It's now a while since I am working in the information technology sector... almost 20 years to be more specific. During these years, I experienced many paradigm changes. With these paradigm changes, I also saw how organizations tried to align existing systems and processes with new technology. But unfortunately, I often observed how many organizations just were not able to apply new technology solutions because they just had no overview of how their existing processes and systems were correlated to each other.
When I had the possibility to ask (yes, some of these organizations were my employers... please don't rub it in 😅) why there was no Enterprise Architecture in place, my question either received a clumsy answer or (even "better") was simply ignored.

In this article, I would like to briefly explain what Enterprise Architecture is and why every organization should nicely make use of it.

Definition of Enterprise Architecture

Let's see what descriptions for Enterprise Architecture we get from some known sources:

According to Gartner

Ok, after reading this, I don't think everyone understands what Enterprise Architecture is and what actions it includes. The language is abstract and confusing. Who talks that way? “Enterprise architecture (EA) is a discipline for proactively and holistically leading enterprise responses to disruptive forces by identifying and analyzing the execution of change toward desired business vision and outcomes.” Really?

According to TechTarget

Ok, TechTarget seems closer to common language, but in my opinion still too vague.

Enterprise Architecture (EA) is actually derived from business strategy and focuses on “current and future (business) objectives” or “desired business vision and outcomes”.
While I have no idea why definitions don’t speak directly about strategy, I can live with the interpretation of EA around business performance. Clear enough, I guess, but why are there so many EA project failures?

Why technological abstractions often fail

To write down an Enterprise Architecture (EA), you need more than just a week of time and enough coffee. An Enterprise Architecture consists of various different topics harmonized with each other. As long as you're a tech guy and you don't have to interface tech-, business- and executive guys, then it's all fine. But as soon as technology-, business- and e.g. accounting people need to align their processes and systems... that's where it's getting challenging.

Different and Complex EA Frameworks

To cope with this challenge, a variety of Frameworks from different groups are available. Lots and lots of frameworks all with strange names, like TOGAF, Zachman and FEAF. Some of them are so brutally complicated that just eyeballing them makes one nauseous. I have never met anyone who has fully implemented any of the frameworks. Sure, some have implemented parts here and there, but none have consistently institutionalized the use of TOGAF, Zachman or FEAF. They’re just too damn hard to live with for any period, let alone as a continuous best practice.

Governance - Who wants to be responsible?

And what about governance? An Enterprise Architecture must be owned from the top-down, not from the bottom-up. Enterprise Architects (or Business Technology Strategists) should hang with the executive team and not with the tech guys, at least not initially. Their first job is to convert; their second job is to bridge and translate. If we were RACI charting this, Enterprise Architects are responsible and executives are accountable.
Initially, technologists are consulted. If there’s any variation to this governance, Enterprise Architects will fail. Why? Because technology “mischief” is everywhere. Tech guys always believe they know best – and sometimes they do when their architectures align perfectly with the Enterprise Architects– but often they do not. The disconnect between technology and business is greater than the disconnect between business and technology.

What EA should not be

EA should not be an abstraction with weird, esoteric terms. We do this all the time: SCRUM, ITIL, Cookies, Spam, Malware, Netiquette, Microblogging, SEO, API, Caching, Virtual, Firewalls, Routers, Bluetooth, API, SaaS (PaaS & IaaS), NLP and Waterfall. EA should not be another abstraction that needs translation. Nor should EA be a remote exercise — or outsourced to vendors who know very little about the company. It should not be mysterious or discrete, and should not be disconnected from current and projected business models and processes which together comprise the overall business strategy.

What EA should be?

The first step is demystification. All of the abstract terms – even the word “architecture” – should be modified or replaced with words and phrases that everyone – especially non-technology executives – can understand. Enterprise planning or Enterprise Business- Technology Strategy might be better, or even just Business-Technology Strategy (BTS). Why? Because “Enterprise Architecture” is nothing more than an alignment exercise, alignment between what the business wants to do and how the technologists will enable it now and several years out. It’s continuous because business requirements constantly change. At the end of the day, EA is both a converter and a bridge: a converter of strategy and a bridge to technology. The middle ground is the Business-Technology Strategy.

How to do Enterprise Architecture?

EA (in some cases also "Business Technology Strategy") isn’t strategy’s first cousin, it’s the offspring. EA only makes sense when it’s derived from a coherent business strategy.
For technology companies, that is, companies that sell technology-based products and services – the role of EA is easier to define. Who doesn’t want to help technology (AKA “engineering”) – the ones who build the products and services – build the right applications with the right data on the right infrastructure?

The official EA steps include the development of four “architectures”:

• Business Architecture

• Application System Architecture

• Data Architecture

• Technology Architecture

Let's dig deeper into individual architectures...

Business Architecture

Business Architecture defines business strategy and organization, key business processes, and governance and standards. In other words, it's a description of how the company makes money. A description of the processes, products and services that make money. A description of how the company makes money today and how it expects to make money in the next 3-5 years. A description of the competitive marketplace where the company makes money (There are tools to help do this).

Application System Architecture

Application System Architecture provides a blueprint for deploying individual systems, including the interactions among application systems as well as their relationships to essential business processes. It is basically describing the software applications that enable the processes, products and services that make money. The software applications that will enable the company to make money in the next 3-5 years.

Data Architecture

Data Architecture documents the structure of logical and physical data assets and any related data management resources. So it's about describing the kinds of data the company needs to fuel the software applications that enable the processes, products and services that make money. The data will enable the company to make money in the next 3-5 years.

Technology Architecture

Technology Architecture describes the hardware, software, and network infrastructure necessary to support the deployment of mission-critical applications. So in other words... The technology infrastructure and technology delivery that uses the data the company needs to fuel the software applications that enable and optimize the processes, products and services that make money. The infrastructure that will enable the company to make money today and in the next 3-5 years.

Is Enterprise Architecture worth it?

Investing in a proper Enterprise Architecture is absolutely worth it if it's reduced to concrete business value. The goal of alignment has been with us for decades. It’s still here. It will always be here. BTS is just and all about alignment. Over the years EA methods, tools and frameworks were developed and foisted upon companies, strategists and technologists who barely understood them. It’s now time to strip EA down to its most basic properties –* the alignment of business strategy with operational and strategic technology*. We can continue to complicate all this, or just admit we’re seeking business-technology alignment through the development of a dynamic business-technology strategy.

My 2cts...

I personally had the pleasure to start creating an Enterprise Architecture for an Energy Company in Switzerland. We used Enterprise Architect from SparxSystems to draw what we could from our internal Business Processes, Systems and Goals. It was pretty cool to have a Map that shows all dependencies between Systems, Processes and Stakeholders. We used the Zachman- and TOGAF Frameworks to design our Enterprise Architecture and started in tiny bits which we could assemble into a bigger picture at any time. It was not complicated at all. The secret was simply in taking just the things out from the Zachman and TOGAF Frameworks we really needed and ensuring we could interface them together. So yes, it was not only useful and fun to put all the required information and connections together, but it enabled us also to constantly be aware of the impact management decisions had on our area of responsibility.

A brief overview

The command bar is located at the top-left. Right there we have our "new", "edit" and "grid", "share" and all of these different buttons. In addition to all these buttons that we have in the command bar you'll see on the right side of the command bar three dots that we can click and this gives us some additional hidden commands from your view that we can use.

So there are a few things that we can do with List Formatting in SharePoint. Let me summarize it really quick; The SharePoint List I use in this article is actually one created using a microsoft list template. You'll notice that we have some color coding going on here (Approved?) So on this column for example we have some color coding based of the Travel Request is approved or not. This is all done using sharepoint list formatting. SharePoint List Formatting gives us a way to override the look and feel of a particular column or an entire view or even list-forms... and now we can even override the look of the command bar :-).

About List Formattings

Formatting in Lists can be appleid either on a single column or on the entire list. Microsoft also offers some out-of-the-box formattings for columns and lists but they often don't suffice. But luckily there is also the possibility to edit List Formattings with JSON by using the "advance mode".

To get to "advanced mode" in List Formattings, do the following:

1. click on "All items" in the top-right
2. click on "Format current view"
3. click on "Advanced mode"

How to modify MS-List toolbar

To modify the MS-List toolbar, we can use the property CommandBarProps.

The modifications I am going to explain here are the following:

1. Hide the "Edit in Grid View" Button
2. Move the "Export" Button to the Overflow-Area
3. Modify the text on the Button "New"

Hide the "edit in grid view" Button

To hide the "Edit in Grid View" Button, we need to add the right key to the CommandBarPropsProperty and set the hide-flag to true.

This would look like this:

"commandBarProps":{
    "commands": [
      {
        "key":"editInGridView",
      "hide": true
      }
    ]
  }

Thanks to intellisense you can easily find the right spelling and get an understanding about other keys and options.

Move the "Export"-Button to the Overflow-Area

To move the "Export"-Button to the so called Overflow-Area we can use the key export as follows:

   "commandBarProps":{
    "commands": [
      {
        "key": "export",
        "sectionType":"Overflow",
        "position":0
      }
    ]
  }

NOTE: The Overflow-Area is that part of the menu which will appear after clicking on the three horizontal dots on the right of the toolbar.

For the option "position", I choosed the value 0 which will bring the "Export"-Button to at the top of the Overflow-Area (1st position). Than higher the number, then lower the position

Modify the text on the button "New"

The button "New" at the top-left is used to add entries to the MS-List. If you have a list to e.g. register Travel-Requests or place orders, it might be pretty neat to have something more specific that "New" as a label for that button. In my example, I use an MS-List to keep track of Travel Requests. Therefore I want to change the text for the Button "New" to "Add new Request. This can be accomplished as follows:

   "commandBarProps":{
    "commands": [
      {
        "key": "new",
        "text":"Add new Request",
      }
    ]
  }

Conclusion

I like MS-Lists very much and with the List Formatting capabilities (now also for the toolbar) I see it as a helpful tool to enable organisations to realise simple automation and approval use-cases without having to create a PowerApp (and without having to face the licensing costs for a PowerApp).

I am currently working on a customer request for a solution, which should automate the order-process for VM-Machines within their organisation. The initial solution was originally...

1. Develop a PowerApp
2. Do the automation and approval steps with LogicApps
3. Use BICEP scripts to deploy the ordered VMs

After some discussions, we realized that we could save the PowerApp licensing costs and use MS-Lists with a SharePoint Site instead to create a cost-efficient and reliable solution. The main reason for having PowerApps in the solution was to create a proper UI for the users which will finally order VMs over that solution. So in the end it was MS-Lists, LogicApps and BICEP. And thanks to List Formattings we could provide a custom tailored solution by using MS-List to handle the Order-Process and the approvals.

This is once more an example for the simplicity and the power of MS-Lists. :-)

Links and Resources

• Command Bar Properties Documentation
• Command Bar List Formatting Samples

If you are using SharePoint Online, you surely noticed in your SharePoint Online Admin-Center a Site-Collection under the URL https://[yourtenantname].sharepoint.com. That is the root-site. This root-site can be replaced either with a PowerShell command or a button in the Admin-Center.

Last week, a customer contacted me asking urgently for help. He told me (pretty exhausted) since some hours nobody of their M365-Users or guests was able to access any SharePoint Online Document Library (yep... MS-Teams was also affected) or OneDrive folder. The problem comes in a bad timing since they were changing their Intranet (which meant, they had to replace the root-site... and they did it with the button.

What happens if you delete your SharePoint Online root-site

Actually, you should not be able to delete your SharePoint Online root site. In most cases, this is prohibited via the user interface. However, the customer who called me explained to me they used the "Change home site" button in the SharePoint Online Admin-Center and after that things became bad...

