Archive

Archive for the ‘https’ Category

TCP/IP Ports of SharePoint 2016

January 24, 2017 Leave a comment

SharePoint 2016 huh?!
(Long time since I last posted anything real here…)

Actually, this post is by popular demand 🙂 This is the 2016 version of the post a wrote when SHarePoint 2013 was new, as you can see, not much has changed…I have updated a few lines with what I know now that I did not know then, thats it. Please let me know if I missed something.

The recommended approach is to create a GPO with these firewall rules and apply that rule to the SharePoint servers in your farm. Add all of them, best that way to avoid extreme t-shooting in the future.

Another but related recommendation is to configure the Loopback check funktion in Windows server to allow the FQDN’s of your web applications (Use the Loopback check tool).

List of ports used by SharePoint 2013 and its related services.
Reference links at the end.

Protocol Port Usage Comment
TCP 80 http Client to SharePoint web server traffic
(SharePoint – Office Online Server/Office Web Apps communication)
TCP 443 https/ssl Encrypted client to SharePoint web server traffic
(Encrypted SharePoint – Office Online Server/Office Web Apps communication)
TCP 1433 SQL Server default communication port. May be configured to use custom port for increased security
UDP 1434 SQL Server default port used to establish connection May be configured to use custom port for increased security
TCP 445 SQL Server using named pipes When SQL Server is configured to listen for incoming client connections by using named pipes over a NetBIOS session, SQL Server communicates over TCP port 445
TCP 25 SMTP for e-mail integration Cannot in 2016 be configured (Use SMTP ports other than the default (25).)
TCP 16500-16519 Ports used by the search index component Intra-farm only
Inbound rule Added to Windows firewall by SharePoint. (GPO may override this change)
TCP 22233-22236 Ports required for the AppFabric Caching Service Used by the Distributed Cache…
TCP 808 Search – Query processing component
Windows Communication Foundation communication
Search – Query processing component
(WCF)
TCP 32843 Communication between Web servers and service applications http (default) To use custom port, see references section
Inbound rule Added to Windows firewall by SharePoint
TCP 32844 Communication between Web servers and service applications https
Inbound rule Added to Windows firewall by SharePoint
TCP 32845 net.tcp binding: TCP 32845 (only if a third party has implemented this option for a service application)  Custom Service Applications
Inbound rule Added to Windows firewall by SharePoint
TCP 32846 Microsoft SharePoint Foundation User Code Service (for sandbox solutions)  Inbound on all Web Servers
Inbound rule Added to Windows firewall by SharePoint
Outbound on all Web and App servers with service enabled.
TCP 636 User Profile Synchronization Service/Active Directory Import Synchronizing profiles between SharePoint 2016 and AD using SLDAP (Secure LDAP)
TCP 5725 User Profile Synchronization Service Synchronizing profiles between SharePoint 2016 and Active Directory Domain Services (AD DS)
TCP + UDP 389 User Profile Synchronization Service LDAP Service
TCP + UDP 88 User Profile Synchronization Service Kerberos
TCP + UDP 53 User Profile Synchronization Service DNS
UDP 464 User Profile Service Kerberos change password
TCP 809 Office Online Server/Office Web Apps Office Online Server/Office Web Apps intra-farm communication.

References:

Security for SharePoint Server 2016
https://technet.microsoft.com/en-us/library/mt683473(v=office.16).aspx

TCP/IP Ports of SharePoint 2013
https://blog.blksthl.com/2013/02/21/tcpip-ports-of-sharepoint-2013/

 


___________________________________________________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Advertisements

Office 365 – DTD is prohibited in this document issue

April 16, 2015 1 comment

 

 

 

 Office365logo       SP2013logo

Got trouble Connection PowerShell to SharePoint online? This could be the resolution to your troubles.
I had this myself, or we had it in our Company tenant. This is what the issue was and this is how I fixed it:

When trying to connect to PowerShell for SharePoint Online, using the Connect-SPOService command, we got a error that did not tell us anything.

PS dtd error 1

The error is:
Connect-SPOService : For security reasons DTD is prohibited in this document. To enable DTD processing set DtdProcessing property on XmlReaderSettings to Parse and pass the settings into XmlReader.Create method.

Well, its almost a joke right…
When searching the web for information on this particular, I struck zero…all I could find related to the ISP and the default search provider something. I quickly dismissed them as unrelated.
Then after some time had passed, I found a similar issue, this seemed related and it was a connectivity issue same as mine (If I still had the link I would give credit to where credit is due). This fellow had resolved the issue by adding a missing DNS record.
This made me think, since our tenant has existed since way Before Office 365 existed (BPOS) perheps we were also missing some of the required DNS records?
I checked with my collegues, and apparently we were missing the record as well.

So, if you ever see or get the ‘DTD prohibited’ issue, remember to check the DNS for the following record:

Type: CNAME
Alias: MSOID
Target: clientconfig.microsoftonline-p.net
Info: Used by Office 365 to direct authentication to the correct identity platform More Information

After I added this to DNS, Connect-SPOService works just fine!

SPO-Connect

 

Microsoft’s official explaination on the DNS record:
What’s the purpose of the additional Office 365 CNAME record?

When you run a client application that works with Office 365 such as Lync, Outlook, Windows PowerShell or Microsoft Azure Active Directory Sync tool, your credentials must be authenticated. Office 365 uses a CNAME record to point to the correct authentication endpoint for your location, which ensures rapid authentication response times.If this CNAME record is missing for your domain, these applications will use a default authentication endpoint in the United States, which means authentication might be slower. If this CNAME record isn’t configured properly, for example, if you have a typo in the Points to address, these applications won’t be able to authenticate.

If Office 365 manages your domain’s DNS records,, Office 365 sets up this CNAME record for you.

If you are managing DNS records for your domain at your DNS host, to create this record, you create this record yourself by following the instructions for your DNS host.

 

References and Credits
Nope, not this time…Credits & many thanks to To all of you.

_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Office 365 guide series – Function to resolve a users OneDrive for Business URL

February 24, 2015 Leave a comment

 Office365logo       SP2013logo

Hi SharePoint Online PowerShellers!

