diff --git a/.github/label-actions.yml b/.github/label-actions.yml new file mode 100644 index 000000000..80a5bf7aa --- /dev/null +++ b/.github/label-actions.yml @@ -0,0 +1,14 @@ +# Configuration for Label Actions - https://github.com/dessant/label-actions + +# Actions taken when the `type:archive-old-issue` label is added to issues that are being archived. +type:archive-old-issue: + # Post a comment + comment: |+ + Thank you for taking the time to file an issue. We periodically **archive** older or inactive issues as part of our issue management process, which automatically closes them once they are archived. + + If you’d like to understand more about why and how we handle archived (closed) issues, please see [Our approach to closed issues](https://github.com/SharePoint/sp-dev-docs/wiki/Issue-List#our-approach-to-closed-issues). + + We appreciate your contribution and if this is still an active issue with the latest SPFx versions, please do resubmit the details. We needed to perform a cleanup, so that we can start with a **clean table** with a new process. We apologize for the inconvenience this might cause. + + # Close the issue + close: true diff --git a/.github/policies/resourceManagement.yml b/.github/policies/resourceManagement.yml new file mode 100644 index 000000000..43263aa44 --- /dev/null +++ b/.github/policies/resourceManagement.yml @@ -0,0 +1,115 @@ +id: bot-issue-management +name: Issue Management +description: Enable tracking & monitoring of issues +resource: repository +disabled: false +configuration: + resourceManagementConfiguration: + scheduledSearches: + - description: Close answered issues after 3 days of inactivity + frequencies: + - hourly: { hour: 0 } + filters: + - isIssue + - isOpen + - hasLabel: { label: status:answered } + - noActivitySince: { days: 3 } + actions: + - addReply: + reply: > + Closing this issue as "answered". If you encounter a similar issue(s), please open up a new issue. See our wiki for more details: [Issue-List: Our approach to closed issues](https://github.com/SharePoint/sp-dev-docs/wiki/Issue-List#our-approach-to-closed-issues) + - closeIssue + - lockIssue: + reason: resolved + + - description: Close stale issues with no recent author activity after 7 days + frequencies: + - hourly: { hour: 6 } + filters: + - isIssue + - isOpen + - hasLabel: { label: 'Needs: Author Feedback' } + - hasLabel: { label: no-recent-activity } + - noActivitySince: { days: 7 } + actions: + - addReply: + reply: > + Closing issue due to no response from the original author. Please refer to our wiki for more details, including how to remediate this action if you feel this was done prematurely or in error: [No response from the original issue author](https://github.com/SharePoint/sp-dev-docs/wiki/Issue-List#no-response-from-the-original-issue-author) + - closeIssue + - lockIssue + + - description: Mark issues as no recent activity after 7 days + frequencies: + - hourly: { hour: 6 } + filters: + - isIssue + - isOpen + - hasLabel: { label: 'Needs: Author Feedback' } + - noActivitySince: { days: 7 } + actions: + - addLabel: { label: no-recent-activity } + - addReply: + reply: > + This issue has been automatically marked as stale because it has marked as requiring author feedback but has not had any activity for **7 days**. It will be closed if no further activity occurs **within the next 7 days of this comment**. Please see our wiki for more information: [Issue List Labels: Needs Author Feedback](https://github.com/SharePoint/sp-dev-docs/wiki/Issue-List-Labels#needs-author-feedback) & [Issue List: No response from the original issue author](https://github.com/SharePoint/sp-dev-docs/wiki/Issue-List#no-response-from-the-original-issue-author) + + - description: Lock issues inactive 7 days after closing + frequencies: + - hourly: { hour: 6 } + filters: + - isIssue + - isClosed + - noActivitySince: { days: 7 } + - isUnlocked + actions: + - addReply: + reply: > + Issues that have been closed & had no follow-up activity for at least 7 days are automatically locked. Please refer to our wiki for more details, including how to remediate this action if you feel this was done prematurely or in error: [Issue List: Our approach to locked issues](https://github.com/SharePoint/sp-dev-docs/wiki/Issue-List#our-approach-to-locked-issues) + - lockIssue: + reason: resolved + + eventResponderTasks: + - if: + - payloadType: Issues + - isAction: { action: opened } + - not: + isAssignedToSomeone: true + then: + - addReply: + reply: > + Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible. + - addLabel: + label: 'Needs: Triage :mag:' + + - if: + - payloadType: Issue_Comment + - isActivitySender: { issueAuthor: true } + - hasLabel: { label: 'Needs: Author Feedback' } + - isOpen + then: + - addLabel: + label: 'Needs: Attention :wave:' + + - if: + - payloadType: Issues + - isActivitySender: { issueAuthor: true } + - not: + isAction: { action: closed } + - hasLabel: { label: 'Needs: Author Feedback' } + then: + - removeLabel: { label: 'Needs: Author Feedback' } + + - if: + - payloadType: Issues + - not: + isActivitySender: { user: microsoft-github-policy-service } + - not: + isAction: { action: closed } + - hasLabel: { label: no-recent-activity } + then: + - removeLabel: { label: no-recent-activity } + + - if: + - payloadType: Issue_Comment + - hasLabel: { label: no-recent-activity } + then: + - removeLabel: { label: no-recent-activity } diff --git a/.github/workflows/label-actions.yml b/.github/workflows/label-actions.yml new file mode 100644 index 000000000..d2dd0ff59 --- /dev/null +++ b/.github/workflows/label-actions.yml @@ -0,0 +1,18 @@ +name: 'Check for Incomplete Issues' + +on: + issues: + types: [labeled, unlabeled] + +permissions: + issues: write + pull-requests: write + +jobs: + reaction: + runs-on: ubuntu-latest + steps: + - uses: dessant/label-actions@v2 + with: + github-token: ${{ github.token }} + process-only: 'issues' diff --git a/.openpublishing.build.ps1 b/.openpublishing.build.ps1 deleted file mode 100644 index aadef7620..000000000 --- a/.openpublishing.build.ps1 +++ /dev/null @@ -1,17 +0,0 @@ -param( - [string]$buildCorePowershellUrl = "https://opbuildstorageprod.blob.core.windows.net/opps1container/.openpublishing.buildcore.ps1", - [string]$parameters -) -# Main -$errorActionPreference = 'Stop' - -# Step-1: Download buildcore script to local -echo "download build core script to local with source url: $buildCorePowershellUrl" -$repositoryRoot = Split-Path -Parent $MyInvocation.MyCommand.Definition -$buildCorePowershellDestination = "$repositoryRoot\.openpublishing.buildcore.ps1" -Invoke-WebRequest $buildCorePowershellUrl -OutFile "$buildCorePowershellDestination" - -# Step-2: Run build core -echo "run build core script with parameters: $parameters" -& "$buildCorePowershellDestination" "$parameters" -exit $LASTEXITCODE diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index b7e0be39b..f3522487f 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -24,8 +24,7 @@ ], "notification_subscribers": [ "vesaj@microsoft.com", - "bjansen@microsoft.com", - "v-licapu@microsoft.com" + "bjansen@microsoft.com" ], "sync_notification_subscribers": null, "branches_to_filter": [], @@ -81,4 +80,4 @@ "nuget_feed": "https://www.myget.org/F/op/api/v2" } ] -} \ No newline at end of file +} diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 8791b7bcf..78222f726 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -99,6 +99,176 @@ "source_path": "docs/spfx/sharepoint-2019-support.md", "redirect_url": "/sharepoint/dev/spfx/sharepoint-2019-and-subscription-edition-support", "redirect_document_id": false + }, + { + "source_path": "docs/embedded/mslearn/m01-01-intro.md", + "redirect_url": "/training/modules/sharepoint-embedded-setup/", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/mslearn/m02-01-intro.md", + "redirect_url": "/training/modules/sharepoint-embedded-create-app/", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/adoptions-and-use.md", + "redirect_url": "/sharepoint/dev/embedded/scenarios-and-use-cases", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/concepts/admin-exp/billing.md", + "redirect_url": "/sharepoint/dev/embedded/concepts/admin-exp/billing/billing", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/concepts/admin-exp/cta.md", + "redirect_url": "/sharepoint/dev/embedded/concepts/admin-exp/consuming-tenant-admin/cta", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/concepts/admin-exp/dev-admin.md", + "redirect_url": "/sharepoint/dev/embedded/concepts/admin-exp/developer-admin/dev-admin", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/concepts/app-concepts/terms-and-def.md", + "redirect_url": "/sharepoint/dev/embedded/overview", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/getting-started/enable-sharepoint-embedded.md", + "redirect_url": "/sharepoint/dev/embedded/overview", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/terms-of-service.md", + "redirect_url": "/sharepoint/dev/embedded/overview", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/concepts/admin-exp/adminrole.md", + "redirect_url": "/sharepoint/dev/embedded/administration/adminrole", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/concepts/admin-exp/billing/billing.md", + "redirect_url": "/sharepoint/dev/embedded/administration/billing/billing", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/concepts/admin-exp/billing/billingmanagement.md", + "redirect_url": "/sharepoint/dev/embedded/administration/billing/billingmanagement", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/concepts/admin-exp/billing/meters.md", + "redirect_url": "/sharepoint/dev/embedded/administration/billing/meters", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/concepts/admin-exp/consuming-tenant-admin/cta.md", + "redirect_url": "/sharepoint/dev/embedded/administration/consuming-tenant-admin/cta", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/concepts/admin-exp/consuming-tenant-admin/ctaUX.md", + "redirect_url": "/sharepoint/dev/embedded/administration/consuming-tenant-admin/ctaUX", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/concepts/admin-exp/consuming-tenant-admin/ctapowershell.md ", + "redirect_url": "/sharepoint/dev/embedded/administration/consuming-tenant-admin/ctapowershell", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/concepts/admin-exp/developer-admin/dev-admin.md", + "redirect_url": "/sharepoint/dev/embedded/administration/developer-admin/dev-admin", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/concepts/security-and-compliance.md", + "redirect_url": "/sharepoint/dev/embedded/compliance/security-and-compliance", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/concepts/app-concepts/app-architecture.md", + "redirect_url": "/sharepoint/dev/embedded/development/app-architecture", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/concepts/app-concepts/auth.md", + "redirect_url": "/sharepoint/dev/embedded/development/auth", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/concepts/content-experiences/office-experience.md", + "redirect_url": "/sharepoint/dev/embedded/development/content-experiences/office-experience", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/concepts/content-experiences/search-content.md", + "redirect_url": "/sharepoint/dev/embedded/development/content-experiences/search-content", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/concepts/content-experiences/user-experiences-overview.md", + "redirect_url": "/sharepoint/dev/embedded/development/content-experiences/user-experiences-overview", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/concepts/fluid.md", + "redirect_url": "/sharepoint/dev/embedded/development/fluid", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/concepts/app-concepts/limits-calling.md", + "redirect_url": "/sharepoint/dev/embedded/development/limits-calling", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/concepts/app-concepts/sharing-and-perm.md", + "redirect_url": "/sharepoint/dev/embedded/development/sharing-and-perm", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/tutorials/doc-processing-acs.md", + "redirect_url": "/sharepoint/dev/embedded/development/tutorials/doc-processing-acs", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/tutorials/launch-experience.md", + "redirect_url": "/sharepoint/dev/embedded/development/tutorials/launch-experience", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/tutorials/metadata.md", + "redirect_url": "/sharepoint/dev/embedded/development/tutorials/metadata", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/tutorials/migrate-abs-to-spe.md", + "redirect_url": "/sharepoint/dev/embedded/development/tutorials/migrate-abs-to-spe", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/tutorials/using-file-preview.md", + "redirect_url": "/sharepoint/dev/embedded/development/tutorials/using-file-preview", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/tutorials/using-webhooks.md", + "redirect_url": "/sharepoint/dev/embedded/development/tutorials/using-webhooks", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/concepts/app-concepts/containertypes.md", + "redirect_url": "/sharepoint/dev/embedded/getting-started/containertypes", + "redirect_document_id": false + }, + { + "source_path": "docs/embedded/concepts/app-concepts/register-api-documentation.md", + "redirect_url": "/sharepoint/dev/embedded/getting-started/register-api-documentation", + "redirect_document_id": false } ] } diff --git a/README.md b/README.md index 8d22cc941..4e77f8fcb 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Welcome to the SharePoint Framework! +# Welcome to the SharePoint Framework! The SharePoint Framework (SPFx) is a page and part model that enables client-side development for building SharePoint experiences. It facilitates easy integration with the SharePoint data, and provides support for open source tooling development. @@ -22,7 +22,6 @@ Review all the SPFx releases here from the [initial GA release in February 2017] * [Setup your Machine](https://learn.microsoft.com/sharepoint/dev/spfx/set-up-your-development-environment) * [Go build your first web part](https://learn.microsoft.com/sharepoint/dev/spfx/web-parts/get-started/build-a-hello-world-web-part) - ## Learn More * [Background and Philosophy](https://learn.microsoft.com/sharepoint/dev/spfx/sharepoint-framework-overview) diff --git a/assets/ace/URL.txt b/assets/ace/URL.txt new file mode 100644 index 000000000..7d3d66ec3 --- /dev/null +++ b/assets/ace/URL.txt @@ -0,0 +1 @@ +me/events?$select=subject,body,bodyPreview,organizer,attendees,start,end,location \ No newline at end of file diff --git a/assets/ace/calendar-top.png b/assets/ace/calendar-top.png new file mode 100644 index 000000000..d8cb719da Binary files /dev/null and b/assets/ace/calendar-top.png differ diff --git a/assets/ace/email-top.png b/assets/ace/email-top.png new file mode 100644 index 000000000..d9170e95a Binary files /dev/null and b/assets/ace/email-top.png differ diff --git a/assets/ace/events-quick-view.json b/assets/ace/events-quick-view.json new file mode 100644 index 000000000..fb16cb82b --- /dev/null +++ b/assets/ace/events-quick-view.json @@ -0,0 +1,85 @@ +{ + "type": "AdaptiveCard", + "version": "1.5", + "@odata.type": "#microsoft.graph.message", + "body": [ + { + "type": "Container", + "items": [ + { + "type": "Image", + "url": "https://raw.githubusercontent.com/SharePoint/sp-dev-docs/main/assets/ace/calendar-top.png" + }, + { + "type": "TextBlock", + "text": "This control displays the latest calendar events. You can open the event in Outlook or, if it's a meeting, you can join it simply clicking on the button next to the event.", + "wrap": true + } + ] + }, + { + "type": "Container", + "$data": "${value}", + "items": [ + { + "type": "ColumnSet", + "columns": [ + { + "type": "Column", + "width": "stretch", + "items": [ + { + "type": "TextBlock", + "text": "${subject}", + "size": "Medium" + }, + { + "type": "TextBlock", + "text": "${location.displayName}", + "spacing": "None" + }, + { + "type": "TextBlock", + "text": "${formatDateTime(substring(start.dateTime,0,19), 'dd/MM/yyyy hh:mm')}-${formatDateTime(substring(end.dateTime,0,19), 'hh:mm')}", + "spacing": "None", + "size": "Small" + } + ] + }, + { + "type": "Column", + "width": "auto", + "items": [ + { + "type": "Image", + "url": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAYCAYAAADgdz34AAAAAXNSR0IArs4c6QAAAvBJREFUSEvtVUtIalEUXdeKiDDIiIY1i7CIBkqRRrNCAqFM6AsRQhMLx5VSVvTBoqwIIqTIoCYV1aBZ/4EDk4gkmgg16iP9cFQaez+89N4zrz148AZvw+XCufectddeZ68tRCKRCP5iCP8MgM/nQ39/P9bX15Gfnw+bzYb6+nokJyfH5Z8Qg0AggObmZqjVarS2tsLr9WJ4eBhjY2PQ6/UMEA6H8fT0BJlMhoyMDAiCwOsJAayuroKehYUFZGZmgmSbm5vD+fk5HA4H3t/f0d3djcnJScjlcvT29sJisTC7hADcbjd2d3cxMzPDB1AsLS3h5OQEExMTODo64kNnZ2dxe3uLnp4eLC4uQqlUQgiHwxGPx4PDw0POJFbc3NzwhunpaTQ0NODy8hKdnZ1cHnqvra2JDB8fH7mcxKy0tBTC/f19pKmpiTP8TnR1dWFwcBDp6emIahQKhUCPRqPB+Pj4Dy0+A9DNqKys/A1nb28PfX190Gq1XIqioiLk5OSIQtKGh4cHbG1tMaBOp+M3i/wZYHl5GcTm1yANiLZCoUBxcTFSUlIkydbW1qK9vf1ngJKSEmRnZ6OmpgZmsxlOpxPb29u4u7vD6ekpCgoKYDQakZaWJgIEg0Fsbm6yHpQABWl2dXUFSiymBtRQVAq73Q6r1SoeVlVVxZuysrLEtajgU1NT3IAUx8fHvPc/AJfjj0pkMpnQ2NiIlZUVzM/Pf1uDg4MDDA0Nfa3BV3cwEZHf3t7YaV9fXzE6OhrfKigTioqKCiQlJXGjkaNGnZK+nZ2dwWAw8A0qKysD2TpZD92g8vLy+GZH7rmzsyO6aCxm9I/L5YJKpcLFxQUKCwu5h/Ly8qTtOuoxpElLSwt7/efw+/1oa2vjA2M5QELzYH9/HwRAndrR0YHc3Fy8vLxgY2MDIyMjqK6uFk0vFkPJeUDDhWxiYGCAx2U0qObU5XV1dUhNTf3SmyQBojsJ6Pn5GdfX1+xXZBdS8zihEknapsQPH6Mh/FGBh+hUAAAAAElFTkSuQmCC", + "selectAction": { + "type": "Action.OpenUrl", + "url": "${onlineMeeting.joinUrl}" + }, + "$when": "${isOnlineMeeting}" + } + ] + }, + { + "type": "Column", + "width": "auto", + "items": [ + { + "type": "Image", + "url": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAYCAYAAADgdz34AAAAAXNSR0IArs4c6QAAAR5JREFUSEvtljGuRFAUhv8rIdGQSHQahc4ORG8PbMICVBZgE+xBL3agU2h0RIJCQsLkSt4kM2/e3Fu8ea+hPef4zvnOjYscx3Hggw95BizLgjAM4boufN/nQmdZhqIokCQJZFl+qCHzPB9pmmIcxzOwbRvyPIdpmrBtmwtQVRWapoHneRBF8axRVRVBEID0fX/QTilAURTs+466rqFpGnRd5wJ0XYdhGGBZFgRBwDRNJ4BOdgdEUQTHcfAbisqyRBzHrwF057QDSZK++fxpHNrUuq6nAUIIXgLoeIZhcClhJbVte2p+UPS1A1YxT/ztDnhewMp5uwNWMU/8AjAtXYouRUwDzIT/OUUf+9g9X5nM+TkT7lfmn/9VcDbInXYDn/BFftWPiLMAAAAASUVORK5CYII=", + "selectAction": { + "type": "Action.OpenUrl", + "url": "${webLink}" + } + } + ] + } + ] + } + ], + "separator": true + } + ], + "$schema": "http://adaptivecards.io/schemas/adaptive-card.json" +} \ No newline at end of file diff --git a/assets/ace/messages-quick-view.json b/assets/ace/messages-quick-view.json new file mode 100644 index 000000000..74e7f40a1 --- /dev/null +++ b/assets/ace/messages-quick-view.json @@ -0,0 +1,84 @@ +{ + "type": "AdaptiveCard", + "version": "1.5", + "@odata.type": "#microsoft.graph.message", + "body": [ + { + "type": "Container", + "items": [ + { + "type": "Image", + "url": "https://raw.githubusercontent.com/SharePoint/sp-dev-docs/main/assets/ace/email-top.png" + }, + { + "type": "TextBlock", + "text": "This control displays the last email message received in your inbox. To view the message, simply click on the button. The message will open directly in Outlook, allowing you to read and respond to it as needed.", + "wrap": true + } + ] + }, + { + "type": "Container", + "$data": "${value}", + "items": [ + { + "type": "ColumnSet", + "columns": [ + { + "type": "Column", + "width": "stretch", + "items": [ + { + "type": "TextBlock", + "text": "${from.emailAddress.name}", + "size": "Medium", + "weight": "${if(isRead, 'normal', 'bolder')}" + }, + { + "type": "TextBlock", + "text": "${subject}", + "spacing": "None", + "weight": "${if(isRead, 'normal', 'bolder')}" + } + ] + }, + { + "type": "Column", + "width": "auto", + "items": [ + { + "type": "TextBlock", + "text": "${if(hasAttachments, '📎', '')} ${if(importance == 'normal', '', '❗')} ${if(flag.flagStatus == 'flagged', '🚩', '')}", + "horizontalAlignment": "Right" + }, + { + "type": "TextBlock", + "text": "{{DATE(${sentDateTime}, COMPACT)}} {{TIME(${sentDateTime})}}", + "spacing": "None", + "size": "Small" + } + ], + "verticalContentAlignment": "Center" + }, + { + "type": "Column", + "width": "auto", + "items": [ + { + "type": "Image", + "url": "${if(isRead, 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAYCAYAAADgdz34AAAAAXNSR0IArs4c6QAAAY5JREFUSEvt1aGLwlAcB/DvQ2FNg6BFMPg3WDRZRayGLWkxKViUgUkYWgRNKy5psG52kxb/BoOwMtEwTaLwjudxntObb3onHMe9uvH97Pd9vDdCKaV44SK/Btjv9zAMAz6fD5lMBoIgeJqbOwELHo/HaLfbME3zFBqNRlGr1ZDNZrmQK3AZvFqtUKlUUCwWT0C/30e320U4HOZCN4BbcCAQcFSy3W49QWfAa/B18TyIHA4Hqus6Wq0WLqu4/mLejl5D9XoduVwOZL1eU1EUEYlE0Ol0EAqFeFl3n282G1SrVViWheFw+AnMZjMoioJSqQS/3/8UcjweoaoqZFlGMpl0AolEAqPRCOVy+SnkI7zX6yGfz2M+nzuBRqMBttFsgkeRy3A2ATuEzWbzFmBjTSYTFAoFLJfLh2qKxWLQNA3pdBqs7i+BVCoFdvctFovzqfWqsNMdj8dBCMF0OnUHvAbee+8f4Lb4RyuybRuPXnBuXbGLLxgMvh+03W5HB4MBGPCTiwGSJIH7y/wu+nLgDSewZ7NrDNFAAAAAAElFTkSuQmCC', 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAYCAYAAADgdz34AAAAAXNSR0IArs4c6QAAARBJREFUSEvtlS2qhUAYhl+LRbALYhMsrsAF2MXmLhRsJpugu7CJ3QW4AotgE8EiBsFimYNevJxz8Th6YZpThpnv55nvnT+OEELAsHEPgKYue4nGcSS+76NtW9pibtkVRUEUReCGYSCO46Cua6y9KIq3Ev11nqYJaZpC07St/wUURQFd1+F5HmzbhiAIt0DzPCPLMsRxjKqqYJrmJ8B1XfR9vzms7SroPfEeJ0kSkiT5BARBAMMwcBRwVNGZX1mWCMPwGLDr8i3Bat+l+FbpJcARaFmWbZrn+VMJbwHeQXmeb0PLsk4Pwb8Ad47UA6CqdSiRqqqQZZkafMWh6zo0TfNzD5g/ds+PRtsT9j8a6z14AbwnH7bn+xIdAAAAAElFTkSuQmCC')}", + "selectAction": { + "type": "Action.OpenUrl", + "url": "${webLink}" + } + } + ] + } + ] + } + ], + "separator": true + } + ], + "$schema": "http://adaptivecards.io/schemas/adaptive-card.json" +} \ No newline at end of file diff --git a/assets/bot-powered/Media/Collect-Feedback.png b/assets/bot-powered/Media/Collect-Feedback.png new file mode 100644 index 000000000..16aecc8a0 Binary files /dev/null and b/assets/bot-powered/Media/Collect-Feedback.png differ diff --git a/assets/bot-powered/Media/Ok-Feedback.png b/assets/bot-powered/Media/Ok-Feedback.png new file mode 100644 index 000000000..ea5aa3a3b Binary files /dev/null and b/assets/bot-powered/Media/Ok-Feedback.png differ diff --git a/assets/bot-powered/TeamsAppManifest/icon-color.png b/assets/bot-powered/TeamsAppManifest/icon-color.png new file mode 100644 index 000000000..b8cf81afb Binary files /dev/null and b/assets/bot-powered/TeamsAppManifest/icon-color.png differ diff --git a/assets/bot-powered/TeamsAppManifest/icon-outline.png b/assets/bot-powered/TeamsAppManifest/icon-outline.png new file mode 100644 index 000000000..2c3bf6fa6 Binary files /dev/null and b/assets/bot-powered/TeamsAppManifest/icon-outline.png differ diff --git a/assets/bot-powered/TeamsAppManifest/manifest.json b/assets/bot-powered/TeamsAppManifest/manifest.json new file mode 100644 index 000000000..7a502770d --- /dev/null +++ b/assets/bot-powered/TeamsAppManifest/manifest.json @@ -0,0 +1,65 @@ +{ + "$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.14/MicrosoftTeams.schema.json", + "manifestVersion": "1.16", + "version": "1.0.0", + "id": "", + "packageName": "collectfeedback.botpoweredace", + "developer": { + "name": "", + "websiteUrl": "", + "privacyUrl": "", + "termsOfUseUrl": "", + "mpnId": "" + }, + "name": { + "short": "Collect Feedaback Bot Powered ACE", + "full": "This is a basic sample of a Bot Powered ACE for Microsoft Viva Connections Dashboard to collect user's feedback" + }, + "description": { + "short": "Basic sample of a Bot Powered ACE for Microsoft Viva Connections Dashboard to collect user's feedback", + "full": "Basic sample of how to use the latest release of the Bot Framework SDK to build a Bot Powered ACE for Microsoft Viva Connections Dashboard to collect user's feedback" + }, + "icons": { + "outline": "icon-outline.png", + "color": "icon-color.png" + }, + "accentColor": "#FFFFFF", + "bots": [ + { + "botId": "", + "needsChannelSelector": false, + "isNotificationOnly": false, + "supportsCalling": false, + "supportsVideo": false, + "supportsFiles": false, + "scopes": [ + "team", + "personal", + "groupchat" + ] + } + ], + "dashboardCards": [ + { + "id": "", + "displayName": "Collect Feedaback", + "description": "Bot Powered ACE to collect user's feedback", + "icon": { + "officeUIFabricIconName": "Feedback" + }, + "contentSource": { + "sourceType": "bot", + "botConfiguration": { + "botId": "" + } + }, + "defaultSize": "medium" + } + ], + "permissions": [ + "identity" + ], + "validDomains": [ + ".ngrok.io" + ] +} \ No newline at end of file diff --git a/assets/spfx/spfx-matrix.json b/assets/spfx/spfx-matrix.json new file mode 100644 index 000000000..66ddda059 --- /dev/null +++ b/assets/spfx/spfx-matrix.json @@ -0,0 +1,545 @@ +[ + { + "spfx": "1.21.1", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.21.1", + "node": [ + "v22" + ], + "typescript": [ + "v5.3" + ], + "react": [ + "v17.0.1" + ] + }, + { + "spfx": "1.21.0", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.21", + "node": [ + "v22" + ], + "typescript": [ + "v5.3" + ], + "react": [ + "v17.0.1" + ] + }, + { + "spfx": "1.20.0", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.20", + "node": [ + "v18" + ], + "typescript": [ + "v4.5", + "v4.7" + ], + "react": [ + "v17.0.1" + ], + "releaseDate": "2024-09-26" + }, + { + "spfx": "1.19.0", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.19", + "node": [ + "v18" + ], + "typescript": [ + "v4.5", + "v4.7" + ], + "react": [ + "v17.0.1" + ], + "releaseDate": "2024-05-01" + }, + { + "spfx": "1.18.2", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.18.2", + "node": [ + "v16", + "v18" + ], + "typescript": [ + "v4.5", + "v4.7" + ], + "react": [ + "v17.0.1" + ], + "releaseDate": "2023-11-21" + }, + { + "spfx": "1.18.1", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.18.1", + "node": [ + "v16", + "v18" + ], + "typescript": [ + "v4.5", + "v4.7" + ], + "react": [ + "v17.0.1" + ], + "releaseDate": "2023-11-07" + }, + { + "spfx": "1.18", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.18", + "node": [ + "v16", + "v18" + ], + "typescript": [ + "v4.5", + "v4.7" + ], + "react": [ + "v17.0.1" + ], + "releaseDate": "2023-09-12" + }, + { + "spfx": "1.17.4", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.17.4", + "node": [ + "v16.13+" + ], + "typescript": [ + "v4.5" + ], + "react": [ + "v17.0.1" + ] + }, + { + "spfx": "1.17.3", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.17.3", + "node": [ + "v16.13+" + ], + "typescript": [ + "v4.5" + ], + "react": [ + "v17.0.1" + ], + "releaseDate": "2023-06-21" + }, + { + "spfx": "1.17.2", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.17.2", + "node": [ + "v16.13+" + ], + "typescript": [ + "v4.5" + ], + "react": [ + "v17.0.1" + ], + "releaseDate": "2023-05-08" + }, + { + "spfx": "1.17.1", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.17.1", + "node": [ + "v16.13+" + ], + "typescript": [ + "v4.5" + ], + "react": [ + "v17.0.1" + ], + "releaseDate": "2023-04-12" + }, + { + "spfx": "1.17.0", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.17", + "node": [ + "v16.13+" + ], + "typescript": [ + "v4.5" + ], + "react": [ + "v17.0.1" + ], + "releaseDate": "2023-04-04" + }, + { + "spfx": "1.16.1", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.16.1", + "node": [ + "v16.13+" + ], + "typescript": [ + "v4.5" + ], + "react": [ + "v17.0.1" + ], + "releaseDate": "2022-11-30" + }, + { + "spfx": "1.16.0", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.16", + "node": [ + "v16.13+" + ], + "typescript": [ + "v4.5" + ], + "react": [ + "v17.0.1" + ], + "releaseDate": "2022-11-15" + }, + { + "spfx": "1.15.2", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.15.2", + "node": [ + "v12", + "v14", + "v16" + ], + "typescript": [ + "v4.5" + ], + "react": [ + "v16.13.1" + ], + "releaseDate": "2022-08-02" + }, + { + "spfx": "1.15.0", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.15", + "node": [ + "v12", + "v14", + "v16" + ], + "typescript": [ + "v4.5" + ], + "react": [ + "v16.13.1" + ], + "releaseDate": "2022-06-21" + }, + { + "spfx": "1.14.0", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.14", + "node": [ + "v12", + "v14" + ], + "typescript": [ + "v3.9" + ], + "react": [ + "v16.13.1" + ], + "releaseDate": "2022-02-17" + }, + { + "spfx": "1.13.1", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.13.1", + "node": [ + "v12", + "v14" + ], + "typescript": [ + "v3.9" + ], + "react": [ + "v16.13.1" + ], + "releaseDate": "2021-11-23" + }, + { + "spfx": "1.13.0", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.13", + "node": [ + "v12", + "v14" + ], + "typescript": [ + "v3.9" + ], + "react": [ + "v16.13.1" + ], + "releaseDate": "2021-10-21" + }, + { + "spfx": "1.12.1", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.12.1", + "node": [ + "v10", + "v12", + "v14" + ], + "typescript": [ + "v3.7" + ], + "react": [ + "v16.9.0" + ], + "releaseDate": "2021-04-28" + }, + { + "spfx": "1.12.0", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.12.0", + "node": [ + "v12", + "v10" + ], + "typescript": [ + "v3.7" + ], + "react": [ + "v16.9.0" + ], + "deprecated": true, + "releaseDate": "2021-03-15" + }, + { + "spfx": "1.11.0", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.11.0", + "node": [ + "v10" + ], + "typescript": [ + "v3.3" + ], + "react": [ + "v16.8.5" + ] + }, + { + "spfx": "1.10.0", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.10.0", + "node": [ + "v8", + "v10" + ], + "typescript": [ + "v3.3" + ], + "react": [ + "v16.8.5" + ], + "releaseDate": "2020-07-16" + }, + { + "spfx": "1.9.1", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.9.1", + "node": [ + "v8", + "v10" + ], + "typescript": [ + "v2.9" + ], + "react": [ + "v16.8.5" + ], + "releaseDate": "2019-08-14" + }, + { + "spfx": "1.8.2", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.8.2", + "node": [ + "v8", + "v10" + ], + "typescript": [ + "v2.9" + ], + "react": [ + "v16.7.0" + ], + "releaseDate": "2019-05-07" + }, + { + "spfx": "1.8.1", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.8.1", + "node": [ + "v8" + ], + "typescript": [ + "v2.7", + "v2.9", + "v3" + ], + "react": [ + "v16.7.0" + ], + "releaseDate": "2019-04-16" + }, + { + "spfx": "1.8.0", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.8.0", + "node": [ + "v8" + ], + "typescript": [ + "v2.7", + "v2.9", + "v3" + ], + "react": [ + "v16.7.0" + ], + "releaseDate": "2019-03-14" + }, + { + "spfx": "1.7.1", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.7.1", + "node": [ + "v8" + ], + "typescript": [ + "v2.4" + ], + "react": [ + "v16.3.2" + ], + "releaseDate": "2018-12-18" + }, + { + "spfx": "1.7.0", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.7", + "node": [ + "v8" + ], + "typescript": [ + "v2.4" + ], + "react": [ + "v16.3.2" + ], + "releaseDate": "2018-11-08" + }, + { + "spfx": "1.6.0", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.6", + "node": [ + "v6", + "v8" + ], + "typescript": [ + "v2.4" + ], + "react": [ + "v15" + ] + }, + { + "spfx": "1.5.1", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.5.1", + "node": [ + "v6", + "v8" + ], + "typescript": [ + "v2.4" + ], + "react": [ + "v15" + ], + "releaseDate": "2018-06-26" + }, + { + "spfx": "1.5.0", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.5", + "node": [ + "v6", + "v8" + ], + "typescript": [ + "v2.4" + ], + "react": [ + "v15" + ], + "releaseDate": "2018-06-05" + }, + { + "spfx": "1.4.1", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.4.1", + "node": [ + "v6", + "v8" + ], + "typescript": [ + "v2.4" + ], + "react": [ + "v15" + ], + "releaseDate": "2018-02-18" + }, + { + "spfx": "1.4.0", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.4", + "node": [ + "v6" + ], + "typescript": [ + "v2.4" + ], + "react": [ + "v15" + ], + "releaseDate": "2017-12-07" + }, + { + "spfx": "1.3.0", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.3", + "node": [ + "v6" + ], + "typescript": [ + "v2.4" + ], + "react": [ + "v15" + ], + "releaseDate": "2017-08-25" + }, + { + "spfx": "1.1.0", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.1", + "node": [ + "v6" + ], + "typescript": [ + "v2.4" + ], + "react": [ + "v15" + ], + "releaseDate": "2017-06-06" + }, + { + "spfx": "1.0.0", + "url": "https://learn.microsoft.com/sharepoint/dev/spfx/release-1.0.0", + "node": [ + "v6" + ], + "typescript": [ + "v2.4" + ], + "react": [ + "v15" + ], + "releaseDate": "2017-02-22" + } +] \ No newline at end of file diff --git a/assets/vc-backgrounds/01_Teal.png b/assets/vc-backgrounds/01_Teal.png new file mode 100644 index 000000000..98158b37b Binary files /dev/null and b/assets/vc-backgrounds/01_Teal.png differ diff --git a/assets/vc-backgrounds/02_Blue.png b/assets/vc-backgrounds/02_Blue.png new file mode 100644 index 000000000..a9c23fb91 Binary files /dev/null and b/assets/vc-backgrounds/02_Blue.png differ diff --git a/assets/vc-backgrounds/03_Orange.png b/assets/vc-backgrounds/03_Orange.png new file mode 100644 index 000000000..8e811de8f Binary files /dev/null and b/assets/vc-backgrounds/03_Orange.png differ diff --git a/assets/vc-backgrounds/04_Red.png b/assets/vc-backgrounds/04_Red.png new file mode 100644 index 000000000..b42888406 Binary files /dev/null and b/assets/vc-backgrounds/04_Red.png differ diff --git a/assets/vc-backgrounds/05_Purple.png b/assets/vc-backgrounds/05_Purple.png new file mode 100644 index 000000000..888e21a84 Binary files /dev/null and b/assets/vc-backgrounds/05_Purple.png differ diff --git a/assets/vc-backgrounds/06_Green.png b/assets/vc-backgrounds/06_Green.png new file mode 100644 index 000000000..494d7dd31 Binary files /dev/null and b/assets/vc-backgrounds/06_Green.png differ diff --git a/assets/vc-backgrounds/07_Gray.png b/assets/vc-backgrounds/07_Gray.png new file mode 100644 index 000000000..3ec725883 Binary files /dev/null and b/assets/vc-backgrounds/07_Gray.png differ diff --git a/assets/vc-backgrounds/08_Periwinkle.png b/assets/vc-backgrounds/08_Periwinkle.png new file mode 100644 index 000000000..23b6fa00a Binary files /dev/null and b/assets/vc-backgrounds/08_Periwinkle.png differ diff --git a/assets/vc-backgrounds/09_Black.png b/assets/vc-backgrounds/09_Black.png new file mode 100644 index 000000000..4a1837aa9 Binary files /dev/null and b/assets/vc-backgrounds/09_Black.png differ diff --git a/assets/vc-backgrounds/10_Cerulean.png b/assets/vc-backgrounds/10_Cerulean.png new file mode 100644 index 000000000..86c8be663 Binary files /dev/null and b/assets/vc-backgrounds/10_Cerulean.png differ diff --git a/assets/vc-backgrounds/11_Cobalt.png b/assets/vc-backgrounds/11_Cobalt.png new file mode 100644 index 000000000..a2f354798 Binary files /dev/null and b/assets/vc-backgrounds/11_Cobalt.png differ diff --git a/assets/vc-backgrounds/12_Dark Yellow.png b/assets/vc-backgrounds/12_Dark Yellow.png new file mode 100644 index 000000000..224126c84 Binary files /dev/null and b/assets/vc-backgrounds/12_Dark Yellow.png differ diff --git a/assets/vc-backgrounds/13_Dark Blue.png b/assets/vc-backgrounds/13_Dark Blue.png new file mode 100644 index 000000000..f38b33e1f Binary files /dev/null and b/assets/vc-backgrounds/13_Dark Blue.png differ diff --git a/assets/vc-backgrounds/14_Custom_Color.png b/assets/vc-backgrounds/14_Custom_Color.png new file mode 100644 index 000000000..624e7605d Binary files /dev/null and b/assets/vc-backgrounds/14_Custom_Color.png differ diff --git a/assets/vc-backgrounds/15_Hero_Connections_Dark.png b/assets/vc-backgrounds/15_Hero_Connections_Dark.png new file mode 100644 index 000000000..90cf818b5 Binary files /dev/null and b/assets/vc-backgrounds/15_Hero_Connections_Dark.png differ diff --git a/docs/apis/addin-management-apis.md b/docs/apis/addin-management-apis.md index 4615949a3..f5cab6571 100644 --- a/docs/apis/addin-management-apis.md +++ b/docs/apis/addin-management-apis.md @@ -28,7 +28,7 @@ For more information about SharePoint Add-in, see [SharePoint Add-ins](../sp-add ## Get available Add-ins in sites -This API will return the Add-ins that could be used on the given sites. This contains two kinds of install, one is the Add-in installed on the site. +This API will return the Add-ins that could be used on the given sites. This contains two kinds of install, one is the Add-in installed on the site. The other is the Add-in installed on the tenant level app catalog site, and it matches the conditions to use the Add-in. For more information, see [Tenancies and deployment scopes for SharePoint Add-ins](../sp-add-ins/tenancies-and-deployment-scopes-for-sharepoint-add-ins.md). @@ -42,13 +42,16 @@ POST {adminSiteUrl}/_api/web/AvailableAddIns ### Request body -| Name | Required | Type | Description | -|--------------------|----------|----------|-------------------------------------------------------------------------------------------------------| -| serverRelativeUrls | yes | string[] | List of the server relative url of sites that want to get the available Add-ins. Maximum size is 500. | +| Name | Required | Type | Description | +|--------------------|----------|----------|-------------------------------------------------------------------------------------------------------------------------------------------------| +| serverRelativeUrls | no | string[] | List of the server relative url of sites that want to get the available Add-ins. Maximum size is 500. | +| urls | no | string[] | List of the url of sites that want to get the available Add-ins, both server relative url and absolute url are acceptable. Maximum size is 500. | + +When urls is not null, serverRelativeUrls will be disregarded. ### Responses -| Name | Type | Description | +| Name | Type | Description | |-----------------------------|--------------------------------|--------------------------------------------------------------------------------------| | addins | SPAddinInstanceInfo[] | Available Add-in instance object. | | errorsWithServerRelativeUrl | SPErrorWithServerRelativeUrl[] | Server relative urls that failed to get available add-ins and corresponding reasons. | @@ -88,7 +91,7 @@ POST {adminSiteUrl}/_api/web/AvailableAddIns | Name | Type | Description | |-------------------|--------|--------------------------------------------------------| -| serverRelativeUrl | string | The serverRelativeUrl in the request body. | +| serverRelativeUrl | string | The serverRelativeUrl or url in the request body. | | errorMessage | string | The error message why fetch the site's Add-ins failed. | ## Get Add-in permissions in site collections @@ -111,13 +114,15 @@ POST {adminSiteUrl}/_api/web/AddinPermissions #### SPAddinPermissionRequest -| Name | Type | Description | -|-------------------|----------|--------------------------------------------------------------------------------------------------------------------------------| -| serverRelativeUrl | string | The server relative url of the site collection. It will return site collection scope permissions of the given site collection. | -| appIdentifiers | string[] | The identifier list of the Add-ins. | +| Name | Type | Description | +|-------------------|----------|-------------------------------------------------------------------------------------------| +| serverRelativeUrl | string | The server relative url of the site collection. | +| url | string | The url of the site collection, both server relative url and absolute url are acceptable. | +| appIdentifiers | string[] | The identifier list of the Add-ins. | -### Responses +The serverRelativeUrl and url can't be both null. If both serverRelativeUrl and url are provided, the url will be used. +### Responses | Name | Type | Description | |------------------|-------------------------------|-----------------------------------------------------------------------| | addinPermissions | SPAddinPermissionInfo[] | The returned permissions. | @@ -131,6 +136,7 @@ POST {adminSiteUrl}/_api/web/AddinPermissions | siteCollectionScopedPermissions | SPSiteCollectionScopedPermissionInfo[] | This is the permissions grant in site collection scope level. | | appIdentifier | string | The identifier of the Add-in. | | serverRelativeUrl | string | The server relative url of the site collection. | +| absoluteUrl | string | The absolute url of the site collection. | | allowAppOnly | bool | This identifies if the Add-in allows app only mode. For more information, see [Add-in authorization policy types in SharePoint](../sp-add-ins/add-in-authorization-policy-types-in-sharepoint.md). | #### SPTenantScopedPermissionInfo @@ -155,11 +161,11 @@ POST {adminSiteUrl}/_api/web/AddinPermissions #### SPAddinPermissionFailedInfo -| Name | Type | Description | -|-------------------|--------|-----------------------------------------------------------| -| serverRelativeUrl | string | The server relative url of the site collection. | -| appIdentifier | string | The identifier list of the Add-in. | -| errorMessage | string | The error message why fetch the Add-in permission failed. | +| Name | Type | Description | +|-------------------|--------|-----------------------------------------------------------------| +| serverRelativeUrl | string | The server relative url or absolute url of the site collection. | +| appIdentifier | string | The identifier list of the Add-in. | +| errorMessage | string | The error message why fetch the Add-in permission failed. | ## Get tenant ACS service principals @@ -210,9 +216,12 @@ POST {adminSiteUrl}/_api/web/GetAddinPrincipalsHavingPermissionsInSites ### Request body -| Name | Required | Type | Description | -|--------------------|----------|----------|-------------------------------------------------------------------| -| serverRelativeUrls | yes | string[] | List site collections' server relative url. Maximum size is 500. | +| Name | Required | Type | Description | +|--------------------|----------|----------|------------------------------------------------------------------------------------------------------------| +| serverRelativeUrls | no | string[] | List site collections' server relative url. Maximum size is 500. | +| urls | no | string[] | List site collections' url, both server relative url and absolute url are acceptable. Maximum size is 500. | + +When urls is not null, serverRelativeUrls will be disregarded. ### Responses @@ -228,18 +237,19 @@ POST {adminSiteUrl}/_api/web/GetAddinPrincipalsHavingPermissionsInSites | title | string | The title of the Add-in. | | appIdentifier | string | The app identifier. | | serverRelativeUrl | string | The server relative url of the site collection. | +| absoluteUrl | string | The absolute url of the site collection. | #### SPErrorWithServerRelativeUrl -| Name | Type | Description | -|-------------------|--------|----------------------------------------------------------| -| serverRelativeUrl | string | The site collection's server relative url. | -| errorMessage | string | The error message why fetch the Add-in principal failed. | +| Name | Type | Description | +|-------------------|--------|------------------------------------------------------------| +| serverRelativeUrl | string | The site collection's server relative url or absolute url. | +| errorMessage | string | The error message why fetch the Add-in principal failed. | ## Uninstall Add-ins -This API will trigger an async job to uninstall the Add-in. If the job triggered successfully, the job id will be returned. +This API will trigger an async job to uninstall the Add-in. If the job triggered successfully, the job id will be returned. This API needs the app to have Sites.FullControl.All permission. @@ -257,10 +267,13 @@ POST {adminSiteUrl}/_api/web/UninstallAddins #### SPUninstallAddinRequest -| Name | Type | Description | -|-------------------|--------|----------------------------------| -| serverRelativeUrl | string | The site's server relative url. | -| appInstanceIds | Guid[] | The instance ids of the Add-ins. | +| Name | Type | Description | +|-------------------|--------|---------------------------------------------------------------------------| +| serverRelativeUrl | string | The site's server relative url. | +| url | string | The site's url, both server relative url and absolute url are acceptable. | +| appInstanceIds | Guid[] | The instance ids of the Add-ins. | + +The serverRelativeUrl and url can't be both null. If both serverRelativeUrl and url are provided, the url will be used. ### Responses @@ -275,6 +288,7 @@ POST {adminSiteUrl}/_api/web/UninstallAddins |-------------------|--------|---------------------------------| | appInstanceId | Guid | The instance id of the Add-in. | | serverRelativeUrl | string | The site's server relative url. | +| absoluteUrl | string | The site's absolute url. | | uninstallJobId | Guid | The triggered uninstall job id. | #### SPFailToTriggerUninstallAddinJobResponse @@ -288,8 +302,8 @@ POST {adminSiteUrl}/_api/web/UninstallAddins ## Get uninstall Add-in job status -Since the uninstall Add-in is an async process, this API will provide the ability to check if the uninstall ends successfully. -If the job ends successfully, then the job will be not found. If the job ends with failure, then it will return the error detail. +Since the uninstall Add-in is an async process, this API will provide the ability to check if the uninstall ends successfully. +If the job ends successfully, then the job will be not found. If the job ends with failure, then it will return the error detail. This API needs the app to have at least Sites.Read.All permission. @@ -301,16 +315,20 @@ POST {adminSiteUrl}/_api/web/GetAddinUninstallJobDetail ### Request body -| Name | Required | Type | Description | -|-------------------|----------|--------|---------------------------------| -| jobId | yes | Guid | This uninstall job id. | -| serverRelativeUrl | yes | string | The site's server relative url. | +| Name | Required | Type | Description | +|-------------------|----------|--------|----------------------------------------------------------------------------| +| jobId | yes | Guid | This uninstall job id. | +| serverRelativeUrl | no | string | The site's server relative url. | +| url | no | string | The site's url, both server relative url and absolute url are acceptable. | + +The serverRelativeUrl and url can't be both null. If both serverRelativeUrl and url are provided, the url will be used. ### Responses | Name | Type | Description | |-------------------|-------------------------------|--------------------------------------------------| | serverRelativeUrl | string | The site's server relative url. | +| absoluteUrl | string | The site's absolute url. | | taskStartTime | DateTime | The time when the task starts executing. | | jobId | Guid | The uninstall job id. | | siteId | Guid | The site collection id. | diff --git a/docs/apis/amr-api-reference.md b/docs/apis/amr-api-reference.md new file mode 100644 index 000000000..2c3e44aa8 --- /dev/null +++ b/docs/apis/amr-api-reference.md @@ -0,0 +1,253 @@ +--- +title: "SharePoint Asynchronous Metadata Read (AMR) API Reference Guide" +description: "This article provides in-depth information on how to use the SharePoint AMR API." +ms.date: 04/18/2024 +ms.author: ranren +author: underreview +manager: dapodean +audience: ITPro +ms.subservice: migration-tool +ms.topic: article +ms.localizationpriority: high +ms.collection: + - SPMigration + - m365-collaboration +--- +# SharePoint Asynchronous Metadata Read (AMR) API Reference Guide + +Use this document as the guide when using SharePoint Asynchronous Metadata Read (AMR) API. + +AMR API aggregates SharePoint metadata into a manifest package. Use the package for incremental migration, structure creation, post-migration validation, or permission management. + +## CSOM and REST + +AMR API supports both SharePoint Client Side Object Model (CSOM) and REST. + +### Use NuGet Packages with CSOM + +To reference the SharePoint Client Side Object Model (CSOM) in your solution, use NuGet packages. + +Manage dependencies easily and ensure your solution is using the latest version of the CSOM library with NuGet packages. + +Get the latest version of the CSOM package at the [SharePoint Client-side Object Model Libraries](https://www.nuget.org/packages/Microsoft.SharePointOnline.CSOM) with the ID `Microsoft.SharePointOnline.CSOM`. + +Check [Get to know SharePoint REST service](/sharepoint/dev/sp-add-ins/get-to-know-the-sharepoint-rest-service) for instructions on REST API. + +## CreateSPAsyncReadJob method + +Creates an AMR job to read all the metadata of the specified SharePoint URL and its children into the specified manifest container. + +### CreateSPAsyncReadJob syntax + +```csharp +public SPAsyncReadJobInfo CreateSPAsyncReadJob(String url, +SPAsyncReadOptions readOptions, +EncryptionOption encryptionOption, +string azureContainerManifestUri, +string azureQueueReportUri) +``` + +### CreateSPAsyncReadJob parameters + +#### url + +Required. + +A **String** value containing the full path URL of the path of the SharePoint List, files/folders, or Document Library **to read**. AMR API returns all the metadata of files, folders, and root objects, **including subfolders and any children content**. + +##### Example + +This example `url` returns all metadata of Shared Document, and its children: + +```http +https://www.contoso.com/Shared%20Document +``` + +#### readOptions + +Required. + +A `SPAsyncReadOptions` structure, with `readOption` values specifying the types of metadata to read. + +##### IncludeVersions + +Optional. + +A **Bool** value to indicate if AMR API reads multiple versions of files and List Items. + +Default value is `false`. When absent or set to `false`, AMR API only reads the latest version of items. + +##### IncludeSecurity + +Optional. + +A **Bool** value to indicate if AMR API reads Users and Groups information related to a Site. + +Default value is `false`. + +AMR API reads Users and Groups as Authors or Modifiers as part of the metadata of the objects. + +If set to `true`, AMR API reads all Users in Site Collections. When reading multiple Document Libraries under the same Site Collection, the same Users and Group might appear in the read package multiple times. + +##### IncludeDirectDescendantsOnly + +Optional. + +A **Bool** value to indicate if AMR API reads only the metadata of the direct descendants. + +Default value is `false`. + +If set to `true`, AMR API reads only the metadata of the direct descendants. + +Use this `readOption` along with `IncludeSecurity` `readOption` together to improve performance when reading metadata from a Document Library containing large number of items, as described in [Best practice](export-amr-api.md) to avoid slow performance. + +##### IncludeExtendedMetadata + +Optional. + +Default value is `false`. + +When set to `false`, AMR API reads basic metadata: + +- List +- Folder +- File +- List Item +- Roles +- Role Assignments + +When set to `true`, AMR API reads all metadata available: + +For Files: + +- Web Part +- Web Part personalization +- Links +- Version events +- Event receivers +- Attachment metadata + +For Lists: + +- Custom actions +- List shortcuts + +For List Items: + +- Comments +- Documents set links +- Activities +- List Item shortcuts + +Including extended metadata slows down the read significantly. For file share migrations, keep the default value `false`. Set to `true` only when necessary, for complex migration projects. + +##### IncludePermission + +Optional. + +A **Bool** value to indicate if permissions read is needed. Default value is `false`. + +When set to `true`, AMR API reads permission metadata in `RoleAssignments` tags in `Manifest.xml` files. The file includes all distinguished permission metadata for each read SharePoint object, along with property `ScopeId`. + +##### StartChangeToken + +Optional. + +A **Integer** value containing the changeToken item. + +By default, when no `StartChangeToken` is provided, `CreateSPAsyncReadJob` method returns all items available, based on the parameters. A `CurrentChangeToken` value is returned every time. + +To read only the items that changed since last read, set a `StartChangeToken` in subsequent calls to `CreateSPAsyncReadJob`. Use `CurrentChangeToken` returned from last call as the value of `StartChangeToken`. + +AMR API returns an error and stops the read, if it receives an invalid `StartChangeToken` value. + +Be careful when using this feature with large number of items. The read job could run for extended duration. AMR API cancels jobs that run over 10 minutes to protect the SharePoint infrastructure. + +#### encryptionOption + +Optional. + +A `EncryptionOption` object, containing the AES-256-CBC Key used to decrypt the output. + +By default, AMR API doesn't encrypt the output and event queue. If set with AES-256-CBC Key, AMR API encrypts the output with the key supplied. + +See [`EncryptionOption`](/dotnet/api/microsoft.sharepoint.client.encryptionoption) class for details. + +#### azureContainerManifestUri + +Required. + +A **String** value, which is the destination URL of the Azure Blob Storage Container containing the output manifest package. + +See [Azure](migration-azure.md) for instructions of using Azure Blob Storage Container in migration. + +#### azureQueueReportUri + +Required. + +A **String** value, which is the URL of the Azure Queue to receive read status messages. + +Share `azureQueueReportUri` among different jobs if necessary. AMR API returns `JobID` to identify individual jobs created. + +See [Azure](migration-azure.md) for instructions of using Azure Queue in migration. Check [Migration events in Azure Queue](migration-events.md) for types of events. + +### CreateSPAsyncReadJob return values + +#### Job ID + +A **Guid** value, which contains Job ID, the unique identifier of the migration job. The method returns a `null` value, if it fails to create the job. + +AMR API generates a `JobEnd` event when it estimates item count for each `url`. Check [Events](migration-events.md) for details. + +#### AzureContainerManifest + +A **Uri** value that contains the URL to access the Azure Blob Storage Container, which contains the metadata read. + +#### JobQueueUri + +A **Uri** value that contains the URL of the Azure Queue used for read status. + +#### EncryptionKey + +A **Byte Array** value that contains the AES-256-CBC Key for decrypting the manifest files and messages in the Azure Queue. + +## CreateSPAsyncReadJobWithMultiUrl method + +Creates an AMR job to read all the metadata of all SharePoint URLs specified, and their children into the specified manifest container. + +### CreateSPAsyncReadJobWithMultiUrl syntax + +```csharp +public SPAsyncReadJobInfo CreateSPAsyncReadJobWithMultiUrl( + String[] urls, + SPAsyncReadOptions readOptions, + EncryptionOption encryptionOption, + String azureContainerManifestUri, + String azureQueueReportUri) +``` + +### CreateSPAsyncReadJobWithMultiUrl parameters + +See `CreateSPAsyncReadJob` method for details of `readOptions`, `encryptionOption`, `azureContainerManifestUri`, and `azureQueueReportUri`. + +#### urls + +Required. + +A **Uri** **Array** containing the full path URLs of the root paths of the SharePoint Lists, files/folders, or Document Libraries to read. AMR API returns all the metadata of files, folders, and root objects, **including subfolders and any children content**. + +Specify multiple URLs when needed. Aggravated call with multiple URLs might improve the performance. See [Performance](export-amr-api.md#performance) for details. + +## Errors + +### -2146232832 + +The changeToken refers to a time before the start of the current change log. + +The change log is limited to 60 days immediately before the current date. AMR API returns this error code when the specified `changeToken` refers to a time outside the 60-day window. + +### -2147213196 + +Operation canceled. + +AMR API received a cancellation request from the client and cancels the read operation. diff --git a/docs/apis/csom-methods-for-applying-retention-labels.md b/docs/apis/csom-methods-for-applying-retention-labels.md index 0221139f8..ddde1e391 100644 --- a/docs/apis/csom-methods-for-applying-retention-labels.md +++ b/docs/apis/csom-methods-for-applying-retention-labels.md @@ -1,21 +1,18 @@ --- -title: CSOM methods for applying retention labels -description: CSOM methods are available to apply (set) a retention label (ComplianceTag) on one or many items (ListItems) in SharePoint. +title: CSOM methods for retention labels +description: CSOM methods are available to apply (set) a retention label (ComplianceTag) on one or many items (ListItems) in SharePoint. Also includes settings of retention labels in ODB and SPO. author: kyracatwork ms.author: kyrachurney -ms.date: 4/18/2023 +ms.date: 9/30/2024 --- -# CSOM methods for applying retention labels (setting ComplianceTags) +# CSOM methods for applying retention labels and managing settings of record labels Retention labels let you apply retention settings for governance control at the item level, and are part of the Microsoft Purview compliance solutions. [Learn more about retention labels.](/microsoft-365/compliance/retention#retention-labels) Retention labels may classify contents as records, which place restrictions on what actions are allowed or blocked. [Learn more about declaring records by using retention labels](/microsoft-365/compliance/declare-records) -CSOM methods are available to apply (set) a retention label (ComplianceTag) on one or many items (ListItems) in SharePoint. Retention labels can be applied using this method without being published to the location by an existing label policy. - -> [!IMPORTANT] -> Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here. +CSOM methods are available to apply (set) a retention label (ComplianceTag) on one or many items (ListItems) in SharePoint, and change retention labels settings for deleting, versioning, and changing properties of records. Retention labels can be applied using this method without being published to the location by an existing label policy. ## SetComplianceTagOnBulkItems @@ -37,6 +34,93 @@ public List SetComplianceTagOnBulkItems( Attribute [RemoteAttribute](/dotnet/api/microsoft.sharepoint.client.remoteattribute) +## GetAllowFilesWithKeepLabelToBeDeletedODB + +Get whether files with Keep Label can be deleted in ODB. + + +```c# + +public static bool GetAllowFilesWithKeepLabelToBeDeletedODB() +``` + +## SetAllowFilesWithKeepLabelToBeDeletedODB + +Set whether files with Keep Label can be deleted in ODB + + +```c# +public static void SetAllowFilesWithKeepLabelToBeDeletedODB(bool allowDeletion) +``` + +Parameters + +- 'allowDeletion' [Boolean](/dotnet/api/system.boolean) + +## GetAllowFilesWithKeepLabelToBeDeletedSPO +Get whether files with Keep Label can be deleted in SPO. + +```c# + +public static bool GetAllowFilesWithKeepLabelToBeDeletedSPO() +``` + +## SetAllowFilesWithKeepLabelToBeDeletedSPO + +Set whether files with Keep Label can be deleted in SPO. + +```c# +public static void SetAllowFilesWithKeepLabelToBeDeletedSPO(bool allowDeletion) +``` + +Parameters + +- 'allowDeletion' [Boolean](/dotnet/api/system.boolean) + +## GetAdvancedRecordVersioningDisabled + +Get whether advanced record versioning is disabled. + +```c# + +public static bool GetAdvancedRecordVersioningDisabled() +``` + +## SetAdvancedRecordVersioningDisabled + +Set to enable or disable the advanced record versioning. + +```c# +public static void SetAdvancedRecordVersioningDisabled(bool disabled) +``` + +Parameters + +- 'disabled' [Boolean](/dotnet/api/system.boolean) + +## GetMetadataEditBlockingEnabled + +Get whether metadata edit blocking is enabled. + +```c# + +public static bool GetMetadataEditBlockingEnabled() + +``` + +## SetMetadataEditBlockingEnabled + +Set metadata edit blocking enabled setting. + + +```c# +public static void SetMetadataEditBlockingEnabled(bool enabled) +``` + +Parameters + +- 'enabled' [Boolean](/dotnet/api/system.boolean) + ### Applies to |Product|Versions| diff --git a/docs/apis/export-amr-api.md b/docs/apis/export-amr-api.md index f3ad638b0..fe7248b8f 100644 --- a/docs/apis/export-amr-api.md +++ b/docs/apis/export-amr-api.md @@ -1,10 +1,10 @@ --- -title: "SharePoint Migration Export (Asynchronous Metadata Read) API" -description: This document targets ISVs and any third-party vendors/developers who are developing and maintaining a migration tool. -ms.date: 09/12/2023 -ms.author: jhendr -author: JoanneHendrickson -manager: serdars +title: "SharePoint Asynchronous Metadata Read (AMR) API Introduction" +description: Overview how to read metadata from SharePoint, targeted to SharePoint migration tool developers. +ms.date: 07/23/2025 +ms.author: ranren +author: underreview +manager: dapodean audience: ITPro ms.subservice: migration-tool ms.topic: article @@ -13,366 +13,111 @@ ms.collection: - SPMigration - m365-collaboration --- -# SharePoint Migration Export (Asynchronous Metadata Read) API +# SharePoint Asynchronous Metadata Read (AMR) API Introduction -## Overview +The SharePoint Asynchronous Metadata Read (AMR) API enables the asynchronous export of metadata from SharePoint and OneDrive. -The goal of the new Migration Asynchronous Metadata Read (AMR) API is to reduce the number of calls, reduce throttling, and improve overall migration performance for our customers. Instead of calling thousands of calls to query information from SPO, the new Migration Asynchronous Metadata Read can return the same amount of data in a single read. +Use AMR API to export metadata from SharePoint for incremental migration and post-migration validation. -When the new SharePoint Migration Export (Asynchronous Metadata Read) API performs a read operation of a provided URL, the Microsoft backend software aggregates all the information into a designated manifest. The ISV can read back from the manifest and parse the metadata without sending thousands of calls individually. The AMR API also has the ability to load balance the server, and supports an unlimited amount of metadata to be migrated. +AMR is designed exclusively for import scenarios. It exhibits poor scalability when handling requests for metadata, permissions, or versions. We can't provide performance assurances for AMR usage in data export scenarios, such as cross-tenant migrations. -This document targets ISVs and any third-party vendors/developers who are developing and maintaining a migration tool. +## What's new -### Background +### January 2024 -Currently, the [SharePoint Online Migration API](migration-api-overview.md), lets your migration tool efficiently migrate large amounts data to SharePoint Online. However, the lack of an official API to read content from SharePoint Online means that these tools must rely on CSOM/Vroom function calls to perform individual metadata read operations. +We reformatted this document to bring clarity and correct errors. -Large numbers of calls increase the likelihood of throttling, which impacts migration performance and customer experience. Ineffective call usage results in large SQL round trip per function calls that can potentially bring down the database and impact its reliability. +## Export steps overview -A migration performance study identified four areas where a high number of calls are heavily used: +Export metadata from SharePoint in three steps: -- **Incremental migration** relies on calls to retrieve the SharePoint online (SPO) content. It compares it with the source location to determine if there have been any changes to the content and whether to proceed with migration. -- **Structure creation** leverages calls for site, web part and navigation creation. -- **After migration verification** is done when migration is completed and is used to ensure the source and destination file metadata matches. -- **Permission settings** function calls are made to get user permission information. +### Provision the destination containers and the queue -## SharePoint Migration Export (Asynchronous Metadata Read) API - -The SharePoint Migration Export (Asynchronous Metadata Read) API aims to reduce the calls in areas: incremental migration, after migration verification and permission settings. - -> [!Note] -> The first version of the SharePoint Migration Export (Asynchronous Metadata Read) API supports files, folders, lists, list items, and the document library. Permissions are supported for all customers. - -Key supported features: - -- Ability to aggregate small metadata requests calls (for example, CSOM) into a single AMR call with the multiple URL feature -- Ability to read unlimited items with a single API call. -- Incremental migration feature support returning of item changed since last query with *changeToken* feature -- Ability to include a rich set of metadata per item -- Ability to return only top-level structure without subfolders or children. - -More detailed information about the features and the API description is covered in the section below. - - -The Migration Asynchronous Read APIs are: - -Single - -```csharp -public SPAsyncReadJobInfo CreateSPAsyncReadJob( - Uri url, - SPAsyncReadOptions readOptions, - EncryptionOption encryptionOption, - string azureContainerManifestUri, - string azureQueueReportUri) -``` - -Multiple - -```csharp -public SPAsyncReadJobInfo CreateSPAsyncReadJobWithMultiUrl( - Uri[] urls, - SPAsyncReadOptions readOptions, - EncryptionOption encryptionOption, - string azureContainerManifestUri, - string azureQueueReportUri) -``` - -The API is made up of five input parameters and one output structure field. - -## Input Parameters - -### URL - -The full path URL lets your migration tool to specify the root URL path of the SharePoint list, files/folder document library to be read. By default, the server-side code will read and return all the metadata of files, folders, and root objects including subfolders and their children content. - -*Example:* -This document library URL, `https://www.contoso.com/Shared%20Document`, will be read back for metadata of any files or folders that live under the root URL. `https://www.contoso.com/Shared%20Documents/FolderA/` will be read back for children metadata in FolderA. - -#### Multiple URLs - -With the latest API update in Q1 2020, AMR will now support multiple URL inputs. This means the user can input multiple root URLs or subfolder URLs and aggregate them into a single call. - -As there is a fixed overhead, AMR is most effective when there is a large number of reads when processing AMR. There are cases when the migration software may not want to read the whole root level URL. The multiple URL feature lets the software to aggregate multiple requests into a single request to improve performance while reducing number of calls. - -(For more information regarding the size recommendation, see the performance section) - -*Example:* The document library URL, `https://www.contoso.com/Shared%20Document`, has folders A through J . The customer only wants to migrate folders A, B, C, D, and E. Instead of issuing a single read at the root level and returning large unnecessary content, or issuing AMR per individual folder, which is not effective, the software can issue URI [A, B, C, D, E] in the input parameters returning only required metadata. - -Currently there is a maximum of 5000 URL aggregation limits per call. - -#### readOptions Flag - -The read asynchronous function will include the SPAsyncReadOptions structure, which covers the optional flags to allow the user to specify version and security setting on the site level more is described below. - -```csharp -IncludePermission {get; set;} -``` - -If set, the permissions associated with files and items are included in the export. If absent or set to false, no permission will be included. - -```csharp -IncludeVersions{ get; set; } -``` - -If set, this indicates all the files and list item version history is to be included in the export operation. If absent, only the most recent version is provided. - -```csharp -IncludeSecurity{ get; set; } -``` - -This flag indicates whether to include all user or group information from a site. By default, users and groups that are part of the object metadata will be returned, such as author or modifier. - -If you use this flag, all users in the site collection will be included. If you are issuing AMR calls for different document libraries that are under the same site collection, the same set of users will be included each time, unless there has been a change. - ->[!Important] ->Using this option can result in very slow performance. Use it only as described in the steps below. - -If you have a large number of objects in a document library, it is faster to do the following two calls to read the security setting and its child folders: - -1. To get user/group info, call the AMR job on the top root folder with security on using this setting: -("IncludeSecurity=true" & "IncludeDirectDescendantsOnly=true"). -1. For the rest of the structure, call the AMR job with the security off: -"IncludeSecurity=false" - -```csharp -public bool IncludeDirectDescendantsOnly { get; set;} -``` - -If specified only the top-level metadata item is read back. Example: The root URL contains file A and folder B. If this flag is specified, the manifest returns only file A and folder B metadata. It will not return any metadata included inside folder B. - -The use case for this function: The ISV can issue a default read to retrieve the top-level items and then issue multiple `CreateSPAsyncReadJob` to read back all the sub folder content in parallel to improve throughput. - -```csharp -public bool IncludeExtendedMetadata { get; set; } -``` - -This flag indicates whether to return the extended set of metadata content of object query. By default this option is off and only basic content is provided (for example, names, URL, author, modifier, dates) . Turning on this flag provides all the metadata content; however, it will also impact the performance as query will take longer. - -Recommendation is to keep the default for file share migration, but consider setting this flag on for SharePoint on-premises or other more complex migration. - -```csharp -public string StartChangeToken { get; set; } -``` - -This option applies to input URL of list or document library only. - -One of the key calls contributor is incremental migration. ChangeToken idea is introduced to reduce the unnecessary calls. If StartChangeToken is not specified, the CreateSPAsyncReadJob will query and read back all the items specified by the API function. Once specified with the ChangeToken value, only the item changed since last query is returned. - -During incremental migration, instead of query everything again, by populating StartChangeToken with the change token received from the CurrentChangeToken output in returning job info, createSPAsyncReadJob then returns only the items that got changed since the specified StartChangeToken, reducing the overall calls. - -Below is a sample of how the `startChangeToken` might work. This example uses the optional feature setting for initial call and the parameter setting for incremental passes. - -![Export API process](../images/async-read-api-flow.png) - -#### Invalid Value - -If an invalid value is detected, other than NULL, an error will be generated, and the operation will be terminated. - -#### encryptionOption - -This is an optional parameter. If it is specified, the AES256CBCKey is used to encrypt output files and queue messages. Otherwise, there is no encryption. - -For more information, see [EncryptionOption Class](/dotnet/api/microsoft.sharepoint.client.encryptionoption). - -#### azureContainerManifestUri - -The valid URL including SAS token for accessing the Azure Blob Storage Container, which contains the block blobs for the manifest and other package describing XML files. This location will also be used for the log output response. The SAS token must have been created with only Read and Write permissions or the asynchronous metadata read job will fail. The SAS token should at least have a lifetime that starts at from no later than when the job was submitted, until a reasonable time for successful import to have concluded. - -#### azureQueueReportUri - -The valid URL including SAS token for accessing the user provided Azure Queue used for returning notifications of asynchronous metadata read job progress. If this value is not null and proper access is granted in the SAS token in this URI, it will be used for real-time status update. The SAS token must have been created with Add permissions or the migration job will be unable to add events to the queue. - -Once accepted, the job ID will be written to the notification queue if it was provided and access is valid. The notification queue can be used for multiple migration jobs at the same time, as each job will identify itself in values sent back to the notification queue. - -## Output Parameters - -### CurrentChangeToken - -```csharp -public string CurrentChangeToken { get; set; } -``` - -This function returns the changeToken associates with this query. By specifying this changeToken in the input field with subsequent read, the API will return only items changed since this last query. - -#### Manifest Output - -After the *asyncMigrationRead* function prepares execution, the final manifest will be placed in the container specified, under a folder named **JobId**. The manifest export package structure will be like the *createMigration* Import Package structure. The general output structure is summarized in table below. - -> [!NOTE] -> Once the AMR manifest package reaches 25MB, it will split into multiple packages per request. - -Below is an example on how to query the folder: - -```csharp -CloudBlobDirectory folder = blobContainerObj.GetDirectoryReference(jobid); -CloudBlockBlob blob = folder.GetBlockBlobReference(manifestFileName); -``` - -|XML file|Schema File|Description| -|:-----|:-----|:-----| -|ExportSettings.XML|DeploymentExportSettings Schema|ExportSettings.XML does the following:

- Contains the export settings specified by using the SPExportSettings class and other classes that are part of the content migration object model.

- Ensures that the subsequent export process (at the migration target site) enforces the directives specified in the export settings.

