O365: How to setup Group Licensing

Summary: Azure Active Directory (AAD) Security Groups may have Licenses applied to them as long as they are “Static” – they cannot be a Dynamic group (one where members are dynamically included via a query).  Static groups are defined as those with a Membership type of Assigned.  This cannot be done in the O365 Admin Portal, the group must be created in AAD.  All members of the group will have the assigned license applied to them. Using AAD Groups can simplify license management for your organization.

Steps

Login and go to the Azure Active Directory portal, in the <Company> Overview section select Groups and Click New group  

Create the group – critical items are highlighted in this example

Notice that I am naming the Group very literally. As you work through these steps you will see that I actually changed the name of my group to be more easily recognized within AAD. I now use “LIC-” as a prefix to all groups created for licensing. This helps with the management of groups as well as providing a simply way to use the license groups you create. Search for “LIC” and you will find all of your license groups to work with.

I am using the following for the Group description: Members of this group will be assigned the “<insert official license name here>” license. This is not only uniform and descriptive, but it also leaves no room for error when any Global or Account manager is adding members to groups.

You must Select Owners before completing the creation of the group, but you can leave Members empty for now.

Click the Create button at the bottom of the page.

Then from the Groups-All groups page select the created group to open the Group blade. Note the group has been renamed to LIC-POLPremium from the rather long name initially used (Project Online Premium License Holders).

Select Licenses from the Manage menu  

In the Licenses blade, select Assign from the top, then expand the Configure required settings item to open the Products blade.

Then select the license for this group (Products).

Products blade

Click Select to return to the Assign License blade, then select Assignment options and select the desired options. 

NOTE that depending on the license, different Enabled Services may be required.  Attempting to save will generate an error if you don’t have correct items selected.  I discovered, for example, that for the Professional license you must select SharePoint in addition to one (or both) of the Project options.

Click OK in the License options blade.

Then click Assign in the Assign license blade. <don’t skip this step or no license will be assigned>

A small popup will appear in the top right displaying “Assigning licenses” and then will change to “Licenses assigned” briefly, then disappear.

If it errors you will see it in that small popup.  The error typically means the Enabled Services do not match the license requirement…at least that is to the best of my knowledge at this time.

Now you will see that the License is Active and has Enabled Services when you go to Groups and pull up the group you assigned the license

Now the AAD Security Group is ready to populate with users.

Click on the Groups-All groups bread crumb at the top and only this new group should display. That is the behavior I found when I wrote this, but things change so you may need to search for your group

Optionally, Search for “LIC” to see all license enabled groups.

Select this desired “LIC” group and then select Members

From the Members blade you can “Add members” 

Spot Check & Verification

If desired you can verify by going to Users in AAD and select one of those that you added as a member to the group, check their Licenses and it should now display the license.  You will see that they have the same licenses assigned “directly” and “inherited” from groups.  This one should display as inherited.

Also note that if you have previously assigned a license directly and then setup a group and and these same people as members you can ‘fix’ this to avoid duplicate licensing. Simply “Remove License” from the user, selecting the “Direct” license. The inherited license will remain and your user won’t even see a blip.

Epilog

Active Directory (AD) Security groups can also have licenses assigned in AAD, thus you could create your license groups in your on-premise AD and still use the license assignment steps described above. This may work best for organizations who are continuing to manage their users within AD and may be more easily integrated into an IDM (Identity Management) system.

Also note that my screen shots and descriptions were done in the Government Community Cloud so your view may be different.

Advertisement

Branding your O365 Tenant

OK, before the real designers and branding experts out there dig in…let me state that this is not ‘true’ branding. I use the term branding simply because I think it is more recognizable for the majority.  I also don’t feel that people looking for the following information will search on something else.

So What is it I am talking about?

Simple settings and steps you can take to apply your corporate colors and logo to your O365 tenant/sites.

First of all, this will be the first of at least 2 posts related to the same topic.  So hang in there.  I am going to start with Tenant Settings and in the next post cover how to “lock-down” your sites so people won’t change the corporate color scheme and logo that you set up for them.

