cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft Look Book template deployment

Lisa Stebbins
Iron Contributor

‎Jan 11 2021 06:50 AM - edited ‎Jan 11 2021 06:55 AM

‎Jan 11 2021 06:50 AM - edited ‎Jan 11 2021 06:55 AM

Microsoft Look Book template deployment

I don't know if this is the right forum for this but I have just learned that, while the LookBook website indicates that only tenant admins are to be able to create sites using the templates, an E3 licensed user with no admin roles just created his own Comm site without any issue or assistance and I, as the SharePoint and TEAMS administrator had no idea he did so. 

 

Our company has strict rules about who can create along with naming conventions, etc. to follow when creating and he was able to bypass ALL of it. I'm not faulting the user, I am faulting Microsoft's verbiage and/or security. Either the website is erroneous when it says only admins can create/use the templated or there is a security/management breach going on for this. 

 

I am VERY concerned at what this means for our company: it will be Pandora's Box is a blink of an eye.

 

Please, would someone please explain what is going on and how I can stop this from being something anyone in my tenant can do?  QUICK!

Labels:
2,075 Views
0 Likes
1 Reply
Reply
1 Reply
Beau Cameron

‎Jan 12 2021 06:49 AM

‎Jan 12 2021 06:49 AM

Re: Microsoft Look Book template deployment

@Lisa Stebbins Sounds like when you or another tenant admin used the Lookbook previously, you consented the application "on behalf of the organization". What this means is essentially a Tenant Admin has approved this application for use and the permissions required by this application. I have attached the image of the check box you checked.

I do not think you meant to click this checkbox. When you provision using a tenant admin account, you do not need to select this box. As a result, the other users in your environment can now provision through the lookbook because you provided the consent. 

What you will need to do is....

1. Go to the Azure Portal to your Azure Active Directory settings
2. Go to Enterprise Applications
3. Locate SharePointPnP.ProvisioningApp.Tenant
4. Select Properties on the left
5. Delete this application

The next time you or a tenant admin use the Lookbook, do not consent on-behalf of your organization.

 
Preview file
22 KB
0 Likes
Reply