Copilot in OneDrive and the AI Actions in SharePoint include image‑specific capabilities such as performing image analysis, extracting text, or interpreting an image from a file. As an example, let’s take a look at how these actions work with an image stored in a SharePoint Library (the process is the same for OneDrive):

For example, if we use ‘Explain image’, this is the result we will get:

And in the case of extracting text (or performing OCR), this would be the result:

El pasado martes 20 de enero tuve el honor de participar en la M365Con, evento dirigido por Marcel Broschk. Durante mi sesión, cubrí Copilot in OneDrive y las AI Actions disponibles para Sitios SharePoint, detallando casos de uso, escenarios prácticos y capacidades disponibles así como limitaciones existentes. También demostré como crear Agentes en OneDrive for Business mostrando el potencial para organizar la gestión de conocimiento y la automatización.

Podéis descargar las slides de mi sesión desde el siguiente enlace: https://github.com/jcgonzalezmartin/jcgonzalez/tree/master/Conference%20Materials/M365%20Con

On Tuesday, January 20th, I had the honor of participating in M365Con, an event expertly led by Marcel Broschk. During my session, I covered Copilot in OneDrive and the AI Actions available for SharePoint sites, detailing key use cases, practical scenarios, currently available capabilities, and existing limitations.

I also demonstrated how to create Agents in OneDrive for Business, showcasing their potential to streamline knowledge management and automation.

You can download the slides from my session here: https://github.com/jcgonzalezmartin/jcgonzalez/tree/master/Conference%20Materials/M365%20Con

Este martes 20 de enero a las 19:00 (hora de Ámsterdam) estaré impartiendo una sesión 100% práctica en el evento virtual M365 Con:

“Copilot en SharePoint y OneDrive: El camino hacia una gestión documental eficiente e inteligente.”

Durante más de 25 años, SharePoint —y posteriormente OneDrive— han ayudado a millones de usuarios a organizar, gestionar y trabajar con documentos. Ambas plataformas han evolucionado constantemente para mejorar la eficiencia y la productividad.

Con la llegada de Microsoft 365 Copilot, entramos en una nueva etapa. Copilot transforma la forma en que interactuamos con la información en Microsoft 365: cómo la encontramos, generamos, gestionamos y cómo convertimos los datos en conocimiento útil.

En esta sesión práctica exploraremos:

• Cómo Copilot en OneDrive incrementa la productividad individual y de equipos
• Cómo Copilot en SharePoint impulsa una gestión documental más inteligente
• Casos reales para optimizar de creación y comprensión de contenido
• El papel fundamental de la IA en las estrategias modernas de gestión de la información

Si quieres conocer cómo la IA y Copilot están redefiniendo la gestión documental, ¡esta sesión es para ti!

Acompáñame en M365 Con y descubramos juntos el futuro de la gestión inteligente de contenidos: https://m365con.net/talks/copilot-in-sharepoint-onedrive-the-path-toward-efficient-and-intelligent-document-management/

Windows Server 2025 Insider Preview Build 26433 Datacenter Edition

In a digital era where agility, security, and resilience define success, enterprises are constantly seeking ways to future-proof their IT infrastructure. Enter the Windows Server Insider Program — a gateway into the future of Windows Server, offering IT professionals and enterprise architects a unique head-start in shaping and testing tomorrow’s server technologies.

What Is the Windows Server Insider Program?

At its core, the Windows Server Insider Program is Microsoft’s early-access platform for organizations and individuals eager to test pre-release versions of Windows Server. It allows IT departments to explore upcoming features, evaluate improvements, and provide feedback well before general availability — all while aligning their roadmap with Microsoft’s evolving ecosystem.

Strategic Benefits for Enterprise Businesses

1. Early Access to Innovation

Being the first to test new builds offers a strategic advantage. Enterprises can evaluate enhancements such as improved virtualization support, deeper integration with Azure services, and security updates, giving them ample lead time to plan deployments and migrations.

2. Security Readiness

With constantly evolving cybersecurity threats, security must be proactive, not reactive. Insider builds often preview cutting-edge security features, like Just-in-Time administration and advanced auditing, enabling security teams to assess and incorporate them into enterprise policies early on.

3. Operational Efficiency through Feedback

Insiders are encouraged to report issues, suggest enhancements, and contribute to the design process. Enterprises that participate become co-creators in shaping Windows Server — turning feedback into business-aligned features that improve workflows and infrastructure performance.

4. Skills Development and Training

IT professionals gain first-hand experience with upcoming technologies, enhancing team expertise and preparing staff for smoother transitions during official releases. This becomes a valuable part of enterprise L&D strategies, minimizing learning curves and avoiding costly deployment surprises.

5. Better Long-Term Planning

Access to Insider builds allows enterprises to assess hardware compatibility, benchmark performance, and refine internal tools or scripts, reducing friction during upgrades or cloud migrations.

Real-World Scenario: Testing Hybrid Flexibility

Imagine an enterprise planning a hybrid infrastructure strategy using Azure Arc and on-prem Windows Server. By experimenting with preview builds, they can test hybrid management policies, refine group configurations, and validate security baselines — all without impacting production environments.

How to Get Started

Enrollment is straightforward. Enterprises can sign up using their Microsoft account and download the latest Insider builds from the Windows Server Insider Preview portal.

Final Thoughts

In enterprise tech, innovation waits for no one. The Windows Server Insider Program offers more than just access — it’s a strategic lever for proactive IT leadership. By embracing this program, organizations gain the insight, influence, and preparedness to lead in the evolving digital landscape.

If your enterprise hasn’t joined yet, now might be the best time to get ahead of the curve — because the future of infrastructure isn’t just about adopting change. It’s about helping build it.

 

In my previous blog post Creating Colored Folders in SharePoint Online and OneDrive, we saw how to create colored folders in SharePoint online document libraries and OneDrive for Business using user interface (UI) from browser. In this blog post, we’ll explore how to create colorful folders in SharePoint Online using CLI for Microsoft 365, a powerful command-line tool that extends SharePoint’s capabilities.

This new feature of coloring SharePoint & OneDrive folders allows users to assign a color label to folders, providing a visual cue for organization and categorization. However, it’s essential to understand how this works internally and what values are used for coloring folders in SharePoint Online and OneDrive for Business.

Thanks to Tetsuya Kawahara and his PnP PowerShell script sample at Create Colored Folder which explains SharePoint uses the column with internal name as _ColorHex to store the color setting information of folders. The _ColorHex field is a hidden field within SharePoint libraries, and it is not visible by default in standard views. This field stores the color as a numeric value corresponding to each color.

