be kept or retired becomes much easier.  
  • Automated site provisioning allows you to also automatically create reports, audits and site/channel directories.  
  • The process uses established APIs. 
  • Additional functionality (e.g. updating a site life cycle database) can be added easily. 

Automated provisioning: Real life example

Here we’ll show you a provisioning process we have been recommending to our clients. This particular process leverages PowerApps and Power Automate (formerly Microsoft Flow).  

  1. User requests a site and completes a form wizard filling it with required metadata. This information can include owner, purpose, description, related projects, cost centre, start date, end date, and template.  
  2. Application uses the metadata to create a team site based on the selected template. 
  3. Information from metadata helps manage the sites in the future. For example, information offered in the cost center is synced with internal accounting systems, end date and is used to ensure that there are no orphaned (or unused) sites. Team site owner becomes responsible for managing the team site’s life cycle. 

This approach lets you regain control over your Office 365 by ensuring that all sites, channels and groups follow the prescribed life cycle. By automating the process, you’re ensuring that new sites are added to a corporate site structure and, if needed, to a corporate site directory.  

This diagram explains a typical automated site SharePoint provisioning process we recommend:  

automated SharePoint site and Teams provisioning for Office 365

While our example focused on provisioning a SharePoint team sites, the same approach can be applied to provisioning Teams, Stream, and Office 365 Groups.  

SharePoint site provisioning methods 

Our automated provisioning process for Office 365 applications combines a set of provisioning methods that I’ll describe below. You can use each one of these stand-alone methods to provision sites in your organization. However, before you get started with any of them, consider you organization’s particular policies and restrictions to decide what’s the best fit for your organization.   

Provisioning a SharePoint Site using the User Interface 

There are a couple of ways to do this. The most obvious one is by enforcing Governance and applying settings to your tenant to limit the ways users can create a Team site (with or without an Office 365 Group). 

In this scenario, after clicking the SharePoint icon in the Office 365 App Launcher (often referred to as the Waffle Icon)the user opens SharePoint in a browser clicks on Create Site.
 App Launcher Office 365

Our next method is creating an Office 365 Group. User creates an Office 365 Group in Outlook by clicking on the New Group link. Each new Office 365 Group automatically creates a SharePoint site. 

Create a New group in Outlook

Good governance is critical if you’re using this method, as members of an Office 365 Group can soft delete a group (sometimes by accident). Without safeguards in place, the IT department won’t know this happened. To prevent this situation, you can set up a requirement to evaluate Office 365 Group deletions before they can be permanent. The deleted group is retained but not visible for 30 days from the deletion date. You can view and manage the deleted Office 365 groups that are available to restore by signing into the Azure AD Admin Center. 

Lastly, a SharePoint Admin can create a site in the new SharePoint Admin Center. 

 create a site in the SharePoint Admin Center

Provisioning using Microsoft Graph 

Using the Create Group API in Microsoft Graph will result in the creation of either an Office 365 Group. By default, an Office 365 Group is integrated with a bundle of Office 365 services. Currently, the Create Group API does not have the option to enable Microsoft Teams. If you require to include Microsoft Teams in your provisioning processthen you will need to execute an additional API in Microsoft Graph to enable Microsoft Teams on an Office 365 Group. When provisioning using the Microsoft Graph approach, you are creating a Team site via the creation of an Office 365 Group. 

Provisioning using REST API Operations 

If you’re looking for a more scalable Site Provisioning process, REST API Operations is one worth considering. With REST API Operations you create a SharePoint site based on a defined Site Template.  

SharePoint Admin Center - Site Template

Some of the most used site templates are Team sites and a Communication sites, but you can also apply other templates to provision a site using REST API Operations.  

Provisioning using PnP CSOM Core Component 

Another way to provision a site in SharePoint is by installing the Core library, which is available as a NuGet PackageThis method allows to develop the provisioning of a team site programmaticallyYou can get your core library NuGet packages for your SharePoint version below: 

Provisioning using PnPowerShell 

Like PnP CSOM Core Component, SharePoint developers can also provision sites using PnP PowerShell. With this approachyou create a PowerShell script to apply a provisioning template to a site. 

You can automate either of these approached with the help Power Automate (previously known as Flow), Logic AppsAzure Functionsand/or Web Jobs. Power Automate and Logic Apps are best for simple site provisioning operations, whereas Azure Functions and Web Jobs work well for more complex site provisioning operations. Here are some examples of complex site provisioning operations:  

  • Enabling web parts or custom actions (SPFx extensions) 
  • Creation of pages 
  • Creation of Content Types and Columns 

Automated Site Provisioning – The DevFacto Solution 

DevFacto has developed solutions that are constructed using all of the approaches listed above. One of our recent solutions developed for a client, calls APIs from Microsoft Graph and REST Operations automated via Microsoft Power Automate. Microsoft Graph is used to provision the Office 365 Group (which includes a site) and then the site is customized by calling additional REST Operations. 

Power Automate - Create O365 Group

This method allows to enable Microsoft Teams on the Team site. To accomplish that, we included it in the provisioning process by calling Microsoft Graph again. You can do that too by applying “/team” at the end of the URI to enable Teams to an Office 365 Group. Optionally, you can customize the Team by modifying the Body property (see next screenshot) with additional channels to be created, installation of apps, pinned tabs using delegated permissions, and defining Member/Guest/Fun/Messaging/Discovery settings for the new Microsoft Teams team. 

Power Automate -Enable Teams

Site Scripts and Site Designs are used to apply site artifacts and security principals to siteYou can determine the exact actions to be executed in the Site Scripts and Site Designs. Initiate Discovery workshops by analysing the business requirements of particular groups within your organization.   

ower Automate -Apply Site Designs

Alternatively, users can apply a site design to a site through the SharePoint UI. 

