Category Archives: SharePoint Online

Adding an O365 Security group to the Site Collection Administrators group

Here is the scenario… you wish provision every site collection in your SharePoint Online environment so that a key group of staff, say for example your support staff, have Site Collection Admin access.  To provide centralised control of this group you want to define it and its membership outside the boundaries of your SharePoint Online environment. In this case you have two options, a Security Group or an Office 365 Group. In the case of a Security group there is no associated email address so people can’t mail to it and it doesn’t appear in the address book. This is ideal for the type of group we are creating as communications with the support staff should be via a central help desk.

Here is where your problem arises because Microsoft publicly state that you cannot use a Security Group provide Site Collection Administrator  access. The reality is that it cane be done both manually and in code.

Manually

To add the security group as the primary SCA you will need to have O365 tenant admin permission. Go to the SharePoint Admin Center, locate the site collection in question , select the check box next to it and then click on Owners in the ribbon. In the Manage Administrators window you can add the security group just like you would any other user, both as a Primary or Secondary SCA.

If you don’t have tenant admin permission you will need to have SCA rights on the site collection in question. In this case you will be able to add the security group as a Secondary SCA by going to Site Settings and then selecting Site collection administrators under Users and Permissions. you can then add the security group as a Secondary SCA just like you would any other user .

Automated

You may have a requirement to retrospectively apply a change like this across your tenant using PowerShell or to set this up when you are provisioning the site collection as part of a provisioning app similar to the PnP provisioning samples.

The usual way to add someone as a SCA to a Site Collection using PowerShell is to use the Set-SPOUser cmdlet for example like this…

Set-SPOUser -Site $siteUrl-LoginName $userEmail -IsSiteCollectionAdmin $true 

You will notice that they way to identify the user being added as an SCA is via the -LoginName parameter which requires a valid email address in the tenant. The issue is that the  Security group doesn’t have an email address so it can’t be used it here. I’ve tried a number of approaches to including using the Object ID returned from Get-MSOLGroup cmdlet to no avail. I was able to resolve it and the simplest way to avcheive uses the claims encoded identity for the security group.

First you need to determine the claims encoded identity for the security group. One simple manual way of doing this is to go to a site and use the Check Permissions feature Under Site Permissions in Site Settings. Check the permissions for the security group in question and part of the report provides you with the claim encoded identity. It should look something like ‘c:0-.f|rolemanager|s-1-1-11-111111111-1111111111-1111111111-11111111’. In my case this manual approach is fine but it is probably possible to retrieve this using PowerShell as well.

Once you know this information you can substitute it where you would normally use the users email address in the SetSPOUser call and it will recognise the security group and set it in the Secondary Site Collection Admins group e.g.

Set-SPOUser -Site $siteUrl -LoginName "c:0-.f|rolemanager|s-1-1-11-111111111-1111111111-1111111111-11111111" -IsSiteCollectionAdmin $true

To achieve the same in code as part of a remote hosted app you will need to use CSOM. Something like the following C# ,NET code should allow you to do this. Obviously you will need to determine the claims ID for each of the security groups you want to add and will have already created you context object ctx

Dictionary<string, string> groupsForAdminAccess = new Dictionary<string, string>()
 {
    {"Global Support Staff", "c:0-.f|rolemanager|s-1-1-11-111111111-1111111111-1111111111-11111111"},
    {"Legal eDiscovery","c:0-.f|rolemanager|s-1-1-11-111111111-1111111111-1111111111-11111111"}
 }; 
 foreach (KeyValuePair<string, string> groupToAdd in groupsForAdminAccess)
 {
    User claimsGroupUser = ctx.Web.EnsureUser(groupToAdd.Value.ToString());
    claimsGroupUser.IsSiteAdmin = true;
    claimsGroupUser.Update();
    ctx.Load(claimsGroupUser);
    ctx.ExecuteQuery();
 }

			

Leave a comment

Filed under General SharePoint Development, Office 365, SharePoint, SharePoint Online

What is my Site Collection Quota in SharePoint Online?

What is a Site Quota?