SharePoint supports a predefined set of 16 numerical color values that can be used to color folders. The following table shows the numerical values corresponding to each color:

Color	_ColorHex value
Yellow	Empty or 0
Dark red	1
Dark orange	2
Dark green	3
Dark teal	4
Dark blue	5
Dark purple	6
Dark pink	7
Grey	8
Light red	9
Light orange	10
Light green	11
Light teal	12
Light blue	13
Light purple	14
Light pink	15

We will see how to use these _ColorHex column values to create a new folder in SharePoint online document library using CLI for Microsoft 365 below:

Step 1: Install the CLI for Microsoft 365

Before we can start working with the CLI for Microsoft 365, we need to install it. You can install the CLI for Microsoft 365 by using below NPM commands or by following the instructions on the official documentation page:  CLI for Microsoft 365 – Installation.

npm install -g @pnp/cli-microsoft365

You have to use below command if you want to install beta version of CLI for Microsoft 365:

npm install -g @pnp/cli-microsoft365@next

Step 2: Create colored folder using CLI for Microsoft 365

After installation of CLI for Microsoft 365,  you can use below CLI for Microsoft 365 script to create a new colored folder in SharePoint online document library using CLI for Microsoft 365:

# Set Variables
$siteUrl = "https://contoso.sharepoint.com/sites/work"
$relativeUrlOfParentFolder = "/ColoredFolders"
$documentLibraryDisplayName = "Colored Folders"
$folderName = "Confidential"
$folderColor = 1

try {
    # Get Credentials to connect to SharePoint Online site
    $m365Status = m365 status
    if ($m365Status -match "Logged Out") {
        m365 login
    }

    # Create the folder
    $newFolder = m365 spo folder add --webUrl $siteUrl --parentFolderUrl $relativeUrlOfParentFolder --name $folderName | ConvertFrom-Json

    # Get the created folder item
    $newFolderItem = m365 spo listitem get --webUrl $siteUrl --listTitle $documentLibraryDisplayName --uniqueId $newFolder.UniqueId | ConvertFrom-Json

    # Change the value of the _ColorHex column of the created folder to change the color
    m365 spo listitem set --webUrl $siteUrl --listTitle $documentLibraryDisplayName --id $newFolderItem.Id --_ColorHex $folderColor

    Write-Host "Folder created and color changed successfully." -ForegroundColor Green
    Write-Host "Folder URL: $siteUrl/$relativeUrlOfParentFolder/$folderName" -ForegroundColor Green
}
catch {
    Write-Host "An error occurred: $_" -ForegroundColor Red
}
finally {
    # Disconnect from SharePoint site
    m365 logout
}

Once you run above script successfully and navigate to SharePoint document library, you will see that new colored folder is created inside the SharePoint document library as given below: 

Conclusion

Adding color to your folders in SharePoint Online document libraries using CLI for Microsoft 365 is a simple yet effective way to enhance the visual organization and management of your documents. This can improve user experience and help users quickly identify and access the content they need. Experiment with different colors and organizational schemes to find what works best for your team or organization.

Learn more

• SharePoint Online: Apply JSON View formatting using CLI for Microsoft 365
• Set SharePoint site home page using PnP PowerShell and CLI for Microsoft 365
• Enable/Disable SharePoint Online List Comments using CLI for Microsoft 365
• Add/Update image columns in SharePoint lists using CLI for Microsoft 365
• Enable or Disable the Social Bar (Like, Views, Save for later) from SharePoint online sites

As of August 17, 2021, Microsoft 365 apps and services no longer supports Internet Explorer 11 (IE 11). As a result, Microsoft recommends using the OneDrive sync app to sync SharePoint files with your computer, rather than using View in File Explorer feature in IE11. The OneDrive sync client provides Files On-Demand, which helps you to work with all your cloud files in File Explorer without having to download all the files and use storage space on your device.

In some special cases, some customers may still have a need to use View in File Explorer feature to access modern document libraries. So, starting in Microsoft Edge Stable version 93, you can enable the View in File Explorer capability on SharePoint Online for Modern Document Libraries. For this experience to be visible and work for your users, you will need to enable the Microsoft Edge policy “Configure the View in File Explorer feature for SharePoint pages in Microsoft Edge” and update your SharePoint Online tenant configuration.

Configure View in File Explorer with Microsoft Edge

To enable View in File Explorer feature on your SharePoint online tenant, follow steps given at: Configure View in File Explorer with Edge.

After enabling the feature, you can find the View in File Explorer option by navigating to the Document Library > Select the Library View Menu on the right-hand side > Select View In File Explorer.

Release Timeline

• Targeted Release: This feature will start rolling out in early October.
• Standard Release: This feature will begin rolling out in early November and complete by the end of November.

What you need to do to prepare

By default, there will be no impact to your organization and the View in File Explorer menu option will not be visible to admins and end users on the SharePoint Online modern document library interface. Microsoft recommends using the OneDrive sync app to sync SharePoint files with your computer, rather than using View in File Explorer feature.

However, if your organization has a need for the “View in File Explorer” feature in SharePoint Online modern document libraries, admins will be able to opt-in to turn on this feature in their tenant, to work on Edge browsers.

Note

While View in File Explorer feature will be available, it is not recommended to use this feature always. Whether you’re using Google Chrome, Microsoft Edge, or another browser, Sync feature is a faster and more reliable method for putting SharePoint files into folders you can see in File Explorer. To learn more, visit SharePoint file sync.

Learn More

• View and open SharePoint files with File Explorer
• Creating Colorful Folders in SharePoint Online and OneDrive
• SharePoint Online: Display Country Flags using JSON Formatting – multiple selections

In today’s digital age, organizing and managing your files and folders efficiently is crucial. SharePoint Online and OneDrive, both part of the Microsoft 365 suite, offer powerful tools for document management and collaboration. While they provide a variety of features to help you stay organized, adding a touch of color to your folders can make a significant difference in terms of visual clarity and user experience. In this blog post, we’ll explore how to create colorful folders in SharePoint Online and OneDrive, making your document management experience more visually appealing and efficient.

Microsoft is currently rolling out a new feature for SharePoint Online document libraries and  OneDrive for Business which will allow users to colorize their folders with a pre-set range of 16 colors. This colorization is applicable to both new and already existing folders. You can find more details about this feature and release timeline with Microsoft Roadmap ID 124980.

Create a new colored folder in SharePoint Online

Follow below steps to create a new colored folder in SharePoint Online document library:

1. Go to your SharePoint online document library

2. Click on + New button from document library command bar and select Folder

3. Enter name for your new folder, select desired color under Folder color option and click Create to create a new colored folder:

Create a new colored folder in OneDrive for Business

Follow below steps to create a new colored folder in OneDrive for Business:

1. Go to your personal account in OneDrive for Business and select My Files from left navigation pane

2. Click on + Add New button from top left corner and select Folder

3. Enter name for your new folder, select desired color under Folder color option and click Create to create a new colored folder:

Note: Colored folders can only be viewed in My Files in OneDrive for Business with this feature rollout.

Change color of existing folder in SharePoint Online or OneDrive for Business

If you already have existing folders in SharePoint Online or OneDrive for Business and you want to change the color, you can do it directly from the folder context menu or through the rename folder option.

1. Go to your SharePoint online document library or OneDrive for Business

2. Locate the folder for which you want to change the color

3. Select the folder and open folder context menu – click on ellipses (…) if you are using List view OR right/second click on folder if you are using Tiles view

4. Use Rename or Folder color options to update the color of existing folders in SharePoint online document library or OneDrive for Business:

Conclusion

Adding color to your folders in SharePoint Online and OneDrive for Business is a simple yet effective way to enhance your document management experience. It brings visual clarity, simplifies organizing folders, and helps prioritize tasks. Whether you’re using SharePoint for team collaboration or OneDrive for personal file storage, this feature can be a game-changer in keeping your digital workspace neat and efficient. Give it a try and experience the benefits of a visually appealing and well-organized document library!

