Hello!

I’m hoping someone can help me with editing a very old classic SharePoint site please!

I want to edit the URL link within the menu along the top…but clicking Edit Links doesn’t let me edit the drop-down menu part (I need to edit the URL at link “B” located within “A”, within “S”?  What am I missing?? All Edit Links lets me do is edit “S”.  I am an Admin of the site.

​Hello! I’m hoping someone can help me with editing a very old classic SharePoint site please! I want to edit the URL link within the menu along the top…but clicking Edit Links doesn’t let me edit the drop-down menu part (I need to edit the URL at link “B” located within “A”, within “S”?  What am I missing?? All Edit Links lets me do is edit “S”.  I am an Admin of the site.    Read More

​

The new chats and channels experience in Microsoft Teams introduces several enhancements designed to improve collaboration and streamline communication.

You can turn on this feature in preview for evaluation.

These updates aim to make it easier for teams to collaborate, stay organized, and ensure that no important messages are missed.

#MicrosoftTeams #Teams #NewFeatures #Microsoft365 #Productivity #MPVbuzz

​The new chats and channels experience in Microsoft Teams introduces several enhancements designed to improve collaboration and streamline communication.
You can turn on this feature in preview for evaluation.
These updates aim to make it easier for teams to collaborate, stay organized, and ensure that no important messages are missed.
#MicrosoftTeams #Teams #NewFeatures #Microsoft365 #Productivity #MPVbuzz  Read More

​

If you’re passionate about Artificial Intelligence and application development, don’t miss the opportunity to watch this amazing series from Microsoft Reactor. Throughout the season, we cover everything from the fundamentals of Azure OpenAI to the latest innovations presented at Microsoft Build 2024, culminating in the powerful Semantic Kernel framework for building intelligent applications. Each session is packed with numerous demos to help you understand every concept and apply it effectively.

Episodes:

Episode 1: Introduction to Azure OpenAI
Explore Azure OpenAI models, their capabilities, and how to integrate them with the Azure SDK.

Episode 2: Considerations for Implementing Models in Azure OpenAI
Learn how to manage service quotas, balance performance and latency, plan cost management, and apply the RAG pattern to optimize your implementations.

Episode 3: What’s New from Microsoft Build: PHI3, GPT-4o, Azure Content Safety, and More
Discover the latest updates from Microsoft Build, including PHI 3, GPT-4o with multimodal capabilities, the new Azure AI Studio, and Azure Content Safety.

Episode 4: Getting Started with Semantic Kernel
Learn about Semantic Kernel, an open-source SDK that allows you to easily integrate advanced LLMs into your applications to create smarter and more natural experiences.

Episode 5: Build Your Own Copilot with Semantic Kernel
Learn how to use Plugins, Planners, and Memories in Semantic Kernel to create copilots that work alongside users, providing intelligent suggestions to complete tasks.

–Don’t miss it! Rewatch each episode to discover how you can take your applications to the next level with Microsoft AI.

–Learn more and enhance your AI skills during this series with this collection of resources from Microsoft Learn: Explore the collection here.

Speakers:

-Luis Beltran – Microsoft MVP – LinkedIn

-Pablo Piovano – Microsoft MVP – LinkedIn

​Microsoft Tech Community – Latest Blogs –Read More 

Summary 

When investigating alerts within Microsoft Purview Insider Risk Management, you can now utilize Microsoft Copilot for Security. This tool provides concise alert summaries and allows you to delve into specific user activities. This enables you to quickly determine whether the user associated with the alert requires further investigation or if the alert can be safely dismissed. Additionally, with a single click, you can obtain a succinct summary of the user’s risk profile, highlighting crucial details and top risk factors. Leveraging Copilot for Security streamlines investigations, reduces the triage workload, and enables faster decision-making. 

Use Cases 

Speeding up the triage and investigation process: Insider risk analysts and investigators can leverage Copilot for Security to quickly summarize alerts and delve into specific user activities, which is especially useful when there is a high volume of alerts. 
Prioritizing the riskiest alerts and users: Investigators can use Copilot for Security to review the summary of the alert and the associated user’s risk which can help them decide which alerts/users need to be prioritized for further investigation.  

