More and more intranets are promoting a section for video content, so I guess this is a new trend.
Otherwise, “simplification” and “user feedback” still play an important role in every relaunch, and so they should 🙂 .
Also, more and more intranets (but not all!) are social, and “usable on all devices” is starting to be the norm, rather than the exception.
Of course my collection is meant for your information and amusement, but I occasionally hear that people are using it as a serious starting point for their own video. In general, I can suggest the following steps:
1. Check what related organizations have done
Use the filter and see what your industry peers are doing, and what their intranets look like, if the video shows that. Most selections contains a variety of styles (talking heads, animations, demo’s, stories, serious, funny, etc. ) that may give you ideas about the sort of video you would like to create.
2. Determine your boundaries
Watch my list of rather extreme videos. Do you also want to create a full movie, a very silly video, have a hysterical voice-over, or would you rather stay on safer ground?
3. Watch metaphors for solving common business issues
If you are looking for metaphors of solving common business problems such as too many emails, or not knowing where the expertise is in your company, this selection may help you on your way.
4. When in doubt, create a demo
A well-made demo is always worth the investment, so if you have no other needs or wishes, a demo may be the best way moving forward.
you can show employees how to work with the intranet, reducing the need for extensive classroom or webinar training
you can show employees how they are supposed to work, if a new way of working is among your goals for the new intranet. In a demo video it can be done subtly and matter-of-fact.
it can be used for onboarding new employees for a long time after the launch
And finally, to celebrate, I have a very special video: the one that was made to celebrate the launch of the new intranet of my former employer Sara Lee, in 2005. It has not been added to my collection yet – you saw it here first! It is “vintage”, so please ignore the bad quality 🙂
In my latest post I showed you how you could limit the options to share the content in your site. I hope that you have made some decisions, so now it is time to clean up the mess.
Let me remind you why too many options to share can turn into a problem:
Sharing a document or list item, or using the “Get a Link” option, creates unique permissions, and that means that the permissions of a document or list item no longer follow the permissions of the site. So if you add a new group (recommended) or a new person (not recommended) to the site, this group or person will not automatically get access to those items.
This will lead to unexpected access denied messages and therefore Access requests.
Approving Access requests may lead to more unique permissions AND they give people Contribute permissions by default, which may be too much.
Unlimited sharing (especially with external users) can lead to your documents falling into the wrong hands.
So, how to take back control of your site after you have changed some of the settings?
Have a note-taking system ready – paper, OneNote, Notepad, document – whatever is your thing. You will need to make some notes.
1. Process pending Access requests
Go to Site Settings > Access Requests and Invitations and see who has requested access.
Click the … next to each name and add people to site groups as much as possible. If you do not see the site group mentioned, note down their names with the group that you want to add them to.
2. Remediate content with unique permissions
a. Go to Site settings > Site permissions and click on this link:
b. You will get a pop-up with all lists and libraries that have different permissions.
c. The items marked as “manage permissions” are usually lists and libraries that have different permissions by design. Skip these.
d. Click on “view exceptions” for the first list or libraries that has this mentioned. You will see all documents (including pages and images) or list items that have unique permissions.
e. Using Rightclick > Open in new tab, click “manage permissions” for the topmost item. (If you just click “manage permissions”, you will have to start at a. again for the next document or list item)
f. Check if there are any people mentioned that you may want to add to one of the site groups, and note down their names + intended site group.
g. Click “Delete Unique permissions” to re-inherit the permissions from the list or library.
h. Repeat steps e, f and g for the next document or list item.
a. Go to Site settings > Site permissions and click on this link:
b. Check if there are any people mentioned that you may want to add to one of the site groups, and note down their names + intended site group.
c. Remove any individual users so you are left with only the site groups.
4. Add the new users
Add the users that you noted down during steps 1, 2 and 3 to their respective groups.
5. Review the Members group
During the time that you had no restrictions, Members may have added other Members. Review your list of Members and change their roles or remove them where needed.
6. Replace any “breaking links” on your pages
Hover over every link on every page in your site and look at the link in the bottom-left of your screen. Links of the “Can View” or “Can Edit” type will generally have “guestaccess” in their link and they will cause unique permissions.
When I did not know all this yet, I had created some Promoted Links with the “Get a Link – Can View” link to a page. As soon as I created the link, the permission inheritance for the page was broken and everyone who clicked on the link was added as individuals to the page.
Replace every one of those links with the “Restricted Link” equivalent.