- Maintains a catalog of all objects exported to the migration package.| -|LookupListMap.XML|DeploymentLookupListMap Schema|Provides validation for the LookupListMap.XML file exported into the content migration package. LookupListMap.XML maintains a simple lookup list that records SharePoint list item (list item to list item) references.| -|Manifest.XML|DeploymentManifest Schema|Provides validation for the Manifest.xml file that is exported into the content migration package. Provides a comprehensive manifest containing listings of both the contents and the structure of the destination site (for example, SPO) . | -|Requirements.XML|DeploymentRequirements Schema|"Provides validation for the Requirements.xml file exported into the content migration package. Requirements.xml maintains list of deployment requirements in the form of installation requirements on the migration target, such as feature definitions, template versions, Web Part assemblies, and language packs."| -|RootObjectMap.XML|DeploymentRootObjectMap Schema|"Provides validation for the RootObjectMap.xml file exported into the content migration package.RootObjectMap.xml maintains a list of mappings of secondary (dependent) objects, which allows the import phase of the migration operation to correctly place the dependent objects relative to the locations of the root object mappings."| -|SystemData.XML|DeploymentSystemData Schema|Provides validation for the SystemData.xml file exported into the content migration package.SystemData.xml does the following: Collects a variety of low-level system data. Records the number and names of Manifest.xml files (in cases where the migration uses multiple manifests).| -|UserGroupMap.XML|DeploymentUserGroupMap Schema|Provides validation for the UserGroup.xml file exported into the content migration package. UserGroup.xml maintains a list of users and user security groups with respect to access security and permissions.| -|ViewFormsList.XML|DeploymentViewFormsList Schema|Provides validation for the ViewFormsList.xml file exported into the content migration package.ViewFormsList.xml maintains a list of Web Parts and tracks whether each is a view or form.| - -#### How to retrieve the manifest from the Azure blob - -The following example code demonstrates how to get the Azure blob of a manifest file and decipher it: - -```csharp -// Get Azure blob of a manifest file -CloudBlockBlob blob = folder.GetBlockBlobReference(blobName); -blob.FetchAttributes(); - -using (Stream stmTemp = new MemoryStream()) -{ - // Download current manifest file - blob.DownloadToStream(stmTemp); - - // Get IV and decrypt the content into output dir - byte[] IV = Convert.FromBase64String(blob.Metadata[“IV”]); - - using (Stream targetStream = System.IO.File.Open(outputFileFullPath, FileMode.Append)) - { - using (Aes alg = new AesCryptoServiceProvider()) - { - stmTemp.Seek(0, SeekOrigin.Begin); - using (CryptoStream csDecrypt = new CryptoStream( - stmTemp, - alg.CreateDecryptor(key, IV), - CryptoStreamMode.Read)) - { - csDecrypt.CopyTo(targetStream); - } - } - } -} -``` - -#### JobQueueUri - -```csharp -public Uri JobQueueUri { get; set; } -``` +> [!IMPORTANT] +> Use [GetMigrationJobProgress API](migration-job-progress-api-reference.md) to retrieve migration job status. +> +> Provisioning Azure Queues for migration job status tracking is no longer required. Deprecation of Azure Queues is planned for the second half of 2026. Until then, Azure Queues will remain available for status retrieval. -The reporting features are the same as they are for `CreateMigrationJob`. Logging is provided to track the status of the asynchronous metadata read. After a scan of the database and an estimate of your tools, the log provides an estimate of the number of items to be read per URL. By default, blob queue permissions and settings are set to "all access", the same as when the ISV calls `ProvisionMigrationContainer` during the `CreateMigrationJob`. +Use `ProvisionMigrationContainers` method to provision the containers. Check [Use Azure Blob Storage Containers and Azure Queues with Migration API](migration-azure.md) for details. You can also use your own containers and queues if needed. -In addition to the events supported by the Import API (CreationMigrationJob), a new job event called `FinishManifestFileUpload` will be added to the status queue in real time. This is added after the manifest file is generated and uploaded. +### Use `CreateSPAsyncReadJob` method to start the export -As it’s a real time event, ISVs and developers can also immediately download and parse the manifest files once `FinishManifestFileUpload` is generated. Use the field `ManifestFileName` to parse this event to get every manifest file name, including systemdata.xml, usergroup.xml, etc. +Use `CreateSPAsyncReadJob` method to export metadata from a single URL, or `CreateSPAsyncReadJobWithMultiUrl` from multiple URLs if needed. Check [AMR API Reference](amr-api-reference.md) for details. -The new event will look like this: +Get incremental updates with `ChangeToken` feature. -```json -{"Event", "FinishManifestFileUpload"}, -{"JobId", “f8d7d577-676e-47ce-ab69-ae7803979883”}, -{"Time", “2019-09-03T19:11:33.903”}, -{"ManifestFileName", “f8d7d577-676e-47ce-ab69-ae7803979883/ExportSettings.xml”} -``` +Both methods return the Job ID, which can be used to track the export status. -#### EncryptionKey +Check [AMR API Reference](amr-api-reference.md) for details. -```csharp -public byte[] EncryptionKey { get; set; } -``` -It returns the AES256CBC encryption key used to decrypt the message in azureManifest container and azureReport Queue. +### Checking status -|Output parameter|Description| -|:-----|:-----| -|JobID/GUID|Return a unique Job ID associated with this asynchronous read| -|AzureContainerManifest|Return the URL for accessing the async read manifest| -|JobQueueUri|URL for accessing Azure queue used for returning notification of migration job process| -|EncryptionKey|AES256CBC encryption key used to decrypt messages from job/manifest queue| +> [!IMPORTANT] +> Use [GetMigrationJobProgress API](migration-job-progress-api-reference.md) to retrieve migration job status. +> +> Provisioning Azure Queues for migration job status tracking is no longer required. Deprecation of Azure Queues is planned for the second half of 2026. Until then, Azure Queues will remain available for status retrieval. -## Error codes +Check Azure Queue supplied for export status. Monitor events as listed in [Events](migration-events.md) for details. -These error codes are expected behavior under specific conditions. Use discretion handling them. +AMR API exports metadata in the manifest container supplied, under a folder named by `JobID`. Check [Manifest files](migration-manifest.md) for the format and validation of the metadata. -|Error code|Error message|Description| -|:-----|:-----|:-----| -|-2146232832|The changeToken refers to a time before the start of the current change log.|The change log is limited to 60 days immediately before the current date. This error code is returned when the changeToken refers to a time outside the 60 day window.| -|-2147213196|Operation canceled.|The client cancels the read operation. This is an expected behavior and a cancel request is processed.| +AMR API splits manifest packages larger than 25 MB into multiple manifest files per request. -## Set up Guidelines +## Best practice -The following provides high-level guidelines for implementing the asynchronous metadata migration function. This documentation does not go into details on how to interact with SharePoint RESTful service. It is assumed that the ISV has prior knowledge and will be able to access the target website with proper permission. +AMR API is powerful. Ensure good performance to achieve the scale for large migration projects. -For more information on how to access the SharePoint website, see [Get to know the SharePoint REST service](../sp-add-ins/get-to-know-the-sharepoint-rest-service.md). +### Export security and permissions on top level if possible -1. Install and update the latest Microsoft.SharePointOnline.CSOM version. The minimum version requirement is V16.1.9119.1200 or later. -1. ISVs figure out the folder, document library or files of interested to be query and issued with CreateSPAsyncReadJob function. -1. Once successfully created, query the job status using the *jobQueueUri*. It provides the job process status and any error logging. After job completion, parse the manifest to retrieve the metadata. +Exporting security with `IncludeSecurity` consumes more resources and slows down the export. It's faster to export this metadata at the upper-level folder first, then export the children without them. -### SharePoint Migration Export (Asynchronous Metadata Read) API Example +### Metadata export on a single item -#### Scenario: Large file share (> 1 million) with nested files/folders +Use Microsoft Graph instead of AMR. -Suggestion: -1. Issue CreateSPAsyncReadJob - - URL = root URL (for example, `www.contoso.com/my-resource-document`) - - Optional Flag: `IncludeDirectDescendantsOnly(true)` +### Folders with less than 10,000 items - For each of the sub folders, issue createSPAsyncReadJob if the folder has > 10K +Use `CreateSPAsyncReadJobWithMultiUrl` to combine the URLs of multiple folders into a single export job. - **Sample source code** +### Folders with 10,000 to 1 million items - ```powershell - $site = get-spsite https://test.sharepoint.com # get site - $web = get-spweb https://test.sharepoint.com # get web - $list = $web.GetList("Shared Documents") # get the document library under this web +Use `CreateSPAsyncReadJob`, and set **readOption** `IncludeDirectDescendantsOnly` to `false`. This value is the default setting. - # Get the Doclib root folder - $rootFolder = $web.GetFolder($list.Rootfolder.ServerRelativeUrl) +### Nested folders with over 1 million items - # You can call 1 AMR job here, to get metadata of the direct children of the root folder only - CreateAMRJob($rootFolder) +Plan carefully when dividing folders into jobs. Object count in export jobs is the major factor of export performance. - # Create parallel AMR jobs for the direct level subfolders - Foreach ($folder in $rootFolder.SubFolders) - { - // Create 1 AMR job per folder tree - CreateAMRJob($folder) - } - ``` +This example shows how to export metadata from nested folders with over 1 million items. AMR API has the highest performance when the item count is large. - The ISV can optimize the recursive highlight part by leveraging the $ folder.item["SMTotalFileCount"] that will return the cumulative file count in the folder tree for a given folder item. Follow the recommendations in the performance section on type of AMR jobs to issue +- Use `CreateSPAsyncReadJob` method at the root URL, for example: `www.contoso.com/my-resource-document`, and set **readOption** `IncludeDirectDescendantsOnly` to `true`. +- Utilize `SMTotalFileCount` attribute to get the file count in folders. +- Continue to use `createSPAsyncReadJob` method at subfolder level, on each of the subfolders, if the folder has more than 10,000 items. +- Use `CreateSPAsyncReadJobWithMultiUrl` method, combining subfolders with less than 10,000 items. -1. object, issued in multiple URLs if < 10K objects +## Performance -> [!IMPORTANT] -> This scenario is only recommended for top level folders or if the sub-folder contains greater than one million objects. The performance of the AMR API is *not as effective* when reading a small set of items. +AMR API processes jobs through a queue mechanism with preconfigured workload management settings. AMR API processes the jobs on a best-effort basis, without Service Level Agreement (SLA) or guaranteed performance. -#### Scenario: Incremental Migration of FileShare for a sub folder +### Lab-tested performance baseline -1. Issue CreateSPAsyncReadJob:
- 1. URL = root URL (for example, `www.contoso.com/my-resource-document/a`) - 1. Remembered the `CurrentChangeToken` +We tested the performance in a lab setting. AMR API exported about 400 items per second for every 250-K objects, in the average case. The peak performance reached 700 items per second. -1. After some time, the software wishes to perform incremental migration. Issue CreateSPAsyncReadJob with following term:
- 1. URL = root URL (for example, `www.contoso.com/my-resource-document/a`) - 1. Optional Flag: `StartChangeToken(CurrentChangeToken)` +Multiple factors affect real-life performance. These factors include: -## Limitations +- The number of items that are being exported +- The way AMR API is implemented +- Throttling -Asynchronous Metadata Read (Export API) now supports unlimited list, document library, file, and folder metadata export. +### Optimize migration performance -## Performance Expectation +In order to ensure optimal performance for your migration projects, it's important to plan carefully, especially when dealing with large-scale migrations. For more information on how to estimate timespans and optimize performance, see our [performance guide](/sharepointmigration/sharepoint-online-and-onedrive-migration-speed). -The preliminary performance test provides a rough estimate of more than 400 items per second throughput for every 250K of objects read. We have seen over 700 items per second throughput in a testing environment. However, this is highly dependent on the number of items that are being read plus the implementation of the AMR API. This does not account for any potential throttle over the network. If the asynchronous read function fails to reach the server due to throttling, then performance will be impacted. +### I'm seeing throttling messages -This measure of throughput assumes the software package has a sufficient number of items per read. Microsoft recommends the following: +To ensure good user experiences for all Microsoft 365 customers, SharePoint uses throttling to protect the SharePoint infrastructure. Avoid getting throttled by following [throttling guidance](https://aka.ms/spo429). -| Folder size | Recommendation | -| :------------------------------------------------ | :----------------------------------------------------------------------------------------------------------- | -| Less than 10,000 items | Combine the URLs of multiple folders into a single call | -| Greater than 10,000 items but less than 1,000,000 | Run AMR at the root folder level | -| Greater than 1,000,000 | Use the recursive call logic to explore that folder's direct level children until there are no more folders. | +### Tenant-to-Tenant migrations -For a single read query, it is faster to use the Graph API or a RESTful/CSOM query. +AMR isn't intended for scenarios where contents from a SharePoint tenant are moved to another. This type of migration requires the use of many resource-heavy read options. The long processing time of these read options slows down the overall migration significantly. -One of the key performance benefits of using the asynchronous metadata read is the ability to balance the server-side load and the backend query. It is much more efficient than using individual CSOM load reducing to lessen your chance of throttling. +Microsoft provides no performance guarantee in this scenario. Use Graph or CSOM as needed. diff --git a/docs/apis/migration-api-overview.md b/docs/apis/migration-api-overview.md index 02b5d0337..d09416b7e 100644 --- a/docs/apis/migration-api-overview.md +++ b/docs/apis/migration-api-overview.md @@ -1,1728 +1,131 @@ --- -title: "SharePoint Online Import Migration API" -description: "This article provides in depth information on how to use the SPO Migration API." -ms.date: 04/10/2023 -ms.author: jhendr -author: JoanneHendrickson -manager: serdars -search.appverid: MET150 +title: "SharePoint Import Migration API" +description: "This article provides an overview of how to use the SharePoint Migration API." +ms.date: 07/16/2025 +ms.author: ranren +author: underreview +manager: dapodean +audience: ITPro ms.subservice: migration-tool +ms.topic: article ms.localizationpriority: high +ms.collection: + - SPMigration + - m365-collaboration --- -# SharePoint Import Migration API (CreationMigrationJob) +# SharePoint Migration API Introduction -## API Documentation +The SharePoint Migration API imports content into SharePoint at scale. It processes content and manifest packages as jobs in a queue. The API provides process status and logs, making it easy to monitor the progress of each migration job. -The following API description is based upon use of the SharePoint Client Side Object Model (CSOM). We do recommend using NuGet packages when you reference CSOM in your solution. +Use Migration API to migrate content from file shares, SharePoint Server, and other cloud-based services. -You can find latest version of the SharePoint Online Client Side Object Model (CSOM) package from the [NuGet gallery](https://www.nuget.org/packages/Microsoft.SharePointOnline.CSOM/). Use the ID `Microsoft.SharePointOnline.CSOM`. +## What's new -> [!IMPORTANT] -> Files larger than 15 GB must now create the required checksum using [QuickXorHash](/onedrive/developer/code-snippets/quickxorhash). We have provided an example [here](#what-is-stored-in-those-azure-blob-containers). -> -> The QuickXorHash/Checksum has to be computed for the original file **before** encryption (if the file is being encrypted). This is different from the MD5hash requirement. -> -> The previous method of MD5Hash is still required for files smaller than 2 GB; however this requirement will be removed at some point in the future. - -## Methods - -### CreateMigrationJob - -This method creates a new migration import job and queues it up for later processing by a separate timer job. The job will consume a well formed (pre-defined format) import package that is located in the Azure Blob Storage Containers specified in this method. The SLA for migration job processing is controlled through pre-configured queue and work load throttling settings, and there's no guaranteed SLA or return time for a submitted job. - -#### Syntax - -```csharp -public Guid CreateMigrationJob( - Guid gWebId, - string azureContainerSourceUri, - string azureContainerManifestUri, - string azureQueueReportUri) -``` - -#### Parameters - -##### gWebID - -The unique identifier of the destination web targeted for the package import. Additional information and identifiers for the import are specified within the import package itself. This identifier can be found programmatically by querying the target web using CSOM calls. - -##### azureContainerSourceUri - -The valid URL including SAS token for accessing the Azure Blob Storage Container, which contains the binary files of type block. The SAS token must have been created with only Read and List permissions or the migration job will fail. The SAS token should at least have a lifetime that starts no later than when the job was submitted, until a reasonable time for successful import to have concluded. - -The required permissions are as follows in the Azure Storage API: - -```csharp -(SharedAccessBlobPermissions.Read | SharedAccessBlobPermissions.List) -``` - -> [!NOTE] -> The change to enforce Read and List permissions on the SAS token is coming in a future build. Until then it will not be enforced. However, it is a best practice to use these values. - -All files in the container must have at least a single snapshot applied to them to ensure that no file modification is made by the customer during the import. Any file that doesn't have a snapshot will be skipped during import and have an error thrown, although the job will attempt to continue the import. The import pipeline will use the latest snapshot of the file available at the time of import. The following is an example of the code that might be used to create a snapshot on a file after it's uploaded to Azure Blob Storage: - -```csharp -CloudBlockBlob blob = blobContainerObj.GetBlockBlobReference(file); -blob.UploadFromStream(stm); -blob.CreateSnapshot(); -``` - -> [!NOTE] -> The change to require and use the latest SnapShots on all files is coming in a future build, and until then will be ignored. - -##### azureContainerManifestUri - -The valid URL including SAS token for accessing the Azure Blob Storage Container, which contains the block blobs for the manifest and other package describing XML files. This location will also be used for the log output. This container can't be the same as the one used for the azureContainerSourceUri. The SAS token must have been created with only Read, List and Write permissions or the migration job will fail. The SAS token should at least have a lifetime that starts no later than when the job was submitted, until a reasonable time for successful import to have concluded. - -> [!NOTE] -> The change to enforce Read, List and Write permissions on the SAS token is coming in a future build, and until then will be not be enforced, however it is best practice to use these values. If an issue arises using a current build, try removing the List permission as a temporary workaround, noting that it will become required soon. - -All files in the container must have at least a single snapshot applied to them to ensure that no file modification is made by the customer during the import. Any file that doesn't have a snapshot will cause failures during the import and have errors thrown, potentially failing the entire migration job. - -> [!NOTE] -> The change to require and use the latest SnapShots on all files is coming in a future build. Until then they will be ignored. - -##### azureQueueReportUri - -The valid URL including SAS token for accessing the user provided Azure Queue used for returning notifications of migration job progress. This value can be null if no notification queue will be used during the import. If this value isn't null and proper access is granted in the SAS token in this URI, it will be used for real time status update. The SAS token must have been created with only Add, Read and Update permissions or the migration job will be unable to add events to the queue. The required permissions are as follows in the Azure Storage API: - -```csharp -(SharedAccessQueuePermissions.Add | SharedAccessQueuePermissions.Read | SharedAccessQueuePermissions.Update) -``` - -Once accepted, the job ID will be written to the notification queue if it was provided and access is valid. The notification queue can be used for multiple migration jobs at the same time, as each job will identify itself in values sent back to the notification queue. - -The following are examples of all event types logged into the Azure reporting queue: - -**Event:JobQueued** - -```text -JobId:845daca4-5529-4b0e-85ab-a603efee5b12 -Time:09/29/2020 19:56:02.883 -SiteId:48917234-de43-474a-9f1b-8d98ffa08425 -DbId:8fd09323-b23f-430d-8957-213586ce3861 -TotalRetryCount:0 -MigrationType:None -MigrationDirection:Import -CorrelationId:c8d97e9f-802f-0000-ceac-44663834d510 -``` - -**Event:JobPostponed** - -```text -JobId:845daca4-5529-4b0e-85ab-a603efee5b12 -Time:09/29/2020 19:56:57.598 -NextPickupTime:09/29/2020 20:16:57.519 -SiteId:48917234-de43-474a-9f1b-8d98ffa08425 -DbId:8fd09323-b23f-430d-8957-213586ce3861 -JobsInQueue: -TotalRetryCount:0 -MigrationType:None -MigrationDirection:Import -CorrelationId:d5d97e9f-702c-0000-ceb9-354fefa5e9f6 -``` - -**Event:JobLogFileCreate** - -```text -JobId:071f9aad-36e6-4bef-9f09-40b5c7498ecd -Time:09/29/2020 19:56:29.053 -FileName:Import-071f9aad-36e6-4bef-9f09-40b5c7498ecd-1.log -CorrelationId:22ca20ec-23de-468b-add3-4e52e90d3a68 -``` - -**Event:JobStart** - -```text -JobId:071f9aad-36e6-4bef-9f09-40b5c7498ecd -Time:09/29/2020 19:56:29.100 -SiteId:48917234-de43-474a-9f1b-8d98ffa08425 -WebId:36b66979-4a43-4b93-9b92-909c7186ff98 -DBId:8fd09323-b23f-430d-8957-213586ce3861 -FarmId:211e600c-f48d-4319-ba92-61150c8e8e8c -ServerId:cfd27448-822a-420b-bcc8-4f39629b01bc -SubscriptionId:51812136-3cba-482d-9696-532cddceab31 -TotalRetryCount:0 -MigrationType:None -MigrationDirection:Import -CorrelationId:c308c0ea-a7f5-4be9-acd4-1ebd39867434 -``` - -**Event:JobProgress** - -```text -JobId:845daca4-5529-4b0e-85ab-a603efee5b12 -Time:09/29/2020 19:56:32.265 -FilesCreated:15 -BytesProcessed:45 -ObjectsProcessed:217 -TotalExpectedSPObjects:403 -TotalErrors:0 -TotalWarnings:0 -TotalRetryCount:0 -MigrationType:None -MigrationDirection:Import -WaitTimeOnSqlThrottlingMilliseconds:0 -TotalDurationInMs:0 -CpuDurationInMs:0 -SqlDurationInMs:0 -SqlQueryCount:0 -CreatedOrUpdatedFileStatsBySize:{"0-1K":{"Count":15,"TotalSize":45,"TotalDownloadTime":251,"TotalCreationTime":6754}} -ObjectsStatsByType:{"SPUser":{"Count":1,"TotalTime":289,"AccumulatedVersions":0,"ObjectsWithVersions":0},"SPFolder":{"Count":2,"TotalTime":144,"AccumulatedVersions":0,"ObjectsWithVersions":0},"SPDocumentLibrary":{"Count":1,"TotalTime":173,"AccumulatedVersions":0,"ObjectsWithVersions":0},"SPFile":{"Count":200,"TotalTime":6765,"AccumulatedVersions":0,"ObjectsWithVersions":0},"SPListItem":{"Count":14,"TotalTime":2111,"AccumulatedVersions":0,"ObjectsWithVersions":0}} -TotalExpectedBytes:0 -CorrelationId:ccd97e9f-a0cc-0000-ceb9-37a900bec68d -``` - -**Event:JobEnd** - -```text -JobId:16d658cf-ecd3-485f-9c9e-1ca268565e24 -Time:09/29/2020 20:29:38.180 -FilesCreated:200 -BytesProcessed:600 -ObjectsProcessed:403 -TotalExpectedSPObjects:403 -TotalErrors:0 -TotalWarnings:0 -TotalRetryCount:0 -MigrationType:None -MigrationDirection:Import -WaitTimeOnSqlThrottlingMilliseconds:0 -TotalDurationInMs:372294.0861 -CpuDurationInMs:17351 -SqlDurationInMs:98359 -SqlQueryCount:1998 -CreatedOrUpdatedFileStatsBySize:{"0-1K":{"Count":200,"TotalSize":600,"TotalDownloadTime":15448,"TotalCreationTime":275662}} -ObjectsStatsByType:{"SPUser":{"Count":1,"TotalTime":44,"AccumulatedVersions":0,"ObjectsWithVersions":0},"SPFolder":{"Count":2,"TotalTime":108,"AccumulatedVersions":0,"ObjectsWithVersions":0},"SPDocumentLibrary":{"Count":1,"TotalTime":50,"AccumulatedVersions":0,"ObjectsWithVersions":0},"SPFile":{"Count":200,"TotalTime":293628,"AccumulatedVersions":0,"ObjectsWithVersions":0},"SPListItem":{"Count":200,"TotalTime":76541,"AccumulatedVersions":0,"ObjectsWithVersions":0}} -TotalExpectedBytes:0 -CorrelationId:59db7e9f-a003-0000-ceb9-300001119ee3 -``` - -**Event:JobDeleted** - -```text -JobId:071f9aad-36e6-4bef-9f09-40b5c7498ecd -Time:09/29/2020 19:56:29.053 -CorrelationId:22ca20ec-23de-468b-add3-4e52e90d3a68 -``` - -**Event:JobCancelled** - -```text -JobId:071f9aad-36e6-4bef-9f09-40b5c7498ecd -Time:09/29/2020 19:58:29.053 -TotalRetryCount:0 -CancelledByUser:false -MigrationType:None -MigrationDirection:Import -CorrelationId:22ca20ec-23de-468b-add3-4e52e90d3a68 -``` - -**Event:JobError** - -```text -JobId:b427d8d7-2b91-4da0-aee5-4b5a5a5d867e -Time: 02/05/2019 06:56:09.732 -TotalRetryCount:0 -MigrationType:None -MigrationDirection:Import -ObjectType:File -Url:Shared Documents/file.pdf -Id:fae7b4b0-2912-11e9-b0f3-7b554a52d6ab -ErrorCode:-2147024816 -ErrorType:Microsoft.SharePoint.SPException -Message:ErrorMessage -CorrelationId:d8e9bc9e-20e2-8000-aa83-48a62fc5ce75 -``` - -**Event:JobWarning** - -```text -JobId:b427d8d7-2b91-4da0-aee5-4b5a5a5d867e -Time: 02/05/2019 06:56:09.732 -TotalRetryCount:0 -MigrationType:None -MigrationDirection:Import -ObjectType:File -Url:Shared Documents/file.pdf -Id:fae7b4b0-2912-11e9-b0f3-7b554a52d6ab -ErrorCode:-2147024816 -ErrorType:Microsoft.SharePoint.SPException -Message:ErrorMessage -CorrelationId:d8e9bc9e-20e2-8000-aa83-48a62fc5ce75 -``` - -**Event:FinishManifestFileUpload** - -```text -JobId:b427d8d7-2b91-4da0-aee5-4b5a5a5d867e -Time:02/05/2019 06:56:09.732 -ManifestFileName:Filename -CorrelationId:d8e9bc9e-20e2-8000-aa83-48a62fc5ce75 -``` - -#### Return values - -The unique identifier for the migration job is returned if the job is successfully queued, or if unsuccessful, a null value will be returned. The migration job unique identifier can be used to query the migration job status while it is in the queue or being processed by using the GetMigrationJobStatus method. - -**Example:** - -```csharp -Guid MigrationJobId = TargetSite.CreateMigrationJob( - TargetWebId, - azureContainerSourceUri, - azureContainerManifestUri, - azureQueueReportUri); -``` - -### GetMigrationJobStatus - -This method queries the queue status for the specified migration job. It's an optional check after calling the CreateMigrationJob method. Once the migration job has completed, it will no longer show up in the queue, and the notification queue and/or log output should be checked for detailed status. - -#### Syntax - -```xml -[ClientNS.ClientCallableMethod] -public SPMigrationJobState GetMigrationJobStatus(Guid MigrationJobId) -``` - -#### Parameters - -##### ID - -The unique identifier of the migration job returned from CreateMigrationJob method. - -#### Return values - -The migration job status is returned using a SPMigrationJobState object if the job is found in the queue, or if unsuccessful, a value of none (0) will be returned. - -**Example** - -```csharp -SPMigrationJobState CurrentJobState = TargetSite.GetMigrationJobStatus(MigrationJobId); -``` - -## Enumerations - -### SPMigrationJobState - -SPMigrationJobState is an enumeration that tracks possible major states in the import queue. - -#### Members - -| Member name | Description | -| ----------- | --------------------------------------------------------------------------------------------------------------------------- | -| None | Migration job is currently unknown to the queue, either through completion and removal, or invalid job identifier. Value=0. | -| Queued | Migration job is currently known by the queue and not being processed. Value=2. | -| Processing | Migration job is currently known by the queue and is being actively processed. Value=4. | - -## Import Package Structure - -Package structure is based on a constrained version of the Content Deployment package schema. Documentation for the original full schema can be found in [Content migration schemas](../schema/content-migration-schemas.md). Until published on Microsoft Docs, the constrained structure can be found in this document in the appendix. - -| XML file | Schema File | Description | -| ------------------ | ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| ExportSettings.xml | DeploymentExportSettings Schema | Provides validation for the ExportSettings.XML file exported into the content migration package. ExportSettings. XML does the following:
  • Contains the export settings specified by using the SPExportSettings class and other classes that are part of the content migration object model.
  • Ensures that the subsequent import process (at the migration target site) enforces the directives specified in the export settings.
  • Maintains a catalog of all objects exported to the migration package. | -| LookupListMap.xml | DeploymentLookupListMap Schema | Provides validation for the LookupListMap. XML file exported into the content migration package. LookupListMap.XML maintains a simple lookup list that records SharePoint list item (list item to list item) references. | -| Manifest.xml | DeploymentManifest Schema | Provides validation for the Manifest.xml file that is exported into the content migration package. Provides a comprehensive manifest containing listings of both the contents and the structure of the source site. The migration operation uses the manifest file to reconstitute the source site and its components when it's imported to the destination site. | -| Requirements.xml | DeploymentRequirements Schema | Provides validation for the Requirements.xml file exported into the content migration package. Requirements.xml maintains list of deployment requirements in the form of installation requirements on the migration target, such as feature definitions, template versions, Web Part assemblies, language packs, and so forth. | -| RootObjectMap.xml | DeploymentRootObjectMap Schema | Provides validation for the RootObjectMap.xml file exported into the content migration package.RootObjectMap.xml maintains a list of mappings of secondary (dependent) objects, which allows the import phase of the migration operation to correctly place the dependent objects relative to the locations of the root object mappings. | -| SystemData.xml | DeploymentSystemData Schema | Provides validation for the SystemData.xml file exported into the content migration package.SystemData.xml does the following: Collects various low-level system data. Records the number and names of Manifest.xml files (in cases where the migration uses multiple manifests). | -| UserGroupMap.xml | DeploymentUserGroupMap Schema | Provides validation for the UserGroup.xml file exported into the content migration package. UserGroup.xml maintains a list of users and user security groups with respect to access security and permissions. | -| ViewFormsList.xml | DeploymentViewFormsList Schema | Provides validation for the ViewFormsList.xml file exported into the content migration package.ViewFormsList.xml maintains a list of Web Parts and tracks whether each is a view or form. | - -### Content structure - -File content that is referenced within the manifest of the package structure must be stored in either a flat or hierarchical structure within the Azure Blob Store Container defined by the CreateMigrationJob’s `azureContainerSourceUri` parameter. For example, import packages generated from a legacy version export won't be hierarchical, and will instead have all files stored at the root level with a pattern like ########.dat where the # symbols are hexadecimal characters starting at 0 and no file names are repeated within a package. Alternately, a package generated from a file share can have the source folder hierarchy and file names preserved in the same hierarchy. - -The main requirement for the structure is that the FileValue references in the **Manifest.XML** file must refer to the exact name and physical hierarchy that the content is stored in within the Azure Blob Store location for import. The destination file names and folder hierarchy from the import operation aren't directly related to the physical naming and hierarchy and are instead defined through the **Manifest.XML** file. - -### ArchivedFiles.XML - -The **ArchivedFiles.XML** file, if included, is expected to be at the root of the Azure blob storage container defined by the CreateMigrationJob’s azureContainerManifestUri parameter. The QuickXorHash/Checksum has to be computed for the optional pack0.zip file using the [QuickXorHash Algorithm](/onedrive/developer/code-snippets/quickxorhash). If small files in the Manifest.xml are not archived (not showing in ArchiveFiles.xml), they still can be processed as before (equivalent to feature off). - -This file allows for transferring files in batch. When the ArchivedFiles.xml is provided by the client (the default scenario), the server side will validate the correctness of the .xml schema, then import the files inside each pack. When ArchivedFiles.XML is not provide by the client, the feature will be disabled. - -#### Prerequisites - -The QuickXorHash/Checksum has to be computed for the optional pack0.zip file using the [QuickXorHash Algorithm](/onedrive/developer/code-snippets/quickxorhash). -QuickXorHash is created for the .zip file which concatenates all smaller files. - -|Item|Requirement| -|:-----|:-----| -|Encryption|The zip file must be encrypted.| -|File size|Less than 100KB. Note: File size is calculated based on the encrypted file.| -|Compression|Do not compress the small data files your are archiving into the zip file.| -|Zip file size|Maximum size 10MB| -|Zip files per package|Maximum of 2| - -#### Table 1: Example ArchivedFiles.XML file - -```xml - - - - - - - - - - - - - - - - - - - -``` - -### ExportSettings.XML - -The **ExportSettings.XML** file is expected to be at the root of the Azure Blob Store Container defined by the CreateMigrationJob’s `azureContainerManifestUri` parameter. This required file is validated using the constrained DeploymentExportSettings.XSD, which has some limited changes from current published [full 2013 package schema](../schema/content-migration-schemas.md). - -The main requirement is that the ExportSettings `SiteUrl` value must be populated with a URL consistent with the source URL used for the rest of the import package. In the case of file shares as a source, the URL would be pre-specified to be the source URL in the rest of the package, whereas a package generated through an export operation at a source site would be its original source site collection URL. - -#### SourceType required - -Beginning January 1, 2023, the SourceType field will be mandatory when calling the Migration API. Starting 1, a warning message will be sent if the field is missing. - -Accepted SourceType values: - -- AmazonS3 -- AzureStorage -- Box -- Dropbox -- Egnyte -- FileShare -- GoogleCloudStorage -- GoogleDrive -- MicrosoftStream -- OneDrive -- SharePointOnline -- SharePointOnPremServer -- Other - -When declaring to **Other**, include *DetailedSource* to provide us with the detailed information. - -**Example**: - -```powershell - - - - - -``` - -### LookupListMap.XML - -The **LookupListMap.XML** file, if included, is expected to be at the root of the Azure Blob Store Container defined by the CreateMigrationJob’s azureContainerManifestUri parameter. This optional file is validated using the constrained **DeploymentLookupListMap.XSD**, which has no change from current published [full 2013 package schema](../schema/content-migration-schemas.md). - -Since an import package for the pipeline doesn't include defining fields or views on a list or document library, the **LookupListMap.XML** file will normally include no child nodes under the root and as such can also be excluded from the package if not required, although a warning may be logged in this case. - -### Manifest.XML - -All instances of the **Manifest.XML** file for a package are expected to be at the root of the Azure Blob Store Container defined by the CreateMigrationJob’s `azureContainerManifestUri` parameter. This required file is validated using the constrained **DeploymentManifest.XSD**, which has multiple major changes and significant reduction in types from current published [full 2013 package schema](../schema/content-migration-schemas.md). - -The **Manifest.XML** is the primary descriptor for metadata within the package, and provides the list/folder/item hierarchy, along with metadata for the items including references back to users and groups defined in the **UserGroupMap.XML** file. There may be more than one **Manifest.XML** file (which can be identified using different file names to uniquely identify them), and all are found by the import pipeline through references within the **SystemData.XML** file’s ManifestFile entries. - -The main requirements for **Manifest.XML** to be able to successfully import through the pipeline is that the Web ID and Document Library ID/List ID be consistent with the target location. If a Web ID is used which doesn’t match the target location, errors will occur because the parent web for the import operation can't be found. - -Likewise, an incorrect Document Library ID/List ID will prevent the importation into the target Document Library or List. IDs should never be reused within the same site collection, so same packages shouldn't be imported to the same target site collection regardless of the destination web. - -For individual files and folders within the document library or list, their identifiers should be consistent between import events to the same location. Specifically, performing an import of a package generated from a file share would initially require generating new GUIDs for each file and folder, along with matching GUIDs for the list items that represent them. Therefore, performing a second import against the same target using the same package would keep the same IDs, but performing a second import against the same target using a new package for the same content would result in ID conflicts and import errors for all items in conflict. - -The package generated initially from a file share is effectively a form of record for the original generated IDs and can potentially be used as a reference for follow up package generation to prevent ID collisions when unintended, and to allow like IDs to ensure correct overwrite, deletion or move activities. - -### Requirements.XML - -The **Requirements.XML** file is expected to be at the root of the Azure Blob Store Container defined by the CreateMigrationJob’s azureContainerManifestUri parameter. This optional file is validated using the constrained DeploymentRequirements.XSD, which has no change from current published [full 2013 package schema](../schema/content-migration-schemas.md). - -For file shares this is expected to normally include no child nodes under the root and as such can also be excluded from the package if not required, although a warning will be logged in this case. - -### RootObjectMap.XML - -The **RootObjectMap.XML** file is expected to be at the root of the Azure Blob Store Container defined by the CreateMigrationJob’s `azureContainerManifestUri` parameter. This required file is validated using the constrained **DeploymentRootObjectMap.XSD**, which has some limited changes from current published [full 2013 package schema](../schema/content-migration-schemas.md). The most common `RootObject` that will be included will be a single object of type List. The ID for this item should be the List ID for the target list, and the `ParentWebID` should match the ID of the parent target web containing this list in order for migration to be successful. The ID, WebUrl and Url values of this object must also match the related structure laid out in the **Manifest.XML** file. - -### SystemData.XML - -The **SystemData.XML** file is expected to be at the root of the Azure Blob Store Container defined by the CreateMigrationJob’s `azureContainerManifestUri` parameter. This required file is validated using the constrained **DeploymentSystemData.XSD**, which has no change from current published [full 2013 package schema](../schema/content-migration-schemas.md). - -The `SchemaVersion` information is expected to reference the current Build and DatabaseVersion of the target farm, a Version of “15.0.0.0”, and the `SiteVersion` value is expected to always match the target site collection `UIVersion` (that is, most commonly this will be “15”). Each **Manifest.XML** file for the package is expected to be listed in this file within the `ManifestFile` entries. - -The SystemObjects that define dependent objects that should remain immutable by the migration code should also be listed here to ensure correct behavior of the import operation. The following is an example of the common objects in the **SystemObjects.XML** file from a file share based import, noting that the IDs are expected to be different for each package, and the URLs may be different. - -#### Table 1: Example SystemData.XML file - -```xml - - - - - - - - - - - - - - -``` - -### UserGroupMap.XML - -The **UserGroupMap.XML** file is expected to be at the root of the Azure Blob Store Container defined by the CreateMigrationJob’s `azureContainerManifestUri` parameter. This required file is validated using the constrained **DeploymentUserGroupMap.XSD**, which has no change from current published full 2013 package schema. - -The **UserGroupMap.XML** file may not contain any User or Group entries but doing so will prevent author or security information from being populated during import and warnings will be logged in this case. Sign-in and SID values for users must be either adjusted to match the values in SharePoint Online, or if the account no longer should exist can be listed as `IsDeleted = “true”` to prevent lookup failures and another slowdown during the import operation. - -### ViewFormsList.XML - -The **ViewForms.XML** file, if included, is expected to be at the root of the Azure Blob Store Container defined by the CreateMigrationJob’s `azureContainerManifestUri` parameter. This optional file is validated using the constrained **DeploymentViewFormsList.XSD**, which has no change from current published full 2013 package schema. - -Since an import package for the pipeline doesn't include defining fields or views on a list or document library, the **ViewFormsList.XML** file will normally include no child nodes under the root and as such can also be excluded from the package if not required, although a warning may be logged in this case. - -## Logging - -The logs that the import pipeline creates must be easily parsed by machine with a goal of being able to pinpoint when and where failures occur, including errors and warnings, and will tell the consumer or the ISV where and why the failure occurred. - -Upon completion, these logs will be copied to the `azureContainerManifestUri` location as the SAS token specified in the URI allows write access. The same output logs are also placed at the *“_catalogs/Maintenance Logs”* location of the target site collection as a text file. The logs will only be copied to the destination locations once the job has finished and removed from the queue. - -Several log types can be included such as the full import log, along with warning and error files that contain only the subset of import warnings or errors respectively. Log files have unique `datetime` and `job id` stamps to allow each attempted import event to have a unique log for better debugging purposes. - -## Changes for those using the "Ship Disk" option - -To use the Migration API, you must have a temporary storage container in Azure. When uploading files into the temporary storage, a checksum is required as a property on every file. For files larger than 15 GB, this is done using QuickXorHash (see example below). For files 2 GB or smaller, MD5 is required as a property on every file. - -However, when shipping the data on hard drives this property doesn’t get assigned automatically. As a work around, we've adapted the Migration API to allow the checksum to be passed for every file as part of the manifest. This also applies for IV values when encrypting the data. - -Since the MD5 is generated at the source instead of at the upload time in Azure, Microsoft can confirm the integrity of the file directly against the source MD5. - -## What is stored in those Azure Blob Containers? - -The Migration API requires the Azure Container for content passing and also for log and queue reporting. It can be split down as a summary as follows: - -| Content | Manifest | -| ----------------- | --------- | -| Files and folders | XML files | - -There are two new optional parameters in manifest.xml: - -- Checksum -- MD5Hash - -### Preparing the package - -The method for calling the migration job doesn’t change; only the package generation needs to be changed. - -In the Manifest container one file is named Manifest.xml. There are two optional attributes added to the file node: *Checksum* and *MD5Hash*. - -**Example for files over 15 GB:** - -```xml - - - - - - - - - - - - - - - - - - - - ``` - -**Example for files under 2 GB:** - -```xml - -``` - -## Best Practices and Special Mentions - -### Package size +### December 2024 -Even if the API support 15 GB files, we recommend package sizes of up to 250 MB OR 250 items (depending which one comes first). If you have a file larger than that recommended size limit, then you should send it in its own package. The same applies to versions; each version counts against the size limit and item count. Additionally, all the versions of a file should be in the same package. +We applied quota on *Share with Me* items per user. Check [ShareWithMe event quota](/sharepoint/dev/apis/migration-api-shared#quota) for more detail. -### File size +### November 2024 -> [!NOTE] -> The Migration API supports individual files over **15 GB**. The maximum size is current to that set by SharePoint Online. +We enabled logging all file-level events during migration, such as file deletion, to support auditing. -### Only un-compressed packages are supported +### July 2024 -The import pipeline doesn't support compressed packages. The file content must be stored in a different Azure Storage container from the manifest and related descriptive XML files. This decision was made to prevent the overhead of processing time on both ends of the migration (to compress and decompress), and also to ease package creation and modification. Compression of individual files such as into zip archives is supported as long as they're referenced in the import package as the archive itself, not the contents. +We started enforcing HTTPS connections to SharePoint-provided Azure Blob Storage Containers by adding a `spr=https` field in SAS tokens. This enforcement will be fully effective on July 21, 2024. Check [Use Azure Blob Storage Containers and Azure Queues with SharePoint Migration API](migration-azure.md) for details. -### API supports import of multiple file versions +### April 2024 -Import packages can have references to multiple versions of a file, major and minor, up to regular limits imposed within SharePoint. It's important that each version of that file is included in the package even if some of the versions already exist in SPO. +We added new fields in `JobEnd` events to indicate the count and bytes imported for files. Check [Migration events in Azure Queue](migration-events.md#jobend-import) for details. -### API supports preservation of identifiers +### January 2024 -The identifiers used within the import package explicitly are used during import to identify content. This allows preservation of existing identifiers for document library contents from a source environment. However, it also imposes a complexity during import package creation or transformation that mandates that the package explicitly references the target web and list identifiers. Content type identifiers, file/folder item GUIDs, and list item integer identifiers are all preserved during import. If incorrect identifiers are specified in the package, import will fail. +We reformatted this document to bring clarity and correct errors. -Additionally, due to identifier preservation, import events can potentially be done in successive iterations using different packages, allowing items to potentially move in location if their identifiers haven't changed. +## Migration steps overview -### This is an overwrite API +Start a migration job with three steps. Check the guidance in each of the steps in this section. -The import pipeline does support import of versioning data on files and list item metadata, but as of now if you submit a file and then resubmit the same file with changes the import process will delete and replace the original and all versions with the ones included in the ones in the current package being imported. - -### We don't support Active-Active scenario - -This means we expect that the target site will remain non-active for users until the migration is over. The source may be kept in a read write state until the final migration event, as a method of reducing downtime for end users, but once the migration is complete there should be a switch for the users to start using their new SPO destinations and stop using the previous repository. - -### Permissions in Azure - -To ensure immutability of source blobs, the import pipeline will accept a SAS key with only the Read and List access flags set for the File container. Likewise, the import pipeline requires a SAS key with Read, List and Write access for the Manifest container so that we can write back log files at the end of the import operation. If these criteria aren't met, the pipeline will reject it during job creation. - -### All files in Azure must have snapshot created to import successfully - -To prevent unintended file modification of the source blobs, the import pipeline will only import files if they have a snapshot created for them within Azure. If they don't, then the import pipeline will skip the files in this state and throw errors. The import pipeline will use the latest snapshot of the file available at the time of import. - -### Security and encryption - -The import pipeline is using Azure Blob Storage security model as is. This means we won't do any special treatment for those Azure containers that would differentiate from any other Azure containers. Additionally, the import pipeline currently doesn't accept encryption keys for content from the customer. Any encrypted content will be treated as opaque files that SharePoint may list, but be unable to index, the same as if encrypted files were uploaded through the UI to the environment. - -### Events and event handlers - -The import pipeline allows event handlers to be referenced on list items but doesn’t allow defining event handlers at the list level at this time. The import pipeline doesn't fire events as items are imported, so existing event handlers won't fire due to the import event. - -### Entering user identifiers in UserGroup.XML - -Follow these guidelines when generating the **UserGroup.XML** in the submitted package: - -- A person can be identified only once in a single package -- The 'login' attribute of the user identifier requires a UPN. **Do not** enter a non-UPN email address. +### Provision the destination containers and the queue > [!IMPORTANT] -> As of March 2, 2022, the Migration API now validates and enforces a maximum of one identifier per user in a single package. -> -> While using a non-UPN email won't result in a failed job, it may bring unexpected results in SharePoint Online. - -**Examples** - -The following examples show the correct and incorrect ways of entering the user identifier in UserGroup.XML. - -In this case, the user has the following identifiers: - -- **UPN**: robert@contoso.com -- **Email**: robert.downey@contoso.com. - -**Correct** - -- In this example, the user is entered only once, using a UPN email address. - - ```xml - - ``` - -**Incorrect** - -- **Example 1:** This example uses a non-UPN email address and incorrectly includes more than identifier for a single user. - - ```xml - - - ``` - -- **Example 2:** This example incorrectly uses a non-UPN email address. - - ```xml - - ``` - -### Resolving Users - -If the Migration API was unable to resolve a user using the login provided in the UserGroup.xml and no System ID is provided, then: - -1. This user will be replaced by “System Account” in the associated metadata within the package (author, editor etc.). -1. A warning will be reported in the ImportLogs – “Failed to ensure user 'user@contoso.com'” - - If the migration API was unable to resolve a user using the sign in provided in the UserGroup.xml and the System ID is provided (which is the SID for the user in the on-premises AD), then: - -1. A new deleted user with the provided sign in and SystemId is created and is used in the associated metadata within the package. -1. A warning will be reported in the ImportLogs- “Failed to retrieve user 'user@contoso.com' attributes from the SiteUsers; falling back to passed in values” - -## Appendices - -### Acronyms Defined - -| Acronym | Definition | -| ------- | --------------------------------------------------------- | -| BOT | SharePoint server running timer jobs | -| CDB | Content database, containing site collections and content | -| CFE | Content farm front end server | -| SPO | SharePoint Online | -| ABS | Azure Blob Storage | - -### Helpful Resources - -- [SharePoint Online Client Components SDK](https://www.microsoft.com/download/details.aspx?id=42038) -- [Azure Windows Azure SDK for .NET - 2.4](https://azure.microsoft.com/downloads/) -- [Bulk Creation of OneDrive for Business sites](https://msdn.microsoft.com/library/office/jj163783(v=office.15).aspx) -- [Restrictions and limitations when you sync SharePoint libraries to your computer through OneDrive for Business](https://support.office.com/article/restrictions-and-limitations-when-you-sync-files-and-folders-7787566e-c352-4bd4-9409-fd100a0165f6) -- [Types of files that cannot be added to a list or library](https://support.office.com/Article/Types-of-files-that-cannot-be-added-to-a-list-or-library-30be234d-e551-4c2a-8de8-f8546ffbf5b3?ui=en-US&rs=en-US&ad=US) - -## Working with import package security structures - -This section covers a brief overview of what is contained within an export package that includes security regarding permissions. This can allow the system to determine user and group membership along with roles, and specific assignments (unique permissions set at the object level and its children unless overridden at a deeper child object). - -### How to interpret the security identifiers in the package files - -UserGroup.xml file defines all users and groups within the exported web(s). The items within this file do the following: - -- User objects include the information about specific users, including identification of a specific security principle as a domain group or not, sign in, and the base 64 encoded SystemId (SID) of the security principle. -- Group objects include the information about specific groups and the direct membership list of that group. -- Owner values on group objects and UserId values on member objects within group objects map to other ID values of other user or group objects respectively. - -#### Table 2: Users and Groups annotated in UserGroupMap - -```xml - - - - - … - - - - - - - - - - … - - -``` - -**Manifest.xml** contains the metadata about all the content within the exported web(s). The items within this file do the following: - -- Roles objects include the list of defined roles on the web. -- Role objects define the individual role, including ID, internal permissions rights mask flags and display information. - - RoleId values define the identifiers of the Role objects. - - PermMask values contain the rights mask flags. -- RoleAssignments objects include the list of unique permissions (RoleAssignment objects). -- RoleAssignment objects include the list of distinct Assignment objects (if any). -- Individual RoleAssignment objects contain the actual membership of one distinct user or group and their actual Role. - - RoleId values map to the RoleId values of the Role objects. - - PrincipalId values map to ID values of user or group objects respectively in UserGroups.xml. - -#### Table 3: Roles and RoleAssignments annotated in manifest - -```xml - - … - - - - - - - - - - - - - - … - - - … - -``` - -## Constrained XSD structures - -Included below are the XSD files used for package validation in the import pipeline, when different than the original 2013 full schema, which can be found at [official SharePoint documentation](../schema/content-migration-schemas.md). - -### DeploymentExportSettings.XSD - -#### Table 4: Constrained DeploymentExportSettings.XSD - -```xml - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -``` - -### DeploymentLookupListMap.XSD - -There is no change from current published full 2013 package schema. - -### DeploymentManifest.XSD - -##### Table 5: Constrained DeploymentManifest.XSD - -```xml - - - - - - - - - - - - +> Use [GetMigrationJobProgress API](migration-job-progress-api-reference.md) to retrieve migration job status. +> +> Provisioning Azure Queues for migration job status tracking is no longer required. Deprecation is planned for the second half of 2026. Until then, Azure Queues will remain available for status retrieval. - - - - +Use the `ProvisionMigrationContainers` method to provision the containers. Check [Use Azure Blob Storage Containers and Azure Queues with Migration API](migration-azure.md) for details. You can also use your own containers and queues if needed. - - - - - - +### Prepare the content - - - - - - - - - - - - - - - - - - +Package the contents in the defined format and upload them to Azure Blob Storage Containers as the content package. - - - - - - - - - - - +Check [Content package](migration-content-package.md) to see the detailed requirements. - - - - - - - - - - - - - - +### Create the manifest files - - - - - - +Based on the contents, create manifest files in XML format, and upload them to Azure Blob Storage Containers as the manifest package. - - - - - - - - - - - - - - - - - - +Check [Manifest files](migration-manifest.md) to see the detailed requirements. - - - - - - - - - +### Use Migration API to start the migration and get status - - - - - - - - - - +The `CreateMigrationJob` method creates a migration job, which is queued up for processing. Migration API manages the queue and returns status and logs. Use the `CreateMigrationEncrypted` method to migrate encrypted contents. Check [SharePoint Migration API Reference](migration-api-reference.md) for details. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +> [!IMPORTANT] +> Use GetMigrationJobProgress API to track migration job status. - +Upon creation of a new migration job, Migration API returns the Job ID. Track the status of the import with [GetMigrationJobProgress API](migration-job-progress-api-reference.md). - - +Migration API generates logs in the manifest container. Check the log entries for migration results. - - +Migration API also generates logs of file-level activities performed by migration. The supported file-level activities include FileUploaded, FileDeleted, FileRenamed, FileMoved. Check M365 Admin Center for activity details when needed. - - +## Best Practice - - - - - +### Use app-based authentication - - - - - - - -``` +Migration generates workload to the SharePoint backend differently from end user-generated traffic. To properly allocate resources with our elastic capability, only use app-based authentication in your migration solution. -### DeploymentRequirements.XSD +Don't use user mode in your migration solution. Running migration in user mode triggers increased throttling, resulting in poor performance. -There is no change from current published [full 2013 package schema](../schema/content-migration-schemas.md). +To learn more about how to register an app ID and how to implement app-based authentication, check [How to register an app ID](/azure/active-directory/develop/active-directory-v2-registration-portal) and [Microsoft Graph Auth guidance](/graph/auth). -### DeploymentRootObjectMap.XSD +### Microsoft Entra ID Permissions -#### Table 6: Constrained DeploymentRootObjectMap.XSD +Microsoft Entra ID provides two types of permission: Delegated Permission and Application Permissions. Check[ +Permissions and consent in the Azure Active Directory v1.0 endpoint](/azure/active-directory/develop/v1-permissions-and-consent) for details. -```xml - - +For SharePoint and OneDrive migration scenarios, follow the Microsoft Entra ID permission specification. - - - - +For migration tools that rely on end-user sign-in and presence, use Delegated permission. - - - - - - - - +For service-based migration tools that run without a signed-in user present, such as applications that run as background services, use Application permission. - - - - - - - - +### App IDs - - - - - +You can choose to share a single App ID to cover multiple migration solutions created or create an individual App ID for each of the products. Make sure to register App IDs. Sharing App IDs doesn't affect performance or throttling. - - -``` +### Keep destination SharePoint Site unactivated -### DeploymentSystemData.XSD +To avoid migration issues, deactivate the target site for users until migration completion. The source could remain active, allowing read and write access to keep productivity. Switch users to the new SharePoint destination sites after migration completion. -There is no change from current published [full 2013 package schema](../schema/content-migration-schemas.md). +## Performance -### DeploymentUserGroupMap.XSD +Migration API processes jobs through a queue mechanism with preconfigured workload management settings. Migration API processes the jobs on a best-effort basis, without Service Level Agreement (SLA) or guaranteed performance. -There is no change from current published full 2013 [full 2013 package schema](../schema/content-migration-schemas.md). +### Optimize migration performance -### DeploymentViewFormsList.XSD +In order to ensure optimal performance for your migration projects, it's important to plan carefully, especially when dealing with large-scale migrations. For more information on how to estimate timespans and optimize performance, see our [performance guide](/sharepointmigration/sharepoint-online-and-onedrive-migration-speed). -There is no change from current published [full 2013 package schema](../schema/content-migration-schemas.md). +### I'm seeing throttling messages -## Sample: Using REST to call the API +To ensure good user experiences for all Microsoft 365 customers, SharePoint uses throttling to protect the SharePoint infrastructure. Avoid getting throttled by following [throttling guidance](https://aka.ms/spo429). -```http -https://{site_url}/_api/site/CreateMigrationJobEncrypted +## Special articles -{ - "options": { - "AES256CBCKey": "000000000000000000000000000000000000000000000000000000=" - }, - "gWebId": "00000000-0000-0000-0000-000000000000", - "azureContainerSourceUri": "https://tenant.blob.core.windows.net:443/00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000=rw", - "azureContainerManifestUri": "https://tenant.blob.core.windows.net:443/00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000=rw" -} -``` +### Migrating sharing events of files and folders -For the container: +Check [Sharing events](/sharepoint/dev/apis/migration-api-shared) article for instructions when migrating shared events metadata with files and folders. -```http -https://{site_url}/_api/site/ProvisionMigrationContainers -``` +### Web Parts -> [!NOTE] -> The **Migration API** is not available for users of Office 365 operated by 21Vianet in China. It is also not available for users of Office 365 with the German cloud using the data trustee, *German Telekom*. However, it is supported for users in Germany whose data location is not in the German data center. +Use SharePoint Migration Tool (SPMT)'s Web Part serializer DLL to migrate Web Parts into SharePoint. Check [Migrate Web Parts](/sharepoint/dev/apis/migrate-webparts-with-migrationapi) for instructions. diff --git a/docs/apis/migration-api-reference.md b/docs/apis/migration-api-reference.md new file mode 100644 index 000000000..0db09f400 --- /dev/null +++ b/docs/apis/migration-api-reference.md @@ -0,0 +1,232 @@ +--- +title: "SharePoint Migration API Reference Guide" +description: "This article provides in-depth information on how to use the SharePoint Migration API." +ms.date: 07/16/2025 +ms.author: ranren +author: underreview +manager: dapodean +audience: ITPro +ms.subservice: migration-tool +ms.topic: article +ms.localizationpriority: high +ms.collection: + - SPMigration + - m365-collaboration +--- + +# SharePoint Migration API Reference Guide + +This guide describes the usage of SharePoint Migration API, which imports content into SharePoint, based on manifest files. + +## CSOM and REST + +Migration API supports both SharePoint Client Side Object Model (CSOM) and REST. + +### Use NuGet Packages with CSOM + +To reference the SharePoint Client Side Object Model (CSOM) in your solution, use NuGet packages. + +Manage dependencies easily and ensure your solution is using the latest version of the CSOM library with NuGet packages. + +Get the latest version of the CSOM package at the [SharePoint Client-side Object Model Libraries](https://www.nuget.org/packages/Microsoft.SharePointOnline.CSOM) with the ID `Microsoft.SharePointOnline.CSOM`. + +Check [Get to know SharePoint REST service](/sharepoint/dev/sp-add-ins/get-to-know-the-sharepoint-rest-service) for instructions on REST API. + +## CreateMigrationJob method + +Creates a new migration import job with the import package specified in `azureContainerSourceUri` parameter. + +### CreateMigrationJob syntax + +```csharp +public Guid CreateMigrationJobEncrypted( +Guid gWebId, +string azureContainerSourceUri, +string azureContainerManifestUri, +string azureQueueReportUri, +EncryptionOption AES256CBCKey +) +``` + +```rest +POST https://{site_url}/_api/site/CreateMigrationJobEncrypted +{ + "options": { + "AES256CBCKey": "000000000000000000000000000000000000000000000000000000=" + }, + "gWebId": "00000000-0000-0000-0000-000000000000", + "azureContainerSourceUri": "https://tenant.blob.core.windows.net:443/00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000=rw", + "azureContainerManifestUri": "https://tenant.blob.core.windows.net:443/00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000=rw" +} +``` + +### CreateMigrationJob parameters + +#### gWebID + +Required. + +A **String** value that contains the unique identifier of the destination web targeted for the package import. The import package itself specifies additional information and identifiers for the import. You can programmatically find this identifier by querying the target web using CSOM calls. + +#### azureContainerSourceUri + +Required. + +A **String** value that contains the valid URI, including the SAS token, to access the Azure Blob Storage Container that contains the binary files of type block. + +See [Use Azure Blob Storage Containers and Azure Queues with SharePoint Migration API](migration-azure.md) for instructions on using Azure Blob Storage Containers in migration. + +When using content containers not provided by this method, Migration API requires `Read`, and `List` permissions only. Ensure that the start time of the SAS token is set at or before the job submission. Also, when setting the expiration time, allow a reasonable duration for the import process to complete. + +Migration API doesn't require `List` permission from containers provisioned with `ProvisionMigrationContainers` method. + +#### azureContainerManifestUri + +Required. + +A **String** value that contains the valid URI, including the SAS token, to access the Azure Blob Storage Container, which contains the block blobs for the manifest and other packages describing XML files. Migration API writes log to this container. This container can't be the same as the one used for the `azureContainerSourceUri`. + +See [Use Azure Blob Storage Containers and Azure Queues with SharePoint Migration API](migration-azure.md) for instructions on using Azure Blob Storage Containers in migration. + +When using content containers not provided by this method, Migration API requires `Read`, `List`, and `Write` permissions only. Ensure that the start time of the SAS token is set at or before the job submission. Also, when setting the expiration time, allow a reasonable duration for the import process to complete. + +#### azureQueueReportUri + +Optional. + +A **String** value that contains the valid URL, including the SAS token, to access the user-provided Azure Queue for migration job progress. Use `null` if receiving import status updates isn't necessary. + +If this value isn't `null`, and the SAS token contains the correct permissions, Migration API writes import status updates to the queue at the URL provided. + +Share the notification queue among multiple migration jobs. Migration API identifies each job with unique Job ID values in the notification queue. + +See [Azure](migration-azure.md) for instructions on using Azure Queue in migration. Check [Migration events in Azure Queue](migration-events.md) for types of events. + +Requires `Add`, `Read`, and `Update` permissions only. If the SAS token has other permissions, the migration job will be unable to add events to the queue. + +### CreateMigrationJob return value + +#### Job ID + +A **Guid** value, which contains Job ID, the unique identifier of the migration job. The method returns a `null` value, if it fails to create the job. Use Job ID to query the status of migration jobs with `GetMigrationJobStatus` method. + +### Example + +```csharp +Guid MigrationJobId = TargetSite.CreateMigrationJob( +TargetWebId, +azureContainerSourceUri, +azureContainerManifestUri, +azureQueueReportUri); +``` + +## CreateMigrationJobEncrypted method + +Creates a new migration import job with an encrypted PRIME package. + +Check the encryption instructions in [Azure](migration-azure.md) for Azure Blob Storage Container and Azure Queue encryption used. + +### CreateMigrationJobEncrypted syntax + +```csharp +public Guid CreateMigrationJobEncrypted( +Guid gWebId, +string azureContainerSourceUri, +string azureContainerManifestUri, +string azureQueueReportUri, +EncryptionOption AES256CBCKey +) +``` + +```rest +POST https://{site_url}/_api/site/CreateMigrationJobEncrypted +{ + "options": { + "AES256CBCKey": "000000000000000000000000000000000000000000000000000000=" + }, + "gWebId": "00000000-0000-0000-0000-000000000000", + "azureContainerSourceUri": "https://tenant.blob.core.windows.net:443/00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000=rw", + "azureContainerManifestUri": "https://tenant.blob.core.windows.net:443/00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000=rw" +} +``` + +### CreateMigrationJobEncrypted parameters + +`gWebID`, `azureContainerSourceUri`, `azureContainerManifestUri`, and `azureQueueReportUri` parameters have the same requirements as in `CreateMigrationJob` method. + +Provide `EncryptionOption` parameter as instructed below. + +#### EncryptionOption + +Required. + +A `EncryptionOption` object, containing the AES256CBCKey used to decrypt the output. + +Migration API encrypts the output with the AES256CBCKey key supplied. + +See `[EncryptionOption](https://learn.microsoft.com/en-us/dotnet/api/microsoft.sharepoint.client.encryptionoption)` class for details. + +### CreateMigrationJobEncrypted return value + +See Return value in `CreateMigrationJob` method. + +## GetMigrationJobStatus method + +> [!IMPORTANT] +> Use [GetMigrationJobProgress API](migration-job-progress-api-reference.md) to retrieve migration job status. Deprecation of GetMigrationJobStatus API is planned for the second half of 2026. Until then, it will remain available for status retrieval. + +Retrieves the processing status for a designated migration job. + +Migration API removes completed migration jobs from the timer job queue. Check the notification queue and/or log outputs for import results. + +### GetMigrationJobStatus syntax + +```csharp +[ClientNS.ClientCallableMethod] +public SPMigrationJobState GetMigrationJobStatus(Guid MigrationJobId) +``` + +### GetMigrationJobStatus parameters + +#### ID + +Required. + +A **Guid** value, which contains the migration Job ID, is returned from `CreateMigrationJob`. + +### GetMigrationJobStatus return value + +A `SPMigrationJobState` object, which contains the status of the migration job. + +### GetMigrationJobStatus example + +```csharp +SPMigrationJobState CurrentJobState = TargetSite.GetMigrationJobStatus(MigrationJobId); +``` + +## SPMigrationJobState enumeration + +Contains members representing the status of migration jobs in the import queue. + +### SPMigrationJobState members + +#### None + +Value: 0 + +The queue doesn't contain the migration job with the Job ID. The possible reasons are: + +- Migration API has completed the job and removed it from the queue. +- The Job ID is invalid. + +#### Queued + +Value: 2 + +The queue contains the migration job. Migration API isn't processing the job. + +#### Processing + +Value: 4 + +The queue contains the migration job. Migration API is processing the job. diff --git a/docs/apis/migration-api-shared.md b/docs/apis/migration-api-shared.md index 42aa9660d..dfcc26fd9 100644 --- a/docs/apis/migration-api-shared.md +++ b/docs/apis/migration-api-shared.md @@ -2,9 +2,9 @@ title: "SPO Migration API: Migrating shared files and folders" description: "Migrating shared files and folders using item references." ms.date: 06/28/2022 -ms.author: jhendr -author: JoanneHendrickson -manager: pamgreen +ms.author: jihongzuo +author: shiongzuo +manager: Dan.Podeanu ms.topic: article ms.subservice: migration-tool --- @@ -34,26 +34,32 @@ Add a SharedWithMember block for each person that the item was shared with durin - ``` + ## Best Practices + ### The basics + For each file or folder that was shared with a user in the source, create an item reference for that item in the recipient’s OneDrive. Every item reference created will appear in the user’s *Shared with Me* view in OneDrive. Remember to give the user permission to access the item as well. ### Inheritance + Be sure to use inheritance correctly for sharing. When creating an item reference for a file or folder, check if its parent folder (or higher) already has an item reference created for it. If so, do not create another one for the child item. This will prevent users from seeing duplicate items in their *Shared with Me* view and reduce migration and service load as well. -**Example:** When a folder is shared and the recipient can access all of the folder’s contents, an item reference should *only* be created for the shared folder -- not for its contents. The only item that should appear in the recipients *Shared with Me* is the shared folder. +**Example:** When a folder is shared and the recipient can access all of the folder’s contents, an item reference should *only* be created for the shared folder -- not for its contents. The only item that should appear in the recipient's *Shared with Me* is the shared folder. -This same guidance should also be used for permissions (ACLs). Only apply permissions on a child item where the required permissions are different than its parent item. Make sure not to exceed 5000 unique ACLs on a site. It may be useful to check how many ACLs you create and warn the user prior to migration. There is also a hard limit of 50,000 unique ACL's that will be enforced. If you are close to reaching the 5000 limits, we recommend that the permission model be simplified on the source before migration. +This same guidance should also be used for permissions (*access control lists, also known as ACLs*). Only apply permissions on a child item where the required permissions are different than its parent item. Make sure not to exceed 5000 unique ACLs on a site. It may be useful to check how many ACLs you create and warn the user prior to migration. There is also a hard limit of 50,000 unique ACLs that will be enforced. If you are close to reaching the 5000 limits, we recommend that the permission model be simplified on the source before migration. ### Sharing with groups + For items shared with a group of individuals in the source, the content may be migrated into a shared library (eg. a team site) in which all of those individuals are given access. ### Anonymous sharing links + Do not migrate anonymous sharing links from the source; this is not useful as it’s not possible to know which users used that link in the source. Users should evaluate whether anonymous links are still needed and create new ones on the destination if so. ### Sharing with external users + Before starting migration, you must ensure all users are provisioned in the customer tenant. For users external to the tenant (ie. from a different organization), provision them as B2B collaboration users in Azure Active Directory. This is done in the Azure portal following these steps: - [Add Azure Active Directory B2B collaboration users in the Azure portal](/azure/active-directory/b2b/add-users-administrator). @@ -61,7 +67,8 @@ Before starting migration, you must ensure all users are provisioned in the cust Once the external users are provisioned, share files and folders with them during migration the same way as internal users. ### Permission and Sharing -The per user sharing model in SharePoint relies on both permissions and “Shared With” data references for an object to be considered shared with an individual. If a user has access to content, but no “Shared With” references, they will not see the content show up in their Shared With Me view within their OneDrive For Business site. + +The per-user sharing model in SharePoint relies on both permissions and “Shared With” data references for an object to be considered shared with an individual. If a user has access to content, but no “Shared With” references, they will not see the content show up in their Shared With Me view within their OneDrive For Business site. However, if they are indicated in “Shared With” references but do not have any access to the content, they will either never see the content show up in their Shared With Me view within their OneDrive For Business site or when they try to use a link from there it will be denied access. To preserve sharing information, both the permissions and “Shared With” references will need to be correctly set. The permissions can be set at different levels of the content hierarchy using scopes (unique ACLs), that apply to that object and any of its children unless they themselves have unique permissions. @@ -71,3 +78,7 @@ Permissions migration is performed using the DeploymentRoleAssignments object wi > [!NOTE] > The **Migration API** is not available for users of Office 365 operated by 21Vianet in China. + +### Quota + +Do not migrate more than 1,000 *Share with Me* events for any receiver within 24 hours. If a receiver already has 1,000 *Share with Me* events being imported within 24 hours, they will NOT receive any additional *Share with Me* events during the time window. And Import API will send back warning messages indicating some *Share with Me* events have been throttled. diff --git a/docs/apis/migration-api-whats-new.md b/docs/apis/migration-api-whats-new.md index 5b4724754..aec43a338 100644 --- a/docs/apis/migration-api-whats-new.md +++ b/docs/apis/migration-api-whats-new.md @@ -1,7 +1,7 @@ --- title: "Migration API What's new" description: "Learn about the new features and updates to the Migration API." -ms.date: 09/06/2023 +ms.date: 09/26/2023 ms.reviewer: jhendr author: JoanneHendrickson ms.author: jhendr @@ -16,6 +16,36 @@ ms.custom: admindeeplinkSPO Check here to see what features or updates have been added to the Migration API. Here's a summary of what's included. +## Encoding invalid XML characters + +When invalid XML characters are detected in relevant fields, they're encoded. For any attribute that is XML encoded, decoding is needed for the value. Encoded fields are included in `EncodedAttributes`, in a comma-separated attribute list. + +**Example** + +In this example, these attributes are encoded: URL, ParentWebURL, Name, and Version. + +```xml + +``` + +>[!Warning] +>If XSD is replied on to parse manifest files, parsing may fail when **EncodedAttributes** is used. + + ## Updated reason code and descriptions We have updated Migration API to provide detailed reasons in case a job is postponed. We encourage ISVs take appropriate actions, based on the reasons. diff --git a/docs/apis/migration-azure.md b/docs/apis/migration-azure.md new file mode 100644 index 000000000..3dddc87b8 --- /dev/null +++ b/docs/apis/migration-azure.md @@ -0,0 +1,149 @@ +--- +title: "Use Azure Blob Storage Containers and Azure Queues with SharePoint Migration API" +description: "This article provides in-depth information on how to use the SharePoint Migration API with Azure Containers and Queues." +ms.date: 07/03/2024 +ms.author: ranren +author: underreview +manager: dapodean +audience: ITPro +ms.subservice: migration-tool +ms.topic: article +ms.localizationpriority: high +ms.collection: + - SPMigration + - m365-collaboration +--- + +# Use Azure Blob Storage Containers and Azure Queues with SharePoint Migration API + +Use Azure Blob Storage Containers to store contents, manifest files, and logs. Access migration status updates with Azure Queues. + +This guide provides provisioning, permission, and other requirements with SharePoint-provided Azure resources. + +## Azure Blob Storage Containers + +Migration API uses Azure Blob Storage Containers for temporary storage of content and manifest. SharePoint provides default containers for migration. Alternatively, you can provide your own containers. + +### Using SharePoint-provided containers + +SharePoint-provided containers have no extra cost to the customer. Provision SharePoint-provided containers with `ProvisionMigrationContainers` method, without the need to manually set up in the Azure admin console. + +Migration API provisions the containers in the same datacenter of the SharePoint instance. Migration API uses a container exclusively once for each request, to ensure security. + +Migration API destroys Used containers 30-90 days after completing migration jobs. + +#### Avoid throttling by decorating the traffic + +Avoid throttling by [decorating your HTTP traffic](/sharepoint/dev/general-development/how-to-avoid-getting-throttled-or-blocked-in-sharepoint-online#how-to-decorate-your-http-traffic). + +#### Encryption + +The contents stored in SharePoint-provided containers are encrypted at rest with AES256CBC algorithm. This practice is mandatory. Migration API rejects migration jobs generated from unencrypted SharePoint-provided containers. + +This encryption requirement doesn't apply to user-provided containers. + +When using `CreateMigrationJobEncrypted` method, encrypt each file with AES CBC 256 standard as the encryption algorithm. + +Use the `AesCryptoServiceProvider.GenerateIV` method to generate a unique cryptographically random IV for each file, including the manifests in the package. Store the IV as a property on each file. + +##### Name + +IV + +##### Value + +A `BASE64` encoded **Byte Array** of the generated IV + +#### ProvisionMigrationContainers method + +Provisions new SharePoint-provided migration containers for content and manifest. + +##### Syntax + +```csharp +public SPProvisionedMigrationContainersInfo ProvisionMigrationContainers() +``` + +##### Return values + +An `SPProvisionedMigrationContainersInfo` object, containing the URI, access tokens, and encryption key of the provisioned containers. + +###### DataContainerUri value + +A **Uri** value containing the URI of the newly created container for storing migration **content**, along with the SAS access token. + +Pass this value to `CreateMigrationJob` method as `azureContainerSourceUri` parameter. + +The SAS access token contains `Read` and `Write` permissions only. It doesn't contain `List`. + +SharePoint enforces HTTPS connections to containers by setting `spr=https` field in SAS tokens. + +###### MetadataContainer value + +A **Uri** value containing the URI of the newly created container for storing **manifest** files, along with the SAS access token. + +Pass this value to `CreateMigrationJob` method as `azureContainerManifestUri` parameter. + +The SAS access token contains `Read` and `Write` permissions only. It doesn't contain `List`. + +SharePoint enforces HTTPS connections to containers by setting `spr=https` field in SAS tokens. + +###### EncryptionKey + +A **Byte Array** value containing the AES256CBC encryption key for both containers provisioned. + +### Use your own containers + +You can also provide your own Azure Blob Storage Containers. Provide the URI with SAS access tokens as required in the Migration API reference. + +## Azure Queues + +SharePoint-provided Azure Queues have no extra cost to the customer. Provision the queue with `ProvisionMigrationQueue` method, without the need to manually set up in Azure admin console. + +Migration API provisions Azure Queues in the same datacenter of the SharePoint instance. + +Alternatively, use user-provided Azure Queues if desired. Check the requirement in the Migration API Reference document. + +### Azure Queue Encryption + +`CreateMigrationJobEncrypted` method encrypts the messages written to the Azure Queue. + +To decrypt the messages, make sure you preserve `JobId` and the `IV` values returned by `CreateMigrationJobEncrypted` method. + +#### Encrypted message sample + +```json +{"Label": "Encrypted"}, +{"JobId": "[JobId value]"}, +{"IV": "[IV value, encoded in BASE64]"}, +{"Content": "[encrypted message, encoded in BASE64]"} +``` + +### ProvisionMigrationQueue method + +Provisions a new instance of Azure Queue for migration use. + +#### ProvisionMigrationQueue Syntax + +```csharp +public SPProvisionedMigrationQueueInfo ProvisionMigrationQueue() +``` + +#### Return value + +A `SPProvisionedMigrationQueueInfo` object containing the information of the newly created Azure Queue. + +##### JobQueueUri value + +A `Uri` value containing the URI and SAS access token of the newly created Azure Queue. + +Pass this value to `CreateMigrationJob` method's `azureQueueReportUri` parameter. + +## Use endpoints in Azure Government + +Use Azure Government endpoints for Microsoft 365 Government. + +### Required endpoints in Azure Government + +- `https://*.blob.core.usgovcloudapi.net` +- `https://*.queue.core.usgovcloudapi.net` diff --git a/docs/apis/migration-content-package.md b/docs/apis/migration-content-package.md new file mode 100644 index 000000000..6de44cbfe --- /dev/null +++ b/docs/apis/migration-content-package.md @@ -0,0 +1,113 @@ +--- +title: "Preparing the content for Migration API" +description: "This article provides in-depth information on how to use create and use content packages with SharePoint Migration API" +ms.date: 04/18/2024 +ms.author: ranren +author: underreview +manager: dapodean +audience: ITPro +ms.subservice: migration-tool +ms.topic: article +ms.localizationpriority: high +ms.collection: + - SPMigration + - m365-collaboration +--- + +# Preparing the content for Migration API + +Use this document to prepare the contents to migrate with SharePoint Migration API. + +## Files and folders + +### File and package size limits + +Migration API supports importing files with sizes up to 15 GB (the limit set by SharePoint). + +For the best performance, keep the package size under 250 MB or 250 items. + +For larger files, create a package for the individual file. + +### File versions + +Migration API supports importing multiple versions of a file, including major and minor, up to the limit set by SharePoint. + +Each version of the file counts against the file size limit and item count limit. + +Include each version of the file, even if some of the versions already exist in SharePoint. + +### File overwriting + +Migration API deletes the original file along with all the versions, then replaces it with all versions of the resubmitted file, when a file is resubmitted. + +### No decryption + +Migration API doesn't decrypt contents. It treats any encrypted content as opaque files. While SharePoint lists these files, it doesn't index them. This behavior is the same as when a user uploads encrypted files through the SharePoint UI. + +### File compression + +Migration API doesn't decompress packages by default. Don't compress content and manifest packages together. Make sure you store the content package and the manifest package in different Azure Storage Blob Containers. + +Migration API imports **\*.zip** files as compressed archive files if referenced in the import package as the archive itself. To import the individual files within the **\*.zip** file, see [Archive Small Files](#archive-small-files-for-performance). + +### Archive small files for performance + +Migrate small files in batches for improved performance. Migration API **optionally** uncompresses a compressed **\*.zip** archive to improve the performance, based on manifest in **ArchivedFiles.xml**. + +Include `QuickXorHash` value of the archive when using this feature. Compute it with [QuickXorHash Algorithm](/onedrive/developer/code-snippets/quickxorhash). + +Migration API processes non-archived files in **Manifest.xml** without manifest in **ArchiveFiles.xml** as usual. + +This feature requires all the following prerequisites: + +#### Archive file size limit + +10 MB maximum. + +#### Archive file per package + +Two maximum. + +#### Archive file encryption + +Required. + +#### Individual file size + +Less than 100 kb after encryption. + +#### Don't compress individual files + +**Don't compress** the individual files, only compress the archive. + +## SharePoint Events and Event Handlers + +Migration API allows referencing Event Handlers on List Items. However, Migration API doesn't support defining new Event Handlers at the List level. + +Migration API doesn't generate Events when importing items. Therefore, existing Event Handlers don't fire during import. + +## Azure Containers + +### Azure Blob Storage Security Model + +Migration API uses Azure Blob Storage security model. There's no special treatment for Azure Blob Storage Containers used for Migration API that would differentiate from a standard container. + +### Snapshot + +Each file in the container must have at least one snapshot created. Avoid modifying the file during the import. Any file without a snapshot fails to import with errors. Migration API uses the latest snapshot of the file available at the time of import. + +To create a snapshot of a file after uploading to the Azure Blob Storage, use the following code: + +```csharp +CloudBlockBlob blob = blobContainerObj.GetBlockBlobReference(file); +blob.UploadFromStream(stm); +blob.CreateSnapshot(); +``` + +### Permissions + +To ensure the immutability of source blobs, Migration API accepts an SAS key with only `Read` and `List` access flags set for the content package container. + +Likewise, Migration API accepts a SAS key with only `Read`, `List`, and `Write` access for the Manifest container. Migration API requires the `Write` access for writing backlog files at the end of the import. + +Migration API checks SAS keys for these required access flags. Migration API rejects attempts to create migration jobs with incorrect access flags on SAS keys. diff --git