Site Quotas allow you to define a limit on the storage capacity of a top-level site (in SharePoint terms a site collection).The storage limit applies to the site collection as a whole. In other words, the storage limit applies to the total size of the content for the top-level site and for all sub-sites within the site collection. SharePoint Apps, the content in the Recycle Bin and if versioning is enabled, the versions in a site also count toward storage limits.

How do I request a site storage quota increase?

When a new site collection is created often a site quota is applied to the site to meet the organisation’s requirements to limit the unrestricted growth of their environment. In situations where the quota limit is exceeded or about to be exceeded you should contact you SharePoint farm administrator or support desk to request an increase. You may also find that your organisation has policies and procedures in place to deal with quota increase requests that define what constitutes a valid business reason for an increase and how to go about the request process.

How do I know when I am approaching my quota limit?

Over time and regular use your storage use will likely increase so how will you know if you are at risk of hitting the limit?

Firstly, SharePoint will proactively alert you to the fact that you have almost reached the current quota limit by flagging​ this at the top of the web page when you are on your site as shown below.

Second, SharePoint will send those identified as the Site Collection Administrators an email notifying them that the quota limit has almost been reached.

How Can I find out how much storage I am currently using?

Determining how much of your quota has currently been used is quite easy if you are the site owner i.e. you have Site Collection Administrator access to the site.

To view your current quota limit, how much storage your site is using and what within the site is using the storage simply go to the Site Settings for your site and click on Storage Metrics under the Site Collection Administration options e.g.

The page displayed looks something like this (obviously your metrics will be different)…

Storage Metrics

What happens if the storage limit is reached?

You will continue to be able to upload and create content until the quota is exceeded. This means that if for example you have 1Mb left of you quota you will still be able to upload a 200Mb file. Once the file is uploaded though, the quota will have been exceeded and no more updates or uploads will be possible until the storage used is brought back below the quota limit.

When the quota limit is exceeded an email is sent to the site collection administrator notifying them.  The email send includes a reference to the site with a URL, has links to the recycle bin and storage metrics for the site, and displays the site statistics (current usage). In addition to this email, a message is shown at the top of every page in the site. Unlike warnings, this message is seen by all users and is shown on every page of the site.

Quota Exceeded Banner

You cannot add content to a site that has exceeded its quota. This applies to list items as well as document/file based content. If you try to create, upload or drag and drop content you will receive an error message informing you of this e.g.

This message will also be displayed if you attempt to add a new App to your site after exceeding the limit.

How do I free up space on my site?

You might think that the answer to this question is simple…”just delete content I don’t need from my document library”. This is find if you are still within your quota limits. Unfortunately, once you have exceeded your quota, simply deleting content won’t work as it is put in the recycle bin and that also counts against usage. In this scenarios you will need to remove items from the recycle bin first to free up enough space. If there isn’t enough space freed up by the recycle bin, you’ll need to delete something from the site first and then remove it from the recycle bin. Note that unless you are a site collection administrator you can only see your personal recycle bin.
Even if you are a site collection administrator, the “empty the recycle bin” link provided in the red or yellow banner only takes you to the personal recycle bin for that user. If you are a site collection administrator and you want to see the recycle bin for all users go to Site Settings > Recycle Bin. This will take you to the administrative recycle bin page where you can see end user recycle bin items for all users as well as items deleted from the end user recycle bin (the second stage recycle bin).
Note: you do not need to delete items from the second stage recycle bin in order to clear up space as content stored here apparently does not count against your quota.

Leave a comment

Filed under Office 365, SharePoint, SharePoint Online

Customising Overlay Colours in SharePoint Calendars

It was recently noted by one of our technical team that when setting up Calendar overlays the list of colour​s available seemed a bit screwed up with the same colour name appearing next to different colours. This issue is a result of the colour palette used to generate the custom Look for all sites in our SharePoint environment and is actually not a currently defined by Microsoft as a bug even though it would be nice to have a bit more clarity and control of how these are determined. So the question was asked ‘can we change these colours?’

I have done some additional research and confirmed that the colours presented to the user for calendars are generated by SharePoint based on the theme selected for the web site (in our case the custom Look) and not immediately customisable for calendars out of the box. Specifically each one of the 9 colours defined comes from the definition of Accent 1-6, Hyperlink, and 2 of the text/background theme colours in the custom Look. This is why the first 6 colours map directly to a colour defined by the accent shown in the SharePoint Color Palette Tool. I think the Hyperlink text/background colours are generated based on the definitions within the custom Look.