Review on a regular basis if the restrictions and the cleanup work make you feel more in control of your site. Depending on your choice of measures, you may need to do more approvals from Visitors or Contributors who want to share content.
How have you dealt with the “Unholy trinity of creating unique permissions” 🙂 ? Would you like to share your frustrations or have you found a good way to deal with this that other readers can benefit from?
Image courtesy of artur84 at FreeDigitalPhotos.net
Additionally, you often add people with Contribute permissions while your normal Members group has Edit permissions (=Contribute + Manage Apps).
Plus your site members can add practically anyone to your site without informing you.
Why am I making such a fuss?
Maintenance and support
Unique permissions create extra issues with access, and provide extra work for the Site owner.
You may also need more support, although your support team might like that 🙂
People with Edit or Contribute permissions can share content with external users, who then are often able to share your content with others if given those permissions. Your information may be shared with your competitors in this way!
Having lots of unique and individual permissions may slow down your site.
Office365’s out-of-the-box functionality allows unlimited sharing. My own environment is like that, so all experiences that I have described before are done in the “unlimited sharing” default mode.
Fortunately, there are some options that a tenant administrator, a site collection administrator and a site owner can do to limit the potential damage.
1. Disable anonymous access
Disabling anonymous access lets you get rid of the “no sign-in required” options that you have when you get a link, or the “sign in required” when you share a folder or list item. While it may not reduce the creation of unique permissions too much, it will make it more obvious who has been given access. This will allow you to determine whether those people need to be added to a site group, or removed from your site.
Your tenant administrator can disable this at the Office365 Admin center for all Office365 applications, or at the SharePoint admin center for the SharePoint sites.
2. Disable external sharing
While this also will not prevent all unique permissions, it may limit them, because of sheer numbers. Chances are your colleagues will already have access to your site, making the chances of unique permissions during sharing a bit less.
Of course this will make it impossible to share confidential stuff with externals.
This will give the following results, depending on whether the external user is already in your site collection or not.
3. Change Sharing settings in your site
This will probably be in your control, so go to Site Settings > Site Permissions > Access Requests and look at the two check boxes on the top of the pop-up.
This will mostly influence what a Site member can do.
You have four options:
4a. Both checked: I have done my experiments with this setting. You know what that does 🙂
4b. Top checked, bottom unchecked
Member: Can share documents without approval from the site owner, but needs approval for sharing the site.
Visitor: Can share site and documents with approval from site owner.
Get a Link:
Member sees “Edit link” option
Visitor sees the “Restricted Link” option
4c. Top unchecked, bottom checked:
Member=Visitor: Can share site and documents but needs approval from site owner
Get a Link:
Member=Visitor: Restricted Link
This option brings another message to your Site Permissions page:
4d: Both unchecked:
Same as 4c.
So, this setting will help you to “tame” your site members, and give them the same sharing options as your site’s visitors. You will have more approvals to do, but are more in control.
But beware hitting the “Accept” or “Approve” button in sharing requests for documents or list items!
4. Remove access request email
If you can not get access requests, you can not break permissions when accepting them!
This can work in formal all-company sites with official content and little collaboration.
On the other side of the spectrum, it is also an option for sites with a strictly defined and controlled audience, e.g. a management team.
It will however be very clumsy in a project site!
But…your visitors will get a nasty error message when they try to share a document or site, and when you are combining this with options 4c or 4d, your members will experience that too.
Realize that all of these settings have been developed with a reason, so you may want to ponder what is really important for you and if you need to lock down everything or just a few features.
While you think about this, I will go and write how to check and fix the permissions, where needed, after you have taken your measures.
Image courtesy of winnond at FreeDigitalPhotos.net
In my most recent post I focused on sharing documents and items by the Site owner, demonstrating that the Site owner him/herself can easily create lots of unique permissions by sharing folders, documents and items.
But what happens if a another user of your team site shares? Can a Member or Visitor create unique permissions as well, and does the Site owner know what the Site members are doing?
Once again, we start out with a team site with the standard permission sets (Owner, Member with Edit permissions, Visitor with Read permissions) and no unique permissions.
Durian Grey is a Visitor and Mystery Guest is a Member. We also introduce Kimberley B, who has no access at present.
Document 1 does not change permissions since Durian already has Read access to this site.
Documents 2, 3 and 4 get unique permissions after clicking the “Share” button in the Sharing screen.
The persons are added as individuals to the document
Documents 3 and 4 have the individual added with “Contribute” while Members in this site have “Edit” permissions. (and the Share option is called “Can Edit”) So, a new role is added.