This time I will give you a Quick but great function to use if you are working with OneDrive for Business:

Function to resolve a users OneDrive for Business URL

Aggklockax

Simple solution, great to have, unbelievably efficient…

Ok, this is perhaps my shortest post ever…I’ll just explain real Quick.
OneDrive for Business gets it URL from the tenantname and the users UserPrincipalName. Creating this every time can be troublesome…
This is what I use, a function I created last summer when I was tired of doing them one at the time…

It works even with users that have a different domain in the UPN than what is the tenant name.
This is it:

Function GetODfBURL($UserPrincipalName, $TenantName)
# Creates a correct ODfB URL from email and TenantName/OrgName, returns URL as a String
{
    # ConStructing OneDrive personal URL from the UPN/Email address
    $StrUser = $UserPrincipalName
    $pos= $StrUser.IndexOf("@")
    $len = $StrUser.Length -1
    $StrUser = $StrUser.SubString(0, $pos)
    $StrUser = $StrUser -replace "\.", "_"
    $Orgpos = $pos + 1
    $Orglen = $len - $pos
    $StrOrg = $UserPrincipalName.SubString($Orgpos, $Orglen)
    $StrOrgNamePos = $StrOrg.IndexOf(".")
    $StrOrgName = $StrOrg.SubString(0, $StrOrgNamePos)
    $StrOrgSuffixPos = $StrOrgNamePos +1
    $StrOrgNameLen = $StrOrg.Length - $StrOrgSuffixPos
    $StrOrgSuffix = $StrOrg.SubString($StrOrgSuffixPos, $StrOrgNameLen)
    $StrOrg = $StrOrg -replace "\.", "_"
    $PersonalOrgURL = "https://" + $TenantName + "-my.sharepoint.com/personal/"
    $SiteUrl= $PersonalOrgURL + $StrUser
    $SiteUrl= $SiteUrl+ "_" + $StrOrg
    return $SiteUrl
}
$ODfBURL = GetODfBURL "thomas.balkestahl@blksthl.se" "blksthl"

This will give the URL: https://blksthl-my.sharepoint.com/personal/thomas_balkestahl_blksthl_se

Thats it. Use it or not 🙂

 

 

References and Credits


Nope, not this time…

Credits & many thanks to

To all of you.

_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Office 365 guide series – Verify Provisioned OneDrives using PowerShell

August 8, 2014 2 comments

 Office365logo       SP2013logo

Hi SharePoint Online administrators!

This time I will show you how to:

Verify if a provisioned OneDrive for Business site was provisioned.

AminneBrukx

 Is this really right…? What did they…(Åminne bruk, Värnamo, Sweden)

 

If you followed my previous post, Office 365 guide series – Provision OneDrive for Business using PowerShell then you will mst likely have a bunch of sites that you Think you have provisioned and are not really sure if it worked?
There are obviously ways to verify manuelly but if the list of users was long, then that is not the funniest work out there…

I suggest you use this script instead…:-)

If you have a single emaildomains in your oranization use the first one, if you have multiple emaildomains, use the second.
All you have to do is copy or retype the script to a Prompt/ps1 or ISE session, then run the script. You have the option to save some time by entering your account name in the script(see start)

 

1. Script 1 Use this script if your organization only uses one domainname as email domain. For example, if you use only ‘contoso.com’ then you should use this script.
2. Script 2 Use this script if your organization only uses multiple domainnames as email domains. For example, if you use ‘contoso.com’, ‘microsoft.com’, northwindtraders.com’ as UPN names within your O365 tenant, then use this script. You will here be asked for the domain used in the O365 tenant address.
3. Example 1 Example of a usecase with multiple emaildomains and script 2.
4. Example 2 Example of a usecase with a single emaildomain and script 1.

Note: If you copy paste the code from here into a PowerShell promt or ISE, please verify that all quotes and doublequotes are copied correctly, character coding may cause problems. 

 

Single email domain in your oranization:

***** SCRIPT 1 STARTS HERE *****

#
# By Thomas Balkeståhl - http://blog.blksthl.com
#
$o365cred = Get-Credential -Username "thomas.balkestahl@cramo.onmicrosoft.com" -Message "Supply a Office365 Admin"
$Userlist = read-host "submit your list of users that have been provisioned"
$Userlist = $Userlist -replace " ", ""
$Emails = $userlist -split ","
#Splitting list into Array
Foreach($Email in $Emails)
{
    # Constructing URL from the UPN/Email address
    $struser = $Email
    $pos= $strUser.IndexOf("@")
    $len = $struser.Length -1
    $strUser = $strUser.SubString(0, $pos)
    $strUser = $strUser -replace "\.", "_"
    $orgpos = $pos + 1
    $orglen = $len - $pos
    $strOrg = $Email.SubString($orgpos, $orglen)
    $strOrgNamePos = $strOrg.IndexOf(".")
    $strOrgName = $strOrg.SubString(0, $strOrgNamePos)
    $strOrgSuffixPos = $strOrgNamePos +1
    $strOrgNameLen = $strOrg.Length - $strOrgSuffixPos
    $strOrgSuffix = $strOrg.SubString($strOrgSuffixPos, $strOrgNameLen)
    $strOrg = $strOrg -replace "\.", "_"
    $PersonalOrgURL = "https://" + $strOrgName + "-my.sharepoint.com/personal/"
    $SiteUrl= $PersonalOrgURL + $strUser
    $SiteUrl= $SiteUrl+ "_" + $strOrg
    write-host "Verifying user:" $Email
$HTTP_Request = [System.Net.WebRequest]::Create($SiteUrl)
$HTTP_Request.UseDefaultCredentials = $true
$HTTP_Request.Credentials = $o365cred
try {
    $HTTP_Response = $HTTP_Request.GetResponse()
}
catch [System.Net.WebException] {
    $HTTP_Response = $_.Exception.Response
}
$HTTP_Status = $HTTP_Response.StatusCode
If ($HTTP_Status -eq 200 -or $HTTP_Status -eq 403 )   { 
    Write-Host -ForegroundColor Green "Site for user $Email exists!" 
}
Else {
    Write-Host -ForegroundColor Yellow "The OneDrive site for user $Email does not respond, try again later or provision it again"
}
$HTTP_Request = $null
$HTTP_Response = $null
$HTTP_Status = $Null
}

***** SCRIPT 1 ENDS HERE *****

If you have multiple email domain in your oranization, use this second script:
***** SCRIPT 2 STARTS HERE *****