Considering that O365 is all about empowering people, this may seem counter-productive.  However I think most companies out there want consistency in their sites and many don’t want kitten themed sites unless they are a company focused on cats.

So let’s get to it.

Navigate to: Office Admin Center>Settings>Organization profile

Edit the “Manage custom themes for your organization” section

Upload your logo!

Make the logo clickable – this may be very handy, but it isn’t required

Depending on your company policy for branding you may NOT want to select/upload a Background Image

**Key Item** Check the “Prevent users from overriding their theme” check box

Set the Accent Color, Navigation bar, Text and Icon Colors – your site may have different options based on the type of tenant you have and the license levels…but there will be 3 color choices for you to make.  This sets up the theme for you.

Click Save

Note that it may take a while for these changes to filter down to all of your sites.  Typically the admin center gets it immediately.

Now you have the basic settings in place that will apply to all of your O365 sites.  Super simple yes.

New Life, Old stale site

Unlikely anyone is reading this as stale as the site is…but here is a little history and future plans for anyone out there.

Believe it or not I had a lot of posts after 2014 but they went to a new site hosted elsewhere.  Family life/health took over and it was slim postings, especially after sometime in 2017.  That led to the hosting company to delete my site and all content.  That stuff is gone, long gone.  No crying over spilled milk as the old saying goes.

The good news is I plan to breath some new life in this site.

Current plans are to fast forward to my current activities, so you can expect to see posts on topics ranging from SharePoint, O365, Azure, PowerShell, and who knows what else I end up working on.  I may have to change the name of the site – or at least the tag line.  For now I will only commit to posting something more frequently than every 5 years!

If you have been here or checking back from time to time….I thank you with full heart.  Life has given me some big road blocks and many challenges still lie ahead, but it is time for me to at least attempt to peek my head out from under water and re-engage as best I can.  Here goes….

thanks,

tony

#SPSSD SharePoint Saturday San DIego 2014

This is a rough edit version – for the final version please go to my active blog: http://sharepointony.info/blog

The #SPSSD 2014 event is shaping up to be something special, from start to finish and everything in between.

Why is this so special?

Well, let’s look at some of the stats to get the story started.

· We have over 127 different companies represented in attendee registrations.

· We have roughly 300 people registered to attend.

· We have 14 fabulous sponsors who are making the event possible – and Free to attendees!

· We have @ 23 speakers volunteering their time and weekend to present at the event.

· Among those speakers are SharePoint MVP’s, widely recognized authors and trainers as well as coveted expert speakers – all nationally or internationally known.

· Additionally, we have many great speakers who may not be as well-known but are full of experience and are experts in their own right.

· We have 6 tracks and nearly 30 sessions covering topics for Business, End User, IT Pro, Developer, Office 365 and Sponsor Solutions – the day is jam packed with SharePoint gems.

· UCSD Extension is our venue – and it is perfect for a SharePoint Saturday, with fully equipped professional classrooms and facilities that are comfortable, we couldn’t be more lucky.

Now let’s add the pre and post events to the mix. Speakers will be treated to a beach party luau complete with ukulele serenades and hula dancers around a beach bon-fire. Attendees will be treated to lunch during the event and have the opportunity to mingle with the speakers, sponsors and each other at the SharePINT post-event gathering. Saturday wraps up San Diego Beer Week, and so it is fitting for us to host the SharePINT gathering at the La Jolla Brewing Company (LBC).

Due to our sponsors’ willingness to make this an awesome event, and K2 for providing extra funding to help host the SharePINT, we will have the Tasting Room at LBC reserved for our private party. How much better can it get – SharePINT, Beer Week, and a private room at a brewing company? How about a free drink or two! LHC offers a full bar, appetizers and a great dinner menu that should accommodate everyone’s tastes. What a great way to wrap up a full day of SharePoint sessions.

For the “cherry on top”, we also have some great prizes for the raffle….so I encourage you to stay for the day, pick up a prize during the raffle and then join us at the SharePINT. The whole package is what makes this a special event.

A Secure Browser

I recently read this article: https://451research.com/report-short?entityId=79134&referrer=marketing#! and I like the concept.

First of all, I really like the idea of businesses using one browser for internal browsing and another for external (which is a more secure browser). This is just common sense and a simple solution.