There are a number of solutions for implementing customisations but these are point solutions that apply to a specific calendar in a specific site and end users would need to deploy the solution themselves to customise the colours in their calendars. We could possibly look at updating our custom site provisioning app to deploy this customisation with a calendar when the site is first created.

For future reference here a few of possible point solutions (all use a similar approach)…

Leave a comment

Filed under General SharePoint Development, SharePoint, SharePoint 2010, SharePoint 2013, SharePoint Online

SharePoint app icon and version different in Site Contents to ‘add an app’ area

I recently deployed a new version of a provider host SharePoint app that updated the app icon and the app name. Whilst the deployment was successful and I could see the new name and icon in the ‘add an app’ area of team sites the appearance of the app as it exists in the Site Contents had not changed. When a new team site is created this custom app is pre-provisioned on the site so the user doesn’t have to add it themselves. Because of this I thought maybe the change would only occur for new teams sites that are created so I created one to check. Unfortunately this wasn’t the case and the original default icon and old app name were still associated. I also noticed that the version was not correct but strangely, if I clicked through from the app to the app details page it showed the correct details for the new version, the name was correct and the new app icon was displayed.

After working through some possible reason I found that whilst the app had been deployed I hadn’t been to the app catalog for and allowed it to push out the update.

To do this I went to the app site for the SharePoint tenant (e.g.  <tenant url>/sites/apps) and then went to the Site Contents. Here I found a note under the app “An update for this app is available.” with a link on the word update. I then clicked through the update link. Here I found that whilst the “Add It” button was disabled SharePoint was recognising a new version was available and providing a button titled “Get It” (shown below).updateAppSnapAfter clicking on the Get It button I was asked to verify the trust in the app which I did and once I returned to an existing team site and refreshed the Site Contents view found that the icon, name and version details were all updated to the new values.

 

Leave a comment

Filed under SharePoint, SharePoint 2013, SharePoint Online

Provider Hosted App Error – Invalid issuer or signature

I was recently redeploying a provider hosted SharePoint app from development to production. I had completed the app component of the deployment but hadn’t made any changes to the web component. The updates to the SharePoint app, in this case a new icon image and more meaningful app title, were successfully deployed and I could see them. I was able to add the app to a site with no problems but when I tried to run the app and was redirected to the azure web site I received the following error:

                 System.IdentityModel.Tokens.SecurityTokenException: Invalid issuer or signature

For the life of me I could sort out what had happened to cause this error or how to fix it as everything seemed to have worked correctly with the deployment.

Eventually I worked out what had happened. I had deployed the app from development to production but had not corrected the Client Id and Client secret to the values that had previously been generated for production. This meant that when the user was redirected to the production azure web site the client details in SharePoint, in this case from development, did not match those configured into the associated Azure web site and the end result was the above error. Once I returned to the visual studio solution and corrected the Client Id/Secret in the web.config and the publishing profile and deployed a new version of the app component the issue was successfully resolved.

Leave a comment

Filed under SharePoint, SharePoint 2013, SharePoint Online

Free ‘second shot’ on Microsoft Cert Exams is back!

From today (5th January 2015) until the end of May this year Microsoft is once again offering those wishing to sit a Microsoft Certification Exam a second shot at passing the exam if they fail the first time around.

There are of course conditions associated with the offer but these are clear and reasonable such as booking the retake within 30 days of sitting the first attempt.

Full details can be found at the Microsoft Born To Learn blog

Leave a comment

Filed under Computers and Internet, General SharePoint Development, Office 365, SharePoint, SharePoint 2010, SharePoint 2013, SharePoint Online, Wollongong .Net Users Group

SharePoint 2013 Sales Specialist

Great news. I just successfully compeleted the Microsoft Partner Network course and exam for the Pre-sales Technical Specialist qualification. So the correct title is Microsoft Sales Specialist: Collaboration, Content Management and Search. Here is the associated official logo…

SalesSpecialistLogo

Leave a comment

Filed under Office 365, SharePoint, SharePoint 2013, SharePoint Online