SharePoint Security ressources

Some SharePoint security ressources

There is a lot of content and information out there, especially as SharePoint’s audience grows with Office 365. One thing that keeps coming is how do we manage the SharePoint security within or implement it, where do we begin?

The thing is, we can come about this topic from many different angles. When I say SharePoint security, what does that mean? Is the Servers and networking security, Active Directory and operating system security, IIS or SharePoint security itself in site collection and sites? And yes, I could say you need SharePoint security tool to get it done. But regardless of what it is and how you choose to put it in to place and enforce, you need to understand what it is you are securing… in this case we’re talking SharePoint.

I have written a few posts now on different different topics, but there are enough posts now that I thought it would help if I put them together in one place for you to find.

The SharePoint basics before security

Don’t worry I won’t try to explain SharePoint to you in a paragraph, but I have put a collection of posts together to help you get started.

Learning SharePoint basics and more – This article put many blogs, videos, infographics, webinars and guides together on SharePoint, but organized by topic.

That is what I give everyone starting with SharePoint and looking for some extra learning material. Whether it’s about the basics, Search, Branding or Governance, you’ll likely find something to get started there.

Does it have anything to do with SharePoint security? Not directly of course, but if you don’t understand why everyone can see something in Search results or why the Product Catalog items are showing up to people that do not have access to a list, well it won’t be much help.

There are no shortcuts, I do hope that it may help you get on a good start.

A few SharePoint security lessons learned and told

If you are sitting down and have a good hour to listen to two geeks talk about SharePoint security and their lessons learned, you’re in for a treat. It’s a video recording of a webinar given by both Antonio Maio, MVP and expert in security at Protiviti and I multiple times.

The sessions covers SharePoint security objects, but also tells some of the amazing stories we’ve come across… not all always the good kind.

Shorter video on security permissions and some tips

I know, a whole hour could be a little too long sometimes. Thankfully, I’ve also recorded an episode of Between Two Farms on security permissions. There I talk about some of the misconceptions people have around permissions.

For example, did you know that since SharePoint 2013 the Members Group assigned to Sites automatically was granted Edit rights instead of just Contribute?

Valuable resources from Microsoft and more to help you protect SharePoint

The worst feeling when working with software is knowing that you’ve made a mistake that may have potentially breached your platform. Well, though it was on Office 365 this SharePoint security breach was an eye opener. Always be careful to whom you grant access to things and make sure they know how to use this new power.

Infographics are great to share with someone, those that are not yet convinced for example. We took one of the official lists from Microsoft and made sure you could see it visually in a security infographic.

In fact, the Office 365 Trust Center is a great place for you to start learning more about the overall protection layer put into place by Microsoft.

Hopefully, this set of links can get you started in the right direction. As I said, there are many layers to SharePoint security and they are all just as important. You can have the most secure platform out there, but if I can hack my way in to your environment’s network and create a user I may effectively by pass much of your security. In fact, one of my fellow MVP and friend Liam Cleary’s most popular session is “Think you can hack SharePoint”.

If you get a change to attend it and you are in charge of SharePoint overall or just the security with it, I strongly recommend you take a look at it as well.

Microsoft MVP Virtual Conference – Everyone is invited

I wanted to let you know about a great free event that Microsoft and the MVPs are putting on, May 14th & 15th.  Join Microsoft MVPs from the Americas’ region as they share their knowledge and real-world expertise during a free event, the MVP Virtual Conference.

The MVP Virtual Conference will showcase 95 sessions of content for IT Pros, Developers and Consumer experts designed to help you navigate life in a mobile-first, cloud-first world.  Microsoft’s Corporate Vice President of Developer Platform, Steve Guggenheimer, will be on hand to deliver the opening Key Note Address.

Why attend MVP V-Conf?  The conference will have 5 tracks, IT Pro English, Dev English, Consumer English, Portuguese mixed sessions & Spanish mixed sessions, there is something for everyone!  Learn from the best and brightest MVPs in the tech world today and develop some great skills!

Be sure to register quickly to hold your spot and tell your friends & colleagues.

The conference will be widely covered on social media, you can join the conversation by following @MVPAward and using the hashtag #MVPvConf.

