Category Archives: Office 365

SharePoint Announcements from Microsoft Ignite 2018 – User Group Presentation

Thanks for everyone that came along to the Sydney SharePoint User Group this month. It was great to be able to deliver so much exciting SharePoint news following all the announcement made at Microsoft Ignite. Given Microsoft Ignite now covers far more than just SharePoint it takes a while to distil the SharePoint specific announcements from over 700 sessions that were presented over 5 days at Microsoft’s biggest conference of the year.

I’ve kept the presentation to just the User/IT Pro announcements (sorry developers I couldn’t fit all the news into a 1 hr presentation!)

Feel free to take this presentation and use it for your own user groups or internal within organisations.

SPUG-MSIgnite-Announcements

Open slide deck: SharePoint-User Group-Sydney-Microsoft-Ignite- 2018-SharePoint-Announcements-Slides-Deck

Microsoft Ignite 2018 – Office Developer Announcements

As the dust settles on Microsoft Ignite for another year I’m left going back over my notes and recalling discussions I had for all those key announcements, advice and snippets of gold that will have a real impact for Office developers.

If you are looking for a high level list of announcements made at the conference, the Ignite Book of News is a good place to start although it doesn’t cover many of the announcements that were made in the Office Developer area – this book covers a lot of the Azure announcements, which most Office developers will have a mild interest in (we have to host our code somewhere!)

Here’s some of my favourite announcements:

Do more with new upcoming SharePoint development capabilities announced at Ignite 2018

  • Call Microsoft Graph and Web APIs and deploy Extensions across your SharePoint sites
  • Deploy your web parts and application pages to Microsoft Teams
  • Connect across components with dynamic data capabilities
  • Deliver complete applications with application pages
  • Harness more of SharePoint with new Microsoft Graph APIs

Microsoft Graph @ Ignite 2018

  • Managed access to Microsoft Graph (data connect to bulk export to Azure subscription)
  • Notifications API
  • Dynamics is now in Microsoft Graph
  • New PowerApps templates
  • Security API
  • Microsoft Teams, Messages, Calendars, Files, and Folders

Microsoft Authentication Library (MSAL)

  • In preview but suitable for production use
  • Capable of reaching both v1 and v2 services
  • MSAL JavaScript library for serverless implicit flow scenarios

I thought this years conference was very well run and the volume of people moving about the conference centre wasn’t overwhelming. I had a lot of fun meeting new people and reconnecting with old friends. It’s great to have such knowledgeable Microsoft staff accessible on the expo hall floor (both from a Marketing and Engineering side) to discuss particular scenarios, technologies, ad bounce ideas off.

 

Office Add-in Manifest Updates – Deployment timing and potential URL issues

cameron-dwyer-office-developer-365-logoOne of the critical components of an Office Add-in is the add-in manifest. This is the xml file that describes how your add-in should be activated when an end user installs and uses it with Office documents and applications. This manifest contains references to URLs where your web application resides and also to other resources for your add-in such as images to show on ribbon buttons and task panes.

Your manifest.xml file is uploaded to a central location where it is made available to users of your add-in (this may be a public location such as AppSource or the Office Store).

When users acquire your add-in a copy of the manifest.xml file is cached onto the host device and is only periodically resynced if the manifest.xml file is subsequently updated in AppSource/Office Store.  I have seen this take weeks on some combinations of host products/devices.

You need to be careful if you are modifying your application and the changes involve modifications to the URLs in the manfiest.xml file. Imagine your add-in has been deployed and is in use by many users. The manifest.xml file might look similar to the fragment below (notice the SourceLocation URL on line 13).

cameron-dwyer-office-addin-manifest-redirect-01-manifest

That SourceLocation URL (line 13) is the main page of the add-in that gets loaded into the Task Pane when the add-in is launched. Lets imagine you change the structure of this add-in so that the starting page of the app is now https://www.contoso.com/apps/search/index.html

For this we would change the SourceLocation DefaultValue from “https://www.contoso.com/search_app/Default.aspx
to “https://www.contoso.com/apps/search/index.html

How do you go about deploying the updated manifest file that points to this new URL?