These following results were a surprise for me:
The documents shared with Kimberley B generate an External Sharing Invitation (access request) but the Site owner does not get an email notification.
Kimberley B can only share the document with existing site members when she has View permissions. but she can share the document with ANYONE, including new externals, when she has Edit permissions.
When Kimberley B shares with another external user this creates an External Sharing Invitation for the new person.
Sharing documents/items by a Visitor
Durian shares document 5 with Mystery Guest. He can not select Can View or Can Edit. When he clicks “Share”, he sees a message that this request is being sent to the Site Owner but that does not happen; the message goes straight to Mystery Guest. She can access in her normal role and no unique permissions are created. Phew!
Durian then shares document 5 with Kimberly B.
When he clicks “Share” the following things happen:
The Site owner receives the normal “someone wants to share” email, Durian gets a copy
An access request in Pending Requests appears. By default, the request is for Edit (not Contribute), as an individual. The Site Owner can not select one of the permissions groups, so has to give individual permissions. 😦
As soon as the Site owner selects a permissions set and hits Approve, the item has unique permissions.
Durian receives an email that the sharing request has been accepted.
Kimberley B receives an email that a document has been shared.
Kimberley B can share the document with only existing members or anyone, according to her permissions.
Sharing a site
Since Mystery Guest has found that Kimberley has no access, she shares the complete site with Kimberley. She is not a Site owner, so she can not select a permission set when she shares the site.
As soon as Mystery Guest clicks “Share”
Kimberley B receives an email.
She is added into the Members group (even without having accessed the site).
Durian has the same thought.
He shares the site with Kimberley B.
His request is sent to the Site Owner and an Access Request is created.
The Site Owner goes to the Access Requests list and selects the Visitors group of the site and clicks Approve. (Members is the default, btw)
A confirmation email is sent to Kimberley B and Durian.
Now Durian wants to share the site with another external person, who has never been invited before. He can not do that.
What to think of this?
It is complicated!
Although a number of things are understandable this can turn into a messy site:
Get a Link, Share and Access Requests can all very easily create unique permissions for documents (including pages), folders and list items.
Members can use Get a Link and Share, create unique permissions, and add new Members, without the Site owner knowing.
Visitors can do less and generally need approval from the Site owner; this is better for the Site owner’s overview, but can create a lot of work because of the approval requests.
External users can share your document with anyone, if they have Edit permissions.
Before you start panicking, please be aware that my tenant is almost out-of-the-box and all the sharing options are turned on by default. Tenant admins can take measures to reduce the unlimited sharing Microsoft thinks we need.
I will share those measures with you next time.
I have also found a few differences with regards to users who are mentioned in my tenant (with and without license) and who are not. When I have recovered from my current identity crisis, juggling 4 accounts and 3 browsers, I will try to find out more. 🙂
Image courtesy of marcolm at FreeDigitalPhotos.net
Around 2005 I was involved with creating a new SharePoint-based intranet.
At that time we had “Knowledge Areas” on our old custom-built intranet. The Knowledge Areas contained information for a specific region, function, topic or country.
They were an early version of team sites, containing a combination of FrontPage Webs, “Document Cabinets” and Forums.
Each Knowledge Area had an owner, whose name was mentioned on the homepage.
The Knowledge Areas were to be replaced with SharePoint team sites. We wanted to brighten up the design of our new intranet and made a few prototypes to show the Knowledge Area managers.
They all went berserk.
How dared we propose to add their pictures to their name? They did not want to be on public display!
HR and privacy officers stampeded into our offices or called us with questions and concerns. We could not do such an unheard of thing without approvals from all kinds of senior officers!
Of course we had a company directory where all employees could find each other, search for expertise and create organigrams. Of course there was an option to add a picture, but few people did that. I often asked people why they walked on the company’s premises freely, without a paper bag on their head, yet were afraid to show their face to other employees. For some reason this did not have the desired effect 🙂
I have have always liked seeing pictures of my colleagues, especially if they are not in my location. It helps to know what they look like, especially when you may meet them in another office or while travelling to other locations, which I did frequently in those days. But not everyone is an early adopter and some people rather wait until they have seen that no harm befalls those who have shared their looks in the directory.
The only person with an acceptable excuse (in my book) was the Director for Mergers and Acquisitions. If you saw him in your location, you could bet that an acquisition or divestiture was in the works, with all the speculations, gossip and general unrest that go with a big organizational change. So I understood that he did not want to become too well-known.