SharePoint Site Provisioning-Apply Site Design

 

 

Summary 

Whether your organization is new to Office 365 or has been using it for quite some time, you will need a provisioning process to ensure that new sites, teams, channels and groups are created in an orderly fashion. There are many good ways to manage the provisioning process, including low-tech ones. Some smaller organizations can get away with using their established IT ticketing system and that’s completely fine. However, growing needs and complexity drive other organizations to automating the provisioning process as it significantly improves efficiency and significantly reduces management costs.  

Automated provisioning ensures that governance rules are followed, while greatly improving application security and user experience. It also provides you with a wealth of metadata that’s collected during the provisioning process making it easier to maintain and administrate sites, channels, teams and groups well into the future.  

Automating the provisioning processes requires an upfront development investment. However, you can significantly reduce the associated costs by leveraging the tools you already have. Power Platform (PowerApps and Power Automate) apps we used in our example are included in most Office 365 subscriptions. What’s more, these tools come with many preconfigured low-code and no-code elements that fit together like LEGO bricks to give you more flexibility and more custom experience. 

Looking to get started with automating your Office 365 provisioning process? Get in touch.   

This article was written by Oliver Wirkus and Adam Tobias

References 

1) User Adoption Matters – How to Succeed with Your Office 365 Rollout 

2) Migration Pitfalls – Site-Provisioning 

3) Manage modern SharePoint sites using REST  

4) Choose the right integration and automation services in Azure 

5) Provisioning “modern” team sites programmatically 

6) Microsoft Graph  Create a team 

 

The Changing Shape of Digital Transformation

The moment of truth – will COVID-19 be the tipping point for digital transformation.

 

If “necessity is the mother of invention,” than COVID-19 has forced business leaders all around the world to rethink their digital transformation strategies.

At its core, coronavirus is disruption. What it really is, is a disruption frenzy, as nations try to slow the virus, this pandemic is impacting our political environment, our healthcare system, our economy, and the way we use technology. When disruption comes, businesses must adapt or die. And, not just adapt but adapt better and faster than competitors.

The truth is, even before COVID-19, the business world was changing at a pace that was hard to keep up. Those businesses that had already embraced a culture of change and realized their digital transformation goals might have been better prepared for this disruption than others. For others, it’s been a challenge. A recent survey by Gartner reports that only 12% of organizations are highly prepared for the impact of coronavirus. This does not mean you should hunker down and wait out COVID-19, it’s time to rev up your digital engine and position yourself for growth when the pandemic subsides.

Here are the areas you should be focusing on:

Cloud first

As COVID-19 pushes businesses to their limit, there has never been a better time to focus on cloud strategies. With the rapid response to the pandemic, millions of people have shifted remote work, pushing companies to adopt cloud-based solutions at an unprecedented rate. Rapid to deploy, cloud-based solutions are the reason organizations around the world remain productive during this time. If there was ever a good time to migrate to the cloud, this is it.

Boost process automation

Unexpected circumstances place an added burden on the workforce. Consider automating repetitive processes to free up teams and allow them to focus on more meaningful work. Extending automation throughout the enterprise can help mitigate disruption and offer stability in times of uncertainty.

Harness the power of data

Now more than ever, business leaders need to analyze risks and develop the best methods for mitigating them. They need to know the effectiveness of the current recovery processes. To do this, they need to use data effectively to guide business decisions and improve the well-being of the organization and its employees. Fostering a data-driven organization galvanizes the vision of faster, better-informed decisions to enable businesses to return to normalcy sooner.

Be champions of collaboration

No matter the industry, digital collaboration platforms are the foundation of work during the pandemic. The success of operations today highly relies on the ability to collaborate in real-time and from anywhere. Many businesses are recognizing the need to improve collaboration to ensure business continuity now and into the future.

Deliver valuable experiences

As the coronavirus crisis accelerates the transition to a digital future, the shift to digital customer experience also hits fast-forward. Empathic tools such as service design and design thinking seek to address customers’ acute needs and forge stronger ties with the market in the post-COVID-19 era. Reimagining customer experience to meet the changing needs should drive your next steps in your digital transformation journey.

The new era of business reinvention is upon us. For most industries, revenues will fall in 2020, that’s a given. But companies can emerge stronger, more innovative, and more purposeful. By creating a forward-thinking, customer-focused digital company, leadership teams can mitigate today’s threat and accelerate into an eventual recovery.

 

COVID-19 Business Intelligence

Working in the Cloud: Tips for Better Remote Work

I still remember the first time I heard the term, “cloud”. It seemed critical to the seminar I was attending, confused, I passed a note to my colleague “Cloud????” He stifled a laugh and passed the note back, it read “Internet.” Ohhhh. 

Fast-forward 10-15 years and I now work for DevFacto, where we make software that humans love to use. I am responsible for delivery of our consulting projects and Chris Buchanan is responsible for the technology on our consulting projects. I have come a long way, but I am still not “technical” and could notshould not, would not get into a debate with anyone about the pros and cons of different aspects of technology. 

BUT. 

As a people leader and an information worker, I can assure you that working in the cloud is the key to my productivity and success these days. 

Prior to working from home full-time, my days were filled with meetingsboth internal and client-facing, ad hoc discussions and independent work. Yet, I was able to transition to working from home seamlessly. I literally took my laptop home on a Friday and stared working again on Monday with very little fuss. Here’s how: 

Better Remote Meetings

Instead of meeting in-person, I moved all my meetings to Microsoft Teams. Many of my DevFacto colleagues use their laptop cameras so we can still see each other’s facial expressions while we video conference. I share my desktop for others to see, just like I would have shared it to a projector in a meeting room. Meeting attendees often share files, links and comments in the online “chat, which makes it easy to keep all the relevant information in a single place without having to switch back and forth between Teams and email. When needed, I record the meetings so that we can all refer back to the topics that were discussed.  

I keep my meeting notes in a Microsoft OneNote which automatically syncs between the cloud and my computer, so I can easily access it anytime.  

Finally, Teams makes it easy for others outside my organization to join a callAnd when I want to send a meeting invite, Microsoft Outlook adds a Teams link automatically, so I don’t need to worry about copying and pasting. 