Granted it isn’t fool-proof, nor would it be ‘easy’ to get business users to switch browsers for different activity. But I speak from my perspective, as a user who uses 2 different browsers at work every day already. I just like being able to jump to one browser where I am researching or have reference material open and then back to another where I am working on something.

Secondly, I think it makes sense to have a browser that Doesn’t allow any advertising or tracking, that makes the tool good for business use.

Why would your company want to help marketers track your users?

Why would your company want to help advertisers distract your employees?

Why wouldn’t your company want to use a secure browser?

The COST of a business-focused browser may go up from free to some dollar amount. But take that in context – how much cost is there in your business trying to secure your browsers, limit your employees browsing or repairing systems damaged by a virus, worm or ransomware?

Relocation

I have moved my blog to a SharePoint Foundation 2010 hosted site.  Seems to make sense, doesn’t it?

Please update your RSS Feed, Links or other connections to my blog to http://sharepointony.info/blog for continuing updates.

tony

Retention Policy Fails to Delete Records

Retention settings in SharePoint 2010 are pretty straight-forward.  There are Stages, which allow you to define actions taken on the document/item in a sequence.  You create a retention stage by creating an Information Management Policy, select your retention actions and voila you have established a simple retention.  SharePoint 2010 allows for multi-stage retention, the ability to trigger custom workflows, and apply your policy to folders.

The other day I was Declaring Records and setting Retention, specifically setting a deletion date for records based on a Content Type . 

My first stage declared all documents (based on a content type) as a record 1 day after a date from a specific date column of the specified content type. Dandy.  I defined the stage under the “Non-Records” section.  I went on to create a 2nd retention stage which Permanently Deleted the document 2 days after the date in that same column.  I also was careful to select the “Use the same retention policy as non-records” option in the Records section.  Now all I had to do was upload some documents, apply the appropriate metadata and sit back & wait.

[Note that the # of days used was specifically to allow me to test the retention behavior.  Once I verified the behavior in various scenarios I planned to update the policy to actual time periods that were appropriate for this content type.  I recommend you always test your Information Management Policies and Retention stages, especially for company Records!]

Several days later I discovered that although documents were now “Records”, none had been deleted.   I checked for errors, checked both the Information Management Policy and Expiration Policy Timer Jobs, but found nothing to indicate a problem.   After searching online and finding nothing that would expose the problem, I decided to change my policy.  I deleted the 2nd stage under Non-Records and created a new single stage under Records.  The stage contained the same retention information as the original…with the exception that I set deletion to 1 day after the date rather than 2 days.  I wanted to speed things up. 

I really wanted to speed things up so I went to the Timer Job Definition for the Expiration Policy and selected Run Now to force the timer job to run rather than waiting another day.  The documents that had been declared records previously, with the appropriate date that would indicate deletion, WERE deleted by the policy.  I honestly don’t know if this is “expected” behavior or not, but it was what I experienced on two different SharePoint 2010 farms.

It appears to me that if you are using a Retention Policy to Declare a Record, and you want to take some other action later such as Move to Recycle Bin or Permanently Delete you must place that stage in the Records section.  Don’t trust the radio button that declares “Use the same retention policy as non-records” without testing the stages you created. 

Moving OneNote between SharePoint environments

If you who have discovered the benefits of using OneNote shared notebooks AND have sync’d the notebook in a SharePoint library…this post is for you.

We started using OneNote 2010 with our MOSS 2007 farm, and because of the kind of shop we are – we setup a new SharePoint 2010 environment to run beside our MOSS farm.  Fast forward to January 2012 and our SP2010 environment is our ‘production’ intranet now.  Our MOSS environment is still chugging along and we are going to keep her for a while, but how we use that farm has changed significantly over time.

Now that our SP2010 farm is heavily used, we don’t like that we still have a shared OneNote notebook lingering out there in the old MOSS environment.   We do have other OneNote notebooks out there, but they are old, smelly notebooks that we don’t really use.  We keep them because they are now an archive of specific notes.

