User Profile
thijoubertold
Iron Contributor
Joined 5 years ago
User Widgets
Recent Discussions
Find a document shared with company link with Delve
Hello, a colleague told me recently that I could find with Delve a document having a company / anonymous link (but I don't have access to with SharePoint permissions or within one of my Teams). I cannot reproduce it. Is it possible? In the documentation, I know that it is written: "Delve never changes any permissions on content or other information. Users only discover what they already have permission to see." But, what is the nature of the permissions? Thank you in advanceHow to monitor uploads to whitelisted O365 tenant ? (tenant restrictions)
Hello, We are currently implementing "tenant restrictions" to limit the external Office 365 tenants accessible from a corporate worksations. https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/tenant-restrictions However, we don't know how to monitor the flows towards whitelisted tenants (to avoid unwanted data leakage): - The proxy is not able to differentiate our tenant from other tenants (except for SharePoint with url tenant.sharepoint.com) for Exchange and Teams services - I don't think that Office DLP for Endpoint is able to differentiate our tenant from other tenants - Maybe Risk Insider Management ? (but what are the prerequesites in addition to the E5 licenses?) - Maybe an other option ? Thanks in advanceRe: Restrict users to access list using REST API
Unfortunately, it it not possible within SharePoint Online (not sure for on-prem though). If a user has the right to access / read / modify a list with SharePoint permissions. It will be possible too with REST / CSOM / Graph (if he has the right to use these APIs).Re: Need help with Unattended Search-UnifiedAuditLog
Security Administrator role is not enough to access the Unified Audit Logs. "You have to be assigned the View-Only Audit Logs or Audit Logs role in Exchange Online to search the audit log. By default, these roles are assigned to the Compliance Management and Organization Management role groups on the Permissions page in the Exchange admin center. Global administrators in Office 365 and Microsoft 365 are automatically added as members of the Organization Management role group in Exchange Online. To give a user the ability to search the audit log with the minimum level of privileges, you can create a custom role group in Exchange Online, add the View-Only Audit Logs or Audit Logs role, and then add the user as a member of the new role group. For more information, see Manage role groups in Exchange Online." https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-worldwideRe: Teams Private Channel SharePoint Site User Permission
Hi Sere977 Indeed, Microsoft hid in the UI the possibility to modify the Site permissions linked a Private Channel. However, you could (even if it is not recommended...) modify them through PowerShell, Graph or even Power Platform. An example with PowerShell : $tenant = "yourtenant" $site = "yoursite" $user = "username" $group = "yourgroup" Add-SPOUser -Group $yourgroup -LoginName $username@$tenant.onmicrosoft.com -Site https://$tenant.sharepoint.com/sites/$siteSharePoint Site Policy - notification message
Hello, I am starting to play with Site Policies on SharePoint site (SharePoint Online). One of my objective is to put a site in read only. I encounter the following issue : If I put a site in read only (with or without deletion), I got the following message : "SharePoint sites are read-only right now while we do some maintenance" ... which is not very user-friendly... It seems strange for me. I excepted to have "This site is read-only at the collection administrator's request" (message received by site owner in the site settings page) or to be able customize this message (I did not find anything in the UI, PowerShell Pnp, SPO or through CSOM). What do you think? Thank you in advanceRe: Unable to create a site in sharefpoint
Hello, Is SharePoint site creation disabled? (https://docs.microsoft.com/en-us/sharepoint/manage-site-creation) If so, even with a Global Admin account, you cannot create a SharePoint site from SharePoint site page. However, you could still create SharePoint site from the Sharepoint Admin Center. Note that disabling SharePoint site creation, does not disable Teams site creation (and behind it SharePoint site creation).Re: Configuring Office 365 Federation for external users and native Office 365 auth for internal users
Hello, If it is for B2B, you should have a look at Azure B2B Collaboration : https://docs.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b In short, Azure B2B enable to federate the authentication, to let you to invite external user as guest in your tenants. They will be able to consume your services (e.g., SharePoint Online) with their identity (and so their IdP). All the guests users will have a specific UPN : - If userA@contoso.com is invited - His UPN will be : userA_contoso.com#ext#@yourconompany.onmicrosoft.com In any case, the authentication to Azure AD goes through login.microsoftonlin.com or login.live.com If it is for B2C, you should have a look at B2C https://docs.microsoft.com/en-us/azure/active-directory-b2c/overviewRe: External Users need access to Teams Meetings ONLY
Hi cstevens44 You have to differentiate "guest users" vs "Teams external users": - "Guest users" are users known from Azure AD B2B with whom you can collaborate (e.g. within a Teams) or share content (e.g. within SharePoint) - "External users" are users with whom you communicate through Teams (1:1 or 1:N chat or meeting). They are not registered in your Azure AD The prerequisite for external users is to authorize the federation between your tenant and the tenant of your external users. By default, this setting (Teams Admin Center > Users > External Access) is set to "allow external domains". What is the status in your organization? If you want to enable non authenticated users, you can activate the feature "Anonymous users can join a meeting". Hope this helps!