Better Ad hoc Discussions

I also use Microsoft Teams to replace popping by someone’s office or stopping them in the hallway to ask a question. Teams has a chat feature that keeps an ongoing history of my discussions with someone. I can see their status and if it’s appropriate, send an instant message (IM). If I need to discuss something with a group, I just add new participants to the chat so that everyone is involved 

Occasionally my quick question requires more discussion and I can launch a voice or video call right from the chat window. Teams also has an app for my iPhone (and configurable notifications!), which has proven handy when I’m away from my desk and someone is trying to reach me. The app also syncs with many smart watches, if you want to get alerts even when your phone is out of reach. 

Better Independent Work

The independent work that I do usually involves the Office suite: Word, Excel, PowerPoint. Prior to working from home, I was already disciplined about storing my documents either in Microsoft SharePoint or Teams. The few things that are saved to my PC are synced to OneDrive. This means that I can always access all my documents, no matter what. If my work computer stops working or isn’t with me, I can still access the information from a different computer or my phone simply by logging into Microsoft. No VPN or other magic required.  

The administrative aspects of my work also involve a mix of cloud-based applicationsThat part of my work also remains unchanged – I still regularly catch up on corporate news via Sparrow, review timesheets and project progress in Mavenlink, approve time off requests in ADP Workforce Now, or submit personal expense reports in Xero. 

I recognize that I am fortunate to work for a technology company where cloud has been the way of way of life for quite some timeToday, these same cloud-based applications and workplace collaboration platforms are helping us weather the storm and continuously deliver software to clients just like before. We are working together almost as well as when we get to meet in person at the office (I say almost, because nothing beats the Friday Beer o’Clock with my coworkers) 

Looking to work better remotely

Nintex Workflow – Get Users from Azure Active Directory Group

Introduction

With more organizations moving to the cloud, a common question that we see from Nintex developers is: “I used to use Query LDAP to retrieve my users from Active Directory. Now that my users are in Azure, how do I retrieve them?”

Query LDAP is an out-of-the-box (OOB) action in Nintex Workflow for SharePoint on-premises. With minimal configuration, it allowed developers to grab users from an on-premises Active Directory (AD) group.

The problem a lot of developers face when they start using Nintex Workflow for Office 365 or Nintex Workflow Cloud (NWC), is that there’s no equivalent action to Query LDAP in a cloud environment (as of February 2020).

In this blog post we will learn how to leverage Microsoft Graph API to retrieve the members of an Azure AD group.

We will build our workflow using Nintex Workflow for Office 365. However, you can apply the same concepts you’ll learn today, if you’re building an NWC workflow.

Our Approach 

The end result of our workflow will be a collection of users’ principals, that you can use however you prefer. The collection will look as follows: 

["JohannaL@M365x037951.OnMicrosoft.com","LeeG@M365x037951.OnMicrosoft.com","RaulR@M365x037951.OnMicrosoft.com","DeliaD@M365x037951.OnMicrosoft.com"] 

To get there, we’ll follow the steps below:  

Azure AD: 

  1. Get your Azure AD group’s ID. 
  2. Register a new Azure AD app. 
  3. Generate a new secret for the app. 
  4. Grant the app access to the Graph API. 

Nintex Workflow: 

  1. Use the Azure AD app ID and secret, and your tenant ID to get a bearer token. 
  2. Retrieve the access token from the bearer token. 
  3. Use the access token to call the Graph API and get the users from your Azure AD group. 
  4. The users will come back in a JSON object. 
  5. Parse the JSON object and generate a collection of user principals. 

Let’s get started

In this tutorial, we will retrieve the members of an Azure AD group in a JSON objectFrom the JSON object we will retrieve the userPrincipleName property of each memberOnce we have the members JSON object, it’s straightforward to grab any other user properties like display name, email, phone number etc. 

 Our group name is “sg-Engineering” and it has the following four members: 

Azure AD Group Members

Get your Azure AD group’s ID 

  1. Go to Azure AD: https://portal.azure.com/ -> Azure Active Directory 
  2. In the left navigation bar, click Groups 
  3. Click on your group’s name 
  4. Save the Object Id to a text editor Azure Active Directory Group ID
  5. This is your group ID 

Register a new app in Azure Active Directory and grant permissions 

  1. Go to Azure AD: https://portal.azure.com/ -> Azure Active Directory 
  2. Register a new app. In the left navigation bar, click App registrations -> New registration  Registering a new app in Azure Active Directory
    1. In the left navigation bar, click App registrations -> New registration
    2. Fill-in the fields as follows:
      1. Name: give a name to your app
      2. Supported account types: select the
        option that best suits your requirements. For this tutorial, we’ll select “Accounts
        in this organizational directory only”
      3. Redirect URI: Web – http://localhostRegister in app
      4. Click Register at the bottom
      5. Save the Application ID and Tenant ID to a text editorSave App ID and Tenant ID
  3. Generate client secret
    1. Click Certificates & secrets -> New client secretNew Client Secret Azure AD Nintex
    1. Fill-in the fields:
      1. Description: give a description to your client secret
      2. Expires: choose when you’d like the secret to expireAzure AD Secret
      3. Click Add at the bottom
      4. Save the Client Secret to a text editorGrant app permissions to Microsoft Graph
  1. Grant your app permissions to Microsoft Graph
    1. Click API permissions -> Add a permission -> Microsoft Graph -> Application permissions Grant app permissions to Microsoft Graph
  1. Select the following permissions:
    1. GroupMember -> GroupMember.Read.All
    2. Users -> User.Read.All
  2. Click Add permissions at the bottom
  3. You’ll need the Global Admin to click on Grant admin consent Grant admin consent
  1. You’ll need the Global Admin to click Yes for the confirmation pop-up
  2. The permission’s Status should change from “Not granted” to “Granted”
  3. Click Add a permission -> Azure Active Directory Graph (at the bottom)->Delegated permissions
  4. Select User -> User.Read
  5. Click Add permissions at the bottom
  6. You’ll need the Global Admin to click on Grant admin consent
  7. You’ll need the Global Admin to click Yes for the confirmation pop-up
  8. The permission’s Status should change from “Not granted” to “Granted”Permissions Granted