If you update the manifest.xml file with the new URL you then have to go through the AppSource/Office Store submission process to get the new manifest approved. You are far from 100% in control of the approval process so you don’t know when the new manifest will get approved and thus when the new URL will come into effect. So do you need to keep your application running at both the old and the new URL at least until the new manifest is approved? It gets a little worse than that though, it seems the deployment of a manifest change can take weeks to reach “saturation” whereby it had propagated down to all client host product caches and the old manifest is no longer being used. I can’t exactly tell you how long this process takes and if it ever fully reaches “saturation” as I’m still seeing some users hitting my service on a URL in a manifest that was superseded almost 3 months ago!

Rather than keeping your old and new application running side by side, the approach I have taken that works quite nicely is to put in place temporary redirects from any URLs that were present in the old manifest and have changed in the new manifest. I suggest creating these as temporary redirects as you will be able to monitor your traffic over time and know when you have reached saturation and you stop getting users coming in on URLs from old manifests. If you use permanent redirects, this may get cached by the client and next time the client will have done the redirect itself and you will no longer be able to track if the new manifest has been deployed or it’s an old manifest being redirected via a client side cached redirect.

How do you go about implementing temporary redirects? Well this depends on what you’ve developed your website using and how you are hosting it. In my case I am hosting the app as a Web App in Azure, redirects can be configured in the web.config file that is located in the root folder of the Web App.

Below is an example web.config file that would achieve that temporary redirection.

cameron-dwyer-office-addin-manifest-redirect-02-redirect-web-config

Allowing different Azure AD app registration permission sets for a single app (user and elevated admin consent) using the v1 auth model

With Azure Active Directory Application Registrations there are two versions of authentication model available.

v1 – all the permission scopes that your app may require must be consented to by the user up front.

v2 – permission scopes can be asked for dynamically as your app is running, if the user hasn’t already consented to the required permission scope then they will be challenged for consent at that time

v2 is a far more flexible model as it allows users try out and/or start using your app without having to consent to everything your app could ever want to get access to. After getting comfortable using the app, as the users explore and use more specific and advanced features in your app, you can ask for further permissions. Even more advantageous, certain API calls require a tenant administrator to consent to the permission on behalf all users. With v2 auth model end users can use features of the app that they have authority to consent access to, and then if a admin consents to some of the admin only permissions then even more features could be lit up in your app.

Here’s a good rundown on the state of app registration and auth in a recent episode of the Microsoft Cloud Show and you can read about the difference between v1 and v2 auth in the official Microsoft docs.

The Problem

Not all backend service APIs support the v2 auth model, and you can’t mix and match v1 and v2 auth model. If one or more of the backend service APIs you require only supports v1, then your entire app (and access to all service APIs) will be done using v1. At the time of writing the Microsoft Graph supports v2 auth, but SharePoint only support v1 auth. There is a technique for taking an refresh token acquired using v2 auth and exchanging it for a SharePoint access token but this technique can only be used from a custom Web API, and not from a Single Page Application (SPA) as it’s not safe to expose a long lived refresh token in client side code (i.e. JavaScript running in the browser).

This means there’s situation where you are stuck with v1 auth for now. Under v1 auth if your app has at least one permission that requires admin consent, then ordinary users are not going to be able to simply start using your app on there own, we are back to the days of having to “go through IT” to have an admin approve the app before it can be used.

The Solution

Well, it’s not a silver bullet solution that is going to fix any scenario, but the technique I’ll discuss here allows you to define two sets of permissions for your app. One set of permissions that contains just the minimal set of permissions to get users started using your app (you wouldn’t want any permission that require admin consent here) – We’ll call this the User Permission Set, then a second set of permissions (that contains those tougher to get approval for permissions that require admin consent) – We’ll call this the Elevated Permission Set.

What we are aiming for is the app to run with just the restricted User Permission Set (so that anyone can quickly start using your app) but maybe not with all the features enabled, and then allow an administrator to optionally provide consent on behalf of all users which then allows the app to use the Elevated Permission set (for all users).

I’ll assume you have already been able to create an app that successfully authenticates and consents a user against a single permission set (here’s a good starting point with Azure authentication concepts if you aren’t to this stage yet)

Step 1 – Create an Application Registration per permission set

Create an application registration for both the User Permission set and the Elevated Permission set (this will be a superset of the User Permission set). These registrations should almost be identical (e.g. same Reply URLs), but they will have different Application IDs, and obviously different permissions to represent the different permission sets. We will call these the User App Reg and the Elevated App Reg.