a/docs/apis/migration-events.md b/docs/apis/migration-events.md new file mode 100644 index 000000000..dcd8c2209 --- /dev/null +++ b/docs/apis/migration-events.md @@ -0,0 +1,269 @@ +--- +title: "Migration events in Azure Queue" +description: "This article provides in-depth information on how to use Azure Queue events in migration." +ms.date: 04/18/2024 +ms.author: ranren +author: underreview +manager: dapodean +audience: ITPro +ms.subservice: migration-tool +ms.topic: article +ms.localizationpriority: high +ms.collection: + - SPMigration + - m365-collaboration +--- +# Migration events in Azure Queue + +This document lists all types of events Migration API and AMR API written to the Azure Queue. Use these events to get status updates on migration jobs. + +## JobQueued + +```log +JobId:845daca4-5529-4b0e-85ab-a603efee5b12 +Time:09/29/2020 19:56:02.883 +SiteId:48917234-de43-474a-9f1b-8d98ffa08425 +DbId:8fd09323-b23f-430d-8957-213586ce3861 +TotalRetryCount:0 +MigrationType:None +MigrationDirection:Import +CorrelationId:c8d97e9f-802f-0000-ceac-44663834d510 +``` + +## JobPostponed + +```log +JobId:845daca4-5529-4b0e-85ab-a603efee5b12 +Time:09/29/2020 19:56:57.598 +NextPickupTime:09/29/2020 20:16:57.519 +SiteId:48917234-de43-474a-9f1b-8d98ffa08425 +DbId:8fd09323-b23f-430d-8957-213586ce3861 +JobsInQueue:TotalRetryCount:0 +MigrationType:None +MigrationDirection:Import +CorrelationId:d5d97e9f-702c-0000-ceb9-354fefa5e9f6 +``` + +## JobLogFileCreate + +```log +JobId:071f9aad-36e6-4bef-9f09-40b5c7498ecdTime:09/29/2020 19:56:29053 +FileName:Import-071f9aad-36e6-4bef-9f09-40b5c7498ecd-1.log +CorrelationId:22ca20ec-23de-468b-add3-4e52e90d3a68 +JobStart +JobId:071f9aad-36e6-4bef-9f09-40b5c7498ecdTime:09/29/2020 19:56:29:100 +SiteId:48917234-de43-474a-9f1b-8d98ffa08425 +WebId:36b66979-4a43-4b93-9b92-909c7186ff98 +DBId:8fd09323-b23f-430d-8957-213586ce3861 +FarmId:211e600c-f48d-4319-ba92-61150c8e8e8c +ServerId:cfd27448-822a-420b-bcc8-4f39629b01bc +SubscriptionId:51812136-3cba-482d-9696-532cddceab31 +TotalRetryCount:0 +MigrationType:None +MigrationDirection:Import +CorrelationId:c308c0ea-a7f5-4be9-acd4-1ebd39867434 +``` + +## JobProgress + +```log +JobId:845daca4-5529-4b0e-85ab-a603efee5b12 +Time:09/29/2020 19:56:32.265 +FilesCreated:15 +BytesProcessed:45 +ObjectsProcessed:217 +TotalExpectedSPObjects:403 +TotalErrors:0 +TotalWarnings:0 +TotalRetryCount:0 +MigrationType:None +MigrationDirection:Import +WaitTimeOnSqlThrottlingMilliseconds:0 +TotalDurationInMs:0 +CpuDurationInMs:0 +SqlDurationInMs:0 +SqlQueryCount:0 +CreatedOrUpdatedFileStatsBySize: +{ + "0-1K": { + "Count": 15, + "TotalSize": 45, + "TotalDownloadTime": 251, + "TotalCreationTime": 6754 + } +} +ObjectsStatsByType: +{ + "SPUser": { + "Count": 1, + "TotalTime": 289, + "AccumulatedVersions": 0, + "ObjectsWithVersions": 0 + }, + "SPFolder": { + "Count": 2, + "TotalTime": 144, + "AccumulatedVersions": 0, + "ObjectsWithVersions": 0 + }, + "SPDocumentLibrary": { + "Count": 1, + "TotalTime": 173, + "AccumulatedVersions": 0, + "ObjectsWithVersions": 0 + }, + "SPFile": { + "Count": 200, + "TotalTime": 6765, + "AccumulatedVersions": 0, + "ObjectsWithVersions": 0 + }, + "SPListItem": { + "Count": 14, + "TotalTime": 2111, + "AccumulatedVersions": 0, + "ObjectsWithVersions": 0 + } +} +TotalExpectedBytes:0 +CorrelationId:ccd97e9f-a0cc-0000-ceb9-37a900bec68d +``` + +## JobEnd (Import) + +```json +{ +"Event": "JobEnd", +"JobId": "aed28dcc-efc3-46c3-89f2-b5df71ccfe85", +"Time": "04/11/2024 14:51:53.531", +"FilesCreated": "5", +"BytesProcessed": "260999", +"ObjectsProcessed": "6", +"TotalErrors": "2", +"TotalWarnings": "0", +"FilesCreatedIrrespectiveOfVersions": "1", +"BytesProcessedOnlyCurrentVersion": "111001" +} +``` + +### **FilesCreatedIrrespectiveOfVersions** property + +An integer. + +The number of files created, exclusive of file versions. If a file has multiple versions, this count increases by 1 only when all the versions are migrated. + +List items aren't counted in this property. + +### **BytesProcessedOnlyCurrentVersion** property + +An integer. The bytes are processed with the last version of the file. If a file has multiple versions, this byte count increases only when all the versions are migrated. + +List items aren't counted in this property. + +## JobEnd (AMR) + +AMR API generates `JobEnd` event with estimation of item counts in `TotalExpectedSPObjects` field: + +```log +Event:JobEnd +JobId:e915f93a-b377-476e-995c-952fd28c0a12 +Time:11/28/2023 13:41:06.109 +FilesCreated:182 +BytesProcessed:441084014 +ObjectsProcessed:425 +TotalExpectedSPObjects:425 +TotalErrors:2 +TotalWarnings:0 +TotalRetryCount:0 +MigrationType:AsyncRead +MigrationDirection:Export +``` + +## JobDeleted + +```log +JobId:071f9aad-36e6-4bef-9f09-40b5c7498ecd +Time:09/29/2020 19:56:29.053 +CorrelationId:22ca20ec-23de-468b-add3-4e52e90d3a68 +``` + +### JobCancelled + +```log +JobId:071f9aad-36e6-4bef-9f09-40b5c7498ecd +Time:09/29/2020 19:58:29053 +TotalRetryCount:0 +CancelledByUser:false +MigrationType:None +MigrationDirection:Import +CorrelationId:22ca20ec-23de-468b-add3-4e52e90d3a68 +``` + +## JobError + +```log +JobId:b427d8d7-2b91-4da0-aee5-4b5a5a5d867e +Time: 02/05/2019 06:56:09.732 +TotalRetryCount:0 +MigrationType:None +MigrationDirection:Import +ObjectType:File +Url:Shared Documents/file.pdf +Id:fae7b4b0-2912-11e9-b0f3-7b554a52d6ab +ErrorCode:-2147024816 +ErrorType:Microsoft.SharePoint.SPException +Message:ErrorMessage +CorrelationId:d8e9bc9e-20e2-8000-aa83-48a62fc5ce75 +``` + +## JobFatalError + +```log +JobId:8f728c13-95d0-4d54-96bc-4ee912bd32ce +Time: 02/05/2019 06:57:20.523 +TotalRetryCount:0 +MigrationType:None +MigrationDirection:Import +ObjectType: +Url: +Id: +ErrorCode:-2147213196 +ErrorType:Microsoft.SharePoint.SPException +Message:ErrorMessage +CorrelationId:b370d5a0-105d-4000-241f-9b2d70449d7b +``` + +## JobWarning + +```log +JobId:b427d8d7-2b91-4da0-aee5-4b5a5a5d867e +Time: 02/05/2019 06:56:09.732 +TotalRetryCount:0 +MigrationType:None +MigrationDirection:Import +ObjectType:File +Url:Shared Documents/file.pdf +Id:fae7b4b0-2912-11e9-b0f3-7b554a52d6ab +ErrorCode:-2147024816 +ErrorType:Microsoft.SharePointSPException +Message:ErrorMessage +CorrelationId:d8e9bc9e-20e2-8000-aa83-48a62fc5ce75 +FinishManifestFileUpload +JobId:b427d8d7-2b91-4da0-aee5-4b5a5a5d867e +Time:02/05/2019 06:56:09.732 +ManifestFileName:Filename +CorrelationId:d8e9bc9e-20e2-8000-aa83-48a62fc5ce75 +``` + +## FinishManifestFileUpload + +Indicates that AMR API exported metadata. Find exported manifest files in the Azure Blob Storage Container supplied. The event also contains the location and file names of the exported files. + +### Example + +```json +{"Event", "FinishManifestFileUpload"}, +{"JobId", “f8d7d577-676e-47ce-ab69-ae7803979883”}, +{"Time", “2019-09-03T19:11:33.903”}, +{"ManifestFileName", “f8d7d577-676e-47ce-ab69-ae7803979883/ExportSettings.xml”} +``` diff --git a/docs/apis/migration-job-progress-api-reference.md b/docs/apis/migration-job-progress-api-reference.md new file mode 100644 index 000000000..d6f6eff66 --- /dev/null +++ b/docs/apis/migration-job-progress-api-reference.md @@ -0,0 +1,171 @@ +--- +title: "SharePoint Migration Job Progress API" +description: "This article explains how to retrieve migration job status with GetMigrationJobProgress API." +ms.date: 06/15/2025 +ms.author: jihongzuo +author: shiongzuo +manager: dapodean +audience: ISV +ms.subservice: migration-tool +ms.topic: article +ms.localizationpriority: high +ms.collection: + - SPMigration + - m365-collaboration +--- +# SharePoint GetMigrationJobProgress API + +After submitting a migration job—whether an import job or an Asynchronous Metadata Read (AMR) job—you can use the GetMigrationJobProgress API to track its progress. The API is available via both SDK and REST interfaces. + +It returns a sequence of job status events, including: JobQueued, JobStart, JobProgress, JobError, and JobEnd. + +## Permissions + +Use application-based authentication when submitting a migration job. Ensure the application is granted the Sites.Read.All permission or higher. + +## GetMigrationJobProgress Method (SDK) + +### Syntax + +```csharp +public ClientResult Site.GetMigrationJobProgress( + Guid jobId, + String nextToken +) +``` + +### Method Parameters + +| Name | Type | Required | Description | +| :--------- | :------- | :------- | :----------------------------------------------------- | +| jobId | Guid | Yes | Unique identifier of the migration job | +| nextToken | String | Yes | Token for paging position. Use "0" for initial request | + +For a completed job, requests using nextToken are idempotent—repeating the same request will consistently return the same result. + +### Return Values + +| Name | Type | Description | +| :--------- | :------- | :------------------------------------------------------------------------------------------------------------------------------------ | +| Logs | IList | Returns a collection of job status events when new progress is available, or an empty collection if there are no updates. | +| NextToken | String | Returns an updated string value when new progress is available, or the same value as the nextToken parameter if there are no updates. | + +### Method Usage Example + +```csharp +ClientResult result = context.Site.GetMigrationJobProgress(jobId, nextToken ?? "0"); +context.ExecuteQuery(); +IList logs = result.Value.Logs; +string newNextToken = result.Value.NextToken; +``` + +## GetMigrationJobProgress REST API + +### HTTP Request + +```http +GET https://{site_url}/_api/site/GetMigrationJobProgress(jobId='{jobId}',nextToken=0) +``` + +### URI Parameters + +| Name | Type | Required | Description | +| :--------- | :------- | :------- | :----------------------------------------------------- | +| jobId | Guid | Yes | Unique identifier of the migration job | +| nextToken | String | Yes | Token for paging position. Use "0" for initial request | + +### Request Headers + +| Header | Required | +| :------------------------------------- | :------- | +| Authorization: Bearer {token} | Yes | +| Accept: application/json;odata=verbose | Yes | + +### Response + +A JSON object when the HTTP status code is 200. + +An empty JSON object when the HTTP status code is other than 200. + +### Error Handling + +| Status Code | Meaning | Action | +| :---------- | :------------- | :---------------------------------------------------------------------- | +| 403 | Unauthorized | Ensure the app/user has at least Sites.Read.All permissions. | +| 429 | Too Many Requests | Parse Retry-After header and retry after the specified delay. | +| 500 | Internal Server Error | Parse error responses to identify internal errors. Do Not Retry. | +| 503 | Service Unavailable | Parse Retry-After header and retry after the specified delay. | + +| Internal Error Code | Meaning | +| :------------------ | :---------------------------------------------- | +| -2147213145 | Job not found | +| -2147213146 | Job status expired (valid for less than 5 days) | + +### API Usage Example + +#### Request Sample + +```http +GET https://contoso.sharepoint.com/_api/site/GetMigrationJobProgress(jobId=' 3e280efa-78a3-4ba1-bac6-e447aa538ca5', nextToken=0) +``` + +#### Successful Response Sample + +Status code: 200 +Response body: + +```json +{ + "d": { + "GetMigrationJobProgress": { + "Logs": { + "__metadata": { + "type": "Collection(Edm.String)" + }, + "results": [ + "{\"MigrationType\":\"None\",\"MigrationDirection\":\"Import\",\"SiteId\":\"48f1898f-77d9-4a1b-bddc-1f49bb6dc134\",\"DbId\":\"de6b85cd-726e-4b13-ae04-629798fddbf3\",\"TotalRetryCount\":\"0\",\"JobId\":\"3e280efa-78a3-4ba1-bac6-e447aa538ca5\",\"Time\":\"05/20/2025 09:18:48.132\",\"CorrelationId\":\"91884a0c-5ee8-4e1f-a23f-e4f7ec170182\",\"Event\":\"JobQueued\"}", + "{\"MigrationType\":\"None\",\"MigrationDirection\":\"Import\",\"SiteId\":\"48f1898f-77d9-4a1b-bddc-1f49bb6dc134\",\"WebId\":\"7206fc09-e4af-48b3-8730-ed7321396d7a\",\"DbId\":\"de6b85cd-726e-4b13-ae04-629798fddbf3\",\"FarmId\":\"f77d7b6c-ef43-4609-8fce-0e93142ce8a0\",\"ServerId\":\"44af885c-393b-4236-9417-bae7a9edc44e\",\"SubscriptionId\":\"82abb045-250e-4186-ba83-b9295930f272\",\"TotalRetryCount\":\"0\",\"JobId\":\"3e280efa-78a3-4ba1-bac6-e447aa538ca5\",\"Time\":\"05/20/2025 09:20:51.129\",\"CorrelationId\":\"7d3e7a8e-4445-4ce0-adb1-078e78cbf686\",\"Event\":\"JobStart\"}", + "{\"MigrationType\":\"None\",\"MigrationDirection\":\"Import\",\"TotalRetryCount\":\"0\",\"ObjectType\":\"ListItem\",\"Url\":\"\",\"Id\":\"cb471d5f-593f-4a63-b59e-8eae3e35b08a\",\"SourceListItemIntId\":\"3\",\"TargetListItemIntId\":\"3\",\"ErrorCode\":\"-2147286782\",\"ErrorType\":\"Microsoft.SharePoint.SPException\",\"Message\":\"Attempted to use an object that has ceased to exist. (Exception from HRESULT: 0x80030102 (STG_E_REVERTED)) \",\"JobId\":\"3e280efa-78a3-4ba1-bac6-e447aa538ca5\",\"Time\":\"05/20/2025 09:20:55.490\",\"CorrelationId\":\"7d3e7a8e-4445-4ce0-adb1-078e78cbf686\",\"Event\":\"JobError\"}", + "{\"MigrationType\":\"None\",\"MigrationDirection\":\"Import\",\"TotalRetryCount\":\"0\",\"FilesCreated\":\"0\",\"BytesProcessed\":\"0\",\"ObjectsProcessed\":\"4\",\"TotalExpectedSPObjects\":\"15\",\"TotalErrors\":\"3\",\"TotalWarnings\":\"0\",\"WaitTimeOnSqlThrottlingMilliseconds\":\"0\",\"TotalDurationInMs\":\"0\",\"CpuDurationInMs\":\"0\",\"SqlDurationInMs\":\"0\",\"SqlQueryCount\":\"0\",\"IsShallowCopy\":\"False\",\"CreatedOrUpdatedFileStatsBySize\":\"{}\",\"ObjectsStatsByType\":\"{\\\"SPUser\\\":{\\\"Count\\\":1,\\\"TotalTime\\\":124,\\\"AccumulatedVersions\\\":0,\\\"ObjectsWithVersions\\\":0},\\\"SPFolder\\\":{\\\"Count\\\":1,\\\"TotalTime\\\":153,\\\"AccumulatedVersions\\\":0,\\\"ObjectsWithVersions\\\":0},\\\"SPDocumentLibrary\\\":{\\\"Count\\\":1,\\\"TotalTime\\\":404,\\\"AccumulatedVersions\\\":0,\\\"ObjectsWithVersions\\\":0},\\\"SPFile\\\":{\\\"Count\\\":1,\\\"TotalTime\\\":0,\\\"AccumulatedVersions\\\":0,\\\"ObjectsWithVersions\\\":0},\\\"SPListItem\\\":{\\\"Count\\\":1,\\\"TotalTime\\\":1880,\\\"AccumulatedVersions\\\":0,\\\"ObjectsWithVersions\\\":0}}\",\"TotalExpectedBytes\":\"0\",\"FilesCreatedIrrespectiveOfVersions\":\"0\",\"BytesProcessedOnlyCurrentVersion\":\"0\",\"JobId\":\"3e280efa-78a3-4ba1-bac6-e447aa538ca5\",\"Time\":\"05/20/2025 09:20:57.380\",\"CorrelationId\":\"7d3e7a8e-4445-4ce0-adb1-078e78cbf686\",\"Event\":\"JobEnd\"}" + ] + }, + "NextToken": "1764", + "__metadata": { + "type": "SP.MigrationJobProgress" + } + } + } +} +``` + +#### Error Response Sample + +Status code: 500 +Response body: + +```json +{ + "error": { + "code": "-2147213145, Microsoft.SharePoint.SPException", + "innererror": { + "message": "Job not found", + "stacktrace": "STACK_TRACE" + }, + "message": { + "lang": "en-US", + "value": "Job not found" + } + } +} +``` + +## Best Practice + +Begin with `nextToken=0`, store the returned token, and poll at certain intervals. This method is well-suited for long-running jobs and helps ensure no updates are missed. + +Since migration jobs typically take several minutes or more, polling every minute is advised, while adhering to the [guideline](https://aka.ms/spo429) to avoid throttling. + +## See Also + +- [SharePoint Migration API](migration-api-overview.md) +- [Migration Events](migration-events.md) diff --git a/docs/apis/migration-manifest.md b/docs/apis/migration-manifest.md new file mode 100644 index 000000000..770fd670b --- /dev/null +++ b/docs/apis/migration-manifest.md @@ -0,0 +1,405 @@ +--- +title: "Preparing the manifest for Migration API" +description: "This article provides in-depth information on how to use create and use manifest packages with SharePoint Migration API" +ms.date: 04/18/2024 +ms.author: ranren +author: underreview +manager: dapodean +audience: ITPro +ms.subservice: migration-tool +ms.topic: article +ms.localizationpriority: high +ms.collection: + - SPMigration + - m365-collaboration +--- + +# XML manifest files + +Migration API relies on XML manifest files to process the content import correctly. Create manifest files in a well-defined format. AMR API also exports metadata in this format. + +## XML Validation + +The package structure for Manifest files is based on a constrained version of [SharePoint Content Migration Schemas](/sharepoint/dev/schema/content-migration-schemas). + +## Encoding invalid XML characters + +AMR API encodes invalid XML characters in fields. Decode the attributes listed in `EncodedAttributes`. + +Migration API doesn't support invalid XML character encoding. + +### Example + +In this example, these attributes are encoded: URL, ParentWebURL, Name, and Version. + +```xml + +``` + +## Location + +Placed all manifest files at the root level of the Azure Blob Storage Container for manifest files. + +## ArchivedFiles.xml + +Optional. + +Used to process archived small files in batch. + +### ArchivedFiles.xml Example + +```xml + + + + + + + + + + + + + + + + + + + +``` + +## ExportSettings.xml + +Required. + +An XML file contains the export settings specified with the `SPExportSettings` and other classes. It also specifies the export settings, used in the subsequent import process at the migration target site. It also maintains a catalog of all objects exported to the migration package. + +### Ignore Web Parts + +Migration API checks and processes SharePoint Web Parts in certain types of files. For sources other than SharePoint Server and SharePoint Online, bypass these checks by setting `IgnoreWebParts` to `true`. This practice improves the performance of migration tasks when not migrating Web Parts. + +### Specify content source + +Migration API requires a `SourceType` value, containing the source of the content. It should contain a value from the following list: + +#### Accepted `SourceType` values + +- `AmazonS3` +- `AzureStorage` +- `Box` +- `Dropbox` +- `Egnyte` +- `FileShare` +- `GoogleCloudStorage` +- `GoogleDrive` +- `MicrosoftStream` +- `OneDrive` +- `SharePointOnline` +- `SharePointOnPremServer` +- `Other` + +When declaring to `Other`, include an extra `DetailedSource` value to provide more detail on the content source information. + +### ExportSettings.xml Example + +```xml + + + + + +``` + +## LookupListMap.xml + +Optional. + +An XML manifest file that maintains a simple lookup list, which records all SharePoint List Item references. Place it at the root of the Azure Blob Store Container defined by the `CreateMigrationJob`’s `azureContainerManifestUri` parameter. + +Not required if the import package doesn't contain Defining Fields or Views on a List or Document Library. The omission of this file generates a warning message in the log. Include a file with a childless `root` node to avoid this warning message. + +## Manifest.xml + +Required. + +An XML manifest file that contains the complete list of both the contents and the structure of the content package. Migration API uses this manifest file to reconstitute the source and its components. + +Place all instances of the **Manifest.xml** file for a package at the root of the Azure Blob Store Container. + +This manifest file is also the primary descriptor for metadata within the package, and provides the List, Folder, and Item hierarchy, along with metadata for the items including references back to users and groups defined in **UserGroupMap.xml** file. + +Use more than one **Manifest.xml** if needed. The manifests are identified with different file names. Migration API locates all manifests through references in **SystemData.xml** file’s `ManifestFile` entries. + +### Document Library/List ID consistency + +Use consistent Web ID and Document Library ID/List ID at the source and the target location. Inconsistent Web IDs generate errors as Migration API can't find the parent web for the import operation. + +Likewise, Migration API can't import items with incorrect Document Library IDs and List IDs into the target Document Library or List. Don't reuse IDs within the same site collection, to avoid Migration API importing packages to the same target site collection, regardless of the destination web. + +### GUID consistency + +To avoid GUID conflicts and import errors, use the same package for the same target. Importing a new package with the same content will cause problems. The package from a file share assigns GUIDs to files, folders, and list items. Keep the package from the file share as a record of the original GUIDs. Use the same GUIDs for later packages to avoid conflicts and track changes. + +### Preserve content identifiers + +The identifiers in the Import Packages are **explicitly** used during import to identify content. This practice preserves existing identifiers for Document Library contents. + +Reference the target Web and List identifiers **explicitly**. + +Migration API preserves content type identifiers, file/folder item GUIDs, and List Item integer identifiers during import. Import fails when Migration API encounters incorrect identifiers in the package. + +This preservation enables successive import iterations with different packages, allowing items to move locations. + +### Permission Roles + +Manifest.xml contains the following Roles-related objects: + +#### Roles object + +Contains the list of all defined Roles on the Web. + +#### Role object + +Defines a Role with ID, internal permissions rights mask flags, and display information. + +##### RoleId value + +Defines the identifiers of the Role object. + +##### PermMask value + +Contains the rights mask flags. + +#### RoleAssignments object + +Contains the list of all unique permissions (RoleAssignment objects). + +#### RoleAssignment object + +Includes the list of distinct Assignment objects (if any). + +##### Assignment object + +Contains the actual membership of one distinct User or Group and their actual Role, where + +- RoleId values map to the RoleId values of the Role objects. +- PrincipalId values map to ID values of User or Group objects respectively in **UserGroups.xml**. + +#### Permissions Example + +```xml + + … + + + + + + + + + + + + + + … + + + … + +``` + +## Requirements.xml + +Optional. + +SharePoint Server usually generates this XML manifest file. It contains a list of deployment requirements in the form of installation requirements on the migration target, such as + +- feature definitions +- template versions +- Web Part assemblies +- language packs +- and so forth. + +Include no child node under the root for file shares. The omission of this file generates a warning message in the log. + +## RootObjectMap.xml + +Optional. + +Maintains a list of mappings of secondary (dependent) objects. Migration API uses this manifest file to correctly place dependent objects. + +The most common `RootObject` included is a single object of type List. The `ID` of this item should be the List `ID` of the target list, and the `ParentWebID` should match the `ID` of the parent target web containing this list in order for migration to be successful. The `ID`, `WebUrl`, and `Url` values of this object must also match the related structure laid out in the **Manifest.xml** file. + +## SystemData.xml + +Required. + +Contains various low-level system data. It also records the number and paths of **Manifest.xml** files in the manifest package, when there are multiple manifests. + +### Versions + +`SchemaVersion` references to the current `Build` and `DatabaseVersion` of the target farm, currently “15.0.0.0”. + +`SiteVersion` should match the target site collection `UIVersion`, currently `15`. + +### Multiple Manifests + +List all **Manifest.xml** files in the package in **SystemData.xml**, as `ManifestFile` entries. + +### Immutable SystemObjects + +List all `SystemObjects` defining dependent objects that remain immutable by Migration API. + +### SystemData.xml example + +This example **SystemData.xml** file shows the common objects from a file share import. Use different `ID`s for each package, and the `URL`s may be different. + +```xml + + + + + + + + + + + + + + +``` + +## UserGroupMap.xml + +Required. + +Records Users and User Security Groups for managing permissions. Migration API uses the manifest to ascertain the membership of Users and Groups, along with their roles and specific assignments. These assignments include unique permissions set at the level of the object and its offspring, unless a deeper child object overrides them. + +User or Group entries aren't mandatory, but omission prevents author or security information from the population during import. Migration API generates warnings in such cases. + +### User identifiers + +Identify a User only once in a single package. + +Manifest all Users and Groups within the exported Web(s). + +#### User object + +Includes the information about specific Users, including identification of a specific security principle as a domain group or not, sign-in, and the base64 encoded SystemId (SID) of the security principle. + +#### Group object + +Includes the information about specific Groups and the direct membership list of that Group. + +Owner values on Group objects and UserId values on member objects within group objects map to other ID values of other User or Group objects respectively. + +The following example shows how to manifest Users and Groups. + +```xml + + + + + … + + + + + + + + + + … + + +``` + +Make sure the Sign-in and SystemId values of users match the values in SharePoint. + +### Deleted Users + +Include an `IsDeleted` value as `true` for deleted accounts. This practice prevents lookup failures in the import process, which negatively impacts performance. + +### Unresolved User identifiers + +If Migration API is unable to resolve a User with the Sign-in information, and SystemId **is not** provided, Migration API replaces this User with `System Account` in the associated metadata (such as Author or Editor) in the package and generates a warning in the import logs: + +```text +Failed to ensure user 'user@contoso.com' +``` + +If Migration API is unable to resolve a User with the Sign-in while the SystemId **is** provided, Migration API creates a new deleted User with the provided Sign-in and SystemId. Migration API uses this User with associated metadata within the package. Migration API generates a warning in the import logs: + +```text +Failed to retrieve user 'user@contoso.com' attributes from the SiteUsers; falling back to passed in values +``` + +### Avoid non-UPN email addresses in User identifiers + +The `Login` attribute of the User identifier requires a UPN. **Do not use** non-UPN email addresses. Using non-UPN email addresses causes unexpected behavior in SharePoint Online. + +### Examples + +The following examples show the correct and incorrect ways of using the User identifiers. + +In this case, the user has the following identifiers: + +- UPN: +- Email: . + +#### Correct example + +This example manifests the User only once, with a UPN email address. + +```xml + +``` + +#### Incorrect example + +This example **incorrectly** uses a non-UPN email address and **incorrectly** includes more than one identifier for a single user. + +```xml + + +``` + +This example **incorrectly** uses a non-UPN email address. + +```xml + +``` + +## ViewFormsList.xml + +Optional. + +This XML manifest file maintains a list of Web Parts and tracks whether each is a view or form. + +This file is optional if the Import Package doesn't contain Web Parts. The omission of this file generates a warning message in the log. Alternatively, include a manifest file with a childless `root` node to avoid the warning message. diff --git a/docs/apis/site-creation-rest.md b/docs/apis/site-creation-rest.md index 8988e7ec6..530ad6137 100644 --- a/docs/apis/site-creation-rest.md +++ b/docs/apis/site-creation-rest.md @@ -62,7 +62,7 @@ body: The site design id can be retrieved by using the [Get-SPOSiteDesign](/powershell/module/sharepoint-online/get-spositedesign) (Microsoft SharePoint Online Management Shell) or [Get-PnPSiteDesign](/sharepoint/dev/declarative-customization/site-design-pnppowershell) (PnP PowerShell) cmdlets. If you want to apply an out-of-the-box available site design, use the following values: -- Topic: `96c933ac-3698-44c7-9f4a-5fd17d71af9e` or null +- Standard communication: `96c933ac-3698-44c7-9f4a-5fd17d71af9e` or null - Showcase: `6142d2a0-63a5-4ba0-aede-d9fefca2c767` - Blank: `f6cc5403-0d63-442e-96c0-285923709ffc` diff --git a/docs/apis/spod-copy-move-api.md b/docs/apis/spod-copy-move-api.md index e6536b673..202977581 100644 --- a/docs/apis/spod-copy-move-api.md +++ b/docs/apis/spod-copy-move-api.md @@ -1,10 +1,10 @@ --- title: Microsoft 365 Copy and Move API (CreateCopyJobs) description: "Microsoft 365 Copy and Move API (CreateCopyJobs)" -ms.date: 06/29/2022 +ms.date: 10/05/2023 ms.author: jhendr author: JoanneHendrickson -manager: pamgreen +manager: serdars audience: ITPro f1.keywords: - NOCSH @@ -140,6 +140,6 @@ Currently, the following limitations are: | What | Limitation | | :---------------- | :---------------------------------- | -| File size | A file must be less than 2 GB. | -| Number of items | No more than 30,000 items in a job. | -| Total size of job | Job size not to exceed 100 GB. | +| File size | [SharePoint Limits](/office365/servicedescriptions/sharepoint-online-service-description/sharepoint-online-limits#moving-and-copying-across-sites) | +| Number of items | [SharePoint Limits](/office365/servicedescriptions/sharepoint-online-service-description/sharepoint-online-limits#moving-and-copying-across-sites) | +| Total size of job | [SharePoint Limits](/office365/servicedescriptions/sharepoint-online-service-description/sharepoint-online-limits#moving-and-copying-across-sites) | diff --git a/docs/apis/syntex/syntex-model-rest-api.md b/docs/apis/syntex/syntex-model-rest-api.md index 746de3421..277c633dd 100644 --- a/docs/apis/syntex/syntex-model-rest-api.md +++ b/docs/apis/syntex/syntex-model-rest-api.md @@ -1,7 +1,7 @@ --- -title: Microsoft Syntex document understanding model REST API -description: Overview of the Microsoft Syntex document understanding model REST API. -ms.date: 10/20/2022 +title: Unstructured document understanding model REST API +description: Overview of the document understanding model REST API. +ms.date: 07/21/2025 ms.author: chucked author: chuckedmonson manager: pamgreen @@ -12,7 +12,7 @@ ms.collection: m365initiative-syntex ms.localizationpriority: medium --- -# Microsoft Syntex unstructured document processing model REST API +# Unstructured document processing model REST API You can use the SharePoint REST interface to create an unstructured document processing model, apply or remove the model to one or more libraries, and obtain or update information about the model. @@ -29,14 +29,14 @@ Before you get started, make sure that you're familiar with the following: ## REST commands -The following REST commands are available for working with Syntex unstructured document processing models: +The following REST commands are available for working with unstructured document processing models: - [Create model](rest-createmodel-method.md) – Creates a model and its associated content type. -- [GetByUniqueId](rest-getbyuniqueid-method.md) – Gets or updates information about a Syntex unstructured document processing model. -- [GetByTitle](rest-getbytitle-method.md) – Gets or updates information about a Syntex unstructured document processing model using the model title. +- [GetByUniqueId](rest-getbyuniqueid-method.md) – Gets or updates information about an unstructured document processing model. +- [GetByTitle](rest-getbytitle-method.md) – Gets or updates information about an unstructured document processing model using the model title. - [Apply model](rest-applymodel-method.md) – Applies (or syncs) a trained unstructured document processing model to one or more libraries. - [Get model and library information](rest-getmodelandlibraryinfo.md) – Gets information about a model and the library where it has been applied. -- [UpdateModelSettings](rest-updatemodelsettings-method.md) – Updates available models settings (associated retention label and model description) for a Syntex unstructured document processing model. +- [UpdateModelSettings](rest-updatemodelsettings-method.md) – Updates available models settings (associated retention label and model description) for an unstructured document processing model. - [BatchDelete](rest-batchdelete-method.md) – Removes an applied unstructured document processing model from one or more libraries. - [Create file classification request](rest-createclassificationrequest.md) – Creates a request to classify a specified file or files using the applied model. - [Create folder classification request](rest-createclassificationrequest.md) – Creates a request to classify an entire folder using the applied model. diff --git a/docs/apis/webhooks/sharepoint-webhooks-using-azd-template.md b/docs/apis/webhooks/sharepoint-webhooks-using-azd-template.md new file mode 100644 index 000000000..1de5d665e --- /dev/null +++ b/docs/apis/webhooks/sharepoint-webhooks-using-azd-template.md @@ -0,0 +1,178 @@ +--- +title: Create Azure Functions for SharePoint webhooks using an azd template +description: Use Azure Developer cli (azd) to deploy an Azure function app that connects to your SharePoint Online + tenant, to register and manage webhooks, and process the notifications from SharePoint. +ms.date: 07/07/2025 +ms.localizationpriority: low +--- +# Azure Functions for SharePoint webhooks using azd + +[Azure Developer CLI (azd)](https://aka.ms/azd) is an open-source tool that accelerates provisioning and deploying app resources in Azure. + +This article uses the [Azure function app for SharePoint webhooks public template](https://github.com/Azure-Samples/azd-functions-sharepoint-webhooks) to deploy an Azure function app that connects to your SharePoint Online tenant, to register and manage [webhooks](overview-sharepoint-webhooks.md), and process the notifications from SharePoint. + +## Prerequisites + +- [Node.js 22](https://www.nodejs.org/) +- [Azure Functions Core Tools](/azure/azure-functions/functions-run-local) +- [Azure Developer CLI (azd)](/azure/developer/azure-developer-cli/install-azd) +- An Azure subscription that trusts the same Microsoft Entra ID directory as the SharePoint tenant + +## Permissions required to provision the resources in Azure + +The account running **azd** must have at least the following roles to successfully provision the resources: + +- Azure role **[Contributor](/azure/role-based-access-control/built-in-roles/privileged#contributor)**: To create all the resources needed +- Azure role **[Role Based Access Control Administrator](/azure/role-based-access-control/built-in-roles/privileged#role-based-access-control-administrator)**: To assign roles (to access the storage account and Application Insights) to the managed identity of the function app + +## Deploy the function app in Azure + +1. Run **azd init** from an empty local (root) folder: + + ```console + azd init --template azd-functions-sharepoint-webhooks + ``` + + Enter an environment name, such as **spofuncs-quickstart** when prompted. In **azd**, the environment is used to maintain a unique deployment context for your app. + +1. Open the file **infra/main.parameters.json**, and set the variables `TenantPrefix` and `siteRelativePath` to match your SharePoint tenant. + + Review the article on [Manage environment variables](/azure/developer/azure-developer-cli/manage-environment-variables) to manage the azd's environment variables. + +1. Finally, run the command **azd up** to build the app, provision the resources in Azure and deploy the app package. + +## Grant the function app access to SharePoint Online + +The authentication to SharePoint is done using `DefaultAzureCredential`, so the credential used depends on whether the function app runs locally, or in Azure. + +If you never heard about `DefaultAzureCredential`, you should familiarize yourself with its concept by referring to the section **Use DefaultAzureCredential for flexibility** in [Credential chains in the Azure Identity client library for JavaScript](/azure/developer/javascript/sdk/authentication/credential-chains). + +### Using its managed identity + +`DefaultAzureCredential` will use a managed identity to authenticate to SharePoint. This may be the existing, system-assigned managed identity of the function app service or a user-assigned managed identity. + +This tutorial assumes the system-assigned managed identity is used. + +#### Grant the SharePoint API permission Sites.Selected to the managed identity + +Navigate to your function app in the [Azure portal](https://portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Web%2Fsites/kind/functionapp) > select **Identity** and note the **Object (principal) ID** of the system-assigned managed identity. + +> [!NOTE] +> In this tutorial, it is **d3e8dc41-94f2-4b0f-82ff-ed03c363f0f8**. + +Then, use one of the scripts below to grant this identity the app-only permission **Sites.Selected** on the SharePoint API: + +> [!IMPORTANT] +> The scripts below require at least the delegated permission [`AppRoleAssignment.ReadWrite.All`](/graph/permissions-reference#approleassignmentreadwriteall) (requires admin consent) + +
    + Using the Microsoft Graph PowerShell SDK + +```powershell +# This script requires the modules Microsoft.Graph.Authentication, Microsoft.Graph.Applications, Microsoft.Graph.Identity.SignIns, which can be installed with the cmdlet Install-Module below: +# Install-Module Microsoft.Graph.Authentication, Microsoft.Graph.Applications, Microsoft.Graph.Identity.SignIns -Scope CurrentUser -Repository PSGallery -Force +Connect-MgGraph -Scope "Application.Read.All", "AppRoleAssignment.ReadWrite.All" +$managedIdentityObjectId = "d3e8dc41-94f2-4b0f-82ff-ed03c363f0f8" # 'Object (principal) ID' of the managed identity +$scopeName = "Sites.Selected" +$resourceAppPrincipalObj = Get-MgServicePrincipal -Filter "displayName eq 'Office 365 SharePoint Online'" # SPO +$targetAppPrincipalAppRole = $resourceAppPrincipalObj.AppRoles | ? Value -eq $scopeName + +$appRoleAssignment = @{ + "principalId" = $managedIdentityObjectId + "resourceId" = $resourceAppPrincipalObj.Id + "appRoleId" = $targetAppPrincipalAppRole.Id +} +New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $managedIdentityObjectId -BodyParameter $appRoleAssignment | Format-List +``` +
    + +
    + Using az cli in Bash + +```bash +managedIdentityObjectId="d3e8dc41-94f2-4b0f-82ff-ed03c363f0f8" # 'Object (principal) ID' of the managed identity +resourceServicePrincipalId=$(az ad sp list --query '[].[id]' --filter "displayName eq 'Office 365 SharePoint Online'" -o tsv) +resourceServicePrincipalAppRoleId="$(az ad sp show --id $resourceServicePrincipalId --query "appRoles[?starts_with(value, 'Sites.Selected')].[id]" -o tsv)" + +az rest --method POST --uri "https://graph.microsoft.com/v1.0/servicePrincipals/${managedIdentityObjectId}/appRoleAssignments" --headers 'Content-Type=application/json' --body "{ 'principalId': '${managedIdentityObjectId}', 'resourceId': '${resourceServicePrincipalId}', 'appRoleId': '${resourceServicePrincipalAppRoleId}' }" +``` +
    + +#### Grant the managed identity effective access to a SharePoint site + +Navigate to the [Enterprise applications](https://entra.microsoft.com/#view/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/) > Set the **Application type** filter to **Managed Identities** > select your managed identity and note its **Application ID**. + +> [!NOTE] +> In this tutorial, it is **3150363e-afbe-421f-9785-9d5404c5ae34**. + +Then, use one of the scripts below to grant it the app-only permission **manage** (minimum required to register a webhook) on a specific SharePoint site: + +> [!IMPORTANT] +> The app registration used to run those scripts must have at least the following permissions: +> +> - Delegated permission **Application.ReadWrite.All** in the Graph API (requires admin consent) +> - Delegated permission **AllSites.FullControl** in the SharePoint API (requires admin consent) + +
    + Using PnP PowerShell + +[PnP PowerShell](https://pnp.github.io/powershell/cmdlets/Grant-PnPAzureADAppSitePermission.html) + +```powershell +Connect-PnPOnline -Url "https://YOUR_SHAREPOINT_TENANT_PREFIX.sharepoint.com/sites/YOUR_SHAREPOINT_SITE_NAME" -Interactive -ClientId "YOUR_PNP_APP_CLIENT_ID" +Grant-PnPAzureADAppSitePermission -AppId "3150363e-afbe-421f-9785-9d5404c5ae34" -DisplayName "YOUR_FUNC_APP_NAME" -Permissions Manage +``` +
    + +
    + Using m365 cli in Bash + +[m365 cli](https://pnp.github.io/cli-microsoft365/cmd/spo/site/site-apppermission-add/) + +```bash +targetapp="3150363e-afbe-421f-9785-9d5404c5ae34" +siteUrl="https://YOUR_SHAREPOINT_TENANT_PREFIX.sharepoint.com/sites/YOUR_SHAREPOINT_SITE_NAME" +m365 spo site apppermission add --appId $targetapp --permission manage --siteUrl $siteUrl +``` +
    + +## Call the function app + +For security reasons, when running in Azure, the function app requires an app key to pass in the query string parameter **code**. The app keys are found in the function app service's **App Keys** keys page. + +Most HTTP functions take optional parameters `TenantPrefix` and `siteRelativePath`. If they are not specified, the values in the app's environment variables are used. + +Below is a sample script in PowerShell to call the function app: + +```powershell +# Edit those variables to match your environment +$funchost = "YOUR_FUNC_APP_NAME" +$code = "YOUR_HOST_KEY" +$listTitle = "YOUR_SHAREPOINT_LIST" +$notificationUrl = "https://${funchost}.azurewebsites.net/api/webhooks/service?code=${code}" + +# List all the webhooks registered on a list +Invoke-RestMethod -Method GET -Uri "https://${funchost}.azurewebsites.net/api/webhooks/list?code=${code}&listTitle=${listTitle}" + +# Register a webhook in a list +Invoke-RestMethod -Method POST -Uri "https://${funchost}.azurewebsites.net/api/webhooks/register?code=${code}&listTitle=${listTitle}¬ificationUrl=${notificationUrl}" + +# Show this webhook registered on a list +Invoke-RestMethod -Method GET -Uri "https://${funchost}.azurewebsites.net/api/webhooks/show?code=${code}&listTitle=${listTitle}¬ificationUrl=${notificationUrl}" + +# Remove the webhook from a list +# Step 1: Call the function /webhooks/show to get the webhook id +$webhookId = $(Invoke-RestMethod -Method GET -Uri "https://${funchost}.azurewebsites.net/api/webhooks/show?code=${code}&listTitle=${listTitle}¬ificationUrl=${notificationUrl}").Id +# Step 2: Call the function /webhooks/remove and pass the webhook id +Invoke-RestMethod -Method POST -Uri "https://${funchost}.azurewebsites.net/api/webhooks/remove?code=${code}&listTitle=${listTitle}&webhookId=${webhookId}" +``` + +## Cleanup the resources in Azure + +You can delete all the resources this project created in Azure, by running the command **azd down**. + +Alternatively, you can delete the resource group, that has the azd environment's name by default. + +## See also + +- [Overview of SharePoint webhooks](overview-sharepoint-webhooks.md) diff --git a/docs/apis/webhooks/sharepoint-webhooks-using-azure-functions.md b/docs/apis/webhooks/sharepoint-webhooks-using-azure-functions.md index eb8812dbc..967d0e43d 100644 --- a/docs/apis/webhooks/sharepoint-webhooks-using-azure-functions.md +++ b/docs/apis/webhooks/sharepoint-webhooks-using-azure-functions.md @@ -6,7 +6,9 @@ ms.localizationpriority: high --- # Using Azure Functions with SharePoint webhooks -[Azure Functions](/azure/azure-functions/functions-overview) offers an easy way to host your SharePoint webhooks: you can add your webhook C# or JavaScript code via the browser, and Azure takes care of the hosting and scaling of your function. This guide shows how to set up and use Azure Functions for your webhooks. +[Azure Functions](/azure/azure-functions/functions-overview) offers an easy way to host your SharePoint webhooks: you can add your webhook C# or JavaScript code via the browser, and Azure takes care of the hosting and scaling of your function. + +This guide shows how to set up and use Azure Functions for your webhooks using the Azure portal. Alternatively, you can refer to article [Create Azure Functions for SharePoint webhooks using an azd template](sharepoint-webhooks-using-azd-template.md), to automate the whole process using an **azd** template. ## Create an Azure Function App diff --git a/docs/apis/webhooks/webhooks-reference-implementation.md b/docs/apis/webhooks/webhooks-reference-implementation.md index ea182d43c..f6285aaf7 100644 --- a/docs/apis/webhooks/webhooks-reference-implementation.md +++ b/docs/apis/webhooks/webhooks-reference-implementation.md @@ -1,7 +1,7 @@ --- title: SharePoint webhooks sample reference implementation description: This SharePoint Patterns and Practices (PnP) reference implementation shows how you can use SharePoint webhooks in your application. -ms.date: 09/23/2022 +ms.date: 06/05/2024 ms.localizationpriority: high --- # SharePoint webhooks sample reference implementation @@ -10,19 +10,16 @@ The SharePoint Patterns and Practices (PnP) reference implementation shows how y The reference implementation only works with [SharePoint list webhooks](./lists/overview-sharepoint-list-webhooks.md). -You can also follow these steps by watching the video on the Microsoft 365 Platform Communtiy (PnP) YouTube Channel: - -
    +You can also follow these steps by watching the video on the Microsoft 365 Platform Community (PnP) YouTube Channel: > [!Video https://www.youtube.com/embed/P4a1_EWokwM] -
    - **Applies to** Office 365 Multi Tenant (MT). Microsoft Azure is used to host the various components needed to implement SharePoint webhooks. Source code and other materials for the reference implementation are available in two flavors: + - A SharePoint provider-hosted application version - An Office 365 Azure AD application, which can be found in the [SharePoint developer samples GitHub repository](https://aka.ms/sp-webhooks-sample-reference). @@ -35,9 +32,7 @@ The application shows you how to manage webhooks, specifically for a SharePoint ### Deployment guides - The [SharePoint webhooks reference implementation deployment guide](https://github.com/SharePoint/sp-dev-samples/blob/master/Samples/WebHooks.List/Deployment%20guide.md) lists the deployment steps used to deploy the SharePoint provider-hosted reference implementation. - - To deploy the Office 365 Azure AD application, use the steps described at [SharePoint webhooks Azure AD reference implementation deployment guide](https://github.com/SharePoint/sp-dev-samples/blob/master/Samples/WebHooks.List.AzureAD/Deployment%20guide.md), which shows you how to use a Web API function as webhook service. - - If you're more interested in using Azure Functions, see the [Azure Functions guide](https://github.com/SharePoint/sp-dev-samples/blob/master/Samples/WebHooks.List.AzureAD/azure%20functions%20guide.md) for more details on how to use Azure Functions in this reference implementation. ### Introduction to webhooks @@ -48,9 +43,9 @@ Webhooks notify your application about changes in SharePoint that the applicatio The reference implementation works with a SharePoint list. To add a webhook to a SharePoint list, your application first creates a webhook subscription by sending a [`POST /_api/web/lists('list-id')/subscriptions`](./lists/create-subscription.md) request. The request includes the following items: -* A payload that identifies the list that you're adding the webhook for. -* The location of your webhook service URL to send the notifications. -* The expiration date of the webhook. +- A payload that identifies the list that you're adding the webhook for. +- The location of your webhook service URL to send the notifications. +- The expiration date of the webhook. After you've requested SharePoint to add your webhook, SharePoint validates that your webhook service endpoint exists. It sends a validation string to your service endpoint. SharePoint expects that your service endpoint returns the validation string within 5 seconds. If this process fails, the webhook creation is canceled. If you've deployed your service, this works and SharePoint returns an HTTP 201 message on the POST request that the application initially sent. The payload in the response contains the ID of the new webhook subscription. @@ -74,8 +69,6 @@ public async Task AddListWebHookAsync(string siteUrl, string } ``` -
    - When making a call to SharePoint, you need to provide authentication information, and in this case you're using a **Bearer** authentication header with an **access token**. To obtain the access token, intercept the token via an **ExecutingWebRequest** event handler: ```csharp @@ -89,7 +82,7 @@ cc.ExecutingWebRequest += Cc_ExecutingWebRequest; // Capture the OAuth access token since we want to reuse that one in our REST requests private void Cc_ExecutingWebRequest(object sender, WebRequestEventArgs e) { - this.accessToken = e.WebRequestExecutor.RequestHeaders.Get("Authorization").Replace("Bearer ", ""); + this.accessToken = e.WebRequestExecutor.RequestHeaders.Get("Authorization").Replace("Bearer ", ""); } ``` @@ -123,7 +116,6 @@ To avoid getting the same change repeatedly, it's important that you inform Shar The following are some key things to note about changes: - SharePoint does not call your service in real-time: when a change happens on a list that has a webhook, SharePoint queues a webhook callout. Once each minute, this queue is read and the appropriate service endpoints are called. This batching of requests is important. For example, if a bulk upload of 1000 records occurred at once, batching prevents SharePoint from calling your endpoint 1000 times. So your endpoint is only called once, but when you call the `GetChanges()` method, you get 1000 change events that you need to process. - - To guarantee an immediate response, regardless of the number of changes there, it's important that the workload of your service endpoint runs asynchronously. In the reference implementation, we leveraged the power of Azure: the service serializes the incoming payload and stores it in an Azure Storage queue while there's an Azure web job that runs continuously and checks for messages in the queue. When there are messages in the queue, the web job processes them and also executes your logic asynchronously. ## Complete end-to-end flow @@ -157,7 +149,7 @@ Create a web job that on a weekly basis reads all the subscription IDs from the > [!NOTE] > This web job is not part of this reference implementation. -The actual renewal of a SharePoint list webhook can be done by using a `[PATCH /_api/web/lists('list-id')/subscriptions(‘subscriptionID’)](./lists/update-subscription.md)` REST call. +The actual renewal of a SharePoint list webhook can be done by using a [`PATCH /_api/web/lists('list-id')/subscriptions(‘subscriptionID’)`](./lists/update-subscription.md) REST call. In the reference implementation, updating of webhooks is implemented in the [WebHookManager](https://github.com/SharePoint/sp-dev-samples/blob/master/Samples/WebHooks.List/SharePoint.WebHooks.Common/WebHookManager.cs) class of the **SharePoint.WebHooks.Common** project. @@ -176,7 +168,7 @@ Updating a webhook is done by using the **UpdateListWebHookAsync** method: /// true if successful, exception in case something went wrong public async Task UpdateListWebHookAsync(string siteUrl, string listId, string subscriptionId, string webHookEndPoint, DateTime expirationDateTime, string accessToken) { - // webhook update code... + // webhook update code... } ``` @@ -184,10 +176,8 @@ public async Task UpdateListWebHookAsync(string siteUrl, string listId, st Because SharePoint is calling out to your webhook service endpoint, your endpoint needs to be reachable by SharePoint. This makes development and debugging slightly more complex. The following are some strategies that you can use to make your life easier: -* During initial development, you provide your own serialized payload to your service processing logic. This makes it possible to completely test your processing logic without deploying the service endpoint (and even without configuring a webhook). - -* If you have access to Azure resources, you can deploy your endpoint to Azure by using a debug build and configuring the Azure App Service for debugging. This allows you to set a remote breakpoint and do remote debugging using Visual Studio. - +- During initial development, you provide your own serialized payload to your service processing logic. This makes it possible to completely test your processing logic without deploying the service endpoint (and even without configuring a webhook). +- If you have access to Azure resources, you can deploy your endpoint to Azure by using a debug build and configuring the Azure App Service for debugging. This allows you to set a remote breakpoint and do remote debugging using Visual Studio. - If you do not want to deploy your service during development time, you need to use a secure tunnel for your service. The idea is that you tell SharePoint that the notification service is located on a shared public endpoint. In the client, you install a component that connects to that shared public service, and whenever a call is made to the public endpoint, the client component is notified and it pushes the payload to your service running on localhost. [ngrok](https://ngrok.com/) is an implementation of such a secure tunnel tool that you can use to debug your webhook service locally. ## See also diff --git a/docs/business-apps/power-automate/guidance/require-doc-approval.md b/docs/business-apps/power-automate/guidance/require-doc-approval.md index 3dd73b2d9..c5c548834 100644 --- a/docs/business-apps/power-automate/guidance/require-doc-approval.md +++ b/docs/business-apps/power-automate/guidance/require-doc-approval.md @@ -84,10 +84,10 @@ You must ensure you enter the correct site and library name. However, you can ge - Using the *Id* property from the *trigger output* - Comments - Using the *comments* property from the *approval response* - - ETAG -- Using the *ETag* property from the *Get file metadata* action output +- ETAG + - Using the *ETag* property from the *Get file metadata* action output -You can now use the content approval status action to approve and reject the document based on the approval response. +You can now use the content approval status action to approve or reject the document based on the approval response. The end result is that: diff --git a/docs/business-apps/power-automate/guidance/working-with-send-sp-http-request.md b/docs/business-apps/power-automate/guidance/working-with-send-sp-http-request.md index 37de3fa89..18c911428 100644 --- a/docs/business-apps/power-automate/guidance/working-with-send-sp-http-request.md +++ b/docs/business-apps/power-automate/guidance/working-with-send-sp-http-request.md @@ -16,6 +16,8 @@ To work effectively with the SharePoint Send HTTP Request action, see the follow > [!NOTE] > This is a developer-focused action. You must understand how SharePoint REST API works and also how to parse JSON strings in Power Automate. +> +> Additionally, this action only supports SharePoint REST APIs (excluding any deprecated APIs), if you need to access another Microsoft service, you will need to leverage the "HTTP with Microsoft Entra ID" connector. ## Get to know the SharePoint REST/OData APIs diff --git a/docs/business-apps/power-automate/sharepoint-connector-actions-triggers.md b/docs/business-apps/power-automate/sharepoint-connector-actions-triggers.md index 6ee0cea7a..6566e5ef0 100644 --- a/docs/business-apps/power-automate/sharepoint-connector-actions-triggers.md +++ b/docs/business-apps/power-automate/sharepoint-connector-actions-triggers.md @@ -1,7 +1,7 @@ --- title: Microsoft SharePoint Connector for Power Automate description: In Power Automate, Microsoft SharePoint Connector supports the following flow triggers and actions. -ms.date: 06/22/2023 +ms.date: 10/23/2024 ms.service: power-automate search.app: - Flow @@ -32,7 +32,7 @@ For more info about how to use this trigger, see this tutorial video: [Introduci ### When an item is deleted -Triggers the flow when you delete an item in a list. To get the properties of a deleted item, you must connect this trigger to the associated SharePoint site on which it is expected to run, using a site collection user account. +Triggers the flow when you delete an item in a list. To get the properties of a deleted item, you must connect this trigger to the associated SharePoint site on which it is expected to run, using a site collection admin account. ### For a selected item @@ -59,7 +59,7 @@ Triggers the flow when you create a file in a SharePoint folder. This trigger do ### When a file is created or modified (properties only) -Triggers the flow when you create a file, and each time you modify the file properties in a library. Specify a value in the "Folder" property to target a specific folder; otherwise the trigger applies to the entire library. Returns only the custom file properties associated with that file. +Triggers the flow when you create a file, and each time you modify the file properties in a library. Specify a value in the "Folder" property to target a specific folder; otherwise, the trigger applies to the entire library. Returns only the custom file properties associated with that file. ### When a file is created or modified in a folder [deprecated] @@ -70,7 +70,7 @@ Triggers when a file is created, and also each time it is modified in a SharePoi ### When a file is deleted -Triggers the flow when you delete a file in a document library. You can optionally specify a folder to watch. When you delete a folder, the trigger activates only once for the deleted folder, including its subfolders. To get the properties of the deleted file, you must connect this trigger to the associated SharePoint site on which the trigger is expected to run, using a site collection user account. +Triggers the flow when you delete a file in a document library. You can optionally specify a folder to watch. When you delete a folder, the trigger activates only once for the deleted folder, including its subfolders. To get the properties of the deleted file, you must connect this trigger to the associated SharePoint site on which the trigger is expected to run, using a site collection admin account. ### For a selected file diff --git a/docs/community/community.md b/docs/community/community.md index 9f661390b..79d2ffccc 100644 --- a/docs/community/community.md +++ b/docs/community/community.md @@ -37,15 +37,15 @@ Found an issue related to SharePoint development around the APIs, documentation, There are numerous community calls for SharePoint development, and you can choose which of them you'd like to join based on your interest and availability. Each call has live demos from SharePoint Engineering, MVPs, or other community members. > [!TIP] -> If you are interested in doing a live demo in any of our community calls, please reach out by leaving a comment on this page and we'll get you a spot for 10-15 minutes for demonstrating your SharePoint development topic(s). +> If you are interested in doing a live demo in any of our community calls, please reach out by [requesting a demo slot](https://aka.ms/community/request/demo) and we'll get you a spot for 10-15 minutes for demonstrating your Microsoft 365 & Power Platform development topic(s). > > **Do's & Dont's**: Interested in presenting during one of the community calls? Keep in mind these are community calls. The focus of these demos should be on learning and topics beneficial to the community. Please refrain from commercial activities such as selling or promoting products or services. Commercial activities in the community calls are not well received by the community and in certain instances may result in stopping the demo early. In your request to present, please be descriptive about what you intend to show to avoid any confusion. If you are not sure if what you want to present is appropriate, just ask in the submission. | Community call | When | Description | Microsoft Teams Link | | ----------------------------------------------------------------------------------------------- | -------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------- | -| [Monthly community call](https://aka.ms/sppnp-call) | Second Tuesday of each month at 8:00 AM PT / 3:00 PM GMT | Monthly community call covering the latest changes in SharePoint development-related topics within the last month, including news, UserVoice updates, and community contributions | [Direct MS Teams link to meeting](https://aka.ms/spdev-call-join) | -| [Special interest group call for SharePoint Framework](https://aka.ms/spdev-spfx-call) | Bi-weekly on Thursdays at 7:00 AM PT / 2:00 PM GMT | SharePoint Engineering updates, SharePoint Framework, PnPJS, CLI for Microsoft 365, and reusable SPFx controls | [Direct MS Teams link to meeting](https://aka.ms/spdev-spfx-call-join) | -| [Special interest group call for general SharePoint development](https://aka.ms/spdev-sig-call) | Bi-weekly on Thursdays at 7:00 AM PT / 2:00 PM GMT | SharePoint Engineering updates, end-to-end solution designs, provisioning, PnP CSOM, and PnP PowerShell | [Direct MS Teams link to meeting](https://aka.ms/spdev-sig-call-join) | +| [Microsoft 365 & Power Platform Call (Microsoft Speakers)](https://aka.ms/community/ms-speakers-call-invite) | Weekly on Tuesdays at 8:00 AM PT / 3:00 PM GMT | Community call with Microsoft speakers covering the latest news from Microsoft engineerung on the Microsoft 365 & Power Platform topics including news, UserVoice updates, and demos | [Direct MS Teams link to meeting](https://aka.ms/community/ms-speakers-call-join) | +| [Viva Connections and SharePoint Framework community call](https://aka.ms/spdev-spfx-call) | Bi-weekly on Thursdays at 7:00 AM PT / 2:00 PM GMT | SharePoint Engineering updates, SharePoint Framework, PnPJS, CLI for Microsoft 365, and reusable SPFx controls | [Direct MS Teams link to meeting](https://aka.ms/spdev-spfx-call-join)| +| [Microsoft 365 & Power Platform Development Community call](https://aka.ms/community/m365-powerplat-dev-call-invite) | Bi-weekly on Thursdays at 7:00 AM PT / 2:00 PM GMT | Latest on Latest on PnP Framework and Core SDK extension, PnP PowerShell, yo Teams, Microsoft Graph Toolkit, Independent Publisher Connector Updates plus community demos | [Direct MS Teams link to meeting](https://aka.ms/community/m365-powerplat-dev-call-join) | ## What’s the supportability statement around PnP open-source components and solutions? diff --git a/docs/community/open-source-projects.md b/docs/community/open-source-projects.md index 3d7c4f2e2..e3f81365e 100644 --- a/docs/community/open-source-projects.md +++ b/docs/community/open-source-projects.md @@ -12,7 +12,7 @@ There are numerous open-source projects that are coordinated by the SharePoint P | Repository | Description | |--------|--------| | [SharePoint Starter kit](https://github.com/SharePoint/sp-starter-kit) | A starter kit for showing how to extend modern experiences in SharePoint Online by extending them with modern extensibility options. | -| [SharePoint Provisioning Service templates](https://github.com/SharePoint/sp-dev-provisioning-templates) | Tenant templates used by the [SharePoint Provisioning Service](https://lookbook.microsoft.com/service-description) to easily provision sample content and structures demonstrating what's possible with modern SharePoint experiences. | +| [SharePoint Provisioning Service templates](https://github.com/SharePoint/sp-dev-provisioning-templates) | Tenant templates previously used by the Look Book Services to easily provision sample content and structures demonstrating what's possible with modern SharePoint experiences. | | [CLI for Microsoft 365](https://pnp.github.io/cli-microsoft365/) | A cross-platform command-line interface (CLI) that allows users on any platform to manage their Microsoft 365 and SharePoint Framework projects. | | [Office 365 Developer PnP Core Component](https://github.com/SharePoint/PnP-Sites-Core) | An extension component that encapsulates commonly used remote CSOM/REST operations as reusable extension methods on out-of-the box CSOM objects. | | [PnP PowerShell cmdlets](/powershell/sharepoint/sharepoint-pnp/sharepoint-pnp-cmdlets) | Allow you to perform complex provisioning and artifact management actions for SharePoint. The commands use CSOM and can work against both SharePoint Online as well as SharePoint on-premises. | diff --git a/docs/declarative-customization/column-formatting.md b/docs/declarative-customization/column-formatting.md index 3b82faf18..7e933a74c 100644 --- a/docs/declarative-customization/column-formatting.md +++ b/docs/declarative-customization/column-formatting.md @@ -7,7 +7,7 @@ ms.localizationpriority: high # Use column formatting to customize SharePoint -You can use column formatting to customize how fields in SharePoint lists and libraries are displayed. To do this, you construct a JSON object that describes the elements that are displayed when a field is included in a list view, and the styles to be applied to those elements. The column formatting does not change the data in the list item or file; it only changes how it’s displayed to users who browse the list. Anyone who can create and manage views in a list can use column formatting to configure how view fields are displayed. +You can use column formatting to customize how fields in SharePoint lists and libraries are displayed. To do this, you construct a JSON object that describes the elements that are displayed when a field is included in a list view, and the styles to be applied to those elements. The column formatting doesn't change the data in the list item or file; it only changes how it’s displayed to users who browse the list. Anyone who can create and manage views in a list can use column formatting to configure how view fields are displayed. For example, a list with the fields Title, Effort, Assigned To, and Status with no customizations applied might look like this: @@ -24,17 +24,17 @@ A list with the appearance of the **Effort**, **Assigned To**, and **Status** fi Both column formatting and [SharePoint Framework Field Customizer](../spfx/extensions/get-started/building-simple-field-customizer.md) extensions enable you to customize how fields in SharePoint lists are displayed. The Field Customizer is more powerful because you can use it to write any code that you want to control how a field is displayed. -Column formatting is more easily and broadly applied. However, it is less flexible, because it does not allow for custom code; it only allows for certain predefined elements and attributes. +Column formatting is more easily and broadly applied. However, it's less flexible, because it doesn't allow for custom code; it only allows for certain predefined elements and attributes. The following table compares column formatting and the Field Customizer. | Field type | Column formatting | Field Customizer | | ------------- |:-------------| :-----| | Conditional formatting based on item values and value ranges | Supported | Supported | -| Action links | Support for static hyperlinks that do not launch script | Support for any hyperlink, including those that invoke custom script | +| Action links | Support for static hyperlinks that don't launch script | Support for any hyperlink, including those that invoke custom script | | Data visualizations | Support for simple visualizations that can be expressed using HTML and CSS | Support for arbitrary data visualizations | -If you can accomplish your scenario by using column formatting, it’s typically quicker and easier to do that than to use a Field Customizer. Anyone who can create and manage views in a list can use column formatting to create and publish customizations. Use a Field Customizer for more advanced scenarios that column formatting does not support. +If you can accomplish your scenario by using column formatting, it’s typically quicker and easier to do that than to use a Field Customizer. Anyone who can create and manage views in a list can use column formatting to create and publish customizations. Use a Field Customizer for more advanced scenarios that column formatting doesn't support. ## Get started with column formatting @@ -174,7 +174,7 @@ The following image shows a field with conditional date formatting applied: ![Status field with the Overdue text colored red](../images/sp-columnformatting-overdue.png) -This example colors the current field red when the value inside an item's DueDate is before the current date/time. Unlike some of the previous examples, this example applies formatting to one field by looking at the value inside another field. Note that DueDate is referenced using the `[$FieldName]` syntax. FieldName is assumed to be the internal name of the field. This example also takes advantage of a special value that can be used in date/time fields - `@now`, which resolves to the current date/time, evaluated when the user loads the list view. +This example colors the current field red when the value inside an item's DueDate is before the current date/time. Unlike some of the previous examples, this example applies formatting to one field by looking at the value inside another field. Note that `DueDate` is referenced using the `[$FieldName]` syntax. FieldName is assumed to be the internal name of the field. This example also takes advantage of a special value that can be used in date/time fields - `@now`, which resolves to the current date/time, evaluated when the user loads the list view. > [!NOTE] > If you have spaces in the field name, those are defined as `_x0020_`. For example, a field named "Due Date" should be referenced as `$Due_x0020_Date`. @@ -555,7 +555,7 @@ The following image shows an example of constructing a simple sentence from the ![Screenshot of a field reads "North America, APAC, and Europe"](../images/sp-columnformatting-multi-value-1.png) -This examples uses operator `loopIndex` and `length` to identify the last member of the field, and attribute `forEach` to duplicate HTML elements. +This example uses operator `loopIndex` and `length` to identify the last member of the field, and attribute `forEach` to duplicate HTML elements. ```json { @@ -589,11 +589,12 @@ This examples uses operator `loopIndex` and `length` to identify the last member ``` ### Complex HTML elements formatting + The following image shows an example of building a list of users with pictures, email addresses and a simple counter for the number of members at the top. ![List with name "Owners" and 3 rows where each user in the field has a profile picture, name and email displayed, and a small gray counter of owners at top left corner that has a different color when it says 0.](../images/sp-columnformatting-multi-value-2.png) -This examples uses operator `loopIndex` to control the margins all rows but the first one, and attribute `forEach` to build the list of members. +This example uses operator `loopIndex` to control the margins all rows but the first one, and attribute `forEach` to build the list of members. ```json { @@ -746,7 +747,7 @@ You can use predefined icons from Fluent UI. For details, see the [Fluent UI web ## Creating custom JSON -Creating custom column formatting JSON from scratch is simple if user understands the schema, Monaco Editor is integrated in the formatting pane with pre-filled JSON column schema reference to assist in creation of column formatting, Monaco editor has validation and autocomplete to help in crafting right JSON. User can start adding JSON after the first line that defines the schema location. +Creating custom column formatting JSON from scratch is simple if user understands the schema, Monaco Editor is integrated in the formatting pane with pre-filled JSON column schema reference to help creation of column formatting, Monaco editor has validation and autocomplete to help in crafting right JSON. User can start adding JSON after the first line that defines the schema location. > [!TIP] > At any point, select **Ctrl**+**Space** for property/value suggestions. diff --git a/docs/declarative-customization/customize-default-site-design.md b/docs/declarative-customization/customize-default-site-design.md index e9fc60fb7..afffc07db 100644 --- a/docs/declarative-customization/customize-default-site-design.md +++ b/docs/declarative-customization/customize-default-site-design.md @@ -20,7 +20,6 @@ To customize a default site template, apply a new template script using PowerShe | WebTemplate | 68 | Communication site template | | WebTemplate | 69 | Channel site template | - The following example shows how to use the **IsDefault** switch to apply the Contoso company theme to the default site templates. The site script referenced by ID contains the JSON script to apply the correct theme. ```powershell @@ -32,8 +31,6 @@ C:\> Add-SPOSiteDesign ` -IsDefault ``` -
    - ```javascript RestRequest("/_api/Microsoft.SharePoint.Utilities.WebTemplateExtensions.SiteScriptUtility.CreateSiteDesign", {info:{Title:"Contoso company theme", Description:"Applies standard company theme to site", SiteScriptIds:["89516c6d-9f4d-4a57-ae79-36b0c95a817b"], WebTemplate:"68", IsDefault: true}}); ``` @@ -42,7 +39,6 @@ RestRequest("/_api/Microsoft.SharePoint.Utilities.WebTemplateExtensions.SiteScri The default site template for a communication site is the **Topic** template. The default for a team site is the **Team collaboration** template. When you apply a new default site template, it updates the Microsoft-provided default templates. - ## Restore the default site templates To restore a site template to the defaults, remove the site template script that you applied. In the previous example, if the site template created had the ID `db752673-18fd-44db-865a-aa3e0b28698e`, you would remove it as shown in the following example. @@ -51,8 +47,6 @@ To restore a site template to the defaults, remove the site template script that C:\> Remove-SPOSiteDesign db752673-18fd-44db-865a-aa3e0b28698e ``` -
    - ```javascript RestRequest("/_api/Microsoft.SharePoint.Utilities.WebTemplateExtensions.SiteScriptUtility.DeleteSiteDesign", {id:"db752673-18fd-44db-865a-aa3e0b28698e"}); ``` diff --git a/docs/declarative-customization/formatting-advanced.md b/docs/declarative-customization/formatting-advanced.md index 6eced27a4..5a4d79813 100644 --- a/docs/declarative-customization/formatting-advanced.md +++ b/docs/declarative-customization/formatting-advanced.md @@ -1,12 +1,12 @@ --- title: Advanced formatting concepts description: Advanced formatting concepts -ms.date: 08/24/2022 +ms.date: 07/16/2025 ms.localizationpriority: high --- # Advanced formatting concepts -You can use some of the following features to make your view and column formatting more information rich and interactable. +You can use some of the following features to make your view and column formatting more information-rich and interactive. ## Create a button to launch a Flow @@ -14,9 +14,9 @@ The following screenshot shows a list with a Flow button added to the Action col ![screenshot of the sample](../images/sp-columnformatting-flow.png) -You can use column formatting to create buttons that, when selected, run Flows on the corresponding list item. For flows that are [solution-aware](/power-automate/overview-solution-flows), the Flow Launch Panel will be displayed after choosing the button and you must select Run Flow to start the flow. For flows that are not solution-aware, The Flow Launch Panel will be displayed after choosing the button and the Flow will just run. +You can use column formatting to create buttons that, when selected, run Flows on the corresponding list item. For flows that are [solution-aware](/power-automate/overview-solution-flows), the Flow Launch Panel will be displayed after choosing the button, and you must select Run Flow to start the flow. For flows that aren't solution-aware, the Flow Launch Panel will be displayed after selecting the button, and the Flow will just run. -To use the sample below, you must substitute the ID of the Flow you want to run. This ID is contained within the `actionParams` property of the `customRowAction` attribute inside the `button` element. +To use the sample below, you must substitute the ID of the Flow you want to run. This ID is contained within the `actionParams` property of the `customRowAction` attribute inside the `button` element. To obtain the ID of a flow that is solution-aware: @@ -28,45 +28,46 @@ To obtain the ID of a flow that is solution-aware: 1. Select Export > Get flow identifier. 1. Copy the ID. -To obtain the ID of a flow that is not solution-aware: +To obtain the ID of a flow that isn't solution-aware: -1. Select **Flow > See your flows** in the SharePoint list where the Flow is configured. +1. Switch to the environment in which the Flow is hosted. 1. Select the Flow you want to run. -1. Copy the ID from the end of the URL. +1. Select Export > Get flow identifier. +1. Copy the ID. -```JSON -{ - "$schema": "https://developer.microsoft.com/json-schemas/sp/v2/column-formatting.schema.json", - "elmType": "button", - "customRowAction": { - "action": "executeFlow", - "actionParams": "{\"id\": \"edf627d9-20f4-45ba-8bc9-4494bf2ff1be\"}" - }, - "attributes": { - "class": "ms-fontColor-themePrimary ms-fontColor-themeDarker--hover" - }, - "style": { - "border": "none", - "background-color": "transparent", - "cursor": "pointer" - }, - "children": [ + ```JSON { - "elmType": "span", + "$schema": "https://developer.microsoft.com/json-schemas/sp/v2/column-formatting.schema.json", + "elmType": "button", + "customRowAction": { + "action": "executeFlow", + "actionParams": "{\"id\": \"edf627d9-20f4-45ba-8bc9-4494bf2ff1be\"}" + }, "attributes": { - "iconName": "Flow" + "class": "ms-fontColor-themePrimary ms-fontColor-themeDarker--hover" }, "style": { - "padding-right": "6px" - } - }, - { - "elmType": "span", - "txtContent": "Send to Manager" + "border": "none", + "background-color": "transparent", + "cursor": "pointer" + }, + "children": [ + { + "elmType": "span", + "attributes": { + "iconName": "Flow" + }, + "style": { + "padding-right": "6px" + } + }, + { + "elmType": "span", + "txtContent": "Send to Manager" + } + ] } - ] -} -``` + ``` Additionally, you can use `headerText` and `runFlowButtonText` options within the `actionParams` property to customize portions of the Flow panel itself! See the [button elements](./formatting-syntax-reference.md#customrowaction) portion of the Detailed syntax reference for more details. @@ -82,9 +83,9 @@ On hover - Metadata on the column "Status" is made available in column formattin ![Preview Image 2](../images/HoverImage-2.png) -You can use formatting to define custom call out that can be commissioned basis user defined actions like click or hover. +You can use formatting to define a custom callout that can be commissioned user-defined basis, actions like click or hover. -This example uses `customCardProps`, `openOnEvent`, `directionalHint` and `isBeakVisible`: +This example uses `customCardProps`, `openOnEvent`, `directionalHint`, and `isBeakVisible`: ```JSON { @@ -110,20 +111,20 @@ This example uses `customCardProps`, `openOnEvent`, `directionalHint` and `isBea ## Default cards on hover -Users can now have profile card or file hover card on formatters too, some of the things users can now do: +Users can now have a profile card or a file hover card on formatters too. Some of the things users can now do: -1. Profile card or File Hover card on any column -1. Profile card or Hover card with view formatting +- Profile card or File Hover card on any column +- Profile card or Hover card with view formatting -Hover on a filename with formatting with default file card: +Hover on a filename with formatting with the default file card: ![Preview Image 3](../images/HoverImage-3.png) -Hover on a person column with formatting with default Profile card: +Hover on a person column with formatting with the default Profile card: ![Preview Image 4](../images/HoverImage-4.png) -Both the example uses defaultHoverField +This example uses `defaultHoverField`: ```JSON { @@ -257,9 +258,9 @@ The following image shows a list with a Gallery layout referencing the Category ## Inline Editing With inline editing, formatters have the ability to load field editors to edit field data on an item. -Users need to have edit permissions on the list item and the field type should belong to set of supported types for this feature to work. +Users need to have edit permissions on the list item, and the field type should belong to a set of supported types for this feature to work. -A special json property `inlineEditField` is used with value as the field internal name __`[$FieldName]`__ at the target element in the json. +A special JSON property `inlineEditField` is used with value as the field internal name __`[$FieldName]`__ at the target element in the JSON. ```json { @@ -271,23 +272,23 @@ A special json property `inlineEditField` is used with value as the field intern ![Inline Editing using inlineEditField property](../images/sp-columnformatting-inline-editing.gif) -This allows the users to edit items in-place, within the view, without navigating away to grid based editing or to a item edit form. +This allows the users to edit items in-place, within the view, without navigating away to grid-based editing or to an item edit form. ### Supported Field Types List of supported field types for inline editing: - Single line text -- Multi line text (without RTF) +- Multiline text (without RTF) - Number - DateTime - Choice and MultiChoice -- User and Multi user +- User and Multiuser - Lookup ### Hover Borders and Customizations -The inline editing adds a hover border on the elements to indicate these elements have an associated action. The default border is `neutralSecondary` , and on click, the editor appears with a `themePrimary` border. These border colors can be overriden via setting style on the same element with `inlineEditField` by using some special attributes - `--inline-editor-border-width`, `--inline-editor-border-style`, `--inline-editor-border-radius`, and `--inline-editor-border-color`. +The inline editing adds a hover border on the elements to indicate that these elements have an associated action. The default border is `neutralSecondary`, and on click, the editor appears with a `themePrimary` border. These border colors can be overridden via setting style on the same element with `inlineEditField` by using some special attributes - `--inline-editor-border-width`, `--inline-editor-border-style`, `--inline-editor-border-radius`, and `--inline-editor-border-color`. ```json { @@ -305,9 +306,9 @@ The inline editing adds a hover border on the elements to indicate these element ## Set multiple field values of an Item using customRowAction -With the new `setValue` and `customRowAction` properties, formatters can render action buttons which modify the item internally without opening editors or forms. `setValue` also allows setting multiple field values of the item at once. +With the new `setValue` and `customRowAction` properties, formatters can render action buttons that modify the item internally without opening editors or forms. `setValue` also allows setting multiple field values of the item at once. -The below JSON will set value of `FieldInternalName_1`, `FieldInternalName_2`, and `FieldInternalName_3`with the values provided: +The below JSON will set the value of `FieldInternalName_1`, `FieldInternalName_2`, and `FieldInternalName_3`with the values provided: ```json { @@ -327,45 +328,49 @@ The below JSON will set value of `FieldInternalName_1`, `FieldInternalName_2`, a ### Supported Field Types - Single line text -- Multi line text (without RTF) +- Multiline text (without RTF) - Number - DateTime - Choice and MultiChoice -- User and Multi user +- User and Multiuser ### Value Field values in `actionInput`: - Text values: - a valid string like `"Choice 1"` - - value from other columns : `[$ColumnName]` + - value from other columns: `[$ColumnName]` - an [expression](./formatting-syntax-reference.md#expressions) such as: - `"if([$column]> 10, "Choice A", "Choice B")"` + ``` + "if([$column]> 10, "Choice A", "Choice B")" + ``` or - `{operator: "+", operands" : ["Choice", "A"]}` + ``` + {operator: "+", operands" : ["Choice", "A"]} + ``` - Number: - a valid number - - value from other columns : `[$ColumnName]` + - value from other columns: `[$ColumnName]` - an [expression](./formatting-syntax-reference.md#expressions) - Date values: - a date string - `@now` token - - [expressions](./formatting-syntax-reference.md#expressions) which return a date using builtin date functions - - `addDays` and `addMinutes`, two new functions to support [expressions](./formatting-syntax-reference.md#expressions) like 7 days from today + - [expressions](./formatting-syntax-reference.md#expressions) that return a date using built-in date functions + - `addDays` and `addMinutes`, two new functions to support [expressions](./formatting-syntax-reference.md#expressions) like seven days from today - an empty string `""` clears the field value - Multi-Choice and Multi-Person: - - Multi value fields are special, as they need an array value to save multiple values. - - `appendTo`, `removeFrom`, and `replace`, three functions which can operate on multivalue fields. + - Multi-value fields are special, as they need an array value to save multiple values. + - `appendTo`, `removeFrom`, and `replace`, three functions that can operate on multivalue fields. - `appendTo([$MultiChoiceField], 'MyValue')` - `removeFrom([$MultiUserField], @me)`: removes all occurrences that match the second parameter - - `replace([$MultiChoiceField], 'Choice 1', 'Choice 3')`: replaces all occurrences of second parameter with third. + - `replace([$MultiChoiceField], 'Choice 1', 'Choice 3')`: replaces all occurrences of the second parameter with the third. - Person field values: - user name or email - An empty string `""` clears the field value - an [expression](./formatting-syntax-reference.md#expressions) which returns these values - > [!NOTE] - > A query runs with the string value provided on people column and the first person in the returned results is used. + > [!NOTE] + > A query runs with the string value provided on the people column, and the first person in the returned results is used. diff --git a/docs/declarative-customization/formatting-syntax-reference.md b/docs/declarative-customization/formatting-syntax-reference.md index f98874e75..bf3f244cf 100644 --- a/docs/declarative-customization/formatting-syntax-reference.md +++ b/docs/declarative-customization/formatting-syntax-reference.md @@ -1,7 +1,7 @@ --- title: Formatting syntax reference description: Formatting syntax reference -ms.date: 04/08/2023 +ms.date: 02/19/2025 ms.localizationpriority: high --- @@ -11,36 +11,39 @@ ms.localizationpriority: high Specifies the type of element to create. Valid elements include: -- div -- span -- a -- [img](#img-src-security) -- svg -- path -- button -- p -- [filepreview](#filepreview) +- `div` +- `span` +- `a` +- [`img`](#img-src-security) +- `svg` +- `path` +- `button` +- `p` +- [`filepreview`](#filepreview) Any other value will result in an error. ### filepreview -Use the special elmType `filepreview` in conjunction with the `src` attribute set to [`@thumbnail.`](#thumbnails) to view thumbnails for files in your document libary. -If the thumbnail loads successfully, a small [brand type icon](https://developer.microsoft.com/fluentui#/styles/web/office-brand-icons) is visible on the bottom left. If the thumbanil fails to load (or if the file type doesn't support thumbnails), a [file type icon](https://developer.microsoft.com/fluentui#/styles/web/file-type-icons) is shown instead. +Use the special `elmType` `filepreview` with the `src` attribute set to [`@thumbnail.