Office 365 User Permissions Gotcha!

Congratulations! You convinced your client to sign up for Office 365. They subscribed to licenses for various apps like SharePoint Online and SQL Azure. The wireframes look good. You've created the SharePoint site structure. Wonderful! You're off to a great start. But… get ready for a big "gotcha!"

You decide to make use of the Content Type Syndication Hub. Wise move. You go into the SharePoint online site, activate the Hub and click on the link to the Hub… bzzzzzzzzzzzz! Access Denied.

Uh oh.

You've run into a little known gotcha in Microsoft Office 365.

According to the small-print regarding Permissions in Office 365, "The person who signs up for Office 365 for his or her organization automatically becomes the 'top-level administrator.'" Notice, though, this says nothing about the fact that it's also the only person/account who can access certain features of the Office 365 products.

At the time of this writing, the Content Type Hub and the Search Center are the only two features known to be provisioned with a default administrator (I've only encountered this in SharePoint Online so far). The Search Center is provisioned automatically when the root site collection is set up (the first time Office 365 is logged into by the person who created the account). The Content Type Hub is provisioned when the feature is activated in the Site Collection Features.

Microsoft's logic is that, like an on-premises server hosted at your facility, roles need to be delegated such that no single person (except the domain admin) has access to every role and resource. This is essential for many reasons, security being the biggest.

But unfortunately, this becomes illogical when you move to the cloud. Now, instead of increasing security, you're actually committing an IT sin by creating a single point of failure. When you're hosting your own server, you probably have access to the domain admin account (or at least to someone who does). But if you're in the cloud, you probably don't. And even if you do, you don't have access to the administrative console on Office 365.

Needless to say, as a SharePoint consultant, having to ask your client for permission to do things on the "very-first-ever" account is less than ideal. What if you lose access to that person at a critical juncture? (In my case, they went to the Carribean for two weeks, yay!)

When we discovered this problem, the client was small and the need for the Content Type Hub was not particularly urgent. No harm, no foul. If your client's business depends on a web site that hosts thousands of transactions per day, you can see where that could make for some trouble all the way around.

Microsoft, unfortunately, says they will not reassign this account under any circumstances without explicit orders from the portal creator. But what if the Portal account is deleted by mistake? What if the account creator quits the business, leaves the country, or gets hit by a bus?

Just ask this guy what happens. Not pretty.

According to Microsoft, best practice is to delegate this control to other admins. Agreed!

But, your client may not be that savvy - or that motivated. Or your client may be a control freak. Maybe, like many of our clients, they only became your client *after* they created their O365 free trial account and got in over their head. I can list a million reasons this creates risk, but mostly, it's the reasons I can't think of that usually kill me.

So how to handle this issue? The best way would be to change this policy system-wide.

It's Microsoft, so don't hold your breath.

Another way is to ask the client to share their credentials with you after they've created the portal. This is also risky, and, like I said, some clients are reluctant to give up so much control.

A third way is to ask your client to let you create the portal for them. This is fairly low-risk and should work in many cases, but there's always those situations where you got involved at a point where it's too late - or control issues, yet again.

The last reasonable solution is to ask the client to create a dummy Windows Live account (such as 365Admin), which they can use to create the portal and which they'll be comfortable sharing with you or any other vendor. We recommend doing this from the beginning; it is slightly more painful, but possible, to rename the "primary" account after the fact (and create a new account for the CEO).

Got any more ideas to improve these best practices or know of any other features in SharePoint Online or other Office 365 components that would have this issue? Post them in the comments and I'll stick them into a follow-up post. Hope this helps some of you avoid this weird gotcha. Getcha next time!

SharePoint Saturday Podcast

Hi everybody! After a nice week or so to unwind, I hope that we're all rested up after the big SharePoint Saturday Baltimore event. Okay, so what was I supposed to do in this blogpost again? Oh, yeah! Please allow me to present some silliness that our own Dustin J. Sparks (Twitter @SparkDustJoe) and Justin Mallette recorded Monday after the event. This is "Walkin' 'n' Sharin'", a podcast homage to Kevin Pollak's chat-show: Talkin' Walkin', in which Dusty spends over 30 minutes talking about SharePoint Saturday as Christopher Walken. Just don't ask me what the hell they were smoking!!'



Alara and I had a wonderful time chatting with all the folks at the speakers' dinner at Meli bistro - that was a really cool venue! Thank you Enrique, Eric, Shadeed, and all the volunteers for setting us up in some really cool digs. As always you hosted an amazing event.

So, I have to say that my favorite part of the event was getting up in front of everyone at 8:30am and giving a live demo. No, really, I'm not joking! Acutally I'd kinda been up all night preparing things. Plus we rolled into the hotel at the last possible moment, so it was literrally like Eric gives me the keys to the wifi and I have just enough time to connect to my servers and prime my demo during the opening ceremonies. I went last of course, so by the time it was my turn to present, I was completely supercharged on raw adrenaline and caffeine. I was practically bouncing up and down in my chair. It was pretty epic, actually. Could you all tell how excited I was? Well, I hope at least I woke you up a little.