My guess: The root-site has been replaced by the admin more than once within minutes. Maybe he choose the wrong site and immediately re-initiated the process. This resulted in the script behind the button to not work properly.

⚠ If you don't have a root site, you are basically @#$% – all your other SharePoint sites, including everyone’s OneDrive, will stop working until you recover the site from the Recycle Bin or provision a new one (and that was what we had to do to solve the problem... just simply using PowerShell instead of the UI-button in SharePoint Admin-Center.)

How to fix it

In order to fix that, you need to use the following PowerShell Command:

Invoke-SPOSiteSwap

What does this command do?

The SharePoint site collection at the Microsoft 365 tenant root typically occupies the preferred location for a company Intranet. Until some years ago the only way to apply some modern SharePoint functionality was to create a new SharePoint page and make it the Home Page for the site.

Invoke-SPOSiteSwap is a SharePoint Online PowerShell cmdlet that can be used to swap out your old classic SharePoint root site in your Microsoft 365 tenant and replace it with a shiny new Modern Communication Site (preferable), Modern Team Site or Classic team Site.

How to use it

First of all ensure you have the latest SharePoint Online Management Shell installed (Link)

Run PowerShell (as an administrator) and login to SharePoint Online with the following command:

Connect-SPOService -Url https://[yourdomain]-admin.sharepoint.com

once you are connected, run the following command (in one line):

Invoke-SPOSiteSwap -SourceURL https://[yourdomain].sharepoint.com/sites/home -TargetURL https://yourdomain.sharepoint.com -ArchiveUrl https://yourdomain.sharepoint.com/sites/archivedhome

SourceURL — This is the new site that you want to swap with your old tenant classic root. If TargetURL is the tenant root then SourceURL must be an existing Modern Communication site, Modern Team Site or Classic Team Site.

TargetURL — This is your existing Classic root site in the Office 365 tenant (or existing Search Centre, not covered here)

ArchiveURL — location to archive existing root content.

How long does it take?

Typically less than 5 minutes ! No content is actually being moved around so the size of your existing tenant root is not relevant here. Having said that the content is re-crawled after the move to rebuild the search index. That could take some time.

What you should be aware of

• Source & target sites cannot be associated with an Office 365 Group or Hub site. If a Hub site association exists then remove this first and re-create after the swap process.

• Featured Links will be lost in the process (displayed on SharePoint Home) so take note of these and re-create as required after the swap completes.

• Note that currently the Classic Site Collection page will still list the tenant root site even though it’s now using a Communication site template.

• You may get a 404 error in the browser if you try to access the root site during swap. Give it a few minutes.

Hope this helps. In my case, the customer was pretty relieved ;-).

1. Consider the cost
2. Shift your perspective
3. Be diplomatic but truthful
4. Preserve the relationship
5. Offer an alternative
6. Learn from it

Think about it — a colleague asks if you can support in a project and you know you're already packed with enough work. But without even pausing to think, the first words out of your mouth are, “Sure. I’d love to!” Flash forward, and you’re looking at emails piling up in your inbox and a flurry of appointments on your calendar. It suddenly hits you that you’re spread too thin. You realize you have to say no after having commited, but you’re hesitant to back out of the obligation after you’ve already given your word.

Saying no is never easy, but it’s particularly challenging after you’ve already said yes to a commitment. You may worry that backing out will burn bridges, cause you to be perceived as flaky or unreliable, or lead to you being labeled a poor team player. These fears are heightened for “sensitive strivers” — highly sensitive high-achievers — who tend to overthink situations and have a hard time setting boundaries.

If you can relate, then the thought of retracting your agreement and facing the brunt of another person’s disappointment or anger at you may be too much to bear. This reaction makes sense, since studies show that the brain makes no distinction between possible social rejection and physical pain. Instead, you grit your teeth and follow through with the commitment — sometimes at the expense of your own wellbeing, which backfires. Not only does it result in excess stress for you, but others may be able to sense that you’re distracted, overwhelmed, or resentful.

Whether you have overbooked yourself, realized you have a conflict, or otherwise can’t or don’t want to participate in a project, it’s essential to uncommit gracefully. Doing so will keep your reputation intact and your relationships strong. Here’s how to go about saying no after you’ve already said yes with tact and professionalism.

Consider the costs

Before you deliver the news, make sure that backing out is in fact the right decision. Consider the opportunity cost. For example, let’s say you’ve said yes to a new initiative from your boss, but now you’re having second thoughts about participating. Evaluate how crucial the project is to key business priorities. If the initiative would give you exposure to other parts of the company or allow you to build social capital or new skills, then it may be worth the sacrifice. However, if the costs outweigh the benefits (such as the impact on your personal life or your current projects), then it’s better to withdraw.

Shift your perspective

If you’re paranoid that saying no after you’ve already said yes will make you appear irresponsible, embrace the fact that it would be selfish and inappropriate to follow through on the task knowing you couldn’t complete it. You may feel like you’re being generous and helpful by agreeing, but if you can’t follow through on your promises, it’s not a recipe for high performance, personal happiness, or strong relationships. Plus, consider the positive traits you display when you back out gracefully. You exemplify strong prioritization, time management, and transparent communication — all qualities of powerful leadership.

Be diplomatic but truthful

When it comes time to deliver your message, be assertive and clear without overexplaining. In other words, aim to be direct, thoughtful, and above all else, honest. For example, if you were pulling out of your friend’s committee, here’s what you might say: “When I said I could join the committee last month, I fully believed I had enough bandwidth to do a great job. After taking a closer look at my calendar, I realized I’ve overextended myself and there are several professional commitments I can’t move. This means I won’t be able to participate as chair.”

Providing a short explanation or justification as to your reasoning can help your withdrawal be better received. For instance, you could explain, “I know we talked about me joining as committee chair, but when I agreed I didn’t expect a big project would be assigned to me at work. Because of that, I need to decline.” In the case of backing out of the initiative with your boss, you could share, “I’ve had the chance to review my priorities and this new project would stop me from contributing to my core job responsibilities at the highest level. That wouldn’t be the right — or best — decision for myself or the team, so I have to respectfully change my yes to a no.”

Preserve the relationship

It’s appropriate to apologize and take responsibility for any mistake, misunderstanding, or simply overextending yourself. After all, the other person was counting on you and may have been making plans around your participation. In the case of withdrawing from the committee, you could say, “I’m sorry for any inconvenience this causes. It means a lot that you thought of me for this opportunity and I’m rooting for it to be a success. I can’t wait to hear how everything goes.” Expressing gratitude and ending on a positive tone shows care and compassion.

Offer an alternative

Propose a different timeline or to reschedule to a new date if you genuinely want to help. Take a raincheck and leave the door open to say yes in the future by saying, “After revisiting my schedule, I need to change my decision and decline this invitation right now. But please keep me in mind for the future. Would you reach out again in a few months?”

You can also avoid leaving the person in a lurch by suggesting an alternative. Perhaps you offer to introduce the person to a coworker who can help or a contractor they could hire. Maybe you redirect the person to a resource that can help them such as a community, podcast, or training material that can meet their needs or solve their problem.

Learn from it

Backing out of commitments isn’t fun or comfortable, but it can provide a valuable lesson and an impetus to overcome people-pleasing tendencies that may be standing in your way of being more successful. Use this as a learning opportunity to build greater discernment around what you do — or don’t — agree to in the future. Going forward, try to say yes only to opportunities that excite you, and ones you have room for. No matter how thoughtful you are, you may need to occasionally go back on a promise you’ve made or change your mind. Don’t make it a habit but do approach the situation with sensitivity and consideration to get the best possible outcome.

About automation in general

First of all, let’s talk about automation in general. To me, automation is a low-hanging fruit with high-value. High-value in terms of providing ROI within the digital workspace. This is something we can easily do nowadays, and there are so many things which can be automated. The concept of automation is far from novel. We’ve been using digital tools to automate things for a very long time. We can argue since the late 1940 with the big mainframes… but realistically over the last 10-20 years as automation tools have become much more prevalent. The fascinating thing is that as we’re digitalizing more of these processes indefinitely. Over the last 18 months we’ve been forced to digitalize more processes than ever! It’s more of a reality now that we can take more of these processes and actually automate them. The improvement and the enhancements in the low-code/no-code development continue to accelerate and this means, that everyone will soon or later make use of automation. And If you have an existing basic M365 license, you likely already have access to Power Automate flows for free. If you want to work with Azure data or a third-party service outside of Microsoft, you’ll need to invest in an Azure Subscription to use Azure LogicApps. Now let’s talk about the two solutions.

PowerAutomate

I think you should be using PowerAutomate when you want to create something for you. It’s really good at that. Where you want to stay on top of the things that are important for you or for your department. So some popular ones I’ve seen are where people are creating flows for themselves where they want to highlight an email from their boss, or anytime an attachment comes into my email, I want it automatically saved my One Drive for security reasons or for longevity reasons, things like that. Or when emails come in, I want them automatically posted into Teams. Or if an email comes up from my boss, automatically add that to my planner or to my to-do list so that I can know I need to deal with that kind of thing. These are great. Another example is Microsoft Forms, where when you add a form when the submit a result comes into Microsoft Forms, the data is just stored in Forms. But actually I want it in a SharePoint list so I can work with it. Great reason to be using Power Automate. SharePoint lists data, etc., all kinds of things that you could maybe stay on top of. Social media – so anytime that something is mentioned or the hashtag in Twitter, I want to be notified internally so that I can deal with it, or maybe I’m in charge of that kind of thing and I just need to know when people are talking about my organization, Power Automate could be a really quick way for you to do that for you to set it up and you don’t really need many other people to help you get involved.

Note: Licensing Update for PowerAutomate (April 2022)

Many companies I know are using PowerAutomate to run central automation for the entire organisation. This by using service-accounts. According to the latest PowerAutomate Docs update, the use of service accounts with PowerAutomate with standard licensing (meaning the included PowerAutomate functionalities part of almost every M365-subscription) is identified as Multiplexing and is not compatible.

More information can be found here

Azure LogicApps

Effectively, Logic Apps are the same thing as Power Automate. Now a Logic App within Azure is called a Logic App. It’s not called a flow, it’s called a Logic App. So we can think of it as that, but the thing is that flows live within Power Automate. Basically at flow.microsoft.com, whereas Logic Apps live within Azure, and they live within portal.azure.com. So there’s a very different setup process for Logic Apps over flows within Power Automate, and the licensing is very different. So those are the big things. The editing experience is actually really similar, except that there’s no mobile app for Logic Apps and there’s no Visio. But the web-based editor is almost the same…What this all means though is that the licensing has changed. And because of the way the licensing is, it’s more for like IT pros or admins or for developers or those within Azure that kind of own the tool, which can get a little scary. Because a lot of us won’t have access to Azure within our organization.

When to use what?

PowerAutomate is great when it comes to bringing automation to your or your teams daily work life. Workflows created in PowerAutomate are always owned by a human individual and since Microsoft specified that Multiplexing is not allowed with PowerAutomate (discouraging the usage of service-accounts with PowerAutomate). So use PowerAutomate if you’re automating something for yourself or something which you are the owner and the IT-Department does not need to maintain. Whoever creates a Logic App gets automatically added as an owner, but actually, the tenant owns it (comparable with a Microsoft 365 Group). So if that person were to leave, that Azure tenant owner could always go into that Logic App, assign new owners. The infrastructure of Azure doesn’t say that this is the person that owns it, if they go and disappear. It’s the tenant that owns it. Logic Apps are great for dealing with larger things. Maybe things like anytime a new user’s added in Workday or something, you want a Logic App that’s triggered that’s going to automatically go and configure things properly for my Azure Active Directory – yeah, that’s a great thing for Logic Apps to do, and not so much a flow can do it. But reporting within Logic Apps is much more robust than in flows.