`](#thumbnails) to view thumbnails for files in your document library. + +If the thumbnail loads successfully, a small [brand type icon](https://developer.microsoft.com/fluentui#/styles/web/office-brand-icons) is visible on the bottom left. If the thumbnail fails to load (or if the file type doesn't support thumbnails), a [file type icon](https://developer.microsoft.com/fluentui#/styles/web/file-type-icons) is shown instead. ```json "elmType": "filepreview", "attributes": { "src": "@thumbnail.medium" - } +} ``` + ### img src security Images from the following domains are allowed: - - tenant domain, configured multi-geo domains and vanity domains (company.sharepoint.com) - - cdn.office.net, akamaihd.net, static2.sharepointonline.com CDNs - -most other external image sources are blocked by default in custom formatters. To include external images and allow specific domains or CDNs, the domain needs to be added to a site-level setting - [HTMLFieldSecurity](https://support.microsoft.com/office/allow-or-restrict-the-ability-to-embed-content-on-sharepoint-pages-e7baf83f-09d0-4bd1-9058-4aa483ee137b) + +- tenant domain, configured multi-geo domains and vanity domains (`company.sharepoint.com`) +- `cdn.office.net`, `akamaihd.net`, `static2.sharepointonline.com` CDNs + +Most other external image sources are blocked by default in custom formatters. To include external images and allow specific domains or CDNs, the domain needs to be added to a site-level setting. For more information see: [Allow or restrict the ability to embed content on SharePoint pages](https://support.microsoft.com/office/allow-or-restrict-the-ability-to-embed-content-on-sharepoint-pages-e7baf83f-09d0-4bd1-9058-4aa483ee137b) ## txtContent @@ -50,6 +53,9 @@ An optional property that specifies the text content of the element specified by An optional property that specifies style attributes to apply to the element specified by `elmType`. This is an object with name-value pairs that correspond to CSS names and values. The values of each property in the style object can either be a string (including special strings) or an Expression object. The following style attributes are allowed. +> [!CAUTION] +> Float style prop no longer supported in custom formatter. Users are encouraged to use Gallery View as a more stable alternative. + ```javascript 'background-color' 'fill' @@ -160,7 +166,7 @@ An optional property that specifies style attributes to apply to the element spe 'clear' 'clip' 'display' -'float' +'float' (Deprecated) 'left' 'overflow' 'position' @@ -210,12 +216,11 @@ An optional property that specifies style attributes to apply to the element spe 'object-fit' 'transform' // Only translate(arg) and translate(arg, arg) are currently supported - ``` -The following example shows the value of a style object. In this example, two style properties (`padding` and `background-color`) will be applied. The `padding` value is a hard-coded string value. The `background-color` value is an Expression that is evaluated to either red (`#ff0000`) or green (`#00ff00`) depending on whether the value of the current field (specified by `@currentField`) is less than 40. For more information, see the Expression object section. +The following example shows the value of a style object. In this example, two style properties (`padding` and `background-color`) will be applied. The `padding` value is a hard-coded string value. The `background-color` value is an Expression that is evaluated to either red (`#ff0000`) or green (`#00ff00`) depending on whether the value of the current field (specified by `@currentField`) is less than 40. For more information, see the [Expression object section](#expressions). -```JSON +```json { "$schema": "https://developer.microsoft.com/json-schemas/sp/v2/column-formatting.schema.json", "elmType": "div", @@ -241,7 +246,7 @@ The following example shows the value of a style object. In this example, two st Here's the same sample from above, using the Excel-style expression syntax: -```JSON +```json { "$schema": "https://developer.microsoft.com/json-schemas/sp/v2/column-formatting.schema.json", "elmType": "div", @@ -254,7 +259,7 @@ Here's the same sample from above, using the Excel-style expression syntax: ## attributes -An optional property that specifies additional attributes to add to the element specified by `elmType`. This is an object with name-value pairs. Attribute names must be one of the following: +The `attributes` optional property specifies more attributes to add to the element specified by `elmType`. This is an object with name-value pairs. Attribute names must be one of the following: - href - rel @@ -273,7 +278,7 @@ An optional property that specifies additional attributes to add to the element Any other attribute name will result in an error. Attribute values can either be Expression objects or strings. The following example adds two attributes (`target` and `href`) to the element specified by `elmType`. The `target` attribute is hard-coded to a string. The `href` attribute is an expression that will be evaluated at runtime to `http://finance.yahoo.com/quote/` + the value of the current field (`@currentField`). -```JSON +```json { "$schema": "https://developer.microsoft.com/json-schemas/sp/v2/column-formatting.schema.json", "target": "_blank", @@ -283,33 +288,33 @@ Any other attribute name will result in an error. Attribute values can either be ## children -An optional property that specifies child elements of the element specified by `elmType`. The value is specified as an array of `elm` objects. There can be an arbitrary level of nesting. If an element has the `txtContent` property, the child properties are ignored. +The `children` optional property specifies child elements of the element specified by `elmType`. The value is specified as an array of `elm` objects. There can be an arbitrary level of nesting. If an element has the `txtContent` property, the child properties are ignored. ## debugMode -An optional property that is meant for debugging. It outputs error messages and logs warnings to the console. +The `debugMode` optional property is meant for debugging. It outputs error messages and logs warnings to the console. ## forEach -An optional property that allows an element to duplicate itself for each member of a specific multi-value field or an array. The value of `"forEach"` property should be in the format of either `"iteratorName in @currentField"` or `"iteratorName in [$FieldName]"` or `"iteratorName in Expression-Returning-An-Array"`. +The `forEach` optional property allows an element to duplicate itself for each member of a specific multi-value field or an array. The value of `"forEach"` property should be in the format of either `"iteratorName in @currentField"` or `"iteratorName in [$FieldName]"` or `"iteratorName in Expression-Returning-An-Array"`. -`iteratorName` represents the name of iterator variable that is used to represent the current member of the multi-value field. The name of the iterator can be any combination of alphanumeric characters and underscore (`_`) that does not start with a digit. +`iteratorName` represents the name of the iterator variable that is used to represent the current member of the multi-value field. The name of the iterator can be any combination of alphanumeric characters and an underscore (`_`) that doesn't start with a digit. -The field used in the loop must be in a supported field type with multi-value option enabled: Person, Lookup, and Choice. An expression returning an array can also be used. +The field used in the loop must be in a supported field type with multi-value options enabled: Person, Lookup, and Choice. An expression returning an array can also be used. -In the element with `forEach` or its children elements, the iterator variable can be referred as if it is a new field. The index of the iterator can be accessed with `loopIndex` operator. +In the element with `forEach` or its children elements, the iterator variable can be referred to as if it's a new field. The index of the iterator can be accessed with `loopIndex` operator. -`forEach` cannot be applied to the root element, and will render no element if there is no value in the field. +`forEach` can't be applied to the root element, and will render no element if there's no value in the field. -See [here](./column-formatting.md#formatting-multi-value-fields) for examples. +See [Formatting multi-value fields](column-formatting.md#formatting-multi-value-fields) for examples. ## customRowAction -`button` elements can be used to launch a specific action on the parent item. Every `button` element has a required property, `customRowAction`, that specifies an `action` that's taken when the button is clicked. This action must be one of the following values: +`button` elements can be used to launch a specific action on the parent item. Every `button` element has a required property, `customRowAction`, that specifies an `action` that's taken when the button is selected. This action must be one of the following values: -- **defaultClick**: buttons with this action will do the same thing as clicking the list item in an uncustomized view. Below is an example of a button that, when clicked, simulates a click on the item, which results in opening the list item. Adding this example button to a document library simulates a click on the file or folder, which results in the file or folder being opened. +- **defaultClick**: buttons with this action will do the same thing as clicking the list item in an uncustomized view. The following example demonstrates a button that, when selected, simulates a selection on the item, which results in opening the list item. Adding this example button to a document library simulates a selection on the file or folder, which results in the file or folder being opened. - ```JSON + ```json { "$schema": "https://developer.microsoft.com/json-schemas/sp/v2/column-formatting.schema.json", "elmType": "button", @@ -320,9 +325,9 @@ See [here](./column-formatting.md#formatting-multi-value-fields) for examples. } ``` -- **share**: Clicking the button will open the sharing dialog. Below is an example of this type of button. +- **share**: Selecting the button will open the sharing dialog. The following is an example of this type of button: - ```JSON + ```json { "$schema": "https://developer.microsoft.com/json-schemas/sp/v2/column-formatting.schema.json", "elmType": "button", @@ -333,12 +338,12 @@ See [here](./column-formatting.md#formatting-multi-value-fields) for examples. } ``` -- **delete**: Clicking the button will open the delete confirmation dialog. -- **editProps**: Clicking the button will open the item properties page in edit mode. -- **openContextMenu**: Clicking the button will open the item's default context menu. -- **setValue**: Clicking the element will update the item with the field values provided. +- **delete**: Selecting the button will open the delete confirmation dialog. +- **editProps**: Selecting the button will open the item properties page in edit mode. +- **openContextMenu**: Selecting the button will open the item's default context menu. +- **setValue**: Selecting the element will update the item with the field values provided. - ```JSON + ```json { "elmType": "div", "txtContent": "[$FieldName]", @@ -346,15 +351,15 @@ See [here](./column-formatting.md#formatting-multi-value-fields) for examples. "action": "setValue", "actionInput": { "FieldInternalName_1": "FieldValue_1", - "FieldInternalName_2": "FieldValue_2", + "FieldInternalName_2": "FieldValue_2" } } } ``` -- **executeFlow**: Clicking the button will launch the specified Flow, specified by ID inside the `actionParams` attribute. For an example of this, see [Create a button to launch a Flow](./formatting-advanced.md#create-a-button-to-launch-a-flow). Below is an example of this type of button. +- **executeFlow**: Selecting the button will launch the specified Flow, specified by ID inside the `actionParams` attribute. For an example of this, see [Create a button to launch a Flow](./formatting-advanced.md#create-a-button-to-launch-a-flow). The following example demonstrates this type of button: - ```JSON + ```json { "$schema": "https://developer.microsoft.com/json-schemas/sp/column-formatting.schema.json", "elmType": "button", @@ -366,36 +371,70 @@ See [here](./column-formatting.md#formatting-multi-value-fields) for examples. } ``` -The `actionParams` attribute can have the following options when using the `executeFlow` action: + The `actionParams` attribute can have the following options when using the `executeFlow` action: + + - **id**: ID of the Flow to launch _(required)_ + - **headerText**: Sets the text at the top of the flow panel _(optional)_ + - **runFlowButtonText**: Sets the text of the primary button in the flow panel _(optional)_ + +- **embed**: Clicking on the button will open a callout with content embedded in it. The content will be determined by the URL provided in the `src` attribute in `actionInput`. You can also control the `height` and `width` of the callout using the `actionInput`. + + > [!NOTE] + > + > - The `src` needs to be just the `url` part of an embeddable code generated by an app (usually found in the `src` attribute of the `iframe` element). + > - This action is only available in the newer version of the Microsoft Lists App. + + For more information about allowing or restricting domains, see [Allow or restrict the ability to embed content on SharePoint Lists using custom formatters](https://go.microsoft.com/fwlink/p/?linkid=2258033). + + + ```json + { + "$schema": "https://developer.microsoft.com/json-schemas/sp/v2/column-formatting.schema.json", + "elmType": "button", + "customRowAction": { + "action": "embed", + "actionInput": { + "src": "https://www.relecloud.com/embed/ll00hWQMJxQ", + "height": "350", + "width": "700" + } + }, + "txtContent": "Click here to open recipe video 👩‍🍳" + } + ``` + + The `actionInput` attribute can have the following options when using the `embed` action: -- **id**: ID of the Flow to launch _(required)_ -- **headerText**: Sets the text at the top of the flow panel _(optional)_ -- **runFlowButtonText**: Sets the text of the primary button in the flow panel _(optional)_ + - **src**: The URL of the content you want to embed. _(required)_ + - **height**: The height of the callout within which the embedded content will render. The default value is 300. _(optional)_ + - **width**: The width of the callout within which the embedded content will render. The default value is 300. _(optional)_ ## customCardProps -Add a custom card to the element, that shows up on hover or click event. Following customization is available - +Add a custom card to the element, that shows up on hover or `click` event. The following customizations are available: - `"formatter"`: JSON object that defines formatting for custom cards. - `"openOnEvent"`: Event on which the customCard should open. - Valid values: `click`, `hover` -- `"directionalHint"`: Specify the direction relative to the target in which custom card will be positioned. This is the preferred location but is not guaranteed depending on space. +- `"directionalHint"`: Specify the direction relative to the target in which the custom card will be positioned. This is the preferred location but it isn't guaranteed depending on space. - Valid values: `bottomAutoEdge`, `bottomCenter`, `bottomLeftEdge`, `bottomRightEdge`, `leftBottomEdge`, `leftCenter`, `leftTopEdge`, `rightBottomEdge`, `rightCenter`, `rightTopEdge`, `topAutoEdge`, `topCenter`, `topLeftEdge`, `topRightEdge` - `"isBeakVisible"`: Specify if the beak is to be shown or not. -- `"beakStyle"`: Specifies the style object for custom card's beak. +- `"beakStyle"`: Specifies the style object for the custom card's beak. ## defaultHoverField -Adds the profile card for the people fields or file hover card for files in document library. +Adds the profile card for the people fields or file hovercard for files in the document library. - `"defaultHoverField": "[$Editor]"` adds a profile card for the editor field - `"defaultHoverField": "[$FileLeafRef]"` adds a file hover card in documentLibrary ## columnFormatterReference -This will be replaced with the referenced column's formatter JSON. Multi level reference is not supported. +This will be replaced with the referenced column's formatter JSON. Multi-level reference isn't supported. -```JSON +References for multi-choice column formatter templates and column formatters not based on templates are not supported. + +```json { "columnFormatterReference": "[$FieldName]" } @@ -405,20 +444,21 @@ This will be replaced with the referenced column's formatter JSON. Multi level r Adds the field editor for the referenced column. -```JSON +```json { "elmType": "div", "inlineEditField": "[$FieldName]", "txtContent": "[$FieldName]" } ``` + ## filePreviewProps -An optional property, that allows overriding the default styles of file type icon and brand type icon in `filepreview` elmType. +The `filePreviewProps` is an optional property that allows overriding the default styles of file type icon and brand type icon in `filepreview`.elmType. -- `fileTypeIconClass` and `brandTypeIconClass` can be used to provide CSS class names to the file type icon and the brand type icon elements respectively. +The `fileTypeIconClass` and `brandTypeIconClass` can be used to provide CSS class names to the file type icon and the brand type icon elements respectively. -- `fileTypeIconStyle` and `brandTypeIconStyle` can be used to provide [styles](#style) to the file type icon and the brand type icon respectively. These styles will take precedence over the same styles coming from the CSS classes provided by the above 2 properties. +The `fileTypeIconStyle` and `brandTypeIconStyle` can be used to provide [styles](#style) to the file type icon and the brand type icon respectively. These styles will take precedence over the same styles coming from the CSS classes provided by the above two properties. ```json "elmType": "filepreview", @@ -439,49 +479,49 @@ An optional property, that allows overriding the default styles of file type ico ## Expressions -Values for `txtContent`, style properties, and attribute properties can be expressed as expressions, so that they are evaluated at runtime based on the context of the current field (or row). Expression objects can be nested to contain other Expression objects. +Values for `txtContent`, style properties, and attribute properties can be expressed as expressions so that they're evaluated at runtime based on the context of the current field (or row). Expression objects can be nested to contain other Expression objects. -Expressions can be written using Excel-style expressions in SharePoint Online and SharePoint Server Subscription Edition starting with the Version 22H2 feature update, or by using Abstract Syntax Tree expressions in SharePoint Online, SharePoint Server Subscription Edition, and SharePoint Server 2019. +Expressions can be written using Excel-style expressions in SharePoint Online and SharePoint Server Subscription Edition starting with the 22H2 feature update, or by using Abstract Syntax Tree expressions in SharePoint Online, SharePoint Server Subscription Edition, and SharePoint Server 2019. -All fields in ViewFields can be referred in expresisons, even if it is marked `Explicit`. +All fields in `ViewFields` can be referred to in expressions, even if it's marked `Explicit`. ### Excel-style expressions -All Excel-style expressions begin with an equal (`=`) sign. This style of expression is only available in SharePoint Online and SharePoint Server Subscription Edition starting with the Version 22H2 feature update. This style of expression is not available in SharePoint Server Subscription Edition before the Version 22H2 feature update nor SharePoint Server 2019. +All Excel-style expressions begin with an equal (`=`) sign. This style of expression is only available in SharePoint Online and SharePoint Server Subscription Edition starting with the 22H2 feature update. This style of expression isn't available in SharePoint Server 2019 or SharePoint Server Subscription Edition prior to the 22H2 feature update. -This simple conditional expression evaluates to `none` if `@me` is not equal to `[$Author.email]`, and evaluates to `''` otherwise: +This simple conditional expression evaluates to `none` if `@me` isn't equal to `[$Author.email]`, and evaluates to `''` otherwise: -```JSON +```json =if(@me != [$Author.email], 'none', '') ``` -More complex if/else statements can be written like this: +More complex if/else statements can be written like the following: -```JSON +```json =if([$Sentiment] <= 0.3, 'sp-field-severity--blocked', if([$Sentiment] < 0.9,'sp-field-severity--warning','sp-field-severity--good')) ``` -Non-conditional operators that take one or two operands can be written like this: +Non-conditional operators that take one or two operands can be written like the following: -```JSON +```json =[$foo] * -7 ``` -```JSON +```json =sin(@currentField) ``` -```JSON +```json =toString(60 + (sin(6.2831853 * @currentField) * 60)) ``` ### Abstract Syntax Tree expressions -The following example contains an Expression object that performs the following expression: +The following example contains an Expression object that performs the expression: `(@currentField > 40) ? '100%' : (((@currentField * 2.5).toString() + '%')` -```JSON +```json { "$schema": "https://developer.microsoft.com/json-schemas/sp/v2/column-formatting.schema.json", "operator": "?", @@ -518,218 +558,223 @@ The following example contains an Expression object that performs the following ## Operators -Operators specify the type of operation to perform. The following operators are valid values: - -- \+ -- \- -- / -- \* -- < -- \> -- \% -- == -- != -- <= -- \>= -- || -- && -- toString() -- Number() -- Date() -- cos -- sin -- ? -- : -- toLocaleString() -- toLocaleDateString() -- toLocaleTimeString() -- indexOf -- toLowerCase -- join -- length -- abs -- loopIndex -- floor -- ceiling -- pow -- substring -- getDate -- getMonth -- getYear -- toUpperCase -- lastIndexOf -- startsWith -- endsWith -- replace -- replaceAll -- padStart -- padEnd -- getUserImage -- addDays -- addMinutes -- appendTo -- removeFrom -- split - -**Binary arithmetic operators** - The following are the standard arithmetic binary operators that expect two operands: - -- \+ -- \- -- / -- \* -- < -- \> -- \% -- == -- != -- <= -- \>= - -**Unary operators** - The following are standard unary operators that expect only one operand: - -- **toString()**: returns a string representing the object +Operators specify the type of operation to perform. Valid operator values include: + +- `+` +- `-` +- `/` +- `*` +- `<` +- `>` +- `%` +- `==` +- `!=` +- `<=` +- `>=` +- `||` +- `&&` +- `toString()` +- `Number()` +- `Date()` +- `cos` +- `sin` +- `?` +- `:` +- `toLocaleString()` +- `toLocaleDateString()` +- `toLocaleTimeString()` +- `indexOf` +- `toLowerCase` +- `join` +- `length` +- `abs` +- `loopIndex` +- `floor` +- `ceiling` +- `pow` +- `substring` +- `getDate` +- `getMonth` +- `getYear` +- `toUpperCase` +- `lastIndexOf` +- `startsWith` +- `endsWith` +- `replace` +- `replaceAll` +- `padStart` +- `padEnd` +- `getThumbnailImage` +- `getUserImage` +- `addDays` +- `addMinutes` +- `appendTo` +- `removeFrom` +- `split` + +**Binary arithmetic operators** - The standard arithmetic binary operators that expect two operands include are: + +- `+` +- `-` +- `/` +- `*` +- `<` +- `>` +- `%` +- `==` +- `!=` +- `<=` +- `>=` + +**Unary operators** - The standard unary operators that expect only one operand are: + +- `toString()`: returns a string representing the object - `"txtContent": "=toString(45)"` results in _"45"_ -- **Number()**: returns the numeric value, if the operand is not a number, NaN is returned +- `Number()`: returns the numeric value, if the operand isn't a number, NaN is returned - `"txtContent": "=Number('365')"` results in _365_ - `"txtContent": "=Number('Wowee')"` results in _NaN_ - `"txtContent": "=Number(Date('12/26/1981'))"` results in _378190800000_ -- **Date()**: returns a datetime object from the parameter (converts strings or numbers to dates, sensitive to locale) +- `Date()`: returns a datetime object from the parameter (converts strings or numbers to dates, sensitive to locale) - `"txtContent": "=Date('12/26/1981')"` results in _12/26/1981, 12:00:00 AM_ -- **cos**: returns the cosine of the specified angle which should be specified in radians +- `cos`: returns the cosine of the specified angle that should be specified in radians - `"txtContent": "=cos(5)"` results in _0.28366218546322625_ -- **sin**: returns the sine of a number +- `sin`: returns the sine of a number - `"txtContent": "=sin(90)"` results in _0.8939966636005579_ -- **toDateString()**: returns a date in a short-friendly format - - `"txtContent": "=toDateString(@now)"` result doesn't vary based on user's locale and it will look like _"Wed Aug 03 2022"_ -- **toLocaleString()**: returns a language sensitive representation of a date - - `"txtContent":"=toLocaleString(@now)"` results vary based on user's locale, but en-us looks like _"2/5/2019, 1:22:24 PM"_ -- **toLocaleDateString()**: returns a language sensitive representation of just the date portion of a date - - `"txtContent":"=toLocaleDateString(@now)"` results vary based on user's locale, but en-us looks like _"2/5/2019"_ -- **toLocaleTimeString()**: returns a language sensitive representation of just the time portion of a date - - `"txtContent":"=toLocaleTimeString(@now)"` results vary based on user's locale, but en-us looks like _"1:22:24 PM"_ -- **toLowerCase**: returns the value converted to lower case (only works on strings) - _Only available in SharePoint Online_ +- `toDateString()`: returns a date in a short-friendly format + - `"txtContent": "=toDateString(@now)"` result doesn't vary based on the user's locale and it will look like _"Wed Aug 03 2022"_ +- `toLocaleString()`: returns a language-sensitive representation of a date + - `"txtContent":"=toLocaleString(@now)"` results vary based on the user's locale, but en-us looks like _"2/5/2019, 1:22:24 PM"_ +- `toLocaleDateString()`: returns a language-sensitive representation of just the date portion of a date + - `"txtContent":"=toLocaleDateString(@now)"` results vary based on the user's locale, but en-us looks like _"2/5/2019"_ +- `toLocaleTimeString()`: returns a language-sensitive representation of just the time portion of a date + - `"txtContent":"=toLocaleTimeString(@now)"` results vary based on the user's locale, but en-us looks like _"1:22:24 PM"_ +- `toLowerCase`: returns the value converted to lower case (only works on strings) - _Only available in SharePoint Online_ - `"txtContent":"=toLowerCase('DogFood')"` results in _"dogfood"_ -- **abs**: returns the absolute value for a given number - _Only available in SharePoint Online_ +- `abs`: returns the absolute value for a given number - _Only available in SharePoint Online_ - `"txtContent":"=abs(-45)"` results in _45_ -- **length**: returns the number of items in an array (multi-select person or choice field), for all other value types it returns 1 when true and 0 when false. It does NOT provide the length of a string value (*see the `indexOf` workaround explained later on for such operation*). - _Only available in SharePoint Online_ - - `"txtContent":"=length(@currentField)"` might result in _2_ if there are 2 selected values +- `length`: returns the number of items in an array (multi-select person or choice field), for all other value types it returns 1 when true and 0 when false. It does NOT provide the length of a string value (*see the `indexOf` workaround explained later on for such operation*). - _Only available in SharePoint Online_ + - `"txtContent":"=length(@currentField)"` might result in _2_ if there are two selected values - `"txtContent":"=length('Some Text')"` results in _1_ - `"txtContent":"=length('')"` results in _0_ - `"txtContent":"=length(45)"` results in _1_ - `"txtContent":"=length(0)"` results in _0_ -- **floor**: returns the largest integer less than or equal to a given number. - _Only available in SharePoint Online_ +- `floor`: returns the largest integer less than or equal to a given number. - _Only available in SharePoint Online_ - `"txtContent":"=floor(45.5)"` results in _45_ -- **ceiling**: rounds the given number up to the next largest whole number or integer. - _Only available in SharePoint Online_ +- `ceiling`: rounds the given number up to the next largest whole number or integer. - _Only available in SharePoint Online_ - `"txtContent":"=ceiling(45.5)"` results in _46_ -- **getDate**: returns the day of the month of the given date. - _Only available in SharePoint Online_ +- `getDate`: returns the day of the month of the given date. - _Only available in SharePoint Online_ - `"txtContent":"=getDate(Date('12/26/1981'))"` results in _26_ -- **getMonth**: returns the month in the specified date according to local time, as a zero-based value (where zero indicates the first month of the year). - _Only available in SharePoint Online_ +- `getMonth`: returns the month in the specified date according to local time, as a zero-based value (where zero indicates the first month of the year). - _Only available in SharePoint Online_ - `"txtContent":"=getMonth(Date('12/26/1981'))"` results in _11_ -- **getYear**: returns the year of the given date. - _Only available in SharePoint Online_ +- `getYear`: returns the year of the given date. - _Only available in SharePoint Online_ - `"txtContent":"=getYear(Date('12/26/1981'))"` results in _1981_ -- **toUpperCase**: returns the value converted to upper case (only works on strings) - _Only available in SharePoint Online_ +- `toUpperCase`: returns the value converted to upper case (only works on strings) - _Only available in SharePoint Online_ - `"txtContent":"=toUpperCase('DogFood')"` results in _"DOGFOOD"_ - + **Binary operators** - The following are operators that expect two operands: -- **indexOf**: takes 2 operands. The first is the text (or array) you would like to search within, the second is the text you would like to search for. Returns the index value of the first occurrence of the search term within the string (or array). Indexes start at 0. If the search term is not found within the text (or array), -1 is returned. This operator is case-sensitive. - _Only available in SharePoint Online_ +- `indexOf`: takes two operands. The first is the text (or array) you would like to search within, the second is the text you would like to search for. Returns the index value of the first occurrence of the search term within the string (or array). Indexes start at 0. If the search term isn't found within the text (or array), -1 is returned. This operator is case-sensitive. - _Only available in SharePoint Online_ - `"txtContent": "=indexOf('DogFood', 'Dog')"` results in _0_ - `"txtContent": "=indexOf('DogFood', 'F')"` results in _3_ - `"txtContent": "=indexOf('DogFood', 'Cat')"` results in _-1_ - `"txtContent": "=indexOf('DogFood', 'f')"` results in _-1_ -- **join**: takes 2 operands. The first is an array (multi-select person or choice field) and the second is the separating string. Returns a string concatenation of the array values separated by the separating string. - _Only available in SharePoint Online_ +- `join`: takes two operands. The first is an array (multi-select person or choice field) and the second is the separating string. Returns a string concatenation of the array values separated by the separating string. - _Only available in SharePoint Online_ - `"txtContent": "=join(@currentField, ', ')"` might result in _"Apple, Orange, Cherry"_ (depending on the selected values) - - `"txtContent": "=join(@currentField.title, '|')"` might result in _"Chris Kent|Vesa Juvonen|Jeff Teper"_ (depending on the selected persons) -- **pow**: returns the base to the exponent power. - _Only available in SharePoint Online_ + - `"txtContent": "=join(@currentField.title, '|')"` might result in _"Megan Bowen|Alex Wilber"_ (depending on the selected persons) +- `pow`: returns the base to the exponent power. - _Only available in SharePoint Online_ - `"txtContent":"=pow(2,3)"` results in _8_ -- **lastIndexOf**: returns the position of the last occurrence of a specified value in a string (or array) +- `lastIndexOf`: returns the position of the last occurrence of a specified value in a string (or array) - `"txtContent": "=lastIndexOf('DogFood DogFood', 'Dog')"` results in _8_ - `"txtContent": "=lastIndexOf('DogFood DogFood', 'F')"` results in _11_ - `"txtContent": "=lastIndexOf('DogFood DogFood', 'Cat')"` results in _-1_ - `"txtContent": "=lastIndexOf('DogFood DogFood', 'f')"` results in _-1_ -- **startsWith**: determines whether a string begins with the characters of a specified string +- `startsWith`: determines whether a string begins with the characters of a specified string - `"txtContent":"=startsWith('DogFood', 'Dog')"` results in _true_ - `"txtContent":"=startsWith('DogFood', 'Food')"` results in _false_ -- **endsWith**: determines whether a string ends with the characters of a specified string +- `endsWith`: determines whether a string ends with the characters of a specified string - `"txtContent":"=endsWith('DogFood', 'Dog')"` results in _false_ - `"txtContent":"=endsWith('DogFood', 'Food')"` results in _true_ -- **getUserImage**: returns a URL pointing to user's profile image for a given email and preferred size +- `getUserImage`: returns a URL pointing to user's profile image for a given email and preferred size - `"src":"=getUserImage('kaylat@contoso.com', 'small')"` returns a URL pointing to user's profile picture in small resolution - `"src":"=getUserImage('kaylat@contoso.com', 's')"` returns a URL pointing to user's profile picture in small resolution - `"src":"=getUserImage('kaylat@contoso.com', 'medium')"` returns a URL pointing to user's profile picture in medium resolution - `"src":"=getUserImage('kaylat@contoso.com', 'm')"` returns a URL pointing to user's profile picture in medium resolution - `"src":"=getUserImage('kaylat@contoso.com', 'large')"` returns a URL pointing to user's profile picture in large resolution - `"src":"=getUserImage('kaylat@contoso.com', 'l')"` returns a URL pointing to user's profile picture in large resolution -- **appendTo**: returns an array with the given entry appended to the given array +- `appendTo`: returns an array with the given entry appended to the given array - `"txtContent": "=appendTo(@currentField, 'Choice 4')"` returns an array with 'Choice 4' added to the @currentField array - `"txtContent": "=appendTo(@currentField, 'kaylat@contoso.com')"` returns an array with 'kaylat@contoso.com' added to the @currentField array -- **removeFrom**: returns an array with the given entry removed from the given array, if present +- `removeFrom`: returns an array with the given entry removed from the given array, if present - `"txtContent": "=removeFrom(@currentField, 'Choice 4')"` returns an array with 'Choice 4' removed from the @currentField array - `"txtContent": "=removeFrom(@currentField, 'kaylat@contoso.com')"` returns an array with 'kaylat@contoso.com' removed from the @currentField array -- **split**: divides the given string into an ordered list of substrings by searching for the given pattern, and returns an array of these substrings - - `"txtContent": "=split('Hello World', ' ')"` returns an array with 2 strings - 'Hello' and 'World' -- **addDays**: returns a datetime object with days added (or deducted) from the given datetime value +- `split`: divides the given string into an ordered list of substrings by searching for the given pattern, and returns an array of these substrings + - `"txtContent": "=split('Hello World', ' ')"` returns an array with two strings - 'Hello' and 'World' +- `addDays`: returns a datetime object with days added (or deducted) from the given datetime value - `"txtContent": "=addDays(Date('11/14/2021'), 3)"` returns a 11/17/2021, 12:00:00 AM - `"txtContent": "=addDays(Date('11/14/2021'), -1)"` returns a 11/13/2021, 12:00:00 AM -- **addMinutes**: returns a datetime object with minutes added (or deducted) from the given datetime value +- `addMinutes`: returns a datetime object with minutes added (or deducted) from the given datetime value - `"txtContent": "=addMinutes(Date('11/14/2021'), 3)"` returns a 11/14/2021, 12:03:00 AM - `"txtContent": "=addMinutes(Date('11/14/2021'), -1)"` returns a 11/13/2021, 11:59:00 AM **Ternary operators** - The following are operators that expect three operands: -- **substring**: returns the part of the string between the start and end indices. - _Only available in SharePoint Online_ +- `substring`: returns the part of the string between the start and end indices. - _Only available in SharePoint Online_ - `"txtContent":"=substring('DogFood', 3, 4)"` results in _F_ - `"txtContent":"=substring('DogFood', 4, 3)"` results in _F_ - `"txtContent":"=substring('DogFood', 3, 6)"` results in _Foo_ - `"txtContent":"=substring('DogFood', 6, 3)"` results in _Foo_ - The substring() method returns the part of the string between the start and end indexes, or to the end of the string. + The substring() method returns the part of the string between the start and end indexes or to the end of the string. -- **replace**: searches a string (or array) for a specified value and returns a new string (or array) where the specified value is replaced. Incase of string, only the first instance of the value will be replaced. +- `replace`: searches a string (or array) for a specified value and returns a new string (or array) where the specified value is replaced. For strings, only the first instance of the value will be replaced. - `"txtContent":"=replace('Hello world', 'world', 'everyone')"` results in _Hello everyone_ - `"txtContent":"=replace([$MultiChoiceField], 'Choice 1', 'Choice 2')"` returns an array replacing Choice 1 with Choice 2 - `"txtContent":"=replace([$MultiUserField], @me, 'kaylat@contoso.com')"` returns an array replacing @me with 'kaylat@contoso.com' -- **replaceAll**: searches a string for a specified value and returns a new string (or array) where the specified value is replaced. Incase of string, all instances of the value will be replaced. +- `replaceAll`: searches a string for a specified value and returns a new string (or array) where the specified value is replaced. For strings, all instances of the value will be replaced. - `"txtContent":"=replaceAll('H-e-l-l-o W-o-r-l-d', '-', '')"` results in _Hello World_ -- **padStart**: pads the current string with another string until the resulting string reaches the given length. The padding is applied from the start of the current string. +- `padStart`: pads the current string with another string until the resulting string reaches the given length. The padding is applied from the start of the current string. - `"txtContent":"=padStart('DogFood', 10, 'A')"` results in _AAADogFood_ - `"txtContent":"=padStart('DogFood', 10, 'AB')"` results in _ABADogFood_ - `"txtContent":"=padStart('DogFood', 5, 'A')"` results in _DogFood_ -- **padEnd**: pads the current string with a given string until the resulting string reaches the given length. The padding is applied from the end of the current string. +- `padEnd`: pads the current string with a given string until the resulting string reaches the given length. The padding is applied from the end of the current string. - `"txtContent":"=padEnd('DogFood', 10, 'A')"` results in _DogFoodAAA_ - `"txtContent":"=padEnd('DogFood', 10, 'AB')"` results in _DogFoodABA_ - `"txtContent":"=padEnd('DogFood', 5, 'A')"` results in _DogFood_ -- **getThumbnailImage**: returns a URL pointing to image for a given image field and preferred size. - - `"src":"=getThumbnailImage([$ImageField], 400, 200)"` results in a URL pointing to image for a given image field with 400 width and 200 height +- `getThumbnailImage`: returns a URL pointing to an image for a given image field and preferred size. + - `"src":"=getThumbnailImage([$ImageField], 400, 200)"` results in a URL pointing to an image for a given image field with 400 width and 200 height **Conditional operator** - The conditional operator is: -- **?**: Conditional operations written in Abstract Tree Syntax use `?` as the operator. This is to achieve an expression equivalent to a ? b : c, where if the expression a evaluates to true, then the result is b, else the result is c. For Excel style expressions you write these with an `if` statement. Regardless, there are 3 operands. The first is the condition to evaluate. The second is the result when the condition is true. The third is the result when the condition is false. +- `?`: Conditional operations written in Abstract Tree Syntax use `?` as the operator. This is to achieve an expression equivalent to `a ? b : c`, where if the expression `a` evaluates to true, then the result is `b`, else the result is `c`. For Excel-style expressions, you write these with an `if` statement. Regardless, there are three operands. The first is the condition to evaluate. The second is the result when the condition is true. The third is the result when the condition is false. - `"txtContent":"=if(4 < 5, 'yes', 'no')"` results in _"yes"_ - `"txtContent":"=if(4 > 5, 'yes', 'no')"` results in _"no"_ -**Multi-value field-related operators** - The following operators are only used in a context with multi-value field of type Person, Lookup, or Choice. +**Multi-value field-related operators** - The following operators are only used in a context with multi-value fields of type Person, Lookup, or Choice. + +- `length` +- `join` +- `loopIndex` -- length -- join -- loopIndex +`length`, when provided with a field name, returns the number of members in a multi-valued field. When a single-value field is provided, `length` will return 1 when there's a value in that field. -`length`, when provided with a field name, returns the number of members in a multi-valued field. When a single-value field is provided, `length` will return 1 when there is a value in that field. +`join` concatenates values in a multi-value field with a specified separator. The first operand shall point to a value in a multi-value field, for example `"@currentField.lookupValue"`, `"[$AssignedTo.title]"`. The second operand shall be a string literal that is the separator that joins the values together. -`join` concatenates values in a multi-value field with a specified separator. The first operand shall point to a value in a multi-value field, e.g. `"@currentField.lookupValue"`, `"[$AssignedTo.title]"`. The second operand shall be a string literal that is the separator that joins the values together. +`loopIndex`, when provided with the name of the iterator variable, returns the current index (starting from 0) of the iterator. The name of the iterator must be provided as a string literal. `loopIndex` would only work within the element with respective `forEach` enabled or its children elements. -`loopIndex`, when provided with a name of iterator variable, returns the current index (starting from 0) of the iterator. The name of iterator must be provided as a string literal. `loopIndex` would only work within the element with respective `forEach` enabled or its children elements. +For examples, see [Formatting multi-value fields](column-formatting.md#formatting-multi-value-fields). -See [here](./column-formatting.md#formatting-multi-value-fields) for examples. +**String-related operators** - Some of the previously detailed operators can be used when working with string values: -**String related operators** - Some of the previously detailed operators can be used when working with string values +- `+` +- `indexOf` (*for string length workaround*) -- \+ -- indexOf ( *for string length workaround* ) +`+` can be used when there's a need to concatenate strings, for instance: -`+` can be used when there is a need to concatenate strings, for instance : `"txtContent": "=[$column1] + ' ' + [$column2] + 'some other text'"` +```txt +"txtContent": "=[$column1] + ' ' + [$column2] + 'some other text'" +``` -`indexOf` since the operator `length` doesn't work for string value types ( it will return 1 or 0 ), `indexOf` can serve us as a nice workaround to get the length of a string, for instance: `indexOf([$column1] + '^', '^')`. We will use `'^'` or any other character we may want to use to find out the end of the string. +`indexOf` Since the operator `length` doesn't work for string value types (it will return 1 or 0), `indexOf` can serve us as a nice workaround to get the length of a string, for instance: `indexOf([$column1] + '^', '^')`. We'll use `'^'` or any other character to use to find out the end of the string. ## Operands @@ -741,7 +786,7 @@ The values for `txtContent`, styles, and attributes can be either strings or Exp ### "@currentField" -Will evaluate to the value of the current field. +Will evaluate the value of the current field. Some field types are represented as objects. To output a value from an object, refer to a particular property inside that object. For example, if the current field is a person/group field, specify `@currentField.title` to retrieve the person's name, which is normally displayed in list views. The following are the field types that are represented as objects with a list of their properties. @@ -752,7 +797,7 @@ Some field types are represented as objects. To output a value from an object, r The people field object has the following properties (with example values): -```JSON +```json { "id": "122", "title": "Kalya Tucker", @@ -784,7 +829,7 @@ The value of Date/Time fields can be retrieved a few different ways, depending o For example, the following JSON will display the current field (assuming it's a date field) as a date and time string. -```JSON +```json { "$schema": "https://developer.microsoft.com/json-schemas/sp/v2/column-formatting.schema.json", "elmType": "div", @@ -797,7 +842,7 @@ For example, the following JSON will display the current field (assuming it's a Here's the same sample from above, using the Excel-style expression syntax: -```JSON +```json { "$schema": "https://developer.microsoft.com/json-schemas/sp/v2/column-formatting.schema.json", "elmType": "div", @@ -809,7 +854,7 @@ Here's the same sample from above, using the Excel-style expression syntax: The location field object has the following properties (with example values): -```JSON +```json { "Address": { "City": "Knoxville", @@ -828,7 +873,7 @@ The location field object has the following properties (with example values): The following example shows how a location field might be used on a current field. -```JSON +```json { "$schema": "https://developer.microsoft.com/json-schemas/sp/column-formatting.schema.json", "elmType": "div", @@ -868,7 +913,7 @@ The following example shows how a location field might be used on a current fiel The lookup field object has the following properties (with example values): -```JSON +```json { "lookupId": "100", "lookupValue": "North America", @@ -877,7 +922,7 @@ The lookup field object has the following properties (with example values): The following example shows how a lookup field might be used on a current field. -```JSON +```json { "$schema": "https://developer.microsoft.com/json-schemas/sp/v2/column-formatting.schema.json", "elmType": "a", @@ -899,7 +944,7 @@ The following example shows how a lookup field might be used on a current field. The hyperlink field object has the following property (with example value): -```JSON +```json { "desc": "SharePoint Patterns and Practices", } @@ -909,7 +954,7 @@ To reference the URL value, use `@currentField`. The following example shows how a hyperlink field might be used on a current field. -```JSON +```json { "$schema": "https://developer.microsoft.com/json-schemas/sp/v2/column-formatting.schema.json", "elmType": "a", @@ -923,25 +968,20 @@ The following example shows how a hyperlink field might be used on a current fie **Image fields** -The image field object has the following properties (with example values): +The image field object has the following `fileName` property: -```JSON +```json { "fileName": "image.png", - "id": "6bb1d843-0633-4c9a-9a16-90bc5abd1d8e", - "serverRelativeUrl": "/teams/Discovery/SiteAssets/Lists/ad6ed939-0db2-4d85-8a39-8f3497f41eee/image.png", - "serverUrl": "https://contoso.sharepoint.com", - "thumbnailRenderer": { - "spItemUrl": "https://contoso.sharepoint.com:443/_api/v2.1/drives/b!7196759210defdc0/items/2303b15bfa48c74a74758135a0df1201", - "fileVersion": 3, - "sponsorToken": "3u+UR6n8AgABAAAAHxxdXKmiOmUoqKnZlf8lTOhlPYy93EAkbPfs5+49YLFd/B1+omSKbW7DoqNM40/EeVnwJ8kYoXv9zy9D5C5m5A==" - } } ``` +> [!NOTE] +> As of July 2024, just the `fileName` property has a value. + The following example shows how an image field can be used on a current field. -```JSON +```json { "$schema": "https://developer.microsoft.com/json-schemas/sp/v2/column-formatting.schema.json", "elmType": "img", @@ -960,26 +1000,24 @@ The following example shows how an image field can be used on a current field. The Approval Status field object has the following property (with example value): -```JSON +```json { "displayValue": "Approved", "numeric": 0 } ``` -`displayValue` is localized string of the approval status. +`displayValue` is a localized string of the approval status. -`@currentField` or `[$__ModerationStatus]`will also internally map to the following internal numeric value: +`@currentField` or `[$__ModerationStatus]` will also internally map to the following internal numeric value: -``` -- 0 : Approved -- 1 : Denied -- 2 : Pending -- 3 : Draft -- 4 : Scheduled -``` +- 0: Approved +- 1: Denied +- 2: Pending +- 3: Draft +- 4: Scheduled -`[$_ModerationStatus]` field supports comparisons to both strings as well as the numeric value. The numeric comparisons work across locales and languages, and that will be the recommended way for this field. +`[$_ModerationStatus]` field supports comparisons to both strings and the numeric value. The numeric comparisons work across locales and languages which will be the recommended way for this field. The following expressions evaluate to the output on the right, for when the status is `Pending`: @@ -1005,9 +1043,9 @@ The following expressions evaluate to the output on the right, for when the stat "=if([$_ModerationStatus]=='Pending','This Works too!', 'Nope!')" => 'This Works too!' ``` -The following example shows how a approval status field might be used on a current field. +The following example shows how an approval status field might be used on a current field: -```JSON +```json { "elmType": "div", "txtContent": "@currentField.displayValue", @@ -1028,21 +1066,21 @@ If the value of a field is an object, the object's properties can be accessed. F ### "[!FieldName]" -In column and view formatting, you can refer to any field's metadata by specifying the **internal name** of the field surrounded by square brackets and preceded by a exclamation mark: `[!InternalName]`. +In column and view formatting, you can refer to any field's metadata by specifying the **internal name** of the field surrounded by square brackets and preceded by an exclamation mark: `[!InternalName]`. -Currently field's display name is available in this metadata, and can be accessed using DisplayName property: `[!SalesLead.DisplayName]`. +Currently field's display name is available in this metadata, and can be accessed using `DisplayName` property: `[!SalesLead.DisplayName]`. ### "@currentWeb" -This will evaluate to the absolute URL for the site. This is equivalent to the `webAbsoluteUrl` value within the page context. This value is only available in SharePoint Online. +This will evaluate the absolute URL for the site. This is equivalent to the `webAbsoluteUrl` value within the page context. This value is only available in SharePoint Online. ### "@me" -This will evaluate to the email address of the current logged in user. +This will evaluate the email address of the currently logged-in user. -This field can be used to display the current user's email address, but more likely it will be used within conditions. The following is an example of setting the color for a person field to red when it is equal to the current logged in user and blue otherwise: +This field can be used to display the current user's email address, but more likely it will be used within conditions. The following is an example of setting the color for a person field to red when it's equal to the currently logged-in user and blue otherwise: -```JSON +```json { "$schema": "https://developer.microsoft.com/json-schemas/sp/v2/column-formatting.schema.json", "elmType": "div", @@ -1068,7 +1106,7 @@ This field can be used to display the current user's email address, but more lik Here's the same sample from above, using the Excel-style expression syntax: -```JSON +```json { "$schema": "https://developer.microsoft.com/json-schemas/sp/v2/column-formatting.schema.json", "elmType": "div", @@ -1081,15 +1119,15 @@ Here's the same sample from above, using the Excel-style expression syntax: ### "@now" -This will evaluate to the current date and time. +This will evaluate the current date and time. ### "@rowIndex" -This will evaluate to the rendered index of a row within a view. This value is based on render position and will remain consistent based on position even as views are sorted and filtered. Indexes start at 0. This value is only available in SharePoint Online. +This will evaluate the rendered index of a row within a view. This value is based on render position and will remain consistent based on position even as views are sorted and filtered. Indexes start at 0. This value is only available in SharePoint Online. Here's an example of using the value within a view format to apply alternating styles to rows: -```JSON +```json { "$schema": "https://developer.microsoft.com/json-schemas/sp/view-formatting.schema.json", "additionalRowClass": "=if(@rowIndex % 2 == 0,'ms-bgColor-themeLighter ms-bgColor-themeLight--hover','')" @@ -1098,7 +1136,7 @@ Here's an example of using the value within a view format to apply alternating s ### "@window.innerHeight" -This will evaluate to a number equal to the height of the browser window (in pixels) when the list was rendered. +This will be evaluated to a number equal to the height of the browser window (in pixels) when the list is rendered. ### "@window.innerWidth" @@ -1106,21 +1144,21 @@ This will evaluate to a number equal to the width of the browser window (in pixe ### Thumbnails -In a document library, there is a series of tokens that can be used to retrieve the URL to the thumbnail of a file, including: +In a document library, there's a series of tokens that can be used to retrieve the URL to the thumbnail of a file, including: -- `@thumbnail.small`, `@thumbnail.medium`, and `@thumbnail.large` evaluate to the thumbnail URL in 3 different predefined sizes. -- `@thumbnail.` evaluates to the URL to the largest thumbnails that is not larger than the bounding size in both width and height. For example, `@thumbnail.150` evaluates to the URL to a thumbnail not larger than 150×150 pixels. -- `@thumbnail.x` evaluates to the URL to the largest thumbnail that is not larger than the bounding width and bounding height. For example, `@thumbnail.100x200` evaluates to the URL to a thumbnail not wider than 100 pixels and not higher than 200 pixels. +- `@thumbnail.small`, `@thumbnail.medium`, and `@thumbnail.large` evaluate the thumbnail URL in three predefined sizes. +- `@thumbnail.` evaluates the URL to the largest thumbnail that isn't larger than the bounding size in both width and height. For example, `@thumbnail.150` evaluates to the URL to a thumbnail not larger than 150×150 pixels. +- `@thumbnail.x` evaluates the URL to the largest thumbnail that isn't larger than the bounding width and bounding height. For example, `@thumbnail.100x200` evaluates to the URL to a thumbnail not wider than 100 pixels and not higher than 200 pixels. These tokens will yield no value on non-file items including folders. > [!NOTE] -> The aspect ratio of thumbnail generated is the same as how the file looks like, changing the bounding sizes will not affect the aspect ratio of the thumbnail. +> The aspect ratio of the thumbnail generated is the same as how the file looks, changing the bounding sizes will not affect the aspect ratio of the thumbnail. > [!TIP] > Thumbnails are only available for a list of supported file formats. It means that sometimes the URL generated is not accessible due to lack of support on certain formats. However, if a valid thumbnail token is set as the _only_ `src` attribute of an `img` tag, we will take care of it and hide the image when it is not available. -```JSON +```json { "$schema": "https://developer.microsoft.com/json-schemas/sp/v2/column-formatting.schema.json", "elmType": "img", @@ -1137,7 +1175,7 @@ These tokens will yield no value on non-file items including folders. Default file hover card using FileLeafRef -```JSON +```json { "elmType": "img", "style": { @@ -1154,24 +1192,24 @@ Default file hover card using FileLeafRef ### displayValue -The following column types can use displayValue property to get the default rendered value, based on the column setting +The following column types can use `displayValue` property to get the default-rendered value, based on the column setting: -* Date/Time -* Number -* Yes/No -* Currency -* Approval Status +- Date/Time +- Number +- Yes/No +- Currency +- Approval Status -```JSON +```json { "elmType": "div", "txtContent": "@currentField.displayValue" } ``` -This also works with field name +This also works with field name: -```JSON +```json { "elmType": "div", "txtContent": "[$FieldName.displayValue]" @@ -1180,12 +1218,12 @@ This also works with field name ### "@isSelected" -This will evaluate to `true` for selected item(s) in a view and `false` otherwise. +This will evaluate to `true` for the selected item(s) in a view and `false` otherwise. ### "@lcid" -This will evaluate to the LCID of current culture. This can be used to format the date, time and numbers. +This will evaluate to the LCID of the current culture. This can be used to format the date, time, and numbers. ### "@UIlcid" -This will evaluate to the LCID of current UI culture. This can be used to show localized display strings. +This will evaluate to the LCID of the current UI culture. This can be used to show localized display strings. diff --git a/docs/declarative-customization/get-started-create-site-design.md b/docs/declarative-customization/get-started-create-site-design.md index d9f1aeb12..92b22361c 100644 --- a/docs/declarative-customization/get-started-create-site-design.md +++ b/docs/declarative-customization/get-started-create-site-design.md @@ -19,55 +19,55 @@ Each action is specified by the "verb" value in the JSON script. Also, actions c 1. Download and install the [SharePoint Online Management Shell](https://www.microsoft.com/download/details.aspx?id=35588). If you already have a previous version of the shell installed, uninstall it first and then install the latest version. 1. Follow the instructions at [Connect to SharePoint Online PowerShell](https://technet.microsoft.com/library/fp161372.aspx) to connect to your SharePoint tenant. -1. Create - and assign the JSON that describes the new script - to a variable as shown in the following PowerShell code. You can view and reference the latest JSON schema file here: https://developer.microsoft.com/json-schemas/sp/site-design-script-actions.schema.json - - ```powershell - $site_script = ' - { - "$schema": "https://developer.microsoft.com/json-schemas/sp/site-design-script-actions.schema.json", - "actions": [ - { - "verb": "createSPList", - "listName": "Customer Tracking", - "templateType": 100, - "subactions": [ - { - "verb": "setDescription", - "description": "List of Customers and Orders" - }, - { - "verb": "addSPField", - "fieldType": "Text", - "displayName": "Customer Name", - "isRequired": false, - "addToDefaultView": true - }, - { - "verb": "addSPField", - "fieldType": "Number", - "displayName": "Requisition Total", - "addToDefaultView": true, - "isRequired": true - }, - { - "verb": "addSPField", - "fieldType": "User", - "displayName": "Contact", - "addToDefaultView": true, - "isRequired": true - }, - { - "verb": "addSPField", - "fieldType": "Note", - "displayName": "Meeting Notes", - "isRequired": false - } - ] - } - ] - } - ' - ``` +1. Create - and assign the JSON that describes the new script - to a variable as shown in the following PowerShell code. You can view and reference the latest JSON schema file: [https://developer.microsoft.com/json-schemas/sp/site-design-script-actions.schema.json](https://developer.microsoft.com/json-schemas/sp/site-design-script-actions.schema.json) + + ```powershell + $site_script = ' + { + "$schema": "https://developer.microsoft.com/json-schemas/sp/site-design-script-actions.schema.json", + "actions": [ + { + "verb": "createSPList", + "listName": "Customer Tracking", + "templateType": 100, + "subactions": [ + { + "verb": "setDescription", + "description": "List of Customers and Orders" + }, + { + "verb": "addSPField", + "fieldType": "Text", + "displayName": "Customer Name", + "isRequired": false, + "addToDefaultView": true + }, + { + "verb": "addSPField", + "fieldType": "Number", + "displayName": "Requisition Total", + "addToDefaultView": true, + "isRequired": true + }, + { + "verb": "addSPField", + "fieldType": "User", + "displayName": "Contact", + "addToDefaultView": true, + "isRequired": true + }, + { + "verb": "addSPField", + "fieldType": "Note", + "displayName": "Meeting Notes", + "isRequired": false + } + ] + } + ] + } + ' + ``` The previous script creates a new SharePoint list named **Customer Tracking**. It sets the description and adds four fields to the list. Note that each of these are considered an action. Site scripts are limited to 30 cumulative actions (across one or more scripts that may be called in a site template) if applied programmatically using the `Invoke-SPOSiteDesign` command. If they are applied through the UI or using the `Add-SPOSiteDesignTask` command then the limit is 300 cumulative actions (or 100K characters). @@ -102,13 +102,12 @@ C:\> Add-SPOSiteDesign The previous cmdlet creates a new site template named Contoso customer tracking. -| Parameter | Value | Site template type | -| :------------------- | :------------------- |:----------------| -| WebTemplate | 64 | Team site template | -| WebTemplate | 1 | Team site (with group creation disabled) | -| WebTemplate | 68 | Communication site template | -| WebTemplate | 69 | Channel site template | - +| Parameter | Value | Site template type | +| :---------- | :---- | :--------------------------------------- | +| WebTemplate | 64 | Team site template | +| WebTemplate | 1 | Team site (with group creation disabled) | +| WebTemplate | 68 | Communication site template | +| WebTemplate | 69 | Channel site template | The JSON response displays the **ID** of the new site template. You can use it in subsequent cmdlets to update or modify the site template. @@ -157,7 +156,6 @@ You can also use the `Set-SPOHubSite` cmdlet. Review the [PowerShell cmdlets for >[!NOTE] > [Channel sites](/sharepoint/teams-connected-sites) are automatically blocked from joining a hub site. - ## See also - [SharePoint site template and site script overview](site-design-overview.md) diff --git a/docs/declarative-customization/list-form-conditional-show-hide.md b/docs/declarative-customization/list-form-conditional-show-hide.md index 6a544ed16..1d4afe455 100644 --- a/docs/declarative-customization/list-form-conditional-show-hide.md +++ b/docs/declarative-customization/list-form-conditional-show-hide.md @@ -1,7 +1,7 @@ --- title: Show or hide columns in a list form description: Customize which columns to show or hide using a conditional formula in the list form by constructing a simple formula that are equations performing conditional checks on values in a SharePoint list or library. -ms.date: 06/28/2022 +ms.date: 07/28/2025 ms.localizationpriority: high --- @@ -27,7 +27,7 @@ To show or hide a column in a list or library form: 1. In the **Edit columns** pane, check (to show) or uncheck (to hide) the checkbox for the column or columns as needed. > [!NOTE] - > If you want to re-arrange the order of the columns, either drag-and-drop the column name, or first select the far right hand edge of the column name to display the options menu **(...)** and then select Move Up or Move Down as preferred. + > If you want to re-arrange the order of the columns, either drag-and-drop the column name or first select the far right-hand edge of the column name to display the options menu **(...)** and then select Move Up or Move Down as preferred. 1. When you're finished, select **Save**. @@ -38,7 +38,7 @@ You can show or hide columns in a list form based on another column's value by s To specify a conditional formula for a column, in the **Edit columns** pane: 1. Navigate to the desired column for which you want to set a conditional formula -1. Select the far right hand edge of the column name to display the options menu **(...)** +1. Select the far right-hand edge of the column name to display the options menu **(...)** 1. In the more options, select **Edit conditional formula**. 1. In the **Edit conditional formula** dialog: - To determine whether this column is shown or hidden, specify a conditional formula based on the value of another column. @@ -56,21 +56,22 @@ For example, the following formula checks if the value for the *Category* column =if([$Category] == 'Product Management', 'true', 'false') ``` -Returning _true_ results in showing the column on the form while returning _false_ hides the column. +Returning _true_ shows the column on the form while returning _false_ hides the column. -The column is represented by specifying the **internal name** of the field surrounded by square brackets and preceded by a dollar sign: `[$InternalName]`. For example, to get the value of a field with an internal name of "ProductName", use `[$ProductName]`. +The column is represented by specifying the **internal name** of the field preceded by a dollar sign and surrounded by square brackets: `[$InternalName]`. For example, to get the value of a field with an internal name of "ProductName", use `[$ProductName]`. #### Unsupported column types in conditional formulas While the formula supports many of the available column types, we do not currently support the following column types: -* Person or Group with multiple selections -* Choice with multiple selections -* Time calculations in Date and Time column -* Currency columns -* Location columns -* Calculated columns -* Managed Metadata columns +- Person or Group with multiple selections +- Choice with multiple selections +- Lookup with multiple selections +- Time calculations in **Date and Time** column +- Currency columns +- Location columns +- Calculated columns +- Managed Metadata columns #### Quick formula reference @@ -98,7 +99,7 @@ You can also do arithmetic calculations, such as adding the value of two columns ##### Date column -The following formula checks if the date column `[$StartDate]` is equal to a specific date. To do so, it uses the *Date()* function to convert a given string into a date: +The following formula checks if the date column `[$StartDate]` equals a specific date. To do so, it uses the *Date()* function to convert a given string into a date: ``` =if([$StartDate] == Date('4/6/2020'), 'true', 'false') @@ -126,17 +127,26 @@ The following formula checks if an email of person column `[$Owner]` is equal to ##### Boolean (Yes/No) column -The following formula checks if the Yes/No column `[$Promoted]` is equal to a Yes. To do so, it checks for the value _true_ which maps to _Yes_ for users. +The following formula checks if the Yes/No column `[$Promoted]` equals a Yes. To do so, it checks for the value _true_ which maps to _Yes_ for users. ``` =if([$Promoted] == true, 'true', 'false') ``` +The following are also valid: + +``` +=if([$Promoted], 'true', 'false') +``` + +``` +=[$Promoted] +``` + ##### Lookup column > [!NOTE] -> When accessing lookup columns in column or view formatting, you have access to the lookup value and lookup id as separate values. In form formatting and conditional field expressions, both values are returned as a single line of text. For instance, a lookup column referencing an item with item ID 1 (in the source list) with a value of `Toronto` will have a value of `1;#Toronto` when used in form formatting or conditional field expressions. - +> When accessing lookup columns in a column or view formatting, you can access the lookup value and lookup id as separate values. In form formatting and conditional field expressions, both values are returned as a single line of text. For instance, a lookup column referencing an item with item ID 1 (in the source list) with a value of `Toronto` will have a value of `1;#Toronto` when used in form formatting or conditional field expressions. The following formula checks if the lookup column `[$City]` has a value equal to *Toronto*. To do so, it splits the lookup value result by the separator and checks against the value. diff --git a/docs/declarative-customization/list-form-configuration.md b/docs/declarative-customization/list-form-configuration.md index 0a1ea1cab..ab641654f 100644 --- a/docs/declarative-customization/list-form-configuration.md +++ b/docs/declarative-customization/list-form-configuration.md @@ -7,9 +7,9 @@ ms.localizationpriority: high # Configure the list form -You can configure the list form in a list or library with a custom header, footer and the form body with one or more sections with fields in each of those sections. The form configuration does not change the data in the list item or file; it only changes how the form is displayed to users who browse the list or library. Anyone who can create and manage views in a list can use form configuration to configure the form with header, footer and body with sections. +You can configure the list form in a list or library with a custom header, footer and the form body with one or more sections with fields in each of those sections. The form configuration does not change the data in the list item or file; it only changes how the form is displayed to users who browse the list or library. Anyone who can create and manage views in a list can use form configuration to configure the form with header, footer, and body with sections. -To configure a form, you will use JSON formatters that you are already familiar with when formatting a [column](column-formatting.md) or a [view](view-formatting.md) in a list or library. Form configuration allows for certain predefined elements and attributes to build the custom header, footer and body with one or more sections. +To configure a form, you will use JSON formatters that you are already familiar with when formatting a [column](column-formatting.md) or a [view](view-formatting.md) in a list or library. Form configuration allows for certain predefined elements and attributes to build the custom header, footer, and body with one or more sections. ## Get started @@ -18,23 +18,24 @@ To configure the form in a list or library: 1. Go to the list or library for which you want to configure the form. 1. If you are in a list: - - Open an item to view the item details in the display form. + - Open an item to view the item details in the display form. 1. If you are in a document library: - - Select a file. - - Select ... - - Select More - - Select Properties + - Select a file. + - Select ... + - Select More + - Select Properties 1. At the top of the form, expand **Edit Form** icon and then select **Configure layout** ![Configure list form](images/list-form-configuration-menu.png) 1. In the **Format** pane, you can choose to apply formatting to the following form sections: - - Header - - Body - - Footer + + - Header + - Body + - Footer ## Configure custom header @@ -50,66 +51,67 @@ To configure the form in a list or library: ```JSON { - "elmType": "div", - "attributes": { - "class": "ms-borderColor-neutralTertiary" - }, - "style": { - "width": "99%", - "border-top-width": "0px", - "border-bottom-width": "1px", - "border-left-width": "0px", - "border-right-width": "0px", - "border-style": "solid", - "margin-bottom": "16px" - }, - "children": [ + "elmType": "div", + "attributes": { + "class": "ms-borderColor-neutralTertiary" + }, + "style": { + "width": "99%", + "border-top-width": "0px", + "border-bottom-width": "1px", + "border-left-width": "0px", + "border-right-width": "0px", + "border-style": "solid", + "margin-bottom": "16px" + }, + "children": [ + { + "elmType": "div", + "style": { + "display": "flex", + "box-sizing": "border-box", + "align-items": "center" + }, + "children": [ { - "elmType": "div", - "style": { - "display": "flex", - "box-sizing": "border-box", - "align-items": "center" - }, - "children": [ - { - "elmType": "div", - "attributes": { - "iconName": "Group", - "class": "ms-fontSize-42 ms-fontWeight-regular ms-fontColor-themePrimary", - "title": "Details" - }, - "style": { - "flex": "none", - "padding": "0px", - "padding-left": "0px", - "height": "36px" - } - } - ] - }, + "elmType": "div", + "attributes": { + "iconName": "Group", + "class": "ms-fontSize-42 ms-fontWeight-regular ms-fontColor-themePrimary", + "title": "Details" + }, + "style": { + "flex": "none", + "padding": "0px", + "padding-left": "0px", + "height": "36px" + } + } + ] + }, + { + "elmType": "div", + "attributes": { + "class": "ms-fontColor-neutralSecondary ms-fontWeight-bold ms-fontSize-24" + }, + "style": { + "box-sizing": "border-box", + "width": "100%", + "text-align": "left", + "padding": "21px 12px", + "overflow": "hidden" + }, + "children": [ { - "elmType": "div", - "attributes": { - "class": "ms-fontColor-neutralSecondary ms-fontWeight-bold ms-fontSize-24" - }, - "style": { - "box-sizing": "border-box", - "width": "100%", - "text-align": "left", - "padding": "21px 12px", - "overflow": "hidden" - }, - "children": [ - { - "elmType": "div", - "txtContent": "='Contact details for ' + [$Title]" - } - ] + "elmType": "div", + "txtContent": "='Contact details for ' + [$Title]" } - ] + ] + } + ] } ``` + 1. To preview your changes, click the **Preview** button. 1. To save your changes, click the **Save** button. 1. Close and open the form again to view the custom header. @@ -172,7 +174,7 @@ To configure the form in a list or library: - One or more sections can be defined for a body. - Each section can reference one or more columns in the list or library. - A column can be referenced only in one section. - - If a column is referenced in multiple sections, the first section where the column is referenced will take the precedence. + - If a column is referenced in multiple sections, the first section where the column is referenced will take precedence. - A column not referenced in any of the sections will be automatically referenced in the last section. - New columns added will be automatically referenced in the last section. @@ -180,23 +182,23 @@ To configure the form in a list or library: ```JSON { - "sections": [ - { - //give a display name for the section - "displayname": "", - "fields": [ - //reference your fields here using their display name - "Title" - ] - }, - { - //give a display name for the section - "displayname": "", - "fields": [ - //reference your fields here using their display name - ] - } - ] + "sections": [ + { + //give a display name for the section + "displayname": "", + "fields": [ + //reference your fields here using their display name + "Title" + ] + }, + { + //give a display name for the section + "displayname": "", + "fields": [ + //reference your fields here using their display name + ] + } + ] } ``` @@ -204,30 +206,30 @@ To configure the form in a list or library: ```JSON { - "sections": [ - { - "displayname": "", - "fields": [ - "Title" - ] - }, - { - "displayname": "Details", - "fields": [ - "Department", - "Email", - "Country" - ] - }, - { - "displayname": "Application", - "fields": [ - "Application Id", - "Approver", - "Reviewer" - ] - } - ] + "sections": [ + { + "displayname": "", + "fields": [ + "Title" + ] + }, + { + "displayname": "Details", + "fields": [ + "Department", + "Email", + "Country" + ] + }, + { + "displayname": "Application", + "fields": [ + "Application Id", + "Approver", + "Reviewer" + ] + } + ] } ``` @@ -241,3 +243,60 @@ To configure the form in a list or library: 1. To preview your changes, click the **Preview** button. 1. To save your changes, click the **Save** button. 1. Close and open the form again to view the custom body. + + +## Custom Formatter for Read-Only Fields + +### Introduction + +Microsoft Lists offers a powerful way to organize information and collaborate with your team. With the rise of AI-based list item creation, users often need to view but not edit certain fields — like system-generated data or bot-added details. To meet this need, a new custom formatter feature is proposed to allow fields to appear as read-only in list forms. + +### Why Read-Only Fields Matter + +Currently, read-only fields are hidden from New Item and Edit forms. This creates challenges when AI bots or automated processes create items containing critical data that users need to see but not modify. For example: + +- A bot creates a customer service ticket with Issue details Issue Title, Issue Description. +- Users should see this information to take actions (e.g., send an email), but not be able to change it. + +The new custom formatter solves this by allowing these fields to display as read-only. + +### How the Custom Formatter Works + +The custom formatter introduces a new JSON configuration to mark fields as read-only in the form views. + +### JSON Structure + +```json +{ + "sections": [{}], + "fieldsettings": [ + { + "name": "fieldName", + "readonly": true + } + ] +} +``` + +- name: The internal name of the field. +- readonly: When set to true, the field is displayed as read-only. + +### Behavior in Different Form Views + +The custom formatter ensures a consistent user experience: + +- New Item form: The read-only field will not be shown. +- Edit form: The field is displayed without an editable textbox, similar to a Calculated Column. +- Edit all mode: The field remains visible and uneditable. + +The Save button works as expected — no accidental modifications to the read-only fields. + +### Example Use Case + +Imagine a CRM bot creating tickets with pre-filled Issue details. Using this formatted: + +- Issue Title (read-only): Users can see and copy the Issue Title but can't modify it. +- Issue Description (read-only): Users can see and copy the Issue Description but can't modify it. +- Issue Source (read-only): Users can click on the Issue source link but can't modify it. + +![image](https://github.com/user-attachments/assets/74c21844-a966-4930-93bb-cce10d69fa0e) diff --git a/docs/declarative-customization/site-design-json-schema.md b/docs/declarative-customization/site-design-json-schema.md index 207b3a4dc..2ed0397a6 100644 --- a/docs/declarative-customization/site-design-json-schema.md +++ b/docs/declarative-customization/site-design-json-schema.md @@ -1,7 +1,7 @@ --- title: Site template JSON schema description: JSON schema reference for building site templates for SharePoint. -ms.date: 09/23/2022 +ms.date: 11/18/2024 ms.localizationpriority: high --- @@ -18,9 +18,7 @@ The overall JSON structure is specified as follows: ... ... - ], - "bindata": { }, - "version": 1 + ] } ``` @@ -432,7 +430,7 @@ Associates a ListViewCommandSet to the list #### JSON values - `title`: The title of the extension. -- `location`: A required parameter to specify where the command is displayed. Options are: ContextMenu or CommandBar. +- `location`: A required parameter to specify where the command is displayed. Options are: ClientSideExtension.ListViewCommandSet.ContextMenu or ClientSideExtension.ListViewCommandSet.CommandBar. - `clientSideComponentId`: The identifier (GUID) of the extension in the App Catalog. This property value can be found in the manifest.json file or in the elements.xml file. - `clientSideComponentProperties`: An optional parameter, which can be used to provide properties for the extension instance. @@ -466,7 +464,7 @@ Associates a ListViewCommandSet to the list { "verb": "associateListViewCommandSet", "title": "HelloWorld", - "location": "CommandBar", + "location": "ClientSideExtension.ListViewCommandSet.CommandBar", "clientSideComponentId": "13234283-d6c2-408f-a9ef-31a920c8ae78", "clientSideComponentProperties": "{\"sampleText\":\"added by a site template\"}" } diff --git a/docs/declarative-customization/site-design-o365cli.md b/docs/declarative-customization/site-design-o365cli.md index 1dd252859..6282f7491 100644 --- a/docs/declarative-customization/site-design-o365cli.md +++ b/docs/declarative-customization/site-design-o365cli.md @@ -1,7 +1,7 @@ --- title: SharePoint site design - CLI for Microsoft 365 commands description: Use the CLI for Microsoft 365 to create, retrieve, and remove site designs and site scripts. -ms.date: 06/28/2022 +ms.date: 06/27/2024 ms.localizationpriority: high --- @@ -17,7 +17,7 @@ To run the CLI for Microsoft 365 commands, you'll need to do the following: 1. Download and install [NodeJS LTS version](https://nodejs.org/en/) 1. Follow the instructions at [Installing the CLI](https://pnp.github.io/cli-microsoft365/user-guide/installing-cli/) to install the CLI for Microsoft 365 on your machine -1. Follow the instructions at [Logging in to Office 365](https://pnp.github.io/cli-microsoft365/user-guide/connecting-office-365/) to connect to your SharePoint tenant. +1. Follow the instructions at [Logging in to Office 365](https://pnp.github.io/cli-microsoft365/user-guide/connecting-microsoft-365) to connect to your SharePoint tenant. To verify your setup and connection, try using the [sitedesign list](https://pnp.github.io/cli-microsoft365/cmd/spo/sitedesign/sitedesign-list) command to read the current list of site designs. If the cmdlet runs and returns with no errors, you're ready to proceed. diff --git a/docs/declarative-customization/site-design-overview.md b/docs/declarative-customization/site-design-overview.md index 287b7a836..701efedc2 100644 --- a/docs/declarative-customization/site-design-overview.md +++ b/docs/declarative-customization/site-design-overview.md @@ -1,7 +1,7 @@ --- title: SharePoint site template and site script overview description: Use SharePoint site scripts and site templates to provide custom configurations to apply when new sites are created. -ms.date: 06/28/2022 +ms.date: 01/22/2025 ms.localizationpriority: high --- @@ -10,12 +10,12 @@ ms.localizationpriority: high > [!NOTE] > - Site templates and site scripts are currently only supported by SharePoint Online. > - In previous versions of SharePoint, site templates were called site designs but will be referred to as site templates moving forward. -> - SharePoint has a new site template experience that will be available to all SharePoint users with permissions to create SharePoint sites. [Learn more about the new site template experience](https://support.microsoft.com/office/apply-and-customize-sharepoint-site-templates-39382463-0e45-4d1b-be27-0e96aeec8398?ui=en-US&rs=en-US&ad=US). +> - SharePoint has a new site template experience that will be available to all SharePoint users with permission to create SharePoint sites. [Learn more about the new site template experience](https://support.microsoft.com/office/apply-and-customize-sharepoint-site-templates-39382463-0e45-4d1b-be27-0e96aeec8398?ui=en-US&rs=en-US&ad=US). > - As of today, the site template experience cannot be disabled. > - Site templates created by your organization and set as the default template will automatically apply when new sites are created but can be updated by the site owner by selecting **Settings** and then **Apply a site template.** > - Site template version history is not currently available for the new site template experience but will be included in future iterations. -Use site templates and site scripts to automate provisioning new or existing modern SharePoint sites that use your own custom configurations. +Use site templates and site scripts to automate the provisioning of new or existing modern SharePoint sites that use your own custom configurations. When people in your organization create new SharePoint sites, you often need to ensure some level of consistency. For example, you may need proper branding and theming applied to each new site. You may also have detailed site provisioning scripts, such as using the PnP provisioning engine, that need to be applied each time a new site is created. @@ -23,11 +23,11 @@ This article describes how you can use site templates and site scripts to provid ## How site templates work -Site templates can be used each time a new site is created to apply a consistent set of actions. They can also be applied to existing modern sites (group-connected Team and Communication sites). Most actions typically affect the site itself, such as setting the theme or creating lists. But a site template can also include other actions, such as recording the new site URL to a log, or sending a tweet. +Site templates can be used each time a new site is created to apply a consistent set of actions. They can also be applied to existing modern sites (group-connected Team and Communication sites). Most actions typically affect the site itself, such as setting the theme or creating lists. But a site template can also include other actions, such as recording the new site URL to a log or sending a tweet. > [!NOTE] > - Site templates created using custom site scripts will display in the **From your organization** tab in the site template gallery. -> - Custom site templates made by your organization will display in the site template gallery based on the type of site chosen by the user - either a communication site or a team site. Therefore, it is likely users will not see all site templates from your organization in the site template gallery. Soon, users will have the ability to browse all site templates provided by your organization regardless of which type of site was chosen. +> - Custom site templates made by your organization will be displayed in the site template gallery based on the type of site chosen by the user - either a communication site or a team site. Therefore, it is likely users will not see all site templates from your organization in the site template gallery. Soon, users will have the ability to browse all site templates provided by your organization regardless of which type of site was chosen. You create site templates and register them in SharePoint to one of the modern template sites: the Team site or the Communication site. You can see how this works in the following steps. @@ -38,14 +38,14 @@ You create site templates and register them in SharePoint to one of the modern t 1. Choose the type of site needed. - - SharePoint will automatically create a communication site using the **Topic** site template. - - Had you chosen the default Team site, SharePoint will create a new site using the **Team collaboration** template. + - SharePoint will automatically create a communication site using the **Standard communication** site template. + - Had you chosen the default Team site, SharePoint will create a new site using the **Standard team** template. For more information about how you can change the default site templates, see [Customize a default site template](customize-default-site-design.md). 1. Navigate to the **Settings** icon, and select **Apply site template** to review Microsoft-provided site templates based on the type of site you chose in step three. -When a site template is selected, SharePoint creates the new site, and runs site scripts for the site template. The site scripts provide the details for the template such as creating new lists or applying a theme. These script actions are run in the background. When the scripts are complete the page will refresh to display the site script details. +When a site template is selected, SharePoint creates the new site and runs site scripts for the site template. The site scripts provide the details for the template such as creating new lists or applying a theme. These script actions are run in the background. When the scripts are complete the page will refresh to display the site script details. > [!NOTE] > Site templates can now be applied to previously created modern site collections. For more information, see the [REST API](site-design-rest-api.md) and [PowerShell](site-design-powershell.md) articles. @@ -102,8 +102,7 @@ The following example is a script that has two top-level actions. First, it appl } ] } - ], - "version": 1 + ] } ``` @@ -113,7 +112,7 @@ Each action in a site script is specified by a **verb** value in the JSON. In th - Creating a new list or library (or modifying the default one created with the site) - Creating site columns, content types, and configuring other list settings -- Set site branding properties like navigation layout, header layout and header background +- Set site branding properties like navigation layout, header layout, and header background - Applying a theme** - Setting a site logo - Adding links to quick launch or hub navigation** @@ -130,7 +129,7 @@ For a complete list of available actions and their parameters, see the [JSON sch > - Actions marked with ** are automatically blocked for [channel sites](/sharepoint/teams-connected-sites). > - For libraries and lists, use the PowerShell command [Get-SPOSiteScriptFromList](/powershell/module/sharepoint-online/Get-SPOSiteScriptFromList) to create the site script syntax from an existing SharePoint list. -Site scripts can be run again on the same site after provisioning. Site scripts are non-destructive, so when they run again, they ensure that the site matches the configuration in the script. +Site scripts can be run again on the same site after provisioning. They are non-destructive, so when they are run again, they ensure that the site matches the configuration in the script. For example, if the site already has a list with the same name that the site script is creating, the site script will only add missing fields to the existing list. @@ -140,7 +139,7 @@ There is also a limit of 100 site scripts and 100 site templates per tenant. ## Using PowerShell or REST to work with site templates and site scripts -You can create site templates and site scripts by using PowerShell or the REST API. The following example creates a site script and a site template that uses the site script. +You can create site templates and scripts using PowerShell or the REST API. The following example creates a site script and a site template that uses the script. @@ -168,7 +167,7 @@ In the previous example, the **Add-SPOSiteScript** cmdlet or **CreateSiteScript* | Parameter | Value | Site template type | | :------------------- | :------------------- |:----------------| | WebTemplate | 64 | Team site template | -| WebTemplate 1 | 1 | Team site (with group creation disabled) | +| WebTemplate | 1 | Team site (with group creation disabled) | | WebTemplate | 68 | Communication site template | | WebTemplate | 69 | Channel site template | diff --git a/docs/declarative-customization/site-design-trigger-flow-tutorial.md b/docs/declarative-customization/site-design-trigger-flow-tutorial.md index 4515f351c..285da5ad0 100644 --- a/docs/declarative-customization/site-design-trigger-flow-tutorial.md +++ b/docs/declarative-customization/site-design-trigger-flow-tutorial.md @@ -1,7 +1,7 @@ --- title: Using site designs and Power Automate to track site creation requests description: Invoke a Power Automate flow using the site script triggerFlow action to capture the site creation event and build a site directory. This tutorial is intended to illustrate a simple example of using site designs and Power Automate. -ms.date: 06/28/2022 +ms.date: 06/05/2024 ms.localizationpriority: high --- @@ -68,7 +68,7 @@ In order to capture the site creation event and create the corresponding list it "type": "string" }, "creatorEmail": { - "type": "string" + "type": ["string", "null"] }, "createdTimeUTC": { "type": "string" diff --git a/docs/declarative-customization/site-theming/sharepoint-site-theming-json-schema.md b/docs/declarative-customization/site-theming/sharepoint-site-theming-json-schema.md index 7fa2f83d0..db182d93b 100644 --- a/docs/declarative-customization/site-theming/sharepoint-site-theming-json-schema.md +++ b/docs/declarative-customization/site-theming/sharepoint-site-theming-json-schema.md @@ -1,7 +1,7 @@ --- title: SharePoint site theming - JSON schema description: The new SharePoint site theming features use a JSON schema to store color settings and other information about each theme. -ms.date: 10/20/2022 +ms.date: 08/08/2024 ms.localizationpriority: high --- @@ -95,7 +95,18 @@ The SharePoint Framework includes eight built-in themes: six on light background Another option is to use the [Theme Generator tool](https://aka.ms/themedesigner) to build a custom theme. It provides an interactive UI for selecting theme colors, and automatically generates the JSON, SASS, and PowerShell definitions for your custom theme. > [!NOTE] -> The theme generator definitions do not currently include the "error" or "accent" color slots. These can be manually added to your generated definition before uploading to the tenant. +> The theme generator definitions do not currently include the following color slots and key/value pairs: +> +> - "primaryBackground" +> - "primaryText" +> - "bodyBackground" +> - "bodyText" +> - "disabledBackground" +> - "disabledText" +> - "error" +> - "accent" +> +> These can be manually added to your generated definition before uploading to the tenant. ![Theme Generator tool](../../images/theme-generator-tool.png) diff --git a/docs/declarative-customization/site-theming/sharepoint-site-theming-overview.md b/docs/declarative-customization/site-theming/sharepoint-site-theming-overview.md index 4f4856987..5762ad676 100644 --- a/docs/declarative-customization/site-theming/sharepoint-site-theming-overview.md +++ b/docs/declarative-customization/site-theming/sharepoint-site-theming-overview.md @@ -1,7 +1,7 @@ --- title: SharePoint site theming description: New options for applying custom styles and colors to sites that make it easier to define and manage themes across site collections. -ms.date: 02/16/2023 +ms.date: 04/23/2025 ms.localizationpriority: high --- @@ -80,7 +80,7 @@ To do this, you must use a Windows PowerShell script with a CSOM (client-side ob [!INCLUDE [pnp-powershell](../../../includes/snippets/open-source/pnp-powershell.md)] -1. Enter `Connect-PnPOnline -Url -UseWebLogin` (replacing `` with the url of the site you wish to opt out of). +1. Enter `Connect-PnPOnline -Url -Interactive -ClientId ` (replacing `` with the URL of the site you wish to connect to, and `` with the Client ID of your [registered Entra ID (Azure AD)](https://pnp.github.io/powershell/articles/registerapplication.html) application). 1. Enter your credentials when prompted. 