Azure Active Directory App Only Authentication with PnP PowerShell

Why do we need app only authentication? Well, if you want to execute some code without the permissions of a user or without an authentication token of a user, your only option is App Only authentication. In simple terms, if you want to execute a task by a daemon, App Only authentication is your best option.

This post is the 1st post of a series of blog posts, in building a solution which executes some PowerShell code in an Azure Function to manipulate some data which resides in SharePoint Online.

This blog post focuses on creating an Azure Active Directory App and granting permissions to the App to communicate with SharePoint Online.

In your Office 365 Admin Center, select Azure Active Directory. On the left side menu, select Azure Active Directory. Select App Registration and click on "+ New application registration". Provide a meaningful name for the "Name", select Application type as "Web app/API" and a Sign-on URL. The Sign-on URL can be any URL and I will discuss in a future post where it will be used. Also, this can be changed later.

Once the App is created, Azure will provide an Unique Application ID for the App. 

Next, select Settings, Required permissions and Add.

Then you can select the APIs you need to access to. Let's select Office 365 SharePoint Online.

You need to configure the following permissions.

• Have full control of all site collections (Application permissions)

The required permission level depends on your requirements of the final solution. I'm planning to create new sites within site collections, so I've granted the above permissions. Remember, it's an "Application Permission". Application permissions granted to the applications when running as App Only.

Next, click the Grant Permission button on the required permissions tab. This will provide non-tenant admin users access to the application.
Now we need to create a self signed certificate (or a commercial certificate) and update the Azure AD Application manifest.

Use the below PowerShell script to create a self signed certificate. Make sure you have installed OfficeDev PnP PowerShell.

1 2 3 4 5 6 7 8 9

$certroot = 'C:\Site Creator' $certname = "IntelAi-Cert-1" $password = ConvertTo-SecureString "P@$$w0rd" -AsPlainText -Force $startdate = Get-Date $enddate = $startdate.AddYears(4) makecert.exe -r -pe -n "CN=$certname" -b ($startdate.ToString("MM/dd/yyyy")) -e ($enddate.ToString("MM/dd/yyyy")) -ss my -len 2048 $cert = Get-ChildItem Cert:\CurrentUser\My | ? {$_.Subject -eq "CN=$certname"} Export-Certificate -Type CERT -FilePath "$certroot\$certname.cer" -Cert $cert -Force Export-PfxCertificate -FilePath "$certroot\$certname.pfx" -Cert $cert -Password $password -Force

Now execute the below script. It will copy a string to your clipboard.

Get-PnPAzureADManifestKeyCredentials -CertPath 'C:\Site Creator\IntelAi-Cert-1.cer' | clip

The copied string would look similar to the below. We need to add this string in to the manifest file of the Azure AD Application. (I've trimmed the value property)

"keyCredentials": [
 {
  "customKeyIdentifier": "5lca+kziogw7T6MB4kUrxseK5m8=",
  "keyId": "84153f1a-90b7-4802-b99a-bb75d4f9a35b",
  "type": "AsymmetricX509Cert",
  "usage": "Verify",
  "value": "MIIDAjCCAe6gAwIBAgIQkawCJU0cWYxH8RamKNuqqTAJBgUrDgMCHQUAMBkx
 }
],

Select you application within App registrations under Azure Active Directory. Replace the "keyCredentials":[], section, as shown below.

Now we can test whether the application has enough permission to connect to the SharePoint Online site. For the ClientID, you need to provide the Application ID of the application you have created.

1 2 3 4

$password = ConvertTo-SecureString "P@$$w0rd" -AsPlainText -Force Connect-PnPOnline -Url https://intelai.sharepoint.com/ -ClientId 0c01f61e-ba27-4ae7-ab19-174884a949fc -CertificatePath 'C:\Site Creator\IntelAi-Cert-1.pfx' -CertificatePassword $password -Tenant intelai.onmicrosoft.com $myWeb = Get-PnPWeb $myWeb.Title

Sri Lanka SharePoint Forum - Feb 2018

I'm happy to invite you all for the "SharePoint Sri Lanka" User Group monthly gathering happening on Wednesday the 14th of February.