Learn more

• Create Colored Folders in SharePoint Online using CLI for Microsoft 365
• SharePoint Online: Download document library files using JSON Formatting
• SharePoint Online: Display Country Flags using JSON Formatting
• SharePoint: Highlight selected list item rows using JSON formatting
• SharePoint JSON formatting: Check if date & time column is blank/empty
• Set a page template as default page template in SharePoint Online

Etat des lieux, Entreprises Puissance Cloud, Actions décisives : quelles sont les clés pour enfin tirer la valeur du Cloud ?

The post Les 5 actions pour créer de la valeur grâce au Cloud appeared first on iTPro.fr.

OneDrive for Business is a cloud-based storage solution that allows users to store, share, and collaborate on files from anywhere. However, in some cases, an organization may want to disable OneDrive for Business access for licensed users. In this blog post, we will look at how to disable OneDrive for Business access for licensed users.

Access the SharePoint admin center

To disable OneDrive for Business access for licensed users, you need to access the SharePoint admin center. You can access this center by signing in to your Microsoft 365 admin center and selecting “Admin centers” > “SharePoint.”

Go to the “User profiles” page

Once you are in the SharePoint admin center, go to the “User profiles” page. You can find this page by selecting “More Features” > > “User profiles” from the left-hand navigation menu.

Modify the Manage User Permissions

In the “User profiles” page, you can edit the user profile properties. Select the user profile you want to disable OneDrive for Business access for and click on the “Edit” button and disable the OneDrive access.  But to disable it for all users across tenant you can click on “Manage User Permissions”.

Select the Everyone except external users and uncheck “Create Personal Site (required for personal storage, newsfeed, and followed content)”

Click “Save” to apply the changes.

Verify the changes

To verify that the changes have been applied, go to the “OneDrive for Business” page in the SharePoint admin center. You can find this page by selecting “OneDrive” from the left-hand navigation menu. Select the user you disabled OneDrive for Business access for and verify that their access has been disabled.

Note: If a user already provisioned the OneDrive than above setting will disable the access for that user. You would need to revoke the access for that user.

Enable OneDrive for Business Access for all licensed users

Follow the same steps to enable the OneDrive for business access for licensed users,

And that’s it! You now know how to disable OneDrive for Business access for licensed users. This can be a useful feature for organizations that want to limit access to OneDrive for Business for some time.

The post Disable OneDrive for Business Access for All licensed users appeared first on MS Technology Talk.

En cas de récession, 85 % des responsables financiers craignent des répercussions sur les performances financières de l'entreprise. Décryptage des craintes et des mesures envisagées.

The post L’automatisation, la solution pour affronter la polycrise appeared first on iTPro.fr.

One of the things I often get asked about is how to deal with various limitations in OneDrive and SharePoint Online. For those who don’t know, SharePoint Online is the file storage & sharing solution underpinning the Microsoft 365 universe of applications, including the popular Teams application, while OneDrive for Business provides for personal file storage (i.e., modern replacement for “My Documents”) as well as a client application for keeping all your cloud-based documents synchronized to your local device.

Our SquareOne peer group recently had an informal, ad-hoc meeting about this problem: Where do you turn when OneDrive and SharePoint are (seemingly) unable to meet the needs of the business?

This can happen for a few different reasons. So, before we talk about solutions, let’s examine the most common limitations that organizations can run into when using SharePoint and OneDrive.

Not enough (shared) file storage

Every single user in Microsoft 365 gets a minimum of 1 TB of personal data storage (OneDrive space). This is not usually a bottleneck for most organizations. However, SharePoint Online (where you would put any of your “shared” Company data), is limited to 1 TB + 10 GB per licensed user.

For an Enterprise organization with thousands of users, those seats add up quickly, and you will easily have several terabytes of storage available. For example, 10,000 employees x 10 GB each = ~100 TB. Small business subscriptions unfortunately share the same limitation as Enterprise, so that means a 30-person organization only gets a measly ~1.3 TB of storage total for all shared documents in SharePoint Online.

This is a problem. Particularly if there are very many files, or very large files such as architectural or engineering drawings, or high-density images, or anything like that. That meager storage will be consumed very quickly indeed. Yes, it is possible to buy additional SharePoint storage, but at USD $0.20/ GB/month, it is some of the most expensive storage space in the cloud.

My personal wish here is that Microsoft would just change the storage limitations for “Business” plans so that instead of 10 GB/user, we get something better like 100 GB/ user (at least). Or, better yet, just give us like a “Business Ultimate” plan that includes unlimited email and file storage and charge a premium price like USD $35 or $40/user/month.

Too many files to sync, or other limitations

OneDrive includes a client app that will automatically synchronize your personal files to the local desktop (we have a similar app to make them available on personal mobile devices, as well).  You can optionally choose to sync shared locations in SharePoint Online in addition to your OneDrive files. However, when you attempt to sync too many files, you can cause problems for the sync application, and then your employees fall into the Pit of End User Despair™.

How many files is too many? Well, that’s a complicated question. Microsoft recommends syncing no more than 300,000 files and folders total to your computer. But that is somewhat misleading, because I have seen the client sustain more files than that (especially since the release of the 64-bit client), but I have also seen the client bomb out under even less stress (more like 90-100K files). If memory serves right, this limitation actually comes from a .DAT file stored somewhere in your local app data folder.

As well, larger files such as architectural and engineering drawings will sync (and support for large files has improved in the last year since the release of the 64-bit client), but it still is not the same experience as working with general Office files. For example, co-authoring is not a thing here, and syncing large files is more demanding; upload times can be very slow, especially over budget links such as DSL.

Therefore, certain SMB organizations that regularly use larger file types (e.g., construction, engineering, architecture, attorneys who deal with patents which include engineering drawings, etc.) may still find the sync experience is less than ideal for their requirements, especially if they are used to having SMB shares available on their LAN.

There are a few other limitations on file structure (such as depth of folders/length of file path), and number of files per folder or view (5,000), but these are not run into quite as frequently as the other problems I just now touched on. Plus, they are generally more “correctable” than running up against storage quotas or sync issues, which are less in your power to control. Nevertheless, several other limitations do exist, and you should be aware of them.

What do we do about these limitations?

Historically the way we dealt with these problems was to tell the customer, “Well of course it isn’t working, because you aren’t doing it right!”

We would scold them for needing access to so many objects on every client device, all the time. “Don’t you know that it is impossible to work with that many files in any reasonable timeframe? Imagine trying to contribute to more than 300K files in a month, or even in a year! Nobody actually does that, so why sync all the data to begin with?!”

Or, “Look, you can’t expect every third-party file type to be supported equally: if you work with some larger file types, do not expect co-authoring on them, instead plan to download/upload your changes like you would have for all types of files 10 or 15 years ago.”

While these statements may be true, and difficult to argue with, the simple fact is that back in the olden days when customers just had a primitive NTFS file server with SMB file shares, users could keep whatever they wanted, for however long they wanted, and have access to it any day of the week. They didn’t have to obey the seemingly arbitrary laws of the Microsoft Cloud.

