Page 2 of 27

Microsoft Graph is the gateway to data and intelligence in Microsoft 365. Microsoft Graph provides a unified programmability model that you can use to take advantage of the tremendous amount of data in Office 365, Enterprise Mobility + Security, and Windows 10.

You can use the Microsoft Graph API to build apps for organizations and consumers that interact with the data of millions of users. With Microsoft Graph, you can connect to a wealth of resources, relationships, and intelligence, all through a single endpoint: https://graph.microsoft.com.

Register Application

In order to call Graph API you need to have a registered application within Azure Active Directory that has delegated permissions for the API application.

  • Sign in to your Application Registration Portal(https://apps.dev.microsoft.com).
  • Click on the “Add an app” button.
  • Enter the app name and click the “Create” button to proceed further.
  • Copy Application Id(Client Id) and save it.
  • Now you need to create the Application Secret. To do so click on the “Generate New Password” button as shown below. Once you click the button a pop-up screen will appear displaying the generated one time password. Copy the password and save it securely. Then click the “Ok” button as shown below.
  • Add the Microsoft Graph Permission as shown below
  • Click on the “Save” button to update the changes you made.

Grant Admin Consent

Application permissions are used by apps that run without a signed-in user present; for example, apps that run as background services or daemons. Application permissions can only be consented by an administrator.

To grant admin consent through a URL request:

  • Construct a request to login.microsoftonline.com with your app configurations and append on &prompt=admin_consent.
  • After signing in with admin credentials, the app has been granted consent for all users.

Execute Console Application

  • Download the code sample from this link.
  • Open the solution in Visual Studio.
  • Update the following values in the App.config file
    • TenantId – Office 365 Tenant Identity
    • ClientId – Application Id copied in the app registration process
    • ClientSecret – Password / Public Key copied in the app registration process
  • Save and Execute the console application

Output

Note: Output may vary based on the groups created in your tenant.

Special thanks to @Arutvicky for the code cleanup.

With the profile completeness extension we can encourage or force users to fill their profiles. This sample SPFx extension renders a profile completeness meter where the user can see the score details.

react-application-profile-meter react-application-profile-meter

Used SharePoint Framework Version

SPFx v1.6

Applies to

Solution Author(s)
react-application-profile-meter Joseph Velliah (SPRIDER, @sprider)

Version history

Version Date Comments
1.0 February 13, 2019 Initial release

Disclaimer

THIS CODE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.

Minimal Path to Awesome

  • Clone this repository
    • Open serve.json file under config folder. Update PageUrl where you wish to test. react-application-profile-meter
  • Move to folder where this readme exists
  • In the command window run:
    • npm install
    • gulp serve

Features

This project contains SharePoint Framework extensions that illustrates the following features:

  • Command extension
  • Office UI Fabric React

Notice. This sample is designed to be used in debug mode and does not contain automatic packaging setup for the “production” deployment.

What is governance?

Establishment of policies, and continuous monitoring of a proper implementation, by the members of the governing body of an organization. It includes the mechanisms required to balance the powers of the members (with the associated accountability), and their primary duty of enhancing the prosperity and viability of the organization. Governance is not about limiting the freedom.

Top 4 Office 365 management challenges explained by Marc Anderson and Benjamin Niaulin

  • Lack of visibility on what users are doing in Office 365
  • Group owners need guidance
  • Balancing user freedom with corporate governance requirements
  • Transitioning to a new accountability model

This article explains about different options available to govern Microsoft Teams and Groups.

Manage who can create Office 365 Groups

Because it’s so easy for users to create Office 365 Groups, we can restrict Office 365 Group creation to the members of a security group.

  • To manage who creates Office 365 Groups, we need Azure AD Premium or Azure AD Basic EDU license.
  • Only one security group in your organization can be used to control who is able to create Office 365 Groups. But, we can nest other security groups as members of this group.

Refer this article for more details.

Office365 Group Expiration Policy

A group lifecycle policy allows administrators to set an expiration period for groups. For example, after 180 days, a group expires. When a group reaches its expiration, owners of the group are required to renew their group within a time interval defined by the administrator. Once renewed, the group expiration is extended by the number of days defined in the policy. For example, the group’s new expiration is 180 days after renewal. If the group is not renewed, it expires and is deleted. The group can be restored within a period of 30 days from deletion.