Step 2 – Change the normal auth flow to try to acquire tokens using the Elevated App Reg first

Your normal auth flow would be to try to acquire an access token for the service endpoint specifying the App Reg Id. Now we have two possible App Reg Ids, so what we do is that we try to acquire the access token first using the Elevated App Reg Id. If you are able to get the token then you are away just like the normal app flow (in this case consent must have been granted by an admin previously). But here’s the trick, if you fail to get the token (and the reason returned is that you need to prompt for consent) then proceed with your standard flow to acquire the token this time using the User App Reg Id and prompting for user consent if required. This way the user is able to start using your app as they will have authority to consent to the User App Reg.

Step 3 – Track which App Reg Id is in use

Once this auth flow is complete, track in the state of your app which App Reg Id you successfully acquired the token for, as that token will only work with the App Reg Id used to acquire it. Example: if the call to acquire the token using the Elevated App Reg Id worked then all future calls should specify the Elevated App Reg Id.

Step 4 – Conditionally protect features that require the Elevated App Reg

Now you are tracking which App Reg is in use you will know when your app only has the restricted User Permission Set. You can use this to hide features or prevent them from being used.

Step 5 – Expose a way for administrators to provide admin consent

Somewhere in your app you can provide the ability (e.g. a button) for a an administrator to provide admin consent. This will just launch the prompt for admin consent login URL and (always use the Elevated App Reg Id for this). Now when a user tries to use the app (see step 1) the attempt to acquire the token using the Elevated App Reg Id should work since an administrator has provided the consent.

If you are feeling really awesome you could (in the same session of your app) go through your auth logic again without restarting the app the discard the tokens you will have acquired against the User App Reg and get new tokens now against the Elevated App Reg and light up those new feature of your app immediately.

Video example of an Outlook Add-in utilizing this technique to provide user and elevated permission sets within a single add-in and allowing an admin to dynamically provide consent enabling additional features.

 

 

 

Digital Workplace Conference – Melbourne 2018

cameron-dwyer-conference-speaker-digital-workplace-melbourneAs the Digital Workplace Conference comes to a close for another year I’d like to reflect on what a great event this is for the Office 365 and SharePoint community in Australia and thank the people behind the organisation of the conference, in particular Debbie Ireland and Mark Rhodes.

This year I was fortunate enough to be included in the lineup of amazing speakers, many who had travelled internationally to be here for the event.

My session was on the topic of Office Add-in development and I’d like to thank everyone that attended the session and the passionate people who came to talk to me after the session as well. My slide deck is available here:

DWC 2018 – Getting Started with Office Addins

I have in the past pondered if conferences are still relevant in the modern era of video training, social media and plethora of information available on the internet. Two days immersed in this conference gives me no doubt that conferences are still a highly valuable medium for education, awareness, training and more importantly direct and open access to experts. It hard to imagine another environment that brings together so many experts that are happy to discuss and understand your scenarios, pains, challenges and success stories and talk through options, past experience and thoughts on the topics.

Personally I was able to meet some awesome people that I follow and have been “virtually” taking advice from for years.

I also had the opportunity to talk to a lot of attendees and love to hear the many varied stories of how organisations are using the technology and where they are looking to go in future.

Here’s some of my photos from the event.

 

 

 

Wonder what a Microsoft 1:1 hackathon looks like? OnePlace Solutions Teams/Graph Engagement Experience

microsoft-teams-logo.jpg

I was fortunate enough to be involved in a 1:1 hack engagement with Microsoft recently where OnePlace Solutions hosted some eager Microsoft engineers for a week long engagement. The intention was to see how we could harness some of Microsoft’s new Teams extensibility options and the Graph API, and for Microsoft to identify limitations or areas for improvement.

The format of the event:

  • brainstorming possible ideas ahead of the event itself
  • discussion and selection of a few possible ideas
  • splitting up into teams and scoping what were would try to achieve within the scope of the hack
  • working in a compressed scrum process (daily stand-ups, task refinement and retros)
  • present to a wider audience on the last day of the hack to show what had been achieved and the business benefit

It was amazing to see how quickly the Microsoft engineers were absorbed into our development team, brought up to speed with our existing code-base, and starting to deliver functionality.