Learn More
Use Copilot to summarize an alert – Investigate insider risk management activities | Microsoft Learn

Use Copilot to summarize user activities – Manage the workflow with the insider risk management users dashboard | Microsoft Learn

Please share your feedback here – https://forms.office.com/r/g2J9N4JHBY 

​Summary 
When investigating alerts within Microsoft Purview Insider Risk Management, you can now utilize Microsoft Copilot for Security. This tool provides concise alert summaries and allows you to delve into specific user activities. This enables you to quickly determine whether the user associated with the alert requires further investigation or if the alert can be safely dismissed. Additionally, with a single click, you can obtain a succinct summary of the user’s risk profile, highlighting crucial details and top risk factors. Leveraging Copilot for Security streamlines investigations, reduces the triage workload, and enables faster decision-making. 
Use Cases 

Speeding up the triage and investigation process: Insider risk analysts and investigators can leverage Copilot for Security to quickly summarize alerts and delve into specific user activities, which is especially useful when there is a high volume of alerts. 
Prioritizing the riskiest alerts and users: Investigators can use Copilot for Security to review the summary of the alert and the associated user’s risk which can help them decide which alerts/users need to be prioritized for further investigation.  

Learn More Use Copilot to summarize an alert – Investigate insider risk management activities | Microsoft Learn
Use Copilot to summarize user activities – Manage the workflow with the insider risk management users dashboard | Microsoft LearnPlease share your feedback here – https://forms.office.com/r/g2J9N4JHBY   Read More

​

I have multiple tabs available with each tab being a different quote/invoice. Depending on the customers choice of trip will determine which tab I use to quote. 

I want to know if there is a way to pull only the active tabs results into another tab I use for billing that is within the same workbook.

I am tired of having to write all the basic information again into each billing tab I have to do when it could just be all copied from the main quote tab.

For Instance: The dates on all the trip quotes are in the same cells – Trip start is in C3 & the trip end date is in D3. If I hide all of the quote tabs I am not using and only have the quote I am working on unhidden, how can I make sure the date gets transferred to my billing page which would be in cells: Start – E3 & End – G3?

​I have multiple tabs available with each tab being a different quote/invoice. Depending on the customers choice of trip will determine which tab I use to quote. I want to know if there is a way to pull only the active tabs results into another tab I use for billing that is within the same workbook.I am tired of having to write all the basic information again into each billing tab I have to do when it could just be all copied from the main quote tab. For Instance: The dates on all the trip quotes are in the same cells – Trip start is in C3 & the trip end date is in D3. If I hide all of the quote tabs I am not using and only have the quote I am working on unhidden, how can I make sure the date gets transferred to my billing page which would be in cells: Start – E3 & End – G3?  Read More

​

Hi all,

I’m trying to replicate a process we have currently in a Sharepoint workflow.

We have a request process for when a new project is starting up.  Someone requests a Sharepoint site with the info and it auto-builds them a Sharepoint site from a template and site script.  That’s all working, and it even replicates the Sharepoint integrated Power App into the new site with its new list that got auto-created for the new project.

What’s needed next is, a flow to get auto-created that that triggers off “when a new item is created” in the newly created Sharepoint site’s newly created list.  I know it’s possible to create a flow from a flow definition – what would be a good way to have this flow also auto-create the new flow, but with the new flow’s connections running as the original requester’s credentials?  This way, when someone adds a new item to the Sharepoint list, the flow will send emails authenticated as the user’s account who requested the project site? 

​Hi all,I’m trying to replicate a process we have currently in a Sharepoint workflow.We have a request process for when a new project is starting up.  Someone requests a Sharepoint site with the info and it auto-builds them a Sharepoint site from a template and site script.  That’s all working, and it even replicates the Sharepoint integrated Power App into the new site with its new list that got auto-created for the new project.What’s needed next is, a flow to get auto-created that that triggers off “when a new item is created” in the newly created Sharepoint site’s newly created list.  I know it’s possible to create a flow from a flow definition – what would be a good way to have this flow also auto-create the new flow, but with the new flow’s connections running as the original requester’s credentials?  This way, when someone adds a new item to the Sharepoint list, the flow will send emails authenticated as the user’s account who requested the project site?   Read More

​

My OFFSET function works correctly on Computer A, retrieving a 3×1 range of cells.
However, when I switch to Computer B, no matter what I do, it only retrieves the value of the reference cell, as shown in the attached image.
I have confirmed that both the version and settings are consistent.

