Category Archives: Office 365

SharePoint/Office 365 at Build 2014

I’m heading to the Build conference next week in San Francisco, YAY my first //build ever.  We have a bunch of great developer related content for SharePoint and Office 365 there.  Don’t worry if you have not developed for SharePoint or 365 before, there is content to get you up to speed!

Here are the sessions:

Building Connected Productivity Apps Brian Jones
Office Power Hour – New developer APIs and features for Apps for Office Rolando Jimenez Salgado
SharePoint Power Hour – New developer APIs and features for Apps for SharePoint Rob Howard
SharePoint 2013 Apps with AngularJS Jeremy Thake
Building Enterprise Social Apps with Yammer Jose Juarez Comboni
The brand new OneNote service – reach the massive user base with your apps. Gareth Jones
Developing Office 365 Cloud Business Apps Dan Fernandez
Deep Dive into Mail Compose Apps APIs Andrew Salamatov

Also Office 365 will have a booth so come and visit the booth and connect with the speakers and the team from Redmond.

SharePint @ //build, Wed at 7pm @ Chieftain Irish Pub

see you there!


Hola Microsoft

Back in November 2011 I said “Adios Microsoft” and left to start the US office for Provoke Solutions. I can’t believe it has been over two years since then.  Time has flown by!

Well all things come to and end and on the 10th of March I will rejoin Microsoft.
I have thoroughly enjoyed my time with Provoke.  On Nov 1 2011 I literally unloaded a car full of things and set up myself in an office in Bellevue as employee #1.  We have achieved some amazing things since then and I am personally very proud what we accomplished. It’s been very personally rewarding, challenging and character building. Running a small business is hard, but a lot of fun all at the same time. I was fortunate enough of having the backing from our New Zealand based team so I never felt like it was just me.

But now I am ready for my next chapter.

I am heading back to a familiar but different team from my last stint at Microsoft, the Office 365 team. I will be leading a team to help to make Office 365 a great place for developers, software vendors (ISVs), development houses (“System Integrators”) and others to customize, extend and build software for Office 365 and constituent products on-premises.


This opportunity was too good to pass up.  The chance to work on the worlds #1 leading productivity software and to help take developers and ISVs along for the ride! Couple that with a unique time in computing history as the paradigm shift of cloud computing takes hold and it makes for a very unique opportunity that I couldn’t resist.

They had me at “helping developers”.

The current story for developers building for the cloud in 365 is only in its infancy and I am very much looking forward to being involved and helping as much as I can.

I know lots of people out in the community, the SharePoint community especially, who are very passionate and vocal about the issues they are facing with development for Office 365 today.  I know fully well what many of the issues are, however, as always, I look forward to talking with as many people as I can and working on these issues together.  It needs to be a collaborative effort and it wont happen over night.  But it will happen.

I am really looking forward to the SharePoint Conference in Vegas next week!


Sandbox code is “deprecated”, long live the Sandbox

we have deprecated the use of custom managed code within the sandboxed solution – Brian Jones, Principal Program Manager, Apps for SharePoint

It’s been a long time coming and widely anticipated that this announcement would come at some point.  It’s great to see the announcement and the clarity many have been asking for.

I feel like I’m in a good position to comment on this and give some background about why I think deprecating code based sandbox solutions is good idea. I was on the SharePoint engineering team when the sandbox was being built and for a period of time I was the Program Manager for the feature.

Background:  Sandbox solutions in SharePoint were introduced in SharePoint 2010.  They allowed a packaged set of assets and code to the uploaded to a SharePoint site.  That can consist of declarative components like XML for adding things like List Templates, as well as compiled code for things like Web Parts or Event Receivers.