Issue with versioning and Office Web Apps in Office 365

I don’t know that it’s an actual issue, but it’s something we encountered while working in “Co-Authoring” mode with others. This was in an Office 365 SharePoint Team Site to give you a little context to this.

Ideal for us as most of us do not use a PC, working on a very large document (currently  7500 words in this Word document) with Office Web Apps was ideal.

All of a sudden and this was happening of course around 5pm, Word Online did not want to save the document anymore with the following error:

Sorry, your changes weren’t saved. To continue editing this document, please copy your changes and refresh the page.

Sorry, your changes weren't saved. To continue editing this document, please copy your changes and refresh the page.

Naturally, I assumed it was a temporary issue perhaps with SharePoint or Office 365 and decided to start again tomorrow.

Next morning however, I still got the issue. Now don’t ask me why I checked the versioning, but I did and well take a look for yourself:

Office 365 SharePoint Versioning

We couldn’t get past version 0.510!

Mind you this could have absolutely nothing to do with it, but when I published a Major Version of the document and went back to 1.0 everything was fine again. And we are continuing to work on the document.

Looks like it was a Software Limit by SharePoint (Thanks Wictor Wilén) the minor versions limit is indeed set to 511

In any case, it’s always good for you to perhaps set some limits for the versioning especially for the minor versions regardless if this had anything to do with the problem mentioned above.

I deleted my Office 365 Video Portal Hub

I’ve already covered the Office 365 Video Portal in detail if you are looking to understand what it is and how it works. Of course, being a geek I like to test things out and do things I know will happen accidentally at some point. With so many new features coming to Office 365 constantly, I tried to see if I could Disable the Video Portal.

Sure enough, in my Tenant Admin for SharePoint settings I can disable the Video Portal:

Disable Office 365 Video Portal

I saw my Video Portal disappear eventually from my App Launcher and that was exactly what I wanted to do, awesome!

Then I thought, if I am a Tenant Admin, I may want to “clean up” my Site Collections. I am one of those that likes to completely remove something even if I don’t really need to. As explained in the link above, the Video Portal creates few SharePoint Site Collections and one of them is called the “Hub”. And is the main Site Collection for the Video Portal where all your videos are shown.

So I decided to Delete my Office 365 Video Portal Hub Site Collection.


Now how do I get it back? Of course I can go to the recycle bin to recover my deleted Site Collection,  but if this were a real scenario after a couple of months it would be gone. So how do I recreate this Site Collection? I tried turning the Video Portal back on using the setting shown above. Assumed that it would automatically recreate the Hub to turn the service back on. But it didn’t.

Now I had the app back in the app launcher, but clicking on Video gave me a 404 Page Not Found error since I had completely deleted the Site Collection and nothing told it to get recreated.

Solution: In your url add /_layouts/15/videoredirect.aspx and this will recreate the hub Site Collection.

OneDrive for Business YamJam Summary

OneDrive for Business YamJam Summary

Overview: On April 2nd, Microsoft hosted the OneDrive for Business YamJam to answer questions about the announcement that OneDrive for Business would be available as a standalone product.  Microsoft responses to questions are provided by Michal Gideoni, Mark Kashman, Bill Baer, Atanu Banjeree, Eugene Lin, Kate Dramstad, Roberto Franco, Lincoln DeMaris, Vasu Rangaswami, Sesha Mani, Office 365 IT Pro Team as well as our Most Valued Professionals Darrell Webster, Hans Brender, Joel Oleson and Benjamin Niaulin.  Read the notes below for a summary of what we discussed.  Next time, tune in to the live YamJam!
Primary Topics:
·         OneDrive for Business Standalone
·         Future Plans
·         General Questions & Functionality
·         Sync

OneDrive for Business Standalone: Q: Can we get OneDrive for Business without SharePoint?
A: Yes.  We just announced the ability to purchase OneDrive for Business standalone: When will OneDrive for Business be available as a standalone subscription?
A: Now. See plans and pricing here: So if one of my customers subscribes to OneDrive for Business standalone, then decides to ‘upgrade’ everyone to full blown Office 365 – what is the transition process?
A: They can upgrade from standalone to O365 SKUs , same as any existing transition.

