Adding Custom Tiles to the Office 365 App Launcher

image_thumb.png

Microsoft recently released a new feature so that as an Office 365 admin you can add tiles to the App Launcher.

 

Setting it up

Browse to the Admin dashboard for your tenant, from the left hand menu choose the ‘Company Profile’.

image

 

From the ‘Company Profile’ page select ‘Custom Tiles’ from the left hand menu.

image

 

The ‘Custom Tiles’ page is now displayed, and on very first load will be empty.

image

 

Click the ‘Plus’ to create a new tile.

image

 

You’ll notice that the information being requested is a lot simpler than the Azure AD application configuration. So in my opinion you may still want to opt for the Azure AD application root if you wanted to use groups/user assignment for the tile. This new Office 365 custom tile approach really only provides ‘add the icon’ style functionality. So in scenarios where you wanted to use a consistent name and icon for say a HR system where different regions had different urls/systems you’d still want to use the Azure AD root. Relying on this new Office 365 custom tile would need two tiles and both would show for everyone. As it stands today this feature is probably only useful for truly generic links such as the SharePoint root site collection (But why MS ignored that for so long has always baffled me).

Just before setting the tile information we need to make sure we have the logo somewhere, I always use Lego mini figures in this tenant so I uploaded a new picture to the assets library of the root site collection.

image

 

Once I have an image somewhere (it could have been located anywhere including externally from the tenant) I can enter the information to create the tile.

image

 

The new tile is now listed. Note that you can also edit and remove the tile from this screen.

image

 

Browse to your ‘MyApps’ page.

image

 

There you can see our newly created tile. From here the employee can decided to pin it the App Launcher.

image

 

They can also view details about the app.

image

 

We can see the new tile in the App Launcher.

image

 

So this is a neat new feature which will satisfy the common request to have a tile for the Intranet home page. While MS could hopefully go further in the future to allow employee and group assignment like the Azure AD apps.

Office 365 Unified API session from Microsoft Recoder 2015

MS-RECODER-540x270-Tweet_thumb.jpg

About the event

Recoder 2015 was a free one-day conference for application developers and IT professionals who wanted to get the fast track on Office 365.

My session

Intro to Office 365 Unified API

Over recent years Microsoft has been busy resetting the traditional developer landscape and in this session Wes will be introducing you to the exciting new Office 365 Unified API model and helping you to understand the APIs architecture and what choices or decisions you need to consider when approaching a development project in today’s Microsoft world.

Here are the slides that I presented during my session.

This was part of the introduction sessions so was super high level. During the short live demo I used the following API Explorer site.

https://graphexplorer2.azurewebsites.net/

This site allows you to prod and try out all the code snippets from the deck. When you first log in you will be asked to trust the app to all your Office 365 services. Then you can begin to call the various endpoints via the REST syntax.

Speaking at Microsoft Recoder 2015

MS-RECODER-540x270-Tweet.jpg

About the event

Recoder 2015 is a free one-day conference for application developers and IT professionals who want to get the fast track on Office 365. Discover how you can work smarter now, and get ready for the big innovations that are on the horizon.

Office 365 has become Microsoft’s fastest growing multi-billion dollar business, with hundreds of millions of users. At Recoder 2015 you will learn how you can build on this success – tapping into the secrets of the O365 APIs. There are very exciting times ahead, as Microsoft transforms the popular O365 productivity suite into an open platform running on all of the major operating systems, including Windows, Apple iOS and Google Android.

Recoder 2015 offers a fascinating day, whether you are an app developer looking to incorporate O365 functionality in your own apps, a developer creating full applications for O365, or an IT Pro responsible for the deployment and management of O365 applications.

See the UK’s first Live Demo of SharePoint Server 2016

In the morning you’ll gain new insights from some exciting keynote speakers including Steve Smith from Combined Knowledge (demoing SharePoint 2016 for the very first time in the UK) and Simon Hill from Wazoku, who will be sharing their views on the future of productivity and collaboration rooted in the reality of today. The afternoon is dedicated to breakout sessions tailored to IT Pro’s who deploy and manage the apps, plus Introductory and Deep Dive technical workshops for Developers, delivered by some of the industry’s most respected MVPs including Chris O’Brien, Spencer Harbar, Waldek Mastykarz and myself.