Key Differences between LogicApps and PowerAutomate

Conclusion

PowerAutomate and Azure LogicApps are same but clearly different. Beside the different charging-model (PowerAutomate: Per User/App / Azure LogicApps: Consuption) one of the main differences between the two is the level of complexity they can handle. PowerAutomate can be helpful in some complex scenarios… however as soon as you need to tackle Lifecycle-Management-Challenges, you’re better on with Azure LogicApps. There are surely ways to deeply analize which Platftform suits which use-case best.

Of course there are many factors which can lead to go either for LogicApps or PowerAutomate... however, I recommend you always to start with the following question: Who will maintain the Flow once it's implemented?

• If it's an individual --> PowerAutomate.
• If it's the IT-Department --> Azure LogicApps

I have a SharePoint List with Data on "Tenant A" and I need to move it to "Tenant B". Do you know how to move that quickly?

Just a simple list of Data someone wants to move from One Site to another. For such simple request the solution has, historically, always been anything but simple.

However, with the PowerShell cmdlets from PnP-Powershell this request is anything but difficult ;-).

Prerequisites

Aside from the obvious set of SharePoint lists, Source- and Target-Tenant information and the right Admin-Role in each tenant, the only real prerequisite is to make sure you have PnP.PowerShell installed.

In this article, I am using the latest PnP.PowerShell-Module. To get started with your machine, you can either quickly follow the instructions here or use the following command in PowerShell:

Install-Module -Name PnP.PowerShell

How to do it

Let's assume, you created a SharePoint List which has a multiple lookup-column. You also want to copy the SharePoint Lists which provide the data for the look-up columns. The solution is pretty straightforward. We’re basically going to create a PnP site template, add our list data to it, and then apply that template to our target site.

Step 1 - Connect to the source site

First thing we need to do is connect to the source-site. Simply replace the following two parts of the command with your information:

• sourcetenant --> Name of the tenant which contains the relevant SharePoint site
• sourcesite --> Name of the SharePoint site which contains the lists

## Step 1: Connect to Source Site
Connect-PnPOnline -Url https://sourcetenant.sharepoint.com/sites/sourcesite/ -Interactive

Step 2 - Create the PnP template

Once connected, we need to provide the names of the SharePoint lists we want to copy. A template for the lists will be generated and stored in an XML-File at the path you specified (by not providing a path, the xml-file will be stored in the current path of your powershell-session).

## Step 2: Create the Template (Due to a lookup-field in the main list, we have to export all dependent lists too. (4 in Total)) 
Get-PnPSiteTemplate -Out Lists.xml -ListsToExtract “LIST_1”, “LIST_2”, "LIST_3", "LIST_n" -Handlers Lists

Step 3 - Get the data from the list

To get the data we will populate our list instances with actual list items. The following command needs to be executed for each list. Please ensure you use the same file path as in step 2 ;-)

## Step 3: Get the List Data for each list 
Add-PnPDataRowsToSiteTemplate -Path Lists.xml -List “LIST_1”
Add-PnPDataRowsToSiteTemplate -Path Lists.xml -List “LIST_2”
Add-PnPDataRowsToSiteTemplate -Path Lists.xml -List “LIST_3”
Add-PnPDataRowsToSiteTemplate -Path Lists.xml -List “LIST_n”

Step 4 - Connect to target site

If you followed the previous steps, you should now have all the required information to copy your SharePoint lists in a file named "Lists.xml". Now let's connect to the target location. As under Step 1, please replace the following two parts of the command with your information:

• sourcetenant --> Name of the tenant which will contains the target-site
• sourcesite --> Name of the SharePoint site which will get the lists

## Step 4: Connect to Target Site
Connect-PnPOnline -Url https://targettenant.sharepoint.com/sites/targetsite/ -Interactive

Step 5 - Apply the extracted PnP Template

We stored the template in the xml-file "Lists.xml". By using the following command, we will apply the template to the target-site we connected in "step 4".

## Step 5 Apply the Template
Invoke-PnPSiteTemplate -Path Lists.xml

Conclusion

Wasn't that easy? :-) Ok, open cards... the scenario was not a difficult one. But does it always have to be tricky? ;-) I use the commands above often when moving LogicApps or PowerAutomate flows from one tenant to another (since in many cases SharePoint Lists are used to store data... I know, Dataverse is actually the way to go). But since there is no out-of-the-box function in the GUI, using PnP.PowerShell is pretty neat.

Tenant

A Tenant, as it relates to Azure, refers to a single instance of Azure Active Directory, also called “Azure AD” or "AAD". Azure AD is a key piece of Microsoft’s cloud platform as it provides a single place to manage users, groups and the permissions they hold in relation to applications published in Azure AD.

Key Microsoft applications that Azure AD provides access to include Office 365, Dynamics 365 and Azure. Yes, you read that right, Azure is treated as an "application". You can also use Azure AD to control access to many other third-party applications such as Salesforce and even the AWS admin console. As an application developer you can register your own applications in Azure AD for the purpose of allowing users access.

Azure AD Tenants are globally unique and scoped using a domain that ends with "onmicrosoft.com" (i.e. companyname.onmicrosoft.com) and each has a "Tenant ID" in the form of an UUID/GUID. Some customers choose to connect their internal Active Directory environment to Azure AD to allow single or same sign-on for their staff and will also use a custom domain instead of the default "onmicrosoft.com".

When you access the AzurePortal or leverage one of the command-line tools to manage Azure resources in a Subscription, you will always be authenticated at some point via the Azure AD Tenant associated with the Subscription you want to access. The actions you can take will depend on the Role you have been assigned in the target Subscription.

Finally, Azure AD Tenants can be associated with multiple Subscriptions (typically in larger organisations), but a Subscription can only ever be associated with a single Azure AD Tenant at any time.

Tip for Devs

If you want to develop an application that uses Azure AD but don’t have permissions to register applications in your company’s Azure AD Tenant (or you want a ‘developer’ Azure AD Tenant) you can choose to create a new Azure AD Tenant in the Azure Portal. Make sure in your application that you can easily change Azure AD Tenant details to allow you to redeploy as required. Azure AD has a free tier that should be suitable for most development purposes.

Tip for IT Admins

You can change the display name for your Tenant – something I strongly recommend, particularly as Azure AD B2B will mean others will see your Directory name if they are invited and may be confused if the display name is something unclear. Note that you are not able to change the default onmicrosoft.com domain.

Subscription

A Subscription in Azure is a logical container into which any number of resources (Virtual Machines, Web Apps, Storage Accounts, etc) can be deployed. It can also be used for coarse-grained access control to these resources, though the correct approach these days is to leverageRole Based Access Control (RBAC) or Management Groups. All incurred costs of the resources contained in the Subscription will also roll-up at this level.

As noted above, a Subscription is only ever associated with a single Azure AD Tenant at any time, though it is possible to grant users access outside of this Tenant. You can also choose to change the Azure AD Tenant for a Subscription. This feature is useful if you wish to transfer, say, a Pay-As-You-Go (PAYG) Subscription into an existing Enterprise Enrolment. Subscriptions have both a display name (which you can change) and a Subscription ID (UUID/GUID) which you can’t change.

Subscriptions are not tied to an Azure Region and as a result can contain resources from any number of Regions. This doesn’t mean that you will have access to all Regions, as some Geographies and Regions are restricted from use – we’ll talk more about this next.

Resources contained in a Subscription but deployed to different Regions will still incur cross-Region costs (where applicable) for the resource.

People sometimes use the word "Tenant" instead of "Subscription" or vice-versa. Hopefully you can now see what the difference is between the two.

Regions and Geographies

Azure differs from the other major cloud providers in its approach to providing services close to the customer. As a result, and at time of writing (April 2022), Azure offers 58 operational Regions (and more to come).

A Region is a grouping of data centres that together form a deployment location for workloads. Apart from geo-deployed services like Azure AD or Azure Traffic Manager you will always be asked what Region you wish to deploy a workload to.

Regions are named based on a general geography rather than after exactly where the data centres are. So, for example, in Switzerland we have two Regions – Switzerland North and Switzerland West.

A Geography, as it relates to Azure, can be used to describe a specific market – typically a country, or sometimes a geographic region (Asia, Europe). Normally within a Geography you will find two Regions which will be paired to provide customers with high availability options. Can anyone spot the one Region that doesn’t have its pair in the same Geography?

There are a few special Regions that aren’t open to everyone – US Government Regions, the entire German Geography and China.

When you replicate data or services between Regions you will pay an increased charge for either data transfer between Regions and / or duplicated hosting costs in the secondary Region. Some services such as Azure Storage and Azure SQL Database provide geo-redundant options where you pay an incremental cost to have your data replicated to the secondary Region. In other cases, you will need to design your own replication approach based on your application and its hosting infrastructure.

Once you have deployed a service to a Region you are unable to move it – you have to re-provision it if you need the primary location to be somewhere else.

As a final note, while there is a Regional availability model (replication of services between Regions), Microsoft has also introduced the concept of Availability Zones. Availability Zones are rolled out globally and are more than just a logical overlay over Regions. There is a great infographic on the Azure Resiliency website that covers how Regions and Availability Zones work and the value they provide.

So there we have it, a quick overview of some of the key terms you should be familiar with when getting started with Azure.

What is the PnP PowerShell module?

The original version of the PnP PowerShell module -- named SharePoint PnP PowerShell Online -- only managed SharePoint Online and SharePoint on-premises products and required Windows PowerShell to operate. Microsoft developed the PnP PowerShell module to work with cross-platform PowerShell and expanded its capabilities beyond SharePoint. The new module has more than 600 cmdlets to manage SharePoint Online, Microsoft Teams, Microsoft Planner and Microsoft Flow. This consolidation effort attempts to further simplify the work involved with installing and working with separate PowerShell administration modules Microsoft provides to manage each service.

Why use the PnP PowerShell module?

The Microsoft SharePoint Online Services module remains the de facto management tool for that service with basic commands to connect, add, update and remove items such as site collections, sites and libraries.

PnP PowerShell contains most of the cmdlets in the SharePoint administration module but also features many new commands. PnP PowerShell does not supersede the SharePoint Online Services module but offers some improvements when using PowerShell to manage SharePoint Online.

Challenge without PnP PowerShell

For example, to connect to a SharePoint site collection and iterate all sites using PowerShell, you need to connect to SharePoint Online and then retrieve all site collections. Before PnP Powershell, you needed to use client-side object model (CSOM) references and libraries in PowerShell scripts to iterate through subsites. Using CSOM is often involved and requires extensive commands, creation of new connections and credential objects, and loading each level from the site collection to the subsites. The code is prone to connection issues and often returns 403 forbidden errors.
The PnP PowerShell module aims to resolve these issues by creating new, enhancing existing or combining functions and CSOM code for a more streamlined approach to PowerShell scripting to manage SharePoint Online.

Get started with the PnP PowerShell module

Step 1: Remove legacy PnP module (just in case)

Before the PnP.PowerShell module, things were done using its predecessor SharePointPnPPowerShellOnline (which is not maintained since around March 2021 and now seen as legacy).