Build the workflow

  1. We’ll start by creating a new blank workflow
  1. Then we will set the variables to the values we saved from Azure AD:
    1. Add a Set Workflow Variable action and set the variables as follows:Variables
      1. varTxtAppIDApplication ID you saved earlier
      2. varTxtTenantID: Tenant ID you saved earlier
      3. varTxtAppSecret: Client Secret you saved earlier
      4. varTxtGroupId: Group ID you saved earlierSet Workflow Variables
  2. Now we will get the bearer token
    1. Add a Web Request action
    2. Set the properties as follows:
      1. URL: https://login.microsoftonline.com/‍{Variable:varTxtTenantID}‍/oauth2/token
      2. Method: POST – content type: application/x-www-form-urlencoded
      3. Body: Content radio button – grant_type=client_credentials&client_id=‍{Variable:varTxtAppID}‍&client_secret=‍{Variable:varTxtAppSecret}&resource=https://graph.microsoft.com&scope=user.read
      4. Username: your username
      5. Password: your password
      6. Store response content in: varTxtBearerTokenJson
      7. Store http status code in: varIntgrResponseCodeGet Bearer Token

Once this action runs, we will have retrieved the bearer token in a JSON format and saved it to our variable varTxtBearerTokenJson.  This is how the bearer token will look:

Bearer Token

From the bearer token, we want to retrieve the access token.  The easiest way to do this, is to store the bearer token in a dictionary, then retrieve the value for the key “access_token”

  1. Add a Set Workflow Variable action and set it as follows:
    1. varDctnryBearerTokenJson: varTxtBearerTokenJsonSet Bearer Token Json
  1. Add a Get An Item From A Dictionary action and set it as follows:
    1. Dictionary: varDctnryBearerTokenJson
    2. Item name or path: access_token
    3. Output: varTxtAccessToken
  2. Log access token – to make sure we retrieved it successfully
    Note: You will not see the full access token in Workflow History due to the character limit. You can Email it to yourself to see the full token.Log Access Token
  1. Now, let’s call the Graph API and get the members
    1. Add a Web Request action
    2. Set the properties as follows:
      1. URL: https://graph.microsoft.com/v1.0/groups/‍{Variable:varTxtGroupId}‍/members
      2. Method: GET
        • Header name (key): Authorization
        • Header value: Bearer ‍{Variable:varTxtAccessToken}
      3. Username: your username
      4. Password: your password
      5. Store response content in: varTxtUsersJson
      6. Store http status code in: varIntgrResponseCodeGet Users Json

Once this action runs, we will have retrieved the group members in a JSON format and saved the object to our variable varTxtUsersJson.  This is how the users’ JSON will look:

Retrieved Users Json

  1. Now that we got the users, we need to extract the property userPrincipalName, we will retrieve it
    using Regex.

    1. Add a Regular Expression action
    2. Set the properties as follows:
      1. String: ‍{Variable:varTxtUsersJson}
      2. String operation: Extract
      3. Pattern: (?<=(userPrincipalName\”\:\”))[^”]+
      4. Output: varCollUserPrincipalNamesRegular Expression Json
  1. Let’s confirm that we retrieved the users successfully
    1. Add a Send an Email action
    2. Set the properties as follows:
      1. To: your Email address
      2. Subject: Users
      3. Body:Response Code: {Variable:varIntgrResponseCode}Users Json: {Variable:varTxtUsersJson}‍Users Collection:{Variable:varCollUserPrincipalNames}Send Email
  1. That’s it! Now run the workflow.
  2. You should receive an Email with the following:
    1. Response Code of 200
    2. Your AD group members in a JSON format
    3. A collection of your AD group members’ user principal names

Received Email

Conclusion

Microsoft Graph API allows you to access tremendous amount of data in Microsoft 365. In this tutorial we used the API to retrieve Azure AD group’s members. However, the API can be used for a lot more than that. The tricky part here was to get the access token. Now that you know how to get the token, check out the Graph API and see all the cool things you can do.

References

Microsoft Graph API – Get access token without a user.

Microsoft Graph API – List members end point.

 

A version of this article also appears on Wisam’s blog Consultant Diary.

 

Using Power BI for SharePoint Analytics

Here at DevFacto, we love SharePoint. But we also believe that its the value is fully realized only when users leverage it in their daily work.

The thing is that organizations don’t always know how their employees are using SharePoint. Luckily, there are various tools that can help you track SharePoint user adoption – in fact, Microsoft provides some valuable SharePoint Analytics right out of the box. However, if you’re looking for a more robust SharePoint reporting solution, you might want to consider integrating your SharePoint with Power BI. In this article we’ll show you how the built-in SharePoint Analytics stack up against Power BI, and which solution might be optimal for your organization.

To start, let’s take a look at the reporting capabilities that come with SharePoint out of the box.

Built-in SharePoint Reporting Capabilities

Depending on whether you are using SharePoint Online or On-Premise, your solution will have some form of built-in analytics:

Usage Reports

Usage reports are meant to show statistics about how visitors have interacted with SharePoint content. All usage reports are broken down per event usage. This means, for example, that you are able to see the number of views or number of recommendations displayed for an item. The two main reports included are the Most Popular Items and Popularity Trends. This offering is only available in SharePoint On-Premise.

Site Usage

Site usage visuals are available to all users on your SharePoint site. The site usage visual shows information such as unique viewers, total site visits, site traffic insights, as well as what’s being shared with external users. These reports don’t offer details, serving rather as a quick snippet of very high-level information. Here is an example of what a Site Usage report looks like:

SharePoint site usage report

Click to enlarge. SharePoint site usage report

Site Activity Web Part

The site activity web part can be added to a modern web page on your SharePoint site. It shows documents that are being edited, added or deleted within your SharePoint site.