As usual there will be two technical sessions; "Office 365 CLI: Managing Office 365 tenant and SharePoint Online" hosted by our new MVP, Suhail Jamaldeen and "Site Design and Site Script" hosted by me.

happy days!! :)

SharePoint Online Site Design

If you were thinking of creating templates in Office 365 for SharePoint online, it has staring to become available in Office 365 which is still in preview.
Is this SharePoint PnP Site Provisioning?
No. This is an alternate way of creating templates and creating new instances of sites.

What is site design?
It provides you with reusable lists, pages, layouts, themes and custom actions. In another way it’s a predefined template to create new instances of their sites. The template is collection of actions specified in a JSON script. In execution of the script, each item is actioned.
Once the JSON Script is designed, it must be registered in SharePoint. Then the template is will be available to the users to create new instances.

Prerequisites
Make sure you have installed SharePoint Online Management Shell and you know how to connect to SharePoint Online using PowerShell.

JSON schema
As I mentioned earlier, site design is a set of actions where each action is specified by a verb value. Some actions do have sub actions based on the complexity. Refer to the JSON schema reference. Shown below is the base structure of the JSON script.

 {  
   "$schema": "schema.json",  
     "actions": [  
       ...  
       <your actions goes here>  
       ...  
     ],  
     "bindata": { },  
     "version": 1  
 };  

I will create one List called "Customer Tracking List". List template reference and Field type reference will be helpful to select the base types. You can see the main action "createSPList" and the sub actions "SetDescription" and "addSPField".

 $site_script = @'  
 {  
  "$schema": "schema.json",  
    "actions": [  
      {  
        "verb": "createSPList",  
        "listName": "Customer Tracking",  
        "templateType": 100,  
        "subactions": [  
          {  
            "verb": "SetDescription",  
            "description": "List of Customers and Orders"  
          },  
          {  
            "verb": "addSPField",  
            "fieldType": "Text",  
            "displayName": "Customer Name",  
            "isRequired": false,  
            "addToDefaultView": true  
          },  
          {  
            "verb": "addSPField",  
            "fieldType": "Number",  
            "displayName": "Requisition Total",  
            "addToDefaultView": true,  
            "isRequired": true  
          },  
          {  
            "verb": "addSPField",  
            "fieldType": "User",  
            "displayName": "Contact",  
            "addToDefaultView": true,  
            "isRequired": true  
          },  
          {  
            "verb": "addSPField",  
            "fieldType": "Note",  
            "displayName": "Meeting Notes",  
            "isRequired": false  
          }  
        ]  
      }  
    ],  
      "bindata": { },  
  "version": 1  
 }  
 '@  

Currently site design has a few more actions; add and remove fields and content types, set custom field formatting using JSON, add navigation links, apply a theme a site logo, joining a Hub Site and triggering a Flow. Still Site design is in preview, lets hope there will be more actions added in the future.

PowerShell
Once the JSON script is ready, we need to add the script and create a new site design which is a two step process.

Add Script

 C:\> Add-SPOSiteScript -Title "Create Project Site" -Content $site_script -Description "Creates lists for managing projects"  

Create Site design

 Add-SPOSiteDesign -Title "Contoso Project Management" -WebTemplate "64" -SiteScripts "4a2ef0f9-a1dd-48a1-8703-e73300418eb6" -Description "Peoject management template"  

You need to provide the ID returned from the Add-SPOSiteScript to the Add-SPOSiteDesign cmdlet.

Log in to your SharePoint Online tenant and go to the home page of your SharePoint site. Click "Create Site" and you will be able to see the newly added template.

Once the site is created, it will execute the script call the actions to proceed with the customization.

refer to the link for more info and updates.

Office 365 CLI

Office 365 Management with command line was limited to Windows users. With the recent announcement of Office 365 CLI you are now able to mange different settings of SharePoint and Office 365 using Linux, macOS including Windows. Office 365 CLI is a cross-platform command line interface which can be used to mange some of the Office 365 settings.

Its built in Node.js and is distributed as a npm package. Use the below command to install it using npm.

 npm install --global @pnp/office365-cli  

Next, start by typing "office365" which will change the command prompt.

 office365  

You can start start managing your Office 365 tenant by connecting using the "spo connect" followed by your tenant admin URL.

 spo connect https://quicksilver-admin.sharepoint.com  

As soon as you type the above command you will be give a URL followed by a code to be entered in the browser.

As soon as you add the code, you will be asked to accept the necessary permissions to your tenant through Azure Active Directory, as shown below.