Therefore, if you just started your journey with PnP PowerShell, you can directly jump to step 2. Otherwise please ensure to remove SharePointPnPPowerShellOnline by using the following PowerShell command:

Uninstall-Module SharePointPnPPowerShellOnline -AllVersions

Step 2: Install the PnP PowerShell module

Not the most difficult part ;-). Just use the following PowerShell command to install teh PnP.PowerShell module:

Install-Module PnP.PowerShell

Step 3: Grant access to the desired tenant

Then final step is to grant access to the tenant for the PnP Management Shell Multi-Tenant AAD App. This is done by executing the following command:

Register-PnPManagementShellAccess

You will be prompted to log in and provide consent for your tenant.

NOTE: In case you are not a global admin, use the following command to generate a consent-URL and contact a global administrator.
Register-PnPManagementShellAccess -ShowConsentURL

Step 4: verify the installation! :-)

Now you should be equipped to enjoy the benefits of PnP.PowerShell! To test it, use the following cmdlet to connect to a site of your tenant:

#Connect to PnP Online
Connect-PnPOnline -Url "https://[YOURTENANT].sharepoint.com/" -Interactive

#Get all lists from the specified URL
Get-PnPList

And that is how it looks like if you succeeded ;-)

Conclusion

I am just starting with PnP.PowerShell but it already makes my daily life easier. Being able to create SharePoint Lists in my demo-tenant and then abeing able to easily export and import them into another tenant is pretty handy. So it brings definiitely a great benefit in terms of how to deal with the structures in SharePoint Online and makes a lot of migration-scenarios easier accessible.

When you create a new List, you can choose from a variety of Templates offered by Microsoft. But what if you would like to add your organisation-specific Templates in Microsoft Lists? Well, this article is exactly about how you can achieve that!

Let's see how you get that option there and let's create our first template for Microsoft List!

Prerequisites

Coming from the SharePoint world, you might be familiar with "Lists". With Microsoft Lists, we are actually using very similar management commands (in PowerShell)

• Global Admin or SharePoint Online Administrator Role
• SharePoint Online Management Shell (Link)
• Either PowerShell ISE or Visual Studio Code (both work... your choice ;-))
• An existing List in SharePoint Online from which you want to create the template

How to create a Microsoft List template

The easiest way is to create your template based on an existing list.
In order to achieve this, I'll quickly explain the steps (you can find the code-snippet right below):

1. Ensure you have the latest SharePoint Online Management Shell installed on your computer and connect to the SharePoint Online Service of your tenant (Need more help...?)
2. Once you are connected, you first have to get a site-script from an existing List. The Get-SPOSiteScriptFromList command does exactly that. Since you will need that information later again, you are going to store the command output in the variable $extracted
3. Now take the information obtained in Step 3 and run the command Add-SPOSiteScript on it. With that you define the title and description for our site-script and create a variable $listscript which will help you in the next step to get the required SiteScript ID.
4. Step four is actually where you are going to add the template to Microsoft Lists. The information here is shown to the end-users.
   An overview of available Icons can be found here.

# 1. Ensure you got the latest SharePoint Online Management Shell
Update-Module Microsoft.ONline.SharePoint.PowerShell

# 1. Get connected to your tenants SharePoint Service
Connect-SPOService -Url https://YOURTENANT-admin.sharepoint.com

# 2. Create a Site-Script from an existing Microsoft List 
$extracted = Get-SPOSiteScriptFromList -ListUrl "https://YOURTENANT.sharepoint.com/sites/YOURSITE/Lists/YOURLIST"

# 3. Update Title and Description of the generated site-script and put it into the variable $listscript
$listscript = Add-SPOSiteScript -Title “Contact List (enito.ch)” -Description “Simple Contact List for yourself or your team” -Content $extracted

#4. Upload the template to Microsoft List. 
Add-SPOListDesign 
  -Title "Contact List (enito.ch)" 
  -Description "Simple contact list" 
  -SiteScripts $listscript.Id
  -ListColor Red 
  -ListIcon BullseyeTarget 
  -Thumbnail "https://YOURTENANT.sharepoint.com/sites/YOURSITE/SiteAssets/YOURIMAGE.png"

# (YOURTENANT, YOURSITE, YOURLIST, need to be updated)

And here you see the output after you followed the instructions above:

Conclusion

Microsoft Lists is a pretty underestimated App in the Microsoft 365 ecosystem. I use Lists often to solve easy problems together with PowerPlatform. But for the everyday user Microsoft Lists is used often within MS-Teams. The possibility to add org-specific templates to Microsoft Lists (and use them for collaboration in MS-Teams) is pretty neat to me.

If you want to know more about how to deal with Microsoft Lists Templates, you can find additional information in Microsoft's official Documentation here.

Employee Experience

To explain the term employee experience, I would like you to start from a different angle which helped me understand it easily.

Think of you as a customer of an online-store. You have certain expectations and the online-store as a company is keen to keep you on board and to re-visit the online-shop and talk good about it. Now, online-shops ensures this by measuring the so called “customer experience”. This means, they measure with KPIs and surveys how happy the customer is. Based on that feedback, things will be improved accordingly in order to perfectly met the customers expectations. You get where I’m heading to?

Employee experience is basically the same. The only difference is, that instead of having the customer in the center of attention, you have the employee.

So, from the moment someone looks at a job opening, to the moment they leave a company, everything that the worker learns, does, sees, and feels contributes to their employee experience. To master employee experience management, an organization must listen to its people at each stage of the employee lifecycle, identify what matters most to them, and create personalized, bespoke experiences.

The employee experience is foundational to business performance. Sustaining customer experience efforts, improving products, and building a strong and reputable brand all require the help of all employees. Ultimately, it is their experiences – positive and negative – that will impact how hard they work, how much they collaborate, or whether they are invested in improving operational performance.

Employee Experiences Stages

Employee experience equals everything a worker learns, does, sees and feels at each stage of the employee lifecycle.

Recruitment

This includes all the steps that lead to hiring a new employee. Considerations are how long it takes to hire, how much it costs to hire, the rate of offer acceptance, and the hire’s quality. Were your job ads attractive and clear enough to catch the attention and applications of the best candidates? Did your interview process engage and reassure great candidates so they quickly accepted your job offer? How was the entire candidate experience?

Onboarding

A new hire gets up to speed with the systems, tools, and processes and comes to grips with the role’s expectations. Most new employees need “ramp time” to get up to speed and become productive in their job. Obviously, the quicker they can do this, the more profitable it is for your organisation. An effective onboarding process translates someone’s initial enthusiasm for their new job into a more meaningful, long-term connection to the brand and a commitment to doing great things while they’re there.

Development

Employee development is an ongoing stage in the employee journey, with individuals developing at different rates across a variety of skills. As employees develop within their roles, you need to quantify their productivity, ability to be a team player, and promotion aspirations. You also want to offer them the chance to expand their skill sets, an increasingly important differentiator for many employees looking to have a “portfolio career” consisting of many different experiences.

Retention

Employees are now fully ramped and integrated into the organisation. With a strong people retention strategy, you can keep them performing, developing, and contributing to the company’s success, as well as ensure they’re inspired by and connected to the company’s core vision. It makes economic sense for a company to do all it can to keep hold of existing employees. It can cost up to 50%-60% of an employee’s annual salary to replace them.

Exit

Employees can leave for a whole host of reasons: They may retire, move to another employer, or make a life change. Every employee will leave your company at some point, and finding out why is an opportunity to improve and develop the employee experience for current and future employees. Leavers may be more candid in exit interviews about why they’re going as they may feel they have nothing to lose by being brutally honest.

The rise of the employee experience

The shift from old-school employee engagement to a more holistic approach to employee experience has been driven by a number of factors – including social media, changing demographics, and more volatile economic conditions.

• The millennial generation wants more opportunities to have their say and companies need to get a deeper understanding of a group who feel, think and behave differently to the generations before them.
• The war for talent is fiercer than ever before – there are now more candidates for fewer jobs and experiences are one of the last ways to differentiate yourself as an employer.
• Organisations are changing faster than ever – digitisation, disruption and other economic forces are causing companies to shrink and expand at a more rapid pace. Meaning there’s a need to really understand the impact this is having on people more regularly than once a year.
• There’s an expectation for personalised employee experiences – employees now expect they’ll be treated as a unique person, just like they are when they interact with leading B2C brands as a consumer.
• The explosion of social media and the potential for damaging reviews to go viral has meant workplaces have become more transparent to protect company and brand reputation.

By focusing on improving the employee experience, the world’s leading brands have discovered that there are knock-on effects: not just to traditional HR metrics like turnover and absentee rates, but also on customer experience and overall profitability.

Business impact of employee experience

Good employees are your greatest investment, and they’re hard to find. When you’ve battled to attract and hire quality people, you don’t want to lose them. Employee churn eats into your HR team’s time and also your business’s bottom line. Investing in positive employee experience is crucial to creating an engaged workforce who wants to stay with you, and it’s an effective way of reducing staff turnover.

Microsoft Viva - An employee experience platform

Microsoft Viva builds on the power of Teams and Microsoft 365 to unify the employee experience across four key areas — Engagement (Viva Connections), Wellbeing (Viva Insights), Learning (Viva Learning) and Knowledge (Viva Topics) — in an integrated experience that empowers people to be their best. Microsoft offers an initial set of modules in Viva that will provide built-in capabilities, integrations from a strong and growing ecosystem of Viva partners, and platform extensibility that will enable customers to integrate their existing employee experience systems and tools with Viva to make them more accessible and discoverable to employees.

The components

Microsoft has paid particular attention to the well-being of employees in the company. Nowadays, we spend most our time on the computer (more specifically… in MS-Teams).

Therefore, having tools in place which are able to identify an excessive work-style and inform us when we’re working too much is actually pretty helpful.

Not only this, but these tools also support us also in better managing our work and take moments of break to catch-up with colleagues to catch-up with colleagues or managers. That’s why Microsoft introduced Viva Connections in it’s Employee Experience Platform. With Viva Connections, employees can easily find internal communications and corporate resources, everything from a single, customizable app on MS-Teams.

Then we also have Viva Learning, which has a clear focus on employee learning and growth. It gathers all available learning resources in a single workspace and makes them easily accessible.

Viva Topics is all about knowledge management. Thanks the usage Of artificial intelligence, the finding & exchange of files and information becomes simpler and more immediate.

Last but not least, there is also Viva Insights which has been introduced by Microsoft to visualize and develop the well-being and productivity of people in the company.

Viva Connections

For those company which are already familiar with the advantages of having a corporate intranet, it should be pretty straight forward to see how Viva Connections provides an easy way for employees to find engage with information about the company, ongoing activities or upcoming changes. In addition to that, thanks to the dashboard functionality, employee will also be able to easily access tasks or reminders without having to leave the intranet.

If you don’t have an intranet-solution in place, then you should start considering to implement one. Why? Viva Connections is part of almost every Microsoft 365 business/enterprise subscription and even if you’re a small company… you can set Viva Connection up with a few clicks and provide to your employees useful information for they everyday work within a unified experience in Microsoft Teams.

Viva Learning

Microsoft Viva Learning is designed to enable people in the company to develop skills within the working processes in order to provide an easy way for them to learn and grow in the workplace. How is this done? Viva Learning helps people to acquire knowledge easily by providing them with the right content at the right time. Through the Viva Learning App in MS-Teams people can train using content offered by Microsoft, third parties or corporate content.

These can therefore be used within Teams and can be shared in work groups.