Refer this article for more details.

Orphan Teams and Groups

It is a good practice to find teams and groups without owners. We can get this information from Teams Admin Center as shown below

Best Practices

  • Assign minimum two owners
  • Create a PowerShell script to find the orphan groups on a weekly or monthly basis and send reports to admins.

Potentially Obsolete Teams and Groups

Analytics and reports will help you create different reports to get insights into how users in your organization are using Teams. Your organization can use the information from the reports to better understand usage patterns, help make business decisions, and inform training and communication efforts.

As we noticed from the Teams Admin Center, this is not a rich report. Tony Redmond has written an awesome PowerShell script that can reveal unused teams or groups.

Guest access in Teams

Guest access in Teams lets people outside your organization access teams and channels. You can control the guest permissions on Teams meeting and messaging from the Teams Admin centre.

The following functionalities are not available to a guest in Microsoft Teams as of today:

  • OneDrive for Business
  • People search outside of Teams
  • Calendar, Scheduled Meetings, or Meeting Details
  • PSTN
  • Organization chart
  • Create or revise a team
  • Browse for a team
  • Upload files to a person-to-person chat

Teams Classifications

Adding team’s classification helps us to group the teams with restrictions such as guest access, meeting policies, etc.,

Refer here for more details.

Group Naming Policy

We use group naming policy to enforce a consistent naming strategy for Office 365 groups created by users in your organization. A naming policy can help you and your users identify the function of the group, membership, geographic region, or who created the group.

Refer here for more details.

I am building a SaaS application and I want to serve real customers. In this article I am going to explain different ways to define user roles for a SaaS application and for each approach we will look at the merits and demerits.

Option 1: Adding IsAdmin property at user level

The simplest approach is to add a property IsAdmin at users node level as shown below:

This approach is easy to control but does not scale well when we want to provision things based on different roles. For example, in the future if we are going to have another role like HR Admin, we will have to add another property here like this:

This is not a bad approach but when we add new roles in our application managing this becomes a complex task.

Option 2: Top-level Roles node

Another approach is to have a top-level node Roles and under this node we can add different roles as shown below:

For example, we can have a role name and under this node we can add all the users responsible for this role. In the future if we want to add an additional role we can simply add a new role.

If we are going to have multiple roles in our application, we can see this approach scales better. It is cleaner and more maintainable, but this approach does not scale well when we end up with complex conditional statements in our code.

Option 3: Operation based roles

In this appraoch we are going to manage the permissions based on user operations not with roles as shown below:

This approach gives us the flexibility to control who can do what and enable or disable product features based on the pricing model. Also this can be used to control trail software features.

Best approach

There is no such a thing as best in SaaS product development but personally I like option 3 as I need to define roles in the core and customer database based on user operations. These custom roles come with some maintenance overhead. When we add new permissions, we need to think through whether they should be enabled for each custom role. A careful backfill is required to ensure that these roles get the appropriate permissions.

A special thanks to Mosh who expalined these scenarios in firebase that helped me a lot. Hopefully, this helps the viewers. In future posts we will go a bit deeper about SaaS Application Architrue.

Continuous Integration and Delivery are the foundations of Modern Software Development. Continuous Integration and Delivery process is going to help your team in the following aspects:

  • Revision Control
  • Build Automation
  • Automated Deployment
  • Reduced Overhead
  • Consistent Build Process
  • Confidence and Team Communication
  • Risk Mitigation

In this article, I am going to show you how to set up Continuous Integration and Delivery for SharePoint Framework Web Part using Bitbucket.

Prerequisites 

  1. Bitbucket Repository
  2. SharePoint Framework WebPart Solution associated with the Bitbucket Repository – (Refer – SharePoint Framework HelloWorld example)
  3. SharePoint App Catalog Site to deploy the SharePoint Framework WebPart
  4. Add the following environment variables on the Bitbucket repository level

At this point we are ready to integrate our SharePoint Framework WebPart solution with the Bitbucket Pipelines.

