Get a free e-book copy of my O365 Administration Cookbook

Packt has kindly created a promotion in which people can get a free e-book version of my new O365 Administration Cookbook (US only). To get your digital copy:

  1. Go to https://authors.packtpub.com/reviewer-form/
  2. Complete the signup form using Referral Code: 1838551239

That’s it! For those who would rather have a print copy, you can purchase it on Amazon here.

Book info from Amazon:

Make the most out of your investment in Office 365 apps and services with this Microsoft Office cookbook

Key Features

  • Learn how to manage and secure the entire Office 365 stack in addition to specific services
  • Delve into newer and frequently shifting areas such as Power Platform, Microsoft Teams, and Microsoft Search administration
  • Discover carefully selected techniques that cover a range of administrative tasks of varying difficulty levels

Book Description

Organizations across the world have switched to Office 365 to boost workplace productivity. However, to maximize investment in Office 365, you need to know how to efficiently administer Office 365 solutions.

Microsoft Office 365 Administration Cookbook is packed with recipes to guide you through common and not-so-common administrative tasks throughout Office 365. Whether you’re administering a single app such as SharePoint or organization-wide Security & Compliance across Office 365, this cookbook offers a variety of recipes that you’ll want to have to hand. The book begins by covering essential setup and administration tasks. You’ll learn how to manage permissions for users and user groups along with automating routine admin tasks using PowerShell. You’ll then progress through to managing core Office 365 services such as Exchange Online, OneDrive, SharePoint Online, and Azure Active Directory (AD). This book also features recipes that’ll help you to manage newer services such as Microsoft Search, Power Platform, and Microsoft Teams. In the final chapters, you’ll delve into monitoring, reporting, and securing your Office 365 services.

By the end of this book, you’ll have learned about managing individual Office 365 services along with monitoring, securing, and optimizing your entire Office 365 deployment efficiently.

What you will learn

  • Get to grips with basic Office 365 setup and routine administration tasks
  • Manage Office 365 identities and groups efficiently and securely
  • Harness the capabilities of PowerShell to automate common administrative tasks
  • Configure and manage core Office 365 services such as Exchange Online, SharePoint, and OneDrive
  • Configure and administer fast-evolving services such as Microsoft Search, Power Platform, Microsoft Teams, and Azure AD
  • Get up and running with advanced threat protection features provided by the Microsoft 365 Security & Compliance Center
  • Protect your organization’s sensitive data with Office 365 Data Loss Prevention
  • Monitor activities and behaviors across all Office 365 services

Who this book is for

This book is for newer Office 365 administrators and IT pros alike, and comes with recipes of varying difficulty levels along with step-by-step guidance. Whether you are new to Office 365 administration or just seeking new ideas, this cookbook contains recipes to enhance your organization’s app and service management and productivity.

Table of Contents

  1. Office 365 Setup and Basic Administration
  2. Office 365 Identity and Roles
  3. Administering Office 365 with PowerShell
  4. Managing Exchange Online
  5. Setting Up and Configuring Microsoft Search
  6. Administering OneDrive
  7. Configuring the Power Platform
  8. Administering SharePoint Online
  9. Managing Microsoft Teams
  10. Configuring and Managing Users in Azure Active Directory (Azure AD)
  11. Understanding the Microsoft 365 Security & Compliance Center
  12. Deploying Data loss Prevention and eDiscovery
  13. Monitoring Office 365 Apps and Services
  14. Appendix – Office 365 Subscriptions and Licenses

Set default value of multiple lines of text (enhanced rich text type) field in SharePoint new item forms using jQuery

A recent project tasked me with providing a default value for an enhanced rich text field. Most field types allow you to set a default value out of the box. With enhanced rich text (multi-line text field type) there’s no option to set a default value.

I decided jQuery was the route I wanted to go on this one. After Googling for a fair while I finally found a response that helped.

Modifying the answer provided there, I simplified the code that worked to:

<script src="https://sharepoint.contoso.com/SiteAssets/jquery.min.js" type="text/javascript"></script>
<script>
$(function () {
                $('div[id$="TextField_inplacerte"').text("Test");
});        
</script>

Just save that code as a .js file you upload to your site. Then reference the saved .js filepath via a Content Editor Web Part placed on the new item page (newform.aspx).

Not familiar with jQuery?

The first line of the script needs to reference jQuery. In some environments this needs to be hosted in your site (I typically use Site Assets for this). In other cases, you can just reference it hosted elsewhere (not recommended, but could work for testing/short-term in some environments). I used the code from http://code.jquery.com/jquery-latest.min.js and saved its contents as a .js file of my own that I uploaded to Site Assets. Then just replace the URL in the first line of the script with the URL of the file you uploaded to Site Assets.