Viva Learning’s main features are the following:

• External Content – Add content from 3rd party platforms such as Linked-In Learning and others.
• Seamless experience with MS-Teams – Viva Learning is an app for MS-Teams. - Training Management – As a Manager in Viva Learning, you can follow training competition of your team members.
• Sharing – Every training can be shared directly in an MS-Teams Chat or Channel.

Viva Topics

Microsoft Viva Topics is one of the outcome from Project Cortex and is, beside of being part of the Microsoft Viva Family, also part of Microsoft’s Knowledge & Content Services. In my opinion a fundamental brick in order to achieve the vision to provide every company the tools to create, maintain and develop a knowledge network. But be warned, a substantial effort is needed to build the set of topics found in SharePoint Online content before apps can surface topic cards to users.

Microsoft Viva Topics uses AI to reason over content across teams and systems, recognizing content types, extracting important information, and automatically organizing content into shared topics like projects, products, processes and customers. Viva Topics then creates a knowledge network based on relationships among topics, content, and people. New topic pages and knowledge centers—created and updated by AI—enable experts to curate and share knowledge with wiki-like simplicity. And topic cards deliver knowledge just-in-time to people in Outlook, Microsoft Teams, and Office. Microsoft Viva Topics builds on intelligence from the Microsoft Graph, a variety of Microsoft AI technologies, and the content services of SharePoint.
Viva Topic’s main features are the following:

• Topic Cards – Topics are identified with AI by analizing existing data. Knowledge about a Topic gets shown everytime a topic is detected automatically on a topic card.
• Topic Pages – Every topic can be explored more in detail in a topic page. Viva Topics builds topic pages automatically from your content by using AI.
• Topic Map – Since it’s a goal to build a so called knowledge network, a topic map shows all relationship between various existing topics in the company.
• Collaboration – Every topic gets curated by one or more experts which receive the respective role and can keep the topic page up-to-date, answer FAQs and get contacted directly by people.

Viva Insights

Microsoft Viva Insights represents the work-related aspects based on well-being and productivity of an individual in the company.

It provides people, managers and leaders with personalized information which enables them to help everyone in the organization grow. In addition to the new productivity and health experiences, Viva Insight will also integrate features from “Microsoft Workplace Analytics” and “Microsoft MyAnalytics” over time.

The main purpose of these two tools is to evaluate the user’s interaction during his daily life with Microsoft 365 tools. A notably amount of data gets stored and is used for example to see how many e-mails are received, how long a person spends writing emails, how much time is spent in meetings, etc.
All these elements are presented in two different ways:

• Personal Insights – where a person can see how he/she is using Microsoft 365, manage his agenda and block time-blocks to focus on activities (focus-time)
• Aggregated information from Workplace Analytics which allows managers and leaders to have a high-level view on the daily productivity of workers.

The most interesting feature-set in Viva Insights is the one for individuals (Personal Insights). However, Microsoft Viva Insights also offers Dashboards for Managers (e.g. Team leaders, Head of Department) and Leaders (Leadership-Team Members).

Conclusion

When I first read about Microsoft Viva, I honestly did not really understand why Microsoft was trying to make a point. Even the term “Employee Experience” was also unknown to me.

After digging more into the topic, I really see the value of every single component and I am pretty sure that companies will recognize this too in the near future.

I learned that Microsoft made a strong commitment to AI in their Mission in 2017. That’s ironically also the year, when Microsoft started working on Project Cortex (which brought to the market “SharePoint Syntex” and the foundation for “Viva Topics” in the context of Microsoft Konwledge & Content Services). So they’re working on including AI in our daily worklife and get most out of the available informations within a M365-Tenant since more than 4 years now.

With Microsoft Viva as an Employee Experience, and Konwledge & Content Services such as SharePoint Syntex evolving further, I think that Microsoft is enriching the Microsoft 365 ecosystem with two important and always missed capabilities. I think it’s pretty amazing how deep Artificial Intelligence is getting in our working lives and I also see that every company will have to embrace these new way of acting. The days where you could afford to not consider Artificial Intelligence to value the information you generate and use them to optimize efficiency, well-being and many other aspects of the daily life are definitely coming to an end. I am looking forward to see with what else Microsoft will come up in the next few years.

In the meantime, I will surely remain tuned on the Microsoft Viva channel and also keep an eye on Microsoft’s Knowledge & Content Services and I suggest that to evey engineer which is planning to contribute to modern collaboration & content management.

What is Viva Topics?

Viva Topics is the foundation of Microsoft’s knowledge network. Substantial effort is needed to build the set of topics found in SharePoint Online content before apps can surface topic cards to users. This article is the first of a two-part series. In it, we chronicle the process of how the AI used by Viva Topics suggests topics and how knowledge managers refine and publish the topics to make them available to end users.

Viva Topics uses AI to reason over content across teams and systems, recognizing content types, extracting important information, and automatically organizing content into shared topics like projects, products, processes and customers. Viva Topics then creates a knowledge network based on relationships among topics, content, and people. New topic pages and knowledge centers—created and updated by AI—enable experts to curate and share knowledge with wiki-like simplicity. And topic cards deliver knowledge just-in-time to people in Outlook, Microsoft Teams, and Office. Microsoft Viva Topics builds on intelligence from the Microsoft Graph, a variety of Microsoft AI technologies, and the content services of SharePoint.

Main Features

Before reading about the features I highlight below, it’s important for you to understand what a topic in the context of "Viva Topics" is.

A topic is a phrase or term that has a specific meaning. The meaning might only be known within an organization or it might be in general use. Resources like SharePoint sites or individual documents help people understand the meaning of a topic. According to Microsoft, Viva Topics can identify the following types of topics:

• Project
• Event
• Organization
• Location
• Product
• Creative work
• Field of study

Topic Card

Topic Cards appear automatically when a topic is detected, showing you a description, experts, resources, and other information about the topic. Topic cards appear automatically in Outlook, Word, SharePoint and Microsoft Teams, and will appear in results in Microsoft Search.

Topic Page

Knowledge can be explored in depth in a topic page. Viva Topics builds topic pages automatically from your content, using AI. But pages become better with experts, who can edit or create new topics with wiki-like simplicity, incorporating their knowledge and additional resources, and transparently training your knowledge network at the same time. AI also keeps your topic pages up-to-date alongside ongoing people-centric curation.

Topic Map

A Topic Map is a map of relationships between the various existing topics in the company. A Topic Map is automatically added to every Topic Page. And on top of that, we are also able to use the Yammer integration which allows us to make users receive questions and answers on a specific topic so that they’re visible and accessible to all. People can ask a question in a way that experts on that topic are notified and can provide their answers in a timely manner. These questions and answers will automatically be added to the Topic Page enabling other users people to benefit from the knowledge.

Collaboration

As you may expect, people within an organization will be able to collaborate on any topic. There are multiple owners for a single topic and each of them is able to modify the topic page in MS-Teams by adding information and republishing it.
Such content is also very useful to make topics easier to find by end-users.

Conclusion

Microsoft Viva Topic is definitely a powerful tool which will have a big enhancement on employee experience and knowledge management. If I think of having an AI identifying important Topics by analyzing the entire content an organisation puts on Microsoft 365 Services… makes it more encouraging to build up a robust knowledge network. How much time do people spend in searching the information needed for them to fullfil their job?

The only thing which Viva Topic does not help you with, is the adding of Metadata to your files. So either you have super-disciplined end-users which cure the metadata of every document and workgroup they’re involved in, or you take a look at Microsoft “SharePoint Syntex“, Microsofts smart content service which uses Machine Teaching and AI to automatically enrich corporate data with relevant metadata. As you can see, Knowledge and Content Services are getting a lot of support from AI and Machine Learning.

However, the effort to establish a proper knowledge network and optimise knowledge management with Viva Topics shall not be underestimated. Don’t forget that either Viva Topics and SharePoint Syntex are based on AI. This means, in order to get the benefit out of the tools, you’ll have to feed data into it, wait until it gets processed, and configure the parameters relevant for your organisation. The initial effort is comperable with a mid- to large-sized IT-Project which involves technical and organisational roles from the company.

So in the past year, the legend of a robust organisational knowledge management solution (that’s my personal opinion about it ;-)) has become more reality. By leveraging endusers from adding metadata or identifying important keywords within the organisation which need to be explained and made accessible for everyone in the company, I think we will start using the information which we already have to learn and get a real benefit from it. As long as you spend enough time to understand your needs and plan the implementation.

What is Viva Learning?

Microsoft Viva Learning is designed to enable people in the company to develop skills within the working processes in order to provide an easy way for them to learn and grow in the workplace.
How is this done? –> Viva Learning helps people to acquire knowledge easily by providing them with the right content at the right time. Through the Viva Learning App in MS-Teams people can train using content offered by Microsoft, third parties or corporate content. These can therefore be used within Teams and can be shared in work groups.

Main Features

Include external Content

Viva Learning allows you to have in third-party content from other learning platforms such as “LinkedIn Learning”, “Microsoft Learn”, “Coursera”, “edX”, “Plurasight”, “Cornerstone”, “SuccessFactors” and “Skillsoft”. In addition to that, you can also easily insert customized company-training content in Viva Learning and then integrate it on e.g. the Communication-Site or any other M365-Resource.

With “content” we refer not only to videos, which is at the time of writing the most popular format, but also to files and documents. That content will be enriched with features such as sharing, assigning courses, viewing courses on individual workgroups, with Viva Learning.

Provide Training Content with MS-Teams

Microsoft Viva Learning is fully integrated in Microsoft Teams. This offers the possibility to insert training content within specific work groups in order to allow people to collaborate and find the time to grow their skills specific onf their activities. You can easily share and broadcast trainings in a chat or in a MS-Teams channel.
When you personalize learning, the acquisition of knowledge is better and people feel more included. Viva learning does not only show relevant learning in your search results, it shows you also recommended content in a customized view tailored to your individual needs.

Management of Trainings

Within Viva Learning, people with the manager role can decide to assign training content to one or more people in their team and follow their progress.
The platform shows all the learning tasks that a manager has assigned, when they are carried out and the related competition status reported by people.
Employees can see the learning assigned to them by a manager either with Viva Learning or through an integration with one of the leading learning management systems, along with due dates and other important information about the training execution.

Share trainings easily

With Viva Learning you have the possibility to share courses with colleagues via MS-Teams chat. If you look at knowledge as one of the fundamental aspects of a corporate culture, this feature allows it to share, encourage and stimulate the growth for the entire organization.

Conclusion

Viva Learning offers currently a good learning experience and is easily accessible in MS-Teams. The fact that it offers a lot of integrations with external content from such big platforms and that you can even connect it with an existing Learning-Management-Solution makes it a strong solution in the market. However, many companies already have solutions in place and it might be a little bit tricky to get the costs legitimated to a new solution if the old still works.

If you do not have yet a learning solution and you’re already using MS-Teams… then you should definitely consider Viva Learning.

What is it about?

Access Reviews, a feature of Azure Active Directory, is a useful security tool to include in any organization’s identity governance process, as users having more than the required access to resources unnecessarily increases the risk of data breaches. In this blog, we dive into the solutions we have built for our customers and the best practices we have discovered. We take a closer look at the built-in features for Azure AD access reviews, whether they are enough for real-life requirements, and whether we can make things even better by using a custom solution instead.
Access Reviews allow you to initiate access review periods in Azure AD. During the reviews, assigned reviewers will check if directory users’ current access to resources is still justified or if we should revoke their permissions. You can use it to check access to Azure AD groups (including Teams teams), enterprise applications, and privileged roles, and target the review to concern the organization’s internal users, guests, or both.
You can create, configure and view the results of access review periods via the Azure Portal (I’ll tell you the exact locations in just a second). In addition, it is possible for us to also create access reviews via the Microsoft Graph API. Even though Azure AD Access Reviews offer us plenty of functionalities already built-in, being able to create programmable reviews offers us even more options to tailor the reviews to precisely match our organization’s needs.