In an ideal world, we could just easily migrate all files and folders, as they exist today, from point A (usually an on-premises file server) to point B (the cloud), and have the experience be pretty much the same for end users. The problem is that file servers and SharePoint sites are apples and oranges. So, it’s not realistic yet to put those expectations out there (those who have, have paid dearly for it).

Yes, it is true that SharePoint does a bunch of cool stuff that your local file server cannot (e.g., metadata, search and indexing, retention labels, sensitivity for sites, etc.), but the reverse is also true: your old file server did some pretty basic things really well, some of which are still impossible for SharePoint and OneDrive.

Alternative #1: Use another popular cloud storage provider

I can’t speak for the Enterprise, but at least in the SMB market, the most popular alternatives to Microsoft’s “built-in” ecosystem for file sharing remain Dropbox, Box, and Citrix Sharefile (roughly in that order). Maybe Google Drive ranks in there as well, however, I know a lot of folks on Google’s platform also supplement with one of these other providers for file sharing, too. My personal favorite of these options is Box, but that’s just based on my own familiarity with it (others may feel strongly about one of these others—and that’s fine).

If you are going to supplement your Microsoft 365 subscription with one of these other solutions, I would recommend ensuring you get a real business plan, not a personal or “basic” plan. Generally speaking, this means you will be spending something like $25/user/month or more for a complete feature set, usually including unlimited storage space and Enterprise-grade security options. At the time of this writing, in the Dropbox world, this means aiming for at least the “Advanced” offering (for Teams). If you choose a Box subscription, this could mean the Business Plus or even Enterprise tier, and for Sharefile, you should be evaluating their Advanced or Premium options.

Why we do not have an “unlimited storage” plan in the Microsoft cloud is beyond me. If it were up to yours truly, Microsoft would have an unlimited offering that can compete with these other big hitters. The option for limitless capacity is probably the number one driver that pushes people into a third-party cloud when it comes to file storage. Note: You should not expect a switch into one of these other ecosystems to be a panacea: to eliminate all downsides, fix or prevent all sync issues, etc. However, when it comes to overall storage capacity, every other provider out there has Microsoft beat.

Anyway, if you decide third-party is the way to go, always set up Single Sign-On with Azure AD so that you can apply the same identity-based protections, such as Conditional Access, that you already enjoy with Microsoft 365. Also you should know that Box and Dropbox have integrations available with Microsoft Defender for Cloud Apps, so that you can monitor activity and create alerts and rules around these applications, just as you do for Microsoft 365, using the Activity log.

Alternative #2: Check out Azure File Sync

If you would rather not leave the Microsoft cloud, and especially if you want to maintain an experience as close as possible to your current Windows-based file server, then Azure Files is another solution worth taking a closer look at. This is basically SMB file shares in the cloud. However, the best implementation of it to replace existing file servers, in my opinion, would be Azure File Sync. This premium solution allows you to seamlessly extend your existing on-premises file server into the cloud, and the users generally cannot even tell the difference.

Basically, your existing file server gets an agent installed on it, which then synchronizes your shares into Azure Files. Client computers continue to connect to the local file servers, but the data can be migrated on the back end into Azure. Eventually the server just serves up cached copies of the most frequently accessed datasets. Better yet, you can choose to take the most infrequently accessed data (think: archives, etc.) and move those to “cooler temperature” storage in the cloud. This is cheap storage, which is slower to access, but less expensive to maintain. Active files can remain on “hot” storage so that access stays quick and reliable. This feature is known as “cloud tiering” and it is one of those things that makes the solution extra attractive. For backup, you simply deploy Azure Backup and configure a backup of Azure file shares on a schedule that works for your organization.

Now, let’s say that you need to replace your existing physical server, either because it is just time for a refresh, or because you had a sudden crash or hardware failure in your datacenter. No problem. In the short term, your end users can connect to Azure via VPN and get access to the cloud-based shares quickly. In the long-term, you would replace your physical server with something cheap and affordable: just install the agent to present the shares locally out to the network, and away you go.

Thus, Azure File Sync turns your local server into something resembling “Branch Cache” (if you were familiar with that Windows Server feature, it’s a very similar idea). It is not unreasonable to assume your current server capacity could be scaled back to maybe 20% of the storage requirements (most data lives in the cloud, with only the most frequently accessed items available on the local disks).

The big benefits to this service are that legacy applications generally still work with it (since it is still just SMB shares), and it tends to be more affordable per-user or “per-gigabyte” especially with cloud tiering enabled. Note also that both domain and workgroup environments are supported with this solution.

Alternative #3: Split the difference

The last option is to forge ahead (mostly) with Microsoft solutions: usually in a “hybrid” configuration where the on-premises server is going to be around for at least one more refresh cycle while your organization figures out the rest of the puzzle on its own.  Note: you can still start to relocate certain Office documents into OneDrive, Teams, and SharePoint as well, but you don’t have to go “all in” either. Take the time to learn how your organization can work around the current limitations in various ways. This makes for an easier end-user transition while still taking advantage of the elasticity and flexibility of the cloud where it makes sense.

For example, we direct people to use the SharePoint web interface and/or the Teams client for most shared repositories, and only sync very few data locations that contain smaller numbers of files (like a specific project folder), or other areas where the users work daily. We generally also recommend enabling the groups expiration policy and retention policies to keep content fresh and current (removing old, dead data regularly).

In a big migration project, we may even recommend migrating only those datasets which are considered “active” working data, versus all the “archival” stuff which may not need to exist in the cloud, at all. This helps cut down on clutter and overall storage demand. Some of these legacy items might end up on a separate network segment somewhere, on a legacy file server, SAN, or NAS device (where they go to die a slow death). Or maybe this is where we find a separate cloud storage account and place it under the care of a specific individual or individuals with access to those particular locations.

I should perhaps mention, there is also an alternative OneDrive/SharePoint sync client out there called Zee Drive, which some people have reportedly found success with (I cannot say much about it other than what others have told me—in other words, this is not an endorsement by any means).

Conclusion

Keep in mind that many organizations fit nicely within the existing limitations and have no problem moving 100% into the Microsoft 365 cloud ecosystem. Especially “Microsoft Office-centric” professional services that work primarily in the Office apps, perhaps with a splash of Adobe on the side, etc.

At the same time, there are many, many companies who run into these barriers due to legacy apps, large file types, larger file sets, etc., and therefore, these folks often wander down a different path. Sometimes, this means going to a third-party cloud, or it means remaining in a hybrid situation, or patching together some other alternative. This is not a new problem, either. Honestly it is a bit surprising that even now, in the year 2022, we are still left wanting in certain areas, and there isn’t always just one satisfying “right” answer. But, that’s where your consulting comes in, isn’t it?

What else have you been deploying for your customers when Microsoft doesn’t quite fit the bill? Let us know in the comments, below!

The post Alternatives to OneDrive and SharePoint (and when to consider them) appeared first on ITProMentor.

When I talk to customers about their Digital Transformation Journey, I always like to give them the “10,000 foot view” so to speak. I suggest that we explore two different angles or “big pictures”  in order to paint an image that customers can then imagine themselves into. The first picture is Security & Compliance, and the second is Productivity & The Modern Workplace. Let’s start by examining the first.

