OpenID Connect describes a metadata document that contains most of the information required for an app to do sign-in. This includes information such as the authorization endpoint, token endpoint, tenant region scope, etc. For the discovery endpoint, this is the OpenID Connect metadata document you should use:
Establishment of policies, and continuous monitoring of a proper implementation, by the members of the governing body of an organization. It includes the mechanisms required to balance the powers of the members (with the associated accountability), and their primary duty of enhancing the prosperity and viability of the organization. Governance is not about limiting the freedom.
A group lifecycle policy allows administrators to set an expiration period for groups. For example, after 180 days, a group expires. When a group reaches its expiration, owners of the group are required to renew their group within a time interval defined by the administrator. Once renewed, the group expiration is extended by the number of days defined in the policy. For example, the group’s new expiration is 180 days after renewal. If the group is not renewed, it expires and is deleted. The group can be restored within a period of 30 days from deletion.
It is a good practice to find teams and groups without owners. We can get this information from Teams Admin Center as shown below
Assign minimum two owners
Create a PowerShell script to find the orphan groups on a weekly or monthly basis and send reports to admins.
Potentially Obsolete Teams and Groups
Analytics and reports will help you create different reports to get insights into how users in your organization are using Teams. Your organization can use the information from the reports to better understand usage patterns, help make business decisions, and inform training and communication efforts.
As we noticed from the Teams Admin Center, this is not a rich report. Tony Redmond has written an awesome PowerShell script that can reveal unused teams or groups.
Guest access in Teams
Guest access in Teams lets people outside your organization access teams and channels. You can control the guest permissions on Teams meeting and messaging from the Teams Admin centre.
The following functionalities are not available to a guest in Microsoft Teams as of today:
OneDrive for Business
People search outside of Teams
Calendar, Scheduled Meetings, or Meeting Details
Create or revise a team
Browse for a team
Upload files to a person-to-person chat
Adding team’s classification helps us to group the teams with restrictions such as guest access, meeting policies, etc.,
We use group naming policy to enforce a consistent naming strategy for Office 365 groups created by users in your organization. A naming policy can help you and your users identify the function of the group, membership, geographic region, or who created the group.
Microsoft Graph is the gateway to data and intelligence in Microsoft 365. Microsoft Graph provides a unified programmability model that you can use to take advantage of the tremendous amount of data in Office 365, Enterprise Mobility + Security, and Windows 10.
You can use the Microsoft Graph API to build apps for organizations and consumers that interact with the data of millions of users. With Microsoft Graph, you can connect to a wealth of resources, relationships, and intelligence, all through a single endpoint: https://graph.microsoft.com.
In order to call Graph API you need to have a registered application within Azure Active Directory that has delegated permissions for the API application.
Sign in to your Application Registration Portal(https://apps.dev.microsoft.com).
Click on the “Add an app” button.
Enter the app name and click the “Create” button to proceed further.
Copy Application Id(Client Id) and save it.
Now you need to create the Application Secret. To do so click on the “Generate New Password” button as shown below. Once you click the button a pop-up screen will appear displaying the generated one time password. Copy the password and save it securely. Then click the “Ok” button as shown below.
Add the Microsoft Graph Permission as shown below
Click on the “Save” button to update the changes you made.
Grant Admin Consent
Application permissions are used by apps that run without a signed-in user present; for example, apps that run as background services or daemons. Application permissions can only be consented by an administrator.
To grant admin consent through a URL request:
Construct a request to login.microsoftonline.com with your app configurations and append on &prompt=admin_consent.
After signing in with admin credentials, the app has been granted consent for all users.
The Sentiment Analysis API provided by Microsoft evaluates text input and returns a sentiment score for each document, ranging from 0 (negative) to 1 (positive). This capability is useful for detecting positive and negative sentiment in social media, customer reviews, and discussion forums. In this article I am going to show you how to send the feedback entered in a SharePoint online modern list item to Sentiment Analysis API and update the response back in SharePoint. Also I am going to show how to beautify the Sentiment score with emojis using column formatting feature.