1. To opt out of the site, you need to enable a feature: diff --git a/docs/declarative-customization/view-commandbar-formatting.md b/docs/declarative-customization/view-commandbar-formatting.md index 3ae8b0563..f7f56e8e3 100644 --- a/docs/declarative-customization/view-commandbar-formatting.md +++ b/docs/declarative-customization/view-commandbar-formatting.md @@ -1,21 +1,24 @@ --- title: Command bar customization syntax reference description: Command bar customization syntax reference -ms.date: 08/12/2022 +ms.date: 05/21/2025 ms.localizationpriority: high --- # Command bar customization syntax reference -Command bar customization helps personalize a list to suit specific requirements. The JSON based feature allows basic changes to the command bar, including modification of icon and/or text, hiding existing options or repositioning commands. +Command bar customization helps personalize a list to suit specific requirements. The JSON-based feature allows basic changes to the command bar, including modification of icon and/or text, hiding existing options, or repositioning commands. ## commandBarProps + Properties for Command bar customization. Valid in all types of layouts. ## commands -Array of JSON objects to specify the commands for customization. + +An array of JSON objects is used to specify the commands for customization. ## key + Mandatory property to uniquely identify a command in the Command bar. Valid keys include: ```javascript @@ -83,25 +86,64 @@ Mandatory property to uniquely identify a command in the Command bar. Valid keys 'addShortcut' 'pinToQuickAccess' 'unpinFromQuickAccess' +'manageForms' +'favoriteCommand' +'createCopilot' ``` +## ⚠️ Recent updates to `commandBarCustomization` Keys + +> Some keys in the commandBarCustomization schema have been updated. To ensure your custom formatter functions correctly, please update your existing JSON to reflect these new keys. +> +> | Original Key | New Key | +> |--------------|-------------| +> | `new` | `newComposite` (Document Library)| +> | `upload` | `UploadCommand` | +> | `sync` | `syncCommand` | +> | `addShortcut`| `addShortcutToOneDriveCommand` | +> | `pinToQuickAccess` | `PinToQuickAccessCommand` | +> | `pinItem` | `pinItemCommand` | +> | `properties` | `propertiesCommand` | +> | `versionHistory` | `versionHistoryCommand` (currently not working) | +> +> Additionally, the following new command keys are now available: +> > +> - `stasherContextMenuCommand` (Add shortcut) +> - `stasherCommand.myFiles` (Add shortcut --> my Files) +> - `stasherCommand.otherLocations` (Add shortcut --> Other locations) +> - `PublishCommand` +> - `complianceDetails` (right click context menu --> More --> Compliance details) +> - `more` (right click context menu --> More) +> - `previewFileCommand` (right click context menu --> Preview) +> +> Please note that the JSON schema at https://developer.microsoft.com/json-schemas/sp/v2/command-bar-formatting.schema.json has not yet been updated to reflect these new command keys. + +> [!IMPORTANT] +> Command bar customizations also affect the item context menu (right-click menu). If a command is hidden in the command bar, it will also be hidden in the context menu. + ## hide + An optional property that specifies the condition to hide a particular command. The value of this property can either be a boolean, string or an Expression object. `false` is the default behavior (meaning the command is visible). `true` means that the command will be hidden. ## text -An optional property that specifies the text to be displayed as the name of the command. The value of this property can either be a string or an Expression object. If the value is not provided then the default name of the command will be shown. + +An optional property that specifies the text to be displayed as the name of the command. The value of this property can either be a string or an Expression object. If the value is not provided, then the default name of the command will be shown. ## title -An optional property that specifies the tooltip text to be displayed in the command. The value of this property can either be a string or an Expression object. If the value is not provided then the default tooltip of the command will be shown. + +An optional property that specifies the tooltip text to be displayed in the command. The value of this property can either be a string or an Expression object. If the value is not provided, then the default tooltip of the command will be shown. ## iconName -An optional property that specifies the [Fluent UI](https://developer.microsoft.com/fluentui#/) icon to be displayed in the command. The value of this property can either be a string or an Expression object. If the value is not provided then the default icon of the command will be shown. + +An optional property that specifies the [Fluent UI](https://developer.microsoft.com/fluentui#/) icon to be displayed in the command. The value of this property can either be a string or an Expression object. If the value is not provided, then the default icon of the command will be shown. ## primary + An optional property that specifies the condition to apply primary button styling to a command. The value of this property can either be a boolean, string or an Expression object. `false` is the default behavior (meaning the default style will be applied). `true` means the primary button styling will be applied to the command only if the command is placed at the 0th position in the command bar. The following example shows a sample Command bar formatting JSON to do the following: -- Hide the 'New' command,. + +- Hide the 'New' command. - Update the text and icon of 'Edit in grid view' command and add primary button styling to it. - Remove the icon from 'Share' command and update the tooltip text of it. @@ -130,17 +172,21 @@ The following example shows a sample Command bar formatting JSON to do the follo ``` ## position -An optional property that specifies the position where the command will be placed in the command bar. The value of this property can either be a number, string or an Expression object. If the value is not provided then the command will be placed in it's default position. This property follows zero-based indexing. + +An optional property that specifies the position where the command will be placed in the command bar. The value of this property can either be a number, a string, or an Expression object. If the value is not provided then the command will be placed in it's default position. This property follows zero-based indexing. ## sectionType + An optional property that specifies the section where the customized command will be placed in the command bar. The following strings are valid values for this property: + - Primary - Overflow The following example shows a sample Command bar formatting JSON to do the following: + - Puts the 'New' command at the third position in the primary section of the Command bar. -- Puts the 'Share' command at the second position in the overflow menu of the Command bar. -- Puts the 'Alert me' command at the fourth position in the primary section of theCommand bar. +- Puts the 'Share' command in the second position in the overflow menu of the Command bar. +- Puts the 'Alert me' command at the fourth position in the primary section of the Command bar. ```JSON { @@ -166,12 +212,15 @@ The following example shows a sample Command bar formatting JSON to do the follo ``` ## selectionModes -An optional property that specifies the selection modes in which the command customization will be applied. If the value is not provided then the customization will be applied in all the selection modes in which the command is available. The value of this property can be array of strings where the following strings are allowed: + +An optional property that specifies the selection modes in which the command customization will be applied. If the value is not provided, then the customization will be applied in all the selection modes in which the command is available. The value of this property can be an array of strings where the following strings are allowed: + - NoSelection - SingleSelection - MultiSelection The following example shows a sample Command bar formatting JSON to do the following: + - Update the text of 'Share' command if the selected item has 'NumberField' column value 3 - Update the text of 'Delete' command only if multiple items are selected. diff --git a/docs/design/accessibility.md b/docs/design/accessibility.md index fa1126333..393091803 100644 --- a/docs/design/accessibility.md +++ b/docs/design/accessibility.md @@ -84,7 +84,7 @@ Users who have vision impairments rely on screen readers to navigate the site UI ## Alt text and transcripts -Use alt text to provide descriptions of images that can be consumed by screen readers. This is useful for vision-impaired users who cannot consume information visually. Make sure that your alt text is descriptive, keeping in mind that some readers are relying on a screen reader to access the information conveyed in the image. +Use alt text to provide descriptions of images that can be consumed by screen readers. This is useful for users who have visual impairments who cannot consume information visually. Make sure that your alt text is descriptive, keeping in mind that some readers are relying on a screen reader to access the information conveyed in the image. Don't rely only on color to convey meaning; rely on both color and shape. @@ -92,7 +92,7 @@ To be fully compliant with accessibility standards, include alt text and a compl ## Minimum readable contrast -A minimum level of contrast is essential to help users with vision impairments consume the content on the page. It is also important to aid readability in low light and glare situations. +A minimum level of contrast is essential to help users who have visual impairments consume the content on the page. It is also important to aid readability in low light and glare situations. The following image shows theme colors on the left and neutral colors on the right. diff --git a/docs/design/design-guidance-overview.md b/docs/design/design-guidance-overview.md index 74fef36f4..1566fe91e 100644 --- a/docs/design/design-guidance-overview.md +++ b/docs/design/design-guidance-overview.md @@ -40,6 +40,44 @@ Accessibility is developing an equal experience for all users that enables indiv +## SharePoint Web UI Kit in Figma + +![Screenshot 2024-10-02 134843](https://github.com/user-attachments/assets/c6f4eb87-abf2-48ca-b5f2-f35ee98883c1) + +The SharePoint Web UI Kit empowers you to design communication and team sites for desktop, tablet and mobile in Figma. ​This kit delivers a set of web parts, style options, templates, and detailed guidance so you can quickly design engaging sites and pages in Figma. Figma is a subscription-based application that is the industry standard tool for web design, and provides an alternative to designing sites and pages outside of SharePoint. + +[Access the kit in Figma Community](https://aka.ms/SPWebUIkit) + +[Watch a live demo on YouTube with the product team](https://youtu.be/2UPchEYhuxI?si=x8ZWEBe3YZQL3Dkp) + +### Design without organizational limitations + +This UI kit provides SharePoint users with another tool in their toolbox. While building a page in SharePoint is easy, we wanted to provide the ability to mockup sites and pages. It allows you to explore different design options for your site without the limitation of admin privileges and tenant restrictions, and doesn’t expose organization data. + +Figma mockups provide a quick snapshot of SharePoint updates which business stakeholders can use to plan and make decisions. They can provide appropriate requirements and use this UI kit in collaboration with their design team to iterate in the life cycle of your organization's intranet. + +### Share designs with ease + +This UI kit provides you with page layouts and a selection of web parts to allow you to mockup and share new ideas across organizations and companies. Figma gives you the flexibility of reviewing and sharing your designs without having to spend time and resources creating it in SharePoint. Figma also allows you to download your designs into easy-to-use formats that can be used in documentation and presentations. Learn more at https://www.figma.com/ + +Note that Figma does not build the pages in SharePoint, so once you finalize a design in Figma, you will need to build it in SharePoint. You should evaluate if Figma is the right solution for mocking up sites and pages for SharePoint. + +### Community feedback + +Please tell us what’s missing, what doesn’t work for you, and where your biggest challenges are by leaving a comment on the [Figma SharePoint Web UI kit page](https://aka.ms/SPWebUIkit). + +### Past Tech Community blog posts for each SharePoint Web UI Kit release + +v3.0: [Figma Variables and new components available (v3.0.0) in the SharePoint Web UI Kit](https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/figma-variables-and-new-components-available-v3-0-0-in-the/ba-p/4180339) + +v2.2: [SharePoint Web UI Kit - New Figma web part components available (v2.2) and feedback requested](https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/sharepoint-web-ui-kit-new-figma-web-part-components-available-v2/ba-p/4031084) + +v2.1: [New web parts available in the SharePoint Web UI kit!](https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/new-web-parts-available-in-the-sharepoint-web-ui-kit/ba-p/3956251) + +v2.0: [Updated content for the SharePoint Web UI kit!](https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/updated-content-for-the-sharepoint-web-ui-kit/ba-p/3905250) + +v1.0: [Introducing a new SharePoint Web UI kit!](https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/introducing-a-new-sharepoint-web-ui-kit/ba-p/3870293) + ## See also - [Overview of SharePoint Framework](../spfx/sharepoint-framework-overview.md) diff --git a/docs/design/themes-colors.md b/docs/design/themes-colors.md index 458bb1de4..d2eee4ec8 100644 --- a/docs/design/themes-colors.md +++ b/docs/design/themes-colors.md @@ -1,7 +1,7 @@ --- title: SharePoint themes and colors description: Design principles that help form the current SharePoint themes and color palette. -ms.date: 06/28/2022 +ms.date: 09/04/2024 ms.localizationpriority: high --- @@ -33,22 +33,6 @@ SharePoint includes a palette that supports dark themes. The SharePoint-provided ![SharePoint dark theme color palette, Red EF6950, Yellow FFC83D, Green 00b294, Blue 3a96dd, Purple 9c89e9, Grey b1adab](../images/sharepoint-themes-dark.png) -## Principles - -The following design principles helped form the current SharePoint themes and color palette. - -### Guided -Our theming system works at a global level so that updates can be made consistently across each site, allowing users to optimize their websites effortlessly. Our theming system operates in a controlled environment so that successful outcomes can be optimized quickly. - -### Smart and efficient -Our theming system expedites the site creation process by using smart algorithms to generate options that maximize aesthetic choices. - -### Professional -Our themes embody a professional look and feel that ensures coherency and conveys the brand of our enterprise audiences. - -### Accessible -Our built-in accessibility checker ensures universal design at all levels of default themes. For users who decide to customize, we provide helpful guidelines to design for accessibility. - ## See also - [Accessibility](accessibility.md) diff --git a/docs/design/use-brand-center-fonts-in-spfx-components.md b/docs/design/use-brand-center-fonts-in-spfx-components.md new file mode 100644 index 000000000..04a547908 --- /dev/null +++ b/docs/design/use-brand-center-fonts-in-spfx-components.md @@ -0,0 +1,173 @@ +--- +title: Use SharePoint brand center fonts in SharePoint Framework solutions +description: Developers can use the fonts defined in Brand center in their SharePoint Framework (SPFx) components. This article demonstrates how you can use the fonts defined in the SharePoint brand center in your SPFx components. +ms.date: 04/23/2025 +ms.localizationpriority: high +--- + +# Use SharePoint brand center fonts in SharePoint Framework solutions + +The [SharePoint brand center](/sharepoint/brand-center-overview) offers a centralized branding management application that empowers your brand managers or designated brand owners to help your organization to customize the look and feel of their experiences. This brand asset management system allows customers to manage the colors, fonts, and images, and other assets all in one place. + +Developers can use the fonts defined in Brand center in their SharePoint Framework (SPFx) components. This article demonstrates how you can use the fonts defined in the SharePoint brand center in your SPFx components. + +![Screenshot of the SharePoint brand center](../images/brand-center-spfx-01.png) + +In this article, learn how you can modify your SPFx components to use the same fonts set in the + +## Use SharePoint brand center fonts in SPFx components + +Start by creating a new SharePoint Framework component, such as a web part. + +> [!TIP] +> To learn how to create your first SPFx web part, see [Build your first SharePoint client-side web part (Hello World part 1)](../spfx/web-parts/get-started/build-a-hello-world-web-part.md). + +Within the web part, locate and open the **\*.module.scss** file in the project. For example, if you created a web part named *Hello World", the file will be found in the following location in the project: **./src/webparts/helloWorld/HelloWorldWebPart.module.scss**. + +This file contains the styles for the SPFx component. + +All fonts defined within Brand center are referenced using variables following the naming convention `--fontFamilyCustomFont###`. All start with the prefix `--fontFamily` followed by the *font slot* name. + +For example, to change the primary font in your web part, add the following style to the `.helloWorld` class: + +```css +font-family: var(--fontFamilyCustomFont100, var(--fontFamilyBase)); +``` + +This tells the web part to use the value defined in the SharePoint styling context with the variable `--fontFamilyCustomFont100`, but if that value isn't set, it will default to the `--fontFamilyBase` slot. + +The resulting class will now look like this: + +```css +.helloWorld { + font-family: var(--fontFamilyCustomFont100, var(--fontFamilyBase)); + overflow: hidden; + padding: 1em; + color: "[theme:bodyText, default: #323130]"; + color: var(--bodyText); + &.teams { + font-family: $ms-font-family-fallbacks; + } +} +``` + +Next, repeat this step for any other classes in our style where you want to apply these changes. For example, in the default web part, you'd update the `.welcome` and `.links.a` styles as well, so the resulting **\*.scss** file will look like the following: + +```css +@import '~@microsoft/sp-office-ui-fabric-core/dist/sass/SPFabricCore.scss'; + +.helloWorld { + font-family: var(--fontFamilyCustomFont100, var(--fontFamilyBase)); + overflow: hidden; + padding: 1em; + color: "[theme:bodyText, default: #323130]"; + color: var(--bodyText); + &.teams { + font-family: $ms-font-family-fallbacks; + } +} + +.welcome { + text-align: center; + font-family: var(--fontFamilyCustomFont100, var(--fontFamilyBase)); +} + +.welcomeImage { + width: 100%; + max-width: 420px; +} + +.links { + a { + font-family: var(--fontFamilyCustomFont100, var(--fontFamilyBase)); + text-decoration: none; + color: "[theme:link, default:#03787c]"; + color: var(--link); // note: CSS Custom Properties support is limited to modern browsers only + + &:hover { + text-decoration: underline; + color: "[theme:linkHovered, default: #014446]"; + color: var(--linkHovered); // note: CSS Custom Properties support is limited to modern browsers only + } + } +} +``` + +### Test the web part + +To test the web part, start the local web browser, but don't launch a browser to the hosted workbench. + +1. Run the command **gulp serve** from the root of the project and include the **--nobrowser** argument: + + ```console + gulp serve --nobrowser + ``` + + > [!IMPORTANT] + > The SharePoint hosted workbench does not support custom fonts defined in the SharePoint brand center. To test your web parts, you'll need to test them on a page in a SharePoint site. + +1. In the console, the **gulp serve** command will output a line that looks similar to the following: + + ```text + [spfx-serve] To load your scripts, use this query string: ?debug=true&noredir=true#debugManifestsFile=https://localhost:4321/temp/build/manifests.js + ``` + + > [!NOTE] + > Debug query string was changed starting from the SPFx verson 1.21 from `https://localhost:4321/temp/manifests.js` to `https://localhost:4321/temp/build/manifests.js` + +1. Open the browser and navigate to a page that you have permission to add a web part to the page. +1. Add the query string from the preceding console message to the URL and load the page. + + When prompted in the **Allow debug scripts** dialog, select **Load debug scripts**. + +1. Next, put the page into edit mode and add your sample web part to the page. +1. Finally, publish the changes. + +With the web part on the page, select one of the custom fonts from the Brand center site: + +1. Select the gear icon in the top right of the Microsoft 365 suite bar, then select **Change the look**. + + ![Screenshot of the SharePoint settings menu](../images/brand-center-spfx-02.png) + +1. On the **Change the look** panel, select **Font**. + + ![Screenshot of the SharePoint setting Change the look panel](../images/brand-center-spfx-03.png) + +1. On the **Font** panel, select one of the fonts to view the changes on your web part. + + ![Screenshot of the SharePoint setting Font panel](../images/brand-center-spfx-04.png) + + Notice the fonts on the page will change, including those in our custom web part: + + ![Screenshot of a custom font selected from Brand central used in the web part](../images/brand-center-spfx-05.png) + +## Brand central font slot reference + +The following table lists all the available font slots from SharePoint brand center that developers can use in their custom SPFx components: + +| Font slot | Custom Font Token | Fluent Design Token | Short Description | Used in Product Location | +| ----------- | ----------------- | ------------------ | ------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | +| Body | CustomFont100 | caption2 | Caption small | | +| Body | CustomFont200 | caption2Strong | Caption medium | News Badge, Image caption, Site WP activity, Avatar Role/Job, Hero Badge | +| Body | CustomFont300 | caption1 | Caption large | Image Overlay | +| Interactive | CustomFont400 | caption1Strong | Label small | Avatar link | +| Interactive | CustomFont500 | caption1Stronger | Label medium | Footer links, Top Navigation links, Hub navigation links, Left navigation, Hero button | +| Interactive | CustomFont600 | body1 | Label large | Button | +| Body | CustomFont700 | body1Strong | Paragraph small | Quick links description, News sub description, Site web part information, Site web part description, Avatar name, Avatar description | +| Body | CustomFont800 | body1Stronger | Paragraph medium | News description, RTE Normal, RTE Table Cell, Hero Description | +| Body | CustomFont900 | body2 | Paragraph large | | +| Headline | CustomFont1000 | subtitle2 | Heading extra small | News subtitle, RTE H4, RTE Table Header, RTE, Table Column, Site WP site title, Call to action text, Hero call to action | +| Headline | CustomFont1100 | subtitle2Stronger | Heading small | Quick Links title, News title, Footer title, RTE H3, RTE Pull quote, Section heading, Hero title, Hero small tile title | +| Headline | CustomFont1200 | subtitle1 | Heading medium | RTE H2, Hero title large | +| Headline | CustomFont1300 | title3 | Heading large | Web part title, Hero tile title | +| Headline | CustomFont1400 | title2 | Heading extra large | | +| Title | CustomFont1500 | title1 | Title small | Hub title | +| Title | CustomFont1600 | largeTitle | Title medium | Page title, Site title | +| Title | CustomFont1700 | display | Title large | | + +> [!TIP] +> Don't forget to include the `--fontFamily` prefix when using one of the custom font slot tokens in your style sheets. + +## See also + +- Video: [Using SharePoint Brand center font settings in custom SPFx solutions](https://www.youtube.com/watch?v=IP19PeHb0Zg) diff --git a/docs/docfx.json b/docs/docfx.json index 76733a227..1304618f8 100644 --- a/docs/docfx.json +++ b/docs/docfx.json @@ -36,7 +36,6 @@ "globalMetadata": { "uhfHeaderId": "MSDocsHeader-SharePoint", "uhfHeaderID": "MSDocsHeader-M365-IT", - "extendBreadcrumb": "true", "breadcrumb_path":"/sharepoint/dev/breadcrumb/toc.json", "ms.suite": "office", "ms.author": "vesaj", @@ -48,9 +47,6 @@ "search.appverid": "MET150" }, "fileMetadata": { - "ms.prod": { - "solution-guidance/**.md": "sharepoint" - }, "ms.service": { "apis/*.md": "sharepoint-online", "apis/webhooks/**.md": "sharepoint-online", @@ -59,11 +55,13 @@ "business-apps/power-automate/guidance/**.md": "power-automate", "declarative-customization/**.md": "sharepoint-online", "design/**.md": "sharepoint-online", + "embedded/**.md": "sharepoint-online", "features/**.md": "sharepoint-online", - "general-development/**.md": "sharepoint", + "general-development/**.md": "sharepoint-online", "scenario-guidance/**.md": "sharepoint-online", "schema/**.md": "sharepoint-online", - "spfx/**.md": "sharepoint" + "spfx/**.md": "sharepoint-online", + "solution-guidance/**.md": "sharepoint-online" }, "ms.subservice":{ "general-development/**.md": "sharepoint-framework", @@ -74,7 +72,7 @@ "sp-addins/**.md": "sharepoint-addins" }, "ms.topic":{ - "solution-guidance/**.md": "solution" + "solution-guidance/**.md": "solution-idea" } }, "template": [], diff --git a/docs/embedded/administration/adminrole.md b/docs/embedded/administration/adminrole.md new file mode 100644 index 000000000..b15f2b7ad --- /dev/null +++ b/docs/embedded/administration/adminrole.md @@ -0,0 +1,83 @@ +--- +title: SharePoint Embedded administrator +description: This article explains the new admin role for SharePoint Embedded. +ms.date: 05/21/2024 +ms.localizationpriority: high +--- + +# The SharePoint Embedded administrator + +The SharePoint Embedded administrator is a dedicated role to manage SharePoint Embedded containers through [SharePoint PowerShell](/powershell/module/sharepoint-online/connect-sposervice) and SharePoint admin center. This role is required for [developer admins](./developer-admin/dev-admin.md) to create new container types through PowerShell cmdlets and also for consuming tenant admins to manage containers created in their tenants. + +The global administrator role already has all the permissions of the SharePoint Embedded administrator role. A global administrator can assign a user the SharePoint Embedded administrator role to act as a consuming tenant admin or a developer administrator for SharePoint Embedded. + +The SharePoint Embedded administrator role is available in Microsoft Entra and Microsoft 365 Admin Center. This role doesn't have access to site management. This means that a SharePoint Embedded administrator can't see 'Active sites' and 'Deleted sites' pages on the SharePoint Admin Center and also can't run site specific PowerShell cmdlets. + +## SharePoint Embedded administrator tasks in the developer tenant + +The following are some of the container-specific commands actions currently supported on PowerShell: + +- Creation of container types + - Creation of a Standard container type with standard billing + - Creation of a Standard container type with direct to customer billing + - Creation of a Trial container type + +- Container type management + - Viewing of container types in the developer tenant + - Editing properties of a container type in the developer tenant + - Configuration properties of a container type in the developer tenant + - Manage billing of applications/ container types for standard billing + +## SharePoint Embedded administrator tasks in consuming tenant + +The following are some of the container-specific commands actions currently supported on PowerShell: + +- Application administration + - Get details of all SharePoint Embedded applications in the tenant + - Get detail of a specific application in the tenant + - Get the permissions of owning applications in the tenant + - Configure External sharing setting of a container of an application in tenant + +- Container administration + - Get details of all containers of an application in the tenant + - Get details of all containers of an application in the tenant sorted by storage + - Get details of a specific container of an application in the tenant + - Set Sensitivity label of a specific container of an application in the tenant + - Soft delete a container of an application in the tenant + - Get details of all soft deleted containers in the tenant + - Restore a soft deleted container of an application in the tenant + - Permanently delete a soft deleted container of an application in the tenant + +The following are some of the actions currently supported on SharePoint Admin Center: + +- View Active container page +- View Deleted container page +- View the detailed information of a container +- Soft delete a container +- Restore a deleted container +- Purge a deleted container + +## Assigning the SharePoint Embedded administrator Role + +The Global admin can assign the SharePoint Embedded Admin role to users through both Entra and Microsoft admin center. + +### Through Entra + +Follow the following steps to assign the role of SharePoint Embedded administrator on Entra: + +1. Sign into Entra as a Global admin +1. Select the **“Users”** tab on the left-hand panel and select **“All users”** +1. Select the user to assign the role of SharePoint Embedded administrator under **“All users”** +1. Select the **“Assigned role”** tab on the left panel +1. Select on **“Add assignments”** button and search for **“SharePoint Embedded”** in the panel that opens +1. Select the 'SharePoint Embedded administrator' option and select on **“Add”** +1. The selected user is assigned the role of SharePoint Embedded administrator + +### Through Microsoft 365 Admin Center + +1. Sign into Microsoft 365 Admin Center as a Global admin +1. Select **“Users”** and select **“Active users”** under it +1. Select the user to assign the role of SharePoint Embedded administrator +1. Select on **“Manage roles”** option under Roles +1. Select **“Admin center access”** and under **“Collaboration”**, select **“SharePoint Embedded administrator”** +1. Select **"Save changes"**. Now the selected user is assigned the role of SharePoint Embedded administrator diff --git a/docs/embedded/administration/billing/billing.md b/docs/embedded/administration/billing/billing.md new file mode 100644 index 000000000..6ef373a92 --- /dev/null +++ b/docs/embedded/administration/billing/billing.md @@ -0,0 +1,125 @@ +--- +title: PAYG billing for SharePoint Embedded +description: This article explains the billing models and how to set up PAYG billing. +ms.date: 03/03/2025 +ms.localizationpriority: high +--- + +# SharePoint Embedded billing + +SharePoint Embedded is a consumption-based Pay-as-you-go (PAYG) offering meaning you pay only for what you use. SharePoint Embedded provides two billing models that the tenant developing the SharePoint Embedded application can select for respective container types, tailoring it to their unique business requirements. The two billing models are Standard and Pass-through billing. + +### Standard + +With the standard billing model, all consumption-based charges are directly billed to the tenant who owns or develops the application. The admin in the developer tenant must establish a valid billing profile when creating a standard container type. + +![Standard](../../images/1bill521.png) + +### Pass-through + +With pass-through billing, consumption-based charges are billed directly to the tenant registered to use the SharePoint Embedded application. Admins in the developer tenant don't need to set up a billing profile when creating a pass-through SharePoint Embedded container type. Once the container type is registered in the consuming tenant, the consuming tenant admin (SharePoint Admin or Global Admin) needs to set up the billing profile in the consuming tenant to use the SharePoint Embedded application. + +![Pass Through](../../images/2bill521.png) + +## Prerequisites to create SharePoint Embedded container type + +A new container type will be created using **SharePoint Online Management Shell**: + +1. Download and install the [latest version of SharePoint Online Management Shell](https://www.microsoft.com/download/details.aspx?id=35588) +1. Open SharePoint Online Management Shell from **Start** screen, type **sharepoint**, and then select **SharePoint Online Management Shell**. +1. Connect to SPO service using `Connect-SPOService` cmdlet by providing admin credentials associated with tenancy. For information on [how to use Connect-SPOService](/powershell/module/sharepoint-online/connect-sposervice), refer the linked documentation. + +### Tenant requirements + +- An active instance of SharePoint is required in your Microsoft 365 tenant. +- Users who will be authenticating into SharePoint Embedded Container Types and Containers must be in Entra ID (Members and Guests) + + > [!NOTE] + > An Office license is not required to collaborate on Microsoft Office documents stored in a container. + +### Roles and Permissions + +- The admin who sets up the billing relationship for SharePoint Embedded needs to have owner or contributor permissions on the Azure subscription. +- Admin needs to have a SharePoint Embedded Administrator or Global Admin role to operate billing cmdlets. + +### Azure Subscription + +For the Standard Billing container type, the developer admin needs to set up: + +- An existing SharePoint tenancy +- An Azure subscription in the tenancy +- A resource group attached to the Azure subscription + +## Set up a Standard Billing container type + +For standard billed container types, developer admins should set up billing in their tenant. The Microsoft 365 SharePoint Embedded Administrator serves as the developer admin. Global Administrators in Microsoft 365 can assign users the SharePoint Embedded Administrator role, which already has all the permissions of the SharePoint Embedded Administrator role. The SharePoint Embedded Admin role is available in Microsoft Entra and Microsoft 365 Admin Center. + +SharePoint Embedded Admin can create a container type using the `New-SPOContainerType` cmdlet by providing an Azure subscription, the resource group associated with the subscription, and a region. + +- If you don't have an Azure subscription, you can create one by following the steps here to [create an Azure subscription in your tenancy](/azure/cloud-adoption-framework/ready/azure-best-practices/initial-subscriptions), +- If you don't have a resource group, you can create one by following the steps here to [create a resource group](/azure/azure-resource-manager/management/manage-resource-groups-portal) + +```powershell +New-SPOContainerType -ContainerTypeName + -OwningApplicationId + -AzureSubscriptionId + -ResourceGroup + -Region +``` + +> [!IMPORTANT] +> Every container type must have an owning application. +> +> A single-owning app can only own one container type at a time. +> +> An Azure subscription can be attached to any number of container types. + +### View & Edit billing properties of Standard container type + +You can view the properties of a container type and associated billing properties by using one of the two PowerShell cmdlets: + +1. See all container types and billing properties except associated region: + + ```powershell + Get-SPOContainerType + ``` + +1. See billing properties associated with a container type including region: + + ```powershell + Get-SPOContainerType -ContainerTypeId + ``` + +1. Update Azure subscription or resource group associated with a container type: + + ```powershell + Set-SPOContainerType -ContainerTypeId [-AzureSubscriptionId ] [-ResourceGroup ] + ``` + + +## Set up a Pass-through Billing container type + +For Pass-through Billing container types, the developer admin doesn't have to set up billing in the developer tenant. SharePoint Embedded Admin can create container type using `New-SPOContainerType` cmdlet with `isPassThroughBilling` specified. + +```powershell +New-SPOContainerType -ContainerTypeName + -OwningApplicationId + -isPassThroughBilling +``` + +### [Set Up Guide in Consuming Tenant Admin Center](../consuming-tenant-admin/cta.md#set-up-billing-for-pass-through-app) + +1. In [Microsoft 365 admin center](https://admin.microsoft.com/), select **Setup**, and the view the **Files and Content** section. Select **Automate Content with Microsoft Syntex.** + + ![Microsoft 365 admin center Files and Content](../../images/DTCBilling1.png) + +1. Select **Go to Syntex settings**. +1. Select **Apps** under **Syntex services for**, select **SharePoint Embedded** + + ![Microsoft 365 admin center SharePoint Embedded Billing setting](../../images/DTCBilling2.png) + +1. Follow the instructions on the **SharePoint Embedded** flyer to turn on SharePoint Embedded apps. + +## SharePoint Embedded meters + +To learn more about the supported pay-as-you-go meters, refer to the [SharePoint Embedded meters](meters.md) article. diff --git a/docs/embedded/administration/billing/billingmanagement.md b/docs/embedded/administration/billing/billingmanagement.md new file mode 100644 index 000000000..b2e03cac5 --- /dev/null +++ b/docs/embedded/administration/billing/billingmanagement.md @@ -0,0 +1,57 @@ +--- +title: SharePoint Embedded Billing Management +description: This article describes how to view SharePoint Embedded application consumption in Azure portal. +ms.date: 05/21/2024 +ms.localizationpriority: high +--- + +# SharePoint Embedded Billing Management + +The Microsoft Cost Management portal provides a comprehensive overview of your costs, allowing you to track and analyze your spending for SharePoint Embedded application. This guide walks you through the steps to view your billing details and SharePoint Embedded consumption in the Microsoft Cost Management portal. + +## Step-by-Step Guide + +### Sign in to Azure portal + +1. Open your web browser and navigate to the [Azure portal](https://portal.azure.com/). +1. Sign in using your Azure account credentials. + +### Navigate to Cost Management + Billing + +1. Once signed in, locate the left-hand navigation menu. +1. Select on "Cost Management + Billing". If it's not visible, you can search for it using the search bar at the top of the portal. + + ![Cost Management](../../images/billmanag1.png) + +### Select Your Subscription + +1. In the Cost Management + Billing section, you see a list of your subscriptions. +1. Select the subscription for which you want to view the billing details. + +### View Billing Overview + +1. After selecting your subscription, you'll be taken to the Overview page. +1. Here, you can see a summary of your costs, including current spending, forecasted costs, and any spending anomalies. + +### Access Cost Analysis + +1. For a more detailed view, select "Cost analysis" under the Cost Management section. +1. In the Cost Analysis page, you can customize the date range to view costs for specific periods. +1. Use the filters to break down costs by tags - app ID, tenant ID or container type ID. Filters can also set by Meters, Resources etc. Refer to the [SharePoint Embedded meters](meters.md) article to learn more about the pay-as-you-go meters supported. + +![Meters](../../images/billmanag2.png) + +### Download Invoices + +1. To download invoices, go to the "Invoices" section under Billing. +1. Here, you can view and download your billing invoices for any billing period. + +### Set Up Budgets and Alerts + +1. To better manage your spending, you can set up budgets and alerts. +1. Select "Budgets" under the Cost Management section. + + ![Budgets](../../images/billmanag3.png) + +1. Create a new budget by specifying the amount and the time period. +1. Set up alerts to notify you when spending approaches or exceeds your budget. diff --git a/docs/embedded/administration/billing/meters.md b/docs/embedded/administration/billing/meters.md new file mode 100644 index 000000000..a6f770eea --- /dev/null +++ b/docs/embedded/administration/billing/meters.md @@ -0,0 +1,39 @@ +--- +title: SharePoint Embedded Billing Meters +description: This article describes the meters in SharePoint Embedded. +ms.date: 04/30/2025 +ms.localizationpriority: high +--- + +# SharePoint Embedded Billing Meters + +SharePoint Embedded employs a pay-as-you-go (PAYG) billing model through an Azure subscription. Billing is determined by how much data in GB you store in SharePoint Embedded, transactions used to access and modify the container and container contents, and data that is egressed from the SharePoint Embedded platform. Each of these factors contributes to the overall cost, ensuring that you only pay for the resources and services you use. You can view this usage and billing details in the [Azure Cost Management](https://ms.portal.azure.com/). Both Standard Billing container type and Pass-through Billing container type will use the same meters. + +SharePoint Embedded has three billing meters as shown. Refer to the [product page](https://adoption.microsoft.com/en-us/sharepoint/embedded/) for pricing details. + + +## Storage + +Storage consumption meters in SharePoint Embedded apply to the storage used by files and documents along with their metadata and versions. Storage consumption also includes all content in the recycle bin and deleted container collection within SharePoint Embedded. + +## API Transactions + +Each Microsoft Graph call made explicitly by the SharePoint Embedded application is counted as one transaction and customers are billed based on the transaction count. See the [examples](/graph/api/resources/filestoragecontainer) of Microsoft Graph calls that can be made by a SharePoint Embedded application. + +However, calls made by internal services to the containers, which the application has no control over, are **not** charged. Some examples of such nonchargeable transactions include: + +1. Queries performed by the eDiscovery service to search through container content for compliance or legal purposes. +1. Admin actions taken by the SharePoint Embedded Admin or Global Admin on containers through SharePoint Admin Center or SPO PowerShell. + +## Egress + +Egress refers to the data downloaded from the SharePoint Embedded platform to the customer's client device such as a desktop or mobile device. + +However, certain types of data transfers are exempt from egress charges. These exemptions ensure that customers aren't billed for data transfers occurring within integrated Microsoft services, promoting seamless usage without extra costs for these specific internal operations. Some examples of these exemptions include: + +1. File downloads from the SharePoint Embedded application server to the customer's Office Desktop client aren't charged. +1. File downloads from the SharePoint Embedded application server to the Web Application Companion (WAC) aren't charged. + +## Pay as you go message (private preview) + +SharePoint Embedded agents use the Copilot Studio meter for $0.01/message (messages are the unit that measures agent usage). Each interaction with SharePoint Embedded agent will use twelve (12) messages - 2 messages for the generative answer feature and 10 messages for the tenant graph grounding feature - so customers are billed at $0.12 per interaction with SharePoint Embedded agents. diff --git a/docs/embedded/administration/consuming-tenant-admin/cta.md b/docs/embedded/administration/consuming-tenant-admin/cta.md new file mode 100644 index 000000000..786aa6acf --- /dev/null +++ b/docs/embedded/administration/consuming-tenant-admin/cta.md @@ -0,0 +1,92 @@ +--- +title: Consuming Tenant Admin +description: This article describes the role and responsibilities of Consuming Tenant Admin in SharePoint Embedded. +ms.date: 03/03/2025 +ms.localizationpriority: high +--- + +# Consuming Tenant Admin + +> [!IMPORTANT] +> Assign the SharePoint Embedded Administrator role available in M365 Admin Center or Microsoft Entra to execute SharePoint Embedded Container cmdlets mentioned in this article. +> +> Global Administrators can continue to execute SharePoint Embedded container cmdlets. +> +> A global administrator can assign a user the SharePoint Embedded administrator role to act as a consuming tenant admin for SharePoint Embedded. + +The organizations that use the SharePoint Embedded applications on their Microsoft 365 (Microsoft 365) tenants are the consuming tenants and the persona that is responsible for managing these applications on their Microsoft 365 tenancy is the consuming tenant administrator. Consuming tenant administrators can perform various administrative actions on the SharePoint Embedded applications registered on their Microsoft 365 tenant and on the containers that hold the content. They can also manage tenant level configurations and ensure that data is stored in a secure, protected way that meets customers’ business and compliance policies. In this article, we describe the enterprise manageability features that are supported and can be performed by the consuming tenant administrator. They can do so either using the PowerShell cmdlets or through the SharePoint Administrator Center (SPAC). + +## Consuming Tenant Admin Role + +Microsoft 365 SharePoint Embedded Administrator serves as the consuming tenant admin. Global Administrators in Microsoft 365 can assign users the SharePoint Embedded Administrator. The Global Administrator role already has all the permissions of the SharePoint Embedded Administrator role. The SharePoint Embedded Role is available in Microsoft Entra and Microsoft 365 Admin Center. +For information on [SharePoint Embedded Admin](../adminrole.md) + +## Administration Tools + +Consuming tenant admins can manage SharePoint Embedded applications with the following options: + +### SharePoint Online Management Shell + +On PowerShell, the SharePoint Embedded Admin can run the following cmdlets: + +1. Enumerate applications in a tenant +1. Enumerate containers of an application in a tenant +1. Enumerate containers of an application sorted basis storage +1. Edit the sensitivity label on a container +1. Set sharing capability configuration on a container + +For information on consuming tenant admin in [PowerShell](../consuming-tenant-admin/ctapowershell.md) + +### SharePoint Administrator Center + +The SharePoint Embedded Admin can access the Active and Deleted containers page on SPAC and perform SharePoint Embedded application level and container level actions. This includes the following: + +1. View the Active container page +1. View the Deleted container page +1. View the detailed information of a container +1. Soft delete, restore, and purge deleted containers + +For information on consuming tenant admin in SharePoint Admin see [container management](ctaUX.md) + +## Security and Compliance Administration + +SharePoint Embedded uses Microsoft’s comprehensive compliance and data governance solutions to help organizations manage risks, protect, and govern sensitive data, and respond to regulatory requirements. Security and compliance solutions work in a similar manner in the SharePoint Embedded platform as they do today in the Microsoft 365 platform so that data is stored in a secure, protected way that meets customers’ business and compliance policies while making it easy for Compliance and SharePoint Administrators to enforce critical security and compliance policies on the content. For information on supported security and compliance capabilities, see [Security and Compliance](../../compliance/security-and-compliance.md). + +## Set Up Billing for Pass-through App + +To use Pass-through SharePoint Embedded App, SharePoint Embedded Admin needs to set up Microsoft Syntex billing in [Microsoft 365 admin center](https://admin.microsoft.com/). No user can access any Pass-through SharePoint Embedded apps before a valid billing is set up for the SharePoint Embedded platform. + +### [Meters](../billing/meters.md) + +SharePoint Embedded employs a pay-as-you-go (PAYG) billing model through an Azure subscription. Billing is determined by how much data in GB you store in SharePoint Embedded, transactions used to access and modify the container and container contents, and data that is egressed from the SharePoint Embedded platform. Each of these factors contributes to the overall cost, ensuring that you only pay for the resources and services you use. You can view this usage and billing details in the [Azure Cost Management](https://ms.portal.azure.com/). + +SharePoint Embedded has three billing meters as shown. Refer to the [product page](https://adoption.microsoft.com/en-us/sharepoint/embedded/) for pricing details + +| SharePoint Embedded Service Meters | Meter Unit | +| :--------------------------------: | :------------: | +| Storage | $/GB | +| API Transactions | $/Transactions | +| Egress | $/GB | + +### Set Up Guide + +1. A valid Azure subscription is required. You can create one by following the steps here to [create an Azure subscription](/azure/cloud-adoption-framework/ready/azure-best-practices/initial-subscriptions). +1. A valid Azure resource group is required. You can create one by following the steps here to [create a resource group](/azure/azure-resource-manager/management/manage-resource-groups-portal). +1. In [Microsoft 365 admin center](https://admin.microsoft.com/), select **Setup**, and the view the **Files and Content** section. Select **Automate Content with Microsoft Syntex.** + + ![Microsoft 365 admin center Files and Content](../../images/DTCBilling1.png) + +1. Select **Go to Syntex settings**. +1. Select **Apps** under **Syntex services for**, select **SharePoint Embedded** + + ![Microsoft 365 admin center SharePoint Embedded Billing setting](../../images/DTCBilling2.png) + +1. Follow the instructions on the **SharePoint Embedded** flyer to turn on SharePoint Embedded apps. + +### [Billing Management](../billing/billingmanagement.md) + +The [Microsoft Cost Management portal](https://portal.azure.com/#view/Microsoft_Azure_CostManagement/Menu/~/overview/openedBy/AzurePortal) provides a comprehensive overview of your costs, allowing you to track and analyze your spending for SharePoint Embedded application. This guide walks you through the steps to view your billing details and SharePoint Embedded consumption in the Microsoft Cost Management portal. + +### Invalid Billing/Turn off SharePoint Embedded + +If you turn off SharePoint Embedded or disconnect the linked Azure subscription, all users will immediately lose access to any application built on the service along with any read and write permissions. diff --git a/docs/embedded/administration/consuming-tenant-admin/ctaUX.md b/docs/embedded/administration/consuming-tenant-admin/ctaUX.md new file mode 100644 index 000000000..052f26f50 --- /dev/null +++ b/docs/embedded/administration/consuming-tenant-admin/ctaUX.md @@ -0,0 +1,218 @@ +--- +title: Manage containers in SharePoint Admin Center +description: This article describes how administrators can manage containers in the SharePoint Admin Center (SPAC). +ms.date: 07/09/2025 +ms.localizationpriority: high +--- +# Manage SharePoint Embedded containers in SharePoint Admin Center + +The organizations that use the SharePoint Embedded applications on their Microsoft 365 tenants are the consuming tenants and the persona that is responsible for managing these applications on their Microsoft 365 tenancy is the consuming tenant administrator (CTA). Consuming tenant administrators can manage containers through a graphical user interface (GUI) using the [SharePoint Administrator Center](https://go.microsoft.com/fwlink/?linkid=2185219). + +To manage SharePoint Embedded containers, the CTA needs to be assigned the SharePoint Embedded Administrator role. + +For information on the SharePoint Embedded Administrator role, see [SharePoint Embedded Admin](../adminrole.md). + +The following actions are supported in SharePoint Admin Center: + +1. View active containers in the tenant +1. View deleted containers in the tenant +1. View detailed information about a container +1. Delete a container +1. Restore a deleted container +1. Permanently deleted a container +2. Sort active containers in the tenant +3. Filter active containers in the tenant +4. Set sensitivity label on active containers +5. Add users to different roles on a container +6. Reassign users from existing roles on a container +7. Remove users from existing roles on a container + +![Active Containers global admin](../../images/ctaux1.png) + +**SharePoint Embedded Administrator** will only see the "Active containers" and "Deleted containers" page when they sign in to SharePoint Admin Center. + +![Active Containers SPE admin](../../images/ctaux2.png) + +## Active Containers + +The Active Containers page displays all the active containers within the tenant, providing a comprehensive overview and management capabilities. This page includes the following metadata for each container: + +1. **Container name:** Name of the container provided by the container owner. +1. **Application name:** Name of the SharePoint Embedded application the container belongs to. +1. **Publisher:** The name of the organization that owns the application. For all publishers other than Microsoft, the value is currently stored as "Other" +1. **Ownership type:** Mentions whether the container is tenant-owned, user-owned, or group-owned. +1. **Principal owner:** The user whose lifecycle impacts the lifecycle of the container. There is no prinicipal owner for a tenant owned container, while it is a user for a user owned container and a group for a group owned containers. +1. **Storage:** The total storage of the files stored in the containers. +1. **Owners:** Users assigned the owner role on the container. +1. **Owner count:** The count of number of owners of the container. +1. **Sensitivity label:** Name of the label assigned to the container. +1. **Created on:** Date and time when the container was created. + +![Active Container Properties](../../images/ctaux3.png) + +### View details of a container + +The detailed container view provides a deeper dive into container-specific metadata, organized under two tabs: + +1. **General:** This panel displays all the general metadata about a container, usage, and configuration settings. + + ![Container Details](../../images/ctaux4.png) + +1. **Membership:** This panel shows the user permissions for different users associated with the container. The admin can manage the membership on a container through this panel. + +> [!IMPORTANT] +> The SharePoint Embedded platform supports four distinct [roles](../../development/sharing-and-perm.md): Owner, Manager, Writer, and Reader. The SharePoint Embedded application on your tenant may not utilize all four roles and might refer to these roles using different names. + +![SharePoint Embedded Membership Roles](../../images/ctaux5.png) + +## Deleted Containers + +The deleted containers page lists all containers in the tenant's deleted container collection. It lists the following metadata: + +1. Container name +1. Application name +1. Publisher +1. Ownership type +1. Principal owner +1. Storage +1. Owners +1. Sensitivity label +1. Created on +1. **Deleted on**: Date and time when the container was deleted. + +![Container Deletion](../../images/ctaux6.png) + +## Delete a container + +> [!WARNING] +> Deleting a container may cause unexpected issues for the SharePoint Embedded application it belongs to and may interrupt the application's usage. This action should only be performed by admins when absolutely necessary. + +Deleting a container can have implications on the functionality of a SharePoint Embedded app Here are some examples of the potential issues that an application can encounter when deleting a container. + +1. **Data Loss:** Deleting a container removes all its content. If the SharePoint Embedded application relies on the data stored within the deleted container, the app might no longer function as expected or might lose access to critical information. +1. **Broken Links:** If the SharePoint Embedded application contains links or references to the deleted container, those links become broken, leading to errors or malfunctioning features within the app. + +A container can be deleted from the Active containers page for any business reason by the CTA. By default, the delete button is deactivated. On selecting a container, the delete button is activated. The CTA can then select the delete button. + +![Container Deletion Process](../../images/ctaux7.png) + +This opens a side panel that warns the user about the effect on the associated SPE application due to the deletion of a container and informs the user about the restoration policy. The CTA can at this stage either cancel the panel and go back to the active containers page or proceed further with the deleting by clicking on “Delete container”. + +![Container deletion selection](../../images/ctaux8.png) + +The selected container is successfully deleted and moved into the deleted containers page. + +![Deleted SPE Container](../../images/ctaux9.png) + +**Deleted containers are permanently purged after 93 days unless there is a retention policy applied to the containers.** + +## Restore a container + +A container in the deleted container collection can be restored on the Deleted containers page by selecting the corresponding containers by selecting the "Restore" link + +![Restore Button SPE Container](../../images/ctaux10.png) + +Restoration of the container happens in the background and the status of the same is displayed on the top-right corner of the page. Upon successful restoration, the container will be available in the Active Containers page. + +![Restored SPE Container](../../images/ctaux11.png) + +## Permanently delete a container + +> [!WARNING] +> Deleting a container may cause unexpected issues for the SharePoint Embedded application it belongs to and may interrupt the application's usage. This action should only be performed by admins when absolutely necessary. + +The CTA can permanently delete a deleted container from the deleted container collection if they decide to. + +The CTA selects the container to be permanently deleted. The “Permanently delete” button is enabled. + +![Permanent SPE Container deletion](../../images/ctaux12.png) + +Upon clicking the button, a pop-up appears. warning the CTA on the action they're performing. If sure, the CTA can proceed and select “Delete”. Otherwise, the CTA can cancel the action. + +![Container Deletion warning](../../images/ctaux13.png) + +Upon clicking Delete, the container is permanently deleted, and the status of the same appears in the top-right corner of the page. Upon successful deletion, the container is permanently removed from the deleted container collection and can't be restored. + +![SPE Container Deleted](../../images/ctaux15-n.png) + +## Sorting on Active containers page + +The CTA can perform their compliance and storage management tasks better through the use of sorting capabilities on the Active containers page. Currently, sorting is supported on the following columns: +1. Storage +1. Created on + +![ SPE Container Sorting](../../images/sorting.png) + +## Filtering on Active containers page + +The CTA can perform their compliance and storage management tasks better through the use of filtering capabilities on the Active containers page. Currently, filtering is supported on the following columns: + +1. Application name: The filter provides the list of all Microsoft SharePoint Embedded applications along with all SharePoint Embedded applications published by other publishers that is registered in the tenant. +1. Publisher: Describes whether the application is Microsoft-owned or published by an "Other" publisher. +1. Ownership type: The filter provides the options of Tenant, User, and Group, irrespective of the type of containers present in the tenant. +1. Principal owner: The filtering experience is a people picker experience. +1. Owner count: This filter provides a range of owner count for the administrator to choose from. +1. Created on: This filter provides a range of dates for the administrator to choose from. + +> [!IMPORTANT] +> The behaviour of the filtering experience on the Active containers page differs from the experience on the Active sites page in SharePoint Admin Center. + +![ SPE Container Filtering](../../images/filter.png) + +## Searching on Active Containers Page + +The search bar on the Active Containers Page can be used to search containers in the active state by their "container name". +![SPE Container Search](../../images/search.png) + +## Editing the sensitivity label of a container on the Active containers page + +The sensitivity label of a container can be set on the Active container page, on the detailed panel of a container. Under the settings panel, the administrator can set the sensitivity label from a list of available sensitivity label. + +![SPE Container Sensitivity](../../images/sensitivity-label.png) + +## Managing user membership of a container + +The administrator can manage the membership of users of a container on the Active container page, on the detailed panel of a container. Under the membership panel, the administrator can view the four roles and the corresponding users in each role. The administrator can: + +**Add a user to a role:** The administrator can navigate to the desired role using the left panel and click on the Add option. This opens up a picker, using which the administrator can select a user from the tenant and assign the role. In case the selected user is already assigned to a different role, the role is displayed when the role is selected and the operation changes from Add to Reassign. + +![SPE Container owner-one](../../images/add-owners-one.png) + +![SPE Container owner-two](../../images/add-owners-two.png) + +**Reassign user to another role:** The administrator can navigate to the desired user under a role using the left panel. On selecting the user, the Reassign option appears. On selecting the option, a drop-dowm menu appears and the administrator can select the role to which the user needs to be reassigned to. + +![ SPE Container reassingn](../../images/reassign-user.png) + +**Remove user from a role:** The administrator can navigate to the desired user under a role using the left panel. On selecting the user, the Remove option appears. On selecting the option, a pop-up screen appears, and the administrator can confirm the removal of the user from the role. + +![SPE Container remove](../../images/remove-user.png) + +## Sorting on the Deleted Containers Page + +Similar to the sorting experience on the Active containers page, the CTA can use sorting capabilities on the Deleted containers page. Currently, sorting is supported on the following columns: + +1. Storage +1. Created on +1. Deleted on + +![ SPE Container Sorting_on_Delete](../../images/sorting-on-deleted.png) + +## Filtering on the Deleted containers page + +The CTA can perform their compliance and storage management tasks better through the use of filtering capabilities on the Deleted containers page, on the following columns: + +1. Application name: The filter provides the list of all Microsoft SharePoint Embedded applications along with all SharePoint Embedded applications published by other publishers that is registered in the tenant. +2. Publisher: Describes whether the application is Microsoft-owned or published by an "Other" publisher. +3. Ownership type: The filter provides the options of Tenant, User, and Group, irrespective of the type of containers present in the tenant. +4. Principal owner: The filtering experience is a people picker experience. +5. Owner count: This filter provides a range of owner counts for the administrator to choose from. +6. Created on: This filter provides a range of dates for the administrator to choose from. +7. Deleted on: This filter provides a range of dates for the administrator to choose from. + +![ SPE Container Filter_on_Delete](../../images/filter-on-delete.png) + +## Upcoming features + +1. Search on the Deleted containers page +1. Sorting and filtering on the Sensitivity Label column diff --git a/docs/embedded/administration/consuming-tenant-admin/ctapowershell.md b/docs/embedded/administration/consuming-tenant-admin/ctapowershell.md new file mode 100644 index 000000000..6a46cc10d --- /dev/null +++ b/docs/embedded/administration/consuming-tenant-admin/ctapowershell.md @@ -0,0 +1,198 @@ +--- +title: Consuming Tenant Admin PowerShell +description: This article describes how an admin can manage containers through SPO PowerShell. +ms.date: 03/03/2025 +ms.localizationpriority: high +--- + +# SharePoint Embedded container management in PowerShell + +The consuming tenant administrator can manage containers using PowerShell commands, designed for container management. To access these commands, they must be assigned the role of Microsoft 365 SharePoint Embedded Administrator. Global Administrators in Microsoft 365 can assign users the SharePoint Embedded Administrator role. The Global Administrator role inherently includes all permissions of the SharePoint Embedded Administrator role. The SharePoint Embedded Administrator role is available in both Microsoft Entra and the Microsoft 365 Admin Center. + +For more information on assigning the SharePoint Embedded admin role, see the [SharePoint Embedded Administrator](../adminrole.md). + +The following are some of the container-specific command actions currently supported on PowerShell: + +### Application administration + +- Get the details of all SharePoint Embedded applications registered in the tenant +- Get the details of all SharePoint Embedded applications in the tenant sorted by storage +- Get the details of a specific SharePoint Embedded application in the tenant +- Get the permissions of the owning applications in the tenant +- Configure the External sharing setting of a container of a SharePoint Embedded application in the tenant + +### Container administration + +- Get details of all containers of a particular SharePoint Embedded application in the tenant +- Get details of a specific container +- Set the Sensitivity label of a specific container +- Soft delete a container +- Get details of all soft deleted containers +- Restore a soft deleted container +- Permanently delete a soft deleted container + +## Administration through SharePoint PowerShell + +Consuming tenant admin can manage SharePoint Embedded applications with PowerShell commands using [SharePoint Online Management Shell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online). + +To get started using PowerShell to manage SharePoint Embedded, you have to install the [SharePoint Online Management Shell](https://www.microsoft.com/download/details.aspx?id=35588) and [connect to SharePoint Online](/powershell/module/sharepoint-online/connect-sposervice). + +> [!IMPORTANT] +> You must use the latest version of SharePoint PowerShell to use container administration cmdlets. + + +## Application Administration + +With PowerShell cmdlets, tenant admin can get a list of SharePoint Embedded applications registered in their Microsoft 365 tenancy. They can also view all the applications that have "read" and/or "write" access and the level of access to these SharePoint Embedded applications. + +The following commands can be used to manage SharePoint Embedded applications registered on your Microsoft 365 tenants: + +```powershell +Get-SPOApplication +``` + +```powershell +Get-SPOApplication -OwningApplicationId +``` + +For more information, see [Get-SPOApplication cmdlet](/powershell/module/sharepoint-online/get-spoapplication). + +### View guest application permissions + +Admins can view the guest application permissions for any SharePoint Embedded application within their tenant using this command: + +```powershell +Get-SPOApplication -OwningApplicationId -ApplicationId +``` + +`OwningApplicationId` is the ID of the SharePoint Embedded application and ApplicationId is the guest application ID that has access to the SharePoint Embedded application. Application Administration cmdlets don't apply to Microsoft Loop. For more information, see [Get-SPOApplication cmdlet](/powershell/module/sharepoint-online/get-spoapplication). + +### Set sharing capability of applications + +Consuming tenant admins can set the sharing capability at an application level to determine whether files of the containers of the application be shared with external guests or not. + +```powershell +Set-SPOApplication -OwningApplicationId – SharingCapability - OverrideTenantSharingCapability <$ OverrideTenantSharingCapability > +``` + +`SharingCapability` can take the following values: `Disabled`; `ExistingExternalUserSharingOnly`; `ExternalUserSharingOnly`; ExternalUserAndGuestSharing + +`$OverrideTenantSharingCapability` can take the following values: `$true`; `$false` + +## Container Administration + +### View Containers + +Admins can get a list of all the containers for a SharePoint Embedded application using the following commands. This command lists all the active containers within the application: + +```powershell +Get-SPOContainer -OwningApplicationId | FT +``` + +The `OwningApplicationId` is the ID of the SharePoint Embedded application. For more information about using this command, see [Get-SPOContainer cmdlet](/powershell/module/sharepoint-online/get-spocontainer). + +> [!NOTE] +> To enumerate Microsoft Loop containers, use Owning App ID: **a187e399-0c36-4b98-8f04-1edc167a0996** for all the cmdlets of container administration. + +### View containers sorted by storage +Consuming tenant admins can also get a list of all the containers of a SharePoint Embedded application sorted by storage using the following commands. + +```powershell +Get-SPOContainer -OwningApplicationId -SortByStorage | FT +``` + +`` can be `Ascending` or `Descending`. + +### View details of a Container + +Consuming tenant admins can get the details of a container within an application using the following command. This command returns more details of a container including StorageUsed, Ownership details, SiteURL, Label information, Owners count, etc. + +Consuming tenant admins can use the following command: + +```powershell +Get-SPOContainer -Identity +Get-SPOContainer -Identity +``` + +Here, the `containerId` is the ID of the container & `siteURL` is the URL of the SharePoint site that is associated with the container. + +### Sensitivity Label of a container + +Consuming tenant admins can set the sensitivity label of a container of an application using the following: + +```powershell +Set-SPOContainer -Identity -SensitivityLabel +``` + +Consuming tenant admins can remove the sensitivity label of a container of an application using the following: + +```powershell +Set-SPOContainer -Identity -RemoveLabel +``` + +The `ContainerId` is the ID of the container whose sensitivity label is being set. + +### Delete containers + +Deleting a container can have implications on the functionality of a SharePoint Embedded app, Here are some examples of the potential issues that an application can encounter when deleting a container. + +- Data Loss: Deleting a container removes all its content. If the SharePoint Embedded application relies on the data stored within the deleted container, the app might no longer function as expected or might lose access to critical information. +- Broken Links: If the SharePoint Embedded application contains links or references to the deleted container, those links become broken, leading to errors or malfunctioning features within the app. +- Permissions Issues: Deleting a container can affect permissions settings. If the SharePoint Embedded app relies on specific permissions granted to the deleted container, it might encounter permission issues and fail to function properly. + +Therefore, it's essential to carefully consider the consequences of deleting a container and ensure that appropriate measures are taken to mitigate any potential issues. + +### Permanent deletion + +When admins delete a Container, it goes into the Recycle Bin. A deleted container can be restored from the Recycle Bin within 93 days. If a container is deleted from the Recycle Bin, or it exceeds the 93-day retention period, it's permanently deleted. Deleting a container deletes everything within it, including all documents and files. + +Admins should notify the Container owners before they delete a Container so they can move their data to another location, and also inform users when the Container is deleted. + +> [!WARNING] +> Deleting a container may cause unexpected issues for the SharePoint Embedded application the Container belongs to and may interrupt usage of the application. + +```powershell +Remove-SPOContainer -Identity +``` + +The `ContainerId` is the ID of the container that is moved to the deleted container collection. For more information about using this command, see [Remove-SPOContainer cmdlet](/powershell/module/sharepoint-online/remove-spocontainer). + +### View deleted containers + +Admins can get a list of deleted containers on the deleted container collection using the following command. For more information about using this command, see [Get-SPODeletedContainer](/powershell/module/sharepoint-online/get-spodeletedcontainer). + +```powershell +Get-SPODeletedContainer +``` + +### Restore deleted containers + +Admins can restore a deleted container from the deleted container collection using the following command. For more information about using this command, see [Restore-SPODeletedContainer cmdlet](/powershell/module/sharepoint-online/get-spodeletedcontainer). + +```powershell +Restore-SPODeletedContainer -Identity +``` + +### Permanently delete containers + +Admins can permanently delete a container from the deleted container collection if the container has no further retention policies applied to it. For more information about using this command, see [Remove-SPODeletedContainer cmdlet](/powershell/module/sharepoint-online/remove-spodeletedcontainer). + +```powershell +Remove-SPODeletedContainer -Identity +``` + +### Guest application permission management + +If permitted, Admins can add, edit, and remove guest application access to SharePoint Embedded applications. A guest application is defined as any application within the enterprise applications of the owning tenant. For more information about using this command, see [Set-SPOApplicationPermission](/powershell/module/sharepoint-online/set-spoapplicationpermission). + +```powershell +Set-SPOApplicationPermission + [[-OwningApplicationId] ] + [[-ApplicationId] ] + [[-PermissionAppOnly] ] + [[-PermissionDelegated] ] +``` + +## Security and Compliance Administration + +SharePoint Embedded uses Microsoft’s comprehensive compliance and data governance solutions to help organizations manage risks, protect, and govern sensitive data, and respond to regulatory requirements. Security and compliance solutions work similarly in the SharePoint Embedded platform as they do today in the Microsoft 365 platform so that data is stored in a secure, protected way that meets customers’ business and compliance policies while making it easy for Compliance and SharePoint Administrators to enforce critical security and compliance policies on the content. For information on supported security and compliance capabilities, see [Security and Compliance](../../compliance/security-and-compliance.md). diff --git a/docs/embedded/administration/developer-admin/dev-admin.md b/docs/embedded/administration/developer-admin/dev-admin.md new file mode 100644 index 000000000..f9621225e --- /dev/null +++ b/docs/embedded/administration/developer-admin/dev-admin.md @@ -0,0 +1,149 @@ +--- +title: Developer Admin +description: This article describes the role and responsibilities of Developer Tenant Admin in SharePoint Embedded. +ms.date: 03/03/2024 +ms.localizationpriority: high +--- +# Developer Admin + +## Overview + +Organizations that use SharePoint Embedded for file management are included in the Developer Ecosystem, which is overseen by developer administrators. These administrators are responsible for managing applications and the container types that have containers, the foundation of an application that needs to store content. Additionally, they can connect billing profiles to their applications. This article describes the management features available to developer administrators. + +## Developer Admin Role + +> [!IMPORTANT] +> Global Administrators can assign the SharePoint Embedded Administrator role available in M365 Admin Center or Microsoft Entra to execute SharePoint Embedded container commandlets mentioned in this article. +> +> Global Administrators can continue to execute SharePoint Embedded container cmdlets. + +A Microsoft 365 SharePoint Embedded Administrator serves as the developer admin. Global Administrators in Microsoft 365 can assign users the SharePoint Embedded Administrator role. The Global Administrator role already has all the permissions of the SharePoint Embedded Administrator role. The SharePoint Embedded Role is available in Microsoft Entra and Microsoft 365 Admin Center. For information on [SharePoint Embedded Administrator](../adminrole.md) role. + +The following are some of the container-specific commands actions currently supported on PowerShell: + +- Creation of container types + - Creation of Standard container type with standard billing + - Creation of Standard container type with direct to customer billing + - Creation of Trial container type +- Container type management + - Viewing of container types in the tenant + - Editing properties of a container type in the tenant + - Configuration properties of a container type in the tenant + - Manage billing of applications/ container types for standard billing + - Removing a container type in the tenant + +### Billing responsibilities of the developer admin + +There are two types of billing models followed: + +Standard billing: +The developer admin is responsible for the billing of SharePoint Embedded applications. The developer admin needs to establish billing for SharePoint Embedded while creating container types given they have owner or contributor permissions on the Azure subscription that they use to establish the billing relationship on the product. To learn more about how to set up billing and manage cost and invoice, read about [PAYG for SharePoint Embedded](../billing/billing.md). + +Direct to Customer billing: +In this model, the customer, or the consuming tenant admin, is responsible for billing. To ensure the Direct to Customer (DTC) Billing model, the developer admin must set the billing property of Direct to customer to enabled. + +## Administration Tools + +Developer admins are able to manage SharePoint Embedded applications with PowerShell commands using SharePoint Online Management Shell. + +To get started using PowerShell to manage SharePoint Embedded, you have to install the SharePoint Online Management Shell and connect to SharePoint Online. + +> [!IMPORTANT] +> You must use the latest version of SharePoint PowerShell to use container type administration cmdlets. + +## PowerShell cmdlets for admin experience + +### Creation of container types + +The developer administrator can create a container type using PowerShell cmdlets. Each container type is associated to an application ID, a one to one mapping, and an Azure subscription ID. The developer administrator can also create Trial container types that have a validity of 30 days to test out SharePoint Embedded. The following [commands](/powershell/module/sharepoint-online/new-spocontainertype) can be used to create SharePoint Embedded container types on the developer admin’s tenant: + +Standard billing container type: + +```powershell +New-SPOContainerType -ContainerTypeName -OwningApplicationId -AzureSubscriptionId -ResourceGroup -Region ​ +``` +Direct to customer billing container type: + +```powershell +New-SPOContainerType -IsPassThroughBilling -ContainerTypeName -OwningApplicationId +``` + +Trial container type: + +```powershell +New-SPOContainerType –TrialContainerType -ContainerTypeName -OwningApplicationId +``` + +OwningApplicationId is the ID of the SharePoint Embedded application. Azure Subscription ID is the ID of the Microsoft Entra ID profile for billing purposes. + +### Viewing of container types + +The developer administrator can view container types and the corresponding applications created in their tenant using PowerShell commandlets. The following commands can be used to view SharePoint Embedded applications created on the developer admin’s tenant: + +```powershell +Get-SPOContainerType​ +Get-SPOContainerType -ContainerTypeId +``` + +### Manage properties of container types + +Using PowerShell cmdlets, the developer administrator can change the properties of container types, both standard and trial. The following commands can be used to change the properties SharePoint Embedded applications created on the developer admin’s tenant: + +```powershell +Set-SPOContainerType -ContainerTypeId + [-OwningApplicationId ] + [-ContainerTypeName ] + [-WhatIf] [-Confirm] +``` + +### Container type configuration properties + +The developer administrator can change container type configuration settings using PowerShell commandlets. The following container type properties can be set: + +1. Discoverability Disabled: Controls if file items inside the container surface in other Microsoft 365 properties (MRU, etc.). +1. Sharing Restricted: Only manager and owner can share files in the container if restricted sharing is true. + +The following commands can be used to change the configuration settings of SharePoint Embedded applications created on the developer admin’s tenant: + +```powershell +Set-SPOContainertypeConfiguration -ContainerTypeId < ContainerTypeId > -DiscoverabilityDisabled $value +``` + +For `DiscoverabilityDisabled` `$value` can be set to `$true`; `$false` + +The default value `$true` - ensures all content is hidden. + +```powershell +Set-SPOContainertypeConfiguration -ContainerTypeId < ContainerTypeId > -SharingRestricted $value +``` + +For `SharingRestricted` `$value` can be set to `$true`; `$false` + +```powershell +Set-SPOContainertypeConfiguration -ContainerTypeId < ContainerTypeId > - DiscoverabilityDisabled $value -SharingRestriced $value +``` + +The developer admin can view the container type configuration settings using the following cmdlet: + +```powershell +Get-SPOContainertypeConfiguration -ContainerTypeId < ContainerTypeId > +``` + +## Manage billing profile of applications/ container types + +The developer administrator can change the billing profile of container types using PowerShell cmdlets. The following commands can be used to change the properties SharePoint Embedded applications created on the developer admin’s tenant: + +```powershell +Set-SPOContainerType -ContainerTypeId + [-AzureSubscriptionId ] + [-ResourceGroup ]​[-WhatIf] + [-Confirm] +``` + +For more information about billing, see [Billing](../billing/billing.md). + +## Roles and Permissions + +The user or admin who creates the billing relationship for SharePoint Embedded needs to have owner or contributor permissions on an Azure subscription. + +If you don't have an Azure subscription, follow steps here to [create a subscription.](/azure/cloud-adoption-framework/ready/azure-best-practices/initial-subscriptions) diff --git a/docs/embedded/compliance/security-and-compliance.md b/docs/embedded/compliance/security-and-compliance.md new file mode 100644 index 000000000..af95b70a3 --- /dev/null +++ b/docs/embedded/compliance/security-and-compliance.md @@ -0,0 +1,130 @@ +--- +title: Security and Compliance +description: Details Security and Compliance methods provided by SharePoint Embedded +ms.date: 03/03/2025 +ms.localizationpriority: high +--- + +# Security and Compliance + +Microsoft's SharePoint Embedded provides a faster way to create secure and compliant documents stored in various applications. SharePoint Embedded uses Microsoft’s comprehensive compliance and data governance solutions to help organizations manage risks, protect, and govern sensitive data, and respond to regulatory requirements. Security and compliance solutions work similarly in the SharePoint Embedded platform as they do today on the Microsoft 365 (Microsoft 365) platform so that data is stored in a secure, protected way that meets customers’ business and compliance policies while making it easy for Compliance and SharePoint Administrators to enforce critical security and compliance policies on the content. + +In this article, we describe the security and compliance policies that are supported today on content that resides in the SharePoint Embedded platform, and their capabilities and limitations. + +Since SharePoint Embedded by design doesn’t have any user interface, some Compliance scenarios necessitating user interaction aren't natively supported. The owning application that governs the container can choose to support these scenarios and provide the optimal experience to end users by using the Microsoft Graph. + +## Compliance Policies using Microsoft Purview + +Currently, SharePoint Embedded supports the following Compliance features under Microsoft Purview. You can follow the following steps to retrieve the details of a container that the policy needs to be applied to. + +1. View a list of registered SharePoint Embedded applications registered in the specified tenant: + + ```powershell + Get-SPOApplication + ``` + +1. Retrieve a list of containers in a SharePoint Embedded application by providing the ApplicationID returned in Step #1: + + ```powershell + Get-SPOContainer -OwningApplicationId + ``` + +1. Retrieve the details of a container including the ContainerSiteURL by providing the ContainerID returned in Step #2: + + ```powershell + Get-SPOContainer -OwningApplicationId -Identity + ``` + +For information on how to retrieve the `ContainerSiteURL` to set the various compliance policies described in this article at a container level, see [Get-SPOContainer](/powershell/module/sharepoint-online/get-spocontainer). + +### Audit + +The Audit capabilities provided by SharePoint Embedded mirror the existing Audit functionalities currently supported within SharePoint. All user and admin operations performed in various applications hosted in SharePoint Embedded are captured, recorded, and retained in your organization's unified audit log. For more information on Audit, see [Auditing solutions in Microsoft Purview](/purview/audit-solutions-overview). + +In addition to existing file properties, Audit events related to SharePoint Embedded are logged with the following more data to help filter the Audit search results to isolate the relevant SharePoint Embedded content: + +- `ContainerInstanceId` +- `ContainerTypeId` + +![Audit events](../images/sc1.png) + + +### eDiscovery + +Compliance Admins can use eDiscovery tools in Microsoft Purview to search/hold/export content hosted in the SharePoint Embedded platform. For more information on eDiscovery, see [Microsoft Purview eDiscovery solutions](/purview/ediscovery). + +To perform an eDiscovery Search on all SharePoint Embedded content, Admins should select **All** SharePoint Sites when configuring the eDiscovery Search in Microsoft Purview. This enables the Search for content stored in all SharePoint Sites and all SharePoint Embedded containers. + +![eDiscovery search](../images/sc2.png) + +To limit the eDiscovery Search to one/few SharePoint Embedded containers, Admins can **Choose sites** under the **SharePoint sites** workload and provide the desired container URL. + +![choose sites in eDiscovery search](../images/sc3.png) + +### Data Lifecycle Management (DLM) + +SharePoint Embedded supports retention and holds policies on content stored in its applications using the Microsoft Purview compliance portal. For more information on DLM, see [Learn about Microsoft Purview Data Lifecycle Management](/purview/data-lifecycle-management). + +The existing retention policy is applied to all SharePoint Embedded containers if the policy is configured for **All sites**. Similarly, creating a new retention/hold policy on *all* SharePoint Sites workload automatically enforces the policy on all SharePoint Sites and all containers within SharePoint Embedded. + +![retention policy](../images/sc4.png) + +To selectively enforce the policy on one or more SharePoint Embedded containers, copy the container URL and configure the policy to be selectively enforced only on those containers. + +![enforce retention policy](../images/sc5.png) + +Since SharePoint Embedded doesn't have a built-in user interface, DLM scenarios requiring user interaction aren't natively supported. For instance, if an end user attempts to apply a retention label on a container using a SharePoint Embedded application (app), the app governing the access to the container must furnish that functionality. In such cases, Graph APIs for DLM functionalities can be used. + +### Data Loss Protection (DLP) + +Using Microsoft Purview, Admins can identify, monitor, and automatically protect sensitive items stored in applications using SharePoint Embedded. For more information on DLP, see  [Learn about data loss prevention](/purview/dlp-learn-about-dlp). + +Like retention policies, DLP policies can be enforced on all SharePoint Sites and SharePoint Embedded containers by choosing to configure the policy on ‘All sites’. + +![DLP Policy](../images/sc6.png) + +Admins can also restrict the enforcement of a DLP policy to specific SharePoint Embedded containers by specifying the relevant container URLs during policy configuration. + +![Configure DLP Policy](../images/sc7.png) + +Several scenarios supported by DLP today need user interaction that isn’t natively supported by SharePoint Embedded. For instance, based on its configuration, a DLP policy that prevents external sharing might allow end users to provide a business justification to override the policy. The client app that renders this DLP-flagged file item needs to support such user interactions. + +Policy tips are shown today for files hosted in SharePoint so that users are kept informed about DLP-flagged file items and corresponding restrictions. Similarly, for policy tips to be displayed for files hosted in SharePoint Embedded, the client app can choose to provide more support by utilizing the Microsoft Graph for this purpose. + +## Security features + +### Sensitivity labels on containers + +Global Administrators and SharePoint Administrators can set and remove sensitivity labels on a SharePoint Embedded container by using the newly created SharePoint PowerShell cmdlet: + +```powershell +Set-SPOContainer -Identity -SensitivityLabel +``` + +To learn more about setting sensitivity labels, see [Learn about sensitivity labels](/purview/sensitivity-labels). + +### Block Download policy + +Block Download policy allows SharePoint Administrator or Global Administrator to block the download of files from SharePoint Embedded containers using the following SharePoint PowerShell cmdlet. + +```powershell +Set-SPOSite -Identity -BlockDownloadPolicy $true +``` + +A SharePoint Advanced Management (SAM) license is needed to enforce this policy. Read the full documentation for advanced capabilities at [Block download policy for SharePoint sites and OneDrive](/sharepoint/block-download-from-sites). + +### Conditional Access policy + +SharePoint Embedded supports basic Conditional Access policy configurations such as: + +- `AllowFullAccess`: Allows full access from desktop apps, mobile apps, and the web +- `AllowLimitedAccess`: Allows limited, web-only access +- `BlockAccess`: Blocks Access + +These settings are available with the following PowerShell cmdlet. The `AuthorizationContext` will also be supported soon. + +```powershell +Set-SPOContainer -Identity -ConditionalAccessPolicy +``` + +To learn more about conditional access policies, see [Control access from unmanaged devices](/sharepoint/control-access-from-unmanaged-devices). diff --git a/docs/embedded/development/app-architecture.md b/docs/embedded/development/app-architecture.md new file mode 100644 index 000000000..d3eb1d73c --- /dev/null +++ b/docs/embedded/development/app-architecture.md @@ -0,0 +1,50 @@ +--- +title: App Architecture +description: Anatomy of a SharePoint Embedded application +ms.date: 05/21/2024 +ms.localizationpriority: high +--- + +# SharePoint Embedded app architecture + +All files and documents in SharePoint Embedded are stored in containers, with all containers and container content created and stored within a Microsoft 365 Tenant. All containers and container content are created, managed, and interacted via the SharePoint Embedded application using Microsoft Graph. + +![SharePoint Embedded Architecture](../images/SPEArch.png) + +## SharePoint Embedded application + +A Microsoft Entra ID application registration. As an owning or guest application to a container type, it has access to containers of that container type. + +## Owning tenant and consuming tenant + +SharePoint Embedded introduces the concepts of owning tenant and consuming tenant. Owning tenant is a Microsoft Entra ID tenant where a container type is created. This is often also the tenant where your SharePoint Embedded application is registered. Consuming tenant is a Microsoft Entra ID tenant where a container type is used. Only a consuming tenant may have containers of such container type. All container and content created via the application is stored within the consuming tenant's Microsoft 365 tenant boundary. + +The same Microsoft Entra ID tenant can be both owning and consuming tenant of a given container type in the SharePoint Embedded ecosystem. + +## Container, container type, and owning application + +A container is the basic storage unit in SharePoint Embedded. Also, a container defines a security and compliance boundary. + +A container type is a SharePoint Embedded resource that defines the relationship, access privileges, and billing accountability between an application and a set of containers. Also, the container type defines behaviors on the set of containers. Learn more about [container types](../getting-started/containertypes.md). + +The container type is represented on each container as an immutable property and is used across the entire SharePoint Embedded ecosystem. Each container type is strongly coupled with one SharePoint Embedded application, which is referred to as the owning application. The owning application developer (the owning tenant) is responsible for creating and managing their container types. SharePoint Embedded mandates a 1:1 relationship between owning application and container type. + +## Access Model + +An application's access to containers and container content is determined by a set of permissions configured between the application and the container type it attempts to access. This set of permission is determined at container Type creation time for owning application. The SharePoint Embedded ecosystem allows applications to access containers of container types it doesn't own. + +In this illustration, multiple applications are deployed in the tenancy, including two apps developed by ISVs (App 1 and 2) and a LOB app (App 3). Each application can access only to the stack of containers of the container type they own. + +![SPE multi app architecture](../images/SPECTDedicated.png) + +In this illustration, both App 1 and App 2 in the tenancy have access to the same container type. Both apps can access the stack of the containers of that type. + +![SPE multi app architecture sharing Container Types](../images/SPECTShared.png) + +#### Example + +Contoso is an ISV and built a human resource management application on SharePoint Embedded. The application is registered and deployed in Fabrikam, an auditing firm. Fabrikam also developed an LOB auditing application on SharePoint Embedded that is used internally. + +In this scenario, both the human resource management application developed by Contoso and the auditing application developed by Fabrikam have their own container type. Contoso is the owning tenant of the human resource management application; and the application is the owning app for its container Type. Likewise, Fabrikam is the owning tenant the auditing application; and the application is the owning app for its container type. In addition, Fabrikam is the consuming tenant for both applications. + +![Example](../images/apparchexample.png) diff --git a/docs/embedded/development/auth.md b/docs/embedded/development/auth.md new file mode 100644 index 000000000..6e20ceb95 --- /dev/null +++ b/docs/embedded/development/auth.md @@ -0,0 +1,164 @@ +--- +title: SharePoint Embedded Authentication and Authorization +description: This article describes the authentication and authorization model for SharePoint Embedded applications. +ms.date: 06/24/2025 +ms.localizationpriority: high +--- + +# SharePoint Embedded authentication and authorization + +To use SharePoint Embedded, your application needs to use Microsoft Graph. Learn more about [Microsoft Graph authentication and authorization](/graph/auth/auth-concepts). Learn more about the [SharePoint Embedded architecture](./app-architecture.md). + +## Overview + +Here are some key principles of SharePoint Embedded authentication and authorization: + +- Applications interact with SharePoint Embedded via Microsoft Graph. +- Applications need container type application permissions to access containers of that container type. +- Applications can only access containers that the user