More than one enhanced rich text field?

The script looks for any enhanced rich text field, and in my case I only had one in the form so it was fine. If you have more than one, just replace TextField_inplacerte with the full ID of the rich text text field on your form.

Hint: User developer tools with F12 in the browser then select the field. The ID you want will end with TextField_inplacerte and likely start with your field name.

Create a custom permission level in SharePoint

Photo by Markus Spiske from Pexels

I’m often asked for a way to modify permissions beyond what’s available out of the box, but without using workflows.

There are settings that allow item-level permissions in lists (List Settings > Advanced Settings > Item-level Permissions) so that users can only see and/or edit their own items, but this may not solve your need. If so, ta-da! If not, keep reading.

Click to enlarge

In this post, I’ll cover one solution in which we create a custom permission level at the site level that we’ll assign to a group on a specific list’s permissions. This new, custom permission level will be the same as the Contribute level (out of the box) but removes the ability for users to delete items or versions.

Creating a custom permission level involves a couple main steps:

  1. Create the new permission level.
  2. Change permissions on the list so that the group of users who should have the new permission level are assigned the new permission level.

Create the new, custom permission level

1. Go to Site Settings

2. Under Users and Permissions, select Site permissions

3. Click Permission Levels

4. You could click Add a Permission Level but I typically prefer to copy an existing level (like Contribute) and just make a couple small changes. For this tutorial, I’m going to select Contribute.

Click to enlarge

If copying a level, scroll down to the bottom after selecting a level and click Copy Permission Level.

5. Name and describe the new permission level, then check and uncheck as needed to create the permission level desired. In my example, I want to copy Contribute, but remove the delete ability so I’ve unchecked the two options involving deletion of items and versions.

Click to enlarge

6. Scroll down and click Create.

Change permissions on the list

Now we need to assign our new permission level to users on the list for which we’re preventing deletion.

1. Go to List Settings.

2. Under Permissions and Management, select Permissions for this list.

3. Select the box next to the name of the group for which you’re modifying permissions.

4. Click Edit User Permissions from the top ribbon menu.

5. Uncheck the current permission level assigned to the group, and check the new custom permission level.

6. Click OK.

Change the email address used for Access Requests on all SharePoint sites and subsites in a web app using PowerShell

Photo by Karolina Grabowska from Pexels

Perhaps you’ve changed SharePoint administrators or a site owner or two recently. Where are the SharePoint site Access Requests they were receiving now going?

This post covers two PowerShell methods of updating the email address used across all sites in bulk:

  • Replace the email address used on ALL sites, no exceptions (reset all requests throughout the web app to be sent to one address)
  • Change all instances of a specific address to a replacement across ALL sites (i.e. replace the former site owner’s address used in 12 sites’ Access Request Settings with the new site owner’s address)

The second method is particularly nice because it eliminates any guesswork involved in wondering where the former admin/owner may have been listed as the recipient.

Replace the email address used on ALL sites

To modify the email address used for all SharePoint sites and subsites in a web app, run the PowerShell script below from a SharePoint server. You’ll need to replace the $webapp and $requestemail values at the top.

Caution: This action cannot be undone. It replaces the Access Request email on all sites and subsites.

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue 
  
$webapp = Get-SPWebApplication https://sharepoint.contoso.com  
$requestemail = "new-request-recipient@demo.com"   
  
foreach($site in $webapp.Sites)  
{  
   foreach($web in $site.AllWebs)  
   {  
     $url = $web.url  
     Write-host "Checking "$url  
     if (!$web.HasUniquePerm)  
     {  
            Write-Host "Site inherits Access Request settings from parent." -ForegroundColor Yellow  
     }  
     else  
     {  
       if($web.RequestAccessEnabled)  
       {  
            Write-Host "Site utilizes Access Requests."   
            $web.RequestAccessEmail = $requestemail  
            $web.Update()  
            Write-Host "Email changed to " $requestemail -ForegroundColor Green
        }  
            else  
      {  
            Write-Host "Site is not utilizing Access Requests." -ForegroundColor Yellow  
      }  
   }  }
}

Replace all instances of a specific user across all sites in the web app

Perhaps a particular individual left their site owner/admin role and you just want to replace any instance of THAT user in Access Request settings throughout the web app. In that case use the following script instead (updating the three parameters at the top, $webapp, $oldrequestemail, and $newrequestemail):