​My OFFSET function works correctly on Computer A, retrieving a 3×1 range of cells.However, when I switch to Computer B, no matter what I do, it only retrieves the value of the reference cell, as shown in the attached image.I have confirmed that both the version and settings are consistent.  Read More

​

I have a script that installs printer drivers onto a machine. It has worked perfectly for years up until yesterday. This is the script:

# This script works on Windows 8 or newer since the add-printer cmdlets are’t available on Windows 7.

# Download the HP Univeral Printing PCL 6 driver.

# To findextract the .inf file, run 7-zip on the print driver .exe and go to the folder in Powershell and run this command: get-childitem *.inf* |copy-item -destination “C:examplefolder” Otherwise it’s hard to find the .inf files.

$driversrc=”\10.1.1.21sysprepPrinter DriversApeosC2570ffac7070pcl6220420w636imlSoftwarePCLamd64Common01FFSOBPCLA.inf”

Write-Host “Reading from here: $driversrc”

$driver = “FF Apeos C2570 PCL 6”

$address = “10.1.1.31”

$portnamesuffix = “_1”

$portname = “$address$portnamesuffix”

$name = “Admin Apeos C2570”

$sleep = “3”

# The invoke command can be added to specify a remote computer by adding -computername. You would need to copy the .inf file to the remote computer first though.

# This script has it configured to run on the local computer that needs the printer.

# The pnputil command imports the .inf file into the Windows driverstore.

# The .inf driver file has to be physically on the local or remote computer that the printer is being installed on.

Invoke-Command {pnputil.exe -a $driversrc }

Add-PrinterDriver -Name $driver

Start-Sleep $sleep

#Get the infos of all printer

$Printers = Get-WmiObject -Class Win32_Printer

$PrinterPorts = Get-PrinterPort

$PrinterName = $name

# This creates the TCPIP printer port. It also will not use the annoying WSD port type that can cause problems.

# WSD can be used by using a different command syntax though if needed.

Try

{

Write-Verbose “Get the specified printer info.”

$Printer = $PrinterPorts | Where{$_.Name -eq “$portname”}

If (! $Printer)

{

Write-Verbose “Adding printer port.”

Add-PrinterPort -Name $portname -PrinterHostAddress $address

Write-Host “$portname has been successfully added.”

}

Else

{

Write-Warning “Port already exists.”

}

}

Catch

{

$ErrorMsg = $_.Exception.Message

Write-Host $ErrorMsg -BackgroundColor Red

}

start-sleep $sleep

Try

{

Write-Verbose “Get the specified printer info.”

$Printer = $Printers | Where{$_.Name -eq “$PrinterName”}

If (! $Printer)

{

Write-Verbose “Adding printer.”

Add-Printer -DriverName $driver -Name $name -PortName $portname

Write-Host “$PrinterName has been successfully added.”

}

Else

{

Write-Warning “$PrinterName is already installed!.”

}

}

Catch

{

$ErrorMsg = $_.Exception.Message

Write-Host $ErrorMsg -BackgroundColor Red

}

Start-Sleep $sleep

#Update the infos of all printer

$Printers = Get-WmiObject -Class Win32_Printer

Try

{

Write-Verbose “Get the specified printer info.”

$Printer = $Printers | Where{$_.Name -eq “$PrinterName”}

If($Printer)

{

Write-Verbose “Setting the default printer.”

$Printer.SetDefaultPrinter() | Out-Null

Write-Host “$PrinterName has been successfully set as the default printer.”

}

Else

{

Write-Warning “Cannot find $PrinterName, can’t set it as the default printer.”

}

}

Catch

{

$ErrorMsg = $_.Exception.Message

Write-Host $ErrorMsg -BackgroundColor Red

}

Try

{

If($Printer)

{

Write-Verbose “Setting printer defaults.”

Set-PrintConfiguration -PrinterName $PrinterName -Color $false -DuplexingMode TwoSidedLongEdge | Out-Null

Write-Host “$PrinterName has printing defaults set.”

}

Else

{

Write-Warning “Cannot find the specified printer, can’t set printer defaults.”