#
# By Thomas Balkeståhl - http://blog.blksthl.com
#
$O365Admin = read-host "Supply your Office 365 Admin username(UPN)"
# Add you admin account below, uncomment and comment out the line above to save time...
# $O365Admin = "admin.user@domain.com"
$o365cred = Get-Credential -Username $O365Admin -Message "Supply a Office365 Admin"
$strO365OrgName = read-host "submit your O365 orgname (Only organization, like 'contoso')"
$Userlist = read-host "submit your list of users that have been provisioned"
$Userlist = $Userlist -replace " ", ""
$Emails = $userlist -split ","
#SPlitting list into Array
Foreach($Email in $Emails)
{
    # Constructing URL from the UPN/Email address
    $struser = $Email
    $pos= $strUser.IndexOf("@")
    $len = $struser.Length -1
    $strUser = $strUser.SubString(0, $pos)
    $strUser = $strUser -replace "\.", "_"
    $orgpos = $pos + 1
    $orglen = $len - $pos
    $strOrg = $Email.SubString($orgpos, $orglen)
    $strOrgNamePos = $strOrg.IndexOf(".")
    $strOrgName = $strOrg.SubString(0, $strOrgNamePos)
    $strOrgSuffixPos = $strOrgNamePos +1
    $strOrgNameLen = $strOrg.Length - $strOrgSuffixPos
    $strOrgSuffix = $strOrg.SubString($strOrgSuffixPos, $strOrgNameLen)
    $strOrg = $strOrg -replace "\.", "_"
    $PersonalOrgURL = "https://" + $strO365OrgName + "-my.sharepoint.com/personal/"
    $SiteUrl= $PersonalOrgURL + $strUser
    $SiteUrl= $SiteUrl+ "_" + $strOrg
    write-host "Verifying user:" $Email
$HTTP_Request = [System.Net.WebRequest]::Create($SiteUrl)
$HTTP_Request.UseDefaultCredentials = $true
$HTTP_Request.Credentials = $o365cred
try {
    $HTTP_Response = $HTTP_Request.GetResponse()
}
catch [System.Net.WebException] {
    $HTTP_Response = $_.Exception.Response
}
$HTTP_Status = $HTTP_Response.StatusCode
If ($HTTP_Status -eq 200 -or $HTTP_Status -eq 403 )   { 
    Write-Host -ForegroundColor Green "Site for user $Email exists!"
}
Else {
    Write-Host -ForegroundColor Yellow "The OneDrive site for user $Email does not respond, try again later or provision it again"
}
$HTTP_Request = $null
$HTTP_Response = $null
$HTTP_Status = $Null
}

***** SCRIPT 2 ENDS HERE *****

Example 1

Multiple emaildomains
O365 Orgname: contoso
Users: test.user1@contoso.com, test.user2@northwind.com, test.user3@contoso.com, test.user4@contoso.com, test.user5@contoso.com

PS1

Like you can see, the list contains users with different emaildomains, contoso and northwind. THe submitted O365 orgname is however used to verify the OneDrive site, contoso.
In this example, the user test.user@contoso.com does not seem to have the OneDrive site provisioned.

Example 2

Single emaildomain
Users: test.user1@contoso.com, test.user2@contoso.com, test.user3@contoso.com, test.user4@contoso.com, test.user5@contoso.com

PS2

Like you can see, the list contains users with only contoso as emaildomain.
In this example, the user test.user2@contoso.com does not seem to have the OneDrive site provisioned. Try to provision again/verify manuelly.

References and Credits


Office 365 guide series – Provision OneDrive for Business using PowerShell
https://blog.blksthl.com/2014/08/07/office-365-guide-series-provision-onedrive-for-business-using-powershell/

 

Credits & many thanks to

Jörgen Andersson, Xperta

Always, Mattias Gutke at CAG

 

SP2013logo

_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Office 365 guide series – Provision OneDrive for Business using PowerShell

August 7, 2014 23 comments

 Office365logo       SP2013logo

Hi SharePoint Online administrators!

This time I will show you how to:

Provision OneDrive for Business using only PowerShell.

Lisebergx

Get the people up there…into the Clouds…(Liseberg, Gothenburg, Sweden)

Time to roll out OneDrive for Business in the Enterprise? Or maybe you just want to implement OneDrive for Business in a controlled way, and you may not be a hardcore developer either.

If you want to do any kind of preparation before letting the users into their OneDrives, then you will need to have them created/provisioned first, after that you can go ahead and give yourself permission (separate blogpost) and migrate a users files (separate blogpost), preconfigure, brand, and so on.
I have in this guide tried to offer a way to provision the OneDrive for Business to your users in a way that do not require you to know C#, Visual Studio or any development at all, how does that sound? All you need to do is follow this guide to the letter, and you will be sucessfull.

The only way I have found so far to provision a users OneDrive for Business as a administrator is to use code developed by the Office AMS Community Project. This includes among other things, a great Visual Studio sample Project for provisioning users OneDrive for business, and this is really spot on. But…it is not that easy to get going, for a non-developer it may prove to be impossible.

I have used code developed in the samples but I will only use PowerShell to execute it. This is what will make it easy for others (such as you?) to use.
The Office AMS Project also includes the SharePoint client assemblies needed to do anything with SPO using CSOM, Client Side Object Model(Code executed on the client).

In order to get started provisioning your users OneDrive for Business sites(or we can just as well call them MySites, since this is wat they really are…), you just follow these steps:

Quickguide

1. Download Download and unpack the Office App Model Samples from Codeplex, last tested version is currently 2.0 found here: DOWNLOAD Office AMS.
2. Get assemblies Locate the Microsoft.sharepoint.client assembles in the unpacked Office App Model Samples folders, located in <unpack location>\Office App Model Samples v2.0\Assemblies\16\ Copy the files Microsoft.SharePoint.Client.dll, Microsoft.SharePoint.Client.UserProfiles.dll and Microsoft.SharePoint.Client.Runtime.dll and put them in a folder of your choice, I used C:\Temp\ in my sample. (You can also leave the files as is, but then you have to alter the PowerShell code to reference the path in the Office AMS folders)
3. Run the script In a PowerShell prompt/ISE running as admin, run the PowerShell script available below andHERE (Download as Word file), this will load the code needed to access SPO and start provisioning. (Verify and update if needed the $MyAssemblies line at the very bottom)
4. Execute Execute the code in your PowerShell prompt/ISE running as admin (It has to be the same prompt/ISE used to execute the script), use this syntax: Syntax: [OneDriveforBusiness.Provision]::Execute(<SharePointAdminURL>,<GlobalTenantAdminAccount>,<AdminAccountPassword>,<ListofUsersEmailSeparatedbyCommas>)
5. Done – Verify… Done! Verify that the sites have been provisioned by entering the address in your browser of choice.
References/Credits Reference links and credits