The real takeaway and reason for writing this article it just to let everyone know what an awesome opportunity these engagements are from Microsoft, a bit of what you can expect and that I highly recommend getting involved if the opportunity arises.

What did I see as the biggest benefits to our business of doing this hack with Microsoft?

The tips, tricks and work pattern knowledge sharing that occurred only comes when you truly try to work together on a project and aren’t just academically sharing knowledge. We all work in different ways and by running the hack almost as a true project (in a condensed form) there is a lot more than just the coding that is being discussed. VSTS, scoping, work item tracking, design white-boarding sessions, daily stand ups, retros, git source control, review of pull requests. All this is outside of the actual coding and using the technology being hacked on, but it is also a critical piece of developing in an efficient, scalable and measurable way.

Accelerated and focused learning on new technologies. The speed of getting across where a technology like Teams extensibility is up to, what’s possible when applying to problems we are trying to solve, and that hard first mile of understanding the frameworks, dependencies, and tooling to get the first hello world skeleton running.

Outside of the technology it’s a great opportunity to meet and build relationships with people who share a similar passion and spend a lot of their time working to solve similar problems. At OnePlace Solutions we are a passionate bunch of technologists that enjoy working in a social and supportive environment – from what I’ve experienced the hack is a perfect match for the way we work, with Microsoft bringing the same mindset, energy and support to the hack. We spent as much time laughing and discussing topics outside of technology as we did on it. At the end of the day we are social creatures and I found the hack was a perfect environment that bought people together with a desire to want to work together on a common goal, to challenge and push each other to do more in a fun and supportive way, and have a good laugh at the same time. Having access to global Microsoft resources to get definitive answers quickly, removed the amount of wasted time and frustration which allowed productivity, enthusiasm and energy levels to remain high.

We dedicate an amount of time each sprint to R&D, which usually involves educating ourselves in what is possible with new technologies and APIs and often going as far as prototyping code to see what’s possible and where the limitations are. It’s hard to imagine a better return on investment than spending this R&D time with Microsoft in the format of a 1:1 hack.

So a huge thank you to the Microsoft engineers, we had a great time and my advice to anyone thinking of getting involved with these engagements is that they can have great value to your team.

Primer for Modern Office Development – start your journey here

Lets start with a little bit of history, the year was 2008, Windows PCs and Microsoft Office had been entrenched throughout organizations around the globe. We saved all our files on a network drive (if we were smart), or SharePoint if we were really smart and had a dedicated engineer that could keep up with patching it. Sales of Apple Mac had been increasing since the turn of the century and Microsoft had built a version of Office specifically for the Mac and had it running there since 1998. The development story for Microsoft Office had almost exclusively been a Windows only experience, it was quite a rich experience with Visual Studio Extensions for Office allowing Office add-ins to be written in managed code. But I see 2008 as a pivotal year, the landscape of IT usage was about to change in a very disruptive way… Apple had just launched the first version of the iPhone.

In the decade since this moment we have seen a shift towards an always connected, productive on any device world. Microsoft Office was changing dramatically to keep pace with the demands of this changing world. Office was already on the Mac, but fast forward to today (2018) and we have:

  • Office for Windows – the original and still a powerhouse with all the bells and whistles
  • Office for Mac – a very mature product suite that doesn’t lag far behind the Windows offering
  • Office Online – any device with a web browser can not only read but also have a rich editing experience
  • Office for iOS – native applications for iPhone and iPad
  • Office for Android – native applications for Android devices

As you can see in those 10 years a lot had changed, and we don’t even know where our files are physically stored anymore, they are just up there, somewhere, in the Office 365 cloud.