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue 

$webapp = Get-SPWebApplication https://sharepoint.contoso.com
$oldrequestemail = "old-request-email@contoso.com"  
$newrequestemail = "new-request-email@contoso.com"   

foreach($site in $webapp.Sites)  
{  
   foreach($web in $site.AllWebs)  
   {  
        $url = $web.url  
          Write-host "Checking "$url  
          if (!$web.HasUniquePerm)  
          {  
                 Write-Host "Site inherits Access Request settings from parent." -ForegroundColor Yellow  
     }  
          else  
     {  
            if($web.RequestAccessEnabled)  
                   {  
                   if($web.RequestAccessEmail -eq $oldrequestemail)
            {
            Write-Host "Site utilizes Access Requests sent to old email ("$web.RequestAccessEmail")." -ForegroundColor Red
            $web.RequestAccessEmail = $newrequestemail  
            $web.Update()  
            Write-Host "Email changed to" $newrequestemail -ForegroundColor Green
        }  
                    else 
               {            
                    Write-Host "Email ("$web.RequestAccessEmail") does not match old email address. No change made." -ForegroundColor Yellow
               }}
            else  
      {  
            Write-Host "Site is not utilizing Access Requests." -ForegroundColor Yellow  
      }  

   }  
   }  
   }

Note: If you’ve changed the Access Request recipient and the new person is receiving a “Sorry, this site hasn’t been shared with you” error when attempting to approve requests, check out this post for help.

Credit and gratitude to Ketak Bhalsing and his post on bulk-updating for pointing me in the right direction on this one.

Solution: SharePoint site owner with full control unable to approve access requests; site is missing a default members group

In this post I’ll cover two symptoms commonly seen when subsites evolve from inheriting permissions (using existing groups) to being given unique permissions (having their own groups at the site’s level).

Symptoms

  • A site owner with full control gets “Sorry, this site hasn’t been shared with you” when trying to approve access requests.
  • When reviewing Access Request Settings, a user or owner sees the message “Members cannot share this site because this site is missing a default members group.”

Cause

Chances are the site was never set up with default, unique permissions groups. Perhaps the creator of the site chose to inherit permissions from the parent (using existing groups from a hierarchical level higher than the new site), then later decided to manually build out groups that resemble the traditional visitors, members, and owners groups at the new site’s level. Or perhaps the default groups were deleted. Either way, the following solution should set it straight:

Solution

We need to either officially designate or build new default groups for the site, using the same dialog you see when creating a new site. Since we can’t “reconfigure” the site with a wizard, we need to manipulate the site’s URL a bit to get to the configuration screen we’re looking for.

Add “_layouts/15/permsetup.aspx” to the end of the site URL. For example, it may resemble sharepoint.contoso.com/sites/ABC/EA/_layouts/15/permsetup.aspx. This takes you to the permissions setup page.

IF YOU HAVE GROUPS YOU WANT TO SET AS THE DEFAULTS

Perhaps after site creation, you created groups intended to be used like the visitors, members, and owners groups. Go to your site’s _layouts/15/permsetup.aspx page and simply:

Leave “Use an existing group” selected, and change the dropdown for each to the groups that were created and intended to be the new defaults. Click OK when finished. This will make them “official.”

IF YOU DON’T HAVE GROUPS YOU WANT TO SET AS DEFAULT

Change “Use an existing group” to “Create a new group” for at least the Members and Owners options. Here you can add the appropriate persons to each group, or add them at a later time via Site Settings > Site Permissions. Be sure to add your owners (approvers/permissions managers) to the new owner group.

Disable modern page comments globally for all sites in SharePoint 2019 and SharePoint Online

Photo by Lukas from Pexels

Those of you with Office 365/SharePoint Online have a simple path to disabling modern page commenting via the admin center. But for those of you, like myself, who also work in SharePoint 2019, your method involves PowerShell and is a bit more laborious. In this post, I’ll cover both methods: Disabling comments via PowerShell for SharePoint 2019 (server) and then via the admin center for SharePoint Online (O365).

Firstly, why disallow commenting altogether instead of giving site owners and page editors the choice? Some organizations have compliance regulations that require any sort of conversational transaction to meet certain criteria. Perhaps you only need to disable commenting temporarily while you build a case to prove compliance. Or perhaps you’ve determined it’s not compliant or have some other reason for wishing to globally disable page comments.