 

The detailed Guide:

1. Download

 

New!
Download the latest version of SharePoint Server 2013 Client Components SDK x86 or x64. This SDK contains the dll’s needed.
During the install, the dll’s will be added to the following path:
C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI\

Download the latest version (Office App Model Samples 2.0 – July 2014 – Update 1) of the Office App Model Samples, the Project has been renamed to the more formal Office365 Developer Patterns & Practices but it is still the same.
The last tested version is currently 2.0 found here: DOWNLOAD Office AMS

 

Back to Menu

2. Get the assemblies

Unpack the files to a location of choice. (The files will ironically enough not synch very well if stored in a OneDrive for Business synchronized folder – long path among other issues).
Locate the ‘assemblies\16’ folder, in this folder you will find the 3 files we need, Microsoft.SharePoint.Client.dll, Microsoft.SharePoint.Client.UserProfiles.dll and Microsoft.SharePoint.Client.Runtime.dll. Either you put these Three files in a better location, or you make a note of the path to the folder.

Back to Menu

3. Run the script

Start a PowerShell prompt/ISE running as administrator. This is where all the magic will happen. Copy the powershell script below, or download the scriptfile HERE (Word file), then add the script to the Prompt/ISE.
Before executing the script, you will need to alter one thing, the path to the assembly files. Update the line where we give a value to the $MyAssemblies to reflect where you have your SharePoint.client dll files. This is crucial since the code needs to be able to access these asseblies during execution.

$MyAssemblies = (‘C:\Temp\Microsoft.SharePoint.Client.dll’,’C:\Temp\Microsoft.SharePoint.Client.Runtime.dll’,’C:\Temp\Microsoft.SharePoint.Client.UserProfiles.dll’,’System’,’System.Security’)

Unless you have stored your SharePoint.client.dll’s in C:\Temp folder, you will have to update the Three paths to reflect where the files are stored. Example:

$MyAssemblies = (‘C:\Users\Thomas\Documents\Office App Model Samples v2.0\Assemblies\16\Microsoft.SharePoint.Client.dll’,’C:\Users\Thomas\Documents\Office App Model Samples v2.0\Assemblies\16\Microsoft.SharePoint.Client.Runtime.dll’,’C:\Users\Thomas\Documents\Office App Model Samples v2.0\Assemblies\16\Microsoft.SharePoint.Client.UserProfiles.dll’,’System’,’System.Security’)

Once this is done, you can go ahead and execute the script.

HERE (Download as Word file)

# By Thomas Balkeståhl - blog.blksthl.com August 6 2014
#
# 1. Run script to load the C# code into the Assembly
# 2. Execute using the following syntax:
#
# Syntax:  [OneDriveforBusiness.Provision]::Execute(<SharePointAdminURL>,<GlobalTenantAdminAccount>,<AdminAccountPassword>,<ListofUsersEmailSeparatedbyCommas>)
# Example: PS C:\> [OneDriveforBusiness.Provision]::Execute("https://donkeymind-admin.sharepoint.com","globaladmin@donkeymind.com","MyVerySecretPassWord1!","user1@donkeymind.com,user2@donkeymind.com,user3@donkeymind.com")
# Input:            
# adminurl = The Tenanat Admin URL for your SharePoint Online Subscription, example: "https://donkeymind-admin.sharepoint.com".
# adminuser = The Credentials of the user who has tenant admin permission, example: "admin@donkeymind.com".
# password = The password in cleartext to your tenant admin account(I know, not ideal...but it was a quick and dirty to make it work).
# users = The email IDs for users who's personal site you want to create in the form of a comma-separated string, example: "user1@donkeymind.com,user2@donkeymind.com,user3@donkeymind.com". Do not enter more than 200 users at a time.
$MyCSharpSource = @" 
using Microsoft.SharePoint.Client;
using Microsoft.SharePoint.Client.UserProfiles;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security;
using System.Text;
using System.Threading.Tasks;
namespace OneDriveforBusiness
{
    public class ProvisionOneDrive
    {
        public static void Execute(string adminurl, string adminuser, string password, string users)
        {
        
            string siteUrl = adminurl;
            string userName = adminuser;
        
            SecureString pwd = GetPassword(password);
            string[] emailIds = GetEmailId(users);
            /* End Program if no Credentials */
            if (string.IsNullOrEmpty(userName) || (pwd == null) || emailIds == null || string.IsNullOrEmpty(siteUrl))
                return;
            SharePointOnlineCredentials _creds = new SharePointOnlineCredentials(userName, pwd);
            CreatePersonalSiteUsingCSOM(_creds, siteUrl, emailIds);
            Console.Read();
        }
        public static SecureString StringToSecure(string nonSecureString)
        {
            SecureString _secureString = new SecureString();
            foreach (char _c in nonSecureString)
                _secureString.AppendChar(_c);
            return _secureString;
        }
        // tenantAdminUrl = The Tenanat Admin URL for your SharePoint Online Subscription
        // spoCredentials = The Credentials of the user who has tenant admin permission.
        // emailIDs = The email IDs for users whos personal site you want to create.
        public static void CreatePersonalSiteUsingCSOM(SharePointOnlineCredentials spoCredentials, string tenantAdminUrl, string[] emailIDs)
        {
            using (ClientContext _context = new ClientContext(tenantAdminUrl))
            {
                try
                {       
                    _context.AuthenticationMode = ClientAuthenticationMode.Default;
                    _context.Credentials = spoCredentials;
                    ProfileLoader _profileLoader = ProfileLoader.GetProfileLoader(_context);
                    _profileLoader.CreatePersonalSiteEnqueueBulk(emailIDs);
                    _profileLoader.Context.ExecuteQuery();
                    Console.Write("Provisioning of the users supplied has been initiated, please allow for the provisioning to finish, this can take up to 5 minutes.");
                }
                catch (Exception _ex)
                {
                    Console.WriteLine(string.Format("Provisioning failed, find the problem and try again. The error message is {0}", _ex.Message));
                }
            }
        }
        