}

}

Catch

{

$ErrorMsg = $_.Exception.Message

Write-Host $ErrorMsg -BackgroundColor Red

}

Get-PrintConfiguration -PrinterName $PrinterName

# This prints a list of installed printers on the local computer. This proves the newly added printer works.

Write-Warning “You must manually set the printer Output Color Preference to Black and White. Do it now!”

get-printer |Out-Printer -Name $name

Write-Host “If all went well a page should be printing out on the printer now.”

When I run the commands manually, the error persists. This is the error:

Add-PrinterDriver : The specified driver does not exist in the driver store. dd-PrinterDriver -Name “[Name]” -InfPath “[Path]” PS C:WindowsSystem32] At line:1 char:1 + Add-PrinterDriver -Name “[Name]” -InfPath “[Path]” + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (MSFT_PrinterDriver:ROOT/StandardCimv2/MSFT_PrinterDriver) [Add-PrinterDri ver], CimException + FullyQualifiedErrorId : HRESULT 0x80070705,Add-PrinterDriver

I want to know if there is a reason that the driver is not getting found in the DriverStore despite my being able to locate it. And whether others have this issue, it appears as if it’s a windows issue.

​I have a script that installs printer drivers onto a machine. It has worked perfectly for years up until yesterday. This is the script:# This script works on Windows 8 or newer since the add-printer cmdlets are’t available on Windows 7.# Download the HP Univeral Printing PCL 6 driver. # To findextract the .inf file, run 7-zip on the print driver .exe and go to the folder in Powershell and run this command: get-childitem *.inf* |copy-item -destination “C:examplefolder” Otherwise it’s hard to find the .inf files.  $driversrc=”\10.1.1.21sysprepPrinter DriversApeosC2570ffac7070pcl6220420w636imlSoftwarePCLamd64Common01FFSOBPCLA.inf”Write-Host “Reading from here: $driversrc”$driver = “FF Apeos C2570 PCL 6″$address = “10.1.1.31”$portnamesuffix = “_1″$portname = “$address$portnamesuffix”$name = “Admin Apeos C2570″$sleep = “3”    # The invoke command can be added to specify a remote computer by adding -computername. You would need to copy the .inf file to the remote computer first though.# This script has it configured to run on the local computer that needs the printer.# The pnputil command imports the .inf file into the Windows driverstore.# The .inf driver file has to be physically on the local or remote computer that the printer is being installed on. Invoke-Command {pnputil.exe -a $driversrc }  Add-PrinterDriver -Name $driver Start-Sleep $sleep #Get the infos of all printer$Printers = Get-WmiObject -Class Win32_Printer$PrinterPorts = Get-PrinterPort$PrinterName = $name  # This creates the TCPIP printer port. It also will not use the annoying WSD port type that can cause problems.# WSD can be used by using a different command syntax though if needed. Try{Write-Verbose “Get the specified printer info.”$Printer = $PrinterPorts | Where{$_.Name -eq “$portname”} If (! $Printer){Write-Verbose “Adding printer port.”Add-PrinterPort -Name $portname -PrinterHostAddress $address Write-Host “$portname has been successfully added.”}Else{Write-Warning “Port already exists.”}}Catch{$ErrorMsg = $_.Exception.MessageWrite-Host $ErrorMsg -BackgroundColor Red} start-sleep $sleep  Try{Write-Verbose “Get the specified printer info.”$Printer = $Printers | Where{$_.Name -eq “$PrinterName”} If (! $Printer){Write-Verbose “Adding printer.”Add-Printer -DriverName $driver -Name $name -PortName $portname Write-Host “$PrinterName has been successfully added.”}Else{Write-Warning “$PrinterName is already installed!.”}}Catch{$ErrorMsg = $_.Exception.MessageWrite-Host $ErrorMsg -BackgroundColor Red}  Start-Sleep $sleep #Update the infos of all printer$Printers = Get-WmiObject -Class Win32_Printer Try{Write-Verbose “Get the specified printer info.”$Printer = $Printers | Where{$_.Name -eq “$PrinterName”} If($Printer){Write-Verbose “Setting the default printer.”$Printer.SetDefaultPrinter() | Out-Null Write-Host “$PrinterName has been successfully set as the default printer.”}Else{Write-Warning “Cannot find $PrinterName, can’t set it as the default printer.”}}Catch{$ErrorMsg = $_.Exception.MessageWrite-Host $ErrorMsg -BackgroundColor Red} Try{If($Printer){Write-Verbose “Setting printer defaults.”Set-PrintConfiguration -PrinterName $PrinterName -Color $false -DuplexingMode TwoSidedLongEdge | Out-NullWrite-Host “$PrinterName has printing defaults set.”}Else{Write-Warning “Cannot find the specified printer, can’t set printer defaults.”}}Catch{$ErrorMsg = $_.Exception.MessageWrite-Host $ErrorMsg -BackgroundColor Red} Get-PrintConfiguration -PrinterName $PrinterName# This prints a list of installed printers on the local computer. This proves the newly added printer works.Write-Warning “You must manually set the printer Output Color Preference to Black and White. Do it now!”  get-printer |Out-Printer -Name $nameWrite-Host “If all went well a page should be printing out on the printer now.”When I run the commands manually, the error persists. This is the error:Add-PrinterDriver : The specified driver does not exist in the driver store. dd-PrinterDriver -Name “[Name]” -InfPath “[Path]” PS C:WindowsSystem32] At line:1 char:1 + Add-PrinterDriver -Name “[Name]” -InfPath “[Path]” + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (MSFT_PrinterDriver:ROOT/StandardCimv2/MSFT_PrinterDriver) [Add-PrinterDri ver], CimException + FullyQualifiedErrorId : HRESULT 0x80070705,Add-PrinterDriverI want to know if there is a reason that the driver is not getting found in the DriverStore despite my being able to locate it. And whether others have this issue, it appears as if it’s a windows issue.  Read More

