Friday, April 21, 2017

Creating a .pnp provisioning template file

SharePoint Patterns and Practices

After my demo on the PnP screen cast where I showed a provisioning solution based on PowerShell and Azure web jobs, I’ve had some questions about how you go about creating the .pnp files we use for provisioning templates.

There are basically two options, and it’s quite easy. For full samples run Get-Help <command> –Examples on the command lets. If you want to use code instead of PowerShell, look at the PowerShell code in github and see how it’s all implemented.

Generate .pnp file from a site

Connect to the site, and then run:

PS:> Get-PnPProvisioningTemplate -Out template.pnp

By naming the output .pnp, you get a .pnp file instead of and .xml file.

Generate .pnp file from a template xml file

This works for both a single .xml file, or one referencing artifacts.

Make sure the .xml file and all artifacts are stored in a folder. Then run:

PS:> Convert-PnPFolderToProvisioningTemplate -Out template.pnp -Folder c:\temp

It’s important that the .pnp file has the same name as the .xml file inside the folder, due to convention when applying the template, as you can have multiple .xml files in a complete template referenced with <xi:include> statements.

Improved navigation for Office 365 Groups

A colleague showed me yesterday that now you can actually navigate from a Group site to any other resource. Just click the site title, and a menu appears. I have no idea when this was rolled out, and kind of difficult to discover – but hey, it’s Friday, so let’s celebrate that things are improving making life easier.


Wednesday, April 19, 2017

Why the new Microsoft is cool–rapid bug fixing

I had a customer report that the label when closing a card in Planner gave the wrong impression of the actual action. The term used was “Forkast”,(English “Dismiss”). The labeling gives the impression that whatever changes you have made are not saved, which is not the case as all changes are auto saved.

Norwegian text when closing a task card in Planner

I reported this to Microsoft in a translation forum I’m part of at Linked-in, and lo and behold, one week later Microsoft changed the label in all languages, where the English label now is “Close”. “Close” communicates the correct action a lot better indeed :D

A tiny step, but a one week turnaround on this is awesome!


Wednesday, April 12, 2017

SharePoint PnP Webcast – Provisioning with PnP PowerShell and Azure WebJobs

I had the pleasure of doing this web cast with Vesa Juvonen recently where I do a demo of how you can set up a pretty simple provisioning solution to let users order new team sites in SharePoint Online using an order list, and an azure web job to do the heavy lifting. A simple solutions with only two technical components, a SharePoint site and an Azure web job using PnP PowerShell.

The complete sample is located at the PnP repo ( and contains everything you need to get up and running.

PnP webcast post:

I’m currently doing the same approach for Office 365 Groups with a customer, so watch out for a sample on this later as well.

Wednesday, April 5, 2017

I’ve been a podcast guest twice in the past month

Curious on what I sound like if you’ve never met me? Now is your chance.

I was recently a guest at Tobias Zimmergren’s Rencore Tech Talk episode 6, where we talked about PnP provisioning and how you can configure SharePoint sites.

And I also was a guest on episode 120 of the Office 365 Developer Podcast with Richard diZerega and Andrew Coates, where we talked about development, provisioning and more.

Friday, March 31, 2017

Context to function, Function to context – confused already? (a story about Classic sites, Office 365 Groups, Teams, and navigation)

If you don’t care about the backdrop or thought process, skip to the end about how I envision Office 365 Groups to help organizations in the future.

Once upon a time someone came up with the idea that using a web site was a good way for people to collaborate at work. Thus, SharePoint was born, and many office workers have over the years learned to love and hate SharePoint and all that comes with it.

The SharePoint team site was a place to go to collaborate and find resources related to a project, department, customer, special interest group; and the list goes on. It was the landing page for a particular context. On the front page of the site you could see documents, links to external resources and other useful information. You could even have a news feed and later Yammer embed to bring enterprise social into the fold. And this is very much what you see in present day SharePoint use as well. Dashboards and pages with contextual information en masse.

Wednesday, March 29, 2017

SharePoint Search Query Tool v2.6

It’s been a year and figured I’d put out a small fix release.

The tool should now work properly with ADFS, UAG and TMG. We’ve also fixed the issue with multiple SPO tenants, where the application now prompts you each time without any cookie crumbs sticking around. You can even switch tenants without closing the tool.

As for new features I added a “Copy to clipboard” button which copies the raw JSON/XML of the result to the clipboard. Works a lot better than selecting from the raw tab.



Tuesday, March 28, 2017

Restoration of a deleted Office 365 Group is launched!

Johan Åslund tweeted about a support article showing how to restore an Office 365 Group using Powershell. This is a long wanted feature, and you will be able to restore a soft deleted Group within 30 days of it being deleted. Recovering the whole Group. Later the functionality will be available in the Office 365 admin UI.

The article is dated March 16th, so seems they have slipped this awesome news by us on the back channel. The news is also listed on the Office 365 Roadmap as launched.

If you have waited on this before recommending usage of Groups, now there is no stopping you.

You cand find the support article at:

Monday, March 27, 2017

Controlling Groups creation in a tenant using the AAD V2 PowerShell module

Recently I wrote a post how to set classification on Office 365 Groups. If you want to restrict or govern who can create Office 365 Groups, you can basically use the same script. I’ve adapted the steps from Wictor Wilén’s post which uses the old commandlets.

If you want total lockdown except for tenant admins, remove the GroupCreationAllowedGroupId lines, but I recommend setting this to some IT related AAD group to allow some group creation. For a customer we have a custom Groups ordering process, which works regardless of policy settings, allowing full control of Groups creation.

A quick note, at the time of this writing you have to use the preview commandlets as the released one is missing the settings commands needed.

Find-Module AzureADPreview #ensure it's in the list
Install-Module AzureADPreview
Import-Module AzureADPreview
$credentials = Get-Credential
Connect-AzureAD -Credential $credentials

#AD group which should be allowed to create groups
$group = Get-AzureADGroup -SearchString "-Group creators-"
if($group -eq $null) {
    Write-Host "You need to change the script to limit groups creation to a specific AAD group" -ForegroundColor Red

# Try to fetch settings
$policySetting = Get-AzureADDirectorySetting | Where-Object {$_.DisplayName -eq "Group.Unified"}

if ($policySetting -eq $null) {
    $template = Get-AzureADDirectorySettingTemplate | Where-Object {$_.DisplayName -eq "Group.Unified"}
    # Create the settings object from the template
    $settings = $template.CreateSettingsObject()

    # Use this settings object to prevent others than specified group to create Groups
    $settings["EnableGroupCreation"] = $false
    $settings["GroupCreationAllowedGroupId"] = $group.ObjectId
    # (optional) Add a link to the Group usage guidelines
    $settings["UsageGuidelinesUrl"] = ""

    $policySetting = New-AzureADDirectorySetting -DirectorySetting $setting
else {
    $policySetting["EnableGroupCreation"] = $false
    $policySetting["GroupCreationAllowedGroupId"] = $group.ObjectId
    $policySetting["UsageGuidelinesUrl"] = ""

    Set-AzureADDirectorySetting -ObjectId $policySetting.Id -DirectorySetting $policySetting

Tuesday, March 21, 2017

Why you need to pay attention to Office 365 message center updates (Auto creation of Direct Reports Office 365 groups coming)

Image result for mayhem
[Update 2017-03-22]
As there was a community outcry against this rollout, Microsoft has decided to limit the rollout. You can read about it in MC96611. This means that if you have the message MC94808, then you are eligible for the rollout. If not, then wait and see what happens in the future.

We listened to your concerns and have decided to limit the rollout of this feature to a smaller set of customers (notified via MC94808) whom we will work with directly to ensure feedback is considered, and the feature has a positive impact. We thank you all for your constructive feedback, we have learned a few lessons and look forward to continued Group innovations in the future.

There was a news item (MC96611) which peeked my interest in the Office 365 message center the other day about auto creating Office 365 Groups for “direct reports”. The support article states:
Beginning in April 2017, managers who have 2-20 direct reports, do not already have a direct reports group, and have permissions to create groups in Outlook, will automatically have a private group created for them with their direct reports. The manager will be added as an owner, and the direct reports of the manager will be added as members by default. The group will be named "<Manager's Name>'s direct reports", but that can be edited.
From the message center we get the following information:

What do I need to prepare for this change?

If you are looking forward to this, there is no action you need to take. Get yourself familiar with Office 365 Groups, update your user training, and notify your helpdesk, as needed.
If you would like to leave Office 365 Groups enabled for your organization but turn off direct reports groups creation, we have provided controls to enable and disable. Please click Additional Information to learn more.


I can just imagine all the larger companies out there missing this information suddenly getting a plethora of AAD groups which the IT dude will just faint over. So the real action here I suspect is to head over to the support article and read how to opt-out from this change.

There's a long thread on the topic over at the Microsoft Tech Community if you want to chime in.