To use the Access Reviews functionality in Azure Active Directory, you will need Azure AD Premium P2. for the users who will be performing the reviews. More details about licensing, including how it applies to guest user, on the Microsoft documentation.

Define the scope of the review

Typically organizations want to use Access Reviews to check access to groups and/or teams. You can find the feature in Azure Portal by navigating to Azure AD and then Identity Governance. The view allows you to create new access reviews and view the results of reviews that happened in the past. Out-of-the-box, there are two options to choose from for group-related access review scope:

• All Microsoft 365 groups with guest users (not available when reviewing application access)Note: when this option is selected, you can only choose to review guest users only (not all users).
• Select teams + groups (or applications) In addition, you need to select whether you want to include only guest users or all users in the review.

You can create access reviews also for enterprise applications from the same place as for groups (as you can see from the image above). The option is also available if you navigate to Enterprise applications under Azure AD in Azure Portal.

For privileged roles, access reviews can be found by searching Azure AD Privileged Identity Management in Azure Portal, and then selecting Azure AD roles. When we are evaluating PIM access, we can choose to target either all users and groups or all service principals.

Additionally, if you are reviewing users and groups, you can choose between the following targets:

• All active and eligible assignments
• Eligible assignments only
• Active assignments only You also need to select which of the privileged roles you want to include in the review scope. Again, you can include all of them or only the ones you are the most concerned about.

The (few) build-in functionalities

As already mentioned, evaluating access to groups and teams is the most common scenario, so let’s focus on that one. Imagine the following scenario: an organization wants to review all teams in the tenant. Which option should we choose?
All teams are connected to Microsoft 365 groups. However, not all Microsoft 365 groups necessarily have teams. In actuality, Planner plans and modern SharePoint Online team sites are also connected to Microsoft 365 groups but don’t necessarily have the Teams feature enabled.
The former option includes all Microsoft 365 groups with guest users within the scope of the review. It covers all teams with guests, but the option also targets Microsoft 365 groups that don’t have teams. Additionally, the option only applies to teams with guest users and leaves out teams only used by the organization’s internal employees. Because of these factors, this option does not fulfill our requirements.
What about the latter option? It allows us to include specific teams and Azure AD groups within the scope of the review. Initially, it sounds like this could work: we can add all teams to the scope manually. However, in practice, this becomes extremely tedious for the following reasons:

• First of all, the list which you are using to select the teams from includes all Azure AD groups and does not in any way indicate which groups have a team attached.
• Second, the list only shows the first 50 Azure AD groups, and to be able to select teams that are further down the list, you need to search for them by name.
• And finally, the selection is in no way dynamic: when new teams are created in the tenant, they’d need to be included in the scope manually later.

As we can see, dynamically including only and all teams within the scope of the review is not possible with the built-in features. Therefore, to be able to reach our goal, a custom solution is required. When we have a custom solution, we can use any criteria for selecting which groups to include within the scope of the review. For example, with a custom solution, we can automatically select only and all Microsoft 365 groups with the Teams feature enabled — including any teams created in the future — thus fulfilling our requirement. In addition, if desired, we can further filter down the teams to, for example:

• only those which have not been archived
• which have guests
• use a certain classification label
• etc. (The options are essentially limitless!

Dynamic Groups - better exclude them

Dynamic groups use predefined rules to deduce which users should be included as their members. Unfortunately, when we use the built-in access review options, dynamic groups are included in the scope of the review the same way as groups with assigned membership. This is unfortunate because including dynamic groups within the access review scope is useless.

Even if a reviewer selected Deny access as the review result, the user is not removed from the group. Instead, the review status will just get stuck on applying without ever changing to completed. The only way to remove users from dynamic groups is to either change the group membership compilation rules or the user profile properties, so the users no longer get included in the group. This is not something a regular user can do.

With a custom solution, we can automatically leave out groups that use dynamic membership. The only situation in which reviewing dynamic group access could be useful is if we informed an administrator capable of making these changes of the review results (e.g. via a report), so they could evaluate if the organization should readjust the dynamic group rules. This is not an Azure AD feature and must be implemented as a custom solution.

Reviews and Scheduling

In addition to the review scope, we also need to define, who will be doing the review and how often. The built-in features are sufficient to cover the majority of the use cases and offer us the following options for reviewers:

• Group owners (naturally not available when reviewing app or PIM access)
• Selected users or groups
• Users review their own access
• Managers of users (based on Azure AD user profile properties)

For the group owners and managers of users options, we can also set fallback reviewers in case the primary reviewers don’t exist (groups without owners or users without manager set in their profile).

For the recurrence of the review, we can select:

• One time (for group access reviews, this option is only available when the scope is Select teams + groups)
• Weekly
• Monthly
• Quarterly
• Semi-annually (every six months)
• Annually In addition to frequency, we also define how much time (number of days) the reviewers have to complete the review, when should the review happen for the first time, and when the recurrence should end (never, on a specific date, or after a certain number of occurrences).
  Typically, these built-in settings are sufficient, but sometimes an organization might want to schedule the review, e.g., every other month, or have different users review certain subsets of groups. If the built-in options don’t fulfill a specific need, we can set the reviewers and the recurrence exactly as desired via a custom solution.

What happens during and after the review?

When access reviews are initiated, we ideally want to send notifications (possibly including a custom message) about them to the reviewers — how else are they going to know they need to review the access to their resources? Still, some settings control this behavior, so if you, for some reason, don’t want to send out emails when the review period begins, you can turn them off. You can also choose to send reminders if the reviewers haven’t done anything halfway through the review period.

When we define the settings for access reviews, we can select whether the results are automatically applied to the resource or not. In practice, this means that if a reviewer decides to Deny access for a user, the user’s permissions will automatically get removed at the end of the review period. We can also select what happens if reviewers do not take action: there can be no change, the access can be approved or removed automatically, or the system can take the recommended action.

Recommended- vs. Individual actions

The recommended action is based on whether the user has logged in during the past 30 days or not. If they have, the system recommends their access to be retained, and if not, it suggests the access be removed. Personally, I don’t think this is much of a recommendation. Users can be members of many different groups. They might log in to use one of them, but the recommendation is still displayed as approve for all the groups the user is a member of, even if they haven’t viewed the other group contents in ages. Also, users can be absent for more than 30 days, e.g., during the summer holidays.

This “decision helper” setting is enabled by default, and while it may seem great at first glance, it can actually do more harm than good. The reviewers might end up always taking the recommended action “to be on the safe side” without actually stopping to think for themselves, what is truly the correct action to be taken. My recommended action is to disable the setting. The user interface will still show the last login date during the review; the system will just not recommend what action to take.

What can help make reviewers think for themselves is requiring them to enter a short justification message whenever they approve a user’s access (like in the picture above). The quality of the reviews can increase by utilizing this method because the reviewer actually needs to stop to ponder whether the user is justified to have access.

It can also be interesting for administrators to later go through the review results to see the reasons the reviewers base their decisions on. And no need to worry about justifying access being tedious: it can be provided for multiple selected members at once.

Challenging: Automatic disable of accounts with "denied access"

If the review only covers guest user access, you have an additional option to choose whether…

• the user’s membership is removed from the resource, or
• block the user from signing in for 30 days, and then remove them from the tenant.

The latter option sounds super handy at first. It’d be great to disable and eventually remove guest user accounts from the tenant if they no longer need access, right? However, the feature is actually quite problematic.

.

Just as I said earlier, users can be members of many different groups. What happens if their access is approved for some groups but denied for others? If the user’s access is denied for even one group, their account gets disabled and eventually removed from the tenant (if they don’t notice this and contact an administrator within 30 days). It does not sound that useful anymore, huh? Luckily, we can implement much smarter logic for cleaning up unnecessary user accounts through custom solutions. Let’s talk more about this later.

The notification simply contains information on what resource was reviewed, when the review period began, was scheduled to end (admins can manually end access reviews earlier), and a link to the review results in Azure Portal.

Again, this feature sounds more useful than it actually is. Even with the best intentions, it can’t be considered anything close to reporting. In general, attempting to get an overview of how an access review period went as a whole, the built-in features simply don’t offer any useful view for that. You can only open individual access review results (per group) via the Azure Portal; that’s it.

If you wish to get an actual report which offers you summaries and filtering options, a custom solution is your only option. So let’s talk about that next!

A separate access review is created for each resource (group or app) within the scope of the review. Note that whenever the system sends emails, whether it is about the beginning of an access review period, a reminder, or a notification about the end of a review, an individual email is sent about each access review. This means that if a person is selected as a reviewer for many different resources or receiving a notification at the end of the review, they can potentially receive many emails.

Reporting

OK, let’s imagine you’ve already got access reviews up and running. So how do you know if they have actually been useful?
With the out-of-the-box Azure AD capabilities, the only way you can see how an access review has gone is if you open each one of the individual resource-specific access reviews separately and check what membership decisions have actually been made and by whom. Unfortunately, there is not any summary of the access review period that would easily give an overview of how things have gone in general.

Remove Guest user accounts which are no longer needed

So, if you only include guest accounts within the scope of the review, you have an additional option of automatically disabling the guest accounts which access is denied during the review. This is problematic because if a guest is a member of multiple groups, being denied access to even one disables the account. And if the guest does not notice their account has been disabled within 30 days, the account gets deleted from the tenant completely.

You can probably already expect this: custom solutions to the rescue! With them, you can define yourself, how exactly and based on which rules you want guest accounts to get disabled, and when to delete the accounts from the tenant (if ever). Via the Microsoft Graph API, we can check which groups the guest is a member of and when they’ve last logged in. We could, for example, have the following rules:

• If a guest is not a member of any groups and has not logged in for two months, disable their account.
• If a guest is a member of groups but has not logged in for six months, disable their account (we could also remove their access to all the groups at the same time if desired)
• If a guest account has remained disabled for three months straight, remove it from the tenant

In addition to the rules, we can also implement other useful features:

• We could send notifications of the “disable” events, so in case the guest or their contact within the organization still wants to retain their account in the tenant, they could ask the admin to re-enable it in time.
• We could also send summary reports to the administrators, so they could see which accounts were disabled or removed. These are just a few example ideas! The great thing about custom solutions is that we don’t need to settle for the features and logic offered out-of-the-box. Instead, we can do things exactly the way we want them to be.

Conclusion

Managing user accounts and their access does not need to be tedious and a lot of constant work. It can be almost fully automated, so people can rather focus on more important matters.

Did this article get you excited about Azure AD Access Reviews and interested in automating user account lifecycles? What kind of needs does your organization have regarding the matter? Let me know your thoughts in a comment!

This is partially true. We all know that especially in enterprise environments, making sure that a tool like Microsoft 365 is put to effective use and does not lead to information overflows and stale content is not a trivial task. Countless information officers have pondered -and continue to ponder- over the best ways of governing an ever-expanding landscape of information repositories and collaborative environments. In these COVID-driven times, the reliance on these environments and tools has only become more critical.

The echo of the nineties🛹

A persistent problem has been the effort to preserve re-usable information, whether for operational reasons like trying to harness built-up know-how, or to derive strategic insights from operational data and information. In the 90’s and with the Digital wave, many initiatives were undertaken to organize the systematic gathering, processing and preservation of this valuable data and information and turn it into a true knowledge management operation.