​

Introduction

As IT administrators, we often find ourselves navigating through a sea of system logs, trying to decipher which events are routine and which require our immediate attention. One such event that might catch your eye is Event ID 5186 from Windows Activation Services (WAS). At first glance, it might seem like just another informational message, but understanding its significance can provide valuable insights into how your web applications are managed by IIS.

In this blog, we’ll delve into the details of Event ID 5186, explaining why it occurs, what it means for your application pools, and how you can fine-tune your server settings to optimize performance. Whether you’re troubleshooting unexpected worker process behavior or simply aiming to enhance your knowledge of IIS operations, this guide has got you covered.

Let’s dive into the specifics of this event and see what it can tell us about your server’s inner workings.

Event ID 5186 from Windows Activation Services (WAS)

Event Details:

Log Name: System
Source: Microsoft-Windows-WAS
Date: 8/27/2024 1:53:26 PM
Event ID: 5186
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: SERVERNAME
Description: A worker process with process id of ‘26648’ serving application pool ‘StackOverFlowWebApp’ was shutdown due to inactivity. Application Pool timeout configuration was set to 20 minutes. A new worker process will be started when needed.

What is Event ID 5186?

Event ID 5186 is an informational event generated by Windows Activation Services (WAS), a core component of Internet Information Services (IIS) that manages the lifecycle of application pools. This event specifically indicates that a worker process serving an application pool was shut down due to inactivity after a specified timeout period. In this case, the application pool named ‘StackOverFlowWebApp’ had a timeout configuration set to 20 minutes. If the worker process does not receive any requests within this time frame, WAS will automatically terminate it to free up system resources.

Why Does This Event Occur?

The Idle Timeout setting in the Application Pool configuration is responsible for triggering this event. This setting is designed to optimize resource utilization on the server by terminating idle worker processes that are not actively handling any requests. The timeout period is configurable, and once it elapses without any activity, WAS determines that the worker process is no longer needed and proceeds to shut it down.

This mechanism is particularly useful in environments where resource management is critical, such as on servers hosting multiple application pools or handling variable workloads. By shutting down idle processes, the system can allocate resources more efficiently, reducing overhead and improving overall performance.

What Happens After the Shutdown?

When a worker process is shut down due to inactivity, the associated application pool does not remain inactive permanently. WAS is designed to start a new worker process automatically when the next request is made to the application pool. This ensures that the application remains available to users without any noticeable downtime. The shutdown process is graceful, meaning that any ongoing requests are completed before the process is terminated.

However, frequent shutdowns and restarts can introduce latency, especially for applications with high start-up times or those that require a warm-up period. Administrators should consider the nature of their applications and server workloads when configuring the Idle Timeout setting.