Since 2005 we have all gotten used to seeing our own and other people’s pictures in various places on the intranet: as a contact person for a team site, in permission settings, in the enterprise social network, etc. And now that Office365 uses People Cards, it is more and more important that your profile is uptodate – with a picture to match.
With Office365 we have switched to the other side and suddenly I am looking at myself ALL DAY.
Not only do I see my face in the details pane in document libraries or list, in Delve, on Yammer, in Search results, but I am also displayed in the Office365 top bar.
A new Office365 profile “experience” has just been announced. I do not know yet if that exposes my face to myself even more 🙂
I find that a bit weird and disconcerting. Does anyone else feel that this is a bit too much?
Narcissus image courtesy of franky242 at FreeDigitalPhotos.net
“There’s plenty of SharePoint Online help, blogs and videos around” I boasted some months ago, when I set off to execute the training plan for the SharePoint Online intranet that we have launched recently.
I expected to “curate” most of the learning materials, and to create only a few.
We set off with a number of company and project criteria:
The company’s learning strategy is the 70/20/10 model. This means people learn new skills and knowledge in different ways: 10 % in formal training, 20% in peer-to-peer learning and 70% in their daily work.
Learning is based on the 5 moments-of-need model, so we have to make sure the right materials are available at the right moment.
We have made some customizations, such as a limited permission set for Site owners (less than Full Control), and a custom display on Promoted Links. We knew beforehand we would have to create materials for those topics.
I would focus on learning materials for Site owners.
The 10% formal training now consists of an e-learning program providing a high-level overview of purpose, concepts and functionalities of the new intranet, including the Critical Skills. (The “how-to-click” details are in the “on-the-job learning materials” which are referred to in the e-learning). It takes between 1 and 1 1/2 hour.
I created several modules in PowerPoint, and recorded voice-overs. This means we can replace any module (e.g. Permissions, or Custom Site Templates) easily without having to redo it all. Some inconsistencies are still being fine tuned as I write, new functionality developed, and Microsoft may change some things as well 🙂
I then created a number of test questions with multiple-choice answers, and added a Site Owner agreement (rights & responsibilities) which all trainees have to sign off (using a SharePoint survey).
Our e-learning specialist turned this all into an e-learning programme. It looked very easy but he has obviously done this before 🙂 (He also does freelance work if you are looking for someone!)
This e-learning is mandatory for all existing and new Site owners.
And before you ask how we are going to enforce that: content migration from the old into the new platform is still going on, and a Site owner can not start working in their SharePoint Online site until they have completed the training.
The 20% was easy to set up: a Yammer group to ask peers or the intranet support team about all kinds of intranet- and SharePoint Online-related questions.
With the platform being launched recently and the migration of content in full swing, it will be no surprise that this channel is currently very active.
In the e-learning and in all communications we invite people to share their questions in this Yammer group, and we make it a point to have all questions answered quickly.
For issues, such as things not working as they should, or errors, we have a more formal support channel.
The 70% would be the “curated content” I envisaged. I set off enthusiastically in the Microsoft support pages, as well as in many other blogs by people who write for Site owners, such as Let’s Collaborate, SharePointMaven, Sharegate and icansharepoint. Oh, and my own blog of course. My posts are often inspired by “my users” and my daily work.
Well, that was a bit of a disappointment.
As it turns out, the majority of the available information is not 100% applicable to us.
Our customized Site owner role made it hard to use anything that has to do with permissions. But also materials that tell you how to customize your site are not appropriate because the new role also has limited design options. So I could not use Gregory Zelfond’s Power User Training, for instance – it starts with creating a site and changing the look.
Our custom Promoted Links display needs some extra steps for certain page templates.
Many of the materials were not 100% current – with document libraries being managed with Tabs instead of the Modern look-and-feel, for instance. I wanted things to be 100% applicable when we launched – the correct look-and-feel and correct functionalities. The difference between the old and the new platform is too large otherwise.
Most of the materials have NOT been written in a “life cycle” format
What it is and when to use it
Create and configure “app”
Add to and configure web part on page
Add item to app
Edit or delete item in app
Modify something in app and/or web part (views)
Delete web part
Tips & tricks & troubleshooting
So, I have done a lot of writing, and my colleague has made tons of videos to accompany that. I have used Microsoft materials and some of the blogs I mentioned – often as “additional information” or “good practice”.
I will continue to adjust my own materials and scout for other good stuff. I hope that over time, people will learn to deal with the ever-changing look-and-feel and not be confused by a video of a document library that has “last years style”. Then we will be able to use more materials created by others.