is a member of when using access on behalf of a user. +- Applications can access all containers enabled by their container type application permissions when using access without a user. +- Applications use access on behalf of users whenever possible to enhance security and accountability + +## Pre-Requisites + +- A Microsoft Entra ID application registration. See [register an application](/graph/auth-register-app-v2). +- Your Microsoft Entra ID tenant has a Microsoft 365 subscription + +## Authorization + +SharePoint Embedded operations are exposed via Microsoft Graph. SharePoint Embedded supports [access on behalf of a user](/graph/auth-v2-user) and also [access without a user](/graph/auth-v2-service). + +> [!IMPORTANT] +> Microsoft Graph permissions granted to your application allow it to call SharePoint Embedded endpoints. However, your application must be granted [permission to a container type](#container-type-application-permissions) before it gets access to containers of that type. + +### Access on behalf of a user + +SharePoint Embedded operations [on behalf of a user](/graph/auth-v2-user) require applications to receive consent for Microsoft Graph [`FileStorageContainer.Selected`](/graph/permissions-reference#filestoragecontainerselected) delegated permission. This permission requires admin consent on the consuming tenant before any user from the tenant can consent to it. + +In addition to your application receiving consent for `FileStorageContainer.Selected` on a consuming tenant, the user that it's acting on behalf of is required to have [container permissions](#container-permissions). The effective permissions that the application has are the intersection of the application permissions and the user permissions when acting on behalf of a user. + +> [!IMPORTANT] +> Using SharePoint Embedded on behalf of a user is the recommended approach. This type of access enhances the security of your application. It also improves the auditability of actions performed by your application. + +### Access without a user + +SharePoint Embedded operations [without a user](/graph/auth-v2-service) require applications to receive consent for Microsoft Graph [`FileStorageContainer.Selected`](/graph/permissions-reference#filestoragecontainerselected) application permission. This permission requires admin consent on the consuming tenant. + +> [!NOTE] +> An administrator on the consuming tenant must consent to your application's request for permissions. Learn more [here](/entra/identity/enterprise-apps/grant-admin-consent?pivots=portal). + +### Exceptional access patterns + +Currently, there are two types of operations with exceptional access patterns: + +- [Operations not exposed via Microsoft Graph](#operations-not-exposed-via-microsoft-graph) +- [Operations involving searching SharePoint Embedded content](#operations-involving-searching-sharepoint-embedded-content) +- [Operations that require a user license](#operations-that-require-a-user-license) + +> [!IMPORTANT] +> Consider the repercussions of these exceptional access patterns on how your application and other applications can access SharePoint Embedded content in your container type. + +#### Operations not exposed via Microsoft Graph + +There are two types of operations that aren't accessible via Microsoft Graph today: + +- [Container type management](../getting-started/containertypes.md) on owning tenants, which are performed via PowerShell cmdlets. +- [Container type registration](../getting-started/register-api-documentation.md) on consuming tenants, exposed via SharePoint REST API v2. +- [SharePoint Embedded agent](./declarative-agent/spe-da.md) exposed via SharePoint REST API v2 permissions. + +To perform [container type management](../getting-started/containertypes.md) operations, you must be a [SharePoint Embedded Administrator](/entra/identity/role-based-access-control/permissions-reference#sharepoint-embedded-administrator) or [Global Administrator](/entra/identity/role-based-access-control/permissions-reference#global-administrator). + +To [register a container type](../getting-started/register-api-documentation.md), you must request the `Container.Selected` permission on the `Office 365 SharePoint Online` resource. + +| Scope name | Scope ID | Type | Operation | +| :-------------------: | :----------------------------------: | :---------: | :-----------------------------------------------------------------------------------------------: | +| Container.Selected | 19766c1b-905b-43af-8756-06526ab42875 | Application | In the context of SharePoint Embedded, enables container type registration on a consuming tenant. | + +> [!NOTE] +> Container type management on owning tenants and registration on consuming tenants will become Microsoft Graph operations soon, and this permission will no longer be needed. Stay tuned. + +To use the [SharePoint Embedded agent](./declarative-agent/spe-da.md) experience (in the Preview stage) in your application, you also need the `Container.Selected` permission on the `Office 365 SharePoint Online` resource. + +#### Operations involving searching SharePoint Embedded content + +This section refers only to the search scenarios in [Search Content](./content-experiences/search-content.md), and not the enumeration scenarios. + +To use [Microsoft Search](/microsoftsearch/overview-microsoft-search) on SharePoint Embedded content, you must request the Delegated [`Files.Read.All`](/graph/permissions-reference#filesreadall) Microsoft Graph permission on top of `FileStorageContainer.Selected`, normally used for SharePoint Embedded access. During the Preview stage of this feature, the `Files.Read.All` application permission grants applications access to search capabilities on all SharePoint Embedded content. + +> [!NOTE] +> Microsoft Search support for SharePoint Embedded content is in Preview and is subject to change. The access requirements for Microsoft Search on SharePoint Embedded content will align with the SharePoint Embedded authorization model in the future. Stay tuned. + +#### Operations that require a user license + +SharePoint Embedded is designed to work without the need for end users to have any kind of Microsoft 365 product licenses assigned to them. However, there are certain operations that don't abide by this principle yet. + +##### List containers + +The [List containers](/graph/api/filestorage-list-containers?tabs=http) operation returns a `403 Forbidden` response code if called on behalf of a user that doesn't have a OneDrive. There are plans to remove this dependency soon. This dependency doesn't apply to the List containers operation when called without a user context (app-only mode). + +##### Mention users in Office documents + +The common [Office experience](./content-experiences/office-experience.md) includes reviewing documents and adding comments to those documents. For users to show up in the @mentions people picker, they need to have a Microsoft 365 license assigned to them. + +### Container type application permissions + +SharePoint Embedded applications need to be granted container type application permissions by the owner application before they can access containers of the given container type. Container type application permissions are granted to applications via [container type registration](../getting-started/register-api-documentation.md). + +| Permission | Description | +| -------------------- | ------------------------------------------------------------------------------------------------------------------ | +| None | Has no permissions to any containers or content of this container type. | +| ReadContent | Can read the content of containers of this container type. | +| WriteContent | Can write content to containers for this container type. This can't be granted without the ReadContent permission. | +| Create | Can create containers of this container type. | +| Delete | Can delete containers of this container type. | +| Read | Can read the metadata of containers of this container type. | +| Write | Can update the metadata of containers of this container type. | +| EnumeratePermissions | Can enumerate the members of a container and their roles for containers of this container type. | +| AddPermissions | Can add members to the container for containers of this container type. | +| UpdatePermissions | Can update (change roles of) existing memberships in the container for containers of this container type. | +| DeletePermissions | Can delete other members (but not self) from the container for containers of this container type. | +| DeleteOwnPermissions | Can remove own membership from the container for containers of this container type. | +| ManagePermissions | Can add, remove (including self), or update members in the container roles for containers of this container type. | +| ManageContent | Can manage the content of the container | +| Full | Has all permissions for containers of this container type. | + +> [!NOTE] +> The combination of Microsoft Graph permissions and container type application permissions encompasses the client authorization for applications. + +### Container permissions + +Any user accessing a container must be a member of the container. Membership to a container [grants users container permissions](/graph/api/filestoragecontainer-post-permissions). These permissions define the access level that users have on a given container. Container permissions only apply to access on behalf of a user and not to access without a user. A SharePoint Embedded application accessing containers without a user gets the full access defined in its [container type application permissions](#container-type-application-permissions) instead. + +> [!IMPORTANT] +> The calling user creating a new container via delegated calls is automatically assigned the Owner role. + +| Permission | Description | +| ---------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Reader | This role allows the user to read the properties and the contents of the container. | +| Writer | This role has all the permissions a Reader has, plus the permission to create, update, and delete content inside the container, and to update applicable container properties. | +| Manager | This role has all the permissions a Writer has, plus the permission to manage membership of the container. | +| Owner | This role has all the permissions a Manager has, plus the permission to delete containers. | + +## What's next + +Here are some actions you can take next: + +1. Configure your SharePoint Embedded [application manifest](/entra/identity-platform/reference-app-manifest#requiredresourceaccess-attribute) (you can use [Microsoft Entra PowerShell](/powershell/entra-powershell/manage-apps#assign-permissions-to-an-app) or the [Azure CLI](/cli/azure/ad/app/permission#az-ad-app-permission-add)) to request the required permissions: + + - Microsoft Graph (resourceAppId: `00000003-0000-0000-c000-000000000000`) + - `FileStorageContainer.Selected` (type: `Scope`, ID: `085ca537-6565-41c2-aca7-db852babc212`) to access containers on consuming tenants + - Office 365 SharePoint Online (resourceAppId: `00000003-0000-0ff1-ce00-000000000000`) + - `Container.Selected` (type: `Role`, ID: `19766c1b-905b-43af-8756-06526ab42875`) to register a container on consuming tenants + +1. [Grant admin consent](/entra/identity-platform/v2-admin-consent) to your application on both owning and consuming tenants (which can be the same tenant). + + > [!NOTE] + > The `Container.Selected` application permission is hidden, which can cause issues with granting admin consent using the Enterprise apps pane in the Azure portal. Instead, [construct the admin consent URL](/entra/identity-platform/v2-admin-consent#request-the-permissions-from-a-directory-admin) and provide it to your Microsoft Entra directory administrator. For example: + > + > `https://login.microsoftonline.com/{tenant}/v2.0/adminconsent?client_id={client_id}` + > + > Make sure the Microsoft Entra directory administrator [confirms a successful response](/entra/identity-platform/v2-admin-consent#successful-response). + +1. [Create a new container type](../getting-started/containertypes.md) on the owning tenant. +1. [Register a container type](../getting-started/register-api-documentation.md) on the consuming tenant. +1. [Create a container](/graph/api/filestoragecontainer-post) diff --git a/docs/embedded/development/content-experiences/office-experience.md b/docs/embedded/development/content-experiences/office-experience.md new file mode 100644 index 000000000..4add48ca4 --- /dev/null +++ b/docs/embedded/development/content-experiences/office-experience.md @@ -0,0 +1,77 @@ +--- +title: Office Experiences +description: Overview of Office experiences with SharePoint Embedded content +ms.date: 06/18/2025 +ms.localizationpriority: high +--- + +# Office file experiences for SharePoint Embedded + +Office file experiences for SharePoint Embedded platform will work in a similar manner to Microsoft 365 platform. + +## Opening Office documents from SharePoint Embedded + +Office documents from SharePoint Embedded apps can be opened for viewing and editing in Office web or in the Office application for a richer viewing and editing experience. AutoSave feature saves your files automatically as your user's work and is enabled for each Word, Excel, and PowerPoint file stored in your SharePoint Embedded Application Apps. + +## View or restore a previous version of an Office document from SharePoint Embedded + +Versioning is automatically enabled on each Word, Excel, and PowerPoint file stored in your SharePoint Embedded Apps, that helps your users to see what changes have been made in a file, compare different versions, or restore the version you want. This is incredibly important to your users if a mistake was made, a previous version is preferred, or in multi-user coauthoring scenarios when your users are collaborating with others and someone makes changes your users didn't want in a file. + +## Collaborating on Office documents from SharePoint Embedded + +It's simple for your users to collaborate on your SharePoint Embedded Application's Office documents – they can **Share documents** with specific peers or with people outside your organization by Creating a shareable link to use wherever needed, Send an email invitation or @mention in comments to tag someone for feedback and, **Collaborate in real time** by co-authoring in Office with SharePoint Embedded Applications. + +> [!NOTE] +> Mentions require target users to [have an Microsoft 365 license assigned to them](../auth.md#mention-users-in-office-documents). +> +> Mentions are restricted to people inside the consuming tenant's organization. Mentions exclude guests and users from other tenants in a multitenant setting. + +### Share your documents + +#### Send an email invite + +Share your SharePoint Embedded documents by sending an email invitation to specific people: + +- Select Share, start typing the email addresses or contact names of people you want to share with. When you begin to enter info in the box, you can also choose a contact from the list that appears. +- Include a message if you want and hit Send. + +#### Create a shareable link + +Creating a shareable link makes it simple to share your SharePoint Embedded document in an email, document, or IM. + +- Select Share, Copy Link, and Paste the link wherever you want +- Change any permissions of the link if needed + +#### Co-Author + +If you want others to edit with you, you can easily share files and collaborate with trusted peers for a fresh perspective. When you need help with a presentation, you can invite trusted peers to help you get it into shape. This means that when you work on a file, they can as well. You’ll see their changes and they’ll see yours—as you make them! Use @mentions in comments to get someone's attention. + +- See who else is in the document and where they're working. +- A presence indicator shows where someone is making changes. See any changes right as they're being made. +- See changes made by others and see what's happened while you were away. + +#### Levels of sharing access + +There are different options for sharing SharePoint Embedded Application Office Documents from: + +| If you want to … | Sharing Setting to Set | +| ---------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Allow Anyone who receives the link access to SharePoint Embedded Application File | **Anyone**  gives access to anyone who receives this link, whether they receive it directly from you or are forwarded from someone else. This might include people outside of your organization. | +| Allow anyone in your organization to access to your SharePoint Embedded Application File | **People in \** gives anyone in your organization who has the link access to the file, whether they receive it directly from you or forwarded from someone else. | +| Secure your SharePoint Embedded Application docs only to specific people. | When you need to prevent recipients from forwarding a shared link, use the **Specific People**  permission. **Specific people**  gives access only to the people you specify, although other people might already have access. If people forward the sharing invitation, only people who already have access to the item will be able to use the link. | +| Reshare the link with specific people | **People with existing access**  can be used by people who already have access to the document or folder. It doesn't change the permissions on the item. Use this if you just want to send a link to somebody who already has access. | + +## Breadcrumb properties on Office documents from SharePoint Embedded + +Breadcrumb properties are used by Office clients to display breadcrumb-style elements within Office client UI that aid your users in associating Office files with your Application. + +> [!NOTE] +> We recommend specifying 'Current Channel' to take advantage of Breadcrumb patterns and future enhancements to Office Apps. Learn more about [specifying update channels for Office Apps](/deployoffice/updates/overview-update-channels). + +Breadcrumb patterns for SharePoint Embedded Application Apps are constructed from container properties configured for your Apps. The following diagram maps the container properties to breadcrumb presentation in Office clients: + +![Screenshot of breadcrumb pattern in SharePoint Embedded Applications](../../images/office2.png) + +Here are few examples of SharePoint Embedded Application breadcrumb display within Office client experiences. + +![Screenshot of breadcrumb options in SharePoint Embedded Applications.](../../images/office1.png) diff --git a/docs/embedded/development/content-experiences/search-content.md b/docs/embedded/development/content-experiences/search-content.md new file mode 100644 index 000000000..98afb1bd1 --- /dev/null +++ b/docs/embedded/development/content-experiences/search-content.md @@ -0,0 +1,832 @@ +--- +title: Search SharePoint Embedded containers and content +description: Overview on how to search SharePoint Embedded containers and content +ms.date: 03/28/2025 +ms.localizationpriority: high +--- + +# Search SharePoint Embedded content + +Use the [Microsoft Search](/microsoftsearch/overview-microsoft-search) API in Microsoft Graph to search SharePoint Embedded containers and content. The Search API lets you scope the container type and file type for your queries by specifying the corresponding parameter in the request body. This article describes some examples. + +> [!NOTE] +> +> 1. Searching SharePoint Embedded content is in Preview stage and is subject to change. Please refer to the [exceptional access pattern](../auth.md#operations-involving-searching-sharepoint-embedded-content) that describes its current permission requirements. +> 1. Search API only supports Delegated permissions. +> 1. Your search requests must specify and set the `includeHiddenContent` parameter if your application has opted out of content discoverability in Microsoft 365. Learn more about [SharePoint Embedded content discoverability](./user-experiences-overview.md). + +## Example 1: Search containers by container type + +This example queries all containers by the specified container type with the SharePoint Embedded application opted out from content discoverability on Microsoft 365. The response includes all container instances (`drive`) of the specified container type in the tenant: + +### Request + +```HTTP +POST /search/query +Content-Type: application/json + +{ + "requests": [ + { + "entityTypes": [ + "drive" + ], + "query": { + "queryString": "ContainerTypeId:498c6855-8f0e-0de7-142e-4e9ff86af9ae" + }, + "sharePointOneDriveOptions": { + "includeHiddenContent": true + } + } + ] +} +``` + +### Response + +```HTTP +HTTP/1.1 200 OK +Content-type: application/json + +{ + "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(microsoft.graph.searchResponse)", + "value": [ + { + "searchTerms": [], + "hitsContainers": [ + { + "hits": [ + { + "hitId": "b!UBoDBcfpTEeInnz0Rlmlsp6EC-DsPN5Kj3uW0fD1mPp9ptYmB71GRpxbhbDlGdb0", + "rank": 1, + "summary": "Everything about Contoso", + "resource": { + "@odata.type": "#microsoft.graph.drive", + "id": "b!UBoDBcfpTEeInnz0Rlmlsp6EC-DsPN5Kj3uW0fD1mPp9ptYmB71GRpxbhbDlGdb0", + "createdBy": { + "user": { + "displayName": "Dylan Williams" + } + }, + "lastModifiedDateTime": "2024-01-18T19:45:25Z", + "name": "AllItems.aspx", + "parentReference": { + "sharepointIds": { + "listId": "26d6a67d-bd07-4646-9c5b-85b0e519d6f4" + }, + "siteId": "contoso.sharepoint.com,05031a50-e9c7-474c-889e-7cf44659a5b2,e00b849e-3cec-4ade-8f7b-96d1f0f598fa" + }, + "webUrl": "https://contoso.sharepoint.com/contentstorage/CSP_05031a50-e9c7-474c-889e-7cf44659a5b2/Document Library/Forms/AllItems.aspx" + } + } + ], + "total": 1, + "moreResultsAvailable": false + } + ] + } + ] +} +``` + +## Example 2: Search containers by title + +This example queries all containers by a specified container display name and the SharePoint Embedded application didn't opt out from content discoverability on Microsoft 365. The response includes all container instances in the tenant that match the criteria: + +### Request + +```HTTP +POST /search/query +Content-Type: application/json + +{ + "requests": [ + { + "entityTypes": [ + "drive" + ], + "query": { + "queryString": "Title:'contoso' AND ContainerTypeId:498c6855-8f0e-0de7-142e-4e9ff86af9ae" + } + } + ] +} +``` + +### Response + +```HTTP +HTTP/1.1 200 OK +Content-type: application/json + +{ + "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(microsoft.graph.searchResponse)", + "value": [ + { + "searchTerms": [ + "contoso" + ], + "hitsContainers": [ + { + "hits": [ + { + "hitId": "b!UBoDBcfpTEeInnz0Rlmlsp6EC-DsPN5Kj3uW0fD1mPp9ptYmB71GRpxbhbDlGdb0", + "rank": 1, + "summary": "Everything about Contoso", + "resource": { + "@odata.type": "#microsoft.graph.drive", + "id": "b!UBoDBcfpTEeInnz0Rlmlsp6EC-DsPN5Kj3uW0fD1mPp9ptYmB71GRpxbhbDlGdb0", + "createdBy": { + "user": { + "displayName": "Dylan Williams" + } + }, + "lastModifiedDateTime": "2024-01-18T19:45:25Z", + "name": "AllItems.aspx", + "parentReference": { + "sharepointIds": { + "listId": "26d6a67d-bd07-4646-9c5b-85b0e519d6f4" + }, + "siteId": "contoso.sharepoint.com,05031a50-e9c7-474c-889e-7cf44659a5b2,e00b849e-3cec-4ade-8f7b-96d1f0f598fa" + }, + "webUrl": "https://contoso.sharepoint.com/contentstorage/CSP_05031a50-e9c7-474c-889e-7cf44659a5b2/Document Library/Forms/AllItems.aspx" + } + } + ], + "total": 1, + "moreResultsAvailable": false + } + ] + } + ] +} +``` + +## Example 3: Search containers by container description + +This example queries all containers by the specified container type and container description, with the SharePoint Embedded application opted out from content discoverability on Microsoft 365. The response includes all container instances in the tenant that match the criteria: + +### Request + +```HTTP +POST /search/query +Content-Type: application/json + +{ + "requests": [ + { + "entityTypes": [ + "drive" + ], + "query": { + "queryString": "Description:'Everything' AND ContainerTypeId:498c6855-8f0e-0de7-142e-4e9ff86af9ae" + }, + "sharePointOneDriveOptions": { + "includeHiddenContent": true + } + } + ] +} +``` + +### Response + +```HTTP +HTTP/1.1 200 OK +Content-type: application/json + +{ + "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(microsoft.graph.searchResponse)", + "value": [ + { + "searchTerms": [], + "hitsContainers": [ + { + "hits": [ + { + "hitId": "b!UBoDBcfpTEeInnz0Rlmlsp6EC-DsPN5Kj3uW0fD1mPp9ptYmB71GRpxbhbDlGdb0", + "rank": 1, + "summary": "Everything about Contoso", + "resource": { + "@odata.type": "#microsoft.graph.drive", + "id": "b!UBoDBcfpTEeInnz0Rlmlsp6EC-DsPN5Kj3uW0fD1mPp9ptYmB71GRpxbhbDlGdb0", + "createdBy": { + "user": { + "displayName": "Dylan Williams" + } + }, + "lastModifiedDateTime": "2024-01-18T19:45:25Z", + "name": "AllItems.aspx", + "parentReference": { + "sharepointIds": { + "listId": "26d6a67d-bd07-4646-9c5b-85b0e519d6f4" + }, + "siteId": "contoso.sharepoint.com,05031a50-e9c7-474c-889e-7cf44659a5b2,e00b849e-3cec-4ade-8f7b-96d1f0f598fa" + }, + "webUrl": "https://contoso.sharepoint.com/contentstorage/CSP_05031a50-e9c7-474c-889e-7cf44659a5b2/Document Library/Forms/AllItems.aspx" + } + } + ], + "total": 1, + "moreResultsAvailable": false + } + ] + } + ] +} +``` + +## Example 4: Search for content by title in a specific container + +This example queries all the content by a specific title in a specific container instance, with the SharePoint Embedded application opted out from content discoverability on Microsoft 365. The response includes all `driveItems` in the specific container instance that match the criteria: + +### Request + +```HTTP +POST /search/query +Content-Type: application/json + +{ + "requests": [ + { + "entityTypes": [ + "driveItem" + ], + "query": { + "queryString": "Title:'contoso' AND ContainerId:b!UBoDBcfpTEeInnz0Rlmlsp6EC-DsPN5Kj3uW0fD1mPp9ptYmB71GRpxbhbDlGdb0" + }, + "sharePointOneDriveOptions": { + "includeHiddenContent": true + } + } + ] +} +``` + +### Response + +```HTTP +HTTP/1.1 200 OK +Content-type: application/json + +{ + "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(microsoft.graph.searchResponse)", + "value": [ + { + "searchTerms": [ + "contoso", + "b!UBoDBcfpTEeInnz0Rlmlsp6EC-DsPN5Kj3uW0fD1mPp9ptYmB71GRpxbhbDlGdb0" + ], + "hitsContainers": [ + { + "hits": [ + { + "hitId": "01SHAK4OWIBDXV4NG2JVFLSGUXVKZ5VF5E", + "rank": 1, + "summary": "Contoso Detailed Design Contoso Product Specification", + "resource": { + "@odata.type": "#microsoft.graph.driveItem", + "size": 56, + "fileSystemInfo": { + "createdDateTime": "2024-01-18T19:46:48Z", + "lastModifiedDateTime": "2024-01-18T19:46:48Z" + }, + "listItem": { + "@odata.type": "#microsoft.graph.listItem", + "fields": {}, + "id": "5eef08c8-da34-4a4d-b91a-97aab3da97a4" + }, + "id": "01SHAK4OWIBDXV4NG2JVFLSGUXVKZ5VF5E", + "createdBy": { + "user": { + "displayName": "Dylan Williams", + "email": "dywilliams@contoso.onmicrosoft.com" + } + }, + "createdDateTime": "2024-01-18T19:46:48Z", + "lastModifiedBy": { + "user": { + "displayName": "Dylan Williams", + "email": "dywilliams@contoso.onmicrosoft.com" + } + }, + "lastModifiedDateTime": "2024-01-18T19:46:48Z", + "name": "contoso.txt", + "parentReference": { + "driveId": "b!UBoDBcfpTEeInnz0Rlmlsp6EC-DsPN5Kj3uW0fD1mPp9ptYmB71GRpxbhbDlGdb0", + "id": "01SHAK4OVPJ5Q5P6YD6VCZHPV7PKILUJ65", + "sharepointIds": { + "listId": "26d6a67d-bd07-4646-9c5b-85b0e519d6f4", + "listItemId": "1", + "listItemUniqueId": "5eef08c8-da34-4a4d-b91a-97aab3da97a4" + }, + "siteId": "contoso.sharepoint.com,05031a50-e9c7-474c-889e-7cf44659a5b2,e00b849e-3cec-4ade-8f7b-96d1f0f598fa" + }, + "webUrl": "https://contoso.sharepoint.com/contentstorage/CSP_05031a50-e9c7-474c-889e-7cf44659a5b2/Document Library/contoso.txt" + } + } + ], + "total": 1, + "moreResultsAvailable": false + } + ] + } + ] +} +``` + +## Example 5: Search by content + +This example queries all the content by the specified words across all containers of a specific container type, with the SharePoint Embedded application opted out from content discoverability on Microsoft 365. The response includes all `driveItems` that match the criteria: + +### Request + +```HTTP +POST /search/query +Content-Type: application/json + +{ + "requests": [ + { + "entityTypes": [ + "driveItem" + ], + "query": { + "queryString": "'contoso' AND ContainerTypeId:498c6855-8f0e-0de7-142e-4e9ff86af9ae" + }, + "sharePointOneDriveOptions": { + "includeHiddenContent": true + } + } + ] +} +``` + +### Response + +```HTTP +HTTP/1.1 200 OK +Content-type: application/json + +{ + "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(microsoft.graph.searchResponse)" + "value": [ + { + "searchTerms": [ + "contoso" + ], + "hitsContainers": [ + { + "hits": [ + { + "hitId": "01SHAK4OWIBDXV4NG2JVFLSGUXVKZ5VF5E", + "rank": 1, + "summary": "Contoso Detailed Design Contoso Product Specification", + "resource": { + "@odata.type": "#microsoft.graph.driveItem", + "size": 56, + "fileSystemInfo": { + "createdDateTime": "2024-01-18T19:46:48Z", + "lastModifiedDateTime": "2024-01-18T19:46:48Z" + }, + "listItem": { + "@odata.type": "#microsoft.graph.listItem", + "fields": {}, + "id": "5eef08c8-da34-4a4d-b91a-97aab3da97a4" + }, + "id": "01SHAK4OWIBDXV4NG2JVFLSGUXVKZ5VF5E", + "createdBy": { + "user": { + "displayName": "Dylan Williams", + "email": "dywilliams@contoso.onmicrosoft.com" + } + }, + "createdDateTime": "2024-01-18T19:46:48Z", + "lastModifiedBy": { + "user": { + "displayName": "Dylan Williams", + "email": "dywilliams@contoso.onmicrosoft.com" + } + }, + "lastModifiedDateTime": "2024-01-18T19:46:48Z", + "name": "contoso.txt", + "parentReference": { + "driveId": "b!UBoDBcfpTEeInnz0Rlmlsp6EC-DsPN5Kj3uW0fD1mPp9ptYmB71GRpxbhbDlGdb0", + "id": "01SHAK4OVPJ5Q5P6YD6VCZHPV7PKILUJ65", + "sharepointIds": { + "listId": "26d6a67d-bd07-4646-9c5b-85b0e519d6f4", + "listItemId": "1", + "listItemUniqueId": "5eef08c8-da34-4a4d-b91a-97aab3da97a4" + }, + "siteId": "contoso.sharepoint.com,05031a50-e9c7-474c-889e-7cf44659a5b2,e00b849e-3cec-4ade-8f7b-96d1f0f598fa" + }, + "webUrl": "https://contoso.sharepoint.com/contentstorage/CSP_05031a50-e9c7-474c-889e-7cf44659a5b2/Document Library/contoso.txt" + } + } + ], + "total": 1, + "moreResultsAvailable": false + } + ] + } + ] +} +``` +## Example 6: Search containers by container custom property + +This example queries all containers by the specified custom property key:value pair, with the SharePoint Embedded application that has opted out from content discoverability on Microsoft 365. The response includes all containers that match the criteria: + +> [!NOTE] +> The custom property name must be appended with the text "OWSTEXT" in the query string. + +### Request + +```HTTP +POST /search/query +Content-Type: application/json + +{ + "requests": [ + { + "entityTypes": [ + "drive" + ], + "query": { + "queryString": "customPropertyNametOWSTEXT:customPropertyValue AND ContainerTypeId:498c6855-8f0e-0de7-142e-4e9ff86af9ae" + }, + "sharePointOneDriveOptions": { + "includeHiddenContent": true + } + } + ] +} +``` + +### Response + +```HTTP +HTTP/1.1 200 OK +Content-type: application/json + +{ + "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(microsoft.graph.searchResponse)", + "value": [ + { + "searchTerms": [], + "hitsContainers": [ + { + "hits": [ + { + "hitId": "b!C4Psl-ZZZkaZINVay8RKt2fqu3agJbVNlIUjNuIzqlPhOJMrr7ThS4aR8L8XdZu4", + "rank": 1, + "summary": "Everything about Contoso", + "resource": { + "@odata.type": "#microsoft.graph.drive", + "id": "b!UBoDBcfpTEeInnz0Rlmlsp6EC-DsPN5Kj3uW0fD1mPp9ptYmB71GRpxbhbDlGdb0", + "createdBy": { + "user": { + "displayName": "Dylan Williams" + } + }, + "lastModifiedDateTime": "2024-08-02T17:31:06Z", + "name": "AllItems.aspx", + "parentReference": { + "sharepointIds": { + "listId": "2b9338e1-b4af-4be1-8691-f0bf17759bb8" + }, + "siteId": "contoso.sharepoint.com,97ec830b-59e6-4666-9920-d55acbc44ab7,76bbea67-25a0-4db5-9485-2336e233aa53" + }, + "webUrl": "https://contoso.sharepoint.com/contentstorage/CSP_97ec830b-59e6-4666-9920-d55acbc44ab7/Document Library/Forms/AllItems.aspx" + } + } + ], + "total": 1, + "moreResultsAvailable": false + } + ] + } + ] +} +``` +## Example 7: Search for content with specific content properties in the response body and sort the results + +This example queries container content by specific words and requires the response to include all specified attributes on the content. Properties that are [sortable](/sharepoint/technical-reference/crawled-and-managed-properties-overview) can be used to sort the results. + +### Request + +```HTTP +POST /search/query +Content-Type: application/json + +{ + "requests": [ + { + "entityTypes": [ + "driveItem" + ], + "query": { + "queryString": "Everything about contoso" + }, + "sharePointOneDriveOptions": { + "includeHiddenContent": true + }, + "fields": [ + "SampleOWSText", + "id", + "name", + "parentReference", + "file", + "folder", + "webUrl", + "createdDateTime", + "lastModifiedDateTime", + "size", + "fileSystemInfo", + "createdBy", + "lastModifiedBy", + "fileSystemInfo", + "fileSystemInfo" + ], + "sortProperties": [ + { + "name": "Created", + "isDescending": false + } + ] + } + ] +} +``` + +### Response + +```HTTP +HTTP/1.1 200 OK +Content-type: application/json + +{ + "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(microsoft.graph.searchResponse)", + "value": [ + { + "searchTerms": [ + "everything", + "about", + "contoso" + ], + "hitsContainers": [ + { + "hits": [ + { + "hitId": "017JL52SWZQ2M5MULUKFBIL7SZ56EB4V2Z", + "rank": 1, + "summary": "Everything about Contoso", + "resource": { + "@odata.type": "#microsoft.graph.driveItem", + "size": 17363, + "fileSystemInfo": { + "createdDateTime": "2024-06-20T21:49:03Z", + "lastModifiedDateTime": "2024-04-01T16:57:00Z" + }, + "listItem": { + "@odata.type": "#microsoft.graph.listItem", + "id": "d69986d9-7451-4251-85fe-59ef881e5759", + "fields": { + "sampleOWSText": "Sample Value", + "id": "AAAAAH_MwHAjYctMtjgTN1cWJnYHAApvY20ubJFGtzLui9sETKcAAAAAASsAAApvY20ubJFGtzLui9sETKcAAAAAJqsAAA2", + "size": 17363, + "createdBy": "Dylan Williams" + } + }, + "id": "017JL52SWZQ2M5MULUKFBIL7SZ56EB4V2Z", + "createdBy": { + "user": { + "displayName": "Dylan Williams", + "email": "dywilliams@contoso.onmicrosoft.com" + } + }, + "createdDateTime": "2024-06-20T21:49:03Z", + "lastModifiedBy": { + "user": { + "displayName": "Dylan Williams", + "email": "dywilliams@contoso.onmicrosoft.com" + } + }, + "lastModifiedDateTime": "2024-04-01T16:57:00Z", + "name": "Constoso Details.docx", + "parentReference": { + "driveId": "b!rWzsZXXFWEOeeP31bSE5BTjn_6qC3dFNloUBMv62EMilewHuRwQrQau-zcJu2BT0", + "id": "017JL52SXQSKBKPB7VKZCJE5ZSWUN4LZDZ", + "sharepointIds": { + "listId": "ee017ba5-0447-412b-abbe-cdc26ed814f4", + "listItemId": "1", + "listItemUniqueId": "d69986d9-7451-4251-85fe-59ef881e5759" + }, + "siteId": "contoso.sharepoint.com,65ec6cad-c575-4358-9e78-fdf56d213905,aaffe738-dd82-4dd1-9685-0132feb610c8" + }, + "webUrl": "https://contoso.sharepointt.com/contentstorage/CSP_65ec6cad-c575-4358-9e78-fdf56d213905/Document Library/Constoso Details.docx" + } + } + ], + "total": 1, + "moreResultsAvailable": false + } + ] + } + ] +} +``` + +## Known Limitations + +- Search requests run in the context of the signed-in user. Search results are only scoped to enforce any access control applied to the items by the user. For example, search results will include all container or container content matching the search criteria and accessible by the user regardless of whether the SharePoint Embedded application is authorized to access. You should specify the desired container type by including the ContainerTypeId as part of your **queryString** when searching for containers or container content to ensure search results are properly scoped. +- For your application to access the containers or container content in search results, it must have access permissions to the corresponding container types. + +## Enumerate (filter) SharePoint Embedded content + +Content can also be enumerated using URL parameters to return specific content in SharePoint Embedded containers. This does not use the search API to retrieve items. See the [enumerate query parameter](/graph/filter-query-parameter?tabs=http) for reference. + +## Example 1: enumerate content by a specific column property and view the results + +This example enumerates the specified container content by the column property that is on the item: + +### Request + +```HTTP +GET https://graph.microsoft.com/v1.0/drives/{{ContainerID}}/items?$filter=startswith(listitem/fields/{{ColumnProperty}}, '{{Value}}')&$expand=listitem($expand=fields) +``` + +### Response + +```HTTP +HTTP/1.1 200 OK +Content-type: application/json +{ + "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#drives('b%21CORq-a8orUGIrd3_z9t1_vjCBSeqM3JKhDglEU3DIDvEl-Hms0qoQ7QCWYNQfGOF')/items(listItem(fields()))", + "value": [ + { + "@odata.etag": "\"{B8051D89-836E-4B8E-BD2B-7634BAC92825},21\"", + "@microsoft.graph.downloadUrl": "https://.sharepoint.com/contentstorage/CSP_f96ae408-28af-41ad-88ad-ddffcfdb75fe/_layouts/15/download.aspx?UniqueId=b8051d89-836e-4b8e-bd2b-7634bac92825&Translate=false&tempauth=v1.eyJzaXRlaWQiOiJmOTZhZTQwOC0yOGFmLTQxYWQtODhhZC1kZGZmY2ZkYjc1ZmUiLCJhcHBfZGlzcGxheW5hbWUiOiJTUEUtQmFzZWJhbGwiLCJhcHBpZCI6ImZiN2NmNTIwLWNiMzMtNDViZi1hMjM4LWFlNTFkMzE2NjY1ZiIsImF1ZCI6IjAwMDAwMDAzLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMC9wdWNlbGlrZW50ZXJwcmlzZS5zaGFyZXBvaW50LmNvbUAxNTNhNmViZS1mZjYyLTRiY2UtYjFiYy1hMWVkYTNiYzY2NDUiLCJleHAiOiIxNzMxNjE3MDE3In0.CgoKBHNuaWQSAjY5EgsIzpKzp9W7wj0QBRoNMjAuMTkwLjEzNS40MioscW54cjFGalBneHh2N1lGTkp1dUpxTFZWdFFIS1hOQ2RlQ3EvUUk2aHhlcz0wuAE4AUIQoWPmC1YwAABF4iHcgCWrfkoQaGFzaGVkcHJvb2Z0b2tlbnIpMGguZnxtZW1iZXJzaGlwfDEwMDM3ZmZlOWE5NDg5ZGRAbGl2ZS5jb216ATKCARIJvm46FWL_zksRsbyh7aO8ZkWSAQVTdGV2ZZoBB1B1Y2VsaWuiASdzdGV2ZUBwdWNlbGlrZW50ZXJwcmlzZS5vbm1pY3Jvc29mdC5jb22qARAxMDAzN0ZGRTlBOTQ4OUREsgFyY29udGFpbmVyLnNlbGVjdGVkIGFsbGZpbGVzLnJlYWQgYWxsZmlsZXMud3JpdGUgY29udGFpbmVyLnNlbGVjdGVkIGFsbHNpdGVzLnJlYWQgYWxscHJvZmlsZXMucmVhZCBhbGxwcm9maWxlcy5yZWFkyAEB.tfaYgtjhQxMctJeHUWb9RU7CChHXqFHT0FaM9Dt7J9I&ApiVersion=2.1", + "createdDateTime": "2024-09-20T16:46:00Z", + "eTag": "\"{B8051D89-836E-4B8E-BD2B-7634BAC92825},21\"", + "id": "01UELPCREJDUC3Q3UDRZF32K3WGS5MSKBF", + "lastModifiedDateTime": "2024-11-01T08:14:28Z", + "name": "ClaimExample-1.docx", + "size": 2299607, + "webUrl": "https://.sharepoint.com/contentstorage/CSP_f96ae408-28af-41ad-88ad-ddffcfdb75fe/_layouts/15/Doc.aspx?sourcedoc=%7BB8051D89-836E-4B8E-BD2B-7634BAC92825%7D&file=ClaimExample-1.docx&action=default&mobileredirect=true", + "cTag": "\"c:{B8051D89-836E-4B8E-BD2B-7634BAC92825},5\"", + "commentSettings": { + "commentingDisabled": { + "isDisabled": false + } + }, + "createdBy": { + "application": { + "displayName": "SPEContainerType", + "id": "fb7cf520-cb33-45bf-a238-ae51d316665f" + }, + "user": { + "displayName": "SharePoint App" + } + }, + "lastModifiedBy": { + "application": { + "displayName": "SPEContainerType", + "id": "fb7cf520-cb33-45bf-a238-ae51d316665f" + }, + "user": { + "displayName": "Steve Pucelik", + "email": "Steve@.onmicrosoft.com" + } + }, + "parentReference": { + "driveId": "b!CORq-a8orUGIrd3_z9t1_vjCBSeqM3JKhDglEU3DIDvEl-Hms0qoQ7QCWYNQfGOF", + "driveType": "other", + "id": "01UELPCRF6Y2GOVW7725BZO354PWSELRRZ", + "path": "/drives/b!CORq-a8orUGIrd3_z9t1_vjCBSeqM3JKhDglEU3DIDvEl-Hms0qoQ7QCWYNQfGOF/root:", + "sharepointIds": { + "listId": "e6e197c4-4ab3-43a8-b402-5983507c6385", + "listItemUniqueId": "c4782251-bdd3-4766-a747-b2a2f51c3a00", + "siteId": "f96ae408-28af-41ad-88ad-ddffcfdb75fe", + "siteUrl": "https://.sharepoint.com/contentstorage/CSP_f96ae408-28af-41ad-88ad-ddffcfdb75fe", + "tenantId": "153a6ebe-ff62-4bce-b1bc-a1eda3bc6645", + "webId": "2705c2f8-33aa-4a72-8438-25114dc3203b" + } + }, + "file": { + "mimeType": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", + "hashes": { + "quickXorHash": "DMzi0kCsuukcHlMXiPX9tmTCXtA=" + } + }, + "fileSystemInfo": { + "createdDateTime": "2024-09-20T16:46:00Z", + "lastModifiedDateTime": "2024-11-01T08:14:28Z" + }, + "shared": { + "scope": "unknown" + }, + "listItem@odata.context": "https://graph.microsoft.com/v1.0/$metadata#drives('b%21CORq-a8orUGIrd3_z9t1_vjCBSeqM3JKhDglEU3DIDvEl-Hms0qoQ7QCWYNQfGOF')/items('01UELPCREJDUC3Q3UDRZF32K3WGS5MSKBF')/listItem(fields())/$entity", + "listItem": { + "@odata.etag": "\"{B8051D89-836E-4B8E-BD2B-7634BAC92825},21\"", + "createdDateTime": "2024-09-20T16:46:00Z", + "eTag": "\"{B8051D89-836E-4B8E-BD2B-7634BAC92825},21\"", + "id": "23", + "lastModifiedDateTime": "2024-11-01T08:14:28Z", + "webUrl": "https://.sharepoint.com/contentstorage/CSP_f96ae408-28af-41ad-88ad-ddffcfdb75fe/_layouts/15/Doc.aspx?sourcedoc=%7BB8051D89-836E-4B8E-BD2B-7634BAC92825%7D&file=ClaimExample-1.docx&action=default&mobileredirect=true", + "createdBy": { + "application": { + "displayName": "SPEContainerType", + "id": "fb7cf520-cb33-45bf-a238-ae51d316665f" + }, + "user": { + "displayName": "SharePoint App" + } + }, + "lastModifiedBy": { + "application": { + "displayName": "SPEContainerType", + "id": "fb7cf520-cb33-45bf-a238-ae51d316665f" + }, + "user": { + "displayName": "Steve Pucelik", + "email": "Steve@M.onmicrosoft.com" + } + }, + "parentReference": { + "id": "0", + "path": "Document Library", + "siteId": "f96ae408-28af-41ad-88ad-ddffcfdb75fe" + }, + "contentType": { + "id": "0x0101004368E78BC3115C4CAD94FEA35E0F9D90", + "name": "Document" + }, + "fields@odata.context": "https://graph.microsoft.com/v1.0/$metadata#drives('b%21CORq-a8orUGIrd3_z9t1_vjCBSeqM3JKhDglEU3DIDvEl-Hms0qoQ7QCWYNQfGOF')/items('01UELPCREJDUC3Q3UDRZF32K3WGS5MSKBF')/listItem/fields/$entity", + "fields": { + "@odata.etag": "\"{B8051D89-836E-4B8E-BD2B-7634BAC92825},21\"", + "id": "23", + "FileLeafRef": "ClaimExample-1.docx", + "": "", + "ContentType": "Document", + "Created": "2024-09-20T16:46:00Z", + "AuthorLookupId": "1073741822", + "Modified": "2024-11-01T08:14:28Z", + "EditorLookupId": "7", + "_CheckinComment": "", + "LinkFilenameNoMenu": "ClaimExample-1.docx", + "LinkFilename": "ClaimExample-1.docx", + "DocIcon": "docx", + "FileSizeDisplay": "2299607", + "ItemChildCount": "0", + "FolderChildCount": "0", + "_ComplianceFlags": "", + "_ComplianceTag": "", + "_ComplianceTagWrittenTime": "", + "_ComplianceTagUserId": "", + "_CommentCount": "", + "_LikeCount": "", + "_DisplayName": "Confidential \\ Internal only", + "AppAuthorLookupId": "1", + "AppEditorLookupId": "1", + "Edit": "0", + "_UIVersionString": "19.0", + "MediaServiceImageTags@odata.type": "#Collection(microsoft.graph.Json)", + "MediaServiceImageTags": [] + } + } + } + ] +} +``` + +## Example 2: Enumerate content by a specific column property and Order the results + +This example enumerates the specified container content by the column property that is on the item and will order the results by the column specified: + +### Request + +```HTTP +GET https://graph.microsoft.com/v1.0/drives/{{ContainerID}}/items?$filter=listitem/fields/{{ColumnProperty}} eq '{{Value}}'&$select=id,name,lastModifiedDateTime,size&$expand=listitem($expand=fields)&$orderby=createdDateTime desc +Headers: +Content-Type: application/json +Prefer: HonorNonIndexedQueriesWarningMayFailRandomly +``` + +> [!NOTE] +> +> When a container has more than 5,000 items and you are using the enumerate method with the OrderBy clause, you must include the following in the header of your request. +> +> `Content-Type: application/json` +> `Prefer: HonorNonIndexedQueriesWarningMayFailRandomly` +## Example 3: Enumerate content by mulitple column properties and Order the results + +This example enumerates the specified container content by the column property you specify and the name of the document (listitem/fields/FileLeafRef) that is on the item and will order the results by the column specified: + +### Request + +```HTTP +GET https://graph.microsoft.com/v1.0/drives/{{ContainerID}}/items?$filter=listitem/fields/{{ColumnProperty1}} eq '{{Value}}' AND listitem/fields/FileLeafRef eq '{{Value}}' &$select=id,name,lastModifiedDateTime,size&$expand=listitem($expand=fields)&$orderby=createdDateTime desc +Headers: +Content-Type: application/json +Prefer: HonorNonIndexedQueriesWarningMayFailRandomly +``` \ No newline at end of file diff --git a/docs/embedded/development/content-experiences/user-experiences-overview.md b/docs/embedded/development/content-experiences/user-experiences-overview.md new file mode 100644 index 000000000..2cf79b470 --- /dev/null +++ b/docs/embedded/development/content-experiences/user-experiences-overview.md @@ -0,0 +1,61 @@ +--- +title: Content Experiences Overview +description: Experiences with SharePoint Embedded content +ms.date: 07/30/2024 +ms.localizationpriority: high +--- + +# User experiences overview + +SharePoint Embedded provides a comprehensive set of user experience features like open and editing Office files, file preview, or in-app search that you can use to build the right user experiences for your applications. + +## Open & edit using Office + +Office documents from SharePoint Embedded applications can be opened for viewing, editing, and collaborating using either the web or Office applications for a richer viewing and editing experience. Learn more about [Office experiences available on SharePoint Embedded](./office-experience.md). + +You can set up your applications to launch Office when a user selects an Office document within your application. This includes options to directly launch an Office application or to open it in a specific mode, such as view (for read-only content) or edit (for editing mode). Learn how to [configure the right Office Experience for your Office Documents](../tutorials/launch-experience.md) + +## Preview content + +Integrate your application with SharePoint Embedded player plugin to offer file preview experiences on a wide range of supported file types. You can embed the file preview experiences either in an iFrame or open a new page. Learn how to [offer File Preview experiences for content on your applications](../tutorials/using-file-preview.md) + +## Download + +You can use [Microsoft Graph's Download DriveItem API](/graph/api/driveitem-get-content) to offer download file user experiences for your applications. This will generate a short-lived, pre-authenticated URL that allows users to download files from your applications. + +> [!NOTE] +> A direct link to the file lacks the appropriate authorization from your application. If used directly in a browser, this would yield an access denied. + +## Content discovery in Microsoft 365 + +You can control how your content appears in the Microsoft 365 experience. The default behavior is SharePoint Embedded application content will be hidden in Microsoft 365 environments including office.com, oneDrive.com, or other Microsoft intelligent file discovery features. The default behavior also excludes Copilot for Microsoft 365 from grounding with your SharePoint Embedded application content. + +If you want to opt into the Microsoft 365 experience, during container type creation, you can change the default settings using cmdlet [Set-SPOContainerTypeConfiguration](../../administration/developer-admin/dev-admin.md#container-type-configuration-properties) as per this example: + +```powershell +Set-SPOContainerTypeConfiguration + -ContainerTypeID + -discoverabilityDisabled $False +``` + +In this way, your files will be integrated into the Microsoft 365 environment, participating in intelligent file discovery. + +> [!NOTE] +> +> 1. If you modify the settings after creating some content, it may take up to 30 days for these changes to achieve full consistency across all consuming tenants. +> 1. To enable the sharing user experience for your content in Office.com, additional application permissions **must** be added at the time of the container type registration process. To add more permission to enable sharing dialog, refer to the following code: + +```http +PUT /storageContainerTypes/{containerTypeId}/applicationPermissions +Content-Type: application/json + +{ + "appId": "4765445b-32c6-49b0-83e6-1d93765276ca", + "delegated": ["readContent","writeContent"], + "appOnly": ["none"] +} +``` + +## Recycle bin + +You can use Microsoft Graph to either delete or permanently delete items in containers. Deleted items are moved to the container’s recycle bin and retained for 93 days. During this period, the items can be restored or permanently deleted using Microsoft Graph. An item in the recycle bin is permanently deleted when it exceeds the 93-day retention period. Permanently deleted items can't be restored. diff --git a/docs/embedded/development/declarative-agent/spe-da-adv.md b/docs/embedded/development/declarative-agent/spe-da-adv.md new file mode 100644 index 000000000..54b6c5c3a --- /dev/null +++ b/docs/embedded/development/declarative-agent/spe-da-adv.md @@ -0,0 +1,315 @@ +--- +title: SharePoint Embedded agent Advanced Topics +description: Learn how the semantic index powers Retrieval-Augmented Generation (RAG) to provide accurate, context-aware AI responses in SharePoint Embedded agent. +ms.date: 06/10/2025 +ms.localizationpriority: high +--- + +# SharePoint Embedded agent Advanced Topics Overview + +This advanced guide covers how the semantic index powers Retrieval-Augmented Generation (RAG) to provide accurate, context-aware AI responses. We explore how these concepts work together to ensure your agent retrieves relevant information from your data and returns grounded answers. + +## Caveats + +### Configuration + +#### Required Container Type Configuration + +##### DiscoverabilityDisabled + +The [`discoverabilityDisabled`](../../administration/developer-admin/dev-admin.md#container-type-configuration-properties) property controls whether Microsoft 365 can discover [drive items](/graph/api/resources/driveitem) within a specific container type. + +If you’re updating an existing container type to set this property to `false`, allow up to **24 hours** for the configuration change to fully propagate before: + +- Creating new containers, +- Uploading files to containers, or +- Using SPE agent to interact with folders or files. + +This ensures the agent can correctly access and surface the content. + +Here is an example of how to set `discoverabilityDisabled` to `false` with [Set-SPOContainerTypeConfiguration](/powershell/module/SharePoint-online/set-spocontainertypeconfiguration#examples) + +```powershell +Set-SPOContainerTypeConfiguration -ContainerTypeId 4f0af585-8dcc-0000-223d-661eb2c604e4 -DiscoverabilityDisabled $false +``` + +Discoverability can also be disabled using the Visual Studio Code SharePoint Embedded extension + +![Using the VS Code extension for SPE to set DiscoverabilityDisabled to false](../../images/speco-vscodeextensiondisablediscovery.png) + +##### CSP Policies + +The Content-Security-Policy (CSP) for embedded chat hosts ensures that only specified hosts can load the chat component. Specifically, the `CopilotEmbeddedChatHosts` setting is used in a [Content-Security-Policy](https://developer.mozilla.org/docs/Web/HTTP/Headers/Content-Security-Policy) header as a `frame-ancestors` value. This helps in securing the application by restricting which domains can embed the chat component. + +The SPE Administrator on the owning tenant can set this setting by using the `Set-SPOContainerTypeConfiguration` cmdlet: + +```powershell +# Note this MUST be run in Windows PowerShell. It will not work in PowerShell. +Import-Module -Name "Microsoft.Online.SharePoint.PowerShell" +Connect-SPOService "https://-admin.sharepoint.com" +# Login with your admin account. +# ... + +Set-SPOContainerTypeConfiguration -ContainerTypeId XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX -CopilotEmbeddedChatHosts @("http://localhost:3000", "https://contoso.sharepoint.com", "https://fabrikam.com") + +# This will set the container type configuration “CopilotEmbeddedChatHosts” accordingly. +# Replication of this configuration on consuming tenants can take up to 24 hours +# ... + +# Confirm setting value +Get-SPOContainerTypeConfiguration -ContainerTypeId XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX + +# On a consuming tenant, you may confirm the setting value as follows +Get-SPOApplication -OwningApplicationId | Select-Object CopilotEmbeddedChatHosts + +OwningApplicationId : +OwningApplicationName : SharePoint Embedded App +Applications : {} +CopilotEmbeddedChatHosts : {http://localhost:3000, https://contoso.sharepoint.com, https://fabrikam.com} +``` + +> [!NOTE] +> +> If this configuration isn't set, the [Content-Security-Policy](https://developer.mozilla.org/docs/Web/HTTP/Headers/Content-Security-Policy) is by default set to +> [frame-ancestors](https://developer.mozilla.org/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors): "none", which means no one can embed the agent. + +A SharePoint Embedded Administrator on a consuming tenant may override the values specified by the owning application, by using the consuming tenant cmdlets: + +- [Set-SPOApplication](/powershell/module/SharePoint-online/set-spoapplication) to set the `CopilotEmbeddedChatHosts` property. +- [Get-SPOApplication](/powershell/module/SharePoint-online/get-spoapplication) to get the `CopilotEmbeddedChatHosts` property. + +> [!NOTE] +> +> A consuming tenant override must be a subset of what the owning tenant configured for `CopilotEmbeddedChatHosts`. An administrator +> in a consuming tenant cannot set values that the application owner has not specified for the container type. The override capabilities +> is intended for consuming tenant administrators to enable the agent in only a subset of hosts that the owning application has defined. + +Here's an example of how a consuming tenant can override the setting: + +```powershell +# Note this MUST be run in Windows PowerShell. It will not work in PowerShell. +Import-Module -Name "Microsoft.Online.SharePoint.PowerShell" +Connect-SPOService "https://-admin.sharepoint.com" +# Login with your admin account. +# ... + +Set-SPOApplication -OwningApplicationId XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX -CopilotEmbeddedChatHosts @("https://contoso.sharepoint.com", "https://fabrikam.com") + +# This will set the container type configuration “CopilotEmbeddedChatHosts” accordingly +# Note that @("https://contoso.sharepoint.com", "https://fabrikam.com") is a subset of what we defined in the owning tenant +# Those values were @("http://localhost:3000", "https://contoso.sharepoint.com", "https://fabrikam.com") + +# Confirm the configuration + +Get-SPOApplication -OwningApplicationId | Select-Object CopilotEmbeddedChatHosts + +OwningApplicationId : +OwningApplicationName : SharePoint Embedded App +Applications : {} +CopilotEmbeddedChatHosts : {https://contoso.sharepoint.com, https://fabrikam.com} +``` + +#### Optional Configuration + +##### Authentication and 3P Cookies + +The `iframe` used by SharePoint Embedded agent authenticates users using third-party cookies. If third-party cookies are disabled in the user's browser, the iframe can't authenticate automatically. In this case, a popup prompts the user to sign in manually, ensuring that authentication can still be completed. + +## Advanced Topics + +### Application Scoping + +Application scoping in SharePoint Embedded agent (SPE agent) involves defining the boundaries and context within which the tool operates, ensuring its features and capabilities are tailored to meet the specific needs of different applications. This process helps customize the agent's functionality, making it more effective and relevant for various use cases. + +When SPE agent users query the LLM, it will only have access to files that the **User+Application** have access to. The effective permissions for the agent session will be the intersection of your SharePoint Embedded application's permissions and the user's permissions. + +![Venn Diagram with SPE application access on left, SPE agent in middle and consuming tenant user on right, overlapped area is what agent can access](../../images/speco-appscopingvenn.png) + +### Information Architecture + +Files in SharePoint Embedded are naturally [semantic indexed](spe-da-adv.md#semantic-index). This semantic index underpins retrieval augmented generation [(RAG)](spe-da-adv.md#retrieval-augmented-generation-rag) workflows by providing relevant context from your stored content at query time. In essence, it [grounds](spe-da-adv.md#grounding) the AI responses, ensuring they directly reference accurate information in your containers rather than relying on general knowledge alone. + +![How RAG works in SPE](../../images/speco-ragm365.png) + +With SharePoint Embedded agent, you can further ground the large language models (LLM) response on [specific files or drive items.](spe-da-adv.md#scoping-your-agent-to-specific-content). + +### Semantic index + +[Learn more about semantic index for Microsoft 365 Copilot here](/microsoftsearch/semantic-index-for-copilot) + +The semantic index allows for quick and accurate searches based on data similarity. This means it can find the most relevant information not just by exact matches, but also by understanding the context and meaning. + +### Retrieval-Augmented Generation (RAG) + +RAG enables you to reference relevant source materials stored in a repository at runtime. The data is retrieved from the index and is used to augment the prompt sent to the large language model (LLM). Some benefits of RAG​: + +- Treat data sources as knowledge without having to train your model​ +- Uses search (retrieval) results as additional context in your prompt​ +- Generates the output using the prompt and the supplied context + +The LLM uses the data to inform and construct the response. + +​![The flow of a RAG query](../../images/speco-ragquery.png) + +### Grounding + +Grounding in the context of SPE agent refers to the process of providing input sources to the large language model (LLM) related to the user's prompt. This helps improve the specificity of the prompt and ensures that the responses are relevant and actionable to the user's specific task. The data the agent is grounded on will be the contents of the container type in the agent application. Behind the scenes, SPE agent uses Microsoft 365 Copilot. [Learn more about Microsoft 365 Copilot architecture](/copilot/microsoft-365/microsoft-365-copilot-architecture). + +### Scoping your agent to specific content + +SharePoint Embedded (SPE) agent has the ability to restrict the data sources it has access to. The sample code below shows the available data source types. [This example](https://github.com/microsoft/SharePoint-Embedded-Samples/blob/main/Samples/spe-typescript-react-azurefunction/react-client/src/providers/ChatController.ts#L15) shows how to configure the SDK. + +```typescript +export type IDataSourcesProps = + | IFileDataSource + | IFolderDataSource + | IDocumentLibraryDataSource + | ISiteDataSource + | IWorkingSetDataSource + | IMeetingDataSource; + +export enum DataSourceType { + File = 'File', + Folder = 'Folder', + DocumentLibrary = 'DocumentLibrary', + Site = 'Site', + WorkingSet = 'WorkingSet', + Meeting = 'Meeting' +} +``` + +#### Supported document types for scoping + +[Reference - File Formats Support By copilot](https://support.microsoft.com/topic/file-formats-supported-by-copilot-1afb9a70-2232-4753-85c2-602c422af3a8) + +**Documents**: PDF, DOCX, XLSX, PPTX + +**Text-based Files**: RTF, TXT, CSV, LOG, INI, CONFIG + +**Audio**: WAV + +**Programming Languages**: PY, JS, JSX, JAVA, PHP, CS, C, CPP, CXX, H, HPP, M, COFFEE, DART, LUA, PL, PM, RB, RS, SWIFT, GO, KT, KTS, R, SCALA, T, TS, TSX + +**Shell Scripts**: BASH, SH, ZSH + +**Markup and Documentation**: HTML, CSS, MD, RMD, TEX, LATEX + +**Database Languages**: SQL + +**Data Serialization Formats**: IPYNB, JSON, TOML, YAML, YML + +##### Language/Locale + +The agent `iframe` dynamically loads localization settings to ensure that the chat interface is displayed in the appropriate language. These settings are derived from SharePoint, which provides a comprehensive set of localization options. + +When the agent iframe is initialized, it retrieves the current localization settings from SharePoint. These settings dictate the language and regional preferences for the chat interface, ensuring that all UI elements, messages, and interactions are presented in the user's preferred language. + +You can have this localized by setting your language options in the SharePoint account settings: [Change your personal language and region settings - Microsoft Support](https://support.microsoft.com/office/change-your-personal-language-and-region-settings-caa1fccc-bcdb-42f3-9e5b-45957647ffd7). + +> [!NOTE] +> +> If your M365 language setting is different from your SharePoint account language setting, your M365 language setting takes precedence. You can change your M365 language setting here: [Change your display language in Microsoft 365](https://support.microsoft.com/topic/change-your-display-language-and-time-zone-in-microsoft-365-for-business-6f238bff-5252-441e-b32b-655d5d85d15b). + +An additional locale option can be passed in through the `ChatLaunchConfig` to further set the language the agent responds in: + +```typescript + const [chatConfig] = React.useState({ + header: ChatController.instance.header, + theme: ChatController.instance.theme, + zeroQueryPrompts: ChatController.instance.zeroQueryPrompts, + suggestedPrompts: ChatController.instance.suggestedPrompts, + instruction: ChatController.instance.pirateMetaPrompt, + locale: "en", + }); +``` + +###### Locale Options + +Here are some examples of locale options you can use: + +| Locale Code | Common Name | +|--------------|------------------------------------------| +| af | Afrikaans | +| en-gb | English (UK) | +| he | Hebrew | +| kok | Konkani | +| nn-no | Norwegian (Nynorsk) | +| sr-latn-rs | Serbian (Latin, Serbia) | +| am-et | Amharic | +| es | Spanish | +| hi | Hindi | +| lb-lu | Luxembourgish | +| or-in | Odia (India) | +| sv | Swedish | +| ar | Arabic | +| es-mx | Spanish (Mexico) | +| hr | Croatian | +| lo | Lao | +| pa | Punjabi | +| ta | Tamil | +| as-in | Assamese | +| et | Estonian | +| hu | Hungarian | +| lt | Lithuanian | +| pl | Polish | +| te | Telugu | +| az-latn-az | Azerbaijani (Latin, Azerbaijan) | +| eu | Basque | +| hy | Armenian | +| lv | Latvian | +| pt-br | Portuguese (Brazil) | +| th | Thai | +| bg | Bulgarian | +| fa | Persian | +| id | Indonesian | +| mi-nz | Maori (New Zealand) | +| pt-pt | Portuguese (Portugal) | +| tr | Turkish | +| bs-latn-ba | Bosnian (Latin, Bosnia and Herzegovina) | +| fi | Finnish | +| is | Icelandic | +| mk | Macedonian | +| quz-pe | Quechua (Peru) | +| tt | Tatar | +| ca-es-valencia | Catalan (Valencian) | +| fil-ph | Filipino (Philippines) | +| it | Italian | +| ml | Malayalam | +| ro | Romanian | +| ug | Uyghur | +| ca | Catalan | +| fr-ca | French (Canada) | +| ja | Japanese | +| mr | Marathi | +| ru | Russian | +| uk | Ukrainian | +| cs | Czech | +| fr | French | +| ka | Georgian | +| ms | Malay | +| sk | Slovak | +| ur | Urdu | +| cy-gb | Welsh (UK) | +| ga-ie | Irish (Ireland) | +| kk | Kazakh | +| mt-mt | Maltese (Malta) | +| sl | Slovenian | +| uz-latn-uz | Uzbek (Latin, Uzbekistan) | +| da | Danish | +| gd | Scottish Gaelic | +| km-kh | Khmer (Cambodia) | +| nb-no | Norwegian (Bokmål) | +| sq | Albanian | +| vi | Vietnamese | +| de | German | +| gl | Galician | +| kn | Kannada | +| ne-np | Nepali (Nepal) | +| sr-cyrl-ba | Serbian (Cyrillic, Bosnia and Herzegovina)| +| zh-cn | Chinese (Simplified) | +| el | Greek | +| gu | Gujarati | +| ko | Korean | +| nl | Dutch | +| sr-cyrl-rs | Serbian (Cyrillic, Serbia) | +| zh-tw | Chinese (Traditional) | diff --git a/docs/embedded/development/declarative-agent/spe-da.md b/docs/embedded/development/declarative-agent/spe-da.md new file mode 100644 index 000000000..3e7026291 --- /dev/null +++ b/docs/embedded/development/declarative-agent/spe-da.md @@ -0,0 +1,72 @@ +--- +title: SharePoint Embedded agent +description: Details usage and billing for SharePoint Embedded agents +ms.date: 05/12/2025 +ms.localizationpriority: high +--- + +# Overview + +> [!NOTE] +> +> SharePoint Embedded agent is currently in private preview. Stay tuned for latest API and SDK changes on this page. +> +> SPE agent consumption-based model will be available in May 2025! Starting May 1st, standard billing model will be available to all private preview customers and this rollout is expected to complete by May 15th. This means that starting May 15th, to use SPE agent within an SPE application, you will need to use standard Container Type. SPE Agent interactions, including those from Microsoft 365 Copilot license users, will be billed to the Azure subscription associated with your Container Type. Learn more about [SharePoint Embedded billing management](/sharepoint/dev/embedded/administration/billing/billingmanagement). +> +> We are actively working on enabling Direct-to-Customer billing model for SPE agent. Stay tuned for more announcements. + +SharePoint Embedded agent enables you to add AI capabilities into your application through a simple SDK. This chat control offers the following features: + +- Reason over documents in SharePoint Embedded containers using RAG. +- Developers can configure the application code to limit the search scope to files, folders, and containers. +- Developers can customize and configure chat control including starter prompts, suggested prompts, colors and more. + +Watch this demo to learn more about how to configure this functionality. + +> [!VIDEO https://www.youtube.com/embed/30i7q09EtQo?si=MwLtbrGKnzv7a6My] + +## Why use SharePoint Embedded agent + +SharePoint Embedded agent harness a semantic index to power Retrieval-Augmented Generation (RAG), securely referencing your data within the Microsoft 365 boundary at query time. This ensures accurate, grounded AI responses while reducing reliance on broad knowledge models. A pay-as-you-go billing model is on the horizon, aligning costs with actual usage. + +![Diagram illustrating SPE agent is AI ready](../../images/speco-apparch.png) + +## How to use SharePoint Embedded agent + +### How to build your agent + +Currently, you can use the React SDK library written in TypeScript to build your application. Plans to support additional frameworks and environments will be announced. The SDK is configured with the containerId instance of your containerType, as well as the authorization and authentication token logic you provide through a callback. It will embed itself as an iFrame into your host application. By default, the iFrame is given a `frame-ancestors` property that prevents it from being embedded by any host until configured. Details are provided below. + +#### SPE TypeScript React Application + +Follow the [quick start guide](../tutorials/spe-da-vscode.md) to get started with a prebuilt sample application. + +### API Documentation + +The SharePoint Embedded React TypeScript NPM Package, available at [here](https://github.com/microsoft/SharePoint-Embedded-Samples/tree/feature/copilot-react-sdk/sharepointembedded-chatembedded-react/docs/index.md), provides the SDK for integrating SharePoint Embedded agent into your client applications. + +## Frequently Asked Questions + +### Is consumption-based billing available for SPE agent? + +Yes, starting May 15th you will need to use standard Container Type to use SPE agent within an SPE application. SharePoint Embedded agent interactions, including those from Microsoft 365 Copilot license users, will be billed to the Azure subscription associated with your Container Type. Learn more about [SharePoint Embedded billing management](/sharepoint/dev/embedded/administration/billing/billingmanagement) + +***Trial Container Types expire after 30 days, for this reason we recommend starting off with Standard Container types. There is no upgrade path from Trial to Standard container types.*** + +### Should I use a standard or trial Container Type? + +Once consumption-based billing is enabled, we will be disabling the use of this feature with Trial Container Types and it will only be enabled on Standard Container Types going forward. Please follow this [guide](../../getting-started/containertypes.md) to get started on creating your Standard Container Type. + +## SharePoint Embedded agent Support + +### Chat Control Feedback Dialog + +If you encounter any issues with the chat control, please use the thumbs up or down feedback buttons to report the problem. This method is preferred for sending feedback because it provides us with telemetry data that helps us diagnose and troubleshoot the issue more effectively. + +When you click the thumbs down button, a feedback dialog will appear. Please include any relevant information in this dialog. + +![SPE agent Feedback Modal preview](../../images/speco-feedbackcombined.png) + +## Advanced Topics Overview + +The [advanced topics](spe-da-adv.md) delve into how SharePoint Embedded agent use a semantic index to facilitate Retrieval-Augmented Generation (RAG), ensuring responses are accurately grounded in your stored content. You’ll also learn how to scope your agent to specific data sources, set up various file formats, and configure locale options to tailor the agent experience. By exploring concepts like grounding, semantic indexing, and RAG workflows, you can optimize your agent’s effectiveness and maintain security within the Microsoft 365 boundary. diff --git a/docs/embedded/development/fluid.md b/docs/embedded/development/fluid.md new file mode 100644 index 000000000..84d879d7f --- /dev/null +++ b/docs/embedded/development/fluid.md @@ -0,0 +1,77 @@ +--- +title: Fluid Framework in SharePoint Embedded Applications +description: Details Fluid Integration with SharePoint Embedded Applications +ms.date: 05/21/2024 +ms.localizationpriority: high +--- + +# Fluid Framework in SharePoint Embedded Applications + +Integrate Fluid Framework and [SharePoint Embedded](../overview.md) to seamlessly and efficiently incorporate document collaboration into your applications. + +## Background + +[Fluid Framework](https://fluidframework.com/) is a collection of client libraries for distributing, synchronizing, and saving shared data. These libraries allow multiple clients to simultaneously create and operate on shared data structures in real-time. Fluid Framework allows developers to use the same practices with shared data as with local data--for example, a Fluid object works in the same way as a local TypeScript object. + +## Quickstart + +Start [building](https://github.com/microsoft/FluidExamples/) in the Fluid [Sample Apps Directory](https://github.com/microsoft/FluidExamples/tree/main/item-counter-spe). You need to [create](#get-started-with-sharepoint-embedded) a SharePoint Embedded application first. + +### Get started with SharePoint Embedded + +Try SharePoint Embedded for free by creating a container type for [trial purposes](../getting-started/containertypes.md). + +1. Set up a free trial [Microsoft 365 tenant](https://www.microsoft.com/microsoft-365/enterprise/microsoft365-plans-and-pricing). Alternatively, you can use an existing tenant if you have admin credentials. +1. Sign into the [SharePoint Embedded Visual Studio Code Extension](../getting-started/spembedded-for-vscode.md) and follow the steps to create an application and container type for trial purposes. + +## Prerequisites + +To get started building with Fluid Framework, you need: + +1. **Admin Credentials**: You need administrative credentials for a [Microsoft 365](https://www.microsoft.com/microsoft-365/enterprise/microsoft365-plans-and-pricing) tenant. +1. **SharePoint Embedded Application**: Ensure that you register your application in [Microsoft Entra ID](https://entra.microsoft.com/). If you don't have a SharePoint Embedded application, refer to the [earlier section](#get-started-with-sharepoint-embedded). +1. **Application (Client) ID**: Obtain the `ClientID` for your SharePoint Embedded Application. +1. **Container Type Information**: + - Identify the `ContainerTypeId` associated with your app’s container type. +1. **Containers**: + - Make sure you have *at least* one container created of the same container type linked to your SharePoint Embedded Application. + +## Get started with Fluid + +### Access App information + +You need the `ClientID` from your application and the `ContainerTypeId` associated with the containers created on that application. + +The `ClientID` is essential for acquiring the correct access tokens when working with Fluid Framework and documents. The `ContainerTypeId` is necessary for accessing containers associated with your SharePoint Embedded application. + +If you used the [Visual Studio Code Extension](../getting-started/spembedded-for-vscode.md), you can [export](/sharepoint/dev/embedded/getting-started/spembedded-for-vscode#export-postman-environment) your Postman Environment to easily view your both your `ContainerTypeId` and `ClientID`. + +Otherwise, you can access your `ContainerTypeId` by using the [`Get-SPOContainerType`](/sharepoint/dev/embedded/concepts/admin-exp/dev-admin#viewing-of-container-types) PowerShell cmdlet. Your `ClientID` is available in [Microsoft Entra ID](https://entra.microsoft.com/) by navigating to **Identity** > **App Registrations** > **Applications** > **All applications** to view your application overview. + +## Run Fluid Sample App: Item Counter + +Now you can test out and start building with the [Fluid Sample App](https://github.com/microsoft/FluidExamples/tree/main/item-counter-spe) Item Counter. + +**Steps:** + +1. Gather your `ClientID` and `ContainerTypeId` of your SharePoint Embedded Application and tenant admin credentials +1. Change to the directory where you'd like to clone the [Fluid Examples repo](https://github.com/microsoft/FluidExamples) +1. Clone the repository by executing the command: `git clone https://github.com/microsoft/FluidExamples.git` +1. Navigate to the **Item Counter** directory `cd .\FluidExamples\item-counter-spe\` +1. Create an empty **.env** file and input your `ClientID` and `ContainerTypeId` with no spaces like so: + + ```text + SPE_CLIENT_ID=YOUR_CLIENTID + + SPE_CONTAINER_TYPE_ID=YOUR_CONTAINERTYPE_ID + ``` + +1. `npm install` +1. `npm run dev` +1. Once Webpack is completed, go to `https://localhost:8080` +1. Sign in with the Admin credentials for your tenant +1. Grant admin consent for your app in the pop-up window +1. Copy the full URL to another browser tab or send it to someone who has credentials to the same tenant. These can be user credentials as long as they are on the same tenant. The live changes to the Item Counter on both browsers show that the data is synced between clients. +1. Congrats on getting your first Fluid App to run! More details can be found in the Item Counter [README](https://github.com/microsoft/FluidExamples/tree/main/item-counter-spe). + + ![Item Counter Sample App](../images/itemcount.png) diff --git a/docs/embedded/development/limits-calling.md b/docs/embedded/development/limits-calling.md new file mode 100644 index 000000000..feb4fd012 --- /dev/null +++ b/docs/embedded/development/limits-calling.md @@ -0,0 +1,73 @@ +--- +title: Limits and Calling Patterns +description: This article explains the limits of SharePoint Embedded. +ms.date: 05/21/2024 +ms.localizationpriority: high +--- + +# Limits and Calling Patterns + +This document explains the limits of SharePoint Embedded during public preview. + +> [!NOTE] +> These are preview limits that are subject to change. + +## Size limits + +The following table defines the size limits of containers: + +| Resource | Limit | +| --------------------------------------------------------- | ------------------------------------------------------ | +| Container types that a partner tenant can create | 25* | +| Container types that an app can own | 1 | +| Containers of a container type per consuming tenant | 100k* | +| Storage per container type per consuming tenant | 100 TB* | +| Files and folders per container | 30M | +| Storage per container | 25 TB | +| Files and folders with additive permissions per container | 5k | +| File size | 250 GB | +| Version count per file | 500 (Automatic Version History Limits Default Setting) | +| Number of users shared per folder or file | 5k | + +> [!NOTE] +> Limit can be increased per request. + +## Throttling + +### Patterns and best practices + +When applications hit service limits, you receive an HTTP status code 429 ("Too many requests"). You might also receive an HTTP status code 503 ("Server Too Busy"). + +In general, the following are the best practices to handle throttling: + +- Reduce the number of concurrent requests. +- Avoid request spikes. +- Honor the `Retry-After` HTTP header. + +In both cases, a `Retry-After` header is included in the response, indicating how long the calling application should wait before retrying or making a new request. Throttled requests count towards usage limits, so failure to honor `Retry-After` might result in more throttling. + +## API rate limits + +SharePoint Embedded provides various APIs. Different APIs have different costs depending on the functionality and complexity of the API. The cost of APIs is normalized and expressed by resource units. API rate limits are also defined using resource units. + +| Resource units per request | Operations | +| -------------------------- | -------------------------------------------------------------------------- | +| 1 | Single item query, such as get item | +| 2 | Multi-item query, such as list children, create, update, delete, and upload | +| 5 | All permission resource operations, including $expand=permissions | + +> [!NOTE] +> We reserve the right to change the API resource unit cost. + +The following table lists the API rate limits for applications and containers. + +| Resource | Limits | +| --------------------------- | --------------------------- | +| Requests per container | 3k resource units per min | +| Requests per app per tenant | 12k resource units per min* | +| Requests per user | 600 resource units per min | + +> [!NOTE] +> \* Limit can be increased per request. + +Application limits are defined in resource units, and the actual request rate, such as requests per minute, varies based on the chosen API and its corresponding resource unit cost. As a general rule, you can estimate the request rate by averaging about two resource units per request and dividing application resource unit limits by 2. Reducing the usage of permission operations can notably improve the call rate since these operations have the most significant impact on overall resource consumption. diff --git a/docs/embedded/development/sharing-and-perm.md b/docs/embedded/development/sharing-and-perm.md new file mode 100644 index 000000000..4c63f4843 --- /dev/null +++ b/docs/embedded/development/sharing-and-perm.md @@ -0,0 +1,55 @@ +--- +title: Sharing and Permissions +description: Outlines Permission Model for SharePoint Embedded +ms.date: 03/03/2025 +ms.localizationpriority: high +--- + +# Sharing and permissions in SharePoint Embedded + +## Additive permissions + +In SharePoint Embedded, content always inherits permissions from its parent hierarchy. While you can't alter this inherited permission structure, you can extend access within a container by applying "additive permissions" to specific files and folders. For instance, if _UserA_ belongs to the Reader role, you can grant the user edit permission to a particular document in that container using Microsoft Graph: + +| Scenario | Microsoft Graph API(s) | Notes | +| :---------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Grant an additive permission | [POST /drives/{drive-id}/items/{item-id}/invite](/graph/api/driveitem-invite) | The sendInvitation property must always be false. You can't grant additive permissions to the root folder in a container as this is essentially the same as adding a User to a role. You can't use AppOnly permissions. | +| Retrieve permissions | [GET /drives/{drive-id}/items/{item-id}/permissions](/graph/api/permission-get) & [GET /drives/{drive-id}/items/{item-id}/permissions/{perm-id}](/graph/api/permission-get), | | +| Delete additive permissions | [DELETE /drives/{drive-id}/items/{item-id}/permissions/{perm-id}](/graph/api/permission-delete) | You can only delete the additive permission on the drive item where it was originally added. | + +## Role-based sharing setting + +SharePoint Embedded offers a role-based sharing model that allows developers to configure file-sharing permissions based on container permission roles, offering a choice between restrictive and open sharing models. By default, the sharing setting is configured to the open model, permitting unrestricted content sharing by all users. This sharing setting is part of [container type configuration](../getting-started/containertypes.md#configuring-container-types). This configuration can only be set by the application owner's developers. To learn more about container permission roles, refer to [Authentication and Authorization with SharePoint Embedded](auth.md#container-permissions). + +### Restrictive sharing model + +Only container members who are either the Owner or Manager roles are permitted to add new permissions to files. + +### Open sharing model + +Any container members and guests with edit permissions can add new permissions to this file. + +This can be configured using the PowerShell cmdlet [Set-SPOcontainerTypeConfiguration](../administration/developer-admin/dev-admin.md#container-type-configuration-properties) as per this example: + +```powershell +Set-SPOcontainerTypeConfiguration + -containerTypeID + -sharingRestricted $false +``` + +## Sharing configuration setting + +By default, SharePoint Embedded application sharing configuration is the same as the consuming tenant-sharing configuration. For example, if the consuming tenant is configured to disable sharing for guests, then the SharePoint Embedded application is unable to add guests to container roles or grant them additive permissions. + +### Application external sharing override + +For SharePoint Embedded applications, sharing configurations can be adjusted at the application level. Consuming tenant admin can configure permissions that are different than tenant-level sharing settings. For example, if a tenant's sharing setting prohibits sharing with guests, SharePoint Embedded applications can be configured to allow guest sharing. So, all containers within that SharePoint Embedded application would have the ability to include guests or extend another permission, while other SharePoint Embedded applications and SharePoint maintain restricted sharing permissions. + +This setting can only be set by consuming tenant SharePoint Embedded admin, and can be configured using the latest PowerShell cmdlet [Set-SPOApplication](../administration/consuming-tenant-admin/ctapowershell.md#set-sharing-capability-of-applications) as shown in this example: + +```powershell +Set-SPOApplication + -OwningApplicationID + -OverrideTenantSharingCapability $true + -SharingCapability +``` diff --git a/docs/embedded/development/tutorials/doc-processing-acs.md b/docs/embedded/development/tutorials/doc-processing-acs.md new file mode 100644 index 000000000..2d450bf9e --- /dev/null +++ b/docs/embedded/development/tutorials/doc-processing-acs.md @@ -0,0 +1,179 @@ +--- +title: Document Processing with Azure Cognitive Services +description: Enabling document processing with Azure Cognitive Services. +ms.date: 03/03/2025 +ms.localizationpriority: high +--- + +# Enabling Document Processing with Azure Cognitive Services + +## Utilizing Azure Cognitive Services + +Azure Cognitive Services is a set of cloud-based APIs that you can use in AI applications and data flows. It provides pre-trained models that are ready to use in your applications, requiring no data and no model training on your part. They can be easily integrated into applications via HTTP REST interfaces. + +You have already learned how to use webhooks with [the application](/training/modules/sharepoint-embedded-create-app/) to get a notification whenever an existing file is updated, or a new file is uploaded in the [Using Webhooks tutorial](./using-webhooks.md). This tutorial will cover connecting it with Azure Cognitive Services to extract data from invoices. + +To set up automatic AI processing with your current SharePoint application upon a change in your container, you need to follow [Using Webhooks](./using-webhooks.md) and then: + +1. Get the delta changes of the container. You're currently able to get the notification whenever there's any change in our container and will now get the files that are added or updated. +1. Call Azure Cognitive Services’s Document Intelligence service API. You'll need to create an Azure AI resource to use the API to extract the fields from an image and get the extracted files. You might store them as shown in this tutorial or you might process them as you like. +![document processing schema](../../images/Document-Processing.png) + +> [!TIP] +> To learn more about the Microsoft Graph APIs used in this tutorial, see [Track changes for a Drive](/graph/api/driveitem-delta), [Get a DriveItem resource](/graph/api/driveitem-get), and [Upload or replace the contents of a DriveItem](/graph/api/driveitem-put-content). + +## Get the delta changes of a container + +Open **GraphProvider.ts** and implement the method `getDriveChanges` to get the list of changed items: + +```typescript +public static async getDriveChanges(driveId: string): Promise { + let changedItems: any[] = []; + const driveDeltaBasePath: string = `/drives/${driveId}/items/root/delta`; + let driveDeltaTokenParams: string = ""; + let hasMoreChanges: boolean = true; + try{ + do { + if (this.changeTokens.has(driveId)) { + driveDeltaTokenParams = `?token=${this.changeTokens.get(driveId)}` + } + const response = await this.graphClient.api(driveDeltaBasePath + driveDeltaTokenParams).get(); + changedItems.push(...response.value); + if (response['@odata.nextLink']) { + const token = new URL(response['@odata.nextLink']).searchParams.get('token'); + this.changeTokens.set(driveId, token); + } else { + hasMoreChanges = false; + const token = new URL(response['@odata.deltaLink']).searchParams.get('token'); + this.changeTokens.set(driveId, token); + } + console.log(this.changeTokens.get(driveId)); + } while (hasMoreChanges); + } + catch(err){ + console.log(err); + } + return changedItems; +} +``` + +Implement the method `getDriveItem` to fetch a file from a container: + +```typescript +public static async getDriveItem(driveId: string, itemId: string): Promise { + return await this.graphClient.api(`/drives/${driveId}/items/${itemId}`).get(); +} +``` + +Create a new file **ReceiptProcessor.ts** and implement a method `processDrive`: + +```typescript +export abstract class ReceiptProcessor { + + public static async processDrive(driveId: string): Promise { + const changedItems = await GraphProvider.getDriveChanges(driveId); + for (const changedItem of changedItems) { + try { + const item = await GraphProvider.getDriveItem(driveId, changedItem.id); + const extension = this.getFileExtension(item.name); + if (this.SUPPORTED_FILE_EXTENSIONS.includes(extension.toLowerCase())) { + console.log(item.name); + const url = item["@microsoft.graph.downloadUrl"]; + const receipt = await this.analyzeReceiptStream(await this.getDriveItemStream(url)); + const receiptString = JSON.stringify(receipt, null, 2) + const fileName = this.getFileDisplayName(item.name) + "-extracted-fields.json"; + const parentId = item.parentReference.id; + await GraphProvider.addDriveItem(driveId, parentId, fileName, receiptString); + } + } catch (error) { + console.log(error); + } + } + } +} +``` + +At this point if you restart the app along with tunneling and subscription, you should see the recently added/updated files listed in the console. + +## Call Azure Cognitive Services' Document Intelligence service API + +To use the Azure Cognitive Services Document Intelligence APIs, you need to create a Multi-Service or Document Intelligence resource for Azure AI Service. Refer to the following tutorials to create the resource: + +- [Quickstart: Create a multi-service resource for Azure AI services](/azure/ai-services/multi-service-resource?tabs=windows&pivots=azportal) +- [Get started with Document Intelligence](/azure/ai-services/document-intelligence/quickstarts/get-started-sdks-rest-api?view=doc-intel-3.1.0&viewFallbackFrom=form-recog-3.0.0&preserve-view=true&pivots=programming-language-javascript) + +After this step, you should have an endpoint and a key ready to use. + +Now open **ReceiptProcessor.ts** to create method `dac` to store the Azure Cognitive Services credentials: + +```typescript +private static dac = new DocumentAnalysisClient( + `${process.env["DAC_RESOURCE_ENDPOINT"]}`, + new AzureKeyCredential(`${process.env["DAC_RESOURCE_KEY"]}`) +); +``` + +Create method `getDriveItemStream`. + +```typescript +private static async getDriveItemStream(url: string): Promise { + const token = GraphProvider.graphAccessToken; + const config: AxiosRequestConfig = { + method: "get", + url: url, + headers: { + "Authorization": `Bearer ${token}` + }, + responseType: 'stream' + }; + const response = await axios.get(url, config); + return response.data; +} +``` + +Create method `analyzeReceiptStream` to get the OCR fields through Azure Cognitive Services processing. Here we're taking the `prebuilt-invoice` model, but other models can be chosen: + +```typescript +private static async analyzeReceiptStream(stream: Readable): Promise { + const poller = await this.dac.beginAnalyzeDocument("prebuilt-invoice", stream, { + onProgress: ({ status }) => { + console.log(`status: ${status}`); + }, + }); + + const { + documents: [result] = [], + } = await poller.pollUntilDone(); + + const fields = result?.fields; + this.removeUnwantedFields(fields); + return fields; +} +``` + +Create a method `removeUnwantedFields` to remove the undesirable fields in Azure Cognitive Services’s response: + +```typescript +private static removeUnwantedFields(fields: any) { + for (const prop in fields) { + if (prop === 'boundingRegions' || prop === 'content' || prop === 'spans') { + delete fields[prop]; + } + if (typeof fields[prop] === 'object') { + this.removeUnwantedFields(fields[prop]); + } + } +} +``` + +Finally, open **GraphProvider.ts** to add the `addDriveItem` method at the end of the `GraphProvider` class. + +```typescript +public static async addDriveItem(driveId: string, parentId: any, fileName: string, receiptString: string) { + await this.graphClient.api(`/drives/${driveId}/items/${parentId}:/${fileName}:/content`).put(receiptString); +} +``` + +Now, restart the demo app and set up the tunneling using ngrok and delta change subscription on the container again. + +If you add/update any file (supported formats: JPEG, JPG, PNG, BMP, TIFF, PDF) in this container, you should see a new JSON file created and containing the fields extracted from the file. diff --git a/docs/embedded/development/tutorials/launch-experience.md b/docs/embedded/development/tutorials/launch-experience.md new file mode 100644 index 000000000..e0b92344d --- /dev/null +++ b/docs/embedded/development/tutorials/launch-experience.md @@ -0,0 +1,90 @@ +--- +title: Configure Default Launch Experience for your Office Files +description: Configure Default Launch Experience for your Office Files +ms.date: 05/21/2024 +ms.localizationpriority: high +--- + +# Configure Default Launch Experience for your Office Files + +## Configure the Launch mode of Office Clients + +When retrieving a `DriveItem` from the Microsoft Graph API with: + +```http +/graph/api/driveitem-get?view=graph-rest-1.0 +``` + +The `webUrl` property in the response can be a link to Web Application Open Platform Interface (WOPI) for rendering supported office file types. The URL will look like: + +```http +https://host/:w:r/contentstorage/sitecollection/_layouts/15/doc2.aspx?sourcedoc=guid&file=filename.docx&action=default&mobileredirect=true +``` + +This `webUrl` will open WOPI in the default mode (`action=default`). If you wish to override the default mode to force a specific mode (for example, View for read-only and Edit for editor), you can augment the `webUrl` like this: + +```csharp +string webUrl = https://host/:w:r/contentstorage/sitecollection/_layouts/15/doc2.aspx?sourcedoc=guid&file=filename.docx&action=default&mobileredirect=true; + +System.UriBuilder builder = new System.UriBuilder(webUrl); +System.Collections.Specialized.NameValueCollection queryDictionary = System.Web.HttpUtility.ParseQueryString(builder.Query); +queryDictionary["action"] = "view"; +//queryDictionary["action"] = "edit"; +builder.Query = queryDictionary.ToString(); +string modifiedWebUrl = builder.ToString(); +``` + +> [!TIP] +> To learn more about WOPI Actions, see: [WOPI Discovery - WOPI Actions](/microsoft-365/cloud-storage-partner-program/online/discovery#wopi-actions). + +### Open Office files directly in Desktop clients + +To open your files directly in the Office desktop clients, you need to create an Office URI scheme. The format is as follows: + +```xml +:"|""|" +``` + +Use the following table to replace the preceding segments: + +- **scheme-name**: the name of the application, for example: *ms-excel* +- **command-name**: + - `ofv` for Open File View + - `ofe` for Open File Edit + - `nft` for New From Template +- **command-argument-descriptor** and **command-argument**: + - `|u|{file url}` + - `|s|{save location}` + - *only for New From Template* + +> [!NOTE] +> The **New From Template** may not work as you would expect for save location since the permissions schema is different from SharePoint Sites. + +The following contains an example usage of the Office URI scheme: + +```text +ms-word:ofv|u|https://contoso.com/document.docx +ms-powerpoint:ofe|u|https://contoso.com/presentation.pptx +``` + +Because the `webUrl` property points to Office Online for Office documents, you must get the actual link in two steps: + +1. Getting the WebUrl of the parent folder +1. Appending the name of the file + +For example, the following scheme: + +```text +ms-word:ofe|u|{folder.WebUrl]/{item.Name} +``` + +... will result in the following scheme: + +```text +ms-word:ofe|u|https://contoso.sharepoint.com/contentstorage/CSP_1234765465/Document%20Library/MyDocument.docx +``` + +To learn more about Office URI schemes, see [Office URI Schemes](/office/client-developer/office-uri-schemes). + +> [!NOTE] +> The Uri must be opened in a blank window or new tab. diff --git a/docs/embedded/development/tutorials/metadata.md b/docs/embedded/development/tutorials/metadata.md new file mode 100644 index 000000000..1973c22b9 --- /dev/null +++ b/docs/embedded/development/tutorials/metadata.md @@ -0,0 +1,474 @@ +--- +title: SharePoint Embedded Container Metadata +description: Add metadata in Containers and Files. +ms.date: 3/22/2024 +ms.localizationpriority: high +--- + +# Using Metadata with SharePoint Embedded Containers + +In SharePoint Embedded, columns can be added to [Containers](../../getting-started/containertypes.md) to address scenarios requiring custom metadata via Microsoft Graph APIs. Content in the container can then set desired values for corresponding metadata. Metadata is schematized and can be queried. Note the APIs to create and manage columns are on the container instances level – an application is responsible for defining and managing the columns across its containers. + +## Authorization and Authentication + +App+User (Delegated) or App-only (Application) Bearer {token} is required in the Authorization header. + +> [!NOTE] +> Container owners can Create, Update, and Delete Container columns +> All Container members can Read and List Container columns + +### `microsoft.graph.fileStorageContainer` properties + +| Property | Type | Description | Key | Required | ReadOnly | +| -------------------------- | -------------------------------------------------------------- | ---------------------------------------------------------- | --- | -------- | -------- | +| `id` | `Edm.String` | unique stable identifier of the storage container instance | Yes | Yes | Yes | +| `displayName` | `Edm.String` | display name of the container | No | Yes | No | +| `description` | `Edm.String` | description of the container | No | No | No | +| `containerTypeId` | `Edm.Guid` | container type ID | No | Yes | Yes | +| `containerTypeDisplayName` | `Edm.String` | display name of the container type | No | No | Yes | +| `externalGroupId` | `Edm.Guid` | external group ID | No | No | No | +| `permissions` | `Collection` | permissions of users / groups in the container | No | No | No | +| `customProperties` | `microsoft.graph.fileStorageContainerCustomPropertyDictionary` | custom properties | No | No | No | +| `viewpoint` | `microsoft.graph.fileStorageContainerViewpoint` | data that is specific to the current user | No | No | No | +| `drive` | `microsoft.graph.drive` | storage container's drive resource | No | No | Yes | +| `recycleBin` | `microsoft.graph.recycleBin` | storage container's recycleBin resource | No | No | Yes | +| `status` | `microsoft.graph.fileStorageContainerStatus` | an enum value representing the status of the container | No | No | Yes | +| `createdDateTime` | `microsoft.graph.dateTimeOffset` | createdDateTime | No | No | Yes | +| `storageUsedInBytes` | `Edm.Int64` | storage used in bytes | No | No | Yes | +| `assignedSensitivityLabel` | `microsoft.graph.assignedLabel` | the sensitivity label assigned to the container | No | No | No | +| `owners` | `Collection` | The list of users who own the container | No | No | Yes | +| `columns` | `Collection` | the collection of custom metadata fields in the container | No | No | No | + + + +## Limitations + +The following are the properties that SharePoint Embedded Metadata supports: + +| Property name | Type | +| ---------------------- | ------------------------- | +| boolean | booleanColumn | +| choice | choiceColumn | +| currency | currencyColumn | +| dateTime | dateTimeColumn | +| hyperlinkOrPicture | hyperlinkOrPictureColumn | +| isDeletable | Boolean | +| ID | string | +| indexed | Boolean | +| isSealed | Boolean | +| name | string | +| number | numberColumn | +| personOrGroup | personOrGroupColumn | +| readOnly | Boolean | +| text | textColumn | +| type | columnTypes | + +> [!NOTE] +> Please name columns according to the appropriate column naming convention + +### Column Naming Conventions + +Column Names must adhere to the following rules: +- Can't contain "!". +- Can't start with a digit, period, minus sign, or question mark. +- Can't contain any space or any nonalphanumeric characters except "_" or "\". +- Can't look like either type of cell reference. + - A1 mode cell reference with 1 to 3 characters followed by 1 to 5 digits (for example, A3 F02563, ZZZ12). + - R1C1 mode cell references that look like r, or c, or r[#], c[#] or r[#]c[#]. +- Can't be any localized word for "true" or "false". +- Can't be specific names, including "Author", "Created", "Description", etc. + + + +## Create a column in a fileStorageContainer + +This API lets callers create a new column instance in a fileStorageContainer. + +##### Required permissions (at least one of) + +| ScopeName | Type | +| ----------------------------- | ----------- | +| FileStorageContainer.Selected | Application | +| FileStorageContainer.Selected | Delegated | + +#### REST Operation example: create a column in a fileStorageContainer + +##### Request + +```http +POST https://graph.microsoft.com/beta/storage/fileStorage/containers/{container-id}/columns +Content-Type: application/json + +{ + "description": "test", + "displayName": "Title", + "enforceUniqueValues": false, + "hidden": false, + "indexed": false, + "name": "Title", + "text": { + "allowMultipleLines": false, + "appendChangesToExistingText": false, + "linesForEditing": 0, + "maxLength": 255 + } +} +``` + +> [!NOTE] +> Note Type is not supported. `maxLength` should =< 255. + +##### Response + +```http +HTTP/1.1 201 Created +Content-type: application/json + +{ + "description": "test", + "displayName": "Title", + "enforceUniqueValues": false, + "hidden": false, + "id": "99ddcf45-e2f7-4f17-82b0-6fba34445103", + "indexed": false, + "name": "Title", + "text": { + "allowMultipleLines": false, + "appendChangesToExistingText": false, + "linesForEditing": 0, + "maxLength": 255 + } +} +``` + +## Get a column in a fileStorageContainer by ID + +This API lets callers get a fileStorageContainer column instance by ID. + +##### Required permissions (at least one of) + +| ScopeName | Type | +| ----------------------------- | ----------- | +| FileStorageContainer.Selected | Application | +| FileStorageContainer.Selected | Delegated | + +#### REST Operation example: get a column in a fileStorageContainer by ID + +##### Request + +```http +GET https://graph.microsoft.com/beta/storage/fileStorage/containers/{container-id}/columns/{column-id} +``` + +##### Response + +```http +HTTP/1.1 200 OK +Content-type: application/json + +{ + "description": "test", + "displayName": "Title", + "enforceUniqueValues": false, + "hidden": false, + "id": "99ddcf45-e2f7-4f17-82b0-6fba34445103", + "indexed": false, + "name": "Title", + "text": { + "allowMultipleLines": false, + "appendChangesToExistingText": false, + "linesForEditing": 0, + "maxLength": 255 + } +} +``` + +## Update a column in a fileStorageContainer by ID + +This API lets callers update a fileStorageContainer column instance by ID. +You can update any property of the column other than the **id** property. + +##### Required permissions (at least one of) + +| ScopeName | Type | +| ----------------------------- | ----------- | +| FileStorageContainer.Selected | Application | +| FileStorageContainer.Selected | Delegated | + +#### REST Operation example: update a column in a fileStorageContainer by ID + +##### Request + +```http +PATCH https://graph.microsoft.com/beta/storage/fileStorage/containers/{container-id}/columns/{column-id} +Content-Type: application/json + +{ + "required": true, + "hidden": false, + "description": "This is my new column description" +} +``` + +##### Response + +```http +HTTP/1.1 200 OK +Content-type: application/json + +{ + "description": "", + "displayName": "Custom Column", + "enforceUniqueValues": false, + "hidden": false, + "id": "11dfef35-e2f7-4f17-82b0-6fba34445103", + "indexed": false, + "name": "Custom Column", + "readOnly": false, + "required": true, + "text": { + "allowMultipleLines": false, + "appendChangesToExistingText": false, + "linesForEditing": 0, + "maxLength": 255 + } +} +``` + +## Delete a column from a fileStorageContainer + +This API lets callers delete a fileStorageContainer column instance by ID. + +##### Required permissions (at least one of) + +| ScopeName | Type | +| ----------------------------- | ----------- | +| FileStorageContainer.Selected | Application | +| FileStorageContainer.Selected | Delegated | + +#### REST Operation example: delete a column from a fileStorageContainer + +##### Request + +```http +DELETE https://graph.microsoft.com/beta/storage/fileStorage/containers/{container-id}/columns/{column-id} +``` + +##### Response + +```http +HTTP/1.1 204 No Content +``` + +## List columns in a fileStorageContainer + +This API lets callers enumerate the columns in a fileStorageContainer. + +##### Required permissions (at least one of) + +| ScopeName | Type | +| ----------------------------- | ----------- | +| FileStorageContainer.Selected | Application | +| FileStorageContainer.Selected | Delegated | + +#### REST Operation example: List columns in a fileStorageContainer + +##### Request + +```http +GET https://graph.microsoft.com/beta/storage/fileStorage/containers/{container-id}/columns +``` + +##### Response + +```http +HTTP/1.1 200 OK +Content-type: application/json + +{ + "value": [ + { + "description": "", + "displayName": "Title", + "hidden": false, + "id": "99ddcf45-e2f7-4f17-82b0-6fba34445103", + "indexed": false, + "name": "Title", + "readOnly": false, + "required": false, + "text": { + "allowMultipleLines": false, + "appendChangesToExistingText": false, + "linesForEditing": 0, + "maxLength": 255 + } + }, + { + "description": "", + "displayName": "Address", + "id": "11dfef35-e2f7-4f17-82b0-6fba34445103", + "indexed": false, + "name": "Address", + "readOnly": false, + "required": false, + "text": { + "allowMultipleLines": false, + "appendChangesToExistingText": false, + "linesForEditing": 0, + "maxLength": 255 + } + } + ] +} +``` + +## Get column values of an item in a fileStorageContainer's drive + +This is an existing API used to showcase our new feature of getting the column values of an item in a fileStorageContainer's drive. +This API supports OData $select features for `column`. + + +##### Required permissions (at least one of) + +| ScopeName | Type | +| ----------------------------- | ----------- | +| FileStorageContainer.Selected | Application | +| FileStorageContainer.Selected | Delegated | + +#### REST Operation example: Get column values of an item in a fileStorageContainer's drive + +##### Request + +```http +GET https://graph.microsoft.com/beta/drives/{drive-id}/items/{item-id}/listitem/fields +``` + +##### Response + +```http +HTTP/1.1 200 OK +Content-type: application/json + +{ + "Name": "Widget", + "Color": "Blue", + "Quantity": 2357 +} +``` + +##### Request + +```http +GET https://graph.microsoft.com/beta/drives/{drive-id}/items/{item-id}/listitem/fields?