Q: Are there no limitations as to which Office 365 plan ‘family’ you can upgrade to? 
A: You can only upgrade to the O365 E family.

Q:  Since OneDrive for Business as a standalone product is more than twice as expensive as the OneDrive personal service, what are the benefits that justify the cost difference? 
A: You can find a summarized comparison between OneDrive and OneDrive for Business here. There are a number of benefits to OneDrive for Business that we have found resonate with IT Pros, such as eDiscovery, compliance and administrative control. For example, if an employee leaves your organization your IT department can remove their access to your organization’s OneDrive for Business. Such controls are not available in OneDrive, which is intended for personal documents.

Future Plans 

Q: When can we expect OneDrive for Business Sync for Mac?
A: OneDrive for Business Sync for Mac client will be coming by end of calendar year 2014.
You can review this session and see a preview of it working:
And per our announcement on 4/1 of the new OneDrive for Business standalone SKU, we, too updated the overall OneDrive site to call out Mac support as “Mac OSX – Sync client coming later this year” for ODB, review it here: (then click the “+” sign drop down and select “PC | Mac”).

Q: How can people join the beta program for OneDrive for OSX? 
A: We will announce beta programs when they are ready – but they will be through selective channels, and scoped to start with.

Q: When can we expect two factor (multi-factor) authentication?
A: We introduced MFA to Office 365 in February to extend to all provisioned users as opposed the limited support of Global Administrators introduced in June. You can use MFA and create App passwords to use with client applications.

Q: Are there any plans to allow OneDrive to interface with NAS hosted folders?
A: If this is a SharePoint 2013 installation that uses RBS and NAS device then yes, CDB content on the device can be synchronized.

Q: When are we likely to see Yammer using OneDrive for Business for document storage?
A: If you are referring to ability to link to OneDrive for Business docs within Yammer docs? This is already possible today. OR- if you are asking about Yammer Group docs showing in your OneDrive for Business ‘shared with me’ view, this is a direction we are going and something we are looking into, but don’t have a timeline to share yet.
General Questions and Functionality

Q: Is OneDrive a cloud solution only, or can it be On-Premises? 
A: You can extend SharePoint Server 2013 SP1 with OneDrive for Business. However the OneDrive service itself is in the cloud and not on-prem.

Q: How does OneDrive integrate with Yammer and SharePoint 2013?
A: See these two blog posts:

Q: What support can we expect for metadata (including managed metadata)?
A: OneDrive for Business supports metadata the same way that SharePoint Online does today.

Q: We would like to implement OneDrive with our On-Prem SharePoint 2010 deployment. Best practices around this?
A: OneDrive for Business redirection can be accomplished with SharePoint 2010 – while SharePoint 2013 Service Pack 1 adds a native configuration option in Central Administration, in 2010 you can use Trusted MySite Host locations to redirect users personal site (OneDrive for Business) to Office 365.

Q: Does OneDrive (and SharePoint library synchronization) work seamlessly with BitLocker?
A: Yes, like all of our products built for use with Windows, it will work with BitLocker.

Q: How will OneDrive for Business work with “Personal” OneDrive? Can people share across them? Is it possible to prevent sharing?
A: The consumer offering of OneDrive and OneDrive for Business are separate products. In OneDrive for Business, there are no special behaviors around OneDrive consumer users so you don’t have to worry about taking additional measures to prevent sharing.

Q: How can IT help end users clear the confusion between OneDrive and OneDrive for Business?
A: There’s a comparison here and more details about it:

Q: Are there artifacts around security that can be used to share within our company?
A: For questions related to security and compliance with Office 365 (OneDrive for Business) please check out the Office 365 Trust Center which outlines our practices and compliance criteria. Go here:

Q: Does OneDrive support MDM platforms to enable secure access on mobile? 
A: Yes, you can do that with the current MDM partner solutions.