With regard to Security & Compliance, we have to set the stage a bit: why should customers care about this stuff? After all, cybersecurity initiatives typically struggle to get funding and other traction, especially in the small and mid-sized business where resources are more scarce to begin with.

The structure of your pitch

You will often see security vendors at conferences begin their presentations with scary statistics about how many breaches occur each year, and how the cost of an average breach has been steadily increasing year-over-year; I find this type of information to have a very limited effect on people. If something like that is going to be your angle, it is far more effective to relate real-life stories, and the “closer to home” each story hits, the better (yet some orgs will refuse to act until it is their own home which is hit, and they become one of those stories you end up telling to others).

But selling customers on the importance of security & compliance should not be based on scare tactics, anyway. You also have to paint a picture of value. Give them a preview of what it looks like to live in the new world you want to guide them into. Remember that all changes are going to be met with some resistance (this is only natural), yet these changes are ones that must take place sooner or later. Plus, you can highlight new features such as Sensitivity labels, which grant users new superpowers they’ve never had before. In general, it is much more difficult to prod people from behind into the darkness than it is to coax them into the light, leading from the front. In other words, carrots are better than sticks.

The corollary in this message which you must communicate explicitly is that you have already walked this path yourself, and you have no regrets about doing so. You will also take them down this path, and it will go just as smoothly, or even better, since you already know the pitfalls and dangers that lie along the way. As you paint this canvas, also be sure to highlight how the new tools or capabilities would have prevented or mitigated the problems you shared earlier in your anecdotal stories.

In addition to sharing relatable anecdotes and painting the preview or picture I want them to inhabit, I normally make it very clear that this past decade has seen such a radical shift in the cyber landscape, that I can no longer afford to waste my time with customers who will not take this journey seriously. If they cannot even be bothered to implement a basic level of cyber hygiene such as CIS Implementation Group 1, then they are essentially begging to be compromised, and simply I cannot give my precious attention to folks who will not even address the most essential of risks, and therefore any further engagement is off the table. This is also why I suggest beginning your new engagements from Security & Compliance rather than Productivity & The Modern Workplace.

Let me be clear: this might mean you have to fire some existing customers, even long-standing ones. But that’s okay: you are going to replace them with better ones (the ones who will actually listen to you and trust your recommendations). Notice this is different from either a stick or a carrot. It is more like a “filter” or disqualifier.  Holding up this barrier is only fair to them, and enormously helpful for you, plus it sends a very strong message (it projects confidence in your own practice).

So let’s review: you should plan your Security & Compliance pitch using these key components:

1. Relatable anecdotes from the wild (and the closer to home the better)
2. A preview or “picture” of where your customer is heading and the new capabilities you will bring to them
3. An ultimatum / disqualifier

So what does good look like?

Once you have a prospect’s attention, you will need a simple and engaging way to explain your Security & Compliance offering to them. If you are primarily selling solutions built on top of Microsoft 365, as I am, then I suggest leveraging the concepts, marketing and language that Microsoft themselves have already produced. For example you will see them speak and write frequently about “Zero Trust,” and what that phrase means to them.

They have also published some detailed documentation such as the Zero Trust Deployment Plan, which is targeted for Enterprise (read: E5) customers. You can simplify this for SMB a bit further, as I have done here:

There is no need to reinvent the wheel (that’s what Microsoft’s materials are there for). Plus, if a customer decides to “spot check” your pitch, they would find solid validation with a quick Google search.

Aren’t Security and Compliance different things? Why not two offerings?

You can sell separate offerings if you want to, sure. Remember that a “compliant” environment is not necessarily a secure one. On the other hand, the items that are generally called for in a high-regulation, compliance-intensive scenario most often exist because of concerns around data security. For this reason, I always suggest that you approach your engagements from a “Security-First” mindset. When you build a good, secure foundation, you will very often find that compliance is a breeze thereafter, and this is because most compliance requirements will map back to common cybersecurity frameworks such as NIST anyway.

And yes, I am aware that in some cases “compliance requirements” actually contradict the latest cybersecurity guidance. The most common example I see thrown around is password complexity & rotation requirements, which are moot after the implementation of a good Zero Trust baseline including Multi-Factor Authentication and other identity protection systems. Look, I have gotten into with auditors before: I have found that the spirit behind the law is more important than meeting the letter of the law itself. So with regard to this particular example, the point is not to put people through the discomfort of changing passwords every 90 days, the point is to protect them from credential theft and identity compromise. We have better, more sophisticated ways of doing that now which are more comfortable, so why would we go backwards? I have fought this battle and won on more than one occasion (so that we could end password rotations), and I won because I supported my claims with reputable references.

Anyway, my original point is that you can splinter off a cybersecurity essentials baseline offering, and then have “compliance” add-ons for helping organizations meet more specific requirements such as PCI, HIPAA, GDPR, etc. as needed. Some service providers will specialize around a particular vertical, and get to know their requirements really well, and then just focus on those (then a single, flat-rate Security & Compliance offering makes a lot of sense). How you bundle this stuff and sell it to your customers is largely up to you. I would not say there is just one right answer here.

Conclusion

Once your customer has committed to the Security & Compliance journey, then you are off to a very good relationship indeed. From here, you can begin to explore the next big picture, which is improving productivity and modernizing outdated, tired business practices. This will require a new change of frame, so to speak, and another pitch. But this second journey is going to be taking place against a more secure background than what you had before (this actually makes life easier and less stressful for both you and your customer). Without the first journey, you could jeopardize all of your subsequent efforts in the second: the modern workplace transformation should be undergirded by that Security-first foundation.

If you enjoyed this blog post and would like to see more content like it, which goes into greater detail and gives you an opportunity to work with myself and other peers who are implementing these solutions for customers, I would suggest you check out our SquareOne Practice Development Group.

After you get your customers onboarded to your “Security-First” services, the next step is helping them to complete their digital transformation and maximize the value they invested into the modern workplace. But that is a topic for another day.

The post Selling the Digital Transformation Journey: Security & Compliance appeared first on ITProMentor.

Most of my readers will already be familiar with Microsoft Defender for Business (MDB), which is included with Microsoft 365 Business Premium. And a majority of those will be deploying MDB as one part of a broader security solution which includes other services within the Business Premium bundle. But a subset of folks have asked about the “Standalone” version of Microsoft Defender for Business.

Yes, it is true, there is indeed a standalone version (USD $3/user/month), which was announced last month. The use case? Consider a scenario where the customer is using a different productivity platform such as Google Workspace, or they haven’t yet made the transition to other Microsoft 365 services. Using the standalone SKU, you could theoretically onboard devices and start providing protection, ahead of deploying other services, and with far less upfront licensing commitment.

Some of the MDB-related services will function much in the same way as you are used to with the full product, however, you should be aware that certain services would only be available with an Intune license (Microsoft Endpoint Manager). For example, the “Automatic onboarding” option during the first-run wizard experience requires devices to be enrolled with Endpoint Manager already. As well, certain functionality in the Microsoft 365 Lighthouse product may rely on the presence of the Intune licenses in order to work. At the same time, some functionality within Endpoint Manager will still be available, even without the “complete” license set. In fact, just enough of the MEM product is activated to make basic policy deployment possible for the “standalone” scenario. Clear as mud, right?

Show me

Let’s take a look at an example where I have onboarded a new “standalone” device into a tenant where I also happen to have some “fully licensed” Microsoft 365 Business Premium users.

In the first place, I need to actually purchase and assign the standalone license product to the correct users. For this purpose, I created a new user named “Mark Twain” in my tenant, and assigned the MDB standalone product.

Next, we want to check on a couple of settings related to this scenario. Begin by navigating to Settings > Endpoints from the Microsoft 365 Defender Security Center, and click on Enforcement scope.

You will want to turn On the setting called Use MDE to enforce security configuration settings from MEM and select the OS choices below (and yes: Windows Server support is coming soon to the Business product).

Then, check Microsoft Endpoint Manager by navigating to Endpoint Security > Microsoft Defender for Endpoint.

Be sure that the option Allow Microsoft Defender for Endpoint to enforce Endpoint Security Configurations is switched to On, and Save settings if necessary.

With those settings in place, let’s onboard a device named “Workstation10” using the local script method (you could also use GPO or other methods, but just note that you cannot use MEM to onboard the device in this scenario since the requisite license is not available and the device is not enrolled into the service).

Okay, now that the script has been run, we expect the device to show up in our inventory. Let’s take a look. We should be able to see it from the Defender Security Center:

Yep. And as well, from Endpoint Manager:

You will notice in both cases that there is a column called Managed by which will indicate whether the device is being managed by Intune or MDE (which is the Enterprise term for MDB). Those devices which are managed by MDE are the so-called “standalone” devices. You will also notice that not all the data are available for standalone devices, because they are not enrolled with Intune (therefore things like Compliance cannot be evaluated).

Finally, you will notice that we can still take all the same actions against standalone devices, such as Isolate device, Restrict app execution, Run antivirus scan, Collect investigation package, Initiate Live Response Session, etc.

I will also add that in addition to the device inventory and device actions, the Vulnerability management functionality that we have via the Microsoft 365 Defender Security Center is still available and visible for standalone devices.

Assigning policies

Let’s say you want to assign policies to your standalone devices. We can either use the Microsoft 365 Defender Security Center (you will find it under Configuration management > Device configuration), or we can use MEM. Since the purpose of this blog is to highlight the boundaries and limitations of MEM with regard to these standalone devices, let’s examine the option to assign policies from Endpoint Manager.

Start by creating a Dynamic device-based security group. Go to Groups, and create a new group. Name it something descriptive like “MDB Standalone Devices” or similar. Then, use the following expression to capture the devices managed by MDE:

• (device.systemLabels -contains “MDEJoined”) or (device.systemLabels -contains “MDEManaged”)

(Note: I have also observed that using the “All devices” option works as well when making assignments, but it can be useful to have a group that can identify for you which devices are managed by MDE/MDB, and not yet onboarded to MEM.)

Next we can create a policy and assign it to our new security group. The following policy types are supported currently:

• Antivirus
• Firewall
• Firewall rules
• Endpoint Detection & Response

I suspect we will see additional policy types supported in the future (e.g., Attack Surface Reduction), but at the time of this writing, the above is all that is included.

I created a simple Antivirus policy. Again this could also be achieved from the Microsoft 365 Defender Security Center, but I have elected to manage my policies in MEM instead for the purposes of demonstration.

Now, if I try to create and assign a policy that isn’t yet supported, such as Attack Surface Reduction rules, what happens?

As of now, we see that it just remains in a perpetual “Pending” state. I hope to see support for more policies soon, though. Fingers crossed.

Takeaways

So can the standalone product do everything that the MDB product can when bundled with a more complete subscription set such as Business Premium? No.

Certain policies and functionality would require the “full” license bundle including Azure AD Premium and Intune/MEM. For example, if you want to unlock features like the Conditional Access integration, and measure device Compliance, or if you want to view and managing additional device attributes. But it appears that Microsoft is attempting to open “just enough” functionality here to support a sort of “lite” management scenario of the MDE/MDB product via MEM, even if you don’t have an Intune license. (It is always best of course if you can move into the full experience with the complete license bundle).

In my opinion, we should at least get support for Attack Surface Reduction rules added both to the MEM for standalone scenario, as well as receive a new way to deploy these policies from the Defender portal (like we have with Antivirus and Firewall policies today). I do not know if/when this will happen, but my hope is that we will see it yet this year.

And that is basically the whole story in a nutshell, as of right now. Hopefully that cleared up some of the more confusing points. If we get additional functionality in the future, I will be sure to report back.

The post What are the limitations with Microsoft Defender for Business Standalone? appeared first on ITProMentor.

One of my readers wrote to me recently about an article that I penned a couple of years ago, on the topic of Data Loss Prevention in Microsoft 365. They pointed out that my breakdown was a bit dated now, and that the Microsoft universe seems to have become more complicated since then.

I suppose that’s true in some ways. I think some of this confusion was multiplied by the fact that many (if not all) of these products have new names now, such as the recent rebranding of the “compliance-related” features to Microsoft Purview. The other confusion points tend to revolve around licensing: “What is included in my subscription, and what requires an upgrade?”

I wonder if I can help those who are seeking clarity by taking another stab at this from a slightly different perspective.

There are many different risks associated with data leakage and/or loss of data. Each risk has a different set of possible mitigations, and most of the time we can find a solution within Microsoft 365. In fact, sometimes there is more than one technology solution in this suite of tools which could help us to address a particular area of concern. Let us examine a few common risk concerns that businesses may have, and apply the Microsoft 365 features that best help us to address these concerns. I will also highlight the features that require a full E5 subscription, versus the more common Business Premium or E3 that we tend to see in the SMB space.

Concern #1: Loss or theft of a device with access to corporate data

This is the first concern I normally ask small businesses to address. If a device were to fall into the wrong hands, wouldn’t you want to be able to wipe the corporate data from it? There are several solutions to this problem.

The first is App protection policies (a.k.a. MAM policies). This would be the minimum recommended mitigation for most small businesses, and more specifically with regard to personally owned iOS and Android devices. Although these policies are also available for Windows devices, it is more difficult for me to recommend this option (for Windows, this turns on a feature known as Windows Information Protection, which ends up being a difficult user experience for most people).

We will soon have a new App protection policy for the Edge browser on Windows; when combined with a Conditional Access policy, this would allow us to grant access on personal Windows devices via the Edge browser (using a corporate profile), while blocking access from client applications such as Outlook or the OneDrive sync client. Therefore, no company data would persist on the device itself. You can already accomplish a similar outcome using something called Conditional Access App Enforced Restrictions, which enforces ‘limited web access’ where downloads are prohibited on unmanaged devices, and this works on any device platform or browser.

Another option that I generally recommend is requiring devices to be enrolled and compliant with corporate policies in order to gain access to corporate data in the cloud. This is accomplished with a combination of Compliance policies, and Conditional Access policies. I always require this at least for Company-owned devices, but this can be made mandatory for personal devices as well if you prefer. This way, not only do you have remote wipe capability over the device, but you can enforce specific rules and settings as well, including  rules to reduce other risks such as malware, for example, by deploying Microsoft Defender policies like Antivirus, Attack Surface Reduction, and Endpoint Detection & Response (at which point you are addressing risks well beyond data loss).