Audit Log Reports

The audit log reports are meant to track who is opening SharePoint files and folders in any site, and what they are doing with those files. Not all information tracked is available in SharePoint On-Premise and SharePoint Online. These audit log reports are very detailed and display information in a line-by-line format.

Office 365 Admin Center Reports

The Office 365 admin center reports are only available for SharePoint online. In the O365 Admin Center you can view application usage on a user-by-user basis, however the information is limited and does not offer usage insights. This is a high-level report that is only available to administrators of Office 365.

For us at DevFacto, this is what an Office 365 admin center reports looks like:

SharePoint Admin Center Report

Click to enlarge. SharePoint Admin Center Report – Site Usage by User

Office 365 Adoption Content Pack

The Office 365 Adoption Content Pack is a detailed Power BI report created by Microsoft. It visually shows summary analytics about Office 365 adoption. However, it is only available for SharePoint Online with Office 365. While only Office 365 administrators have full control over the information, they are able to grant permissions to various people within the company. This is what an out of the box Microsoft 365 Power BI report looks like:

Microsoft 365 Usage Analytics - O365 Adoption Content Pack

Click to Enlarge. Microsoft 365 Usage Analytics – O365 Adoption Content Pack

Limitations with built-in SharePoint Analytics

Although the out of the box offerings for SharePoint Analytics provide a lot of information, they do come with some limitations:

1. The data isn’t quite what you need to make quick decisions

All these offerings are presented either as a generalized summary analytics or as un-summarized information. For example, the Site Usage visuals show quick summary charts that don’t give you in-depth detail, while the Audit Log Reports show line-by-line data but no summary analytics. Depending on your situation, you may want to view summary and drill-down into detail, or vice versa.

2. The most detailed data available isn’t the right detail

Understanding how the users interact with SharePoint content is the most important aspect of adoption monitoring. You may want to know which users are visiting which sites, which users are not using any sites, which sites are visited the most, which devices are being used to access your site, etc. However, none of the OOTB offerings show the detail that you might be searching for, which likely means you will have to come to conclusions on your own or summarize the data yourself.

3. No single spot for conclusive insights

Since the six built-in offerings all show different data, you may find yourself going to different spots track down information. This means sifting through large volumes of data, just to find relevant insights. In addition to that, some of the offerings are available only on SharePoint Online or only on SharePoint On-Premises, but not both.

4. The data comes in all forms

Some of the data comes in the form of excel spreadsheets, while other in the form of online charts or visualizations. For this reason, it becomes impossible to combine all sources of data together and to get a quick picture of the situation.

5. There is no ability to set permission levels

Companies often want to set up SharePoint reports based on permission levels. For example, your CIO may want to view all summary information to understand how the company is adopting SharePoint. On the other hand, your Operations Manager may want to view a slice of detailed information related to everyday operations. Unfortunately, this kind of functionality does not currently exist in SharePoint out of the box. While some reports (such as the audit reports) are only available to admins, they aren’t easily accessible to others in your organization.

Automating SharePoint Analytics with Power BI

So, is there a better way to report SharePoint usage? And, ideally, can you do it using the tools you already have? Being huge fans of simple, user-friendly Power BI dashboards we developed a solution that integrates these two applications giving you full visibility of your SharePoint metrics in one centralized location. By far, the best thing about it is the ability to monitor all your key SharePoint metrics at a glance and drill into detailed data when needed. The dashboard makes it easy to understand you organization’s SharePoint usage and to make quick, informed decisions based on your own data. What’s more, our reporting solution works for both SharePoint Online and SharePoint On-Premise which means that you can get the insights you need no matter which version you’re using. This solution combines Power BI and Azure Application Insights to automatically deliver reliable SharePoint usage information.

What kind of data can you track with by integrating SharePoint with Power BI? Here are some examples of insights you can get from this automated SharePoint analytics solutions:

  • The total number of users per day;
  • Users are using or not using your sites, folders and files;
  • Sites that are used the most and/or the least;
  • Browser types used to access SharePoint;
  • Types of devices that connect to your sites.

In addition to that, the solution can collect other usage data that are important to your company.

Here is what our DevFacto SharePoint usage dashboard looked like at a point in time:

SharePoint Site Usage Report in PowerBI

Click to enlarge. Reporting SharePoint Usage in Power BI

Benefits of Using Power BI for SharePoint Reporting

Here is how you can benefit from leveraging this Power BI and Azure App Insights based solution in reporting your oranization’s SharePoint usage.

1. Get the right depth out of your data

By integrating SharePoint with Power BI you can access both summary statistics and in-depth data about your SharePoint adoption. You can choose which view is the most important to you and dive deeper when you see appropriate.

2. Only see the data that is important to you

Unlike the OOTB offerings that show you all of the available data regardless of your needs, Power BI dashboard is easily tailored to your actual usage. This means that you can choose to see only the data that matters to you, and nothing more.

3. Automate SharePoint Reporting

Thanks to Azure App Insights, your data updates automatically, which means your reports are available on-demand anytime.

4. Set permission levels and change views

With different user types you can tailor access to data based on job needs giving the right data to those who need them.

5. Access all SharePoint usage data is in one place

By using Power BI for SharePoint analytics you can access all your reports in one central location eliminating redundancy.

6. Leverage the Microsoft Stack

All technologies involved in this solution are a part of the Microsoft stack. This means no additional enterprise agreements and little to no added ongoing costs.

Best of all? This solution is simple and inexpensive, so you can get started quickly.

 

Need help with gaining deeper business insights from your SharePoint analytics? Get in touch. We can help you integrate your SharePoint with Power BI for reliable and accessible SharePoint usage metrics.

Information Barriers for Office 365: Enhancing Control over Communications

Employees are the source of corporate information. They constantly create documents and data records, generating gigabytes of corporate information every single day. And this corporate information needs to be protectedMany organizations trust Office 365 and SharePoint Online as a secure platform to run their corporate intranet. This puts some pressure on Office 365 to ensure that sensitive corporate information is not just securely stored, but also that it complies with stringent regulations and laws (like FINRA). The new Information Barriers policies for Office 365 (Microsoft Teams and soon SharePoint) help administrators achieve just that.