$select=Name,Color +``` + +##### Response + +```http +HTTP/1.1 200 OK +Content-type: application/json + +{ + "Name": "Widget", + "Color": "Blue" +} +``` + +## Patch column values of an item in a fileStorageContainer's drive + +This is an existing API used to showcase our new feature of updating and deleting the column values of an item in a fileStorageContainer's drive. + +##### Required permissions (at least one of) + +| ScopeName | Type | +| ----------------------------- | ----------- | +| FileStorageContainer.Selected | Application | +| FileStorageContainer.Selected | Delegated | + +#### REST Operation example: update column values of an item in a fileStorageContainer's drive + +##### Request + +```http +PATCH https://graph.microsoft.com/beta/drives/{drive-id}/items/{item-id}/listitem/fields + +Content-Type: application/json + +{ + "Color": "Fuchsia", + "Quantity": 934 +} +``` + +##### Response + +```http +HTTP/1.1 200 OK +Content-type: application/json + +{ + "Name": "Widget", + "Color": "Fuchsia", + "Quantity": 934 +} +``` + +#### REST Operation example: delete column values of an item in a fileStorageContainer's drive + +##### Request + +```http +PATCH https://graph.microsoft.com/beta/drives/{drive-id}/items/{item-id}/listitem/fields + +Content-Type: application/json + +{ + "Color": null +} +``` + +##### Response + +```http +HTTP/1.1 200 OK +Content-type: application/json + +{ + "Name": "Widget", + "Quantity": 934 +} +``` + +## Query a fileStorageContainer's driveitems with Odata query options on custom columns + +This API lets users query drive items in a fileStorageContainer with `$expand`, `$filter`, and `$orderby` Odata query options on their custom columns. + +##### Required permissions (at least one of) + +| ScopeName | Type | +| ----------------------------- | ----------- | +| FileStorageContainer.Selected | Application | +| FileStorageContainer.Selected | Delegated | + +#### REST Operation example: filter fileStorageContainer's driveitems by their custom columns 'TestField' and order the results by 'TestField' + +##### Request + +```http +GET https://graph.microsoft.com/beta/drives/{drive-id}/items?$orderby=listitem/fields/TestField asc&$filter=startswith(listitem/fields/TestField, '3')&$expand=listitem($expand=fields) +``` + +##### Response + +```http +HTTP/1.1 200 OK +Content-type: application/json + +{ + "value": [ + {"name": "a.jpg", "size": 2048, "listitem/fields/TestField": "31" }, + {"name": "b.xlsx", "size": 197, "listitem/fields/TestField": "32" }, + {"name": "c.docx", "size": 391, "listitem/fields/TestField": "33" } + ] +} +``` \ No newline at end of file diff --git a/docs/embedded/development/tutorials/migrate-abs-to-spe.md b/docs/embedded/development/tutorials/migrate-abs-to-spe.md new file mode 100644 index 000000000..d9994ba3d --- /dev/null +++ b/docs/embedded/development/tutorials/migrate-abs-to-spe.md @@ -0,0 +1,374 @@ +--- +title: Tutorial to Migrate from Azure Blob Storage container to SharePoint Embedded container +description: Tutorial in how to migrate from Azure Blob Storage container to SharePoint Embedded container Using C# +ms.date: 07/31/2024 +ms.localizationpriority: high +--- + +# Tutorial For Migrating Content From Azure Blob Storage Container To SharePoint Embedded Container + +## Purpose + +This tutorial will guide you through migrating content from Azure Blob Storage (ABS) to SharePoint Embedded (SPE) using C#. This is useful for customers who have 500 docs in the blob storage container. + +### Prerequisites + +1. A Microsoft Entra ID application registration. See [register an application](/graph/auth-register-app-v2). +1. Your Microsoft Entra ID tenant has a [Microsoft 365 subscription](/training/m365/). +1. A Microsoft Entra ID tenant. If you don't have a tenant, create a [free Azure account to get a free subscription](https://azure.microsoft.com/free/). +1. An account with at least the Global Administrator or SharePoint Embedded Administrator role. +1. .NET Core SDK [version 8.0.303](https://dotnet.microsoft.com/download/dotnet/8.0) +1. Dotnet environment to run the sample app + + - It can be run on Windows, Linux and macOS + +1. SharePoint Embedded container + + - For more information on how to set up a [SPE container](https://aka.ms/start-spe) + +1. Azure Blob Storage container + + - For more information on how to set up an [ABS container](/azure/storage/blobs/storage-blobs-introduction) + +## Authentication + +### Azure Blob Storage + +1. Credentials - Container-level Shared Access Signature (SAS) URL. +1. Permission - Read and List + +### SharePoint Embedded + +1. An [Azure account](https://portal.azure.com) +1. A SharePoint Tenant where you'll create your containers and its Tenant ID +1. An onboarded application ID (sometimes called client ID) and its corresponding ContainerTypeId +1. Create a new App Registration in [Microsoft Entra ID portal](https://entra.microsoft.com). +1. In the App Registration, add a new Mobile & Console application platform in [Microsoft Entra ID App Registration Authenticate portal](https://entra.microsoft.com) + + ![Screenshot of Microsoft Entra ID application configuration](../../images/app-registration-console-platform.png) + +1. A ContainerType +1. A Container +1. Having the application registered in the consuming tenant (even if the owner of the application is the same as the consuming) +1. Having the containerType registered in the consuming tenant (even if the owner of the CT is the same as the consuming) +1. Consuming tenant user name and password credentials - will be required to authenticate the Microsoft Graph client +1. Permission - "User.Read", "FileStorageContainer.Selected" + +## Migrating Data from Azure Blob Storage container to SharePoint Embedded container + +### Description + +This section provides code snippets on how to accomplish the migration. All the validation has been removed for readability. + +### Connecting to Azure Blob Storage Container + +```c# +_containerClient = new BlobContainerClient(new Uri(_containerLevelSASUrl)); +``` + +### Connecting to SharePoint Embedded + +```c# +string[] _scopes = { "User.Read", "FileStorageContainer.Selected" }; +InteractiveBrowserCredentialOptions interactiveBrowserCredentialOptions = new InteractiveBrowserCredentialOptions() + { + ClientId = clientId, + RedirectUri = new Uri("http://localhost"), + }; +InteractiveBrowserCredential interactiveBrowserCredential = new InteractiveBrowserCredential(interactiveBrowserCredentialOptions); + +_graphClient = new GraphServiceClient(interactiveBrowserCredential, scopes, null); + +// Will open up a browser to provide your consuming tenant admin credentials +var user = await _graphClient.Me.GetAsync(); +``` + +### Getting the blob list + +```c# +var blobs = new List(); +await foreach (var blobItem in _containerClient.GetBlobsAsync()) +{ + blobs.Add(blobItem.Name); +} +return blobs; +``` + +### Thread pooling + +```c# +private CountdownEvent _countdown; + +// This is how the thread pool knows how many files are being migrated +_countdown = new CountdownEvent(blobs.Count); +``` + +### FileStructure + +```c# +public class FileStructure +{ + public string blobName { get; set; } + public string parentFolderId { get; set; } +} +``` + +### Traverse blob list + +```c# +// It creates a new folder in the destination. The name of the folder is the blob's container name. +// root means it is the root of the document library. +// If you want to copy it to another drive item, you can put the drive item ID here. +containerFolder = await _graphClient.CreateFolder(_containerName, "root"); + +// Traverse the blob list +foreach (var blobName in fileList) +{ + FileStructure fs = new FileStructure() { blobName = blobName }; + + // This function parses the flat file into the folder hierarchy and creates the folder structure in the destination. It will retrieve the parentFolderId that the file should be copied to. + // If you are going to copy it to root you can comment this line out. The parentFolderId will be containerFolder.Id + fs.parentFolderId = TraverseBlobName(fs, containerFolder.Id) + + // This is where the thread pool happens. + // It takes in a callback function and an Object parameter. + ThreadPool.QueueUserWorkItem(MigrateFile, fs); +} + +// Call so the program doesn't end, it waits for all the files to be processed +_countdown.Wait(); +``` + +### Traverse blob name + +```c# +// Parse for folder path not including the file name and put it in an array +var pathSegments = filePath.Split(new char[] { '/' }, StringSplitOptions.RemoveEmptyEntries); +string[] directoriesParts = pathSegments.Take(pathSegments.Length - 1).ToArray(); + +// Traverse the folder listing and create 1 folder at a time +string relativePath = _containerName; +string newFolderId = parentFolderId; +foreach (string folderName in directoriesParts) +{ + string newPath = relativePath + _separator + folderName; + ... + + DriveItem subFolder = await _graphClient.CheckIfItemExists(folderName, newFolderId); + if (subFolder == null) + { + subFolder = await _graphClient.CreateFolder(folderName, newFolderId); + ... + } + newFolderId = subFolder.Id; + + relativePath = newPath; +} + +return newFolderId; +``` + +### Check if the item exists + +```c# +var item = await _graphClient.Drives[_containerId].Items[parentFolderId].ItemWithPath(itemPath).GetAsync(); +``` + +### Create folder + +```c# +var folder = new DriveItem +{ + Name = folderName, + Folder = new Folder(), + AdditionalData = new Dictionary() + { + { "@microsoft.graph.conflictBehavior", "fail" } + } +}; +var createdFolder = await _graphClient.Drives[_containerId].Items[parentFolderId].Children.PostAsync(folder); +``` + +### Migrate File + +```c# +// The parameter must be of type Object. +internal async void MigrateFile(Object stateInfo) +{ + var fileStructure = (FileStructure)stateInfo; + + // Check if the file exists in the destination. If it exists + // - don't upload + // - check if the file is newer in the source than the destination - then upload + ... + + // Migrate the file + // This is where you download the blob as a stream from abs (code below) + ... + + // Then upload the stream to SPE (code below) + ... + + // Signal the countdown event that a file has been migrated + _countdown.Signal(); + + return; +} +``` + +### Downloading From The Blob From ABS As A Stream + +```c# +BlobClient blobClient = _containerClient.GetBlobClient(blobName); + +MemoryStream memoryStream = new MemoryStream(); +await blobClient.DownloadToAsync(memoryStream); +memoryStream.Position = 0; // Reset the stream position to the beginning +``` + +### Uploading The Stream To SPE + +```c# +int _maxChunkSize = 320 * 1024; + +var uploadSessionRequestBody = new CreateUploadSessionPostRequestBody() +{ + AdditionalData = new Dictionary + { + // Fail is set here, so it doesn't get upload again if it already exist + { "@microsoft.graph.conflictBehavior", "fail" } + } +}; + +var uploadSession = await _graphClient.Drives[_containerId] + .Items[parentFolderId] + .ItemWithPath(fileName) + .CreateUploadSession + .PostAsync(uploadSessionRequestBody); + +// The stream is the same stream from the downloading the blob +var fileUploadTask = new LargeFileUploadTask(uploadSession, memoryStream, _maxChunkSize, _graphClient.RequestAdapter); +IProgress progress = new Progress(prog => Console.WriteLine($"Uploaded {fileName} {prog} bytes")); + +// Check uploadResult.UploadSucceeded to see if it is successful +var uploadResult = await fileUploadTask.UploadAsync(progress); +``` + +## Overview Of The Sample App + +### Description + +A sample app called **MigrateABStoSPE** that is designed to migrate files from an Azure Blob Storage (ABS) container to a SharePoint Embedded (SPE) container. The code snippets provided in the **Migrating Data from Azure Blob Storage container to SharePoint Embedded container** are from the sample app. + +It uses Azure.Storage.Blobs and Newtonsoft.Json libraries for working with ABS and JSON data respectively. The app authenticates with both ABS and SPE using client credentials and performs the migration of files. + +### Packages + +1. Microsoft Graph SDK (version 5.56.0) +1. Azure.Identity (version 1.12.0) +1. Azure.Storage.Blobs (version 12.21.0) +1. CommandLineParser (version 2.9.1) +1. Newtonsoft.Json (13.0.3) + +### Out Of Scope + +1. How to deal with files that already exist in the destination - it fails, it doesn't overwrite or rename +1. How to deal with ABS version newer than the destination - it fails because the file already exists in the destination + +### Running The Sample App + +1. Open a terminal or command prompt. +1. Navigate to the directory where the Program.cs file is located. +1. Make sure you have the .NET Core SDK installed on your machine. You can check this by running the command dotnet --version in the terminal. If the command isn't recognized, you can download and install the .NET Core SDK from the official Microsoft website. +1. Once you have confirmed that the .NET Core SDK is installed, you can build the application by running the command `dotnet build`. This will compile the code and generate the necessary binaries. +1. After the build process is complete, you can run the application by executing the command dotnet run followed by the required arguments. The required arguments are: + + - The container-level SAS URL: This is an Azure Blob container level SAS URL. It provides access to the container and its blobs. + - The SPE tenant ID: This is the tenant you're authenticating against in the SPE. + - The SPE client ID: This is the client you're authenticating against in the SPE. + - The SPE container ID: This is the container you're migrating content to in the SPE. For more information on how to get the [container ID](/graph/api/filestorage-list-containers) + - (optional) File name with full path that contains the blob list. + - (optional) File name with full path where to output failed blobs. + +For example, the command to run the application with the required arguments would look like this: + +`dotnet run Program.cs -- --sasurl "" --tenantid "" --clientid "" --containerid "" [ --blobfile "" --outputfile "" ]` + +### Blob and SPE Item Structure + +ABS container doesn't adhere to a folder structure, all the blobs are stored in a flat listing structure. When migrating to SPE, the sample app parses the blob name and creates the folder structure in the container ID provided, with the container name as the top folder. If you're migrating to the root folder, you can ignore this section. + +**Source** + +- Container Name: Container1 + - Blob name: FolderA/blob1.txt + - Blob name: FolderA/FolderB/blob2.txt + - Blob name: FolderA/FolderB/FolderC/blob3.txt + +**Destination** + +- Drive Item folder + - Container1 + - FolderA + - blob1.txt + - FolderB + - blob2.txt + - FolderC + - blob3.txt + +## Handling Errors and Exceptions + +### Common Issues + +1. File already exists in the destination + + - This app checks to see if the file name exists in the destination before it uploads. If there's a file with the exact same name, it will not do the upload again. It will print to stdout a message that the file already exists. To fix it, you can either delete the file from the destination or change the conflictBehavior to replace and not call `CheckIfItemExists` on upload. + +1. The file for the list of blobs isn't found +1. The format for the list of blobs - one blob per line, without quotes around the blob name +1. Not giving enough permission to access the ABS container + + - The minimum permissions are Read and List + +1. Not giving enough permissions to the SPE container + + - The required scope is "User.Read" and "FileStorageContainer.Selected" + - Remember to grant admin consent + - Remember to create the mobile & console platform app + +## Testing the Migration + +### Verification + +1. When the file is queued, it will print to stdout +1. It will print the stats of the total blobs that were processed: total, success, exists in destination, and failed. +1. If there are errors, it will send the failed blob list to a file. The file name will be printed to stdout. It will also, print a command for an incremental re-run. + +## Conclusion + +### Summary + +In this tutorial, we explored how to migrate content from ABS container to SPE container. By following the steps outlined, writing your own app to migrate content should be easy. + +To recap, we: + +1. Authenticated with ABS and Graph +1. How to use a thread pool to queue migration of blob +1. Check if the item exists in destination +1. Retrieved the blob list from ABS container +1. Uploaded the blob to the SPE container + +Understanding these steps is crucial for migrating content from ABS container to SPE container. Now, try implementing these steps in your own projects and see the difference it makes! + +Happy coding! + +### Next Steps + +- For more information about Blob Storage, see [Blob Storage documentation](/azure/storage/blobs/storage-blobs-introduction). +- For more information about SPE, see [SharePoint Embedded documentation](https://aka.ms/start-spe). + +## Appendix + +### Code Repository + +The sample app can be found in the [SharePoint Embedded Samples repository](https://github.com/microsoft/SharePoint-Embedded-Samples/tree/main/Samples/migrate-abs-to-spe). diff --git a/docs/embedded/development/tutorials/spe-da-vscode.md b/docs/embedded/development/tutorials/spe-da-vscode.md new file mode 100644 index 000000000..1a75bcce5 --- /dev/null +++ b/docs/embedded/development/tutorials/spe-da-vscode.md @@ -0,0 +1,355 @@ +--- +title: SharePoint Embedded agent Tutorial +description: Sharepoint Embedded agent tutorial with the SDK and the VS Code SharePoint Embedded Extension +ms.date: 06/10/2025 +ms.localizationpriority: high +--- + +# Tutorial for getting started with SharePoint Embedded agent + +## Prerequisites + +> [!NOTE] +> +> 1. You will need to create a SharePoint Embedded application. If you don't have one, you can easily build a sample application using the instructions [here](#getting-started-using-the-sharepoint-embedded-visual-studio-code-extension). +> 1. You must specify a standard container type at creation time. Depending on the purpose, you may or may not need to provide your Azure Subscription ID. A container type set for trial purposes can't be converted for production, or vice versa. +> 1. You must use the latest version of SharePoint PowerShell to configure a container type. For permissions and the most current information about Windows PowerShell for SharePoint Embedded, see the documentation at [Intro to SharePoint Embedded Management Shell](/powershell/SharePoint/SharePoint-online/introduction-SharePoint-online-management-shell). +> +> - Set the **CopilotChatEmbeddedHosts** property of your container type configuration to `http://localhost:8080` to be able to work through the quick start below, refer to [the CSP section above for more information](../declarative-agent/spe-da-adv.md#csp-policies). +> - Set the **DiscoverabilityDisabled** property of your container type configuration to `false` so that the agent can find the files in your created container. Refer to the [Discoverability Disabled section above for more information](../declarative-agent/spe-da-adv.md#discoverabilitydisabled). +> - Ensure that Copilot for Microsoft 365 is available for your organization. You have two ways to get a developer environment for Copilot: +> - A sandbox Microsoft 365 tenant with M365 Copilot (available in limited preview through [TAP membership](https://developer.microsoft.com/microsoft-365/tap)). +> - An [eligible Microsoft 365 or Office 365 production environment](/microsoft-365-copilot/extensibility/prerequisites#customers-with-existing-microsoft-365-and-copilot-licenses) with a M365 Copilot license. + +## Getting started using the SharePoint Embedded SDK + +### 1. Install the SDK into your React repo + +```console +# Install the SDK with npm + +npm install "https://download.microsoft.com/download/970802a5-2a7e-44ed-b17d-ad7dc99be312/microsoft-sharepointembedded-copilotchat-react-1.0.9.tgz" +``` + +#### If you want to verify checksums + +In MacOS/Linux + +```console +version="1.0.9"; + +url="https://download.microsoft.com/download/970802a5-2a7e-44ed-b17d-ad7dc99be312/microsoft-sharepointembedded-copilotchat-react-1.0.9.tgz"; + +expected_checksum="3bdf19830ffc098b253cc809f969f50fba236ad95fe85123e7b15c7cf58ecf6b"; + +package_path="microsoft-sharepointembedded-copilotchat-react-$version.tgz"; + +curl -o $package_path $url && [ "$(sha256sum $package_path | awk '{ print $1 }')" == "$expected_checksum" ] && npm install $package_path || { echo "Checksum does not match. Aborting installation."; rm $package_path; } +``` + +In Windows: + +```powershell +$version = "1.0.9" +$url = "https://download.microsoft.com/download/970802a5-2a7e-44ed-b17d-ad7dc99be312/microsoft-sharepointembedded-copilotchat-react-1.0.9.tgz" +$expected_checksum = "3BDF19830FFC098B253CC809F969F50FBA236AD95FE85123E7B15C7CF58ECF6B" +$package_path = "microsoft-sharepointembedded-copilotchat-react-$version.tgz" + +Invoke-WebRequest -Uri $url -OutFile $package_path + +$calculated_checksum = Get-FileHash -Path $package_path -Algorithm SHA256 | Select-Object -ExpandProperty Hash + +if ($calculated_checksum -eq $expected_checksum) { + Write-Output "Checksum matches. Installing the package..." + npm install $package_path +} else { + Write-Output "Checksum does not match. Aborting installation." +} +Remove-Item $package_path +``` + +### 2. Create an `authProvider` object + +This is an object that matches this interface: + +```typescript +export interface IChatEmbeddedApiAuthProvider { + // The hostname for your tenant. Example: https://m365x10735106.sharepoint.com + hostname: string; + // This function will be called when an SPO token is required + // Scope needed: ${hostname}/Container.Selected + getToken(): Promise; +} +``` + +Example usage in app: + +```typescript +// In your app: +import { IChatEmbeddedApiAuthProvider } from '@microsoft/sharepointembedded-copilotchat-react'; + +const authProvider: IChatEmbeddedApiAuthProvider = { + hostname: 'https://m365x10735106.sharepoint.com', + getToken: requestSPOAccessToken, +}; +``` + +Example implementation of `getToken` (you need to customize it): + +```typescript +// +async function requestSPOAccessToken() { + // Use your app's actual msalConfig + const msalConfig = { + auth: { + clientId: "{Your Entra client ID}", // this can likely point to process.env.REACT_APP_CLIENT_ID if you have set it in your .env file + }, + cache: { + // https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/caching.md + /* + Cache Location | Cleared on | Shared between windows/tabs | Redirect flow supported + ----------------- ---------- ------------------------- ------------------------ + sessionStorage | window/tab close | No | Yes + localStorage | browser close | Yes | Yes + memoryStorage | page | refresh/navigation | No | No + */ + cacheLocation: 'localStorage', + storeAuthStateInCookie: false, + }, + }; + + const containerScopes = { + scopes: [`${authProvider.hostname}/Container.Selected`], + redirectUri: '/' + }; + + const pca = new msal.PublicClientApplication(msalConfig); + let containerTokenResponse; + + // Consent FileStorageContainer.Selected scope + try { + // attempt silent acquisition first + containerTokenResponse = await pca.acquireTokenSilent(containerScopes); + return containerTokenResponse.accessToken; + } catch (error) { + if (error instanceof InteractionRequiredAuthError) { + // fallback to interaction when silent call fails + containerTokenResponse = await pca.acquireTokenPopup(containerScopes); + return containerTokenResponse.accessToken; + } + else { + console.log(error); + } + } +} +``` + +### 3. Create a React state to store your `chatApi` in + +```typescript +const [chatApi, setChatApi] = React.useState(null); +``` + +Example: + +```typescript +import React from 'react'; +import { ChatEmbedded, ChatEmbeddedAPI, IChatEmbeddedApiAuthProvider } from '@microsoft/sharepointembedded-copilotchat-react'; + +//... +async function requestSPOAccessToken() { + //... +} + +const authProvider: IChatEmbeddedApiAuthProvider = { + hostname: 'https://m365x10735106.sharepoint.com', + getToken: requestSPOAccessToken, +}; + +function App() { + const [chatApi, setChatApi] = React.useState(null); + + return ( + //... + ); +} +``` + +### 4. Add the `ChatEmbedded` component into your react app + +```typescript +import React from 'react'; +import { ChatEmbedded, ChatEmbeddedAPI, IChatEmbeddedApiAuthProvider } from '@microsoft/sharepointembedded-copilotchat-react'; + +//... +async function requestSPOAccessToken() { + //... +} + +const authProvider: IChatEmbeddedApiAuthProvider = { + hostname: 'https://m365x10735106.sharepoint.com', + getToken: requestSPOAccessToken, +}; + +function App() { + const [chatApi, setChatApi] = React.useState(null); + + return ( + //... + + //... + ); +} +``` + +### 5. Use the `chatApi` object in your state to open the chat and run it + +In the example above, call it this way to open the chat. + +```typescript +await chatApi.openChat(); +``` + +You may choose to pass in launch configurations + +```typescript +import { IconName, IconStyle } from './sdk/types'; + +//... +const zeroQueryPrompts = { + headerText: "This is my Starter Prompt", + promptSuggestionList: [{ + suggestionText: 'Hello', + iconRegular: { name: IconName.ChatBubblesQuestion, style: IconStyle.Regular }, + iconHover: { name: IconName.ChatBubblesQuestion, style: IconStyle.Filled }, + }] +}; + +const launchConfig: ChatLaunchConfig = { + header: 'My Awesome Chat', + zeroQueryPrompts, + suggestedPrompts: ["What are my files?",], + instruction: "Response must be in the tone of a pirate", + locale: "en", +}; + +await chatApi.openChat(launchConfig); +``` + +Full example: + +```typescript +import React from 'react'; +import { ChatEmbedded, ChatEmbeddedAPI, IChatEmbeddedApiAuthProvider } from '@microsoft/sharepointembedded-copilotchat-react'; + +//... +async function requestSPOAccessToken() { + //... +} + +const authProvider: IChatEmbeddedApiAuthProvider = { + hostname: 'https://m365x10735106.sharepoint.com', + getToken: requestSPOAccessToken, +}; + +function App() { + const [chatApi, setChatApi] = React.useState(null); + + React.useEffect(() => { + const openChat = async () => { + if (!chatApi) { + return; + } + + await chatApi.openChat(); + }; + + openChat(); + }, [chatApi]); + + + return ( + //... + setChatApi(api)} + authProvider={authProvider} + containerId={container.id} + style={{ width: 'calc(100% - 4px)', height: 'calc(100vh - 8px)' }} + /> + //... + ); +} +``` + +### 6. Your AI chat should be loaded successfully + +## Getting started using the SharePoint Embedded Visual Studio Code Extension + +### Quick Start + +> [!NOTE] +> When using standard container types with the VS Code extension, [DisableDiscoverability](../declarative-agent/spe-da-adv.md#discoverabilitydisabled) and [Grant admin consent](/entra/identity/enterprise-apps/grant-admin-consent?pivots=portal) features are currently not supported. This will need to be done using the [SPO Admin Powershell](/powershell/sharepoint/sharepoint-online/connect-sharepoint-online). + +1. Follow this guide up to the [Load Sample App section](../../getting-started/spembedded-for-vscode.md#load-sample-app) with the Visual Studio Code Extension +1. Within the extension, right click on the owning application, and select `Run sample apps -> Typescript + React + Azure Functions` + + ![Using the SPE VS Code extension to create a TypeScript React Azure Functions project](../../images/speco-runsampleapp.png) + +1. Allow for the extension to copy and create client secrets + + > [!CAUTION] + > Caution for production environments, storing secrets in plain text poses a security risk. + + ![SPE VS Code notification alerting it will copy app secrets in plain text on local machine](../../images/speco-createappsecret.png) + + If the application does not already have a client secret, the extension will ask to create one for you. + + ![SPE VS Code notification prompting user to allow it to create a secret for the application if it does not exist.](../../images/speco-createclientsecret.png) + +1. Select a folder to host the application, this will clone the following [repository for SharePoint Embedded Samples](https://github.com/microsoft/SharePoint-Embedded-Samples/tree/main/Samples/spe-typescript-react-azurefunction) into the folder + + ![windows File Explorer folder to save project on local machine](../../images/speco-cloneproject.png) + + Next, when prompted, open the folder + + ![VS Code extension with the SPE React Typescript + Azure Functions sample application cloned on local machine and open in VS Code](../../images/speco-vscodeclonedproject.png) + +1. Navigate to `react-client\src\components\ChatSideBar.tsx` and uncomment this section + + ![VS Code file explorer with ChatSideBar.tsx in open window with relevant code to uncomment highlighted](../../images/speco-uncommentchatsidebar.png) + +1. Navigate to `react-client\src\routes\App.tsx` and set the React state of the `showSidebar` variable to `true` + + ![VS Code file explorer with App.tsx open with line of showSidebar variable useState function input changed from false to true to enable showing chat side bar](../../images/speco-setshowsidebartrue.png) + +1. You can follow the instructions of the `README.md` file in the root of the project for further npm commands. Run `npm run start` in the root of the project to start your application with the SPE agent functionality enabled. + + > [!NOTE] + > `npm run start` Should be done in the root folder of the sample project. `\SharePoint-Embedded-Samples\Samples\spe-typescript-react-azurefunction` + + ![VS Code terminal in root folder of SPE Typescript project cloned earlier and npm run start command typed in](../../images/speco-runnpmrunstart.png) + +1. Sign in with a user who has a Microsoft 365 Copilot license enabled. + + ![SPE Typescript App running in Edge with sign in buttons](../../images/speco-reacttypescripthomepage.png) + +1. Navigate to the `containers` page, create one if you do not have any yet + + ![SPE Typescript App running in edge in /containers sub page with modal of user c reatign a container called ContosoCompanyContainer](../../images/speco-createcontosocontainer2.png) + + After it has been created, you will see it here: + + ![SPE Typescript App running in edge with a created container from above ContosoCompanyContainer](../../images/speco-createdcontainer.png) + +1. Click the container and upload your files. Once a container has been created and you have navigated inside it, your agent chat experience will become enabled. + + ![SPE Typescript App running in edge inside a created container page of ContosoCompanyContainer](../../images/speco-spechatenabled.png) + +### Examples + +The [SharePoint Embedded Samples](https://github.com/microsoft/SharePoint-Embedded-Samples/tree/main/Samples/spe-typescript-react-azurefunction) repository has examples for how to use SharePoint Embedded in your custom applications. diff --git a/docs/embedded/development/tutorials/using-file-preview.md b/docs/embedded/development/tutorials/using-file-preview.md new file mode 100644 index 000000000..08c9602a2 --- /dev/null +++ b/docs/embedded/development/tutorials/using-file-preview.md @@ -0,0 +1,103 @@ +--- +title: File Previews +description: Preview SharePoint Embedded content +ms.date: 05/21/2024 +ms.localizationpriority: high +--- + +# Using File Previews + +## Embedding a file preview in an iFrame + +It's possible to preview a [wide range](https://support.microsoft.com/office/file-types-supported-for-previewing-files-in-onedrive-sharepoint-and-teams-e054cd0f-8ef2-4ccb-937e-26e37419c5e4) of files in your browser without using a special application. Among the files supported, you can view PDF, JPG, MP4, etc. + +In order to preview a file in an `iframe`, you need to + +1. Call Graph's driveItem preview endpoint and obtain the GetUrl +1. Use the URL in an iFrame (or even open it in a new page) + +## Get the preview url using Graph + +Microsoft Graph offers the following endpoint to [preview a file](/graph/api/driveitem-preview): + +```javascript +POST https://graph.microsoft.com/{version}/drives/{driveId}/items/{itemId}/preview +``` + +- `Version` is Graph's version. For example "v1.0" +- The `driveId` is Container ID (starts with "b!") +- The `itemId`, which is the drive item ID. + +If you're using the Microsoft Graph C# SDK, the code would be similar to the following: + +```csharp +ItemPreviewInfo preview = await graphServiceClient.Drives[driveId].Items[itemId] + .Preview() + .Request() + .PostAsync(); +``` + +The JSON response includes the preview URLs for each document. Use the one obtained in `getUrl`: + +```javascript +{ + "getUrl": "https://www.onedrive.com/embed?foo=bar&bar=baz", + "postParameters": "param1=value¶m2=another%20value", + "postUrl": "https://www.onedrive.com/embed_by_post" +} +``` + +> [!TIP] +> It is possible to remove the banner at the top by adding the parameter `nb=true` to the obtained URL. E.g. +> `https://contoso.sharepoint.com/restOfUrl/embed.aspx?param1=value&nb=true` + +> [!CAUTION] +> Currently **getUrl** contains a parameter with an encrypted token that can only be used with your application. However, this may change in the near future and you may be asked to add an auth header as you do with other requests. + +## Use the URL in an `iframe` + +The next step is simply to use the URL obtained in the previous step in a new page. You could have an endpoint in your application that serves a new page as similar to this one: + +```html + + + +

    Preview

    +

    Preview of {file name}:

    + + + + +``` + +## Load the document preview dynamically + +If you intend to dynamically load the preview in the same page without leaving it, you might get a CORS error if you attempt to access the Microsoft Graph endpoint directly from a script from your page. + +One way to solve this problem is to create an endpoint in your application that makes the request and returns the url. + +For example, your server-side code should first obtain the document's preview url: + +```csharp +[HttpGet] +[AuthorizeForScopes(Scopes = new string[] { "Files.Read.All" })] +public async Task> GetPreviewUrl(string driveId, string itemId) +{ + // Obtain tokens for the the request + // Use the function created in the first step + return url + "&nb=true"; //Use nb=true to suppress banner +} +``` + +The client-side application can then use the browser's `fetch` API to request and inject the url into the `iframe`: + +```javascript +async function preview(driveId, itemId) { + const url = `/GetPreviewUrl?driveId=${driveId}&itemId=${itemId}`; + const response = await fetch(url, { + credentials: 'include', + }).then(response => response.text()); + + document.getElementById('preview').src = response + "&nb=true"; //Use nb=true to suppress banner +} +``` diff --git a/docs/embedded/development/tutorials/using-webhooks.md b/docs/embedded/development/tutorials/using-webhooks.md new file mode 100644 index 000000000..b0511b294 --- /dev/null +++ b/docs/embedded/development/tutorials/using-webhooks.md @@ -0,0 +1,113 @@ +--- +title: Using Webhooks +description: Use webhooks with SharePoint Embedded. +ms.date: 03/03/2025 +ms.localizationpriority: high +--- + +# Using Webhooks + +## Set Up Webhooks with SharePoint Embedded + +Webhooks are automated messages that are transmitted by an application when a trigger is activated. They can be used in SPE to enable the automation of workflows, the integration of systems, and to respond to events in real-time. + +You'll use webhooks to invoke the Azure Cognitive Services APIs from the application whenever an existing file is updated, or a new file is uploaded. + +To set up webhooks with your [current SharePoint Embedded application](/training/modules/sharepoint-embedded-create-app/), you need to: + +1. Create and register a webhook endpoint to get notifications whenever there's a change in your container. This will be done using REST APIs. +1. Connect to Graph and subscribe to changes. You can expose your application to the internet by either running it locally or deploying it on the cloud. For this tutorial, you'll be employing the former by utilizing ngrok and then subscribing to the changes by making a POST call. +1. Perform any desired action by handling the webhook data. One such use case is covered in [Enabling document processing with Azure Cognitive Services tutorial](./doc-processing-acs.md). + +![using webhooks schema](../../images/Using-Webhooks.png) + +> [!TIP] +> To learn more about the Microsoft Graph APIs used in this tutorial, see [Create subscription](/graph/api/subscription-post-subscriptions). + +## Create and register a webhook + +Open the **index.ts** file and add an endpoint `onReceiptAdded`: + +```typescript +server.post('/api/onReceiptAdded', async (req, res, next) => { + try { + const response = await onReceiptAdded(req, res); + res.send(200, response) + } catch (error: any) { + res.send(500, { message: `Error in API server: ${error.message}` }); + } + next(); +}); +``` + +You also need to add the query parser plugin at the top of this file so that it runs at server startup: + +```typescript +server.use(restify.plugins.bodyParser(), restify.plugins.queryParser()); +``` + +Create **onReceiptAdded.ts** and implement the method `onReceiptAdded` to read `validationToken` and `driveId`. `validationToken` is required when Microsoft Graph makes a one-time call to verify the endpoint upon creation of the webhook subscription. `driveId` is the container-id for which the subscription is created. + +```typescript +require('isomorphic-fetch'); + +export const onReceiptAdded = async (req: Request, res: Response) => { + + const validationToken = req.query['validationToken']; + if (validationToken) { + res.send(200, validationToken, {"Content-Type":"text/plain"}); + return; + } + + const driveId = req.query['driveId']; + if (!driveId) { + res.send(200, "Notification received without driveId, ignoring", {"Content-Type":"text/plain"}); + return; + } + + console.log(`Received driveId: ${driveId}`); + + res.send(200, ""); + return; +} +``` + +## Connect to Graph and subscribe to changes + +Follow the [documentation](https://ngrok.com/docs/getting-started/) to create a tunnel for your backend server using ngrok. + +After starting the app, run the following command in a terminal: + +```powershell +ngrok http 3001 +``` + +On successful completion, you should get the following output. The public-facing endpoint for the app is highlighted in the red rectangle: + +![ngrok registration](../../images/ngrok-registration.png) + +Once the tunneling is active, you can subscribe to delta changes in the container by adding the webhook URL. To do that, open Postman and make the following `POST` request with the appropriate graph access token and `notificationUrl` with the `driveId` appended as a query parameter to ensure that you get notifications for changes only in the desired container. + +```json +POST https://graph.microsoft.com/v1.0/subscriptions +{ + "changeType": "updated", + "notificationUrl":"https://5ac2-2404-f801-8028-3-691a-87b2-d309-545b.ngrok-free.app/api/onReceiptAdded?driveId={{ContainerId}}", + "resource": "drives/{{ContainerId}}/root", + "expirationDateTime": "2024-01-20T03:58:34.088Z", + "clientState": "" +} +``` + +You can use the following code snippet for setting the max possible expiration time of 4230 minutes from the current time by adding this to the "Pre-request Script" section. It will set an environment variable that can be used in the request body. + +```javascript +var now = new Date() +var duration = 1000 * 60 * 4230; // max lifespan of driveItem subscription is 4230 minutes +var expiry = new Date(now.getTime() + duration); +var expiryDateTime = expiry.toISOString(); + +pm.environment.set("ContainerSubscriptionExpiry", expiryDateTime); +``` + +At this point, if you add/update any file in the container, you'll get a notification at the previously added endpoint (`/api/onReceiptAdded`) and a log message at the console: `Received driveId: ` diff --git a/docs/embedded/getting-started/containertypes.md b/docs/embedded/getting-started/containertypes.md new file mode 100644 index 000000000..f21edc78f --- /dev/null +++ b/docs/embedded/getting-started/containertypes.md @@ -0,0 +1,207 @@ +--- +title: Create New SharePoint Embedded Container Types +description: This article explains how Container Types work and the steps to create new Container Types. +ms.date: 03/03/2025 +ms.localizationpriority: high +--- + +# SharePoint Embedded Container Types + +A container type is a SharePoint Embedded resource that defines the relationship, access privileges, and billing accountability between a SharePoint Embedded application and a set of containers. Also, the container type defines behaviors on the set of containers. + +Each container type is strongly coupled with one SharePoint Embedded application, which is referred to as the owning application. The owning application developer is responsible for creating and managing their container types. SharePoint Embedded mandates a 1:1 relationship between owning application and a container type. + +Container type is represented on each container instance as an immutable property (ContainerTypeID) and is used across the entire SharePoint Embedded ecosystem, including: + +- **Access authorization**: A SharePoint Embedded application must be associated with a container type to get access to container instances of that type. Once associated, the application has access to all container instances of that type. The actual access privilege is determined by the application-ContainerTypeID permission setting. The owning application by default has full access privilege to all container instances of the container type it's strongly coupled with. Learn more about [SharePoint Embedded Authorization](../development/auth.md). +- **Easy exploration**: Container type can be created for trial purposes, allowing developers to explore SharePoint Embedded application development and assess its features for free. +- **Billing**: Container types for non-trial purposes are billable and must be created with an Azure Subscription. The usage of containers is metered and charged. Learn more about [metering](../administration/billing/meters.md) and the [SharePoint Embedded billing experience](../administration/billing/billingmanagement.md). +- **Configurable behaviors**: Container type defines selected behaviors for all container instances of that type. Learn more about setting [Container type configuration](../getting-started/containertypes.md#configuring-container-types). + +> [!NOTE] +> +> 1. You must specify the purpose of the container type you're creating at creation time. Depending on the purpose, you may or may not need to provide your Azure Subscription ID. A container type set for trial purposes can't be converted for production; or vice versa. +> 1. Standard and pass through container types can't be converted once created. If you want to convert a standard container type to pass through billing or vice versa, you must delete and re-create the container type. +> 1. You must use the latest version of SharePoint PowerShell to configure a container type. For permissions and the most current information about Windows PowerShell for SharePoint Embedded, see the documentation at [Intro to SharePoint Embedded Management Shell](/powershell/sharepoint/sharepoint-online/introduction-sharepoint-online-management-shell). + +## Creating Container Types + +SharePoint Embedded has 2 different Container Types you can create. + +1. [Trial Container Type](#trial-container-type) +1. [Standard Container Type](#standard-container-types-non-trial) + +### Prerequisites to create SharePoint Embedded container type + +A new container type will be created using **SharePoint Online Management Shell**: + +1. Download and install the [latest version of SharePoint Online Management Shell](https://www.microsoft.com/download/details.aspx?id=35588) +1. Open SharePoint Online Management Shell from **Start** screen, type **sharepoint**, and then select **SharePoint Online Management Shell**. +1. Connect to SPO service using `Connect-SPOService` cmdlet by providing admin credentials associated with tenancy. For information on [how to use Connect-SPOService](/powershell/module/sharepoint-online/connect-sposervice), refer the linked documentation. + +### Tenant requirements + +- An active instance of SharePoint is required in your Microsoft 365 tenant. +- Users who will be authenticating into SharePoint Embedded Container Types and Containers must be in Entra ID (Members and Guests) + + > [!NOTE] + > An Office license is not required to collaborate on Microsoft Office documents stored in a container. + +### Roles and Permissions + +- The admin who sets up the billing relationship for SharePoint Embedded needs to have owner or contributor permissions on the Azure subscription. +- Admin needs to have a SharePoint Embedded Administrator or Global Admin role to operate billing cmdlets. + +### Azure Subscription + +For the standard billing container type, the global administrator or SharePoint Embedded Administrator needs to set up: + +- An existing SharePoint tenancy +- An Azure subscription in the tenancy +- A resource group attached to the Azure subscription + +## Trial Container Type + +A container type can be created for trial/development purposes and isn't linked to any Azure billing profile. This enables developers to explore SharePoint Embedded application development and assess its features for free. For trial container types, the developer tenant is the same as the consuming tenant. +Each developer can have only one container type in the trial status in their tenant at a time. The trial container type is valid for up to 30 days but can be removed at any time within this period. + +To create a container type for trial purposes, you can: + +- Use SharePoint Embedded Visual Studio Code Extension to create the container type in just a few steps. The Visual Studio Code extension registers your container type and creates containers for you. +- Use SharePoint PowerShell. You must be a SharePoint Embedded Administrator or Global Administrator to run the following cmdlet. If you're a SharePoint Administrator, grant yourself the SharePoint Embedded Admin role as well to execute these cmdlets. + + ```powershell + New-SPOContainerType [–TrialContainerType] [-ContainerTypeName] [-OwningApplicationId] [-ApplicationRedirectUrl] [] + ``` + +The following restrictions are applied to trial container types: + +- Up to five containers of the container type can be created. This includes active containers and those in the recycle bin. +- Each container has up to 1 GB of storage space. +- The container type expires after 30 days and access to any existing containers of that container type will be removed. +- The developer must permanently delete all containers of an existing container type in trial status to create a new container type for trial. This includes containers in the deleted container collection. +- The container type is restricted to work in the developer tenant. It can't be deployed in other consuming tenants. + +## Standard Container Types (non-trial) + +A standard container type in SharePoint Embedded defines the relationship, access privileges, and billing profile between an application and its containers. It establishes how the application interacts with the containers, including access permissions, and is associated with a billing profile for non-trial purposes. Each tenant can have 25 container types at a time. + +### Billing profile + +SharePoint Embedded is a consumption-based Pay-as-you-go (PAYG) offering meaning you pay only for what you use. SharePoint Embedded provides two billing models that the tenant developing the SharePoint Embedded application can select for respective container types, tailoring it to their unique business requirements. The two billing models are Standard and Pass-through billing. + +### Standard Container Type - with billing profile + +With the standard billing profile, all consumption-based charges are directly billed to the tenant who owns or develops the application. The admin in the developer tenant must establish a valid billing profile when creating a standard container type. + +![Standard](../images/1bill521.png) + +Each developer tenant can create up to five container types consisting of 1 trial container type and 4 standard container types or 5 standard container types. +Standard container types are created using the [New-SPOContainerType](/powershell/module/sharepoint-online/new-spocontainertype) cmdlet. + +You need the following to create a standard container type: + +- Use SharePoint PowerShell. You must be a SharePoint Embedded Administrator or Global Administrator to run this cmdlet. If you're a SharePoint Administrator, grant yourself the SharePoint Embedded Admin role as well to execute these cmdlets. +- An Azure subscription and a resource group must be present in the Azure portal for regular billing. +- An App registration must be created in Microsoft Entra ID. + +To create a standard container type using an Azure billing profile, use the following cmdlets: + +```powershell +New-SPOContainerType [-ContainerTypeName] [-OwningApplicationId] [-ApplicationRedirectUrl] [] +``` + +Once the container type is created, add the Azure billing profile. + +```powershell +Add-SPOContainerTypeBilling –ContainerTypeId -AzureSubscriptionId -ResourceGroup -Region +``` + +> [!NOTE] +> The user or admin who sets up a billing relationship for SharePoint Embedded must have owner or contributor permissions on the Azure subscription. +> +> Every container type must have an owning application. +> +> A single-owning app can only own one container type at a time. +> +> An Azure subscription can be attached to any number of container types. +> +> If the cmdlet above fails with a SubscriptionNotRegistered error, it is because **Microsoft.Syntex** is not registered as a resource provider in the subscription. The cmdlet will send a resource provider registration request on your behalf but it will take a few minutes to be completed. Please wait 5-10 minutes and try again until the cmdlet succeeds. + +### Standard Container Type - pass-through billing + +With pass-through billing, consumption-based charges are billed directly to the tenant registered to use the SharePoint Embedded application (consuming tenant). Admins in the developer tenant don't need to set up an Azure billing profile when creating a pass-through SharePoint Embedded container type. + +![Pass Through](../images/2bill521.png) + +For container types intended to be directly billed to a customer use the flag `-IsPassThroughBilling`. For the direct to customer billed container type, there's no need to attach a billing profile. + +To create a pass through billing, standard container type, use the following cmdlet: + +```powershell +New-SPOContainerType [-ContainerTypeName] [-OwningApplicationId] [-ApplicationRedirectUrl] [-IsPassThroughBilling] [] +``` + +Once the container type is [registered](../getting-started/register-api-documentation.md) in the consuming tenant, the consuming tenant admin (SharePoint Admin or Global Admin) needs to set up the billing profile in the consuming tenant to use the SharePoint Embedded application. + +#### Set Up Billing Profile in Consuming Tenant + +1. In [Microsoft 365 admin center](https://admin.microsoft.com/), select **Setup**, and the view the **Billing and licenses** section. Select **Activate pay-as-you-go services.** + + ![Microsoft 365 admin center Files and Content](../images/SyntexActivatePAYGSetup.png) + +1. Select **Go to Pay as you go services**. +1. Select **Apps** under **Syntex services for**, select **Apps** and **SharePoint Embedded** + + ![Microsoft 365 admin center SharePoint Embedded Billing setting](../images/SyntexPAYGActivateSPE.png) + + > [NOTE] + The subscription configured in the Syntex services will reflect the consuming charges in the Azure billing portal. + +1. [Register the container type](#registering-container-types) using the App only authentication token. + +## Configuring Container Types + +The Developer Admin can set selected settings on the SharePoint Embedded container types created by using this PowerShell cmdlet. + +This cmdlet allows admins to set [Microsoft 365 content discoverability](../development/content-experiences/user-experiences-overview.md) and [sharing](../development/sharing-and-perm.md) settings on container types. The setting applies to all container instances of the container type: + +```powershell +Set-SPOContainerTypeConfiguration -ContainerTypeId 4f0af585-8dcc-0000-223d-661eb2c604e4 -DiscoverabilityDisabled $False +``` + +## Viewing Container Types + +The Developer Admin can view all the SharePoint Embedded container types they created on their tenant using `Get-SPOContainerType`. This cmdlet retrieves and returns the list of container types created for a SharePoint Embedded Application in the tenant. + +```powershell +Get-SPOContainerType [] +``` + +Example output of the `Get-SPOContainerType` cmdlet + +```powershell +ContainerTypeId : 4f0af585-8dcc-0000-223d-661eb2c604e4 +ContainerTypeName : ContosoLegal +OwningApplicationId : a735e4af-b86e-0000-93ba-1faded6c39e1 +Classification : Standard +AzureSubscriptionId : 564e9025-f7f5-xxx9-9ddd-4cdxxxx1755 +ResourceGroup : prod-resources +Region : EastUS +``` + +## Registering Container Types + +To create and interact with containers, you must [register](../getting-started/register-api-documentation.md) the container type within the Consuming Tenant. The owning application defines the permissions for the container type by invoking the [registration API](../getting-started/register-api-documentation.md). + +## Deleting Container Types + +Developer admins can delete both trial and standard container types. To delete a container type, you must first remove all containers of that container type, including from the deleted container collection. To remove containers, refer to [Consuming Tenant Admin](../administration/consuming-tenant-admin/cta.md). +Once all the containers are deleted, Developer admins can delete the container type using `Remove-SPOContainerType`. + +```powershell +Remove-SPOContainerType [-ContainerTypeId ] +``` +## SharePoint Embedded meters + +To learn more about the supported pay-as-you-go meters, refer to the [SharePoint Embedded meters](../administration/billing/meters.md) article. diff --git a/docs/embedded/getting-started/register-api-documentation.md b/docs/embedded/getting-started/register-api-documentation.md new file mode 100644 index 000000000..320893e72 --- /dev/null +++ b/docs/embedded/getting-started/register-api-documentation.md @@ -0,0 +1,175 @@ +--- +title: Register File Storage container Type Application Permissions +description: Register the container type. +ms.date: 03/03/2025 +ms.localizationpriority: high +--- + +# Register file storage container type application permissions + +In order for a SharePoint Embedded application to interact with containers in a consuming tenant, the container type must first be registered in the consuming tenant. Container type registration happens when the owning application invokes the registration API to specify what permissions can be performed against its container type. The registration API also grants access to other Guest Apps to interact with the owning application's containers. For example, a SharePoint Embedded application can grant permissions to another application--a Guest App so that the Guest App can perform backup operations against its containers. + +Since the registration API controls the permissions that a SharePoint Embedded application can perform against the container in the consuming tenant, this call should be one of the first APIs invoked. Failure to do so results in access denied errors when invoking other APIs against the container and/or the content in the containers. + +There are no restrictions on how many times the registration API can be invoked. How often the registration API is invoked and when it's invoked is dependent on the SharePoint Embedded application. However, the last successful call to the registration API determines the settings used in the consuming tenant. + +## Authentication and authorization requirements + +For the container type's owning application to act on a consuming tenant, some pre-requisites must be completed: + +- the owning app must have a service principal installed on the consuming tenant; and +- the owning app must be granted admin consent to perform container type registration in the consuming tenant. + +> [!NOTE] +> Only the owning application of the container type can invoke the registration API in the consuming tenant. + +Both requirements can be satisfied by having a tenant administrator of the consuming tenant [grant admin consent](/entra/identity/enterprise-apps/grant-admin-consent?pivots=portal) to the container type's owning application. + +The container type registration API requires the `Container.Selected` app-only permission for SharePoint (see [Exceptional access patterns](../development/auth.md#exceptional-access-patterns)). You will need to use the [client credentials grant flow](/entra/identity-platform/v2-oauth2-client-creds-grant-flow) and [request a token with a certificate](/entra/identity-platform/v2-oauth2-client-creds-grant-flow#second-case-access-token-request-with-a-certificate) to use the registration API. + +> [!NOTE] +> The registration API is **NOT** a Microsoft Graph API but a SharePoint API. This API will be ported to Microsoft Graph in the future. + +To request admin consent from a tenant administrator in the consuming tenant, you may direct them to the [admin consent endpoint](/entra/identity-platform/v2-admin-consent). For the right endpoints on national clouds, see [Microsoft identity platform endpoints on national clouds](/entra/identity-platform/authentication-national-cloud#microsoft-entra-authentication-endpoints): + +```http +https://login.microsoftonline.com//adminconsent?client_id= +``` + +You may configure the admin consent endpoint to fit your needs, including handling errors and successful grants. For more information, see [Admin consent URI](/entra/identity-platform/v2-admin-consent). + + +## Container type Permissions + +The registration API determines what permissions a SharePoint Embedded application can perform against containers and content in containers for the specified container type. + +| Permission | Description | +| -------------------- | ------------------------------------------------------------------------------------------------------------------ | +| None | Has no permissions to any containers or content of this container type. | +| ReadContent | Can read content of containers of this container type. | +| WriteContent | Can write content to containers for this container type. This permission can't be granted without the ReadContent permission. | +| Create | Can create containers of this container type. | +| Delete | Can delete containers of this container type. | +| Read | Can read the metadata of containers of this container type. | +| Write | Can update the metadata of containers of this container type. | +| EnumeratePermissions | Can enumerate the members of a container and their roles for containers of this container type. | +| AddPermissions | Can add members to the container for containers of this container type. | +| UpdatePermissions | Can update (change roles of) existing memberships in the container for containers of this container type. | +| DeletePermissions | Can delete other members (but not self) from the container for containers of this container type. | +| DeleteOwnPermissions | Can remove own membership from the container for containers of this container type. | +| ManagePermissions | Can add, remove (including self) or update members in the container roles for containers of this container type. | +| Full | Has all permissions for containers of this container type. | + +## HTTP request + +```http +PUT {RootSiteUrl}/_api/v2.1/storageContainerTypes/{containerTypeId}/applicationPermissions +``` + +> [!NOTE] +> This is NOT a Graph API +> +> `{RootSiteURL}` is the SharePoint URL of the consuming tenant. For example, https://contoso.sharepoint.com. + +### Request body + +In the request body, supply a JSON representation of the container type permissions for the SharePoint Embedded applications. + +### Response + +If successful, this method returns a `200 OK` response code and the container type permissions configured for the SharePoint Embedded applications in the response body. + +| HTTP Code | Description | +| :--------: | ----------- | +| 400 | Bad request. | +| 401 | Request lacks valid authentication credentials. | +| 403 | Provided authentication credentials are valid but insufficient to perform the requested operation. Examples: the calling app isn't the owning app of the container type. | +| 404 | Container type doesn't exist. | + +## Examples + +### Register the container type in a consuming tenant with permissions only for the Owning App + +Register the container type in the consuming tenant and grant full permissions to the Owning Application (AppId 71392b2f-1765-406e-86af-5907d9bdb2ab) for Delegated and AppOnly calls. + +#### Request + +```json +PUT {RootSiteUrl}/_api/v2.1/storageContainerTypes/{containerTypeId}/applicationPermissions +Content-Type: application/json + +{ + "value": [ + { + "appId": "71392b2f-1765-406e-86af-5907d9bdb2ab", + "delegated": ["full"], + "appOnly": ["full"] + } + ] +} +``` + +#### Response + +```json +HTTP/1.1 200 OK +Content-type: application/json + +{ + "value": [ + { + "appId": "71392b2f-1765-406e-86af-5907d9bdb2ab", + "delegated": ["full"], + "appOnly": ["full"] + } + ] +} +``` + +### Register the container type in a consuming tenant with permissions for a Guest App + +Register the container type in the consuming tenant and grant full permissions to the Owning Application (AppId 71392b2f-1765-406e-86af-5907d9bdb2ab) for Delegated and AppOnly calls. In addition, grant a Guest App (AppId 89ea5c94-7736-4e25-95ad-3fa95f62b6) read and write permissions only for Delegated calls. + +#### Request + +```json +PUT /storagecontainerTypes/{containerTypeId}/applicationPermissions +Content-Type: application/json + +{ + "value": [ + { + "appId": "71392b2f-1765-406e-86af-5907d9bdb2ab", + "delegated": ["full"], + "appOnly": ["full"] + }, + { + "appId": "89ea5c94-7736-4e25-95ad-3fa95f62b6", + "delegated": ["read", "write"], + "appOnly": ["none"] + } + ] +} +``` + +#### Response + +```json +HTTP/1.1 200 OK +Content-type: application/json + +{ + "value": [ + { + "appId": "71392b2f-1765-406e-86af-5907d9bdb2ab", + "delegated": ["full"], + "appOnly": ["read"] + }, + { + "appId": "89ea5c94-7736-4e25-95ad-3fa95f62b6", + "delegated": ["read", "write"], + "appOnly": ["none"] + } + ] +} +``` diff --git a/docs/embedded/getting-started/spembedded-for-vscode.md b/docs/embedded/getting-started/spembedded-for-vscode.md new file mode 100644 index 000000000..343a842f5 --- /dev/null +++ b/docs/embedded/getting-started/spembedded-for-vscode.md @@ -0,0 +1,176 @@ +--- +title: SharePoint Embedded for Visual Studio Code +description: Installation and getting started with SharePoint Embedded for Visual Studio Code +ms.date: 07/16/2025 +ms.localizationpriority: high +--- + +# SharePoint Embedded for Visual Studio Code + +The SharePoint Embedded Visual Studio Code extension helps developers get started for free with SharePoint Embedded application development. + +> [!IMPORTANT] +> To start building with SharePoint Embedded, you'll need administrative access to a Microsoft 365 tenant. +> If you don't already have a tenant, you can get your own tenant with the [Microsoft 365 Developer Program](https://developer.microsoft.com/microsoft-365/dev-program), [Microsoft Customer Digital Experience](https://cdx.transform.microsoft.com/), or create a free trial of a [Microsoft 365 E3 license](https://www.microsoft.com/microsoft-365/enterprise/microsoft365-plans-and-pricing). + +## Install SharePoint Embedded for Visual Studio Code + +1. Open a new window in [Visual Studio Code](https://code.visualstudio.com/) and navigate to "**Extensions**" on the activity bar. +1. Search "SharePoint Embedded" in the Extensions view. You can also view the extension in [Visual Studio Marketplace](https://marketplace.visualstudio.com/items?itemName=SharepointEmbedded.ms-sharepoint-embedded-vscode-extension). +1. Select **"Install"** and the SharePoint Embedded icon will appear on the activity bar. +1. If already installed, please update to the latest version if one is available. +1. Select the icon to open the SharePoint Embedded view and create a container type with trial configuration. + +![SharePoint Embedded VS Extensions](../images/vsx-images/n1downloadvsx.png) + +### Sign in with admin credentials + +To use the extension, you must sign in to a Microsoft 365 tenant with an administrator account. + +![Install](../images/vsx-images/n2vsx-signin.png) + +- Authentication opens a new tab in an external browser to grant permissions + + ![authorize and authenticate the extension to your M365 Entra tenant](../images/vsx-images/auth-allow-extension-uri.png) + +- Review the requested permissions carefully, then select **Accept** on the pop-up window prompting admin consent + + ![review before consenting to the permissions the extension is asking for](../images/vsx-images/n3vsx-grant-admin-consent.png) + +After successful authorization, select open on the dialog to be redirected to VSCode: + +![authorization completed in browser now redirecting to visual studio code](../images/vsx-images/auth-redirect.png) + +## Create a container type with a trial configuration + +Once signed in, you're prompted to create a [container type with trial configuration](./containertypes.md#trial-container-type). A container type lets you get started calling SharePoint Embedded APIs and building a proof-of-concept application using SharePoint Embedded. Learn more about [container types](containertypes.md). + +![home screen](../images/vsx-images/n4vsx-home-screen.png) + +- Select **Create Trial Container Type** +- Follow the prompts to name your container type. You can change your container type name later on. + +![create container type](../images/vsx-images/n5a-name-ct.png) + +> [!NOTE] +> SharePoint Embedded for Visual Studio Code only supports container types with trial configuration at this time. Other container types with standard or pass-through billing configurations must be created using the SharePoint Online PowerShell Module. + +## Create a Microsoft Entra ID App + +Every container type is owned by a Microsoft Entra ID application. The first step when creating a free trial container type is to create a new or select an existing Microsoft Entra ID application as the owning application. You can either specify the name of your new application or pick one of your existing applications. Learn more about SharePoint Embedded [app architecture](../development/app-architecture.md) + +- Follow the prompts to name your new Entra application or select an existing application ID: + +![Create App](../images/vsx-images/n6aname-app.png) + +> [!NOTE] +> If you choose an existing application, the extension will update that app's configuration settings for it to work with both SharePoint Embedded and this extension. Doing this is NOT recommended on production applications. + +After your container type is created and your application is configured, you'll be able to view your local tenant registration as a tree in the left nav-bar. + +## Register your container type + +After creating your container type, you'll need to register that container type on your local tenant. Learn more about container type [registration](./register-api-documentation.md). + +- Follow the prompts and select **Register on local tenant** on the lower right corner of the VS Code window + + ![local tenant registration popup](../images/vsx-images/local-tenant-registration-popup.png) + +- If you don't see the prompt, you can right-click on your `` and select **Register** from the menu + + ![register](../images/vsx-images/n7aregister-ct.png) + +### Grant permissions + +Review permissions and follow the prompt to grant admin consent + +![grant admin consent popup](../images/vsx-images/auth-grant-admin-consent-popup.png) + +An external browser window will pop open for you to sign-in and grant admin consent + +![login permissions](../images/vsx-images/n9alogin-grant-permissions.png) + +## Create your first container + +With your container type registered, you can now create your first container. Only five containers of container type can be created to upload and manage content. + +- Right-click on the **Containers** drop-down from the tree in the left nav-bar and select **Create container** +- Enter a name for the container you would like to create + +![create container](../images/vsx-images/n10acreate-container.png) +![name container](../images/vsx-images/n11aname-first-cont.png) + +## Recycling Containers + +You can also recycle and recover containers within the extension. + +![recycle containers](../images/vsx-images/n12arecycle-cont.png) + +![final home page](../images/vsx-images/n13a-final-home-page.png) + +## Load Sample App + +With your free trial container type created, you can use the extension to load one of the SharePoint Embedded sample apps and automatically populate the runtime configuration file with the details of your Microsoft Entra ID app and container type. + +![Load Sample App](../images/vsx-images/n15vsxsa-c.png) + +When loading the sample application, you'll be notified that it will create plain text secrets to authenticate on your local machine. + +![sample app plain text secrets notice](../images/vsx-images/sample-app-app-secrets-notice.png) + +If no client secret is found on your application, it will ask if you would like to create one. Press OK to proceed. + +![sample app creating client secret](../images/vsx-images/sample-app-create-client-secret.png) + +> [!IMPORTANT] +> This isn't intended for production environments. [Find out more on how to setup Application Registration for production environments here.](/entra/identity-platform/quickstart-register-app) + +## Using Sample App + +In your terminal, run the following command, this will start the sample application, which consists of 2 parts: + +1. **React Client Application** - The frontend user interface running on port 8080 +1. **Azure Function Application Server** - The backend API server that handles SharePoint Embedded operations + +```console +# Navigate to your sample application directory +cd [your-path]\SharePoint-Embedded-Samples\Samples\spe-typescript-react-azurefunction + +# Install dependencies and start the application +npm run start +``` + +> [!NOTE] +> The initial startup may take a few minutes as dependencies are installed and both applications are built. Wait for both console outputs to appear before navigating to the application. + +This will install the dependencies and run the server and client application, once running, you'll see the following in the terminal, after which you can navigate to http://localhost:8080 to access the application. + +![function api console logs](../images/vsx-images/fn-api-logs.png) + +![client app console logs](../images/vsx-images/client-app-logs.png) + +Once both applications are running successfully: + +1. Open your web browser and navigate to **http://localhost:8080** +1. Sign in using your Microsoft 365 administrator account (the same account used in the VS Code extension) +1. On the home page, select **"Containers"** to begin creating containers and uploading files +1. Follow the on-screen prompts to interact with your SharePoint Embedded containers + +![home-page-for-spe-sample-app](../images/vsx-images/spe-sample-app-home.png) + +> [!IMPORTANT] +> This sample application stores authentication secrets in plain text for development purposes only. Never use this configuration in a production environment. + +### Troubleshooting + +If you encounter issues: + +- **Port already in use**: If port 8080 is already in use, the application will automatically try the next available port +- **Dependencies not installing**: Try running `npm install` manually before `npm run start` +- **Authentication errors**: Ensure your Microsoft Entra ID app is properly configured with the correct redirect URIs + +## Export Postman Environment + +The [SharePoint Embedded Postman Collection](https://github.com/microsoft/SharePoint-Embedded-Samples/tree/main/Postman) allows you to explore and call the SharePoint Embedded APIs. The Collection requires an environment file with variables used for authentication and various identifiers. This extension automates the generation of this populated environment file so you can import it into Postal worker and immediately call the SharePoint Embedded APIs. + +![Export Postman Environment](../images/vsx-images/n14postman-c.png) diff --git a/docs/embedded/images/1bill521.png b/docs/embedded/images/1bill521.png new file mode 100644 index 000000000..6528d71c3 Binary files /dev/null and b/docs/embedded/images/1bill521.png differ diff --git a/docs/embedded/images/2bill521.png b/docs/embedded/images/2bill521.png new file mode 100644 index 000000000..d4dfc162b Binary files /dev/null and b/docs/embedded/images/2bill521.png differ diff --git a/docs/embedded/images/DTCBilling1.png b/docs/embedded/images/DTCBilling1.png new file mode 100644 index 000000000..6a24fa4b5 Binary files /dev/null and b/docs/embedded/images/DTCBilling1.png differ diff --git a/docs/embedded/images/DTCBilling2.png b/docs/embedded/images/DTCBilling2.png new file mode 100644 index 000000000..b4c7318b9 Binary files /dev/null and b/docs/embedded/images/DTCBilling2.png differ diff --git a/docs/embedded/images/Document-Processing.png b/docs/embedded/images/Document-Processing.png new file mode 100644 index 000000000..7982dba53 Binary files /dev/null and b/docs/embedded/images/Document-Processing.png differ diff --git a/docs/embedded/images/SPEAdmin1.png b/docs/embedded/images/SPEAdmin1.png new file mode 100644 index 000000000..87c3a1fa8 Binary files /dev/null and b/docs/embedded/images/SPEAdmin1.png differ diff --git a/docs/embedded/images/SPEAdmin10.png b/docs/embedded/images/SPEAdmin10.png new file mode 100644 index 000000000..9f5feab08 Binary files /dev/null and b/docs/embedded/images/SPEAdmin10.png differ diff --git a/docs/embedded/images/SPEAdmin11.png b/docs/embedded/images/SPEAdmin11.png new file mode 100644 index 000000000..1027fc70a Binary files /dev/null and b/docs/embedded/images/SPEAdmin11.png differ diff --git a/docs/embedded/images/SPEAdmin12.png b/docs/embedded/images/SPEAdmin12.png new file mode 100644 index 000000000..102e0dacf Binary files /dev/null and b/docs/embedded/images/SPEAdmin12.png differ diff --git a/docs/embedded/images/SPEAdmin13.png b/docs/embedded/images/SPEAdmin13.png new file mode 100644 index 000000000..83d556813 Binary files /dev/null and b/docs/embedded/images/SPEAdmin13.png differ diff --git a/docs/embedded/images/SPEAdmin14.png b/docs/embedded/images/SPEAdmin14.png new file mode 100644 index 000000000..dc66703b5 Binary files /dev/null and b/docs/embedded/images/SPEAdmin14.png differ diff --git a/docs/embedded/images/SPEAdmin15.png b/docs/embedded/images/SPEAdmin15.png new file mode 100644 index 000000000..4a3f80cdb Binary files /dev/null and b/docs/embedded/images/SPEAdmin15.png differ diff --git a/docs/embedded/images/SPEAdmin16.png b/docs/embedded/images/SPEAdmin16.png new file mode 100644 index 000000000..03568e615 Binary files /dev/null and b/docs/embedded/images/SPEAdmin16.png differ diff --git a/docs/embedded/images/SPEAdmin2.png b/docs/embedded/images/SPEAdmin2.png new file mode 100644 index 000000000..8be14b0b4 Binary files /dev/null and b/docs/embedded/images/SPEAdmin2.png differ diff --git a/docs/embedded/images/SPEAdmin3.png b/docs/embedded/images/SPEAdmin3.png new file mode 100644 index 000000000..010bf998b Binary files /dev/null and b/docs/embedded/images/SPEAdmin3.png differ diff --git a/docs/embedded/images/SPEAdmin4.png b/docs/embedded/images/SPEAdmin4.png new file mode 100644 index 000000000..26b05d149 Binary files /dev/null and b/docs/embedded/images/SPEAdmin4.png differ diff --git a/docs/embedded/images/SPEAdmin5.png b/docs/embedded/images/SPEAdmin5.png new file mode 100644 index 000000000..b82c2bbfc Binary files /dev/null and b/docs/embedded/images/SPEAdmin5.png differ diff --git a/docs/embedded/images/SPEAdmin6.png b/docs/embedded/images/SPEAdmin6.png new file mode 100644 index 000000000..e80422388 Binary files /dev/null and b/docs/embedded/images/SPEAdmin6.png differ diff --git a/docs/embedded/images/SPEAdmin7.png b/docs/embedded/images/SPEAdmin7.png new file mode 100644 index 000000000..1b97c3acb Binary files /dev/null and b/docs/embedded/images/SPEAdmin7.png differ diff --git a/docs/embedded/images/SPEAdmin8.png b/docs/embedded/images/SPEAdmin8.png new file mode 100644 index 000000000..62cd5b268 Binary files /dev/null and b/docs/embedded/images/SPEAdmin8.png differ diff --git a/docs/embedded/images/SPEAdmin9.png b/docs/embedded/images/SPEAdmin9.png new file mode 100644 index 000000000..08a6f7120 Binary files /dev/null and b/docs/embedded/images/SPEAdmin9.png differ diff --git a/docs/embedded/images/SPEArch.png b/docs/embedded/images/SPEArch.png new file mode 100644 index 000000000..cb0818e3f Binary files /dev/null and b/docs/embedded/images/SPEArch.png differ diff --git a/docs/embedded/images/SPECTDedicated.png b/docs/embedded/images/SPECTDedicated.png new file mode 100644 index 000000000..67b94e68c Binary files /dev/null and b/docs/embedded/images/SPECTDedicated.png differ diff --git a/docs/embedded/images/SPECTShared.png b/docs/embedded/images/SPECTShared.png new file mode 100644 index 000000000..bcc4de7e8 Binary files /dev/null and b/docs/embedded/images/SPECTShared.png differ diff --git a/docs/embedded/images/SharePointEmbeddedToS-1.jpg b/docs/embedded/images/SharePointEmbeddedToS-1.jpg new file mode 100644 index 000000000..03777613c Binary files /dev/null and b/docs/embedded/images/SharePointEmbeddedToS-1.jpg differ diff --git a/docs/embedded/images/SharePointEmbeddedToS-2.jpg b/docs/embedded/images/SharePointEmbeddedToS-2.jpg new file mode 100644 index 000000000..c7196e505 Binary files /dev/null and b/docs/embedded/images/SharePointEmbeddedToS-2.jpg differ diff --git a/docs/embedded/images/SharePointEmbeddedToS-3.jpg b/docs/embedded/images/SharePointEmbeddedToS-3.jpg new file mode 100644 index 000000000..e7fb61050 Binary files /dev/null and b/docs/embedded/images/SharePointEmbeddedToS-3.jpg differ diff --git a/docs/embedded/images/SharePointEmbeddedToS-4.jpg b/docs/embedded/images/SharePointEmbeddedToS-4.jpg new file mode 100644 index 000000000..0d29fbfd4 Binary files /dev/null and b/docs/embedded/images/SharePointEmbeddedToS-4.jpg differ diff --git a/docs/embedded/images/SharePointEmbeddedToS-5.jpg b/docs/embedded/images/SharePointEmbeddedToS-5.jpg new file mode 100644 index 000000000..e09f5cd1c Binary files /dev/null and b/docs/embedded/images/SharePointEmbeddedToS-5.jpg differ diff --git a/docs/embedded/images/SharingPartitions.png b/docs/embedded/images/SharingPartitions.png new file mode 100644 index 000000000..5b3b4bd66 Binary files /dev/null and b/docs/embedded/images/SharingPartitions.png differ diff --git a/docs/embedded/images/SyntexActivatePAYGSetup.png b/docs/embedded/images/SyntexActivatePAYGSetup.png new file mode 100644 index 000000000..00147f57b Binary files /dev/null and b/docs/embedded/images/SyntexActivatePAYGSetup.png differ diff --git a/docs/embedded/images/SyntexPAYGActivateSPE.png b/docs/embedded/images/SyntexPAYGActivateSPE.png new file mode 100644 index 000000000..739a58a47 Binary files /dev/null and b/docs/embedded/images/SyntexPAYGActivateSPE.png differ diff --git a/docs/embedded/images/Using-Webhooks.png b/docs/embedded/images/Using-Webhooks.png new file mode 100644 index 000000000..5d98224cf Binary files /dev/null and b/docs/embedded/images/Using-Webhooks.png differ diff --git a/docs/embedded/images/add-owners-one.png b/docs/embedded/images/add-owners-one.png new file mode 100644 index 000000000..bba134252 Binary files /dev/null and b/docs/embedded/images/add-owners-one.png differ diff --git a/docs/embedded/images/add-owners-two.png b/docs/embedded/images/add-owners-two.png new file mode 100644 index 000000000..fe7af04ed Binary files /dev/null and b/docs/embedded/images/add-owners-two.png differ diff --git a/docs/embedded/images/app-arch.png b/docs/embedded/images/app-arch.png new file mode 100644 index 000000000..0129f6719 Binary files /dev/null and b/docs/embedded/images/app-arch.png differ diff --git a/docs/embedded/images/app-flow7.jpg b/docs/embedded/images/app-flow7.jpg new file mode 100644 index 000000000..cbf6f4801 Binary files /dev/null and b/docs/embedded/images/app-flow7.jpg differ diff --git a/docs/embedded/images/app-registration-console-platform.png b/docs/embedded/images/app-registration-console-platform.png new file mode 100644 index 000000000..177c0bc5a Binary files /dev/null and b/docs/embedded/images/app-registration-console-platform.png differ diff --git a/docs/embedded/images/apparc-1.png b/docs/embedded/images/apparc-1.png new file mode 100644 index 000000000..082e51788 Binary files /dev/null and b/docs/embedded/images/apparc-1.png differ diff --git a/docs/embedded/images/apparc-2.png b/docs/embedded/images/apparc-2.png new file mode 100644 index 000000000..7f8a72df8 Binary files /dev/null and b/docs/embedded/images/apparc-2.png differ diff --git