Controlling access to corporate data on managed and unmanaged devices can be accomplished with Business Premium or E3 subscriptions, but if you happen to have E5, some additional scenarios open up. For example risk-based Conditional Access policies that apply certain restrictions only when risk is detected.

Concern #2: Oversharing of sensitive information stored in the Organization

Some types of information should not be shared externally, or at least not widely outside the walls of the Organization. For example Social Security Numbers, or other Personally Identifiable Information (PII) are often considered sensitive information which should be shared more carefully. The same can be said for financial information like credit cards, bank account numbers, and so on. Sometimes these information types are even regulated by certain laws whether local or state or federal/nation-wide.

To address concerns with handling sensitive information within the Microsoft 365 service, we can write rules using Microsoft Purview Data Loss Prevention that can help us monitor and govern how these data types are to be shared and sent outside the Organization. In most subscriptions (e.g. Business Premium, E3) this includes common services like email and file sharing, meaning we can have rules which are triggered when sending emails or links out of OneDrive or SharePoint. With an E5 subscription we gain rules for additional services such as Teams chat and channel messages, and even on-premises file severs.

Usually the rules we write include such common scenarios as notifying an administrator when something sensitive has been shared, or filing an incident report. As well, we can take actions to automatically encrypt emails containing sensitive info, or we can block certain types of data from being shared at all. Any of these rules can be accompanied by notifications or “policy tips” which display warnings to the end user when sensitive information is being shared in a way which triggers the rule.

Concern #3: Movement of sensitive data from a device to an unapproved app or location

This is sort of a sub-concern of #2 above. Sometimes organizations will want to prevent the movement of certain sensitive data types on an endpoint, for example, to prevent sensitive information from being copied off to a USB storage device, or printed to a network printer, or uploaded to an unapproved cloud service.

For these types of rules, App protection policies can once again come to the rescue. I normally turn these features on for iOS & Android devices, and, as I mentioned before, Windows Information Protection is available as an option too, but I generally shy away from implementation of WIP for various reasons. Within all of these policies, we have the ability to block copy/paste and save to unmanaged apps and storage locations. Sort of like an “Endpoint DLP Lite.”

And that brings us to the “Premium” E5 subscription: here Microsoft offers Endpoint DLP, which brings some more granular DLP controls down to Windows devices only, and these can even be extended to Google’s Chrome browser using the Microsoft Purview Extension (note: all of this is still included under the umbrella of Microsoft Purview DLP, but again you need an E5 subscription to unlock it).

Concern #4: Control of sensitive information once it leaves the Organization

There are cases when sensitive information needs to be sent or shared beyond the boundaries of the organization. And in these cases, we want to ensure the data can still enjoy some protection once it moves beyond our control, to an unmanaged device for example, or to an outside party.

The flagship solution in this space is Sensitivity Labels (part of Microsoft Purview Information Protection). Labels which define Sensitivity can have a lot of different powers attached to them. Sometimes they may do nothing more than mark a file visually with something like a header, footer, or watermark. In other cases, we may want to apply encryption, so that the recipient of the file or email message will need to sign-in before they can read or work with the information. Encryption can also be accompanied with permissions that restrict certain capabilities (for instance we can prevent exporting or printing the data).

Other powers include being able to restrict certain sites or groups (including Teams) with rules like, “Unmanaged devices cannot download, print or sync the contents of this site.” Further, Sensitivity labels can be used as a condition when writing our rules in Microsoft Purview DLP.

Finally, it is possible to automate the application of Sensitivity labels under various circumstances. For instance, we can scan for and label data at rest using auto-labeling policies. Otherwise, we may want to apply or even just “recommend” that a certain label be applied using the auto-labeling settings within the label itself. Or, only apply labels under specific conditions, such as when a file containing sensitive information is downloaded to an unmanaged device from a managed cloud application (including third-party apps like Box or Google); in this case we would need to layer on an additional solutions, for example Microsoft Defender for Cloud Apps.  Most of these auto-labeling capabilities will require the E5 subscription, of course, or another add-on which includes these features such as Microsoft 365 E5 Compliance.

Another “premium” auto-labeling feature (read: E5) includes the ability to use trainable classifiers to recognize information that you want labeled in a certain way. With this solution, you feed examples to Microsoft Purview so that it can “learn” what you consider sensitive data. This gives you some capability to move beyond the common preset information patterns like Passport Numbers, Social Security Numbers, Credit Card numbers, etc. that you get with the standard DLP features.

Concern #5: Insider Risks

Some businesses may have a higher level of concern around insider risks such as:

• Data theft by departing users
• Data leaks by disgruntled users
• Insider trading
• Intellectual property (IP) theft
• And more

Microsoft 365 E5 includes a Microsoft Purview solution called Insider Risk Management with several policy templates that can help you detect and take action on these types of events. This is an example of a more “advanced DLP” solution that also relies on additional components of E5 such as Microsoft Purview eDiscovery (Premium).

Since these are all dependent on more expensive subscriptions, most small businesses will choose to handle these risks in an alternative way. For example: by having a strict written policy, and leveraging the standard Microsoft Purview DLP rules to monitor or alert on the movement of sensitive data.

Conclusion

Here we presented a few examples of common risk concerns around data loss or leakage, and how each of these concerns can be addressed or mitigated using one or more possible technology solutions available within Microsoft 365. When you get into more advanced DLP scenarios, especially involving more automation, or control over third-party cloud apps, or insider risk management scenarios, etc., then we are talking about the more expensive Enterprise E5 subscription. The below table is an updated breakdown of the landscape today:

I think this is a simpler summary, which is perhaps even easier to understand than what I previously published. I can’t say it is completely exhaustive, but it’s a pretty good overview of the most common risk concerns and the associated solutions that we tend to  implement.

The post Making sense of the many DLP options for Microsoft 365 appeared first on ITProMentor.

I regularly advocate for aggressive change in small-sized organizations. In many ways, this is one place where smaller sized businesses have an advantage over mega-corporations. The larger the company, generally the longer it takes for them to adopt (and adapt to) new technology. There are exceptions to every rule of course, but if you ask me, as a small business owner I want to be as nimble as possible, and, due to my size, I can afford to be.

That having been said, the number one cause of friction and distress in our work lives tends to be… you guessed it: change. It causes discomfort when you move someone’s cheese, no doubt. We can all relate to that. So how do you make this uncomfortable experience as easy as possible?

The answer my friends is Clear Communication.

Setting expectations

Setting expectations is everything. The reason people get upset with change usually comes down to something so simple it’s almost absurd. We had one expectation, and then, suddenly, we were greeted with a different experience. To folks like us who work in IT and have grown accustomed to seeing a different set of screens every time we log into our admin centers, I think we can take our flexibility with new technology for granted. But I urge you to have some compassion with your users, because to them change can be a very frustrating experience.

Now some changes may happen outside of your control, so it is not always possible to manage expectations for every new bit or byte your employees are going to come across during their work day. However, one way you can avoid the Pit of End User Despair (TM) is to at least manage your communications in advance of any major change that you are aware of, especially the changes that you yourself are responsible for making.

For example, in Microsoft 365, managing devices or protecting applications makes your life as an IT admin much better, and improves your quality of nightly sleep, but it also comes with end-user impact. If you turn these things on without alerting people to the anticipated outcomes in advance, they are going to become very upset with you. And understandably so.