My session

Intro to Office 365 Unified API

Over recent years Microsoft has been busy resetting the traditional developer landscape and in this session Wes will be introducing you to the exciting new Office 365 Unified API model and helping you to understand the APIs architecture and what choices or decisions you need to consider when approaching a development project in today’s Microsoft world.

Registration

It’s free to attend, but registration is mandatory.

You can register at http://aka.ms/Recoder2015

We have capacity for 300 and we are expecting a sell-out.

SUGUK Yammer Deep Dive presentation

On Thursday April 30th SUGUK held a London session where I presented a session on Yammer deep dive.

 

Yammer deep dive

Many organisations are considering leveraging Yammer as their Enterprise Social Network (ESN). Office 365 has already taken some steps to integrate the Yammer capabilities by replacing the SharePoint newsfeed and introducing the document conversations. The reality is that these integrations are only the tip of the iceberg with regards the integrations you can achieve with Yammer.
This demo centric session covers in detail the integration options and the steps that a developer or architect can take to bring Yammer into use for a scenario.
We’ll walkthrough:

  • Learn how the Yammer Embed can bring conversations into SharePoint article pages.
  • How to post information into your Yammer network from other systems using OpenGraph.
  • Learn how to use the REST API to discover groups, messages, topics, users and perform advanced searches against the network.
  • Take a look at the cutting edge Azure Logic App and Yammer connector

 

SharePoint Evolutions 2015 presentations

April 20th – 22nd 2015 saw London play host to SharePoint Evolutions conference. It was a great event organised with so many quality speakers and companies in attendance. It was a privilege to be invited to speak again. This year I had two sessions as you can see below.

 

Introducing App Launcher

Delivered by: Wes Hackett

Audience: Office 365, Information Worker, Developer
A new feature of Office 365 is the ‘app launcher’ and ‘my apps’ features. These new features provide a new style of navigation experience where all your apps are available from the Office 365 suite bar and the ability for a user to pin their preferred apps. This session introduces the features and the extensibility approaches to have your own apps interact with it.

 

Yammer development deep dive

Delivered by: Wes Hackett

Audience: Office 365, Developer
Many organisations are considering leveraging Yammer as their Enterprise Social Network (ESN). Office 365 has already taken some steps to integrate the Yammer capabilities by replacing the SharePoint newsfeed and introducing the document conversations. The reality is that these integrations are only the tip of the iceberg with regards the integrations you can achieve with Yammer.
This demo centric session covers in detail the integration options and the steps that a developer or architect can take to bring Yammer into use for a scenario.
We’ll walkthrough:

  • Learn how the Yammer Embed can bring conversations into SharePoint article pages.
  • How to post information into your Yammer network from other systems using OpenGraph.
  • Learn how to use the REST API to discover groups, messages, topics, users and perform advanced searches against the network.
  • Take a look at the cutting edge Azure Logic App and Yammer connector

 

If you were an attendee you can also watch the DVD of the sessions.

Installing Office 2016 Preview from your tenant

OfficeOnline

Microsoft announced the Office 2016 Preview Public Preview today during the Ignite Keynote.

You can install the Office 2016 Preview from your Office 365 tenant.

Browse to your Office 365 Settings from the context menu on the Suitebar like the screenshot below.

image

From your Office 365 settings page choose ‘Software’

image

Your software page will load, it lists all the machines you have installed Office on.

image

Scroll down to the foot of the page.

If you have your tenant enabled for ‘First Release’ Office 2016 installation will be listed.

image

Select your language and then click ‘Install’.

After about 5-10 minutes Office 2016 Preview is installed.

image

NOTE: Office 2016 Preview is not being supported, so you are trying this at your own risk.

Office Online UI updates

OfficeOnline

There have been some subtle changes to the Office Online user experience in the past week or so. Office Online are the office applications such as Word, Excel and PowerPoint, they render a web based version which allows you to edit and read content directly within the browser.