Speaking of, I'd like to take a moment to give props to our partners over at DocPoint Solutions, who were brave and came up to speak, although they didn't do a demo. And a big hand to all the folks at Portal Solutions who had a very professional and polished video presentation which I though looked *great*. It would not have been any fun if you guys hadn't participated. Apparently the dropout rate was 40%, so if it hadn't been for you guys I would have been very lonely up there. Put those Orioles tickets to good use!

But, I had the only live demo - and it worked. ;-) My demo curse is officially broken; I just need to always keep my demos under 5 minutes and I'll be fine, lol.

We had a great time sponsoring this event, though we were all dissappointed to miss SharePint this time around. (We'll join you at the next one.) All our folks found good presentations to get into on Saturday. We had an awesome time manning the booth and giving out coffee and cake. What a refreshing change that was compared to capabilities statements and logo inscribed bottle openers! We really loved hearing all your SharePoint stories, too.

By the way, congratulations to Mark Rackley (a.k.a. The SharePoint Hillbilly) on your new job. We all really enjoyed your last session at the Baltimore SPUG on jQuery in SharePoint and we hope you'll come back and visit us again soon.

You can read more [boring] stuff about the event in our press release: Liquid Mercury Solutions Sponsors SharePoint Saturday Baltimore 2012.

SharePoint, Office 365, and The Little Guy

Friends, Small Businesses, Little Guys... Lend me your ears! We little guys need to stick together!  For years, SharePoint has been one of Microsoft's greatest successes.  SharePoint's close connection to Microsoft Office and amazing feature set has resulted in extensive adoption amongst the upper echelon of the business world. But that's the problem!

SharePoint, historically, has ALMOST SOLELY been the prerogative of large corporations like Ferrari, Proctor and Gamble, Kraft, and Dell Financial Services. It's just far too cost prohibitive for the little guy. 

What About SharePoint Foundation Server?
No matter how much you need to get organized, a small company can’t justify spending hundreds of thousands of dollars to build a SharePoint farm.  Sure, there's the "free version" -- SharePoint Foundation Server -- but let's face it, that only gives you the foundation. You can't live on a concrete foundation; you have to build a house on it.

SharePoint Foundation Server is great, but it lacks critical features like InfoPath Services or an effective Search tool.  Public facing websites are not recommended in Foundation because the absence of a *Publishing Infrastructure opens you up to too many security risks.  Additionally, there’s no real governance, making your sites essentially wikis.  It's frustrating for the end-user, as well as for a SharePoint Consultancy like ours.  

I don't blame Microsoft for the limitations of Foundation.  After all, it's free.

Nevertheless, when we have potential customers call to ask us why they can’t do this or that in Foundation, our answer has always been, "There's just nothing we can do unless you upgrade."  This answer has lost us opportunities.  Another one bites the dust. Freddie Mercury might be able to make that sound cool, but that's because he wasn't running a SharePoint Consultancy.

Microsoft Throws Us a (Yucky) Bone
To their credit, in 2008 Microsoft attempted to throw a bone to the little guy and hit us with Business Productivity Online Services (BPOS), may it rest in many fractured pieces.  That said, if you have any familiarity with BPOS, you'll understand why I step quietly over that dark time in Microsoft's history.

Given that, when Microsoft later released their newest cloud solution, Office 365, we were reticent. 

One of the biggest virtues a company can have is to admit when they're wrong!  Microsoft did it when they did away with Vista, and again when they did away with BPOS and brought in Office 365.  So we decided to see if they had truly atoned for "The BPOS Transgression."

Microsoft Gets It Right!
Guess what? We were wrong! Microsoft really came through for the little guy with this one.  In addition to Office Professional Plus, you get your Exchange hosted, Lync Online, Office Web Apps, Dynamics CRM, SharePoint that actually works, and Software Assurance to boot.  All this with a guaranteed uptime of 99.9%!  I’ve never heard of an on-premise farm that can make that boast -- but urban legend suggests that they do exist. 

Portal-wide Search is solid; a *Publishing Infrastructure is provided, making a public facing website suddenly both affordable AND secure; InfoPath Services are available; and you're completely capable of setting up Governance.  There are lots of BI capabilities, though admittedly there’s no support for Power Pivot or Performance Point.  

These are usually tools of the Upper Echelon, but rumor has it that Performance Point may be supported in the next version of Office 365.  As one of the little guys who need these tools, we're hoping to see this released by the end of the year.

Even Small Construction Companies Can Now Use SharePoint
And just like that, we're seeing tons of small businesses with big-dog solutions in the Microsoft Cloud.  For a ridiculously low monthly cost and some initial setup, small businesses are getting the kind of ROI that was previously available only to the higher end of Corporate America.