Create a SharePoint list with the following columns
At the top of the list, click Flow, and then click Create a flow.
Select the below flow template from the right-hand panel.
Follow the instructions on the Microsoft Flow site to connect to the list we have created. Credentials will be verified for each service used in the flow. For Office 365 services such as SharePoint and Outlook, connections will be created automatically. The next steps will be performed in the Microsoft Flow designer. The first action displayed, also known as a trigger, will determine how the flow will be started. Additional actions may be added after the first. Each new action will be dependent on the previous action.
Next step is to add an initialize variable action to set the value of the current Item Id.
Create a POST request using a HTTP action. Set the HTTP Method, URI, Headers and Body as shown below:
Note: Login to Azure and get the Ocp-Apim-Subscription-Key. Refer this article for steps.
Now let us parse the sentiment score from the response we received from the HTTP action and save the value in a variable using initialize variable action as shown below
Is it possible to host Multiple Provider Hosted Apps in a Single Azure Web Site?
The answer is Yes. If yes how?
Here you go…..
Create Azure Site
Create Required App Folders
Go to azure web site
Click on the Configure link in the top navigation for the web site
Scroll to the bottom of the page and enter the values for your new virtual paths as shown below:
Note: Make sure you check the Application checkbox.
Register your apps using appregnew.aspx page as shown below
Note: Here I am adding my virtual directory sub folder name(App1 and App2) after azure website URL.
Your app manifest file should look like this
Note: Here I am adding my virtual directory sub folder name(App1 and App2) after ~remoteAppUrl. If you don’t have Remote Event Receiver in your app, you do not need to configure InstalledEventEndpoint and UninstallingEventEndpoint.
Publishing configuration(App Web Project) should be something like this
Note: Here I am adding my virtual directory sub folder name(App1 and App2) after site name.
Finally the app package configuration should be like this
Note: Here I am NOT adding my virtual directory sub folder name(App1 and App2).
Create an Azure Website in Azure Portal. In this example, I am going to create an azure website with name “cloud-demo-providerapps”
I wish to use one azure website to host multiple provider hosted apps. So I am going to create separate folders to deploy my provider hosted app files as shown below: (In this example, I am going to deploy my provider hosted app files under “AzureDeployTest” folder.)
Note: It is mandatory to check the application checkbox
To prepare the build, create a new folder in your system(laptop/server). In this example the folder name is “SPOL_Stage_Build_09252015V01”
Download the azure website profile from azure portal and paste it inside the “SPOL_Stage_Build_09252015V01” folder. In this example my azure profile name is “cloud-demo-providerapps.azurewebsites.net.PublishSettings”
Note: This will be done by admin team. So include this in the deployment instruction.
Create a XML file inside the “SPOL_Stage_Build_09252015V01” folder with name “xml” and configure the XML file in the below format
This article provides the steps to package and deploy Provider Hosted App.
I assume you are aware of the following:
Provider Hosted Environment readiness
IIS site setup for remote web deployment
Provider Hosted App Project Setup using VS 2013
Registering an app in the App Registration Page
Setting up Publishing Profile (using high trust certificate)
Package and deploy the .app file in App Catalog from SharePoint Project
Steps to Package & Deploy
Right click on the Web Project and select Publish
Click Next (Note: If required update the IIS Web Application Name, ClientId, ClientSigningCertificatePath, ClientSigningCertificatePassword and IssuerId in the publishing profile. In my case, I have configured all these during the project creation)
In the connection tab select the Publish method as “Web Deploy Package” and update the Package location & Site name as per your environment (refer the below example). Click Next
Select “Release” in the Configuration drop down and click Publish
Now your package should be ready at the package location you have configured in the previous step
Copy the app remote web package to the remote web server you wish to deploy
Open the Command Prompt and traverse to the directory containing the package files
Run the following command: <Command File Name> /y
Example: SiteProvisioningWeb.deploy.cmd /y
Now the deploy command should have deployed the files in the remote web server IIS website.
Access the app and make sure the app is working with the logic you have written.