Type "Help" command to get the full list of commands. Testing it, I believe it has a long way to go. But as community driven project, this will evolve so fast. Oh! btw.. use "exit" to exit the console. :)

Column formatting in SharePoint Online

Recently Microsoft introduced a new way of Column formatting in SharePoint Lists and Libraries. Simply you create a JSON object that describes how the elements should be rendered with the styles when a field is included in a list view. The users with create and manage views permission in a list can change how the fields will be displayed. Formatting columns will not have any effect on the underlying data.

I have created a simple List, shown below. Let's start how column formatting will work on it.

So, how exactly the JSON file is structured? Well, best place to start is, SharePoint/sp-dev-column-formatting repository by customizing the existing sample.

 You can simply paste your JSON code into the text box in the Format column section.

 {  
  "$schema": "http://columnformatting.sharepointpnp.com/columnFormattingSchema.json",  
  "debugMode": true,  
  "elmType": "div",  
  "txtContent": "@currentField",  
  "attributes": {  
   "class": "sp-field-dataBars"  
  },  
  "style": {  
   "width": {  
    "operator": "?",  
    "operands": [  
     {  
      "operator": ">",  
      "operands": [  
       "@currentField",  
       "20"  
      ]  
     },  
     "100%",  
     {  
      "operator": "+",  
      "operands": [  
       {  
        "operator": "toString()",  
        "operands": [  
         {  
          "operator": "*",  
          "operands": [  
           "@currentField",  
           5  
          ]  
         }  
        ]  
       },  
       "%"  
      ]  
     }  
    ]  
   }  
  }  
 }  

I've used the above JSON block to format the "Effort" column in my Project estimate list. Also I have applied custom formatting to "Assign to" column to display the users profile pic and "Status" column to show the status of each task.

Would love to see someone releasing a tool to simply generate the JSON. :)

Experience the Microsoft Forms Preview

Microsoft recently released the Microsoft Forms for the tenants that are in "First Release". Product is still in Preview. Navigate to Microsoft Forms site http://forms.microsoft.com in your browser. You can use http://forms.office.com as well. 

If you have no clue what Microsoft Forms is;
"With Microsoft Forms, you can create surveys, quizzes, and polls, and easily see results as they come in. When you create a quiz or form, you can invite others to respond to it using any web browser, even on mobile devices. As results are submitted, you can use built-in analytics to evaluate responses. Form data, such as quiz results, can be easily exported to Excel for additional analysis or grading."

Microsoft strongly says "Microsoft Forms is not a replacement for Microsoft InfoPath" :) 

Lets give it a try...

If you have not signed in already, sign in to your Office 365 account.

Clicking on New Form will allow you to create a Form of your choice. Enter a name and an optional meaningful description. The start adding your questions.

You get to select the type of the answer and based on it the template for your question will be arranged.
 

I've selected "Choice" and shown below is how the question will be arranged. I added the possible answers and I have the option of adding the choice "Other" as well.

Based on the text you type, it will suggest the type of answers. Well, of course it's for Choices ;)

This is how it looks when you select a Date type

You are allowed to select long answers as well. Where it will adjust the size of the text area.

Once you are done creating your form, you can preview how it looks in a computer and in a mobile device. Yes, it's mobile compatible :)

And you are allowed to change the theme as well.

Sharing is made easy with a click of a button.

What I like the most is, how how you can see the feedback. Clicking on the "Responses" you can see the analytics page.

And my wish is "Let Forms replace InfoPath in the near future, with all the rich features" :)

OneDrive with files On-demand

This is the #1 features OneDrive users were waiting for. I was so thrilled to see Jeff Tepers announcement on the release of OneDrive on-demand feature.

Day by day people create and collaborate with more and more files, including photos, work related and personal files. As the number grows the same with the capacity as well. But how often do you need all these files at the reach of your finger tips, I mean in your local machine.

The On-demand feature in One-Drive will cater this requirement beautifully by allowing you to access all your files in the cloud without having to download them and use storage space on your device.

You can see a new file status column representing each file, which will show you the existence of the file. Whether the file is in the cloud or in your local machine. You have the option of always keeping the file in your device.

As you can see in the above images, it will show you all the files as they are in your local machine, but it will not consume any storage unless you download the files locally. Online files will automatically download and become locally available when you need them. Simply double-click a file in File Explorer or open it from within an app.

If you are a Windows 10 user, update to Fall Creators Update to enjoy the cool feature.