Information Protection in Office 365

Before we dive into the new Information Barriers feature in Office 365, let’s first spend a few moments on Information Protection and examine what it means for organizationsThe obvious choice to protect information within a corporate intranet is using access permissions. With access permissions, organizations can decide which user has access to which siteFor example, in an organization with a legal department, only a narrow group of users will need access to the sites of this department 

Besides access permissions, Office 365 and SharePoint Online provide additional options to protect sensitive corporate information such as Retention PoliciesData Loss PreventionAzure Information Protection, and Compliance Sensitivity LabelsThese features ensure that corporate information stays protected within the organization and control access to specific documents. 

When they are well configured, organizations are in an excellent position to keep data and documents safe. However, for some organizations, that might not be enough. 

Limitations to information security

Although security options provide a significant level of protection, there are some limitations you need to be aware ofThe most apparent threat to Information Protection is what I like to call the human factor. For instance, there is no technical way to protect corporate information if employees meet outside of the organization and, for example, verbally share sensitive information.  

And even when it is available, technology comes with some limitations too.  

For instance, a user who does not have access to specific site may obtain sensitive files from a user who does. And while a sharing invite does not provide access to the entire site, the user who receives an invite can open, download or potentially edit the document. This means that even though strict compliance policies regarding access permissions are in place, the SharePoint Sharing mechanism can be used to bypass those policies quite effortlesslyOf course, external sharing can be disabled in SharePoint Online, but since SharePoint was built around sharing information initially, internal sharing can’t be disabled. This is just one example of how corporate compliance policies can be sidestepped 

Another example is online chats and remote meetings initiated via Microsoft Teams. Even if a user does not have access to a particular site, this user may still be invited to join the team chat, thus getting information that shouldn’t be shared with anyone else outside of the defined team. 

Finally, access permissions can sometimes be accidentally given to the wrong person. This happens surprisingly often when a couple of people in the organization share the same name. Mistakes are a part of human nature, and sometimes, they are hard to avoid.  

Need for additional layers of security 

For many companies, these restrictions are not necessarily critical. If there are trust and appropriate employee education about the importance of the company’s compliance policies, companies can do a lot to protect their sensitive information. However, some organizations need to follow stringenCompliance and Security stipulations and laws. For those, being able to bypass policies by just sharing a document is a severe threat.  

Information Barriers Policies in Office 365

This is when the new Information Barriers come into play. With Information Barriers, organizations can encapsulate or separate specific corporate entities from the rest of the organization, even though all corporate entities share the same corporate intranet and technically, the same Office 365 tenant. 

Let’s see what this means. At the beginning of this blog post, I explained why even strict access permissions might not be enough for some organizations. Sharing, the feature that makes SharePoint great, can be used as a loophole to bypass policies.  

Information Barriers policies in SharePoint and OneDrive for Business go much furtherSpecifically, because they prevent users from sharing documents with others outside of a specific corporate entity. But that’s not all. Users of an encapsulated corporate entity won’t even be able to lookup users of a different department.  

This is because Information Barriers in SharePoint and OneDrive for Business acts as a separate (logical) tenant, even though the organization technically uses just a single tenant. The following screenshot shows an example of how this might look like in SharePoint: 

Limiting file sharing in SharePoint with Information Barriers Policies

 

Configuring Information Barriers Policies in Office 365

Now that we know how Information Barriers will work in SharePoint and OneDrive for Business, let’s see how these Information Barrier Policies can be configured.  

Information Barriers rely on user account attributes defined in Azure Active Directory. These attributes can include information like department, job title, location, and team name. Organizations can create segments based on these user account attributes. Those segments can be entire corporate entities, but also groups of users (like all users with the job title ‘Financial Advisor’). The concept of segments is very flexible as it is based on user account attributes. User account attributes are defined in Azure Active Directory, but segments will be defined in the Office 365 Security & Compliance Center. With segments defined, Information Barrier policies can be created based on two kinds of policies. Companies can create policies to Block access or to Allow access. There is a significant limitation, though: a user can only be part of one (1) segment (as of December 2019), and the segments must not overlap. 

Creating segments and Information Barrier policies require thoughtful and thorough planning as Information Barriers are rigorous policies, which have a massive impact on users and the entire organization. Microsoft provides an Excel-based workbook, which organizations can use to create and configure policies. The workbook also offers support for managing policies via PowerShell. You can download the workbook here  

The following two screenshots show how you can create segments and policies in the Office 365 Security and Compliance Center: 

Create segments in Office 365 Security and Compliance Center

Blocked File Collaboration based on Information Barriers settings

Information Barriers in Microsoft Teams 

In the previous section of this blog post, we looked at options to secure SharePoint and OneDrive for Business. Still, more applications in Office 365 allow communication and collaboration within users of different corporate entities – like Microsoft Teams. Since Microsoft Teams uses SharePoint Online technology under the hood, some protection already exists therebut it may not be enough. Information Barriers in Microsoft Teams offer added security. 

Microsoft Teams allows users to communicate with each otherBut in a strictly regulated environment, this kind of electronic communication needs to be secured by policies. Information Barriers in Microsoft Teams can be used to prevent team members from communicating with other teams and sharing documents. Also, Information Barriers can be used to encapsulate a team in Microsoft Teams entirely, restricting communication to that team only. All communicationincluding sharing with anyone outside of that team, can be blocked.  