Q: Is there any way to pre-provision the OneDrive spaces so the users don’t have to go through the setup process the first time?
A: Pre-provisioning is supported, check out this blog for some examples on programmatic provisioning:

Q: Where can I get more details on how to redirect OneDrive to OneDrive for Business in office365, please?
A: Here:

Q: SharePoint SP1 now allows you to divert OneDrive content to Office 365. Is the Office 365 access now included in the SharePoint On-Prem license?
A: No. The SharePoint Server 2013 license does not provide Office 365 use rights. You will need to provision a Tenant and assign user licenses.

Q: There are new limits for site collection sizes and tenant sizes, but I don’t recall hearing of new limits to file sizes in SharePoint.
A: We announced at SharePoint Conference 1TB site collections and unlimited tenant storage scale: We haven’t announced an update to file size.

Q: When will we break through the 5,000 limit?
A: It is a known limit for syncing SharePoint 2013 document libraries. We have a 20,000 item limit for OneDrive for Business folder sync. Both are known and actively being reviewed. There is a lot of confusion around the item limit. 5,000 items can be sync’d in normal libraries. 20,000 items sync’d in “OneDrive for Business aka My Site” library. If you go over 5,000 items in a single folder your library will break. If you go over 5,000 items in all folders you will lose some administrative capabilities such as setting permissions, creating indexed columns, and configuring the document library. You can however, have more than 5,000 items if done correctly (nested sub folders) and you don’t need to modify any settings after you pass that threshold. We have extensive documentation on designing large lists here –

Q: When will be able to deploy OneDrive for Business via SCCM? 
A: Try using the Click-To-Run OneDrive for Business installation, Click-to-Run is an alternative to the traditional Windows Installer-based (MSI) method of installing and updating Office.

Q: Is there a tool available to migrate from Google Drive to OneDrive? 
A: Many of our partners do support this.

Q: If OneDrive for Business has been deployed as part of an Office 365 installation, can it fully replace SharePoint Online for document sharing and collaboration within groups? If not, what are the important features that would be missing?
A: This blog has some great info that will answer your question, even though the product name has been changed to OneDrive for Business from SkyDrive Pro

Q: Will I someday be able to send (onetime use) link to OneDrive for Business specific file to external users? Same way I can do with OneDrive?
A: By sharing with a link:

Q2: But that way I can share only to users in my AD/SharePoint. I would like to share to people who would just have link I sent.
A2: You can send onetime doc requests from OneDrive for Business today. You can send a link to an external user, and you can ensure they need to sign in to view, or you can make it anonymous. More here:

Q: If I save a document in Office 365 I see both my personal OneDrive and my OneDrive for Business. If I wish to attach a file to an email, Outlook only sees my personal one drive. Is that the way it’s supposed to work?
A: Review what the Exchange team announced this week about “Enhanced Document Collaboration,” more here in their blog post:

Q: I have set for my users to have a 5GB OneDrive for business limit. I can see that in the site collection list, that is the case. However – when I or anyone else accesses his OneDrive FB storage metrics page it says it’s 25.000MB. Am I doing something wrong?
A: The new default is 25GB for any ODB user in O365; here’s the original blog when we upped the limit: You can then allocate in blocks higher, but would not be able to set to 5GB.

Q: Why can I set the Mysite quota to be less than 25gb? Or let me ask in another way – where do I then set the ODFB quota? I was certain it’s the Mysite quota?
A: The new UI is within the SPO-Admin center, the “OneDrive” tab on the left. More here in this previous blog post on same (look for graphics in blog that should help):

Q: What is the best resource for trouble shooting when a client PC isn’t synchronizing properly? 
A: Here’s a “Solve problems” article for OneDrive for Business:

Q2: In my experience, sync is the biggest problem with it thus far. Seems most people just leave the data in the cloud, because when it fails, it doesn’t seem to recover well and it’s a challenge to troubleshoot for users and admins.
A2: Beyond troubleshooting, the team is releasing updates to the sync client each month, primarily now focused on improving sync assurance and user ability to troubleshoot.

Q: Is there the possibility to select which documents within a SharePoint library are synced when using OneDrive? When you have large libraries there can be a lot of documents being synced, but you don’t necessarily want a lot of small libraries either? 
A: We understand the scenario (selective synchronization) and its importance and are investigating it; however, it is not possible today to synchronize an individual item within a library.