How to Modify the Idle Timeout Setting

If you notice that worker processes are shutting down too often, or if your application requires more time to remain active, you can adjust the Idle Timeout setting in IIS Manager. Here’s how:

Open IIS Manager.
Select Application Pools from the Connections pane.
Locate and select the application pool you wish to configure (e.g., ‘StackOverFlowWebApp’).
In the Actions pane, click Advanced Settings.
Under the Process Model section, find the Idle Timeout (minutes) setting.
Adjust the timeout value as needed. The default value is 20 minutes, but this can be increased or decreased depending on your requirements.

Reference Link:

Understanding Application Pool Idle Timeout Settings in IIS

Additional Considerations

While the default Idle Timeout setting works well for many scenarios, there are cases where it might need to be adjusted:

High Traffic Applications: For applications that experience frequent traffic spikes, you may want to reduce the idle timeout to ensure resources are reclaimed quickly during off-peak times.
Long-Running Processes: Applications that involve long-running tasks might require a longer idle timeout to avoid premature shutdowns.
Resource-Constrained Environments: On servers with limited resources, a shorter idle timeout can help prevent resource contention by shutting down idle processes faster.

Conclusion

Event ID 5186 is a normal, informational event that plays a key role in maintaining efficient server performance. By understanding how and why this event is triggered, IT administrators can fine-tune their IIS Application Pool settings to better match their specific server environments and application requirements. Adjusting the Idle Timeout setting can help strike the right balance between resource utilization and application availability.

​Microsoft Tech Community – Latest Blogs –Read More 

1. Introduction

Access to SharePoint is often managed through groups. SharePoint has its own groups, independent of Microsoft Entra ID (formerly Azure Active Directory or AAD) groups. This can cause confusion, with questions about the need for SharePoint groups and whether AAD Security groups alone would suffice.

This article explores how SharePoint groups are used together with Microsoft Entra ID Security groups.

2. Why use groups at all?

While you can assign permissions to individual users, it is generally more efficient to manage permissions through groups. This approach simplifies adding individuals to roles or transitioning them between roles.

For example, when you set up a SharePoint site for a corporate project, you can assign permissions directly to the team members involved. However, if someone new joins the project, you’ll have to grant access to that individual in various locations. By using groups, you can simply add a new member to the project group, and they will automatically receive all the group’s permissions.

3. Why SharePoint Groups?

You can assign SharePoint permissions directly to Microsoft Entra ID Groups. However, it is generally recommended to use groups tied to roles in Entra ID and resource-related groups at different levels within each of the resources.

The resource groups should include the appropriate Entra ID groups assigned to roles relevant to the site. For instance, all members of a project group would be granted permission to sites associated with that project.

SharePoint team sites usually have three main SharePoint resource groups: Site Owners, Site Members, and Site Visitors. These are populated with members (or owners) of Microsoft Entra Id role groups.

Here’s an example:

4. Creating a New Site

To help with that process, the SharePoint user interface has evolved over time to make it simple to create a new site along with the required Entra ID group and related SharePoint groups. This is all done in a simple workflow that automates the process, asking for the minimum amount of information required.

Starting in the main SharePoint page, you can use the “+ Create site” button at the top, assuming your company allows self-service site creation. In my tenant, you start by selecting the type of site to create: “Team site” or “Communication site”.

I chose “Team site”. Next, I am offered a few different templates for team sites:

I chose the “Standard team” template. Next, I must give the site a name, description, e-mail alias and an address. This workflow will check if the name, e-mail alias and site are available.

You are assigned the role of site owner. The last step here is to add more people to the site, which will be members. You also have the option to add more owners (at least two are recommended).

I added two additional members and remained as the single owner. After this, the site was created. You can use the option on the top right of the SharePoint site to see the 3 members in the Group membership sidebar on the right.

This shows one owner (User2) and two members (User1 and User3). You can easily add more members here or assign the role of owner to any member.

This experience is designed to streamline the process and get you a new team site quickly.

5. Which groups were created?

Behind the scenes, a few groups were automatically created for you. In this case, you got a single new Microsoft 365 group in Microsoft Entra ID and 3 new SharePoint groups.

If you look in Entra ID and find the Microsoft 365 group, you will see it with a total of 3 members (User1, User2 and User3) and 1 owner (User 2).