  • Open the SharePoint Framework WebPart solution and upload the following custom gulp tasks provided by Elio Struyf. (Note: Install the necessary npm packages given in the instruction)
    • upload-app-pkg
    • deploy-sppk
  • Create a new file for Bitbucket build configuration with name bitbucket-pipelines.yml
  • Update the bitbucket-pipelines.yml as shown below

  • Commit and the push the changes to Bitbucket repository
  • Go to the pipelines option and enable the pipeline

 

  • A build should start as soon as we enable the pipeline as shown below

 

  • As you can see in the screenshot, the SharePoint Framework WebPart is packaged and deployed in the app catalog site as per the logic written in the build configuration file

 

  • It is possible to isolate the deployment process in a seperate step as explained here.
  • Also schedule your pipelines to run a pipeline at hourly, daily or weekly intervals.

Hope you found this interesting.

Sharing is Caring!

Requirement

I have a CustomConnector that connects to Microsoft Graph REST API to get the groups in an organization. This endpoint URL and query parameters such as orderby, filter, skiptoken, top are currently hardcoded but I would like to make it generic so that I can reuse by passing arguments to the connector from the PowerApps.

Solution

To create a custom connector, you must describe the API you want to connect to so that the connector understands the API’s operations and data structures. The custom connector wizard gives you a lot of options for defining how your connector functions, and how it is exposed in apps.

On the Definition page, The Request area displays information based on the HTTP request for the action. Choose Import from sample and configure sample as shown below:

At the top right of the wizard, choose Update connector. Now that we have configured the connector, test it to make sure it’s working properly.

On the Test page, create connection and return to the Test page:

Now, enter the values for the text fields, then choose Test operation.

The connector calls the API, and you can review the response.

Return to your PowerApps app and configure your expression as show below:

That is all. The Group Collection should have the REST API response data.

Important Note: Some requests return multiple pages of data so do not pass the $skiptoken for the first call. The $skiptoken parameter contains an opaque token that references the next page of results and is returned in the URL provided in the @odata.nextLink property in the response.

The Sentiment Analysis API provided by Microsoft evaluates text input and returns a sentiment score for each document, ranging from 0 (negative) to 1 (positive). This capability is useful for detecting positive and negative sentiment in social media, customer reviews, and discussion forums. In this article I am going to show you how to send the feedback entered in a SharePoint online modern list item to Sentiment Analysis API and updated the response back in SharePoint. Also I am going to show how to beautify the Sentiment score with emojis using column formatting feature.

Create a SharePoint list with the following columns

columns.PNG

At the top of the list, click Flow, and then click Create a flow.

newflow

Select the below flow template from the right-hand panel.

select flow type.PNG

Follow the instructions on the Microsoft Flow site to connect to the list we have created. Credentials will be verified for each service used in the flow. For Office 365 services such as SharePoint and Outlook, connections will be created automatically. The next steps will be performed in the Microsoft Flow designer. The first action displayed, also known as a trigger, will determine how the flow will be started. Additional actions may be added after the first. Each new action will be dependent on the previous action.

add new step.PNG

Next step is to add an initialize variable action to set the value of the current Item Id.

setitemid.PNG

Create a POST request using a HTTP action. Set the HTTP Method, URI, Headers and Body as shown below:

Note: Login to Azure and get the Ocp-Apim-Subscription-Key. Refer this article for steps.

CallSentimentAPI.PNG

Now let us parse the sentiment score from the response we received from the HTTP action and save the value in a variable using initialize variable action as shown below

SetSentimentScore.PNG

Expression : body(‘CallSentimentAPI’)[‘documents’][0][‘score’]

Here CallSentimentAPI is HTTP action name.

Let us update the sentiment score in the list item using a Send an HTTP request to SharePoint action as shown below

update list item.PNG

Save the flow and go back to the list.

Let us create a new item in the SharePoint list to check the sentiment score for our feedback

new item.PNG

If all goes well, we should see the sentiment score in the list column as shown below

data.PNG

We can check the status of every execution in the flow history as shown below

status.PNG

success run.PNG

To beautify the sentiment score with emojis, we can use SharePoint column formatting feature as shown below

column formatting

I have used the following column formatting formula to convert the sentiment score into emojis

formual.PNG

Hope you liked this post. If you have any questions on sharepoint or office 365, please let me know.