Amazingly, one of our first Office 365 projects was for a small Construction Company!  What the heck is going on?  I thought SharePoint was only for industry lions and tigers and bears -- but oh my, a small construction company? 

In the past, you mainly saw SharePoint in government, healthcare, education, finance, and at larger NPOs.  Now, we're seeing all sorts of new clients in a variety of start-ups and smaller businesses.   Office 365 is for everybody! Well, for anybody who needs to manage documents, stay connected within their company, and use Microsoft Office.  It doesn't matter if you're a construction company, a legal professional, a waste management company, a local doctor's office, or a family restaurant -- Office 365 will work for you.

But Not JUST For the Little Guy
Interestingly, though this post is about the little guy, it doesn't actually stop there. 

Even companies with larger revenue are taking advantage of SharePoint in the Cloud as an affordable means of using SharePoint for their public facing websites.  The benefits are manifold but the most desirable seem to be the speed and ease of updating site content; the high level of interactivity both internally and with customers; and the ability to use your public site as an extranet where you can provide ease of access to your customers, building stronger relationships.

This is exciting stuff.  I recognize that this post has turned into a bit of a testimonial for Microsoft, and hopefully they'll send me something free if they read it.  But what I'm really trying to get at is that us little dogs don't have to shy away from an Enterprise Class solution anymore.  Here at Liquid Mercury Solutions, we're eating our own dog food, using it in-house. 

Feel free to give us a call and we'll be glad to show you a demo of the things that Office 365 can do for you.  You can reach us here at Liquid Mercury Solutions by phone at 410-633-5959. 

If you're reading this after business hours and can't wait to see a more customized presentation, you can always check out a click-through demo at:

(removed due to dead link. Fix that soon! Sorry!)


*Because the Publishing Framework provided in SharePoint is specific to each portal, Microsoft cannot feasibly support the framework.  It is very stable, and can easily be supported at low cost by a competent SharePoint Consultant.

8 Must-Ask Questions When Implementing SharePoint Drop-off Libraries

A great new feature in SharePoint 2010 is the drop-off library, which provides a central place to upload documents that are programmatically redirected to a different location based on rules you can define.

For example, if you’ll be holding different types of documents that are all associated with a contract, you can simply add them to the drop-off library, which will automatically place the documents in the library of the correct contract based on the metadata.

In order to correctly implement this feature, there are eight key questions we ask as part of our process. These are key – it’s all too easy to forget to answer these up front, resulting in a poor execution.


1. What content will be routed?

This is an obvious question we need to get out of the way, but there are several other questions that follow that are not quite as obvious, but are required to successfully create the drop-off list.

Sample answer: Contract related documents


2. Why is it being routed?

This question can help with defining the content type associated with the documents. A good descriptive name will help when setting up the rules that will trigger the library’s action, as well as later on as the site is maintained.

Sample answer: To keep documents associated with a contract in a common location.


3. What metadata fields are needed to differentiate the content?

A good, descriptive name for metadata fields should be something simple like “Contract_Number.” But, do not lose site of SharePoint’s other powerful features like filtering and searching. Ensuring that document type, sales person, and date are associated with the document can help index the content so you can filter the correct data you need after the document has been routed.

Sample answer:  Title, Contract Number, Type of document


4. How will the end-user provide this data?

How the data will be gathered from the end-user is something our clients must consider. Will the list of possible contract numbers grow over time? Or is this a set list that the end-user can choose from a drop down? Something that can rally end-users to support the site is a balance between being able to easily associate documents with metadata and the flexibility to adapt to unique scenarios. A drop-down list can be an easy way to define what type of document the end-user is uploading, but a text box might be required for a more unique answer like the title of the document.

Sample answer:  Type of documents listed in a drop down list. Contract numbers listed in a drop down list. Text field for title.


5. Is there any other metadata needed to associate with the content?

Again, do not lose site of SharePoint’s other powerful features that are facilitated with metadata. Searching and filtering views in the target location for the documents is something to keep in mind during the planning phase of creating the drop-off library. 

Sample answer: Any additional metadata.


6. Which metadata fields are required? Optional?

It’s tempting to demand that the end-user provide every piece of metadata to ensure documents are easily searchable, but in practice this can be difficult or impossible. The end-user might simply enter any answer “just-to-get-through” the meeting. For this reason it is important that you clearly understand why a field is required, and only require metadata that truly is needed.

Sample answer:  Contract_Number (required)


7. What is the target location for the documents?

If the library to which the content will be routed is outside of the current sub-site or even site collection, SharePoint makes it possible to route the documents to those destinations through Central Administration.

Sample answer:  Contract libraries


8. Should the routed content be moved, copied, or moved with a link placed in the drop-off library?

While setting up the connection we can define what specific send-to action the rule should take. The options are “move”, “copy”, and “move and leave a link.”

Sample answer:  Move



With these critical eight questions answered, you have all of the key information you need to create rules that will trigger the drop-off list to route content to the library based on metadata gathered from the end-user.