But, there’s more you can do to secure and monitor information exchange in Microsoft Teams. Information Barrier policies can also be applied to the following: 

  • Adding members to a team 
  • Requesting a new chat 
  • Invited user to join a meeting 
  • During screen-sharing 
  • During VOIP calls 
  • Guest access in teams (includes guest users) 

The next screenshot shows how Information Barrier policies are activated in Microsoft Teams: 

Activating Information Barriers policies in Microsoft Teams

User Experience 

Information Barriers can be very restrictive, and organizations should be fully transparent regarding the implementation of Information Barriers in Office 365. The entire staff (including new hires) need to know about the existence of Information Barrier policies and how these policies will affect their daily business. Educational workshops, recorded training sessions and tailored communication are an absolute must. Regarding the user experience, there are many areas where Information Barriers affect the regular usage of SharePoint. Here are some examples: 

  • Users cannot see blocked users in the People tab and People Picker. 
  • Posts of blocked users won’t show up in the activity tab. 
  • Blocked users won’t show up on the org chart and the list of suggested contacts. 

Technically, Information Barriers will affect employees when they are collaborating and trying to get in touch with each otherBasically, mostif not all, of the collaboration and information sharing possibilities in SharePoint, OneDrive for Business and Microsoft Teams will be affected or restricted by Information BarriersA full list of what users will experience if another user is blocked by Information Barrier policies can be found here. The following screenshots show how this looks like in Microsoft Teams. The left screenshot shows the user experience when trying to add blocked user to a channel, the right screenshot shows the user experience if you try to send a message to a blocked user directly: 

Couldn't add member to team due to Information Barriers policy

Requirements and Roadmap 

To be able to use Information Barriers, organizations require an Office 365 E5 license. The following roles can create information Barrier policies: 

  • Global Administrator 
  • Compliance Administrator 
  • Information Barrier Compliance Management (new role) 

My recommendation is to split administrative tasks in Office 365 to multiple roles. Each role in Office 365 (including the new Global Reader role) is supposed to be used for a specific task only. This is done to provide an additional layer of security to sensitive administrative activities in Office 365. I know that many organizations utilize the Global Administrator role for all configuration tasks, but that is definitely not best-practice and it threatens security. Organizations should associate the Compliance Administrator role or the IB Compliance Management role to specific users and use only those roles to manage Information Barrier policies. 

Information Barriers are rolling out now, but they will only be available in Microsoft Teams for now (as of January 2020)Information Barriers for SharePoint and OneDrive for Business are still in development and are expected to roll out later in Q1/2020. If you are interested, there is a Preview Program you can subscribe to. 

Conclusion 

Information Barriers are a great addition to the existing Security and Compliance policies in Office 365. While they do contradict the original idea behind SharePoint (after all, it is called SharePoint), they come in response to a growing demand for advanced security policies. Once Information Barriers are fully supported in Office 365, they will be welcomed by organizations that need to follow strict Security and Compliance regulations. 

Organizations should not underestimate the implications of Information Barriers as they will drastically impact the daily tasks of the entire staff. Reason enough to start planning now – even though Information Barriers won’t be available in SharePoint and OneDrive for Business until later in Q1/2020. Planning means not just thinking about potential policies. Implementing Information Barriers comes with an entire process of activities – beginning with checking potential legal regulationsThe implementation process also includes roles and responsibilities, identifying segments, communication to the staff, reviewing existing business processes, defining policies, training, user adoption, change management, etc.  

If your organization needs to implement Information Barrier policies, I recommend starting now to ensure, you have enough time to carefully and thoughtfully plan the entire implementation as Information Barriers will change how your organization is working today 

At DevFacto we are already working on guidelines, best practices, and recommendations to support our customers regarding Information Barriers in Office 365. Want to know more about ensuring compliance with Microsoft tools? Reach out to us. 

References 

Information Barriers Preview thread 

Information Barriers in Microsoft Teams 

Information Barrier Overview 

Define Information Barriers Policies 

User Adoption Matters – How to succeed with your Office 365 rollout 

Getting Started with Power Apps Portals – Tutorial

Introduction 

In late 2019, Microsoft released the new Power Apps Portals, joining Canvas Apps and Model-Driven Apps in the Power Apps family.   

Power Apps Portal was a long-awaited addition to the suite. While Canvas and Model-driven apps have made building applications a lot easier than InfoPath, they couldn’t be used to build public apps for anonymous users. Power Apps Portals now fills this gap.   

What’s Power Platform? 

To understand the big picture, the Power Platform is a suite of no-code/low-code tools. The Platform contains a set of tools that include Power Apps, which in turn is made up of Power Apps Portals, Canvas Apps and Model-Driven Apps.  

Microsoft Power Platform Apps

The Power Platform tools are: 

  1. Power BI – for building business intelligence dashboards and reports 
  2. Power Apps – for building custom applications to capture information
    • Canvas Apps – for building apps starting from a blank canvas
    • Model-Driven Apps – for building apps generated from your data model and business process
    • Portals – for building websites for external and/or authenticated users
  3. Power Automate – for building workflows to process information
  4. Power Virtual Agents – for building chatbots

What are we learning today? 

 In this blog post we will learn the following: 

  1. When to use Power Apps Portals. 
  2. Power Apps Portals Architecture. 
  3. How to build your first Power Apps Portal.  

When to use Power Apps Portals 

There are two main uses for Power Apps Portals:  

  1. You want to build a publicfacing website that can be accessed by anonymous and/or authenticated users. 
  2. You want to create an integrated experience with other Microsoft technologies like: 
    • Embedding a Power BI dashboard and/or report into your website.
    • Triggering a workflow when a user submits a form on your website.
    • Leverage Azure Blob Storage and/or SharePoint to store documents.
    • Use Application Insights to track solution usage.

Power Apps Portals Architecture 

Power Apps Portals isn’t completely new.  It has been around for some yearsbut it was previously marketed as Dynamics 365 Portals and offered only as an add-on to Dynamics 365 model-driven applications. Portals use the Bootstrap 3.3.x framework to control the appearance of the solution, as well as the template language Liquid.   

Power Apps Portal is built on top of Common Data Service (CDS). The CDS database will host all your portal’s data like pages, page templates, forms, forms’ data etc.   

Important Note: You can only create one portal per Power Apps environment.  If you need to create a second portal, then you will need to create a second environment. 