You can click on Members and Owners options in the sidebar on the left to see the details.

Here are the details about the SharePoint groups in the site:

ProjectX Owners – Receives “Full Control” permission in the root web (the main subsite). The members of this group are the owners of the Microsoft 365 group.

ProjectX Members – Receives “Edit” permissions in the root web. The members of this group are the members of the Microsoft 365 group.

ProjectX Visitors – Receives “Read” permissions in the root web. This group has no members. Team sites are usually created to facilitate collaboration, so we generally do not need this group, but it’s created anyway if you need to add visitors later.

6. SharePoint permissions

Going deeper, you can use the Microsoft Graph Data Connect to pull permissions for this tenant and find the permission objects that grant access to this specific site. This will validate what we described previously and will allow you to review these permissions for a large tenant, using more sophisticated data tools. If you are not familiar with MGDC for SharePoint, get started at https://aka.ms/SharePointData.

Here are the JSON objects that represent the permissions granted in this scenario. First, here is the permission object granting Full Control to the SharePoint group for owners:

{
“ptenant”: “12345678-90ab-4c21-842a-abcea48840d5”,
“SiteId”: “567890ab-1234-4813-a993-ea22b84e26c7”,
“WebId”: “12341234-1234-4b50-8f07-1b4166cf66ba”,
“ListId”: “00000000-0000-0000-0000-000000000000”,
“ItemType”: “Web”,
“ItemURL”: “sites/ProjectX”,
“RoleDefinition”: “Full Control”,
“ScopeId”: “5f80eb7c-4b43-4fee-830b-1234567890ab”,
“SharedWithCount”: [
{
“Type”: “SharePointGroup”,
“Count”: 1
}
],
“SharedWith”: [
{
“Type”: “SharePointGroup”,
“Name”: “ProjectX Owners”,
“TypeV2”: “SharePointGroup”
}
],
“Operation”: “Full”,
“SnapshotDate”: “2024-07-31T00:00:00Z”,
“ShareCreatedBy”: {},
“ShareLastModifiedBy”: {},
“UniqueId”: “eeff5b6d-1234-1234-1234-f621f6a80394”
}

Note: The number of users (UserCount and TotalUserCount) is missing here. This is by design, since the SharePoint datasets currently only show the count of AAD group members, not AAD group owners.

Next, here is the permission object granting Edit to the SharePoint group for members:

{
“ptenant”: “12345678-90ab-4c21-842a-abcea48840d5”,
“SiteId”: “567890ab-1234-4813-a993-ea22b84e26c7”,
“WebId”: “12341234-1234-4b50-8f07-1b4166cf66ba”,
“ListId”: “00000000-0000-0000-0000-000000000000”,
“ItemType”: “Web”,
“ItemURL”: “sites/ProjectX”,
“RoleDefinition”: “Edit”,
“ScopeId”: “5f80eb7c-4b43-4fee-830b-1234567890ab”,
“SharedWithCount”: [
{
“Type”: “SharePointGroup”,
“Count”: 1
}
],
“SharedWith”: [
{
“Type”: “SharePointGroup”,
“Name”: “ProjectX Members”,
“TypeV2”: “SharePointGroup”,
“UserCount”: 3
}
],
“Operation”: “Full”,
“SnapshotDate”: “2024-07-31T00:00:00Z”,
“ShareCreatedBy”: {},
“ShareLastModifiedBy”: {},
“TotalUserCount”: 3,
“UniqueId”: “eeff5b6d-f3cf-451b-9863-f621f6a80394”
}

Finally, here is the permission object granting Read to the SharePoint group for visitors:

{
“ptenant”: “12345678-90ab-4c21-842a-abcea48840d5”,
“SiteId”: “567890ab-1234-4813-a993-ea22b84e26c7”,
“WebId”: “12341234-1234-4b50-8f07-1b4166cf66ba”,
“ListId”: “00000000-0000-0000-0000-000000000000”,
“ItemType”: “Web”,
“ItemURL”: “sites/ProjectX”,
“RoleDefinition”: “Read”,
“ScopeId”: “5f80eb7c-4b43-4fee-830b-1234567890ab”,
“SharedWithCount”: [
{
“Type”: “SharePointGroup”,
“Count”: 1
}
],
“SharedWith”: [
{
“Type”: “SharePointGroup”,
“Name”: “ProjectX Visitors”,
“TypeV2”: “SharePointGroup”
}
],
“Operation”: “Full”,
“SnapshotDate”: “2024-07-31T00:00:00Z”,
“ShareCreatedBy”: {},
“ShareLastModifiedBy”: {},
“UniqueId”: “eeff5b6d-1234-1234-1234-f621f6a80394”
}

Note: The number of users (UserCount and TotalUserCount) is missing here. This is by design, since there are no members in the “ProjectX Visitors” SharePoint group.

7. SharePoint groups

To complete the picture, let’s look at the definition of the 3 SharePoint groups: Owners, Members and Visitors. There are some interesting twists here. We’ll look at them one by one.

Let’s start with the Visitors group. This one is the simplest. It is a SharePoint group with an empty members list.

{
“ptenant”: “12345678-90ab-4c21-842a-abcea48840d5”,
“SiteId”: “567890ab-1234-4813-a993-ea22b84e26c7”,
“GroupId”: 4,
“GroupLinkId”: “00000000-0000-0000-0000-000000000000”,
“GroupType”: “SharePointGroup”,
“DisplayName”: “ProjectX Visitors”,
“Owner”: {
“Type”: “SharePointGroup”,
“Name”: “ProjectX Owners”,
“TypeV2”: “SharePointGroup”
},
“Members”: [],
“Operation”: “Full”,
“SnapshotDate”: “2024-07-31T00:00:00Z”
}

Next, here we have the Members group. This SharePoint group has the Entra ID Microsoft 365 group as the single member here.

{
“ptenant”: “12345678-90ab-4c21-842a-abcea48840d5”,
“SiteId”: “567890ab-1234-4813-a993-ea22b84e26c7”,
“GroupId”: 5,
“GroupLinkId”: “00000000-0000-0000-0000-000000000000”,
“GroupType”: “SharePointGroup”,
“DisplayName”: “ProjectX Members”,
“Owner”: {
“Type”: “SharePointGroup”,
“Name”: “ProjectX Owners”,
“TypeV2”: “SharePointGroup”
},
“Members”: [
{
“Type”: “SecurityGroup”,
“AadObjectId”: “11223344-5566-4ce6-885c-ff5faca9be7f”,
“Name”: “ProjectX Members”,
“Email”: “ProjectX@contoso.onmicrosoft.com”,
“TypeV2”: “SecurityGroup”
}
],
“Operation”: “Full”,
“SnapshotDate”: “2024-07-31T00:00:00Z”
}

Finally, the SharePoint group for Owners. This group has a special claim that assigns the owners of the Entra Id group as members of this SharePoint group. If you ever need to process this further, remember that the SharePoint group #3 is special.

{
“ptenant”: “12345678-90ab-4c21-842a-abcea48840d5”,
“SiteId”: “567890ab-1234-4813-a993-ea22b84e26c7”,
“GroupId”: 3,
“GroupLinkId”: “00000000-0000-0000-0000-000000000000”,
“GroupType”: “SharePointGroup”,
“DisplayName”: “ProjectX Owners”,
“Owner”: {
“Type”: “SharePointGroup”,
“Name”: “ProjectX Owners”,
“TypeV2”: “SharePointGroup”
},
“Members”: [
{
“Type”: “SecurityGroup”,
“AadObjectId”: “11223344-5566-4ce6-885c-ff5faca9be7f”,
“Name”: “ProjectX Owners”,
“Email”: “ProjectX@contoso.onmicrosoft.com”,
“TypeV2”: “SecurityGroup”
},
{
“Type”: “User”,
“Name”: “System Account”,
“TypeV2”: “InternalUser”
}
],
“Operation”: “Full”,
“SnapshotDate”: “2024-07-31T00:00:00Z”
}

Note: If you need to expand the members of this SharePoint Group #3, you should use the list of owners of the AAD group for “ProjectX”, not the list of members of the AAD group.

8. Conclusion

I hope this post helped you understand how SharePoint groups are used and combined with Azure Active Directory groups.

Keep in mind that you can download a full list of the SharePoint groups, their owners and their members using the Microsoft Graph Data Connect. For more information, refer to the overview post at https://aka.ms/SharePointData.

​Microsoft Tech Community – Latest Blogs –Read More