When the Sandbox was being designed and built it was about 2 – 3 years prior to SharePoint 2010 being released. Azure, and cloud computing in general, either didn’t exist or was in its infancy. SharePoint needed a way to upload customizations/components to SharePoint sites where the administrators were not comfortable with installing Farm Solutions aka. Full trust solutions. Microsoft itself was a perfect example of this.  If I built a web part I, as a Microsoft employee at the time, couldn’t load that onto our SharePoint sites that MS IT ran.  No 3rd party web parts or products. This was a common problem in many large organizations and we heard about this time and time again with customers.

Sandbox Solutions were the answer. They allowed users to upload a solution and have SharePoint run it while it being controlled, secured and run in a sandboxed process. The main thing this gave SharePoint was the ability to isolate the code in that solution and ensuring that if it crashed or was badly behaved that it didn’t break the rest of the SharePoint environment.

The problem was that Sandbox Solutions was a feature added in Windows SharePoint Services (WSS) and that was a different product from SharePoint Portal Server (SPS) that built on top of WSS.  The API set in the Sandbox that was available was limited to WSS APIs and even then only a subset of them. There were good reasons for this, but at the end of the day it was very limiting for people.  Ideally it would have been great to have lots of SPS APIs available too. But that didn’t happen (different story).

So that is the background about how/why Sandbox came about.

… now fast forward to today …

In a nutshell the Sandbox was a good solution to the problem faced when it was designed. However, it’s not a great solution to the problem given the technology we have today.

Why is it no good today you ask?

A lot happened after the Sandbox was designed and built.  Cloud computing took off, new advances in code in all sorts of places got easier e.g. isolated apps on a phone.  A lot was learnt. 

In short its my belief that SharePoint shouldn’t have been trying to replicate an isolated code hosting environment.  That is reinventing the wheel and there are other teams at MS who build products to do this extremely well already.  Namely IIS and Azure.

Think about that for a second.  Imagine being given some arbitrary code and told to run it, but doing it in a way that was safe, secure, manageable and fault tolerant.  It’s actually quite a tough challenge. If you say it’s easy then you should try doing it instead of talking about it 🙂 (tip with wider life applicability too)

So today MS clarified that SharePoint was getting out of the code hosting game.  Why?  Because it was limited and there are better solutions to this problem today. 

The new SharePoint app model is designed to solve this by moving “sandbox” code to an alternative host e.g. IIS or Azure or <insert thing that runs code here>.

Sandbox code might be “dead”, but the new app model IS the new Sandbox!

I see the reasons why the sandbox came about the same as I do for the new app model.  They are solving the same problem.  How do you allow someone to customize, extend and build new things on SharePoint without compromising the integrity of SharePoint itself?  That is the goal.

Today in SharePoint 2013 and Office 365 we have the ability to build solutions that use this new app model.  Sure, it’s not perfect in the APIs it provides and there is plenty of scope for adding things.  I am certain it will evolve to cater for more of these things over time.  That said, it is MUCH better suited for the long term.  I for one am loving the ability to use all the latest dev tools and technologies in Azure that were not possible in SharePoint previously.

The app model may not be applicable or possible to be used for everyone today and that is fine. It’s going to develop and that will change over time would be what I bet on.  But it is the right path moving forward.  This might cause some pain for people in the short term and I understand the frustration people have with changes like this. But I would MUCH rather have to deal with this change than be limited to a inferior set of capabilities in the longer term.  This is the right move long term (in my humble opinion).  Short term pain, long term gain.

Getting SharePoint out of the code hosting solution was the right things to do and I applaud the team for clarifying there position on this.

I look forward to the SharePoint Conference in March where hopefully (fingers crossed) we will hear more about the future of the new app model and how it will address its shortfalls today.


Ep 10 of the Microsoft Cloud Show – News on Azure, Google Compute Engine and Amazon and more

I can’t believe we just hit episode 10 of the Microsoft Cloud Show!  It feels like a mini milestone.

Episode 10 is jam packed with news and updates from the Amazon re:Invent conference, as well as news on the newly released Google Compute Engine & , of course, lots of Azure goodies too.