There is one notebook however that is still alive with activity, so we just want it ‘where we are’.  We have a better home for that notebook.  One that we visit daily and where we have other related content.  So it was an easy decision to move the notebook from the MOSS library to the shiny SharePoint 2010 library where it belongs.

OK enough of the back-story.  Down to the nitty gritty…

To move your OneNote 2010 notebook

1. Open the SP2007 library in Explorer
2. Open the SP2010 library in Explorer View
3. Guess the next step….yep drag the OneNote folder from one to the other
   • yes, you can copy and paste -or- cut and paste if you prefer that to being a bully by using ‘drag’ method

Whew! That was tough.  WAIT, there is more!

Notify the people sharing that notebook of the new location, they will have to ‘change location’ to sync to the notebook.  Here are the arduous steps:

1. Right-click the NoteBook
2. Select Properties
3. Click the Change Location button
4. Click the address bar and type or paste in the URL to the new document library
5. Click the Select button

I chose to send folks these steps as part of the message that the notebook was now in it’s new home.

We now return you to your regularly scheduled SharePoint blog browsing.   Happy Notes.

2011 in review

The WordPress.com stats helper monkeys prepared a 2011 annual report for this blog.

Here’s an excerpt:

The concert hall at the Syndey Opera House holds 2,700 people. This blog was viewed about 25,000 times in 2011. If it were a concert at Sydney Opera House, it would take about 9 sold-out performances for that many people to see it.

Click here to see the complete report.

A few words about the Daily paper

The _______ Daily is out!

Like anything else in this world there are pros and cons to the Twitter driven paper.li produced “Daily”.  Many people have them; they are easy and some say fun to create.  Many others hate them because of the daily tweet reminding you that the new edition is out.  Although there are options for Weekly versions, not many choose that option.

While there are good arguments around these “papers”, both for and against publishing them, I find them useful and am willing to ignore the dozens of tweets announcing them daily.  Live and let live.  Some people want them, like them, and use them.  Why does that have to hurt YOU.  If you are using twitter you are getting gazillions of tweets passing through your stream.  A few dozen more is minor in the scheme of things.  Now let’s get on to the meat of this post.  I believe that there are some nice features to the paper.li product that are overlooked as benefits.  What is that you say, benefits?

Have you ever scanned a tweet, rushing by in the stream, noted something of interest but just didn’t have time to go off and read the linked article?  You can’t ‘favorite’ every interesting tweet you see.  Later, you think of that tweet, dang who tweeted that?  Was that yesterday or the day before?  Scrolling through your stream looking for something like that is painful.  If you haven’t tried that, go ahead and try it – I will wait.  What do you search in twitter?  Will a hash-tag really help?

OK, now a few hours have gone by and you are back here waiting for me to get to the point.  The feature I speak of is the little ‘Archives‘ icon way up at the top of the paper.   This gem allows you to pick a date in time and see the paper generated on that day.  This is a much easier way to find that missing tweet.  You can browse through the paper to find the article that you wanted to read.  Clicking this icon pops a little calendar that allows you to pick the date.  Didn’t find what you were looking for, just click Archives again and try a different date.

So not only can you use the Daily Paper as a way to review tweets gone by, but you can go back in time to find the things you wanted to see.  Some days I don’t go into twitter at all, I just review my daily paper The sharepoinTony Daily.

Another good feature to use, often in conjunction with the Archives is the ability to “See all articles”:

Selecting this link will provide you with a list of all the articles.  This list is in a more efficient format for scanning through tweets captured by that edition of the paper.  The link is located on the far right side of the horizontal navigation at the top of the paper.  Also notice the two little icons under the “See all articles” link.  If you are looking for a tweet that had a link to a photo or video, these icons are your friends.  Choosing them will provide you with those tweets grouped on their own page.

Talking about that horizontal navigation…

 

 

Those topics are not always perfectly categorizing tweets, however they do group tweets and selecting a topic will give you a full page of tweets that were placed into the category.  Sometimes clicking through those categories is a great way to see something you missed in the stream or elsewhere in your tweet search.

Browse the tweets of the day, the paper is a relaxing alternative to the tweet stream.  For me it is a way to keep up with some of the tweets for those times when I can’t stay engaged on twitter live.