The image below shows the reading view of a Word document. Note how the application bar now has a new layout and different options

image

 

The link back to the document library location is now within the grey area rather than on the header bar. In the image below you can see the library title ‘operations’.

image

The other options now appear on the right-hand end. As you can see from the image below some of the common options are now available without opening the file.

image

The ‘Edit Document’ menu provides us the links to edit online or in the desktop application.

image

The ‘Print’ menu item prints off the document as a PDF

image

The ‘Share’ menu item launches the Sharing dialog.

image

The ‘Comments’ menu item opens up the commenting functionality.

image

The ‘…’ menu brings up some other useful features.

The ‘Find’ menu brings up an in-document search box. Personally I’d like to see this as one of the primary options as it is a training challenge to educate people that it exists.

image

Other options allow for the in place translation using the ‘Translate’ menu option. The ‘Download’ does exactly as you’d expect and downloads the file, as does ‘Download as PDF’.

The final option which is worth mentioning is the ‘Embed’ option. As you can see from the image below it has some pretty neat features.

image

We can set the dimensions and some of the interactions available such as enabling print and the start page.

While they sneaked in under the radar these changes have made Office Online even more capable within Office 365.

Creating a simple redirect app for the App Launcher

image.png

As we saw from the previous article Adding GitHub to the App Launcher the Office 365 user experience now incorporates the App Launcher as a persistent navigation element across the whole suite. Combine this with the Access Panel in Azure and you have two simple ways to provide a user with a navigation item. As you can see from the screen shot below, including last articles addition of GitHub.

Imagine an organisation wants to take advantage of the App Launcher to provide a link to their users for the company public website. On the surface this isn’t such a bonkers request. Many organisations have some elements of their internal intranet hosted within Office 365 and often they require a link to the public facing sites as well. It makes sense then as the App Launcher provides a globally available menu system that the intranet owner might ask for this link to be provisioned. Ok so far, a sensible request by the stakeholder….

Well if we cast our minds back to the types of application that can be displayed:

  • Office 365 applications – If you are using Office 365 such as Exchange and SharePoint and the logged in user is assigned a license then these will appear. The user will be automatically signed in when they click any of the Office 365 apps.
  • Microsoft or Third Party apps configured with Federation based SSO – If an Azure admin has configured the app with single sign-on mode set to ‘Azure AD Single Sign-On’ then when a user clicks the app they will be automatically logged in assuming they have been explicitly granted access to that application.
  • Password based SSO without identity provisioning – These are applications the Azure admin has added with the single sign-on mode set to ‘Password based Single Sign-on’. It is important to realise that all users authenticated to the Azure AD will see these applications. The first time a user clicks one of these apps they will be asked to install a lightweight browser plugin for IE or Chrome. Once they restart the browser the next time they navigate to that app they will be asked to enter the username and password combination for that app. This is then securely stored in Azure AD and linked to their organisation account. The next time the user clicks that app they will be automatically signed in with the credentials they provided. Updating credentials in the third party app needs the user to update their Azure AD stored credentials from the context menu on the app tile.
  • Password based SSO with identity provisioning – These are applications the Azure admin has added with the single sign-on mode set to ‘Password based Single Sign-on’ as well as identity provisioning. The first time a user clicks one of these apps they will be asked to install a lightweight browser plugin for IE or Chrome. Once they restart the browser the next time they will be automatically signed in to the application.
  • Application with existing SSO solutions – These applications are configured with the sign-on mode set to ‘Existing Single Sign-on’. This options supports the existing methods of SSO such as ADFS 2.0 or whatever the third party application is using.

None of these sound like a ‘simple’ type of hyperlink navigation item do they? They all assume the need for some kind of sign-on or application.

So at the time of writing this article there is no way to add a simple static url into the icons. Microsoft might pull this feature in at some point in the future, but for now we need something sensible to help us implement it.

NB: When researching this challenge I did stumble upon one blog article which was suggesting using jQuery to inject items in the html of the App Launcher. While in reality the author had it working it would be something I’d steer well clear of for the following reasons:

  • Microsoft ‘own’ the UI/UX for the App Launcher which means they can make breaking changes any time they like leaving you with a broken implementation at best
  • The article could only get this to work across SharePoint Online as the author could inject the required script. This meant that users outside of SharePoint lost this set of icons in things like Exchange.