Few of these initiatives, except perhaps for Big Data, have survived to date. The main reason: the sheer effort and budget needed to install and run this kind of operation, mostly with manual (and thus costly) support. Simply too much effort was spent on searching for information. At the time, search engines where the most advanced tools at our disposal, but they did pose some challenges to effective knowledge management.

This was mostly due to the fact that language-processing technology was still in its infancy, and the accuracy of search results was too low to be of effective use in daily business. The addition of metadata, turning data into information by making its business context more explicit, was of help, but turned into a massive effort in itself, without much automated support.

Project Cortex: Bringing Knowledge and Insights

So what has changed? What is the promise of Microsoft’s Project Cortex, acknowledging that it is explicitly addressing knowledge management? The answer lies in its combination of different information processing technologies, and the integration of these into a new layer of functionality to enhance Microsoft 365 as a platform. This new recipe is to gradually evolve from its current project status into a full-blown Knowledge and Insights product portfolio, with its key ingredients being:

Artificial Intelligence driven content processing

Applying AI principles and features to content processing. As a first installment of Project Cortex, SharePoint Syntex has been released in October 2020, adding AI driven processing capabilities to content hosted in MS SharePoint. With Syntex, you can add content classification and metadata extraction to any SP library, without having too much knowledge of language processing techniques. Hence, an information analyst, not being a data scientist can help set this up, automating your content processing and in doing so, greatly reducing the need for manual metadata management

Knowledge Representation

Instead of having to search for information, the next installment of Project Cortex will introduce information being condensed and presented in context through Viva Topics: Topic Cards on any corporate concept, together with Expert Finder profiles will be synthesized and presented from within existing Microsoft 365 components like Office and SharePoint, allowing information workers to almost intuitively enrich and enhance the productivity and quality of their own information-centric tasks

Knowledge Synthesis

Bringing together all of the above, adding workplace analytics and knowledge graphs and integrating the result into Knowledge Centers. When correctly applied and organized around knowledge worker communities, this could well turn into your next generation, knowledge-driven corporate Intranet

With everything in place, the promise of Project Cortex is to enable effective knowledge management on top of your existing Microsoft 365 platform, without having to invest too much in knowledge enablement.

Conclusion

Now as with all Microsoft roadmaps, timing and exact content is subject to change – but the contours so far are clear, and if its perspective is appealing enough, you may already prepare yourself for an effective implementation. Given the potential impact of introducing Project Cortex functionality to the organization, what can we then say up front about any benefits prerequisites and success factors?

First of all, the automation of content processing does away with one of the biggest hurdles to effective information and knowledge management: adding and maintaining (quality) metadata. It is clear to see that with the right (business) context applied, information becomes a lot easier to find, and with Cortex, easier to present accurately at the right time, the right place, for the right persons.

This also suggests, however, a critical prerequisite for successful Project Cortex initiatives: the imperative to have all content that matters available in or at least to the Microsoft 365 platform. As of now, Syntex will only process content that is part of a SharePoint library.

If, for whatever reason, content of importance remains outside of Microsoft 365 (reasons ranging from having it in systems that support compliance driven processes, to the investments already taken on other information repositories and processing platforms), for it to be synthesized into knowledge by Cortex and made available through Microsoft 365 components, it has to be exposed in some way to the Cortex components.

Secondly, to reap the full benefits of automated classification and metadata extraction, it is important to have some form of information standards in place. This may consist of one or more (business domain oriented) information models, having an information structure with classes and security groups, a metadata library, and people appointed to govern these. Most of this would have been implemented already when installing governance for e.g. MS SharePoint, but if not, this is the time to consider it.

Finally, Project Cortex may become the very reason to dust off those knowledge management principles and structures, and serve as the driver to re-organize teams and processes around knowledge, with the aim to serve customers more swiftly and accurately and at a higher quality. If you think about it, implementing this combination of technologies will augment and in the future perhaps replace the robotization efforts undertaken to automate the as-is processes, rather than replacing them with something far more intelligent.

What is Viva Connections?

Viva Connection is actually the gateway to a modern employee experience. It’s accessible within the apps and devices that most employees use on a daily basis (such as MS-Teams). Even for leaders, Viva Connections offers new possibilities to implement a corporate culture and attract employees to participate in a co-motivating work environment. In fact, it supports leaders in establishing and/or strengthen strong bonds with employees, no matter where they are physically located.

Main Features

Personal Feed

A fundamental factor you must always pay close attention in any company is internal communication. Since the number of tools which allow to exchange information and interact with it, there is a risk that some content will be lost or worst, not found.

With this in mind Viva Connections allows people to easily discover and find all the content they need. Within the feed offered by Viva Connections people have a unified and personalized experience allowing them to contribute to conversations wherever they are.

One of the most useful aspects of Viva Connections feed is actually the possibility to seamlessly integrate content from M365 app services such as SharePoint, Yammer or Stream and also include external content which you want to publish to your employees.

Viva Connections Feed also allows employees to easily share feedback with the Yammer com unity and participate in corporate news and announcement conversations without interruption.

Quick Access

It is now possible to quickly access your company intranet with MS-Teams. In order to be able to use this function, your intranet must be on the SharePoint homepage of your Microsoft 365 tenant.

The homepageis the main site of your SharePoint Online instance. It can collect news, content and information from all sites within the Microsoft 365 subscription. Thanks to this icon users can access the intranet directly, quickly and during everyday work.

Dashboard

One of the most interesting features about Viva Connection is the “Dashboard”. Viva Connections Dashboard is an app-/widget-panel that presents content or features for the user that can be customized by the company. You can easily add Adaptive Cards and configure them to interact in harmony with the needs of your company streamlining processes and information.

Dashboard is a personalized feature built around the enduser. One of it’s main advantages is that users can remain in the flow by not having to change apps or when e.g. they need to check their open tasks or how many vacation days they have or whatever (depends on what you publish on your Viva Connection Dashboard). You can think of the dashboard as the company home designed for employees and developed with the intention of being the meeting point where everyone can find the company resources they need.

In the dashboard, you are also able to customize resources for different group of employees (audience targeting). This encourages endusers to visit their dashboard since they will only get what is relevant for them (and not everything from the company).

Global Navigation

SharePoint Online Homesite allows us to have a global navigation. With the global navigation we can move between contents and sites which we access throughout Microsoft 365. This means that communication (finding information on the intranet) and collaboration (finding the files you’re working on with others) is getting closer together allowing more efficient work.

Company Feed

Other than the personal feed, company feed represents the integration between Yammer and SharePoint Online. Company feed makes actually conversations in Yammer easily available through SharePoint and MS-Teams allowing users to interact without changing the app. Company feed can be customized to include content from a Yammer Core-Community or from specific communities.

Conclusion

During the last years, I had the pleasure to work on various intranet projects for companies and hospitals. When MS-Teams came out, the question where to put the Intranet has often been asked. Until Viva Connections came out, there have been various way about how to bring your intranet to the MS-Teams app. I admit, not all were elegant. However, with Viva Connections we have now a clear way to integrate a rich and living intranet into MS-Teams. Global Navigation and the Viva Connections Dashboard make the whole experience even better. Being able to create meaningful tiles (or better “Cards”) for your employees has never been so easy. For Companies which are planning to move their current intranet-solution to M365, i strongly suggest to consider Viva Connections from the beginning. In most of the cases you’ll have the benefits included in your M365 subscription.

So I can’t wait to see the further development of Viva Connections! I can immagine, most of the customers may only start seeing the benefits at a later stage… however, in many cases you can start building your intranet-solution on SharePoint already considering a potential move to Viva Connections without any implications. So actually, there is almost no excuse to use any other solution than Viva Connections if you’re already on Microsoft 365.

Disable OneDrive...

In a normal case you would think about how to deal with the OneDrive Service before implementing Microsoft 365. This would exclude any possibility for the user to use OneDrive with his/her company account. But unfortunately I also encounter organizations, which already implemented Microsoft 365 (mostly driven by the pandemic and the urge to implement Microsoft Teams quickly) and just months after that realized, their users where using their OneDrive storage for any kind of data (confidential and non-confidential). In other cases there are some legitimated users which should be able to use OneDrive with their company accounts. But that’s the easier part ;-). Summarized: If I want to disable OneDrive for Business for my organization, I may encounter the following scenarios:

• Disable OneDrive for all users, Microsoft 365 not deployed yet
• Disable OneDrive for all users, Microsoft 365 already deployed
• Disable/enable OneDrive only for specific users Since OneDrive is fully based on SharePoint, (yes, in the on-Prem version of SharePoint, OneDrive is part of the MySite functionality. It’s pretty comparable in my opinion… but the news feed and user-information in Microsoft 365 are in Delve, which is also pretty neat. You will be able to follow this instruction even without understanding this, but if you’re curious, just click here.) there is no such a thing like a OneDrive Admin Center. Therefore, the configuration required to disable OneDrive in your Tenant is through the SharePoint Admin Center.

  ... for all users (M365 not deployed yet)

Step 1: Prevent the creation of "Personal Sites"

You need to prevent the creation of so called “Personal Sites” (which is basically the end-users OneDrive). To do this, click on “More features” in SharePoint Admin Center and select “User Profiles”.

Step 2: Go to "Manage User Permissions"

Since we want to set the permission to all accounts that will be created in the future, we need to “Manage User Permissions”.

Step 3: Disable creation of "Personal Sites"

Here we can configure what users should get when a new User Profile gets created. Per default, the configuration is set for “Everyone except external users”. Do disable OneDrive for all new created users, ensure that the box next to “Create Personal Site (required for personal storage, newsfeed and followed content)” is unticked. To save this setting, confirm with OK.

After having updated the setting, every new created user will have the OneDrive service disabled. In case someone would try to send a File in an MS-Teams Chat (not channel), he/she would get the notification as shown in the following picture;

Keep in mind: The example shown in the Picture shows a Chat between “Mirco” (user with enabled OneDrive) and “Curt” (user with disabled OneDrive). Curt can still receive Files sent from Mirco since the files in that case are shared with Mirco’s OneDrive).*

... For all users (M365 already deployed)

If you already deployed Microsoft 365 without disabling OneDrive for your users, then you may have to spend some more time thinking before deactivating it ;-).

You will have a certain amount of users which already started using OneDrive. This would mean, you’ll have to consider that people are already storing files in the Microsoft 365 cloud and are collaborating with other people (eventually even people outside your organisation).
Since the users which are using OneDrive are doing this without any official approval, I would recommend you to delete all the existing OneDrive sites until you activate it officially with the respective Adoption and Change Management measures.

<Important In order for your IT-Department to provide a controlled deactivation of OneDrive (and without end-users experiencing any data-loss) inform your users enough in advance and provide them instructions about how they can move the data they already stored to an appropriate storage location.

You might encounter one of the following situations:

• Situation 1: End-user will move the data they had so far on OneDrive to an appropiate location and their OneDrive Site can be deleted.
• Situation 2: End-user legitimate, they need OneDrive because they’re collaborating with other people on documents and there is no compareable tool in the company to collaborate in that way.
  
  For situation 2, I strongly recommend to provide the possibility to use OneDrive within your company. I would just restrict it to a circle of qualified users. If a end-user wants to qualify for having OneDrive activated on his/her company account, he/she has, for example, to complete an internal training. Qualified users will then be added to the group shown in the next chapter Enable OneDrive only for a group of users.

The handling of situation 1 is pretty straight forward. Once you have the confirmation that all end-users have moved their Data away from OneDrive, then you can use the following PowerShell script to delete all OneDrive site-collections:

#!! WARNING !!
#This script deletes all OneDrive site-collections in your Microsoft Tenant!