We are also working on a plan to make sure the Yammer channel keeps being active when everyone will be in the “business as usual” mode again.
I will also have to adjust the e-learning on a regular basis.
It has been quite an interesting project to create all this, but it is strange to be doing that while there are so many materials already available on the internet. It feels as if I am reinventing wheels, which I hate!
Have you created learning materials yourself or have you borrowed with pride?
Multiple choice image courtesy of Becris at FreeDigitalPhotos.net
We are moving from an old on-premise SharePoint intranet to one on SharePoint/Office365.
I have been using SharePoint Online from 2011 so I have become quite used to the interface and its regular changes. But I was very curious what my end-user colleagues would think of the new SharePoint and I recently had the opportunity to train a number of them in the new environment. Our goal for this training was to get an idea of how people would react to the new platform, and which elements would be clear immediately and which would need more help and instruction.
All participants (except one) had experience with managing SharePoint sites. They also knew this was an experimental training so they were encouraged to be outspoken about their findings and suggestions. Each got their own test site in our test tenant, which is on first release.
These are the findings of that first classroom training:
1. The Office365 Homepage
When you log on to Office365 for the first time, you get a lot of pop-ups about Office365. While that is helpful for new users, for this purpose it was annoying because people were less interested in Office365 than in SharePoint.
Clicking around opens up a ton of new screens, which was not universally liked.
2. The SharePoint Homepage
This was a bit confusing, because people have never had that, and the page was mostly empty. The test sites did not show in everyone’s page, despite them having personal access. I do not know if that is a search indexing thing or that you must have visited the site before it is shown in your “recent” sites.
As soon as everyone was on their site’s homepage, I told them to “Follow” it to be able to revisit it quickly, and everyone got it.
3. Site Contents
I took them to Site Contents, and then I found that some of my trainees had the old Site Contents with tiles, and some of them had the new experience . That was a bit confusing, but it was a good illustration of the ongoing changes that everyone can expect.
4. Document Libraries
Document Libraries were already in the New Experience, and I was a bit worried if people would be able to overcome the gap in look-and-feel between our old SharePoint and the new one.
It was a pleasant surprise to notice that, with just limited instructions, people took to it straight away. Everyone saw the benefits of the Pin To Top functionality, and I saw two people nudge each other happily when they learned about the library and document information pane, that also tells you who has deleted a document. No more guessing or blaming SharePoint or IT!
Unfortunately the Lists were still on the “old experience” with the tabs and the ribbon. While I have always loved the ribbon in The Office Suite, I have never taken to it in SharePoint, and I am more than happy to see it go.
My trainees did not use Lists much (an opportunity for later!) but they got it quickly enough.
6. Deleting and Restoring
Deleting and Restoring content is a topic high on my agenda. We often get panicky calls from people who have “lost documents” and have never heard about the Recycle Bin. I added a few exercises with deleting and restoring documents and list items, told them what to do themselves first, and then how to get help. It all went smoothly once people knew how long things will be stored, what goes via the Recycle Bin and what does not, and what they can do themselves and when it is time to contact the site collection admin.
7. Quick Links/Navigation
The Quick Links (team site) and Navigation (Publishing site) caused some confusion since it is a mixture pf settings and edits, and moving the menu items around resulted in unwanted indentation. It is also different from the custom-built navigation many people have used, so this will definitely need some more instructions.
8. Editing a page
Editing a site’s homepage turned out to be quite easy for the trainees. Everyone in the audience had experience with managing Publishing sites. They sighed happily when I showed them they can now insert images from their PC in the Content zone without having to upload them to SharePoint first.
Everyone had already embedded a video before I even talked about it 🙂
Editing the (basic) team site homepage was even easier.
9. Image Library/Image Renditions
We have some recommended image sizes preconfigured in the Image Renditions and the trainees thought that was pretty useful. (It shows you how an image will look in that size). In our current environment, you only see it when you have added it to a page, and that can lead to surprises. 🙂
10. Promoted Links
Promoted Links have been designated as an important tool for nice looking links to other content in formal sites. Oops, this was a bit hard. Of course this is a new functionality so people did not know it beforehand. But I also think that the default configuration can be improved. That will be another blog.
All in all, my trainees did quite well. But then they were experienced and motivated. I think they benefited from my little bit of hand-holding and assuring them that most was still there, just in another place or with another name.
The only person who was a bit lost was the person with no earlier SharePoint experience.