        public static SecureString GetPassword(string password)
        {
            SecureString sStrPwd = new SecureString();
            foreach (char ch in password) sStrPwd.AppendChar(ch);
            return sStrPwd;
        }
        public static string[] GetEmailId(string users)
        {
            string[] emailID;
            try
            {
                string Output = "Provisioning the supplied list of users: " + users;
                Console.WriteLine(Output);
                string emailInput = users;
                if (!string.IsNullOrEmpty(emailInput))
                {
                    emailID = emailInput.Split(new char[] { ',' });
                    return emailID;
                }
                else
                {
                    return null;
                }
            }
            catch (Exception e)
            {
                Console.WriteLine(e.Message);
            }
            return null;
        }
    }
}
"@
$ass1 = [System.Reflection.Assembly]::LoadFile("c:\temp\Microsoft.SharePoint.Client.dll") 
$ass2 = [System.Reflection.Assembly]::LoadFile("c:\temp\Microsoft.SharePoint.Client.Runtime.dll") 
$ass3 = [System.Reflection.Assembly]::LoadFile("C:\temp\Microsoft.SharePoint.Client.UserProfiles.dll")
$MyAssemblies = @( $ass1.FullName, $ass2.FullName,$ass3.Fullname,"System","System.Core","System.Security")
Add-Type -ReferencedAssemblies $MyAssemblies -TypeDefinition $MyCSharpSource -Language CSharp -PassThru

HERE (Download as Word file)

Back to Menu

4 Executing the provisioning code

ISE2

We have now loaded the code into memory (a .NET Framework class in your Windows PowerShell session), where it will be available just like if we had created a C# DLL and loaded it into the GAC. Remember though, the code is now static and connot be altered. If you need to make any Changes, have a look in the references section where I will show how to be able to alter the code after it has been loaded once.

Now, we have to call on the code laoded into memory, this is done from the same prompt/ISE used to load the code, the code only exists in that prompt session so it will not be available in any other prompt.

Use the following syntax to execute:

Syntax: [OneDriveforBusiness.ProvisionOneDrive]::Execute(<SharePointAdminURL>,<GlobalTenantAdminAccount>,<AdminAccountPassword>,<ListofUsersEmailSeparatedbyCommas>)

Example: PS C:\> [OneDriveforBusiness.ProvisionOneDrive]::Execute(“https://donkeymind-admin.sharepoint.com&#8221;,”globaladmin@donkeymind.com”,”MyVerySecretPassWord1!”,”user1@donkeymind.com,user2@donkeymind.com,user3@donkeymind.com”) 

What you need to supply when running the code, is your SharePoint online admin address, a tenent admin account and password, plus a list of emailadresses to the users that will be provisioned with a OneDrive for Business.

Start by typing in this:

[OneDriveforBusiness.ProvisionOneDrive]::Execute

ISE4

What this does is call the code we just loaded from PowerShell, The Namespace is OneDriveforBusiness, the Class is ProvisionOneDrive and finally, the void or function is Execute.

<SharePointAdminURL>: The Admin address is available if you go the the Admin/SharePoint administration web. This will be visible in the address field of your browser:

Admin1x

Admin0x

Note the address: https://donkeymind-admin.sharepoint.com.

<GlobalTenantAdminAccount>: An account that is a global Office 365 Tenant Administrator.
The account must have this setting in Office 365 Admin Center/Users & Groups – User object:

Parameters1x

<AdminAccountPassword>: The password of the <GlobalTenantAdminAccount>. This will be entered in cleartext, not the ideal security solution but this is the only way I could solve it.
(Suggestions on how to prompt for the password in a secure way is welcome!)

<ListofUsersEmailSeparatedbyCommas>: This is the users that will have provisioned with OneDrive for Business. A list of UPN’s (User Principal Name) separated by commas. The UPN must be the one registered in Office 365. The UPN is in the form of a emailadress, for example: user@domain.com. Enter the string using double quotes on both sides.

This is what the string should look like: “user1@donkeymind.com, user2@donkeymind.com, user3@donkeymind.com, user4@donkeymind.com, user5@donkeymind.com”

When you have all the values in order, type in the command with your parameters and execute the provisioning:

PS C:\PSScripts> [OneDriveforBusiness.ProvisionOneDrive]::Execute(“https://donkeymind-admin.sharepoint.com&#8221;,”thomas@donkeymind.onmicrosoft.com”,”**********”,”testaccount@donkeymind.onmicrosoft.com”)

When executed ok, you will see this:

ISE9

The limit for submitting users to be provisioned have been set by Microsoft to 200 at the time. This code do allow more but it will cause issues. Better to do them 200 at the time, wait unitl done and then do 200 more, alternatively, alter the code to include a check so that every user have been provisioned ok Before moving onto the next.

Now, you can execute the commend again and again. You can also use the code obviously for other tenants. Simple provide the commend with a different account, a different admin URL and you are good to go. Good luck!

Back to Menu

5. Done! Verify….

For a tool to verify your list of users directly, check out this guide: Office 365 guide series – Verify Provisioned OneDrives using PowerShell

Verify that the sites have been provisioned by browsing to the direct URL using your admin account. The URL will look like this:

User: thomas.balkestahl@donkeymind.onmicrosoft.com
URL: https://donkeymind-my.sharepoint.com/personal/thomas_balkestahl_donkeymind_onmicrosoft_com/

User: han.solo@alliance.org
URL: https://donkeymind-my.sharepoint.com/personal/han_solo_alliance_com/

Since you are using your admin account, you have access to the private part of the OneDrive/MySite.

Note: All the steps in this guide have been verified on a Windows 8.1 Update 1 machine, using PowerShell ISE and the Office AMS July 2014 Update 1. All tests have been done during August of 2014, the functionality of Office 365 may change over time and may thus cause this guide to fail. If this happens I will try to be alert and update the guide accordingly. 

Possible errors

1. You need to alter the script, then run the script again?

You have two choices if this happens, you have loaded the code once and you need to edit it and run again. If you do this you may get the error message saying that the ‘Type has already been added’ or similar. If you get this, simply restart your PowerShell prompt/ISE, OR, Change the name of the public class:

Code1x

Add for example a number after, so that the class is called: ProvisionOneDrive1, then 2 and so on.