$AdminSiteURL="https://enito365-admin.sharepoint.com"

#Get Credentials to connect to SharePoint Admin Center
$Cred = Get-Credential

#Connect to SharePoint Online Admin Center with privileged account
Connect-SPOService -Url $AdminSiteURL -Credential $Cred

#Get all Personal Site collections
$OneDriveSites = Get-SPOSite -Template "SPSPERS" -Limit ALL -IncludePersonalSite $True

Foreach($Site in $OneDriveSites)
{
    #Remove OneDrive Site Collection
    Remove-SPOSite -identity $Site.URL -Confirm:$false
    Write-Host "OneDrive site collection deleted successfully "$Site.URL
}

Delete a specific OneDrive Site-Collection

In case you simply need to delete the OneDrive site collection of a specific user, you can use the following PowerShell script:

#Delete a specific OneDrive site collection
$AdminSiteURL="https://enito365-admin.sharepoint.com"
$OneDriveSiteUrl="https://enito365-my.sharepoint.com/personal/adeleV_enito365_onmicrosoft_com"

#Get Credentials to connect to SharePoint Admin Center
$Cred = Get-Credential

#Connect to SharePoint Online Admin Center
Connect-SPOService -Url $AdminSiteURL -credential $Cred

#Remove OneDrive Site Collection
Remove-SPOSite -identity $OneDriveSiteUrl
Write-Host "OneDrive site collection deleted successfully"

Enable OneDrive only for a group of users

Step 1: Create a new AAD Security Group

To identify end-users, which are qualified to use OneDrive with their company account, we create a new Group in the Microsoft 365 Admin Center. I personally suggest to create a Security Group (in my example, I use a Security Group called “OneDrive qualified users”). Once you have created this group, you can navigate to the SharePoint Admin Center and open the Configuration Panel for the User Profiles (as described in a previous chapter).

Step 2: Enable Personal Sites for members of the AAD Security Group

Once you’re in the Configuration Panel for the User Profiles, you can click on “Manage User Permissions” and add the newly created group.

Step 3: If you now scroll down, you can configure the permissions for the added group. In our case, we want that Users which are in the group “OneDrive qualified users” have OneDrive enabled. Therefore we select the corresponding box (as shown in the right side of the picture) and confirm with OK.

Conclusion

If you came across this article, you certainly wanted to gain more control over the data which is stored in the Microsoft 365 cloud by your end-users. However, disabling OneDrive within your organisation is in my opinion not a long-term solution. Collaboration and sharing are the laws of modern days productivity and OneDrive is an essential gear in the Microsoft 365 ecosystem. By disabling OneDrive in your organisation, you may encourage people to use alternative such as GoogleDrive or Dropbox. And that’s not your goal. So at this point I strongly recommend you to plan to control your data in the cloud and allowing your end-users to use services like OneDrive by planning and implementing a secure collaboration governance and sensitivity labels.

#How to configure it As a quick reminder, the files you share in Teams channels are stored in your team’s SharePoint folder. If you want to protect a file from deletion, you need to change the permissions in SharePoint and make that file read-only. But first, you need to create a custom permission role in the respective Document Library you want to restrict users from deleting files.

Go to the right settings page

Step 1: Reach the Document Library

Open the “Files” Tab in SharePoint Online in order to reach the Document Library of your MS-Teams Team.

Step 2: Open Site Permissions

Go to SharePoint’s Home page, and navigate to Settings → Site permissions.

Step 3: Open "advanced permission settings"

Select “Advanced permissions settings” get into the right Admin Panel.

Create a new custom permission level

Step 1: Open "Permission-Level"-Settings

In order to be able to disallow the deletion of files for members, we have to create a new “Permission Level”. This can be done in the “Permission Level”-Settings.

Step 2: Select a Permission Level as starting point

I like to use the “Contribute” Permission Level as a reference and remove the delete permission there. So I select it and scroll to the very bottom.

Step 3: Copy permission level

At the very bottom right, you can find the button “Copy Permission Level”. Click on that in order to create a new Permission Level based on the “Contribute” Permission Level.

Step 4: Provide a name to the new permission level

At this point, we provide a clear name and description to the new Permission Level. For Example

• Name: Contribute - no delete
• Description: Can view, add, update list-items and documents but cannot delete any

Assign the new permission level

Step 1: Reach the document library

Now we need to assign the new created Permission Level to the Document Library. In order to do so, yo have to open the Document Library of your MS-Teams Team again.

Step 2: Change the permission level for team-members

Go to “Library settings” in order to change the permission level for the Team-Members.

<Important You will have to “Stop Inheriting Permissions” in order to be able to change the Permission Level for Team Members.

Step 3: Change settings for all Members of the Team

We want to change the settings for “Department Zero Members” (Department Zero = Team-Site used in this example) so we select it and click on “Edit User Permissions”

In this screen you can see the three Permission Groups which are inherited from the M365 Group Settings. Members and Owners should be pretty obvious. The Visitors Group is usually used for guests.

Step 4 Ensure you selected the right permission level

. We ensure, we only have the Permission Level selected we created previously (“Contribute – no Delete”). Confirm with “OK” and we’re done!

Nice one! You did it! 💡

From now on, only Owners of the MS-Teams Team will be able to delete files. Team Members will only be able to create new files and edit existing files.

Please don’t forget to inform your Team-Members about the change and who to contact in case of questions before applying this configuration.

Last but not least

It’s important to remember the following:

• The Steps described in this guide can be done by any MS-Teams Team Owner (no IT-Admin required).
• The Permission Level does only apply within this MS-Teams Team. You will have to do these steps for each MS-Teams team (or create a Template from an existing MS-Teams Team you applied this how-to).
• Keep track of the Teams where you applied this how-to in order to be able to cope with any future changes on the Microsoft 365 Platform.
• If you decided to create an MS-Teams Template, consider using a Pre- or Suffix for the MS-Teams-Teams which have applied custom configuration like the one described in this how-to.

Conclusion

Personally, I was surprised the first time I had a customer requesting this setting. The versioning and access control functionalities in MS-Teams/SharePoint are actually pretty good for me. In case someone deleted a file, I could simply restore a previous version of the folder.
However, the versioning function in SharePoint Online/MS-Teams does not seem to have (yet) gathered enough popularity. Therefore I think some organisations which may find it more challenging to change their way of working from traditional- to modern, may benefit from this how-to.
In any case… it’s important to keep a clean inventory of the MS-Teams teams which have custom configuration. Even if currently we can restrict the deletion of Files for Team Members through the SharePoint Online settings, things may change in the future and you want to know which MS-Teams teams have a custom configuration.
I am considering to create a script in order to apply this change to multiple MS-Teams teams. I think it’s gonna be an an easy thing to do since you have to create a new Permission Level and so on. What do you think? Is this a configuration which could be beneficiary to you or your organisation? Would you use a script to change the settings on multiple MS-Teams Teams? Let me know in the comments. I’d love to get your opinion!

It provides people, managers and leaders with personalized information which enables them to help everyone in the organization grow. In addition to the new productivity and health experiences, Viva Insight will also integrate features from “Microsoft Workplace Analytics” and “Microsoft MyAnalytics” over time.

One of the main goals of Viva Insights is to protect privacy. Personal information of an employee is only visible to him-/herself. In this way, users can rely on security measures by default (such as de-identification, aggregation or privacy).

How does Viva Insights work?

Beside of new features, Microsoft Viva Insights integrates features of two other M365-Products: MyAnalytics and Workplace Analytics.

The main purpose of these two tools is to evaluate the user’s interaction during his daily life with Microsoft 365 tools. A notably amount of data gets stored and is used for example to see how many e-mails are received, how long a person spends writing emails, how much time is spent in meetings, etc. All these elements are presented in two different ways:

• Personal Insights – where a person can see how he/she is using Microsoft 365, manage his agenda and block timeblocks to focus on activities (focus-time)
• Aggregated information from Workplace Analytics which allows managers and leaders to have a high-level view on the daily productivity of workers. Viva Insights is available for the Desktop- and Mobile version of MS-Teams.

Main Features

The most interesting feature-set is the one for individuals (Personal Insights). However, Microsoft Viva also offers Dashboards for Managers (e.g. Teamleaders, Head of Department) and Leaders (Leadership-Team Members).

Personal Insights

This app has three features: “Home(page)”, “stay connected” tab and “protect time”

Viva Insights Home(page)

The Homepage (just called “Home” in the App) is the first area you see when you open Viva Insights in MS-Teams. On the Viva Insights homepage you can find some useful quick actions for interacting with people and for managing your daily work activities. For example, you can quickly access your tasks, organize moments of Focus for yourself or share information with the company anonymously about your well-being.

###Stay Connected The “stay connected” is one of three tabs in the Viva Insights app. It allows you to stay connected with colleagues, checks your e-mails and calendar and suggests you suitable time-slots to organize one-to-one with your colleagues. This is intended to engage everyone and especially to keep up conversation avoiding that people in the organization feel alone or excluded. Staying in touch with colleagues helps people to maintain strong relationships and fosters the team-spirit.

Protect Time

On the “protect time”-tab, you can find the possibility to book available timeslots to focus on your activities. The available time-slots are proposed based on your calendar information.

The time protection feature allows individuals to easily schedule concentration time so that they can work without interruptions and distractions, before the day (or the week) is filled with meetings and tasks.

Manager Insights

As already mentioned, there are three types of people who can interact with the data collected by Viva Insights. Besides of individual users, managers are also among these three.

When a manager logs into Viva Insights (license is required) he/she will have the opportunity to see reports containing the data relating to his team and direct-workers.

Through the visibility of work models, managers can support and optimize the well-being of their team members. These models are intent to highlight conditions which can result in an employee having a burnout or simply stress. Meeting overload, lack of time to focus on activities or time worked outside business-hours chosen by individuals can be such conditions.

Supported and brought into context by best-practices and research-results of the past years, these insights help managers identify the challenges they mostly face, while supporting the vast work needs and flexibility of employees.

Specifically this aspect of Viva Insights will grow over time with opportunities for managers to create team action plans. Team members receive advices and best-practices which support them in prioritize well-being and increase productivity and managers can gauge progress against team goals over time.

Leader Insights

Last but not least, also leaders do have the chance to interact with the data collected by Viva Insights. Leaders are those who have visibility over the entire company .They are able to see the engagement of people by taking advantages of the amount of Analytics data that comes from the use of Microsoft 365.

A leader can see the use of meetings, the engagement of people, collaboration in the company and consequently, where needed, actions can be taken to intervene.

Microsoft Viva Insights also proposes suggested actions which a company can decide whether to follow or not.

Conclusion

Microsoft Viva Insights shows us how we work, assists us in staying connected with people and reminds us to set regularly focus-time. The idea behind Viva Insight is great. I know some people which may misunderstand Viva Insights with some sort of surveillance-tool, but that’s part of a game called “mindset-change”.

I personally started using Viva Insight just “for fun” and after now 4 weeks I use it without really noticing it. Of course, some of you may just think that clicking on an emoticon every day or being reminded to setup a 1:1 with a colleague may not be a big deal. But exactly because these things are so small, people tend to forget about them.

Also the possibilities for Managers and Leaders to have insights about teams and the entire organisation is a great solution. For me it’s a clear sign of empowerment. With Viva Insight, every hierarchy-level get’s the chance to learn from actual data. So basically if there are any issues, they can be identified at the right level and measures can be put in place quicker.

I am looking forward to see how Viva Insight will become more popular and how which features will be added in the future.