Go get it and let AC and I assault your ear buds.

Episode 010 – Latest news in the cloud from Microsoft, Amazon and Google

Thanks for the amazing support so far with the podcast.  We had > 7000 downloads over the past month or so which is astounding!


Yammer provisioning rolling out in Office 365 admin portal

Previously if you were an Office 365 (E SKU) customer or partner with an Enterprise Agreement (EA) you could ask MS to upgrade your Yammer network to the Enterprise edition for no additional charge.

Starting today MS have added the ability to do this via the Office 365 admin portal directly.

This is a rolling release, and your tenancy might not have got the changes just yet. So hold tight.

Customers with Office 365 E plans, SharePoint Online + Yammer, or existing Enterprise Agreements and qualifying license purchases are eligible to activate Yammer Enterprise via their Office 365 Administrators portal.

You can do this in the Admin portal as shown below:

This should make the process a whole lot smoother and is another (small) step in the right direction for the integration of Yammer and Office 365.


SharePoint Saturday Chicago #SPSChicago

Today I presented a 101 session on getting started with the new SharePoint App Model. It’s a lot to get through in 75mins, but hopefully it gave people enough to get started and try out building an app for Office 365 or SharePoint on premises.

Thanks to everyone that came along!  #SPSChicago is a great free event for people with a great lineup of speakers.

Here are the slides:

Introducing the Microsoft Cloud Show podcast

Microsoft Cloud ShowThe only place to stay up to date on everything going on in the Microsoft cloud world including Azure and Office 365.

Quite some time ago I bugged pestered asked my good friend Andrew Connell (AC) if he would be interested in starting a SharePoint podcast.  Given he is a busy guy with a lot on his plate he wasn’t so sure it was a good idea to begin with.  After all, we both said that if we were going to embark on something like this that we wanted to do it right.

We ultimately decided to broaden the shows scope to include not only SharePoint … but rather take on talking about the whole Microsoft cloud story.  After all, Microsoft are one of the largest Enterprise players in the market and there is A LOT going on in their cloud offerings.

The Microsoft Cloud Show was born.

Our aim with the show is to bring you news, information and commentary about all things going on in the Microsoft cloud world. We want to invite the listener into the show via way of audio and email questions sent in. We want to keep a consistent delivery of shows that you can count on.  Most of all we want it to be easily digestible and will try to stick to 30mins per show.

We are not pretending to be professional podcasters here and we will likely learn a lot along the way.  But we hope you will join us for the journey.

We are launching the podcast in iTunes (MS marketplace coming soon) with 3 episodes. These are just introductory shows and talk about our motivations for the show & then a background show on each host. We will be getting into the meat and potatoes in Episode 4 which is coming soon.  Ideally we would love to settle into a fortnightly show.

We would love to hear your feedback! We would love to hear about topics that interest you and that you would like to hear us address on the show.

In the meantime … please enjoy this screenshot from us recording our first show.



Content by Search webpart in Office 365

It looks like the much awaited Content by Search Web Part might start showing up in Office 365 tenants!  I’m not sure when this started, and it might not be on all tenancies just yet.

Here it is in all its search laden glory …


It seems to depend on what version your Office 365 tenant is.  If you have or above then you should be in luck.

To find out what version your tenancy is on log in and navigate to the following URL:

You should see something like this:


Update: MS has announced this now:


SharePoint Online protects against BREACH

Back in August a co-worker who is doing a lot of work with Office 365 noticed something changed in Office 365.  One of those sneaky, unannounced changes that break things inadvertently and take a while to track down.

It turns out Office 365, SharePoint Online in particular, had stopped Zipping returned  payloads to JavaScript Object Model (JS OM or JSOM), even if you explicitly asked for them.  You can read about his initial discovery in a blog post.

TL;DR – Send a request for information from SharePoint, include the “Accept-Encoding: gzip, deflate, sdch” header, response comes back without compression applied.

Here is it in action.  To try this at home you will need:

  • One SharePoint Online site
  • A tool like Fiddler or PostMan (handy Chrome app) for easily handcrafting and initiating HTTP requests and seeing what comes back.  I’m using it below.
  • A list set up in your SharePoint site with some data in it

Create a HTTP GET request to return the items from your list. Something like this:$select=Title

Add your Accept-Encoding header and Accept headers like so to ask for JSON back and gzip compression:


Send your request and you should see some JSON come back.  Something like this:


Notice a distinct lack of zippage? Also if you flip to the Headers tab on the response you don’t see a Content-Encoding: gzip like this:


Now this isn’t really a big problem in the grand scheme of things.  Unless you are calling this from a mobile app where bandwidth is important or you need low latency replies. Another example would be if you are building a SharePoint App and calling the REST services to get back list data to drive some UI … you want it to be snappy.

After a bit of hunting my co-worker pointed me at a post about an SSL + HTTP Compression hack called BREACH.  Basically this hack lets hackers break SSL by fiddling with the input on a request and watching changes in the compressed response. After a few (say 1000) requests they can crack your SSL.  Note this is only an issue if you are serving content than can change based on manipulation of request data AND the return payload can be compressed.

The fix?  Turn off HTTP compression on responses.

Yes, really. That seems to be the only practical option for mitigating against this attack right now. No, this isn’t a bug in IIS or SharePoint or any other product.

Hence, this seems to be why SharePoint online no longer compresses responses.  I was told that static files might be compressed since they wont fall victim to this hack, however my testing didn’t surface any resources that I could make come back compressed. (Let me know if you find one)

E plan tenants  are the most effected I think as the SharePoint Online sites are all behind SSL.

I found this really interesting so I thought I would share.


PS: thanks to my Microsoft buddies who helped confirm this for me.

Keeping up with cloud releases, Yammer vs. 365

A colleague Brendon Ford , and Office 365 MVP I would add, pointed me at a great resource today for keeping up with what Yammer are up to in terms of new stuff coming down the line.

This gives a reasonable amount of detail on the things they are working on and at what stage they are at.  I say reasonable because they don’t give hard dates on when things will release, but they do give some detail on what is coming.

Here are some examples that specifically relate to Office 365.

Better search integration…


Could this be the single sign on we are all waiting for?  Maybe not, but it seems to be getting better…


Office web app integration in Yammer for viewing documents etc…


This is pretty cool insight into what’s coming.

The question I have is:

When are we going to get this level of visibility into the core Office 365 products? Exchange, Lync and SharePoint?

One of the big issues we face with customers in Office 365 is having zero visibility into when things change.  We are not alone, Jeremy has a good write up about some issues they have faced with APIs changed unexpectedly.

If I were at Microsoft still here is a sampling of things I would be pushing hard for:

  • Release and Update schedule.  Notes on exactly what is coming and when (per tenant).
  • Dev sandbox.  Ability to ask for a temporary test tenancy on a particular “version” of the service/product so that customers and partners can test their other systems that integrate with Office 365.
  • Postponement.  The ability to ask for a postponement of an update for up to 30 days. This would give customers/partners time to test and fix up any issues.
  • Open dialog with trusted advisors.  Microsoft was built on the back of strong partnerships.  Having a group of trusted advisors with a Bat Phone to someone who cares in engineering would go a long way. This group wouldn’t need to be big, but would be of good people who get it. People who want to help MS get better, not moan about it publically.

Some might say:

“Chris that is all great, but surely they should just get their cloud model to work and not break stuff randomly!”

Yeah that is great if you think you can reach Nirvana.  However, that is an impossible goal. Especially with something as complicated as Office 365 and all of its constituent parts.  Don’t let some chump from the valley with bubble gum SaaS product tell you otherwise 🙂

I think with some of the above changes proposed that things would get A LOT better really quickly.