2. Nothing happens, no OneDrive shows up?

Verify all your values, then execute the command again. Remember though, that the time it takes for a site to show up may vary and can take up to 5 minuter PER SITE. Wait a moment longer, try it again

If you have the wrong address when verifying, you will see either of these pages depending on the URL used:

A link like:
https://donkeymind-my.sharepoint.com/personal/testuser4_donkeymind_onmicrosoft_com/_layouts/start.aspx#/Documents/Forms/All.aspx?LoadProfile=TRUE

Error1

A link like:
https://donkeymind-my.sharepoint.com/personal/testuser4_donkeymind_onmicrosoft_com

error2

404 could also just mean that the site is in queue and has not been provisioned yet.

References and Credits


Stefan Gossners old post: Using CSharp (C#) code in Powershell scripts
http://blogs.technet.com/b/stefan_gossner/archive/2010/05/07/using-csharp-c-code-in-powershell-scripts.aspx

Office365 Developer Patterns & Practices/Office App Model Samples
http://officeams.codeplex.com/

TechNet Add-Type
http://technet.microsoft.com/en-us/library/hh849914.aspx

Credits & many thanks to

Kimmo Forss, Microsoft

Jörgen Andersson, Xperta

All the contributors of Office AMS

Always, Mattias Gutke at CAG

Stefan Gossner, Microsoft (Blog) for that short and concise post written a few years back.

My love for putting up with me while solving this problem and writing this post!

SP2013logo

_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Office 365 guide series – Information Rights Management in SharePoint Online

May 30, 2014 3 comments

 

Hi folks, long time no blogging…

A lot has happened in my life since I last updated my blog, I switched jobs so I have a slightly new focus now in my workplace, it has shifted more against SharePoint Online and Office 365. Say what you want about the cloud service named Office 365 but Microsoft is determined…to make it work and piece by piece it gains in value.

One of the great things offered in Office 365 that is also part of the SharePoint Online offering, is Information Rights Management. Thru the use of the other cloud service Azure Rights Management Service (Azure RMS), real IRM protection can be offered to all SharePoint Online customers on the adequate subscription plan. There is still a lot to be done with the service, but as is, it is way, WAY better than nothing, which is what most people have available today in their current solution. IRM or RMS is available to all customers with an onpremises solution as well, but setting RMS up is a challenge for any administrator. In SharePoint online, you will have it up and running in a total of 5 clicks…(depending on what you count as a click…)

Antsx

IRM – Its all about stopping unwanted access

And what is so great about this IRM, RMS or DRM you may wonder? A beloved child has many names (Old saying in Sweden), well…it is fantastic. IRM offers you the possibility to set a policy on documents (and email messages) that allows you to specify what the user may or may not do with the document, you may also specify exactly what user or grop may or may not read, write, print, download and so on. The really great thing with IRM is that even if you put a document on a USB drive and someone gets their hand on that USB drive, they still need to authenticate against the Azure RMS service before getting any access at all to the document, and even then, what you may do is controlled by the IRM policy. You are in Control of the data even after the document leaves your controlled environment…not bad huh?

So, how is all this greatness achieved you ask? Well, I will not go into all the magic behind the scenes in this post, but I will show you how you can do it yourself, in your current Office 365 tenant or if you prefer, in an evaluation tenant to avoid the risk of affecting your users (which is virtually impossible anyway but just as a precaution…and to make your bosses feel safe).
Lets get started, jump drectly to a section using the links below:

 The complete guide to enabling IRM protection in a SharePoint document library Jump straigt to the guide, a step by step on how you implement RMS and IRM protection in SharePoint Online.
 Who gets access to RMS, license plans listed Get the list of what subscription plan includes RMS and what does not.
 What works and what doesn’t? The cmplete list of supported OS’s and Applications that support Azure RMS and the ones that do no yet support Azure RMS.
 About the IRM/RMS technology – How does it work, what does it do? The functionality explained.
 References/Links – Find the information online Link to when you get all the info you need in the sometimes difficult Microsoft TechNet way…

 

The complete guide to enabling IRM protection in a SharePoint document library

This is done in four steps:
– Activate Azure RMS in the Office 365 administration portal.
– Activate RMS in SharePoint online
– Create and set a IRM policy in a document library
– Quickly verify your Information Rights Management

Step 1. Activate Azure RMS in the Office 365 administration portal.

1.1 Log on to your Offcie 365 tenant as a global administrator, go to the Office 365 admin center. You will find the shortcut in the admin dropdown.

O365 admin 0x

1.2 The Office 365 admin center

O365 admin 1

1.3 Now select on the lefthand menu, service settings

O365 admin 2x

1.4 In the top menu select ‘rights management’

O365 admin 3x

1.5 Click on the link to Manage your ‘Azure Rights Management’

O365 admin 4x

1.6 This is where you leave your Office 365 tenant, note the URL you now se in your browsers address field:

O365 admin 5x

1.7 In Azure RMS you will be met by this text saying that yiou have not activated Rights Management yet.

Azure RMS 1x

1.8 In order to activate the RM feature, click on ‘activate’…DUH! Then click on ‘activate’ again…if you are absolutely sure…

Azure RMS 2x

1.9 Wait for it….

Azure RMS 3

1.10 Now you should see this, A nice green checkmark telling you that Rights Managemen has been activated.

Azure RMS 4x

1.11 Done! Now you can move on with activating Rights Management in your SharePoint Online admin portal. The steps you have now taken makes the RMS service available in all parts of your Office 365 tenant, like in Exchange, SharePoint (and Lync).
(As you can see, you can lso make some additional configurations of RMS, for example you can create your own custom policys, fr some reason though, you are required to sign up for a separate Azure RMS suscription for this…the link to where you sign up is added to the page to make things simpler for you)

 

Step 2. Activate RMS in SharePoint online

2.1 Go to the SharePoint administration portal. Find the shortcut in the Admin dropdown.

SP admin 0x

2.2 In the lefthand pane, select Settings.

SP admin 1x

2.3 Scroll downto the section named ‘Information Rights Management (IRM)’

SP admin 2

2.4 Under Information Rights Management (IRM), on the right side, select ‘Use the IRM service specified in your configuration’

SP admin 3x

2.5 Click on the ‘Refresh IRM Settings’ button. (Buttons…welll…maybe they are touch buttons?)

SP admin 41x

2.6 In ashort while, you will see the text ‘We successfully refreshed your settings’ below the button.

SP admin 4xx

2.7 Done! This means that IRM functionality has been enabled in your SharePoint Online tenant and the IRM settings will now be available in SharePoint.

Note! If you have not previously activated IRM in your Office 365 admin portal, then you will see this massage instead:SP admin 42xIf that is the case, simply go back to Step 1 in this guide and activate IRM in Office 365 first.