So where does that leave us? Simple really we need an application registered with our Azure Active Directory which can redirect the user.

Creating our redirection app

So we have two options for this, manually craft an Application and register it with our Azure AD Applications or use the Visual Studio tools to help. For this article we’ll opt for the Visual Studio root and rather explain what’s happening behind the scenes as we go.

So lets get going by cracking open Visual Studio 2013.

Lets create a new MVC Web Application called ‘SimpleRedirectorApp’ and click OK.

image

image

Lets be good citizens and change our app to use SSL. Change the Project property to SSL Enabled to true.

image

Then copy that URL into the properties page on the Web tab.

image

Save the project and run it.

At this point you should see the normal templated MVC page running on your localhost under SSL.

image

So at this stage we have a basic MVC web application up and running. Now lets switch into our Azure portal and take a look at the applications listing.

This is all the applications I have configured in the Azure Active Directory. You’ll notice from the screen shot below our new app is not yet listed in the applications and thus Azure and the App Launcher no nothing about it.

image

If we were doing this manually we would go through the steps to ‘Add’ the application here. For this run through we’re going to jump back to Visual Studio.

We are going to use the Office365 Tools to add a connected service which wire up our app the associated Azure AD for us.

So from the context menu of the project chose ‘Connected Service’.

image

Click ‘Register your app’.

image

Sign in with a user who is an Azure AD admin / Tenant admin which is normally one and the same.

image

This will then show you information about your application.

image

Click ‘App Properties’ and make any changes from single to multi tenant if you require.

image

Note that the URLs are being displayed which match where our App will run from at the moment. When you choose to publish these elsewhere for Production you update these values.

Now when this wizard finishes it has done a few things. Firstly its added a set of things to the web.config file to store the Client Id etc.

image

Next if we switch back to our Azure Portal you’ll see the App is now being listed.

image

Clicking in we can view the settings that have been made.

image

One of the things we can’t do from the Visual Studio tools is set the Logo for the App. This is important to do as it’s the visual icon in the App Launcher. So click the ‘Upload Logo’ from the menu bar.

image

Choose an image which matches the specifics in the dialog box. I’m going to be linking to my companies website so created a quick icon based on our logo.

image

Scrolling down you can see the URLs listed and the permissions the App needs to run. Notice at the moment we don’t ask for anything other than delegated permissions on the Azure AD to enable SSO and read the profile of the user. That’s all we need.

image

Once the App is configured we need to assign users to it so it shows up for them. So click the ‘Users’ tab and find the user you need to assign. As you can see from the screenshot I’m just going to assign myself it for now. Once highlighted click ‘Assign’ from the menu bar.

image

Now when you browse to your Office 365 tenant and open the ‘My Apps’ page you can see our new App listed. As you can see from the screen shot below.

image

At the moment we have to manually ‘pin’ this new app ourselves Sad smile hope Microsoft add features to do this from the portal at some point.

image

So now it shows up in the App Launcher. Hooray you say… click it and what happens… we get the boring old MVC default page in a new tab. (assuming you still left the app in debug, remember its localhost at the moment).

image

So only one more step to go. Lets make our App go where it should, to the all important public website.

Open the HomeController.cs and find the Index method.

Change it from this

image

To this

image

We changed the result object to the RedirectResult type and provide it the url of our public site.

Now rerun our localhost app and it should redirect straight to the website.

image

Now when we click the App from the App Launcher we get a new tab and the App handles the redirection to the specified site.

Happy stakeholder Smile

As I mentioned earlier one of the best things about this approach is that it is truly suite wide as you can see from the screen shot of the users Calendar below.

image

In a more detailed scenario you might want to add more features to the redirection app and make it configurable without hard coding, but this was the basic how to Smile.

Adding GitHub to the App Launcher

image.png

Lets start with a little background

One of the latest features released to Office 365 and Azure was the ‘App Launcher’. This feature (Microsoft Announcement) provided a consistent menu of applications that can be launched by the user. Azure Active Directory now provides an easy way to integrate to many SaaS platforms. It provides identity and access management features through the Azure portal and the Access Panel for users to discover apps they have access too. The App Launcher leverages the same underpinnings within Azure to provide the suite wide UX within Office 365.