That lead to 2 radical shifts for Office development:

  1. The development technology for extending Office needs to run everywhere that Office does. The one run-time technology that is consistent across all of these devices is the web browser. This meant the shift to web technologies and developing web application (HTML5, JavaScript, CSS). Sure each web browser has it’s own idiosyncrasies but the web development world had been working on ways around this for many years and we now have mature frameworks for building web based applications.
  2. We have an opportunity we never had before – users data stored in the Office 365 cloud (with a shiny new API to get to it – the Microsoft Graph API)

So when we talk about Office Development we talk about 2 distinct types of development:

  1. Extending the user experience within the Office applications (i.e. an add-in)
  2. A standalone application that accesses user data stored in the Office 365 cloud.

 

Where to from here?

The best starting place within the Microsoft documentation for developing Office add-ins is

https://docs.microsoft.com/en-us/office/dev/add-ins/

and for accessing user data via the Microsoft Graph

https://developer.microsoft.com/en-us/graph/docs/concepts/overview

 

Further reading

Office Dev Center

https://developer.microsoft.com/en-us/office

History of Microsoft Office

https://en.wikipedia.org/wiki/History_of_Microsoft_Office

History of Visual Studio Tools for Office

https://en.wikipedia.org/wiki/Visual_Studio_Tools_for_Office

History of Office Online

https://en.wikipedia.org/wiki/Office_Online

 

 

Microsoft Insider Dev Tour – Sydney 2018

The Insider Dev Tour is such a great event for Microsoft developers, you get the key announcements and latest news that came out of the Build Conference, delivered locally in a more intimate and interactive environment. Best of all it’s a free event put on by Microsoft.

I was very grateful for the opportunity to present two sessions at the Insider Dev Tour in Sydney last week.

  • Create Productive Apps with Office 365
  • Drive User Engagement Across all your Devices with Microsoft Graph

If you attended I hope you enjoyed the experience as much as I did. The following are links to the resources mentioned during the presentations.

Microsoft Graph Explorer

Adaptive Cards Visualizer

Insider Dev Tour Labs

Github repo of demos from the Create Productive Apps with Office 365 session

Github repo of demos from the Microsoft Graph session

insider-dev-tour-sydney-cameron-dwyer-mvp-graph-api-office-365-microsoft

 

View My Office 365 Apps (add-ins) and remove consent

If you would like to see what add-ins and other apps you have consented to (and what permissions you have granted) you can visit this magic URL

https://myapps.microsoft.com

You should see a list of all add-in and apps from where you have the option to ‘Remove’ or ‘Get Info’.

remove-consent-office-365-addin-app.jpg

 

Selecting ‘Get Info’ lists all the permissions granted:

consent-permissions-office-365-addin-app.jpg

The remove option allows you to remove (revoke) consent. If you were to use the Office app again you would be prompted for consent (permissions) again.

SharePoint Conference NA – The photos and my takeaways

SharePoint returning to Vegas, would it work like the days of old? There is certainly something special about the SharePoint community and this conference had that tight knit community feel to it.

Vegas amazes me at the amount of people it seems to just be able to soak up without really skipping a beat, making it the perfect place for hosting a conference. There’s no transport required to venues and endless dining and entertainment options.

We had a really busy time on the OnePlace Solutions booth, a big thank you to everyone who stopped by to see what our latest products are capable of and keeping us busy. We had more quality conversations than we were expecting, and it’s great to hear peoples passion for SharePoint and Office 365 coming through in those conversations.

While there was a lot being announced at the conference, I was happiest to see metadata in SharePoint finally getting some love. I had thought that SharePoint had lost it’s way a little on the metadata front in recent years. Especially in the shift to modern UI for document libraries and lists. I believe it is the metadata that made SharePoint so valuable for building solutions on top of. So I was super excited to see the modern document library webpart receive a big overhaul in it’s support of metadata.

Lists also got a refresh and I think the ability to generate a list (and columns of the right type) by directly importing a spreadsheet is genius. I think is a fairly common work pattern for users to start playing with tabular data in Excel and at some point it becomes valuable to share – providing such a simple way of moving from Excel to SharePoint should drive adoption of SharePoint lists as the central shared location for this data and then provide a wealth options on what can be done with that data once it’s in SharePoint.

I was technically impressed (and surprised) by the augmented reality of SharePoint Spaces and the work that had been done to bring this to the masses. I think it appeals more to the content management space than the document management, file management, collaboration and business workflow process areas I typically work in.

Below is a quick video of my reaction after the keynote.

 

 

%d bloggers like this: