The European SharePoint Conference is less than three weeks away and I'm delighted to be part of such an exceptional line up. The conference will take place in Barcelona, Spain from the 5-8th May 2014 and is Europe's largest SharePoint event bringing you great sessions and the latest innovations from Vegas.
Browse through the superb conference programme including 110 sessions, keynotes, and tutorials, including topics covering the latest news from SPC14 including what's new with SharePoint 2013 SP1 - Office Graph/Oslo - new Office 365 REST APIs - Access Apps - Cloud Business Apps.
I will be conducting a session on "Think You Can Hack SharePoint?" aimed at IT Professionals.
"Think You Can Hack SharePoint?"
"What is a hacker? In the dictionary a hacker is defined as a computer user who attempts to gain unauthorized access to proprietary computer systems. We all know that in reality a hacker is someone who tries to gain access to anything that they do not have access too, file shares, websites, wifi or even your blog site. SharePoint is such a large platform that has many entry points that we need to minimize the attack surface. In this session we will look at what it would take to "hack" SharePoint, but more importantly how to protect and secure the content and the site entry points to stop those pesky hackers getting in."
The European SharePoint Conference will be run over four days and with over 1000 SharePoint attendee's already signed up don't miss this fantastic opportunity to mingle with the European SharePoint Community.
If you want to deepen your SharePoint expertise, to understand the trend of the SharePoint market, and to learn how to leverage Microsoft Office 365 for your business, including the revolutionary Enterprise Social wave, the European SharePoint Conference is the best place to be in 2014!
Prices start from €1150! There is also special group discounts for bookings of 3 or more people.
Book Now and I'll see you in Barcelona in May
Well what a great year so far. I took 2 months out of travelling during January and February, a promise I made to made my wife. It was great, just normal work and just being at home with family, made a great difference than sipping around on flights all the time.
Now things are back to normal, SharePoint Conference under my belt where I presented two sessions, one on Data Security and Compliance in SharePoint (http://channel9.msdn.com/Events/SharePoint-Conference/2014/SPC344) and then a Multi-Factor Authentication for SharePoint Online and On-Premise (http://channel9.msdn.com/Events/SharePoint-Conference/2014/SPC384). It was a great conference, and really enjoyed presenting again. I hope that those that attended enjoyed the sessions too.
Exciting times today to find I have been renewed as a SharePoint MVP for the 8th year running which is an amazing feeling to be recognized by you as the community and of course by Microsoft. I wish to say congratulations to all those who got renewed and to those new MVP's who have joined the club today, you deserve it.
So what is next, well conference season is well and truly underway and you can find me at the following over the next few months (only want to worry about that far for now).
SharePoint Saturday Twin Cities, Minneapolis, April 5th, 2014
SPS Gulf, Online, Aprtil 12th, 2014
SP24, Online, April 17th, 2014
SPTechCon San Francisco, April 22 – 25th, 2014
European SharePoint Conference, Barcelona, May 5 – 8th, 2014
Secure 360, Minneapolis, May 12 – 14th, 2014
SharePoint Conference.ORG, Reston, May 18 – 20th, 2014
SharePoint Fest New York City, June 2 – 4th, 2014
There are others throughout the year, but if I try to focus on all of them it becomes a little bit overwhelming J
So would be great to meet you all at a conference or SharePoint Saturday somewhere, so if you are there come and say hello. I know the topics I tend to cover are not the most exciting topics. Things like Hacking, Security, and Pen testing, Authentication and Authorization are not everyone's favorite thing to talk about, but hey come and join me and hopefully it will be more exciting than you think.
On a personal note my parents are coming to America for the first time ever so this is going to be fantastic, some other members of my family are visiting too (not all of them, do have 7 brothers and 5 sisters after all), and then I am excited about taking the kids to Disney World, Orlando at the end of the year. This year is going to be great.
Hope your year is working out like mine is so far J
So I updated my clean Development Virtual Machine yesterday evening to Service Pack 1 and what happened you wonder?
Well firstly it took ages!! What did you expect? It updated fine and upon checking the upgrade status it was clean, checking the database upgrade status tells me that I have to upgrade:
I won't bore you with how long it took to complete but it did either way. So after launching Central Administration what did I see?
A nice little message saying that I can now get "Yammer" and "OneDrive for Business" from Office 365. Really? No shocker there but what does this mean?
Well upon clicking the "Yammer" link I am taking to the following screen.
I wonder what will happen when I click "Activate Yammer?"
And then the screen before is changed to this.
So there we have I have now activate "Yammer", but have no idea what it just did. So if I go back and click the "OneDrive" link I get taken to the following page.
Interesting, so we will come back to this as it needs configuration.
Back to the "Yammer" thing. I launch my normal Site Collection and start to look for "Yammer" integration. What do I find? A link at the top of my site collection that looks like this.
When I click this link it takes me to the "My Site Host", and launches a new page "_layouts/15/Yammer.aspx". And presents me with the following screen.
Clicking the link "Take me to Yammer" takes me to the cloud, where I can login to my Yammer network at which point it remembers the network that I went to and the next time I click the "Yammer" link it takes me back to that place. You can at any point disable that feature again by going back to "Central Administration" and looking under the "Office 365" category. Interesting bug, when you click on the using the highlighted links bellow they go nowhere J
It returns the following.
The URL does not exist. It does exist in the template for "Central Administration" but does not load.
So REMEMBER to run the full upgrade through, and update the databases by running the "PSCONFIG" commands. Do not skip any step otherwise it won't work. When it does it just goes to this page.
Such a big page for so few options. The configuration is really that, you don't get anything else. Even though it is limited it is at least a start.
Deactivating the feature removes the top navigation link and puts SharePoint 2013 back to normal.
So really the enhancements made for "Yammer" are minimal, even reflecting the SharePoint DLL's and searching for "Yammer" reveals nothing new.
Outside of the "Yammer" thing and "Office 365" profiles, the big one for me is the ability to run SharePoint Server 2013 on Windows Server 2012 R2 now. Of course the note here is that you need use the "Slipstreamed" ISO image that contains the base application, updated and Service Pack 1.
Be warned, if you are trying to create your own "slipstreamed" SP1 media it may not work, download the newly created media.
Read this notice and warning: http://blogs.technet.com/b/stefan_gossner/archive/2014/02/28/sharepoint-2013-with-sp1-quot-slipstream-quot-is-now-available-for-download.aspx
So this month has been a busy one, not so much community efforts this month, more work as I made a promise to my family that I would not travel in January and February. Yes it has been hard, almost suffered from withdrawal symptoms of not seeing the SharePoint regulars, I think that is just to do with me not seeing Christina Buckley for a couple of months!! Not sure if that is good or bad yet J
Anyway this past month has seen me focus my energy on the most amazing piece of kit ever, my Raspberry PI. I have been running it for a while as Kali Linux hacker box, but wanted something I could take with me on the road and use for general internet use. Those that know me will know that I am always paranoid about anything and am a great advocate for using VPN's and Proxies to mask my traffic. I don't have anything to hide, however I also believe in me being able to do whatever I wish (nothing illegal) without it being censored to the point I cannot do anything, I go to work for that J
So this past week or so I finally built my Raspberry PI Tor box. This runs Raspbian, is configured for the following:
- Secure Linux Box
- Ethernet Wired
- Wireless Access Point Enabled
- DHCP Enabled
- Tor Enabled
This means that while traveling I plug it directly into the hotels Ethernet which becomes its public IP Address, connect to the wireless access point that is enabled on it, and then surf the internet through the Tor Proxy network. This allows to either surf anonymously with whatever IP Address is gets for me, or I can set it to a specific country and it will connect to the Tor nodes there, so watching UK TV became a little easier all of a sudden. Of course it is not super-fast but it works really well, I have been using it from my iPad, iPhone and Surface for the past week or so and it has been great. To make my paranoia more real I am using a 643 character WPA key to get onto it J
I also have second one that is still running as my Kali Linux Hacker box which works great when connected to the other Tor Proxy I have. These are great pieces of kit, highly recommend getting one. A blog post to come later on, about the parts and configuration I used for my Tor Proxy.
While playing with the Raspberry PI, I also felt that this year I needed to step it up a notch on my fitness programs. Last year I completed Insanity and T25, as well as my regular running. This year I wanted to me slightly healthier by finding more ways to be active at work. So after some research I decided to see if I could actually work (when at home) while walking on the treadmill. To begin with it was a bit awkward, made tons of spelling mistakes while typing (writing this while walking on it), at least spell check works really well in Word 2013 J
After my successful test of using an old shelf laid across the arms of the treadmill I built my own desk that simply slots over the arms and stays there whether I walk or run.
This has meant that while working at home I literally walk or run all day while working. This has meant that I have been hitting between 12 – 15 miles a day while working, versus the nothing I was getting when sitting at my desk at work or my office at home. Highly recommend it you as an easier way to stay in shape.
Shortly after getting this sorted out and really setting my goals, such as 10K training etc. a challenge appeared on the horizon, which came out of the back of that magical device the Fitbit which a lot of the SharePoint community use. A friend and sore loser, Virgil Carroll, setup a challenge from the 1st February to the end with us all donating money to the winner's charity. This has been great far with over 50 people from all over the world have joined in, some racking up a few steps, miles and active minutes while others steaming ahead and destroying everyone, did I mention I have been winning (for now), however think Marcy Kellar is going to kill me soon, and Virgil is the current master of the Active Minutes:
Either way this is a fantastic way of being motivated by your peers and also having some good old fashion smack talk to inspire everyone.
Now my month would not be complete without the stress of putting together two sessions for SPC14. I am presenting on Data Security and Compliance and then Multi-factor Authentication for SharePoint On-Premise and SharePoint Online. These will be fun sessions talking about the subject that really no-one talks about, however with the latest hacks that have took place, now we are willing and able to chat about them. Should be some fun sessions, hopefully you come and see me present J
All in all this year, 2014 has been great, outside of all of this, being at home for over a month has been great. Spending time with my kids and wife come first over the SharePoint pieces of my life, sorry to the SharePoint world, but in the pecking order you lose out. However come March onwards I will be at the following conferences, as well as couple of SharePoint Saturdays where I can fit them in.
- SharePoint Conference 2014, March
- SPTechCon San Francisco, April
- European SharePoint Conference, Barcelona, May
- TechEd North America, Houston, May
- Secure 360, Minneapolis, May
- SharePoint Conference.ORG, Reston, May
- SharePoint Fest New York City, June
There are a few more after that, but I can only focus on a few at one time J
Anyway hope to see you around the community in the next month.
Living here in Northern Virginia, we are quite lucky that within a relatively short distance there are multiple SharePoint User Groups such as there, I know I have missed some, so apologies. Comment below to be added.
- Reston User Group - Reston, Virginia
- SUG DC - Washington, DC
- Richmond SharePoint Users Group - Richmond, Virginia
- Federal SharePoint User Group - Washington, DC
- Hampton Roads SQL Server and SharePoint User Group - Virginia Beach, Virginia
- Women in SharePoint - Washington, DC
- Tri-State SharePoint User Group - Malvern, PA
- Philadelphia Area SharePoint User Group - Blue Bell, PA
- Baltimore SharePoint User Group - Baltimore, MD
Though there are great, they cover roughly about a 3 hour window from here in sunny Winchester, Virginia. Some are closer but the really the closest is still almost an hour away. While speaking at the Reston User Group and SharePoint Saturday Reston last week a couple of people asked if there was anything closer to here in Winchester. So I posted a twitter message seeing if people are interested, if so then reply to that are comment on this post and we can look at setting up a user group for the Winchester Virginia and surrounding areas, I was thinking this area?
This would cover an area of about 30-40 minutes or less and would predominantly cover Virginia and into West Virginia.
Let me know by commenting below if you would be interested in attending a User Group meeting each month out here in Sunny Winchester Virginia J
So by now you should have played with Apps in SharePoint 2013. Whether you created your own or used a free/paid one from the store either way you should have by now. A couple of little things that can be a pain are to do with styling of apps within a SharePoint site.
I have seen this issue in many environments:
This issue is caused when someone sets the master page using the default option and sets it to push down to all sites.
This only happens when you set the system master page this way, setting the publishing page one does not affect it. To resolve this you can access the master page changer page using the following URL:
You can also run PowerShell that will set the "CustomMasterUrl" back to what it should be.
This issue seems to be caused by using different application pool accounts. In the environment I am using right now I have the following:
As you can see I am using different accounts for each application pool. In this configuration my accounts are running least privilege and causing the problem with the user interface. I change the application pools to be the following:
This resolves my problem and the apps now load as expected. Now of course you would probably want to keep everything isolated potentially by application pool and account so this may not be the ideal solution. The other approach is to grant permission to the Web Application for the App Web specifically to the application pool account you are using the "User Policy" option in Central Administration.
As a note I found that simply adding the user account, refreshing it and then removing it from the user policy meant it worked perfectly fine.
Hope this helps.
European SharePoint Training Week (http://www.sharepointeurope.com/content/european-sharepoint-training-week ) from the 25 - 28 of November will bring together some of the best speakers and trainers from around the world direct to your computer for FREE! With four days of live interactive webinars, educational eBooks, a wide range of unique blogs covering all SharePoint topics, don't miss this one-off chance to hear the latest cutting edge content on SharePoint 2013 and chat online with these global thought leaders.
I'm delighted to be involved and am presenting a webinar on Tuesday, 26th November on 'SharePoint Authentication and Authorization' http://www.sharepointeurope.com/content/sharepoint-authentication-and-authorization
Join me on Tuesday, 26th Nov at 03:00PM GMT and understand base authentication options; select an authentication mechanism based on pros and cons of each and understand the difference between authentication and authorization. Register Now>> https://www4.gotomeeting.com/register/842301967
With other live webinars from Agnes Molnar, Alan Richards, Symon Garfield, Mike Fitzmaurice, David Martos and Michael Noel be sure to check out the agenda here>> http://www.sharepointeurope.com/content/european-sharepoint-training-week
On Thursday, 28th Nov, their will have a range of superb eBooks and insightful blogs by some of the leading experts in the SharePoint industry. Contributors include: Edin Kapic, Asif Rehmani, André Vala, Jeff Fried, Wouter van Vugt, Thorbjørn Værp, Geoff Evelyn, Bill Ayers, Eric Riz, Christian Buckley, Paolo Pialorsi, Mikael Svenson, Abi Onifade and Oliver Wirkus.
Join me at European SharePoint Training Week, 25 – 28 November - Register Now>>
So in one of my last posts we looked at the Multi-Factor Authentication using Azure Services. I will post the second blog about that shortly. This post however is about using ADFS 2013 R2 (ADFS 3.0) internally but wanting to use the Multi-Factor Services from Windows Azure as part of that. To achieve this firstly setup ADFS 3.0, I won't document those steps as Microsoft have done a great job for this:
Now we have our new ADFS and Domain setup we now need to access our Windows Azure Subscription and click the "Active Directory" link.
Then select the "Multi-Factor Auth Providers" link at the top.
Select to "Add" a new one and follow the structure below:
Make sure you choose a valid name, I then selected the "Per Enabled User" licensing, and you could choose what you need. Then make sure you "DO NOT LINK A DIRECTORY".
Once it is created we need to now manage this Auth Provider. Select it from the page and choose the "Manage" link at the bottom.
You are then navigated to the configuration page where you can download the components needed. Click the "Downloads" link. There are two things that need to be done here, firstly click the "Download" link, the small link in gray. Then also click the "Generate Activation Credentials" which will be needed later.
Now run the installation for the Multi-Factor Authentication installation. You may get this error, if so download the correct .NET components, install and continue.
Complete the required .NET installation and follow the installation wizard.
Once installed the application will launch automatically:
Check the option to "Skip using the Authentication Configuration Wizard".
The core console will then be loaded as shown below.
Access the Windows Azure portal and then manage the MFA and get the activation credentials and use those in the Activation screen, then click "Activate".
It will then communicate with Azure MFA services for validation.
Select the desired group or create a new Group. I am choosing a new group.
When prompted do not run the wizard.
The console should then show the current status.
We now need to import active directory users from the current domain ready so we can assign Multi-Factor Authentication to them. To do this click the "Users" link on the left and then select the "Import form Active Directory" option at the bottom.
We are now presented with a new console for selecting the accounts we wish to import. You can from there expand the Active Directory and then select the accounts you want to import.
There are multiple options, for setting languages for the Phone Call, Text or Mobile Application access. I have set mine to use "Text Message".
Select the accounts and choose to import with the desired settings.
Once completed the user accounts should be displayed with various details that you chose to import.
The first thing to do is to enable the accounts by editing each one and choosing "Enabled".
Now we can test them b using the "Test" button in the console.
This will send a text to the number that is configured which you need to reply to with that one time code.
Now we need to install the ADFS components and connect it all together. Select the "ADFS" link in the left navigation.
Select "Allow User Enrollment" plus any other settings you wish to use, then select the "Install ADFS Adapter" button.
Follow the install wizard.
Once that is completed now we need to run a PowerShell script to register this in the federation platform. From a PowerShell window run the following: (if C: is where you installed it)
"C:\Program Files\Multi-Factor Authentication Server\"
Once completed restart the ADFS Server.
Now we have this we can now enable this within ADFS and also set the policy we need. Open the ADFS management console and select the "Authentication Policies" and then "Edit Global Multi-Factor Authentication" option from the right.
Now we need to set the core policy, from the current blank one.
You can now test it by accessing the following URL.
When you click "Continue" a text will be sent to you again, which you reply to and then you should be authenticated.
As you can see it is fairly easy to setup Multi-Factor Authentication with the new ADFS 3.0 using Server 2012 R2 and the Windows Azure Services. When my ADFS is connected to SharePoint we now get true multi factor authentication. If we modify the policy to allow questions as a fail over then when the text is not responded too or incorrect the user is presented with the questions instead.
This is a great platform that is very extensible and can be used for anything that can be authenticated by ADFS.
SharePoint 2013 App Development requires an "App Web" for the actual code to be hosted when building apps. The default approach has been to simply create a web application that is tied to the server name such as http://SPDEV2013 and run the apps over plain HTTP. However in various situations, especially for public facing applications you would really want to run this over SSL. To enable this there are various ways of doing this. The way I choose to do it is as follows:
- Create the DNS Entries you need for the "App Web"
- Firstly we need to create the new "Zone" that we want to use, for this I am going to use "appssps.int"
Open "DNS Manager", expand the server name then right click "Forward Lookup Zones" and choose "New Zone"
- Add the name you wish to use for me I used "appssps.int"
- Now we need to add a record that will allow wildcard use of the domain
Right click the domain zone and choose "New Alias (CNAME)"
- There is plenty of conversation of whether you should use a "CNAME" record or an "A" record and you can see that and make a decision yourself, for this example however I am using the "CNAME"
Follow the wizard by adding the following, with obvious changes for your domain and DNS Server
Now we need to select the server so it all maps together, notice we set it to the server on the core domain not the new domain we will use for hosting the apps
Now to test this we can simply ping anything like this:
It should respond the correct IP Address, if not and you have multiple IP addresses on the server then reset the DNS entry using the right IP Address. For example mine should be sing an internal IP of 22.214.171.124, not the NAT address it picked up from the other NIC in my Server.
Now that we have core networking and DNS setup, we now need to provision a web application within the current SharePoint Solution. I won't go through these steps as this is well documented. The key here though is to NOT create a site collection at all.
- My Web Application is now created set to 443 as the port and a URL of https://apps.sps.int.
- Now we need to create a wildcard certificate unless you already have one
Open up "IIS" and select the root node then select the "Server Certificates" icon
Now based on how your environment is configured you may have to import a purchased certificate, create a self-signed one or create a domain certificate instead. I created a domain certificate as I have my own Certificate Authority.
- You will notice that the certificate is a wildcard one for the domain I want to host the apps on. It was generated using my certificate authority
Now we need to assign the certificate to the IIS website
- I am using specific IP Addresses for the SSL binding, which just makes my life a little easier segmenting the traffic.
- The SSL Certificate is set to the wildcard one we created earlier
- Now we need to configure SharePoint to use this for hosting apps.
To actually setup the SharePoint side of it you can find instructions over on MSDN.
- The only changes needed to those instructions is just to add the right values.
When accessing the "App" link in Central Administration you should see the following settings:
Once it is all configured you can now purchase an app such as the "Corporate News App"
Opening fiddler will show the paths being requested and rendering
- You will see the initial request using the "_layouts/15/appredirect.aspx" page
- Then it loads the request using HTTPS for the actual app to load
When you hit the final app, the URL is running over HTTPS
Hope this helps in getting your apps to run over SSL as they should. J