Q: Our primary need to deprovision a OneDrive is to remove the ability to offline sync to a non-managed device. We also find it highly desirable to be able to manage offline sync for OneDrive Personal Site libraries. If there was a programmable method to disable offline sync on a OneDrive document library we would have a great reduction in numbers of OneDrive deprovisioning each year (most would then be tied to the SPO license). 
A: We’re investigating a few ways to handle these scenarios in the future.

Q: We are trying to promote OneDrive for Business adoption and get users off Google Drive/Dropbox. The inability to share an entire folder for anonymous read-only access is killing adoption – the users don’t want to have to share each document one at a time. Is there any plan to allow anonymous sharing at the folder level?
A: This is a great feedback to allow anonymous sharing at the folder level. We will take it into consideration. ODFB does allow today ‘Shared with everyone’ folder that you can simply drag-n-drop to share with everyone in your organization.

Q: Synchronization of SharePoint Team site content appears to be limited to the WIN32 client. Are there any plans on supporting other platforms, especially iPads (given the Office for iPad release)?
A: On mobile devices with limited storage we want to provide the option to control the amount of content downloaded. For iPad see also:

Continue reading

A detailed post on Cross-Site Publishing and the SharePoint Product Catalog

I just added another post on the Sharegate blog about the SharePoint Cross-Site Publishing Features and the Product Catalog especially. I have always wondered why I needed the catalog since the Search Web Parts I had available were already so powerful. I decided to deep dive into it and explore the features of the Product Catalog completely to see if it was worth while.
Check out the post on Cross-Site Publishing and the SharePoint Product Catalog.

Comparing the SharePoint 2013 Content Search with Search Results

I have been working with SharePoint 2013 for a while now and have been loving the Content Search Web Part. This new Web Part is only available for SP2013 Enterprise though. Unfortunately, not everyone can use it. It is also unavailable for Office 365. My quest was to see if there was an alternative to the Web Part, the one that came to mind was the Search Results.

You can find the original article here

Reasons your SharePoint Migration Failed – The Slides

In my latest article on Reasons SharePoint Migration Fail, I got a lot of very good feedback on the content presented. I decided to turn it into a Presentation. Hopefully this can be of some help to some of you looking at SharePoint 2013 in the near future and not sure what to watch out for. Again these are my thought and are not guaranteed for everyone in the world. But it should be an interesting presentation to look at.

I provide some useful links at the end of the presentation but I am not sure if they are clickable so here they are:

Supported Migration Scenarios

Introduction to SharePoint 2013

What might not work after you upgrade

Tools and Techniques to create a simple Governance Plan

Planning a SharePoint Migration

What’s new with SharePoint Analytics

Using the Content Search Web Part to Roll Up Sites

The NEW SharePoint Color Palette Builder Tool

In the past I covered 2 articles on the new SharePoint 2013 Composed Looks and Preview Files that mention theming and how it works:

Step-by-Step Create a SharePoint Composed Look
Understanding and Creating a Master Page Preview File

In those articles I talked about the new theming engine and how to create your own new Composed Look which was pretty cool. I also mentioned a tool that would help us build our SPCOLOR file or basically our theming file.

Our goal is to provide new color possiblities or “palettes” for the power user to choose from. Don’t forget that you can place these anywhere you want when building your own custom master page. Themes are not just for the out of the box look and feel. If I create my own Master Page and decide to allow the Power User to change the color of the top bar only, I can.


The new SharePoint SPCOLOR file builder tool

I have been waiting for this for a while, it was announced during a session at SPC12 in Vegas but never saw the day of light. This should be in everyones SharePoint Install in my opinion.

You can download it here:

SharePoint 2013 Color Palette Tool

An email on April Fools – SharePoint MVP 2013

Well I won’t lie, I feel like a 5 year old on Christmas day.

I woke up on Monday morning, which I took off for a long weekend. The memory will forever be engraved in my mind, comfortably seating on my couch laptop on my lap and phone on the table. I see my phone light up from a distance and see the beginning of an email… “Congratulations 2013 Microsoft MVP!” and I remember telling myself “wait what?” and jumping on inbox from my laptop.

SharePoint MVP happyness

Continue reading