Making SENSE OF M365 Sharepoint

Sharepoint was well known as difficult to administer on an “on-premises” server. So prior to the advent of a cloud-based version of Sharepoint, a small organisation with a need for a searchable location for internal content would be looking elsewhere.

I found that Dokuwiki was a good alternative. It’s simple and reliable, but with some drawbacks:

Although it’s really quite easy to edit, people aren’t familiar. Unless they’re enthusiasts they won’t take time to learn how. So my hopes that the wiki would become a “one stop shop” for the organisation began to fade.

Added to that, the “look and feel” of Dokuwiki is plain and simple – which I like, it’s easier to scan. Unfortunately, general users are more likely to use a wiki that’s attractive to the eye.

The cost of Dokuwiki (free) was a big plus point, but even a basic Microsoft 365 business package now offers Sharepoint along with other essentials, so the saving is much less than previously.

What tipped me over the edge in deciding to migrate to Sharepoint was the fact that it’s written in PHP. This is a language I disliked from the first time I saw it. Many important web sites are written in PHP, so it doesn’t mean that Dokuwiki’s reliance on PHP really is a problem of course; it was more about my strategy for a small company, favouring “one stop shop”, over “best of breed”. If I can get Doku admin and security updates off my todo list, it’s more efficient, although there’s definitely a lot to learn before working with M365 is second nature.

This blog is for reference and will cover some of the basics. It’s a work in progress, which I’ll add to and correct as I gain experience with M365 Sharepoint. Here’s an intro to Sharepoint wikis.

Here’s the first draft of a collection of links on the various bits of MS365 Sharepoint:

About admin roles

Web Site
Create a Site

Team Site (or team collaboration site)

Communication Site
(More for communication than collaboration)
Use the SharePoint team collaboration site template

Home Site
A home site is a SharePoint communication site that you create and set as the top landing page for all users in your intranet.
(using the GUI)
How to make any SharePoint page the new homepage
(using PowerShell)
Connect to all Microsoft 365 services in a single PowerShell window
Get started with SharePoint Online Management Shell

Site Page
This is like a web page, more compex than a Wiki Page

Wiki Page
The wiki page is simpler and compact. A collection of links doesn’t take up much space, so it can be scanned more easilyh

Web Part Page

Web Parts
Using web parts on SharePoint pages

Teams/Channels
Channels belong to teams, they’ll be based on a topic that the team needs to discuss.

Sharepoint Apps
Knowledge Base
Document Libraries

Security
Multi-Factor Authentication

Documents are files that you can store in OneNote

Email
Configure mailboxes
Microsoft 365 admin centre > …Show All> Exchange Admin Center>Mailboxes

About shared mailboxes

Microsoft Teams
Note: it appears Firefox doesn’t support MS Teams, an alternative browser must be used.
Manage Meetings
May receive an error if third-party cookies are blocked:
Microsoft Teams is stuck in a login loop in Edge, Internet Explorer or Google Chrome

The Microsoft Exchange Server Attack

How serious is it?

The attack has been going on for some time, and the fix for it was only issued recently. The advice is that companies running the software targeted by this attack should assume it was successful. In other words, there’s not much gain in trying to find out whether the malicious files are in the system, they probably are.

The focus should be on fixing the problem. Unfortunately once the hackers are into a system they can do lots of things to make it harder to remove or disable their malicious software. So this story will run for some time.

What software is affected?

This Bulletin from Microsoft lists a number of versions of Microsoft Exchange Server with the problem.

Am I running this software?

If you’re a member of the public or a small organisation, unlikely. Email is probably a service you pay Google, Microsoft, or some other company to provide. They fix any problems.

If you ran Microsoft Exchange Server, you’d need an extra physical computer (server) somewhere. If there was a problem with your email, you’d have to reboot it, change some settings, install software or something similar. So it’s server software, for organisations that provide an email service.

Members of the public are email service clients. They don’t need server software.

Does it affect me?

If you’re not running the software it doesn’t mean that you can’t be affected.

You probably send and receive emails to and from many companies. Many of them don’t run Microsoft Exchange Server because it’s much easier to pay someone like Microsoft to provide email services, but there’s work involved in switching from “on premises” (your own machine) to the “cloud” (a service provided to you).

Some companies haven’t got round to that, or prefer to have control of the service by running it on their own computer.

Breaking into the email systems of these companies will give the attackers lots of data, which could mean that you start receiving spam emails. Links in those emails might contain links to malicious “phishing” sites that look like web sites you already use. The email might contain an attachment that will damage your computer.

If the attacker is able to capture more data about you than just your email address, they could launch a “spear phishing” attack. This means adding more details to the email to gain your trust. They could make the email look like it’s come from someone you know, and the message may contain genuine information to convince you that it’s not a scam.

What can I do?

Suspect all incoming emails, even when they seem to be from someone you know. We received a dodgy-looking message recently. We Googled the text from the message and it was very similar to a scam that’s doing the rounds. We then tested it using VirusTotal, a free service owned by Google that will run more than 80 scanners over a link (testing attachments is a bit more complicated than I can deal with here, but also worth looking at). Here’s what we saw:

So we never visited the malicious site, we knew it definitely was a scam.

Does it affect Microsoft themselves?

The news story is about on-premises users of Microsoft Exchange Server, not about Microsoft’s email services. As far as I know they are not affected, and with their resources they’re much harder to beat than private companies. There’s little you could do about that and no real point in worrying.

So what do you know about this?

I’m a developer not a security specialist, but I’m fairly well informed about security. This blog post is written for a general audience, which is why there’s not much technical detail. If that’s what you want you’ll need to read what Microsoft has to say and consult the usual security blogs and podcasts.

New Direction

This blog is waking up as something different. I’ve been doing less coding, spending more time writing marketing copy and working with an early startup which should launch soon. So there’s going to be business as well as technical content, and the view on tech will be from a higher level.

I’m glad the old technical posts are still being read and I’ll leave them up. People who find them useful will probably be less interested in the new material, but I hope others may like it.

Whichever group you’re in, thanks for reading this.

Transact-Sql Toolkit

It’s time to deal with the “character” issue. Reader, I’m going to pre-empt you by acknowledging that there’s something not quite right about me. I’ve never seen The Matrix or read Lord of the Rings. I don’t want permissions in Production apart from read-only ones (if somebody dropped a table, I want it to be impossible for that somebody to be me). And… I like programming tools – but only if the setup is worth the effort and they don’t need a lot of tweaking afterwards. Continue reading Transact-Sql Toolkit →

Holiday Support Rota

Christmas is not too far away now, and I would like to dedicate this haiku to any of my Oracle developer and DBA friends working the holiday period, and who may be from their beds “untimely ripped” to fix something or other: Continue reading Holiday Support Rota →