 

 

Step 3. Create and set a IRM policy in a document library

3.1 Go to a site in your SharePoint Online site collection of choice (can be the rootsite or a subsite), go to a document library (default is probably ‘Documents’).
Now, click on the ‘Library’ tab.

Library1x

 

3.2 To the right in the ribbon, click on ‘Library Settings’

Library2x

3.3 Click on ‘Information Rights Management’

Library3x

3.4 This is the Information Rights settings for the current Document Library, what you change here will only affect this document library and the documents in it. Remember though, that what you change here will affect ALL documents in this library, in all folders, of all types. By default, IRM is disabled and has no affect at all.

Library4

3.5 What you see here, is only the name and the description and the activate button. In order to see more of the settings, click on SHOW OPTIONS. This offers all the settings that are currently available for a document library in SharePoint Online.
Start now by giving your policy a name and type in a description, this is what will be shown to the user, so its better to use a good explainatory description.

Library5

3.6 Click on ‘SHOW OPTIONS’. Configure what the policy is and what is allowed and what isn’t. For the sake of easily verifying the functionality, only configure that the document cannot be opened in a browser. In the first section, ‘Set additional IRM library settings’ check the box to prevent the documents from opening in the browser.

Library6x

3.7 The two other sections has even more options, ‘Configure document access rights’…

Library7

3.8 …and ‘Set group protection and credentials interval’.

Library8

3.9 When you have configurd the policy like you want it, hit Ok.

Library9

3.10 Done! All document in your library are now protected uing the IRM policy you configred. THat IRM is used cannot be seen unless you have access to the IRM setting in the Library Settings. What a regular user can see, is the effect of the policy alone.

3.11 Whithout the policy activated you get a preview of the document(offered by Office Web Apps) and the option to view and edit in browser like below:

Document1

 

Document4x

 

3.12 When the policy has been activated, you do not get any preview and the view and edit in browser options are gone.

Document2

 

Document3

3.13 You are now done, your document library is IRM protected using Azure Rights Management Service.

 

Step 4. Quickly verify your Information Rights Management

4.1 Upload a Word document to the document library. (Your document is now IRM protected)

4.2 Click on Edit, you should be prompted to download the document. Cancel the dialog.

4.3 Click on the three dots, you should see a notice that a preview is prevented by RMS.

4.4 You will also notice that the dropdown many does not offer any choice to open in browser or preview in browser.

4.5 Done!

 

Note: A good bestpractise is to Always verify that your IRM protection policy is activated and works as expected. Some settings must be tested using a Office client application andsome can be tested onin like in this scnario.

Who gets access to RMS, license plans listed

Licensing option Office 365 Small Business Office 365 Small Business Premium Office 365 Midsize Business Office 365 Enterprise E2Office 365 Education A2 Office 365 Enterprise E3Office 365 Education A3Office 365 Government G3 Office 365 Enterprise E4Office 365 Education A4Office 365 Government G4 Office 365 Enterprise K1 SharePoint Plan 2 Exchange Online Plan 2
Information Rights Protection (IRM) No No No No Yes Yes No No No

Like you can see, far from all license plans include RMS.

In addition to the Ofice 35 subscptions that include RMS, there is also a RMS for individuals subscription that will allow a user outside of the organization to open and access IRM protected documents from an organizaton that uses IRM protection using RMS.

Note: If you have a subscription plan that does not include RMS, like a Office 65 E1 or E2, then you can get the RMS functionality as an add-on from Micosoft (Azure RMS Standalone). Talk to you account represenative or your LAR/license vendor. This optio cos a lot less than to upgrade to a E3 plan simply for the RMS functionalty.

What works and what doesn’t?

So, we wat to use RMS and IRM protection, but what is supported, can we use it whereever we want and whenever we want? No, you can’t…
There are some things that work and sometings that don’t work, I have tried to list them all blow, as time goes by, Micrsoft will most likely subtract from the No list and add to the Yes list *.

Implementation Supports Azure RMS
Operating Systems
Windows 7 Professional SP0 Yes
Windows 7 Enterprise SP0 Yes
Windows 7 Ultimate SP0 Yes
Windows 7 Professional SP1 Yes
Windows 7 Enterprise SP1 Yes
Windows 7 Ultimate SP1 Yes
Windows 8 Pro Yes
Windows 8 Enterprise Yes
Windows 8.1 Pro Yes
Windows 8.1 Enterprise Yes
Mac OS X (minimum 10.7, Lion) Yes
Mobile Devices
Windows Phone 8 Yes
Android 4.0.3 Yes
iOS 6.0 Yes
Windows 8 RT Yes
Windows 8.1 RT Yes
Applications
Office 365
Office Professional Plus 2013 Yes
Office Professional 2010 (With RMS addon) Yes
Microsoft Office for Mac 2011 No
Microsoft Office for iPad No
Microsoft OneDrive (formerly SkyDrive) No
Microsoft OneDrive for Business (formerly SkyDrive Pro) No (!)
Sharing Applications
Minimum OS version of Windows 7 Service Pack 1 Yes
For Mac OS No
On premise Servers
Exchange 2013 Yes
Exchange 2010 Yes
SharePoint Server 2013 Yes
SharePoint Server 2010 Yes
Windows Server 2012 (FCI) Yes
Windows Server 2012 R2 (FCI) Yes

* I asume that all else not listed here does not support Azure RMS.

The RMS connector is supported on Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2.

About the IRM/RMS technology – How does it work, what does it do?

(This section is a direct quote from Microsoft, they actually have a pretty good short and to the point explaination here.)

What is Azure Rights Management:

Azure Rights Management lets you encrypt and assign usage restrictions to content when your organization subscribes to Microsoft online services. Rights Management helps protect content that is created and exchanged by using Microsoft Office as well as other applications or services that have been updated to integrate with the Rights Management service. By implementing a cloud-based rights management service, Rights Management provides an alternative for organizations seeking information protection capabilities within Microsoft Office 365.

Rights management provides the following:

Safeguards sensitive information
Applications and services such as Microsoft Office 2010 and Microsoft Office Professional Plus 2013, SharePoint Online and Microsoft Exchange Online are enabled to help safeguard sensitive information. Users and administrators can define who can open, modify, print, forward, or take other actions with the information. Organizations are provided usage policy templates such as “Company Confidential – Read Only” that can be applied directly to the information.