No matter your reasoning, here’s the how:

Disable modern page/news comments globally in SharePoint 2019 via PowerShell

The script below will iterate through all site collections in a web application, and all of the subsites within each site collection, and turn off page comments for sites that haven’t already had them disabled. This does not delete page comments. If you re-enable the feature later, the comments that were there previously will be restored.

Log onto a SharePoint server and run the following PowerShell script, replacing the site URL with your own web app’s URL:

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
Get-SPWebApplication "https://sharepoint.contoso.com" | Get-SPSite –Limit All | Get-SPWeb -Limit All | ForEach-Object {
    if($_.CommentsOnSitePagesDisabled = "False")
    {
        $_.CommentsOnSitePagesDisabled = $True
        $_.Update()
        Write-Host "Disabled page comments on " $_.URL -ForegroundColor Green
    }
    else
    {
        Write-Host "Page comments already disabled on " $_.URL -ForegroundColor Yellow
    }
}

If you want a read-out to validate current status (False = not disabled, True = disabled), you can run the following script (again, replacing the URL with the web app of your own):

Get-SPWebApplication "https://sharepoint.contoso.com" | Get-SPSite –Limit All | Get-SPWeb -Limit All | ForEach-Object {
Write-Host $_.CommentsOnSitePagesDisabled $_.URL
}

Disable modern page/news comments globally in SharePoint Online/O365

1. Go to the SharePoint admin center at yourdomain-admin.sharepoint.com and select Settings from the left navigation menu.

2. Select Pages.

3. Uncheck Allow commenting on modern pages and click Save.

How to save a SharePoint site as a template

Photo by Andre Mouton from Pexels

What does a site template do?

Saving a SharePoint site as a template saves you a time by making it so you don’t have to recreate similar apps (lists and libraries) and views for multiple sites that are mostly the same in structure and function. You can even save a site as template including its content (documents/items) so that you don’t need to re-upload the same content to each (such as blank worksheets, forms, guides, etc. you’ll complete/utilize on each site).

Examples of what to use site templates for

Frequently people might use site templates for project sites, where each project is going to have the same needs for communication and collaboration, and sometimes the same content such as project and budget worksheets or documents. You may also wish to use site templates for regular committee or group work such as annual event or semi-annual review processes and projects where you want a separate site to archive for each regular iteration of the group’s function.

How to create site templates

There are two methods I use to create templates of SharePoint sites. Either via Site Settings, or by simply modifying the URL of the site. Once created using one of the these methods, the template is saved to your site’s solution gallery and available to users creating new sites on the “Custom” tab of site template selection:

Save SharePoint site as template URL modification

To save a site as template, add _layouts/15/savetmpl.aspx to the end of the specific site or subsite’s URL. For example if you wanted Subsite C to be a reusable site template, you’d modify:

WebApp/sites/SiteCollection/SubsiteA/SubsiteB/SubsiteC

to this:

WebApp/sites/SiteCollection/SubsiteA/SubsiteB/SubsiteC/_layouts/15/savetmpl.aspx

Then complete the fields (file name, template name, description, etc.) and choose whether or not the template should include the site’s existing content (documents and items) or if the lists/libraries should be empty on sites created using the template.

If you get the error The “Save site as template” action is not supported on this site, follow these steps then try again.

Save SharePoint site as template via settings

This requires the site to have never had SharePoint Server Publishing (site feature) activated on the site. See next section if it already has.

To save a site as a template via site settings:

1. Click on the settings wheel (upper right corner)

2. Click site settings (if classic) or site information > view all site settings (if modern).

3. Choose Save site as template from under Site Actions

Save site as template option missing from Site settings?

The option is removed when users activate SharePoint Server Publishing Infrastructure (site collection feature) or SharePoint Server Publishing (site feature). You can still activate the “save site as template” ability separately via PowerShell for the site then follow the steps for URL modification above to get to the “Save as template” form.

The “Save site as template” action is not supported on this site solution for SharePoint 2013/2016/2019

My preferred way of creating a new site template from an existing site or subsite is just appending _layouts/15/savetmpl.aspx to the end of the site’s URL. However if saving sites as templates isn’t enabled for the site from which you’re creating a template, you’ll get the following error:

The “Save site as template” action is not supported on this site.

This error is just referring to a site property known as SaveSiteAsTemplateEnabled currently set to false.

This can be remedied (property changed to true) with a little bit of PowerShell ran on a SharePoint server. Run PowerShell as an administrator then run the following script, replacing the site URL with your own site or subsite’s URL.