Azure Access Panel

Information about setting up Application Access in Azure Active Directory can be found here: http://msdn.microsoft.com/en-us/library/azure/dn308590.aspx Another feature we won’t go through but is worth mentioning is the ‘Change Password’ feature on the profile tab.

This is a screen shot of my tenant Access Panel. You can browse to yours using: https://myapps.microsoft.com

image

The Access Panel can serve several different types of application:

  • Office 365 applications – If you are using Office 365 such as Exchange and SharePoint and the logged in user is assigned a license then these will appear. The user will be automatically signed in when they click any of the Office 365 apps.
  • Microsoft or Third Party apps configured with Federation based SSO – If an Azure admin has configured the app with single sign-on mode set to ‘Azure AD Single Sign-On’ then when a user clicks the app they will be automatically logged in assuming they have been explicitly granted access to that application.
  • Password based SSO without identity provisioning – These are applications the Azure admin has added with the single sign-on mode set to ‘Password based Single Sign-on’. It is important to realise that all users authenticated to the Azure AD will see these applications. The first time a user clicks one of these apps they will be asked to install a lightweight browser plugin for IE or Chrome. Once they restart the browser the next time they navigate to that app they will be asked to enter the username and password combination for that app. This is then securely stored in Azure AD and linked to their organisation account. The next time the user clicks that app they will be automatically signed in with the credentials they provided. Updating credentials in the third party app needs the user to update their Azure AD stored credentials from the context menu on the app tile.
  • Password based SSO with identity provisioning – These are applications the Azure admin has added with the single sign-on mode set to ‘Password based Single Sign-on’ as well as identity provisioning. The first time a user clicks one of these apps they will be asked to install a lightweight browser plugin for IE or Chrome. Once they restart the browser the next time they will be automatically signed in to the application.
  • Application with existing SSO solutions – These applications are configured with the sign-on mode set to ‘Existing Single Sign-on’. This options supports the existing methods of SSO such as ADFS 2.0 or whatever the third party application is using.

Full details about the Access Panel can be found here: http://msdn.microsoft.com/en-us/library/azure/dn308586.aspx

App Launcher

The App Launcher is the name for the UX within the Office 365 suite. The screen shot below shows the fly out menu active on my tenant. You can see all the apps that this user is assigned licenses for are visible, also admin as this user is a tenant admin.

image

You’ll also see the ‘My Apps’ option in the bottom right corner. This takes you to a fully immersive experience listing all your apps. As you can see from the screen shot below.

image

This page lists all the applications from Azure AD applications as well as anything you have installed within your OneDrive for Business site on SharePoint online.

Configuring GitHub through the App Launcher

So we’ve taken a whistle stop tour around the Azure AD Access Panel and App Launcher lets now look at how to add an application to it. For this article we’re going to look at providing our users SSO for GitHub. The Azure AD links above show how to connect up to all sorts like SalesForce, DropBox etc, but Microsoft’s latest code repository choice isn’t listed. As all the  Office Dev Code Samples these days live in GitHub it makes sense to provide a SSO implementation for your dev teams. Here’s how.

First thing to do is log into the Azure portal. You’ll see the connected Azure Active Directories listed. You might have several or just your Office 365 directory. You pick the one you want the application to show up in. In my example I’ll pick my main tenant.

image

When you click the required AD row it will switch into the dashboard for that AD service. As you can see by the screenshot below there are lots of different things you could do here, but we are going to focus on the ‘Applications’ tab only.

image

Clicking the ‘Applications’ tab shows the connected applications. In the screen shot you can see I’ve been busy with the Office 365 APIs Smile. Also note that this AD is connected to my Office 365 subscriptions so both Exchange and SharePoint are listed. These don’t have the same degree of settings available as other applications though.

image

So to add a new application click the ‘Add’ from the menu bar. This pops a light box as you can see below. There are two options, first is to add a custom application (a topic for a further article) which you are developing, the second to connect a service from the gallery. At the time of writing there are about 4500 services and applications available in the gallery so it’s worth having a peek through. GitHub is an existing service so we need to click ‘Add an application from the gallery’.

image

Rather than browse it will be easier to type ‘GitHub’ in the search box. You’ll see the below. So click the ‘tick’ button to confirm.