Provides persistent protection
Rights Management persists protection of file data when at rest and in motion. Once information is locked, only trusted entities that were granted usage rights under the specified conditions (if any) can unlock or decrypt the information.

Supports closer management of usage rights and conditions
Organizations and individuals can assign usage rights and conditions using rights management that define how a specific trusted entity can use rights-protected content. Examples of usage rights are permission to read, copy, print, save, forward, and edit. Usage rights can be accompanied by conditions, such as when those rights expire.

Integrates rights management with Office 365
Rights Management is integrated with SharePoint Online, Exchange Online, and other Office 2010 and Office Professional Plus 2013 applications to provide rights management functionality across the Microsoft Office suite.

References

Office 365 Information Protection using Azure Rights Management
http://blogs.technet.com/b/rms/archive/2013/11/11/office-365-information-protection-using-azure-rights-management.aspx

Set up Information Rights Management (IRM) in SharePoint admin center
http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/set-up-information-rights-management-irm-in-sharepoint-admin-center-HA102895193.aspx

Azure Rights Management
http://technet.microsoft.com/en-us/library/jj585024.aspx

Administering Azure Rights Management by Using Windows PowerShell
http://technet.microsoft.com/en-us/library/jj585027.aspx

Requirements for Azure Rights Management
http://technet.microsoft.com/en-us/library/dn655136.aspx

Cloud subscriptions that support Azure RMS
http://technet.microsoft.com/en-us/library/dn655136.aspx#BKMK_SupportedSubscriptions

 

 

SP2013logo

_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Office 365 guide series – Using your document templates in SharePoint online

February 4, 2014 9 comments

Office365logo      SP2013logo

Greetings SharePoint Online users!

This is the third in the Office 365 and SharePoint Online series.

1. Office 365 guide series – Create a new list from an Excel spreadsheet
2. Office 365 guide series – A guide to SharePoint Navigation using metadata
3. Office 365 guide series – Using your document templates in SharePoint online (This post)

This time I will explain how to:

Use Office templates within your SharePoint Online document libraries. In every organisation, or at least the majority, you talk about templates and you know that you have them, somewhere, but in the end, you and everyone else end up using an existing document and make changes, like you take an agreement from one customer and make changes to the numbers and customer names…would it not be nice if you could get everyone to use the same template? And if a change to the template affected everyone? Wouldn’t that be just smashing eh?

Now I’ll show you the easy steps you have to follow to just get started, We’ll use a simple word template in this example, but you can use any template that you allready have.

Note: In this guide, I will show the quick and easy method, in a later post, I wil show how to use Content Types wich will also allow you to use custom templates, but in a much more controlled way. A link to that post will be added here when that guide has been posted. 

Start by locating a word template, or create one, add some info to the header with logo and company name and address maybe, and add something to the footer for example and save the file as a dotx file. Save it locally so that you easily can access it when we want to upload it to our SharePoint online. – I have created a simple letter template for the company DonkeyMind, with their logo and some additional info in it. I’ll use this in my step by step guide below. I saved this as letter.dotx in my ..\documents\DonkeyMind templates\ folder.

Letter1

In a SharePoint Online site, now do this:

1.0 Upload the template file. This is not the easies thing to do, unfortunately Microsoft has choosen to make it a lot harder in SPO and SharePoint 2013 than it really has to be (Browse button from 2010 has been removed), unknown to me why. But this is how you do it:

1.1 Browse to your document library in SharePoit online, where you want to use your own custom document template.

Documents1

1.2 Click the tab, Library. This will present the ribbon for you with the settings available for a document library.

Documents2

1.3 In the ribbon, click on Open with Explorer

Documents3

Note: The site URL has to be added to the ‘Local intranet sites’ or ‘Trusted sites’ with added logon automatically, if it isn’t, you will get a popup telling you that it will not work otherwise.

1.4 Click ok on the Internet Explorer Security warning

Documents4

1.5 The library will now open in a Explorer window, in this windows you will see a folder named forms which is a bit greyed out.

Documents5

1.6 Double-click on the folder forms, now you will see the following list of files

Documents6

1.7 Now, in a separate explorer window on your computer, locate your saved template file (dotx)

Note: In my case, I stored it under ..\Documents\DonkeyMind templates\

Documents7

1.8 Put the tw0 explorer windows side by side

Documents8

1.9 Drag and drop the template file from your local folder to the SharePoint library forms folder

Documents9

1.10 The file will now be uploaded to the SharePoint forms folder

Documents91

2.0 When the file is uploaded ok, go back to your browser and the document library

Documents1

2.1 Now, we need to change the template used from the default template.dotx to our own template, in my case, letter.dotx. Again, click on the Library tab.

Documents2

2.2 Click on Library Settings

Library1

2.3 In the Library Settings dialog, click on Advanced settings

Library2

2.4 Locate the Document Template section

Library3

2.5 Change the filename in the Template URL to reflect your template files name

Library4

2.6 Click on OK

Library5

2.7 Click on Documents in the ‘breadcrumbs’ to go back to the library again.

Library6

2.8 Click on the Files tab

Library7

2.9 Now, on the New Document button, click on the dropdown and New Document

Library8

2.10 Press Yes in the dialog asking if you really want to open this file, because you do…

Note: Avoid this by changing the Trust Center settings in your Office applications.
1. Allow trusted locations on my network.
2. Add new location
3. Type in the https path to your SharePoint Online tenant
(See references for 2007 and 2010)

Library9

2.11 You may also get prompted for your username/email address for the Office 365 account. Type it in and press Next

Note: This dialog only shows up if you are not logged into your office applications using your Office 365 account 

Open1

2.12 And Password…Sign in

Open2

2.13 The new document opens, based on the template

Word2

2.14 When you have types your letter and are done, simply press Save, this will show you the save as dialog with the path to the SharePoint document library at the top

Word3

2.15 Select that and type in a filename and save the file

2.16 You are done, use the New Documents button to create your standard letters based on the custom template, again and again.

Done1

3.0 Done!

Note: All the same steps apply in SPO as well as SharePoint 2013 onpremise, exept for the ‘add site URL to trusted sites’ issue. In an onprem situation the URL is most of the time already considered Trusted or Local intranet.

References

Learn how to set up a template for a library.

How to enable or disable hyperlink warning messages in 2007 Office programs and in Office 2010 programs
http://support.microsoft.com/kb/925757

SP2013logo

_________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn