Tuesday, January 30, 2018

Options to access logos of Office 365 Groups while in SharePoint

Image by Jon Moore on Unsplash

I’m creating a couple of solution these days which will list Office 365 Groups, both public and private, as well as Groups you don’t have access to. Much like the discover function you have in Outlook, except with added filtering on custom metadata for the groups.

Querying for Office 365 Groups using the Microsoft Graph is quite easy, but retrieving an image URL for the groups logo, is inherently hard, especially if you don’t have access to the group.

The available options as far as I have discovered are as follows:

A forth option is also possible, but you need to consider if this will potentially be a security issue for you.

Enter SharePoint Online CDN

Office 365 comes with a handy CDN capability for SharePoint, and the idea is to expose the SiteAssets library of the sites via the public CDN endpoint. This means that any user can access the site logo via SharePoint without having explicit rights to the site.

And this is where there could be security concern. If a user knows the name of an image in SiteAssets of a site he/she does not have access to, the file can be accessed via the CDN URL. The following file types are by default exposed via the public CDN: CSS,EOT,GIF,ICO,JPEG,JPG,JS,MAP,PNG,SVG,TTF,WOFF. I’m no security expert, but I would say the security risk is low.

Once the public CDN is set up correctly using the steps below, you will be able to access a groups logo via the URL: https://publiccdn.sharepointonline.com/tenant.sharepoint.com/teams/mygroupsite/siteassets/__siteicon__.jpg

# SPO management commandlets - https://www.microsoft.com/en-us/download/details.aspx?id=35588

# Connect to your tenant
Connect-SPOService https://contoso-admin.sharepoint.com

# Enable public CDN on the tenant
Set-SPOTenantCdnEnabled -CdnType Public -Enable $true

# Add SiteAssets libraries to the CDN
Add-SPOTenantCdnOrigin -OriginUrl */SITEASSETS -CdnType Public

It takes a little while before the CDN is working, so be patient. You can call Get-SPOTenantCdnOrigins -CdnType Public, and check the status.

You can also enable CDN using the Office 365 CLI, a cross platform interface for managing different aspects of Office 365.