Therefore, it is imperative that you communicate your machinations in advance. This does a few things:

• It sets the end user’s expectation. If they are “in on it” they are less likely to feel powerless: like these changes are just happening to them without any input or warning.
• It dispels fear and empowers the users by giving them a “preview” of what is going to be expected of them moving forward.
• It builds trust and rapport between you (or your department/company) and the end users.

You need this bank of trust, because when there are issues later down the road (inevitably technology breaks sooner or later), then they will be more likely to forgive and be patient with you if they are already “on your team” so to speak. It seems simple, but it is because of this simplicity that it is so important.

Generally speaking, I recommend making fewer changes at one time. So for example if you implement Multi-factor Authentication (or even passwordless authentication), do not also try to implement device or application management on the same day, or even the same week. Also, do not ask users to adopt an all-new application at the same time as other, security or management-related changes. Give folks some space between disruptions. As well, I suggest that you keep your communications short and to the point. The end user does not need to read a novel about why these changes are taking place. Just keep it straightforward:

• We are making this change for your protection, and ours
• We expect you to take such and such actions by this date
• Moving forward, the new experience will be like this

Literally bullets, and maybe a 1-page branded PDF file with links to further documentation or video instruction.

Free resources

Check out my FREE Customer Communication templates for some more detailed examples that you can use and rebrand as your own. I also include a bit of additional instruction for the persons responsible for communicating the changes to staff.

Obviously the usual disclaimers apply: you will want to verify everything matches up with your experience because stuff in the cloud does not stay static, and of course you will want to apply your own colors and brand to the documents. Cheers!

The post The Importance of Clear Communication appeared first on ITProMentor.

Did you know you can trigger Flows for files directly in OneDrive for Business? Let’s say that you have a contract that you want to send for approval. You need to generate a link to the file or attach it to an email, send it to the people who need to approve it, receive notifications, and merge changes. Or you press a button and let Power Automate do the work for you by using OneDrive for Business “For a selected file” trigger that catches these requests.

Let’s see how to use it.

Where to find it?

To find it, you can search for OneDrive for Business “For a selected file” trigger or select “Standard”.

Select “OneDrive for Business”:

Pick OneDrive for Business “For a selected file” trigger:

Here’s what it looks like:

There are no fields to configure, so let’s look at how to use it.

Usage

First, let’s create a Flow called “Approve Contract” (the name will be important later).

Now that we have a Flow with OneDrive for Business “For a selected file” trigger, let’s go to our OneDrive and see how to trigger the automation:

OneDrive for Business did all the work in the backend, and it’s already displaying the Flow for us to run.

When you run, if it’s the first time, you may need to configure/confirm the connections.

After this, the Flow will trigger on Power Automate.

Outputs

The trigger returns a lot of information in a JSON format, although the conversion from JSON is done automatically for you. Here’s an example:

{
    "headers": {
        ...
    },
    "body": {
        "entity": {
            "filePath": "/TMP/Test File11.xlsx",
            "fileUrl": "https://manueltgomescom-my.sharepoint.com/personal/manuel_manueltgomes_com/_layouts/15/Doc.aspx?sourcedoc=%7B5f82b4aa-827d-4c7d-b607-963b0542e7f7%7D&action=default&uid=%7B5f82b4aa-827d-4c7d-b607-963b0542e7f7%7D&ListItemId=372689&ListId=7B5f82b4aa-827d-4c7d-b607-963b0542e7f7&odsp=1&env=prod",
            "ID": 372689,
            "itemUrl": "https://manueltgomescom-my.sharepoint.com/personal/manuel_manueltgomes_com/_layouts/15/Doc.aspx?sourcedoc=%7B5f82b4aa-827d-4c7d-b607-963b0542e7f7%7D&action=default&uid=%7B5f82b4aa-827d-4c7d-b607-963b0542e7f7%7D&ListItemId=372689&ListId=8e3fcb4a-4b52-4790-a96b-89f9e426aa90&odsp=1&env=prod",
            "fileName": "Test File11.xlsx",
            "FileId": "372689"
        }
    }
}

Notice that we only got the information about the file, not the file itself. Other triggers like OneDrive for Business “When a file is created Trigger”, for example, will return the file information we can use. Still, the OneDrive for Business “For a selected file” will return the file ID. We can then use that ID and the “Get File Content Action” action to get the file to parse.

Limitations

If you build the Flows in the “My Flows” section, only you will see them in OneDrive for Business. This is not a limitation per se, but it’s something that you should be aware of, but there’s no real impact since you’re triggering the Flow in files that are in your OneDrive for Business and not a shared place like SharePoint where multiple people have access to the same file.

Recommendations

Here are some things to keep in mind.

Don’t use this for synchronization

I see many questions regarding the synchronization of files. OneDrive for Business “For a selected file” trigger is an excellent target to catch files that need replication. But I would strongly advise you not to do it. Synchronization of files is an amazingly complex topic in computer science, and we are all super when something doesn’t synchronize properly. If the trigger fails, data will be out of sync, and Power Automate won’t rerun it. If the data is changed on the destination folder, you already have a problem that will only worsen over time.

Name it correctly

The name is super important since we need to provide context for what we will do with the file. Keeping the name “For a selected file” won’t give any helpful context. Always build the name so that other people can understand what you are using without opening the action and checking the details.

Additional contracts to the name

Since you’ll be seeing the flow’s name in OneDrive for Business, and it’s your only clue as to what it will do to the selected item, it’s essential o keep the names as straightforward as possible.

In this example, “Request sign-off” is not clear enough. Request sign-off of what? What will happen? Name it so that, even with only a few characters, people will know what happens when they trigger the automation.

Finally, this is the only exception I see to not using environment clues like “PROD” in the name, for example. Space is limited, so if the name is too long, it may be truncated.

Always add a comment

Adding a comment will also help avoid mistakes. Indicate what you’re expecting, why the Flow should be triggered, and what the data will be used. It’s essential to add comments when limiting the trigger with some custom rulessince these are not prominent in the UI, and people may get confused as to why the Flow doesn’t trigger when it’s simply a rule preventing it from doing so. It’s essential to enable faster debugging when something goes wrong.

Finally, let people know why you’re choosing the parameters you configured. For example, why do you select that folder if you have a folder defined? It may make sense now, but not in a few months.

An automated trigger is better than a scheduled one

Sometimes people are tempted to use scheduled triggers that pool the resources once in a while. This way, they can control when the information is fetched and save many Power Automate “triggers” if their quota is low. However, even if it isn’t, it may be more efficient to do batch tasks than once by one. I understand, and in some cases, I can agree, but it brings a lot of difficulties in the process. For example, you may need to keep track of what changed from the last run until this one so that some things may get lost. Also, you’re forcing something to happen periodically, even if there’s no data.

I always recommend using these “automatic” triggers instead, where they trigger one by one, but only when there’s data, so you’re always sure you get something to do. Also, debugging triggers that parse a single data point instead of multiple simultaneously is much easier. If something fails on one, then you can fix the Flow and repeat the process. But while parsing multiple ones, things can get a lot harder.

Back to the Power Automate Trigger Reference.

Photo by Priscilla Du Preez on Unsplash