Add-PSSnapin "Microsoft.SharePoint.PowerShell"
$web = Get-SPWeb https://WebApp/sites/SubsiteIfApplicable
$web.AllProperties["SaveSiteAsTemplateEnabled"] = "true"
$web.Update()

Once it completes, attempt to save the site as template again. You should now be able to proceed with saving the SharePoint site as template, and see the fields shown below:

Screenshot of a SharePoint site’s “Save as template” form fields.

Note that if a user activates the site collection feature SharePoint Server Publishing Infrastructure or the site feature SharePoint Server Publishing, you’ll need to run the PowerShell command again because activating those features includes disabling the SaveSiteAsTemplateEnabled property.

Where to find a SharePoint site’s solution gallery

A SharePoint site’s solution gallery is where you’ll find custom apps or lists and sites saved as templates to be used throughout the site collection by those with appropriate permissions. The SharePoint solution gallery exists at site collection root/top levels only (so you won’t find a separate solution gallery for subsites, just their shared top-level parent site).

There are three common ways you might get to the SharePoint solution gallery for a particular site collection. In this post, I’ll cover these three methods:

  • via URL modification
  • via modern experience settings wheel
  • via classic experience settings wheel

Navigate to SharePoint solution gallery via URL modification

I prefer this method as it remains the same regardless of whether you’re currently on a modern or classic experience page. To get to the solution gallery for a site collection, simply modify the URL of the site you’re on to replace everything after the site collection’s URL with the following:

/_catalogs/solutions

Append this to your site’s URL to access its solution gallery.

For example, to get to the solution gallery associated with Subsite C, we’d modify this URL:

WebApp/sites/SiteCollection/SubsiteA/SubsiteB/SubsiteC

to this:

WebApp/sites/SiteCollection/_catalogs/solutions

When not working with a site collection (or its subsites), you might be working with your root/home site (http://WebApp/). Just add the same suffix to the URL like http://WebApp/_catalogs/solutions.

You can also find a link to your site collection’s solutions in your site collection settings. In the following two sections, we’ll cover where to find that from a modern or classic experience suite bar.

Navigate to SharePoint solution gallery via modern experience (O365/2019) settings wheel

You’re likely using this modern experience if you’re in SharePoint Online (O365) or SharePoint 2019 which gained the modern experience. Even in O365 or 2019, though, you may find yourself on a classic experience page instead in which case you should check the next section on navigating to the solution gallery via classic experience suite bars.

If you’re on a modern experience page, follow these steps to find the solution gallery:

1. Click on the settings wheel (upper right corner)

2. Click on Site Information > View all site settings.

3. Look for and select Solutions under Web Designer Galleries.

Navigate to SharePoint solution gallery via classic experience settings wheel

If you’re on SharePoint 2013/2016 or a classic experience page on more recent versions you’ll have a slightly different experience finding the solution gallery:

1. Click on the settings wheel

2. Click Site settings.

3. Look for and select Solutions under Web Designer Galleries.

Web Designer Galleries > Solutions option missing?

If you don’t see Web Designer Galleries > Solutions setting, you’re most likely looking at the Site settings page for a subsite and not a site collection. Just click the Go to top level site settings link under Site Collection Administration (requires appropriate permissions). Then go back to step 3.

Read vs Restricted Read vs View Only Permission in SharePoint

I recently had a SharePoint admin assigning Restricted Read permissions to users and out of curiosity wanted to refresh my memory on what distinguishes Read from Restricted Read. While I was at it, I took a look at View Only as well.

Basically, Read and View Only are nearly identical. The only distinction is that Read can download documents, while View Only can only open them and view them in the browser.

Restricted Read is minimally permissive, and doesn’t include the ability to create alerts, view versions, download, or exercise some site abilities (see table below for specifics).

You’ll also notice in the table below that View Only can Open, but not Open Items like Read. According to documentation, the difference is this:

  • Open Items (list permission): “View the source of documents with server-side file handlers.” Requires Open permission:
  • Open (site permission): “Enables users to open a website, list, or folder to access items inside that container.”

In the table below, list permissions are blue and site permissions are red. Download Documents is not a listed permission, but added for clarity to distinguish Read and View Only.

View OnlyRestricted ReadRead
Browse User Information XX
Create Alerts XX
Download DocumentsX
OpenXXX
Open ItemsXX
Use Client Integration Features XX
Use Remote Interfaces XX
Use Self Service Site Creation XX
View Application PagesXX
View Items XXX
View Pages XXX
View Versions XX
Permissions comparison matrix for read, restricted read, and view only in SharePoint.

Source: https://docs.microsoft.com/en-us/sharepoint/sites/user-permissions-and-permission-levels