image

Now GitHub is connected to your Azure AD as an application. We now need to configure the SSO settings and assign some users.

image

Click the ‘Configure single sign-on’ button to setup the SSO for GitHub. The light box that pops up has two options, first is the Password Single Sign-on, the second is for existing Single Sign-on. Both are explained in more detail above. We are going to choose the ‘Password Single Sign-on’ to connect as we don’t already have anything else configured for SSO with GitHub. Click the ‘tick’ to confirm.

image

We have now configured our chosen method of SSO. It’s time to assign some users. So click the ‘Users’ tab. From here all the users in your AD are going to be listed so you probably want to search using the slightly hidden search feature on the table header far right to narrow down the view to users you want.

image

Once you have your desired user select them by clicking the row. And then choose ‘Assign’ from the menu bar.

image

The light box that pops up allows us to confirm that user is about to be assigned access via SSO to this application. The checkbox feature we’ll come back to later in the article, for now leave it unchecked. Click the ‘Tick’ to confirm.

image

So there we have it, in some fairly simple steps we have configured SSO with GitHub via our Azure Active Directory. Lets now take a look at the implications for the end user experience in both the Access Panel and App Launcher.

Access Panel user experience

Now GitHub will show up for the assigned user. In the screen shot you can see the new GitHub tile has appeared. It can sometimes take a few minutes to update and the page may display a refresh message when changes have happened that need to reload.

image

As mentioned earlier a user can maintain their stored credentials via the Access Panel. As you can see from the screen shot this option is available from the tile on the Access Panel.

image

Clicking for the GitHub App very first time from the Access Panel invokes the browser plugin installer as you can see from the screen shot below.

image

In this example I was using Chrome, so here are the pop ups which trigger the install.

image

Confirm the installation dialog.

image

Next time you click the GitHub App you will be asked to enter your credentials as Azure AD does not yet have any stored. Enter the desired credentials and click ‘Sign In’.

image

Now when you click it the Azure SSO will kick in via the browser extension and log you in with the stored credential. Blink and you’ll miss it though, took me five attempts to screen grab the login step.

image

And there you have it, signed in to GitHub with the SSO password.

image

App Launcher user experience

The Office 365 App Launcher MyApps page now sports the same GitHub icon under ‘My Apps’.

image

Clicking for the GitHub App very first time from the My Apps page invokes the browser plugin installer as you can see from the screen shot below.

image

The next time you click the GitHub App the same SSO process as above is invoked and you get signed in.

One feature of the App Launcher which the Access Panel can’t do is allow the user to pin the App to the flyout menu. To do this navigate to the ‘My Apps’ page and from the context menu of the app click ‘Pin to app launcher’ as you can see in the screen shot below.

image

As you can see this then pins that app to your App Launcher menu.

image

Other stuff worthy of a mention

App Launcher where a user has no App assignment

Below is a screen shot of a different user within the same tenant and Azure AD who doesn’t have GitHub assigned as an App. As you can see their ‘My Apps’ page doesn’t list it.

image

Assigning a credential on behalf of a user in the Azure Portal

We mentioned the checkbox earlier. If you wanted to set the username and password during assignment check the checkbox and you get the option to enter the credentials on behalf of the user.

image

So why is this important? Well consider situations where you don’t want a user knowing or setting the credential. For example a situation where the organisation has a marketing twitter account. You can now provide SSO for the marketing team by setting up their credential on their behalf. They can still obviously change it in Twitter but it removes the need to email everyone the password.

Removing a user app assignment

Removing the user assignment is as easy as selecting them and clicking ‘Remove’ from the menu bar.

image

App dashboard

Another thing work mentioning is the App dashboard. Here you can see the login activity and some basic information about the app. What is really useful though is the Single Sign-on url. This is a unique url for this SSO’d app and pasting it in effectly jumps the Access Panel or App Launcher steps and navigates directly through the sign-on process. This would be useful if you are considering email or Yammer posts with links directly to the application.

image

Conclusion

Hopefully you’ve found this useful Smile and seen how easy it is to take advantage of the SSO features to improve your user experience.

So we now have GitHub easily available to all the assigned users, probably starting with the dev team.