 Before we can create a Portal, we will need two prerequisites: 

  1. A Power Apps environment
  2. A CDS database 

Power Apps Environment

Build your first portal in Power Apps Portals

In this tutorial I’ll combine my passion for personal wellness with my passion for the Power Platform. We will build a gym signup form on top of Power Apps Portal. When the form is submitted the data will be saved to our CDS database. Here’s what the end result will look like:

Signup Form in Power Apps Portal

To get there, we’ll follow the steps below: 

  1. Create a new Power Apps environment with a CDS database. 
  2. Create gym signup form as a CDS entity. 
  3. Create Power Apps Portal. 
  4. Embed the form in the Portal. 

Create a new Power Apps environment with a CDS database 

When you can login to https://make.powerapps.com, you will already have at least one Power Apps environment. If you haven’t created a Portal on that environment, then you can leverage your existing environment to build a new portal. However, if you need to build a new environment, then follow the following steps: 

  1. Go to https://make.powerapps.com 
  2. Click on the gear at the top right corner of the page 
  3. Then click on Admin center
    Setting up a new Power Apps environment
  4. Click on Environments in the left navigation bar
  5. Click on + New in the top navigation bar
    Add a new environment
  6. A New environment form will show up
    New Environment Dialog
  7. Fill-in the fields:
    • Name: pick a name for your environment
    • Type: Trial
    • Region: pick your region
    • Purpose: fill-in the purpose of your environment
    • Create a database for this environment?: Yes
  8. Click Next
  9. An Add database form will show up.
  10. Fill-in the fields:
    • Language: choose your language 
    • Currency: choose your currency 
    • Enable Dynamics 365 apps: No (this option should be greyed out, since we selected “Trial” for the environment type) 
    • Deploy sample apps and data No 
  11. Click Save
  12. Your environment should soon be ready

Create gym signup form as a CDS entity

Now that we have the Power Apps environment ready, the next step is to build our gym signup form. We’ll start by creating a new CDS entity named Gym Membership. Next, we will add our fields to the entity, and finally we will create the form. You can think of the entity as a database table.

Create Entity

  1. Go to https://make.powerapps.com
  2. On the left navigation bar, click on Data -> Entities
  3. In the top navigation bar, click + New entity
    Create a new entity in Power Apps
  4. Fill in the fields as follows:
    • Display name: Gym Membership
    • Primary Field
    • Display name: Full Name
  5. Click Create at the bottom

Add fields

  1. Add the rest of the fields. For each of the following fields,
    • Click + Add field in the top bar,
    • Then fill-in the fields as shown in the table below
    • Then click OK at the bottom
      Display NameData TypeComment
      Membership NumberAuto Number• Autonumber type: String prefixed number
      • Prefix: blank
      • Minimum number of digits: 4
      • Seed value: 1
      First NameText
      Last NameText
      GenderOption Set1. Click on the Option set drop down
      2. Click on + New option set
      3. Add the following items:
      a. Male
      b. Female
      c. Prefer not to say
      Birth DateDate Only
      Phone NumberPhone
      Email AddressEmail
      AddressText
  2. Click Save Entity at the bottom right corner

Create Form

  1. Click on Forms
    Create a Form in Power Apps Portal
  2. Click Add form -> Main form in the top bar
  3. In the left bar,
      • Change Display Name to Signup form
      • Change Description to: A form for gym membership signup.
  4. Drag the fields we added above from the left side bar to the canvas
  5. When you are done, the form should look as follows:
    Form settings in Power Apps Portals
  6. Click on the Membership Number field, then click Hide field from the right bar
  7. Click on the Owner field, then click Hide field from the right bar
  8. Click Save then Publish in the top right corner of the page

Create Power Apps Portal

  1. Go to https://make.powerapps.com
  2. Click on Portal from blank
    Create Power Apps Portal from blank
  3. Fill-in the new portal form:
    • Name: Hercules Gym
    • Address: HerculesGym
      Create a portal from blank
  4. Click Create. Note: It usually takes 5 to 10 minutes to create the portal
  5. Once the portal is created, it should look like below:
    Basic page template in Power Apps Portals

Embed the form in the Portal

  1. Click on the pages icon in the left bar
  2. Right-click Services, then click Add a child page
    Power Apps - add a child page
  3. Once the page is added, in the right bar:
    • Change Name to: “Signup”
    • Change Partial URL to: “signup”
      signup component on the webpage
  4. Click on the components icon in the left bar, then click on One column section
    Select One column section in Power Apps portal
  5. Click inside the column you just created
  6. Then click on the components icon in the left bar, then click on Form
    Section layouts
  7. In the right bar:
    • Set Name to “Signup form”
    • Entity to: “Gym Membership”
    • Form layout: “Signup form”
    • On Success: “We’re so excited to have you on-board!”
    • Uncheck the captcha fields

Note: Unchecking the captcha is fine for a demo form.  However, when building a production form keep the captcha to keep bots away from submitting your form.

Final form settings

Preview your portal

  1. Click on Browse website in the top right corner of the page. Note: If you get an “Unable to clear cache” message, click Retry
  2. Your form should show up as follows:
    Signup Form in Power Apps Portal
  3. Fill-in the fields and click Submit
  4. You should now get the success message

    Success Message

Confirm a record has been added to your CDS Entity

  1. Go to https://make.powerapps.com
  2. On the left navigation, click on Data -> Entities
  3. Click on Gym Membership
  4. Click on Data in top bar
  5. You should find your record
    Find your record
  6. Click on the record, then click Edit record
  7. You should now see all the info you entered in the form

Conclusion

Microsoft has made it so easy to spin up an external website that integrates with the different Microsoft technologies. Now that you know how to build basic sites in Portals, you’re ready to learn how to customize the look and feel of your site. So stay tuned, because in my next post I’ll show you how to  allow users to login using their LinkedIn, Facebook and Twitter accounts, limit access to certain pages and add a custom domain name.

Power Apps Portals is very powerful, and together we’ll learn how to make the most of it.

This article was originally published at Consultant Diary, Wisam’s personal blog.