a/docs/embedded/images/apparchexample.png b/docs/embedded/images/apparchexample.png new file mode 100644 index 000000000..f862809ad Binary files /dev/null and b/docs/embedded/images/apparchexample.png differ diff --git a/docs/embedded/images/architecture-overview.png b/docs/embedded/images/architecture-overview.png new file mode 100644 index 000000000..b815cb4cd Binary files /dev/null and b/docs/embedded/images/architecture-overview.png differ diff --git a/docs/embedded/images/billing-1.png b/docs/embedded/images/billing-1.png new file mode 100644 index 000000000..14eb0f29a Binary files /dev/null and b/docs/embedded/images/billing-1.png differ diff --git a/docs/embedded/images/billing-2.png b/docs/embedded/images/billing-2.png new file mode 100644 index 000000000..669b0642a Binary files /dev/null and b/docs/embedded/images/billing-2.png differ diff --git a/docs/embedded/images/billing-manage.png b/docs/embedded/images/billing-manage.png new file mode 100644 index 000000000..014db7f05 Binary files /dev/null and b/docs/embedded/images/billing-manage.png differ diff --git a/docs/embedded/images/billmanag1.png b/docs/embedded/images/billmanag1.png new file mode 100644 index 000000000..bebe7f8b9 Binary files /dev/null and b/docs/embedded/images/billmanag1.png differ diff --git a/docs/embedded/images/billmanag2.png b/docs/embedded/images/billmanag2.png new file mode 100644 index 000000000..1bca53b4f Binary files /dev/null and b/docs/embedded/images/billmanag2.png differ diff --git a/docs/embedded/images/billmanag3.png b/docs/embedded/images/billmanag3.png new file mode 100644 index 000000000..2ac8dd97b Binary files /dev/null and b/docs/embedded/images/billmanag3.png differ diff --git a/docs/embedded/images/ctaux1.png b/docs/embedded/images/ctaux1.png new file mode 100644 index 000000000..c5ff77540 Binary files /dev/null and b/docs/embedded/images/ctaux1.png differ diff --git a/docs/embedded/images/ctaux10.png b/docs/embedded/images/ctaux10.png new file mode 100644 index 000000000..d60b84e5d Binary files /dev/null and b/docs/embedded/images/ctaux10.png differ diff --git a/docs/embedded/images/ctaux11.png b/docs/embedded/images/ctaux11.png new file mode 100644 index 000000000..01dc83bc0 Binary files /dev/null and b/docs/embedded/images/ctaux11.png differ diff --git a/docs/embedded/images/ctaux12.png b/docs/embedded/images/ctaux12.png new file mode 100644 index 000000000..b7f53ffed Binary files /dev/null and b/docs/embedded/images/ctaux12.png differ diff --git a/docs/embedded/images/ctaux13.png b/docs/embedded/images/ctaux13.png new file mode 100644 index 000000000..e77fd7b11 Binary files /dev/null and b/docs/embedded/images/ctaux13.png differ diff --git a/docs/embedded/images/ctaux14.png b/docs/embedded/images/ctaux14.png new file mode 100644 index 000000000..b62786140 Binary files /dev/null and b/docs/embedded/images/ctaux14.png differ diff --git a/docs/embedded/images/ctaux15-n.png b/docs/embedded/images/ctaux15-n.png new file mode 100644 index 000000000..c534fae69 Binary files /dev/null and b/docs/embedded/images/ctaux15-n.png differ diff --git a/docs/embedded/images/ctaux2.png b/docs/embedded/images/ctaux2.png new file mode 100644 index 000000000..3c5dac782 Binary files /dev/null and b/docs/embedded/images/ctaux2.png differ diff --git a/docs/embedded/images/ctaux3.png b/docs/embedded/images/ctaux3.png new file mode 100644 index 000000000..88728dc03 Binary files /dev/null and b/docs/embedded/images/ctaux3.png differ diff --git a/docs/embedded/images/ctaux4.png b/docs/embedded/images/ctaux4.png new file mode 100644 index 000000000..5c06e1b4f Binary files /dev/null and b/docs/embedded/images/ctaux4.png differ diff --git a/docs/embedded/images/ctaux5.png b/docs/embedded/images/ctaux5.png new file mode 100644 index 000000000..4ca1d7238 Binary files /dev/null and b/docs/embedded/images/ctaux5.png differ diff --git a/docs/embedded/images/ctaux6.png b/docs/embedded/images/ctaux6.png new file mode 100644 index 000000000..ab0b73ff8 Binary files /dev/null and b/docs/embedded/images/ctaux6.png differ diff --git a/docs/embedded/images/ctaux7.png b/docs/embedded/images/ctaux7.png new file mode 100644 index 000000000..d5f841cc6 Binary files /dev/null and b/docs/embedded/images/ctaux7.png differ diff --git a/docs/embedded/images/ctaux8.png b/docs/embedded/images/ctaux8.png new file mode 100644 index 000000000..48e3c9b4e Binary files /dev/null and b/docs/embedded/images/ctaux8.png differ diff --git a/docs/embedded/images/ctaux9.png b/docs/embedded/images/ctaux9.png new file mode 100644 index 000000000..233cded62 Binary files /dev/null and b/docs/embedded/images/ctaux9.png differ diff --git a/docs/embedded/images/enable1.png b/docs/embedded/images/enable1.png new file mode 100644 index 000000000..e6f7a30d3 Binary files /dev/null and b/docs/embedded/images/enable1.png differ diff --git a/docs/embedded/images/enable2.png b/docs/embedded/images/enable2.png new file mode 100644 index 000000000..d3bcbbfa2 Binary files /dev/null and b/docs/embedded/images/enable2.png differ diff --git a/docs/embedded/images/enable3.png b/docs/embedded/images/enable3.png new file mode 100644 index 000000000..52f0cd78e Binary files /dev/null and b/docs/embedded/images/enable3.png differ diff --git a/docs/embedded/images/enable4.png b/docs/embedded/images/enable4.png new file mode 100644 index 000000000..3bd2d76ee Binary files /dev/null and b/docs/embedded/images/enable4.png differ diff --git a/docs/embedded/images/enable5.png b/docs/embedded/images/enable5.png new file mode 100644 index 000000000..ec852a6ce Binary files /dev/null and b/docs/embedded/images/enable5.png differ diff --git a/docs/embedded/images/featuretbl.png b/docs/embedded/images/featuretbl.png new file mode 100644 index 000000000..e2cf7c5df Binary files /dev/null and b/docs/embedded/images/featuretbl.png differ diff --git a/docs/embedded/images/filter-on-delete.png b/docs/embedded/images/filter-on-delete.png new file mode 100644 index 000000000..87599873d Binary files /dev/null and b/docs/embedded/images/filter-on-delete.png differ diff --git a/docs/embedded/images/filter.png b/docs/embedded/images/filter.png new file mode 100644 index 000000000..6f1eacbeb Binary files /dev/null and b/docs/embedded/images/filter.png differ diff --git a/docs/embedded/images/itemcount.png b/docs/embedded/images/itemcount.png new file mode 100644 index 000000000..5ceb712fe Binary files /dev/null and b/docs/embedded/images/itemcount.png differ diff --git a/docs/embedded/images/ngrok-registration.png b/docs/embedded/images/ngrok-registration.png new file mode 100644 index 000000000..86c133609 Binary files /dev/null and b/docs/embedded/images/ngrok-registration.png differ diff --git a/docs/embedded/images/office1.png b/docs/embedded/images/office1.png new file mode 100644 index 000000000..8ff7d3ba9 Binary files /dev/null and b/docs/embedded/images/office1.png differ diff --git a/docs/embedded/images/office2.png b/docs/embedded/images/office2.png new file mode 100644 index 000000000..3753f7c67 Binary files /dev/null and b/docs/embedded/images/office2.png differ diff --git a/docs/embedded/images/raasflow.png b/docs/embedded/images/raasflow.png new file mode 100644 index 000000000..a23fd1eff Binary files /dev/null and b/docs/embedded/images/raasflow.png differ diff --git a/docs/embedded/images/raaspic2.png b/docs/embedded/images/raaspic2.png new file mode 100644 index 000000000..bd77feabc Binary files /dev/null and b/docs/embedded/images/raaspic2.png differ diff --git a/docs/embedded/images/reassign-user.png b/docs/embedded/images/reassign-user.png new file mode 100644 index 000000000..5ae1447ed Binary files /dev/null and b/docs/embedded/images/reassign-user.png differ diff --git a/docs/embedded/images/remove-user.png b/docs/embedded/images/remove-user.png new file mode 100644 index 000000000..ffa8d357a Binary files /dev/null and b/docs/embedded/images/remove-user.png differ diff --git a/docs/embedded/images/sc1.png b/docs/embedded/images/sc1.png new file mode 100644 index 000000000..7e284f0a5 Binary files /dev/null and b/docs/embedded/images/sc1.png differ diff --git a/docs/embedded/images/sc2.png b/docs/embedded/images/sc2.png new file mode 100644 index 000000000..f621f6df3 Binary files /dev/null and b/docs/embedded/images/sc2.png differ diff --git a/docs/embedded/images/sc3.png b/docs/embedded/images/sc3.png new file mode 100644 index 000000000..62e1623f4 Binary files /dev/null and b/docs/embedded/images/sc3.png differ diff --git a/docs/embedded/images/sc4.png b/docs/embedded/images/sc4.png new file mode 100644 index 000000000..285aa9dad Binary files /dev/null and b/docs/embedded/images/sc4.png differ diff --git a/docs/embedded/images/sc5.png b/docs/embedded/images/sc5.png new file mode 100644 index 000000000..5fb5d3ae5 Binary files /dev/null and b/docs/embedded/images/sc5.png differ diff --git a/docs/embedded/images/sc6.png b/docs/embedded/images/sc6.png new file mode 100644 index 000000000..98fc406ed Binary files /dev/null and b/docs/embedded/images/sc6.png differ diff --git a/docs/embedded/images/sc7.png b/docs/embedded/images/sc7.png new file mode 100644 index 000000000..fb4038ad6 Binary files /dev/null and b/docs/embedded/images/sc7.png differ diff --git a/docs/embedded/images/search.png b/docs/embedded/images/search.png new file mode 100644 index 000000000..02c1c3ffc Binary files /dev/null and b/docs/embedded/images/search.png differ diff --git a/docs/embedded/images/sensitivity-label.png b/docs/embedded/images/sensitivity-label.png new file mode 100644 index 000000000..5180a30a0 Binary files /dev/null and b/docs/embedded/images/sensitivity-label.png differ diff --git a/docs/embedded/images/sorting-on-deleted.png b/docs/embedded/images/sorting-on-deleted.png new file mode 100644 index 000000000..961e81d55 Binary files /dev/null and b/docs/embedded/images/sorting-on-deleted.png differ diff --git a/docs/embedded/images/sorting.png b/docs/embedded/images/sorting.png new file mode 100644 index 000000000..3f495f85c Binary files /dev/null and b/docs/embedded/images/sorting.png differ diff --git a/docs/embedded/images/spe-vscode-marketplace.png b/docs/embedded/images/spe-vscode-marketplace.png new file mode 100644 index 000000000..ac9a383b6 Binary files /dev/null and b/docs/embedded/images/spe-vscode-marketplace.png differ diff --git a/docs/embedded/images/speco-apparch.png b/docs/embedded/images/speco-apparch.png new file mode 100644 index 000000000..ec05874da Binary files /dev/null and b/docs/embedded/images/speco-apparch.png differ diff --git a/docs/embedded/images/speco-appscopingvenn.png b/docs/embedded/images/speco-appscopingvenn.png new file mode 100644 index 000000000..d5727486a Binary files /dev/null and b/docs/embedded/images/speco-appscopingvenn.png differ diff --git a/docs/embedded/images/speco-bound.png b/docs/embedded/images/speco-bound.png new file mode 100644 index 000000000..8f3cff455 Binary files /dev/null and b/docs/embedded/images/speco-bound.png differ diff --git a/docs/embedded/images/speco-cloneproject.png b/docs/embedded/images/speco-cloneproject.png new file mode 100644 index 000000000..4573bdc74 Binary files /dev/null and b/docs/embedded/images/speco-cloneproject.png differ diff --git a/docs/embedded/images/speco-createappsecret.png b/docs/embedded/images/speco-createappsecret.png new file mode 100644 index 000000000..b283b8259 Binary files /dev/null and b/docs/embedded/images/speco-createappsecret.png differ diff --git a/docs/embedded/images/speco-createclientsecret.png b/docs/embedded/images/speco-createclientsecret.png new file mode 100644 index 000000000..37cf20e57 Binary files /dev/null and b/docs/embedded/images/speco-createclientsecret.png differ diff --git a/docs/embedded/images/speco-createcontosocontainer2.png b/docs/embedded/images/speco-createcontosocontainer2.png new file mode 100644 index 000000000..995cd7f88 Binary files /dev/null and b/docs/embedded/images/speco-createcontosocontainer2.png differ diff --git a/docs/embedded/images/speco-createdcontainer.png b/docs/embedded/images/speco-createdcontainer.png new file mode 100644 index 000000000..e429321c4 Binary files /dev/null and b/docs/embedded/images/speco-createdcontainer.png differ diff --git a/docs/embedded/images/speco-feedbackcombined.png b/docs/embedded/images/speco-feedbackcombined.png new file mode 100644 index 000000000..c3d95ef63 Binary files /dev/null and b/docs/embedded/images/speco-feedbackcombined.png differ diff --git a/docs/embedded/images/speco-feedbackmodal.png b/docs/embedded/images/speco-feedbackmodal.png new file mode 100644 index 000000000..ef3b9ab51 Binary files /dev/null and b/docs/embedded/images/speco-feedbackmodal.png differ diff --git a/docs/embedded/images/speco-feedbackthumbsdown.png b/docs/embedded/images/speco-feedbackthumbsdown.png new file mode 100644 index 000000000..d9e3bd0f5 Binary files /dev/null and b/docs/embedded/images/speco-feedbackthumbsdown.png differ diff --git a/docs/embedded/images/speco-ragai.png b/docs/embedded/images/speco-ragai.png new file mode 100644 index 000000000..28b3f3eac Binary files /dev/null and b/docs/embedded/images/speco-ragai.png differ diff --git a/docs/embedded/images/speco-ragm365.png b/docs/embedded/images/speco-ragm365.png new file mode 100644 index 000000000..17a016ff8 Binary files /dev/null and b/docs/embedded/images/speco-ragm365.png differ diff --git a/docs/embedded/images/speco-ragquery.png b/docs/embedded/images/speco-ragquery.png new file mode 100644 index 000000000..b8a52311b Binary files /dev/null and b/docs/embedded/images/speco-ragquery.png differ diff --git a/docs/embedded/images/speco-reacttypescripthomepage.png b/docs/embedded/images/speco-reacttypescripthomepage.png new file mode 100644 index 000000000..b25861791 Binary files /dev/null and b/docs/embedded/images/speco-reacttypescripthomepage.png differ diff --git a/docs/embedded/images/speco-runnpmrunstart.png b/docs/embedded/images/speco-runnpmrunstart.png new file mode 100644 index 000000000..1f26f6395 Binary files /dev/null and b/docs/embedded/images/speco-runnpmrunstart.png differ diff --git a/docs/embedded/images/speco-runsampleapp.png b/docs/embedded/images/speco-runsampleapp.png new file mode 100644 index 000000000..3d3341eaf Binary files /dev/null and b/docs/embedded/images/speco-runsampleapp.png differ diff --git a/docs/embedded/images/speco-setshowsidebartrue.png b/docs/embedded/images/speco-setshowsidebartrue.png new file mode 100644 index 000000000..2b73eac96 Binary files /dev/null and b/docs/embedded/images/speco-setshowsidebartrue.png differ diff --git a/docs/embedded/images/speco-spechatenabled.png b/docs/embedded/images/speco-spechatenabled.png new file mode 100644 index 000000000..87f35bb1b Binary files /dev/null and b/docs/embedded/images/speco-spechatenabled.png differ diff --git a/docs/embedded/images/speco-uncommentchatsidebar.png b/docs/embedded/images/speco-uncommentchatsidebar.png new file mode 100644 index 000000000..ccc7cfd46 Binary files /dev/null and b/docs/embedded/images/speco-uncommentchatsidebar.png differ diff --git a/docs/embedded/images/speco-vscodeclonedproject.png b/docs/embedded/images/speco-vscodeclonedproject.png new file mode 100644 index 000000000..c88e78db4 Binary files /dev/null and b/docs/embedded/images/speco-vscodeclonedproject.png differ diff --git a/docs/embedded/images/speco-vscodeextensiondisablediscovery.png b/docs/embedded/images/speco-vscodeextensiondisablediscovery.png new file mode 100644 index 000000000..d1c9d63d2 Binary files /dev/null and b/docs/embedded/images/speco-vscodeextensiondisablediscovery.png differ diff --git a/docs/embedded/images/vscodeconsentperms.png b/docs/embedded/images/vscodeconsentperms.png new file mode 100644 index 000000000..05d708775 Binary files /dev/null and b/docs/embedded/images/vscodeconsentperms.png differ diff --git a/docs/embedded/images/vscodecontcreate.png b/docs/embedded/images/vscodecontcreate.png new file mode 100644 index 000000000..df87b340f Binary files /dev/null and b/docs/embedded/images/vscodecontcreate.png differ diff --git a/docs/embedded/images/vscodecontname.png b/docs/embedded/images/vscodecontname.png new file mode 100644 index 000000000..9b2c6d17a Binary files /dev/null and b/docs/embedded/images/vscodecontname.png differ diff --git a/docs/embedded/images/vscodeinstall.png b/docs/embedded/images/vscodeinstall.png new file mode 100644 index 000000000..68ea5d36c Binary files /dev/null and b/docs/embedded/images/vscodeinstall.png differ diff --git a/docs/embedded/images/vscodelaunch.png b/docs/embedded/images/vscodelaunch.png new file mode 100644 index 000000000..50ada3175 Binary files /dev/null and b/docs/embedded/images/vscodelaunch.png differ diff --git a/docs/embedded/images/vscodelogin.png b/docs/embedded/images/vscodelogin.png new file mode 100644 index 000000000..b6921c523 Binary files /dev/null and b/docs/embedded/images/vscodelogin.png differ diff --git a/docs/embedded/images/vscoderegister.png b/docs/embedded/images/vscoderegister.png new file mode 100644 index 000000000..5cfb6fb43 Binary files /dev/null and b/docs/embedded/images/vscoderegister.png differ diff --git a/docs/embedded/images/vscodetree.png b/docs/embedded/images/vscodetree.png new file mode 100644 index 000000000..3d7337b18 Binary files /dev/null and b/docs/embedded/images/vscodetree.png differ diff --git a/docs/embedded/images/vsx-images/auth-allow-extension-uri.png b/docs/embedded/images/vsx-images/auth-allow-extension-uri.png new file mode 100644 index 000000000..f71029396 Binary files /dev/null and b/docs/embedded/images/vsx-images/auth-allow-extension-uri.png differ diff --git a/docs/embedded/images/vsx-images/auth-grant-admin-consent-popup.png b/docs/embedded/images/vsx-images/auth-grant-admin-consent-popup.png new file mode 100644 index 000000000..a8b8485e7 Binary files /dev/null and b/docs/embedded/images/vsx-images/auth-grant-admin-consent-popup.png differ diff --git a/docs/embedded/images/vsx-images/auth-redirect.png b/docs/embedded/images/vsx-images/auth-redirect.png new file mode 100644 index 000000000..ee09cc6bb Binary files /dev/null and b/docs/embedded/images/vsx-images/auth-redirect.png differ diff --git a/docs/embedded/images/vsx-images/client-app-logs.png b/docs/embedded/images/vsx-images/client-app-logs.png new file mode 100644 index 000000000..61c81ce0f Binary files /dev/null and b/docs/embedded/images/vsx-images/client-app-logs.png differ diff --git a/docs/embedded/images/vsx-images/fn-api-logs.png b/docs/embedded/images/vsx-images/fn-api-logs.png new file mode 100644 index 000000000..dc0263c40 Binary files /dev/null and b/docs/embedded/images/vsx-images/fn-api-logs.png differ diff --git a/docs/embedded/images/vsx-images/local-tenant-registration-popup.png b/docs/embedded/images/vsx-images/local-tenant-registration-popup.png new file mode 100644 index 000000000..e233afcf7 Binary files /dev/null and b/docs/embedded/images/vsx-images/local-tenant-registration-popup.png differ diff --git a/docs/embedded/images/vsx-images/n10acreate-container.png b/docs/embedded/images/vsx-images/n10acreate-container.png new file mode 100644 index 000000000..6be23f1cc Binary files /dev/null and b/docs/embedded/images/vsx-images/n10acreate-container.png differ diff --git a/docs/embedded/images/vsx-images/n11aname-first-cont.png b/docs/embedded/images/vsx-images/n11aname-first-cont.png new file mode 100644 index 000000000..3a184eb9c Binary files /dev/null and b/docs/embedded/images/vsx-images/n11aname-first-cont.png differ diff --git a/docs/embedded/images/vsx-images/n12arecycle-cont.png b/docs/embedded/images/vsx-images/n12arecycle-cont.png new file mode 100644 index 000000000..6c26b1b20 Binary files /dev/null and b/docs/embedded/images/vsx-images/n12arecycle-cont.png differ diff --git a/docs/embedded/images/vsx-images/n13a-final-home-page.png b/docs/embedded/images/vsx-images/n13a-final-home-page.png new file mode 100644 index 000000000..bb77e35ed Binary files /dev/null and b/docs/embedded/images/vsx-images/n13a-final-home-page.png differ diff --git a/docs/embedded/images/vsx-images/n14postman-c.png b/docs/embedded/images/vsx-images/n14postman-c.png new file mode 100644 index 000000000..86d9b8a80 Binary files /dev/null and b/docs/embedded/images/vsx-images/n14postman-c.png differ diff --git a/docs/embedded/images/vsx-images/n15vsxsa-c.png b/docs/embedded/images/vsx-images/n15vsxsa-c.png new file mode 100644 index 000000000..6391443a2 Binary files /dev/null and b/docs/embedded/images/vsx-images/n15vsxsa-c.png differ diff --git a/docs/embedded/images/vsx-images/n1downloadvsx.png b/docs/embedded/images/vsx-images/n1downloadvsx.png new file mode 100644 index 000000000..94229faf7 Binary files /dev/null and b/docs/embedded/images/vsx-images/n1downloadvsx.png differ diff --git a/docs/embedded/images/vsx-images/n2vsx-signin.png b/docs/embedded/images/vsx-images/n2vsx-signin.png new file mode 100644 index 000000000..fa78d61e6 Binary files /dev/null and b/docs/embedded/images/vsx-images/n2vsx-signin.png differ diff --git a/docs/embedded/images/vsx-images/n3vsx-grant-admin-consent.png b/docs/embedded/images/vsx-images/n3vsx-grant-admin-consent.png new file mode 100644 index 000000000..c6cfd5cdc Binary files /dev/null and b/docs/embedded/images/vsx-images/n3vsx-grant-admin-consent.png differ diff --git a/docs/embedded/images/vsx-images/n4vsx-home-screen.png b/docs/embedded/images/vsx-images/n4vsx-home-screen.png new file mode 100644 index 000000000..6b9a85cae Binary files /dev/null and b/docs/embedded/images/vsx-images/n4vsx-home-screen.png differ diff --git a/docs/embedded/images/vsx-images/n5a-name-ct.png b/docs/embedded/images/vsx-images/n5a-name-ct.png new file mode 100644 index 000000000..aca25d3a8 Binary files /dev/null and b/docs/embedded/images/vsx-images/n5a-name-ct.png differ diff --git a/docs/embedded/images/vsx-images/n6aname-app.png b/docs/embedded/images/vsx-images/n6aname-app.png new file mode 100644 index 000000000..d58360b2a Binary files /dev/null and b/docs/embedded/images/vsx-images/n6aname-app.png differ diff --git a/docs/embedded/images/vsx-images/n7aregister-ct.png b/docs/embedded/images/vsx-images/n7aregister-ct.png new file mode 100644 index 000000000..9ae83ca19 Binary files /dev/null and b/docs/embedded/images/vsx-images/n7aregister-ct.png differ diff --git a/docs/embedded/images/vsx-images/n9alogin-grant-permissions.png b/docs/embedded/images/vsx-images/n9alogin-grant-permissions.png new file mode 100644 index 000000000..a5cdd7fe2 Binary files /dev/null and b/docs/embedded/images/vsx-images/n9alogin-grant-permissions.png differ diff --git a/docs/embedded/images/vsx-images/sample-app-app-secrets-notice.png b/docs/embedded/images/vsx-images/sample-app-app-secrets-notice.png new file mode 100644 index 000000000..1ade7d0fb Binary files /dev/null and b/docs/embedded/images/vsx-images/sample-app-app-secrets-notice.png differ diff --git a/docs/embedded/images/vsx-images/sample-app-create-client-secret.png b/docs/embedded/images/vsx-images/sample-app-create-client-secret.png new file mode 100644 index 000000000..2bddaef4f Binary files /dev/null and b/docs/embedded/images/vsx-images/sample-app-create-client-secret.png differ diff --git a/docs/embedded/images/vsx-images/spe-sample-app-home.png b/docs/embedded/images/vsx-images/spe-sample-app-home.png new file mode 100644 index 000000000..575c8da11 Binary files /dev/null and b/docs/embedded/images/vsx-images/spe-sample-app-home.png differ diff --git a/docs/embedded/overview.md b/docs/embedded/overview.md new file mode 100644 index 000000000..9f707d52e --- /dev/null +++ b/docs/embedded/overview.md @@ -0,0 +1,72 @@ +--- +title: SharePoint Embedded Overview +description: Microsoft SharePoint Embedded is a cloud-based file and document management system suitable for use in any application. SharePoint Embedded is a new API-only solution that enables app developers to harness the power of the Microsoft 365 file and document storage platform for any app, and is suitable for enterprises building line-of-business applications and ISVs building multitenant applications. +ms.date: 08/17/2024 +ms.localizationpriority: high +--- + +# Overview of SharePoint Embedded + +Microsoft SharePoint Embedded is a cloud-based file and document management system suitable for use in any application. SharePoint Embedded is a new API-only solution that enables app developers to harness the power of the Microsoft 365 file and document storage platform for any app, and is suitable for enterprises building line-of-business applications and ISVs building multitenant applications. + +SharePoint Embedded allows you to integrate advanced Microsoft 365 features into your apps including full-featured collaborative functions from Office, Purview's security and compliance tools, and Copilot capabilities. + +> [!IMPORTANT] +> Help us shape the future of SharePoint Embedded! +> Take our [quick survey](https://forms.microsoft.com/r/1YpGd2pAUS) and share your experience! + +## App documents stay in their Microsoft 365 tenant + +When a consumer uses a SharePoint Embedded application in their Microsoft 365 tenant, SharePoint Embedded creates another partition within their tenant. This storage partition doesn't have a user experience and the documents in the partition are only accessible via APIs. This means that all documents will be accessible to the developer’s application, but the documents will only reside in the consumer’s Microsoft 365 tenant. Within this new storage partition inside of a Microsoft 365 tenant, a SharePoint Embedded application can create many "File Storage Containers" for storing content. + +## Introducing File Storage Containers + +SharePoint Embedded applications use Microsoft Graph APIs to store files and documents in a new entity called a "File Storage Container” or Container for short.  If you’re an ISV, your app will create these containers in your customer’s Microsoft 365 tenant, and if you’re an enterprise, your app will create these containers in your own tenant. Each container provides a place to store files - you can think of them as similar to an API-only Document Library in SharePoint, but with some slight differences. Your app can create many of these containers inside each tenant that uses your app, and each container can be granted permissions separately storing many files with multiple terabytes of content. + +SharePoint Embedded containers are dedicated to and accessible by just your app, so the files and documents your app depends on are isolated and secure within that tenant boundary. + +## App-managed content experiences + +By default, the content stored within a Microsoft 365 tenant by a SharePoint Embedded application is only accessible through that owning application. Applications using SharePoint Embedded also provide the user experience layer for accessing and managing content, using some of the rich content capabilities that Microsoft 365 offers such as: + +- Core content management features like support for any file type and folder structure, searching, sharing, automatic versioning, recycle-bin, and more +- Collaboration features like view, edit, and co-authoring Office Word, Excel, and PowerPoint documents in Office Web and Desktop + +SharePoint Embedded is used by several types of applications: + +- Certain Microsoft products use SharePoint Embedded to manage customer content, such as Loop and Designer. +- ISVs can use SharePoint Embedded in their apps to manage content within their customer’s Microsoft 365 tenant +- Enterprises can use SharePoint Embedded to manage and store content within their own Microsoft 365 tenant, but outside of regular Microsoft 365 entitlements + +## Consumer Microsoft 365 settings apply to app documents + +All documents stored in the SharePoint partition created by the SharePoint Embedded app are in the consumer’s Microsoft 365 tenant and therefore are subject to the consumer’s Microsoft 365 tenant settings. + +This includes settings from Microsoft Purview compliance, risk, and security settings, documents can be opened from Office clients, and customers can use the Office web clients to view and collaborate on the documents. Choosing applications that are built on SharePoint Embedded provides the app consumer Microsoft Purview security and compliance capabilities on that app content, such as: + +- eDiscovery +- Auditing +- Data loss prevention (DLP) +- Retention policies, sensitivity labels, conditional access + +## Understanding the costs and billing for SharePoint Embedded content + +Microsoft 365 customers have different entitlements related to storage, usage, and features depending on the licenses the customer has purchased. + +The partition created in the consumer’s Microsoft 365 tenant by a SharePoint Embedded app doesn’t count towards other Microsoft 365 entitlements including the total amount of Microsoft SharePoint storage that can be used by your organization. Instead, the partition in the consumer’s Microsoft 365 tenant by the SharePoint Embedded app are billed separately through an Azure subscription on a pay-as-you-go metered consumption model that’s based on total storage and the number of API calls. + +> [!NOTE] +> Learn more about billing for SharePoint Embedded, see [Billing Meters](./administration/billing/meters.md). + +## Get Started with SharePoint Embedded + +[Review the prerequisites](./administration/billing/billing.md) + +Create a "File Storage Container" in 15 minutes or less: + +- [Free trial: SharePoint Embedded for Visual Studio Code](./getting-started/spembedded-for-vscode.md) + +Follow manual set-up on SharePoint Embedded from the following Microsoft Learning modules: + +- [Microsoft Learning: SharePoint Embedded - overview & configuration](/training/modules/sharepoint-embedded-setup) +- [Microsoft Learning: SharePoint Embedded - building applications](/training/modules/sharepoint-embedded-create-app) diff --git a/docs/embedded/scenarios-and-use-cases.md b/docs/embedded/scenarios-and-use-cases.md new file mode 100644 index 000000000..2c199f287 --- /dev/null +++ b/docs/embedded/scenarios-and-use-cases.md @@ -0,0 +1,71 @@ +--- +title: Scenarios and Use Cases +description: Scenarios and Use Cases for SharePoint Embedded +ms.date: 05/21/2024 +ms.localizationpriority: high +--- + +# Scenarios and use cases for SharePoint Embedded + +Use these example scenarios to prompt ideas about how custom applications can use SharePoint Embedded. + +> [!NOTE] +> This article is not intended to be an exhaustive list of all SharePoint Embedded features and scenarios. The intention is that these scenarios are contextualized examples of how combinations of features can be used. + +## Scenario: Structured user experience + +### Description + +Where your application requires a guided user experience to make users work in a structured way, rather than the flexible experience of SharePoint. + +Where your application is enabling a business-critical or time sensitive process, use the dedicated resource allocation of SharePoint Embedded to simplify management of throttling. + +### Examples + +- Extended Relationship Management (XRM) applications +- Engagement-based applications +- Workflow-based collaboration, with defined state + +### Why use SharePoint Embedded instead of SharePoint? + +- Your application is the only user interface, allowing you to create a prescriptive user experience +- Resources are separate from your Microsoft 365 entitlements– allowing for simpler resource management. + +## Scenario: Highly controlled collaboration + +### Description + +When building applications on top of SharePoint, it will still be possible for a user with permissions to navigate to the underlying site. Based on their permission level, a user might complete actions in the SharePoint interface that weren't intended by your application, for example changing site settings. These actions might have unintended consequences for your application or content. + +Because SharePoint Embedded is headless, there's no user interface other than what is provided by your custom application. If you don't supply a method to change content or settings through your application, then it won’t be possible for a user to circumvent this through SharePoint. You have the choice for which collaborative features are available in your application, for example sharing. + +### Examples + +- Deal room applications +- Shared research environments + +### Why use SharePoint Embedded instead of SharePoint? + +- You need the collaborative capabilities of SharePoint, only via a highly customized user interface +- You're handling high-value content, where you want to manage risk by removing abilities for a user to discover or alter the content repository +- All containers for the application can share default sharing settings that are separate from your OneDrive and SharePoint settings +- Content is logically separated from other Microsoft 365 content + +## Scenario: Customer facing document upload + +### Description + +Your application is aimed at an end customer, either within your organization or externally, who needs to upload a file as part of their interaction. You require a simplified end-user experience in your custom application, along with the Microsoft 365 capabilities of document storage and compliance. + +Using SharePoint Embedded will support this scenario, while not requiring the users of your application to have access or entitlement to your Microsoft 365 tenant. + +### Examples + +- Applying evidence to mortgage application +- Identity document verification + +### Why use SharePoint Embedded instead of SharePoint? + +- It's critical to segregate this data from the rest of your Microsoft 365 storage, while still being in scope for compliance tools like eDiscovery +- No Microsoft 365 licensing is required for users, or the use of external users in SharePoint +- Containers offer a simple, flexible unit of data storage diff --git a/docs/embedded/whats-new.md b/docs/embedded/whats-new.md new file mode 100644 index 000000000..4a0ba7af0 --- /dev/null +++ b/docs/embedded/whats-new.md @@ -0,0 +1,19 @@ +--- +title: What's new in SharePoint Embedded? +description: Updates about Microsoft SharePoint Embedded. +ms.date: 06/23/2025 +ms.localizationpriority: medium +--- + +# What's new in SharePoint Embedded + +## June 2025 + +- The `CopilotEmbeddedChatHosts` container type setting is now required to use [SharePoint Embedded agent](./development/declarative-agent/spe-da-adv.md#csp-policies). It must be set by the application owner via [`Set-SPOContainerTypeConfiguration`](/powershell/module/sharepoint-online/set-spocontainertypeconfiguration) and can optionally be overridden by consuming tenant administrators via [`Set-SPOApplication`](/powershell/module/SharePoint-online/set-spoapplication). + +## May 2025 + +- The limit of container types that a partner tenant can create has been increased to 25 by default. See [Limits and Calling Patterns](./development/limits-calling.md#size-limits). +- SharePoint Embedded agent switched to a consumption-based model for all users regardless of whether they have a Copilot license or not. See [SharePoint Embedded agent](./development/declarative-agent/spe-da.md). +- The guidance on how to grant admin consent to a SharePoint Embedded application has been updated to use URL-based admin consent. See [Authentication and authorization](./development/auth.md#whats-next). +- Documented an exceptional access pattern for operations that may require a user license. See [Authentication and authorization](./development/auth.md#operations-that-require-a-user-license). diff --git a/docs/features/hub-site/create-hub-site-with-powershell.md b/docs/features/hub-site/create-hub-site-with-powershell.md index f418d6ba9..16c183783 100644 --- a/docs/features/hub-site/create-hub-site-with-powershell.md +++ b/docs/features/hub-site/create-hub-site-with-powershell.md @@ -1,13 +1,14 @@ --- title: Create SharePoint hub sites using PowerShell description: Example code for creating a SharePoint hub site by using PowerShell. -ms.date: 08/24/2022 +ms.date: 04/23/2025 ms.localizationpriority: high --- # Create SharePoint hub sites by using PowerShell If you're a global or SharePoint admin in Office 365, you can convert any existing site to a hub site by using Microsoft PowerShell. In this example, you'll learn how to create a SharePoint hub site and to associate another site with it. In this scenario, you are setting up sites for the Contoso marketing department: + - You will create a hub site that all other marketing sites will be associated with. - You will then specify settings and permissions for the hub site. - Finally, you will create a second site and associate it with the hub site. @@ -28,10 +29,10 @@ The samples below can be performed using [PnP PowerShell](https://www.powershell First, we will create the marketing site that will serve as a hub site that other sites can associate with. The intent is that any sites that are marketing-oriented will be part of the hub site. This applies common navigation and branding across the associated sites, enables team members to search across all the sites associated with the single hub site, and takes advantage of other hub site features. -1. Connect to the SharePoint Online Admin center using: +1. Connect to the SharePoint Online Admin center using interactive login and [registered Azure AD (Entra ID)](https://pnp.github.io/powershell/articles/registerapplication.html) application: ```powershell - Connect-PnPOnline -Url https://contoso-admin.sharepoint.com -UseWebLogin + Connect-PnPOnline -Url https://contoso-admin.sharepoint.com -Interactive -ClientId ``` 1. Create the site to be used as a hub site using the [New-PnPSite](https://pnp.github.io/powershell/cmdlets/New-PnPSite.html) cmdlet: diff --git a/docs/features/hub-site/hub-site-o365cli.md b/docs/features/hub-site/hub-site-o365cli.md index b8dd5d991..2ecea1787 100644 --- a/docs/features/hub-site/hub-site-o365cli.md +++ b/docs/features/hub-site/hub-site-o365cli.md @@ -1,7 +1,7 @@ --- title: CLI for Microsoft 365 commands for SharePoint hub sites description: Use CLI for Microsoft 365 to create and manage SharePoint hub sites. -ms.date: 06/28/2022 +ms.date: 06/27/2024 ms.localizationpriority: high --- @@ -17,7 +17,7 @@ To run the CLI for Microsoft 365 commands, you'll need to do the following: 1. Download and install [NodeJS LTS version](https://nodejs.org/en/) 1. Follow the instructions at [Installing the CLI](https://pnp.github.io/cli-microsoft365/user-guide/installing-cli/) to install the CLI for Microsoft 365 on your machine -1. Follow the instructions at [Logging in to Office 365](https://pnp.github.io/cli-microsoft365/user-guide/connecting-office-365/) to connect to your SharePoint tenant. +1. Follow the instructions at [Logging in to Office 365](https://pnp.github.io/cli-microsoft365/user-guide/connecting-microsoft-365) to connect to your SharePoint tenant. To verify your setup and connection, try using the [hubsite list](https://pnp.github.io/cli-microsoft365/cmd/spo/hubsite/hubsite-list/) command to list the current hub sites. If the cmdlet runs and returns with no errors, you're ready to proceed. diff --git a/docs/features/site-footer.md b/docs/features/site-footer.md index 80bec7f03..eb1d37583 100644 --- a/docs/features/site-footer.md +++ b/docs/features/site-footer.md @@ -1,7 +1,7 @@ --- title: Overview of the SharePoint Site footer description: SharePoint Site footers can be used to show a logo or set of links/labels in a modern SharePoint site. They can be configured using the UI settings or by using APIs. -ms.date: 07/14/2022 +ms.date: 09/24/2023 ms.localizationpriority: high --- @@ -35,7 +35,7 @@ Set-PnPFooter -Enabled:$true # for enabling the footer ``` > [!NOTE] -> Above PowerShell scripts assumes that you have already installed PnP PowerShell cmdlets for your environment and you are not using multi-factor authentication. You can install PnP PowerShell cmdlets to your computer by opening PowerShell console in administrative mode and executing following command: `Install-Module SharePointPnPPowerShellOnline`. If you are using multi-factor authentication, you can enable MFA login by updating the `Connect-PnPOnline` line as follows: `Connect-PnPOnline -Url "" -UseWebLogin`. +> Above PowerShell scripts assumes that you have already installed PnP PowerShell cmdlets for your environment and you are not using multi-factor authentication. You can install PnP PowerShell cmdlets to your computer by opening PowerShell console in administrative mode and executing following command: `Install-Module PnP.PowerShell -Scope CurrentUser`. If you are using multi-factor authentication, you can enable MFA login by updating the `Connect-PnPOnline` line as follows: `Connect-PnPOnline -Url "" -Interactive`. [!INCLUDE [pnp-powershell](../../includes/snippets/open-source/pnp-powershell.md)] diff --git a/docs/general-development/access-sharepoint-from-mobile-and-native-device-apps.md b/docs/general-development/access-sharepoint-from-mobile-and-native-device-apps.md index 5b13bd2af..bc4e82403 100644 --- a/docs/general-development/access-sharepoint-from-mobile-and-native-device-apps.md +++ b/docs/general-development/access-sharepoint-from-mobile-and-native-device-apps.md @@ -76,5 +76,4 @@ You can build these apps on the ASP.NET platform or a non-Microsoft stack. If yo These apps **gain authorized access to SharePoint data by using access tokens** that are issued by the Azure Control Service (ACS) in compliance with the OAuth Authentication Code flow. For more, see [Authorization Code OAuth flow for SharePoint Add-ins](https://msdn.microsoft.com/library/e89e91c7-ea39-49b9-af5a-7f047a7e2ab7%28Office.15%29.aspx). -> [!IMPORTANT] -> Azure Access Control (ACS), a service of Azure Active Directory (Azure AD), will be retired on November 7, 2018. This retirement does not impact the SharePoint Add-in model, which uses the `https://accounts.accesscontrol.windows.net` hostname (which is not impacted by this retirement). For more information, see [Impact of Azure Access Control retirement for SharePoint Add-ins](https://developer.microsoft.com/office/blogs/impact-of-azure-access-control-deprecation-for-sharepoint-add-ins). +[!INCLUDE [azure-acs-retirement](../../includes/snippets/azure-acs-deprecation.md)] diff --git a/docs/general-development/client-side-web-parts-maintenance-mode.md b/docs/general-development/client-side-web-parts-maintenance-mode.md index 088eb7442..7a9543bcd 100644 --- a/docs/general-development/client-side-web-parts-maintenance-mode.md +++ b/docs/general-development/client-side-web-parts-maintenance-mode.md @@ -78,7 +78,7 @@ If the web part [integrates its properties with SharePoint](../spfx/web-parts/gu ## Disable SPFx web parts and extensions -If you need to troubleshoot a SharePoint page to see if there is a SharePoint Framework extension or web part causing issues you can append **?disable3PCode=1** to the URL to disable loading of SPFx components, for example: +If you need to troubleshoot a SharePoint page to see if there is a SharePoint Framework extension or web part causing issues you can append **?disable3PCode** to the URL to disable loading of SPFx components, for example: ```text https://contoso.sharepoint.com/sites/team?disable3PCode diff --git a/docs/general-development/how-to-avoid-getting-throttled-or-blocked-in-sharepoint-online.md b/docs/general-development/how-to-avoid-getting-throttled-or-blocked-in-sharepoint-online.md index dcf3e6653..f239f0fb8 100644 --- a/docs/general-development/how-to-avoid-getting-throttled-or-blocked-in-sharepoint-online.md +++ b/docs/general-development/how-to-avoid-getting-throttled-or-blocked-in-sharepoint-online.md @@ -1,7 +1,7 @@ --- title: Avoid getting throttled or blocked in SharePoint Online -description: Find out about throttling in SharePoint Online and learn how to avoid being throttled or blocked. -ms.date: 03/24/2023 +description: Learn about throttling in SharePoint Online and learn how to avoid being throttled or blocked. +ms.date: 06/12/2025 ms.assetid: 33ed8106-d850-42b1-8d7f-5ba83901149c ms.localizationpriority: high --- @@ -21,7 +21,10 @@ Does this sound familiar? You're running an application - for example, to scan f ## What is throttling? -SharePoint Online uses throttling to maintain optimal performance and reliability of the SharePoint Online service. Throttling limits the number of API calls or operations within a time window to prevent overuse of resources. +SharePoint Online uses throttling to maintain the optimal performance and reliability of the SharePoint Online service. Throttling limits the number of API calls or operations within a time window to prevent the overuse of resources. + +> [!NOTE] +> Recent updates to this article enhance transparency to already existing throttling rules in the system ### What happens when you get throttled in SharePoint Online? @@ -29,72 +32,138 @@ When usage limits are exceeded, SharePoint Online throttles any further requests For requests that a user performs directly in the browser, SharePoint Online redirects you to the throttling information page, and the requests fail. -For requests that an application makes, including [Microsoft Graph](/graph), CSOM or REST calls, SharePoint Online returns HTTP status code 429 ("Too many requests") or 503 ("Server Too Busy") and the requests will fail. +For requests that an application makes, including [Microsoft Graph](/graph), CSOM, or REST calls, SharePoint Online returns HTTP status code 429 ("Too many requests") or 503 ("Server Too Busy"), and the requests will fail. - HTTP 429 indicates the calling application sent too many requests in a time window and exceeded a predetermined limit. -- HTTP 503 indicates the service isn't ready to handle the request. The common cause is that the service is experiencing more temporary load spikes than expected. +- HTTP 503 indicates the service isn't ready to handle the request. The common cause is that the service is experiencing more temporary load spikes. -In both cases, a `Retry-After` header is included in the response indicating how long the calling application should wait before retrying or making a new request. Throttled requests count towards usage limits, so failure to honor `Retry-After` may result in more throttling. +In both cases, a `Retry-After` header is included in the response, indicating how long the calling application should wait before retrying or making a new request. Throttled requests count towards usage limits, so failure to honor `Retry-After` may result in more throttling. If the offending application continues to exceed usage limits, SharePoint Online may completely block the application or specific request patterns from the application; in this case, the application will keep getting HTTP status code 503, and Microsoft will notify the tenant of the block in the Office 365 Message Center. -### User Throttling +### Resource units -Throttling limits the number of calls and operations collectively made by applications on behalf of a user to prevent overuse of resources. +Some limits are measured in terms of API costs. [Microsoft Graph APIs](/graph) have a predetermined resource unit cost per request: -That said, it's rare for a user to get throttled in SharePoint Online. The service is robust, and it's designed to handle high volume. If you do get throttled, 99% of the time it is because of custom code, such as custom web parts, complex list view and queries, or custom apps users run. That doesn’t mean that there aren’t other ways to get throttled, just that they’re less common. For example, one user syncing a large amount of data across 10 machines at the same time could trigger throttling. +| Resource units per request | Operations | +| -------------------------- | -------------------------------------------------------------------------------------------------------------- | +| 1 |
  • Single item query, such as get item
  • Delta with a token
  • Download file from drive item | +| 2 |
  • Multi item query, such as list children, except delta with a token
  • Create, update, delete, and upload | +| 5 |
  • All permission resource operations, including `$expand=permissions` | -### Application Throttling +> [!NOTE] +> We reserve the right to change the API resource unit cost. -In addition to throttling by user account, limits are also applied to applications in a tenant. +### User Throttling -Every application has its own limits in a tenant, which are based on the number of licenses purchased per organization (see the plans listed on [SharePoint Limits](/office365/servicedescriptions/sharepoint-online-service-description/sharepoint-online-limits#limits-by-plan) for licenses included). Every request that an application makes across all API endpoints, including [Microsoft Graph](/graph), CSOM and REST, counts towards the application’s usage. +Throttling limits the number of calls and operations collectively made by applications on behalf of a user to prevent the overuse of resources. -SharePoint provides various APIs. Different APIs have different costs depending on the complexity of the API. The cost of APIs is normalized by SharePoint and expressed by resource units. Application’s limits are also defined using resource units. +That said, it's rare for a user to get throttled in SharePoint Online. The service is robust, and it's designed to handle high volume. If you do get throttled, 99% of the time it is because of custom code, such as custom web parts, complex list views and queries, or custom apps users run. That doesn’t mean that there aren’t other ways to get throttled, just that they’re less common. For example, one user syncing a large amount of data across 10 machines at the same time could trigger throttling. -The table below defines the resource unit limits for an application in a tenant: +| Category | Type of throttling | Time interval | Limit | +|--------------|------------------------------|-------------------|-----------| +| User | Requests | 5 min | 3,000 | +| User | Ingress | 1 H | 50 GB | +| User | Egress | 1 H | 100 GB | +| User | Delegation Token Request | 5 min | 50 | +| User | External sharing emails | 1 H | 200 | -| License count | 0 – 1k | 1k – 5k | 5k - 15k | 15k - 50k | 50k+ | -| --------------- | --------- | --------- | --------- | --------- | --------- | -| App 1 minute | 1,200 | 2,400 | 3,600 | 4,800 | 6,000 | -| App daily | 1,200,000 | 2,400,000 | 3,600,000 | 4,800,000 | 6,000,000 | +> [!NOTE] +> Displayed limits are default values. Microsoft may change these limits at any time. Your experience may vary -> [!NOTE] -> We reserve the right to change the resource unit limits. +### Tenant Throttling -In terms of API costs, [Microsoft Graph APIs](/graph) have a predetermined resource unit cost per request: +Some throttling limits are applied at the Tenant level to ensure the operations collectively made do not overuse resources. -| Resource units per request | Operations | -| -------------------------- | ------------------------------------------------------- | -| 1 |
  • Single item query, such as get item
  • Delta with a token | -| 2 |
  • Multi item query, such as list children, except delta with a token
  • Create, update, delete and upload | -| 5 |
  • All permission resource operations, including $expand=permissions | +When a customer enables Multi-Geo, each geo gets its own limits (usage measurement not shared across geos). For the limits that are dependent on license count, the total tenant user license count is used (total users across all geos). -> [!NOTE] -> We reserve the right to change the API resource unit cost. +| Category | Type of throttling | Time interval | Tenant license count | Limit | +|--------------|--------------------------------------|-------------------|--------------------------|-----------| +| Tenant | [Resource Units](#resource-units) | 5 min | 0 - 1,000 | 18,750 | +| Tenant | [Resource Units](#resource-units) | 5 min | 1,001 - 5,000 | 37,500 | +| Tenant | [Resource Units](#resource-units) | 5 min | 5,001 - 15,000 | 56,250 | +| Tenant | [Resource Units](#resource-units) | 5 min | 15,001 - 50,000 | 75,000 | +| Tenant | [Resource Units](#resource-units) | 5 min | 50,000+ | 93,750 | +| Tenant | Assign Sensitivity Label | 5 min | no license bound | 100 | +| Tenant | PeopleManagerAPIs | 5 min | 0 - 1,000 | 3,000 | +| Tenant | PeopleManagerAPIs | 5 min | 1,001 - 5,000 | 6,000 | +| Tenant | PeopleManagerAPIs | 5 min | 5,001 - 15,000 | 9,000 | +| Tenant | PeopleManagerAPIs | 5 min | 15,001 - 50,000 | 12,000 | +| Tenant | PeopleManagerAPIs | 5 min | 50,000+ | 15,000 | -Delta with a token is the most efficient way to scan content in SharePoint, and we talk more in details at the [best practices for scanning applications](https://aka.ms/ScanGuidance). To help applications that follow the guidance, we lower the resource unit cost of delta requests with a token to 1 resource unit, although it's a multi-item query. The delta request without a token is considered a multi-item query and costs 2 resource units per request. +> [!NOTE] +> Displayed limits are default values. Microsoft may change these limits at any time. Your experience may vary -In [batching](/graph/json-batching), requests in a batch are evaluated individually by resource units. +### Application Throttling + +In addition to throttling by user account, limits are also applied to applications in a tenant. -CSOM and REST don't have a predetermined resource unit cost and they usually consume more resource units than [Microsoft Graph APIs](/graph) to achieve the same functionality. And in addition to resource unit limits, CSOM and REST are also subject to other internal resource limits, so if applications call CSOM and REST, they may experience more throttling than the limits described in this document. We highly recommend you choose [Microsoft Graph APIs](/graph) over CSOM and REST APIs when possible. +Every application has its own limits in a tenant, which are based on the number of licenses purchased per organization (see the plans listed on [SharePoint Limits](/office365/servicedescriptions/sharepoint-online-service-description/sharepoint-online-limits#limits-by-plan) for licenses included). Every request that an application makes across all API endpoints, including [Microsoft Graph](/graph), CSOM, and REST, counts towards the application’s usage. -Since application limits are in resource units, the actual request rate, such as requests per minute, depends on application’s API choice and the corresponding API resource unit cost. In general, you can estimate the request rate using an average of 2 resource units per request and divide resource unit limits by 2 to get the estimated request rate. +SharePoint provides various APIs. Different APIs have different costs depending on the complexity of the API. The cost of APIs is normalized by SharePoint and expressed by resource units. Application’s limits are also defined using resource units. -Although each application has its own limits within a tenant and we allow tenants to run more than one application, multiple applications running against the same tenant share the same resource bucket, and in rare occurrences can cause rate limiting when too many applications send requests at the time. +For multitenant applications: + +1. Each tenant hosting the application is considered distinct, operating independently from others. Consequently, every application is subject to its own usage limits within each tenant as defined above. +1. The consumption of resource units by the application is to be measured on a per-tenant, per-application basis. This ensures that each tenant-application pair remains within the permissible resource limits specified for that particular tenant. +1. Should the application reach its resource limit within one tenant, this occurrence will not affect other instances of the application operating in different tenants. Each tenant's resource utilization is isolated, preventing cross-tenant impact. + +| Category | Type of throttling | Time interval | Tenant license count | Limit | +|--------------------|--------------------------------------|-------------------|--------------------------|------------| +| Per APP Per Tenant | [Resource Units](#resource-units) | 24 H | 0 - 1,000 | 1,200,000 | +| Per APP Per Tenant | [Resource Units](#resource-units) | 24 H | 1,001 - 5,000 | 2,400,000 | +| Per APP Per Tenant | [Resource Units](#resource-units) | 24 H | 5,001 - 15,000 | 3,600,000 | +| Per APP Per Tenant | [Resource Units](#resource-units) | 24 H | 15,001 - 50,000 | 4,800,000 | +| Per APP Per Tenant | [Resource Units](#resource-units) | 24 H | 50,000+ | 6,000,000 | +| Per APP Per Tenant | [Resource Units](#resource-units) | 1 min | 0 - 1,000 | 1,250 | +| Per APP Per Tenant | [Resource Units](#resource-units) | 1 min | 1,001 - 5,000 | 2,500 | +| Per APP Per Tenant | [Resource Units](#resource-units) | 1 min | 5,001 - 15,000 | 3,750 | +| Per APP Per Tenant | [Resource Units](#resource-units) | 1 min | 15,001 - 50,000 | 5,000 | +| Per APP Per Tenant | [Resource Units](#resource-units) | 1 min | 50,000+ | 6,250 | +| Per APP Per Tenant | Ingress | 1 H | no license bound | 400 GB | +| Per APP Per Tenant | Egress | 1 H | no license bound | 400 GB | +| Per APP Per Tenant | Specific Sharing APIs | 5 min | no license bound | 300 | + +> [!NOTE] +> Displayed limits are default values. Microsoft may change these limits at any time. Your experience may vary + +### Other Limits + +| Category | Type of throttling | Time interval | Limit | +|-------------------------------|--------------------------------------|-------------------|-----------| +| SharePoint Embedded containers| [Resource Units](#resource-units) | 1 min | 3,000 | +| Per Site | Anonymous Link | 5 min | 3,000 | +| Per Site | Anonymous Egress (Download) | 2 H | 100 GB | +| Per Site | External sharing emails | 1 H | 200 | + +> [!NOTE] +> Displayed limits are default values. Microsoft may change these limits at any time. Your experience may vary ## How to handle throttling? Below is a quick summary of the best practices to handle throttling: + - Reduce the number of concurrent requests - Avoid request spikes - Choose [Microsoft Graph APIs](/graph) over CSOM and REST APIs when possible - Use the `Retry-After` and `RateLimit` HTTP headers -- Decorate your traffic so we know who you are (see section on traffic decoration best practice more on that below) +- Decorate your traffic so we know who you are (see section on traffic decoration best practice, more on that below) +- Consider using [Graph Data Connect for SharePoint](https://techcommunity.microsoft.com/blog/microsoft_graph_data_connect_for_sharepo/links-about-microsoft-graph-data-connect-for-sharepoint/4069045) for broad site analytics +- Understand if [service prioritization in SharePoint](https://aka.ms/SharePointPrioritization) is the right fit for your scenario + +As stated earlier, [Microsoft Graph](/graph) is cloud born APIs that have the latest improvements and optimizations. In general, [Microsoft Graph](/graph) consumes fewer resources than CSOM and REST to achieve the same functionality. Hence, adopting [Microsoft Graph](/graph) can improve the application's performance and reduce throttling. + +If you do run into throttling, we require using the `Retry-After` HTTP header to ensure minimum delay until the throttle is removed. The `RateLimit` HTTP headers send you early signals when you're close to limits, and you can proactively reduce requests to avoid hitting the throttle. + +Delta with a token is the most efficient way to scan content in SharePoint, and we talk more in detail at the [best practices for scanning applications](https://aka.ms/ScanGuidance). To help applications that follow the guidance, we lower the resource unit cost of delta requests with a token to 1 resource unit, although it's a multi-item query. The delta request without a token is considered a multi-item query and costs 2 resource units per request. -As stated earlier, [Microsoft Graph](/graph) is cloud born APIs that have the latest improvements and optimizations. In general, [Microsoft Graph](/graph) consumes less resource than CSOM and REST to achieve the same functionality. Hence, adopting [Microsoft Graph](/graph) can improve application's performance and reduce throttling. +In [batching](/graph/json-batching), requests in a batch are evaluated individually by resource units. + +CSOM and REST don't have a predetermined resource unit cost, and they usually consume more resource units than [Microsoft Graph APIs](/graph) to achieve the same functionality. In addition to resource unit limits, CSOM and REST are also subject to other internal resource limits, so if applications call CSOM and REST, they may experience more throttling than the limits described in this document. We highly recommend you choose [Microsoft Graph APIs](/graph) over CSOM and REST APIs when possible. + +Since application limits are in resource units, the actual request rate, such as requests per minute, depends on the application’s API choice and the corresponding API resource unit cost. In general, you can estimate the request rate using an average of 2 resource units per request, and divide resource unit limits by 2 to get the estimated request rate. -If you do run into throttling, we require using the `Retry-After` HTTP header to ensure minimum delay until the throttle is removed. The `RateLimit` HTTP headers send you early signals when you're close to limits and you can proactively reduce requests to avoid hitting the throttle. +Although each application has its limits within a tenant, and we allow tenants to run more than one application, multiple applications running against the same tenant share the same resource bucket, and in rare occurrences can cause rate limiting when too many applications send requests at the time. ### Retry-after header @@ -102,11 +171,12 @@ When applications experience throttling, SharePoint Online returns a `Retry-Afte Honoring the `Retry-After` HTTP header is the fastest way to handle being throttled because SharePoint Online dynamically determines the right time to try again. -Throttled requests count towards usage limits, so failure to honor `Retry-After` may result in more throttling. In other words, aggressive retries work against calling applications because even though the calls fail, they still count towards usage limits. Honoring the `Retry-After` HTTP header will ensure the shortest delay and reduce wasting quotas in throttled requests. +Throttled requests count towards usage limits, so failure to honor `Retry-After` may result in more throttling. In other words, aggressive retries work against calling applications because even though the calls fail, they still count toward usage limits. Honoring the `Retry-After` HTTP header will ensure the shortest delay and reduce wasting quotas in throttled requests. ### RateLimit headers - preview -In addition to the `Retry-After` header in the response of throttled requests, SharePoint Online also returns the [IETF RateLimit headers](https://github.com/ietf-wg-httpapi/ratelimit-headers) for selected limits in certain conditions to help applications manage rate limiting. We recommend applications to take advantage of these headers to avoid hitting throttle. +In addition to the `Retry-After` header in the response to throttled requests, SharePoint Online also returns the [IETF RateLimit headers](https://github.com/ietf-wg-httpapi/ratelimit-headers) for selected limits in certain conditions to help applications manage rate limiting. We recommend applications to take advantage of these headers to avoid hitting the throttle. + - `RateLimit-Limit` contains the limit in the current time window. - `RateLimit-Remaining` indicates the remaining quota in the current window. - `RateLimit-Reset` indicates the number of seconds until the quota is refilled. @@ -118,61 +188,67 @@ The `RateLimit` headers are returned on a **best-efforts** basis, so application Below is the list of limits that we support the `RateLimit` headers for. The policies and values are subject to change: | limit | Condition | limit value | Description | -| -------------------------- | ------------------------- | ------------- | ---------------------------------------------------------------------------------------------------------------- | -| App 1 minute resource unit | Usage >= 80% of the limit | Resource unit | When an application consumes 80% or more of its app 1 minute limit, the limit, remaining and reset are returned. | +|----------------------------|---------------------------|---------------|------------------------------------------------------------------------------------------------------------------| +| App 1-minute resource unit | Usage >= 80% of the limit | Resource unit | When an application consumes 80% or more of its app 1-minute limit, the limit, remaining, and reset are returned.| Below are some examples to help you understand the `RateLimit` headers: - An application has consumed 90% of its resource unit quota (1,080 out of 1,200), and its consumption is within all the limits that apply to it. The request succeeds and the `RateLimit` headers are returned. -``` -HTTP/1.1 200 Ok -RateLimit-Limit: 1200 -RateLimit-Remaining: 120 -RateLimit-Reset: 5 -``` - -- An application has consumed 100% of its resource unit quota, so it gets throttled due to this policy. The request is throttled and the `RateLimit` headers are returned. The `Retry-After` matches the `RateLimit-Reset`. -``` -HTTP/1.1 429 Too Many Requests -Retry-After: 31 -RateLimit-Limit: 1200 -RateLimit-Remaining: 0 -RateLimit-Reset: 31 -``` - -- An application has consumed 90% of its resource unit quota but its consumption has already reached other limits that the `RateLimit` headers don't support. In this case, the request is throttled and the `RateLimit` headers aren't returned to avoid confusion although the condition to return the headers is satisfied. -``` -HTTP/1.1 429 Too Many Requests -Retry-After: 9 -``` + + ``` + HTTP/1.1 200 Ok + RateLimit-Limit: 1200 + RateLimit-Remaining: 120 + RateLimit-Reset: 5 + ``` + +- An application has consumed 100% of its resource unit quota, so it gets throttled due to this policy. The request is throttled, and the `RateLimit` headers are returned. The `Retry-After` matches the `RateLimit-Reset`. There are instances where the `Retry-After` returns a smaller value. In such cases, the general rule of thumb is to honor the greater of the two values. + + ``` + HTTP/1.1 429 Too Many Requests + Retry-After: 31 + RateLimit-Limit: 1200 + RateLimit-Remaining: 0 + RateLimit-Reset: 31 + ``` + +- An application has consumed 90% of its resource unit quota, but its consumption has already reached other limits that the `RateLimit` headers don't support. In this case, the request is throttled and the `RateLimit` headers aren't returned to avoid confusion, although the condition to return the headers is satisfied. + + ``` + HTTP/1.1 429 Too Many Requests + Retry-After: 9 + ``` + Additional information can be found in [Prevent throttling in your application by using RateLimit headers in SharePoint Online](https://devblogs.microsoft.com/microsoft365dev/prevent-throttling-in-your-application-by-using-ratelimit-headers-in-sharepoint-online/) -### How to decorate your http traffic? +### How to decorate your HTTP traffic? Well-decorated traffic will be prioritized over traffic that isn't properly decorated. What is the definition of undecorated traffic? -- Traffic is undecorated if there's no AppID/AppTitle and User Agent string in API calls to SharePoint Online. The User Agent string should be in a specific format as described below. +- Traffic is undecorated if there's no AppID/AppTitle and User Agent string in API calls to SharePoint Online. The User-Agent string should be in a specific format as described below. - If you're developing a web application executing in the browser, most modern browsers don't allow overwriting the User Agent string, and you don't need to implement it. What are the recommendations? -- If you've created an application, the recommendation is to register and use AppID and AppTitle – This will ensure the best overall experience and best path for any future issue resolution. Include also the User Agent string information as defined in following step. +- If you've created an application, the recommendation is to register and use AppID and AppTitle – This will ensure the best overall experience and best path for any future issue resolution. Include also the User Agent string information as defined in the following step. + > [!NOTE] > Refer to the [Microsoft identity documentation](/azure/active-directory/develop/), such as the [Quickstart: Register an application with the Microsoft identity platform](/azure/active-directory/develop/quickstart-register-app) page, for information on creating an Azure AD application. -- Make sure to include User Agent string in your API call to SharePoint with following naming convention +- Make sure to include the User-Agent string in your API call to SharePoint with the following naming convention | Type | User Agent | Description | -| ---------------------- | -------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | -| ISV Application | ISV|CompanyName|AppName/Version | Identify as ISV and include Company Name, App Name separated by a pipe character and then adding Version number separated with a slash character | +|------------------------|----------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------| +| ISV Application | ISV|CompanyName|AppName/Version | Identify as ISV and include Company Name, App Name separated by a pipe character and then add Version number separated with a slash character | | Enterprise application | NONISV|CompanyName|AppName/Version | Identify as NONISV and include Company Name, App Name separated by a pipe character and then adding Version number separated with a slash character | -- If you're building your own JavaScript libraries, which are used to call SharePoint Online APIs, make sure that you include the User Agent information to your http request and potentially register your web application also as an Application, where suitable. +- If you're building your own JavaScript libraries, which are used to call SharePoint Online APIs, make sure that you include the User-Agent information to your HTTP request and potentially register your web application also as an Application, where suitable. > [!NOTE] -> Format of the user agent string is expected to follow [RFC2616](http://www.ietf.org/rfc/rfc2616.txt), so please follow up on the above guidance on the right separators. It is also fine to append existing user agent string with the requested information. +> The format of the user agent string is expected to follow [RFC2616](http://www.ietf.org/rfc/rfc2616.txt), so please follow up on the above guidance on the right separators. It is also fine to append the existing user agent string with the requested information. + ## Common throttling scenarios in SharePoint Online @@ -180,52 +256,70 @@ The most common causes of per-user throttling in SharePoint Online are client-si - **Sporadic traffic** - Constant load or repetitive complex queries against SharePoint Online must be optimized for low impact. Failing to follow [best practices for scanning applications](https://aka.ms/ScanGuidance) that process files in bulk will likely result in throttling. These apps include sync engines, backup providers, search indexers, classification engines, data loss prevention tools, and any other tool, which attempts to reason over the entirety of data and apply changes to it. + Constant load or repetitive complex queries against SharePoint Online must be optimized for low impact. Failing to follow [best practices for scanning applications](https://aka.ms/ScanGuidance) that process files in bulk will likely result in throttling. These apps include sync engines, backup providers, search indexers, classification engines, data loss prevention tools, and any other tool, that attempts to reason over the entirety of data and apply changes to it. - **Overwhelming traffic** - A single process dramatically exceeds throttling limits, continually, over a long time period. + A single process dramatically exceeds throttling limits, continually, over a long period. - - You used web services to build a tool to synchronize user profile properties. The tool updates user profile properties based on information from your line-of-business (LOB) human resources (HR) system. The tool makes calls at too high a frequency. - - You're running a load-testing script on SharePoint Online and you get throttled. Load testing isn't allowed on SharePoint Online. - - You customized your team site on SharePoint Online, for example, by adding a status indicator on the Home page. This status indicator updates frequently, which causes the page to make too many calls to the SharePoint Online service - this triggered throttling. - - Running the OneDrive Sync client while also running migration applications or applications that crawl sites and write back data can result in high request volumes that may trigger throttling. + - You used web services to build a tool to synchronize user profile properties. The tool updates user profile properties based on information from your line-of-business (LOB) human resources (HR) system. The tool makes calls at too high a frequency. + - You're running a load-testing script on SharePoint Online and you get throttled. Load testing isn't allowed on SharePoint Online. + - You customized your team site on SharePoint Online, for example, by adding a status indicator on the Home page. This status indicator updates frequently, which causes the page to make too many calls to the SharePoint Online service - this triggered throttling. + - Running the OneDrive Sync client while also running migration applications or applications that crawl sites and write back data can result in high request volumes that may trigger throttling. - **Unsupported use cases** - Unsupported use of SharePoint Online may experience throttling. Using SharePoint and OneDrive as an intermediary service between Microsoft 365 and another repository is an example of an unsupported use case. + Unsupported use of SharePoint Online may result in throttling. Using SharePoint and OneDrive as an intermediary service between Microsoft 365 and another repository is an example of an unsupported use case. - **Creating multiple AppIDs for the same application** - Don't create separate AppIDs where the applications essentially perform the same operations, such as backup or data loss prevention. Applications running against the same tenant ultimately share the same resource of the tenant. Historically some applications have tried this approach to get around the application throttling but ended up exhausting the tenant’s resource and causing multiple applications to be throttled in the tenant. + Don't create separate AppIDs where the applications essentially perform the same operations, such as backup or data loss prevention. Applications running against the same tenant ultimately share the same resources as the tenant. Historically, some applications have tried this approach to get around the application throttling but ended up exhausting the tenant’s resource and causing multiple applications to be throttled in the tenant. + ## Scenario specific limits ### When using app-only authentication with Sites.Read.All permission -When you're using SharePoint Online search APIs with app-only authentication and the app having Sites.Read.All permission (or stronger), the app will be registered with full permissions, and is allowed to query all your SharePoint Online content (including user’s private ODB content). +When you're using SharePoint Online search APIs with app-only authentication and the app has **Sites.Read.All** permission (or stronger), the app will be registered with full permissions, and is allowed to query all your SharePoint Online content (including the user’s private OneDrive for Business content). + +To ensure the service remains fast and reliable, queries using such permission are throttled at 25 requests per second. The search query will return an HTTP 429 response. When waiting for throttling recovery, you should ensure to pause all search query requests you may be making to the service using a similar app-only permission. Making more calls while receiving throttle responses will extend the time it takes for your app to become unthrottled. + +### When searching using delegated user permissions + +Searching with delegated user permissions occurs when an application submits a search query request with the signed-in user's permissions. Examples of delegated requests are as follows: the search box on a SharePoint page, a search-based web part or custom application embedded on a SharePoint page, and a Power Automate workflow querying for item information. -To ensure the service remains fast and reliable, queries using such permission are throttled at 25 requests per second. The search query will return with an http 429 response. When waiting for throttling recovery, you should ensure to pause all search query requests you may be making to the service using similar app-only permission. Making more calls while receiving throttle responses will extend the time it takes for your app to become unthrottled. +To ensure service stability, the service will throttle delegated user requests that exceed 10 requests per second per user. This per-user limit aggregates across all requests from all apps. If a single user sends more than 10 search query requests per second, an HTTP 429 is returned. The requesting application should wait the duration of the timeout specified in the response header before sending subsequent requests. When designing search-based applications, SharePoint pages, and workflows, implementors should make sure the page and application do not exceed 10 requests per second in aggregate and handle 429 throttling responses. For more information and guidance on page design and search optimization, see [Optimize search requests in SharePoint Online modern site pages](/microsoft-365/enterprise/modern-search-optimization) and [Use the Page Diagnostics tool for SharePoint Online](/microsoft-365/enterprise/page-diagnostics-for-spo). ### When searching for people search results When searching using a result source that requests people results, we may throttle any requests exceeding an organization-wide limit of 25 requests per second. This limit applies to all SharePoint search CSOM and REST requests using either the out-of-the-box "Local People Results" result source or a custom people search result source. -If you have applications or components, which are causing your people search requests to get throttled, we recommend that you: -1. Consider if the requests are necessary for your application. For example, if you're using a custom search site, which makes many simultaneous queries, check whether some of those requests can be removed without any significant impact to your organization's search experience. Alternatively, consider trying our modern people search experience in [Microsoft Search](/microsoftsearch/get-started-search-in-sharepoint-online) by searching from the [SharePoint](http://sharepoint.com/) start page. People search in Microsoft Search has been optimized for better performance and more relevant results. -2. Avoid making concurrent requests. For example, instead of issuing 10 requests all at once, issue them consecutively - only issue the next query after the previous one has completed. You may need to consider caching these results if you need them quickly, for example of a page load. -3. Try consolidating the requests into a single query. For example, instead making 10 simultaneous queries for `WorkEmail:user1@constoso.com`, `WorkEmail:user2@constoso.com`,..., `WorkEmail:user10@contoso.com`, try the single query, `WorkEmail:user1@constoso.com WorkEmail:user2@constoso.com ... WorkEmail:user10@contoso.com`. -4. Consider using the [Microsoft Graph API](/graph/search-concept-person) if a high-request-volume scenario (in excess of 25 requests per second) is truly necessary. +If you have applications or components that are causing your people search requests to get throttled, we recommend that you: + +1. Consider if the requests are necessary for your application. For example, if you're using a custom search site, that makes many simultaneous queries, check whether some of those requests can be removed without any significant impact on your organization's search experience. Alternatively, consider trying our modern people search experience in [Microsoft Search](/microsoftsearch/get-started-search-in-sharepoint-online) by searching from the [SharePoint](https://sharepoint.com/) start page. People search in Microsoft Search has been optimized for better performance and more relevant results. +1. Avoid making concurrent requests. For example, instead of issuing 10 requests all at once, issue them consecutively - only issue the next query after the previous one has been completed. You may need to consider caching these results if you need them quickly, for example of a page load. +1. Try consolidating the requests into a single query. For example, instead of making 10 simultaneous queries for `WorkEmail:user1@constoso.com`, `WorkEmail:user2@constoso.com`,..., `WorkEmail:user10@contoso.com`, try the single query, `WorkEmail:user1@constoso.com WorkEmail:user2@constoso.com ... WorkEmail:user10@contoso.com`. +1. Consider using the [Microsoft Graph API](/graph/search-concept-person) if a high-request-volume scenario (in excess of 25 requests per second) is truly necessary. + +### When accessing OneDrive sites + +When a client makes excessive attempts to access many OneDrive site collections that do not exist, we may throttle requests from that client's IP address. The client will receive an HTTP 429 response when accessing any OneDrive site collection during the throttling period. + +### Multi-Geo Customers and throttling + +When a customer enables throttling, each gets their own limits (usage measurement not shared across geos). For the limits that are dependant on licenses count, the total tenant user licenses count is used (total users across all geos). ## What should you do if you get blocked in SharePoint Online? -Blocking is the most extreme form of throttling. We rarely ever block a tenant, unless we detect long-term, excessive traffic that may threaten the overall health of the SharePoint Online service. We apply blocks to prevent excessive traffic from degrading the performance and reliability of SharePoint Online. A block - which is placed at the app or user level - prevents the offending process from running until you fix the problem. If we block your subscription, you must take action to modify the offending processes before the block can be removed. +Blocking is the most extreme form of throttling. We rarely ever block a tenant unless we detect long-term, excessive traffic that may threaten the overall health of the SharePoint Online service. We apply blocks to prevent excessive traffic from degrading the performance and reliability of SharePoint Online. A block - which is placed at the app or user level - prevents the offending process from running until you fix the problem. If we block your subscription, you must take action to modify the offending processes before the block can be removed. If we block your subscription, we'll notify you of the block in the Office 365 Message Center. The message describes what caused the block, provides guidance on how to resolve the offending issue, and tells you who to contact to get the block removed. ## See also +- [Service Prioritization in SharePoint](https://aka.ms/SharePointPrioritization) - [Diagnosing performance issues with SharePoint Online](https://support.office.com/article/3c364f9e-b9f6-4da4-a792-c8e8c8cd2e86) - [Capacity planning and load testing SharePoint Online](https://support.office.com/article/capacity-planning-and-load-testing-sharepoint-online-c932bd9b-fb9a-47ab-a330-6979d03688c0) - [Microsoft Graph dev center](/graph) - [Microsoft Graph throttling guidance](/graph/throttling) - [Prevent throttling in your application by using RateLimit headers in SharePoint Online](https://devblogs.microsoft.com/microsoft365dev/prevent-throttling-in-your-application-by-using-ratelimit-headers-in-sharepoint-online/) +- [Four options for site analytics](https://techcommunity.microsoft.com/blog/microsoft_graph_data_connect_for_sharepo/four-options-for-sharepoint-site-analytics/4076416) diff --git a/docs/general-development/how-to-create-a-page-layout-in-sharepoint.md b/docs/general-development/how-to-create-a-page-layout-in-sharepoint.md index b17de39ea..7b226bd53 100644 --- a/docs/general-development/how-to-create-a-page-layout-in-sharepoint.md +++ b/docs/general-development/how-to-create-a-page-layout-in-sharepoint.md @@ -98,7 +98,7 @@ If you're using Design Manager to create page layouts and master pages, the most - **PlaceHolderMain** The master page contains a content placeholder with `ID="PlaceholderMain"`, which contains the **DefaultContentBlock** `
    ` tag with the yellow box that shows **This area will be filled in by content you create in your page layouts.** You should not put any content inside this placeholder on the master page. The page layout contains a content placeholder with the same ID. You should put markup only inside this placeholder, and put no markup outside this placeholder, on a page layout. The IDs for the two placeholders ( **PlaceholderMain**) should match. -- **PlaceHolderAdditionalPageHead** When you work with a page layout, you typically don't insert elements into the **** tag of the page layout. Instead, you add elements to the content placeholder with `id="PlaceHolderAdditionalPageHead"`. When a content page is rendered in the browser, this additional page head gets merged into the end of the head of the master page. +- **PlaceHolderAdditionalPageHead** When you work with a page layout, you typically don't insert elements into the `` tag of the page layout. Instead, you add elements to the content placeholder with `id="PlaceHolderAdditionalPageHead"`. When a content page is rendered in the browser, this additional page head gets merged into the end of the head of the master page. @@ -184,7 +184,7 @@ When you create HTML mockups for your site, you may have HTML files that represe -You can simply put the styles for one or more page layouts into the same style sheet that the master page links to. But, if you want to minimize the weight of the CSS that is loaded per page, you can also use different style sheets for different page layouts. When you do this, it's important to know that a link to a style sheet cannot go in the **** tag of a page layout. Instead, the link must go in the content placeholder named **PlaceHolderAdditionalPageHead**. +You can simply put the styles for one or more page layouts into the same style sheet that the master page links to. But, if you want to minimize the weight of the CSS that is loaded per page, you can also use different style sheets for different page layouts. When you do this, it's important to know that a link to a style sheet cannot go in the `` tag of a page layout. Instead, the link must go in the content placeholder named **PlaceHolderAdditionalPageHead**. > [!NOTE] > In this markup, the attribute `ms-design-css-conversion="no"` excludes the style sheet from theming. Also, the link to the style sheet should appear after the lines commented ** + ``` - ### Create a workflow Now we create a workflow so we can test the custom site column and content type. +1. Add a workflow to our project and configure it to be a list workflow. +1. Create an association with this workflow using the **Announcements** list that we created earlier. +1. Create a new variable of type **DynamicValue** and name it "ItemProperties"; we're going to use this variable to store the item that kicks off the workflow's properties. +1. Create an **Int32** variable and name it "ItemAuthorId", as shown in Figure 15. - - -1. Add a workflow to our project configure it to be a list workflow. - - -2. Create an association with this workflow using the **Announcements** list that we created earlier. - - -3. Create a new variable of type **DynamicValue** and name it "ItemProperties"; we are going to use this variable to store the item that kicks off the workflow's properties. - - -4. Create an **Int32** variable and name it "ItemAuthorId", as shown in Figure 15. - - **Figure 15. Creating a workflow variable** - - - - ![The screenshot shows how to create an Int32 variable and name it "ItemAuthorId".](../images/WorkingWithTasksSharePointWorkflowsFig15.png) - - - - - + **Figure 15. Creating a workflow variable** + ![The screenshot shows how to create an Int32 variable and name it "ItemAuthorId".](../images/WorkingWithTasksSharePointWorkflowsFig15.png) ### Collect the list item properties Now we collect the list item properties. - - - 1. Drop the **LookupSPListItem** activity onto the design surface and set the **ListID** property to _(current list)_ and the **ItemId** property to _(current item)_. +1. Now set the **Result** output to the **ItemProperties** **DynamicValue** variable that we created a moment ago. +1. To get the author of the item from the variable, select the **Get Properties** link in the **LookupSPListItem** activity and add a **GetDynamicValueProperties** activity on the design surface. +1. Set the item's **Source** property to the output of the **LookupSPListItem** activity automatically. +1. Select the **[???]** button on the **Properties** property to display the **Properties** dialog box. +1. Change the **Entity Type** to **List Item of Announcements** to give the dialog box a context and assign the **Created By** path to the variable **ItemAuthorId**, as shown in Figure 16. - -2. Now set the **Result** output to the **ItemProperties** **DynamicValue** variable that we created a moment ago. - - -3. To get the author of the item from the variable, click the **Get Properties** link in the **LookupSPListItem** activity and add a **GetDynamicValueProperties** activity on the design surface. - - -4. Set the item's **Source** property to the output of the **LookupSPListItem** activity automatically. - - -5. Click the **[???]** button on the **Properties** property to display the **Properties** dialog box. - - -6. Change the **Entity Type** to **List Item of Announcements** to give the dialog box a context and assign the **Created By** path to the variable **ItemAuthorId**, as shown in Figure 16. - - **Figure 16. Properties dialog** - - - - ![The screenshot shows how to change the Entity Type to List Item of Announcements](../images/WorkingWithTasksSharePointWorkflowsFig16.png) - - - - - + **Figure 16. Properties dialog** + ![The screenshot shows how to change the Entity Type to List Item of Announcements](../images/WorkingWithTasksSharePointWorkflowsFig16.png) ### Create a single task Now we can create the single task. - - - 1. Add a **SingleTask** activity to the design surface. +1. Select the **Configure** link in the activity to open the **Task Options** dialog box. +1. Set the **Body** field to some string (it doesn't matter what), then set the **Assigned To** property to the variable you're using to store the author identifier (in our case, **ItemAuthorId**). +1. Change the title of the task, as shown in Figure 17. + **Figure 17. Task Title setting** + ![The screenshot shows how to change the title of the task.](../images/WorkingWithTasksSharePointWorkflowsFig17.png) -2. Click the **Configure** link in the activity to open the **Task Options** dialog box. - - -3. Set the **Body** field to some string (it doesn't matter what), then set the **Assigned To** property to the variable you are using to store the author identifier (in our case, **ItemAuthorId**). - - -4. Change the title of the task, as shown in Figure 17. - - **Figure 17. Task Title setting** - - - - ![The screenshot shows how to change the title of the task.](../images/WorkingWithTasksSharePointWorkflowsFig17.png) - - - - - -5. Finally, set the **Outcome Options** to use the new custom content type and custom outcome column. - - The dialog box determines what is available by looking at all the content types that are derived from the **Workflow Task (SharePoint)** content type, as shown in Figure 18. - - - **Figure 18. Outcome Options settings** - - - - ![The screenshot shows that the dialog box determines what is available by looking at all the content types that are derived from the Workflow Task content type.](../images/WorkingWithTasksSharePointWorkflowsFig18.png) - - - +1. Finally, set the **Outcome Options** to use the new custom content type and custom outcome column. + The dialog box determines what is available by looking at all the content types that are derived from the **Workflow Task (SharePoint 2013)** content type, as shown in Figure 18. + **Figure 18. Outcome Options settings** + ![The screenshot shows that the dialog box determines what is available by looking at all the content types that are derived from the Workflow Task content type.](../images/WorkingWithTasksSharePointWorkflowsFig18.png) ### Update the AssignedTo field -Before we go any further, we need to update the **AssignedTo** field on the **SingleTask** activity because it is expecting a string, not an integer. To remedy this, add **ToString()** to the end of the expression. - - +Before we go any further, we need to update the **AssignedTo** field on the **SingleTask** activity because it's expecting a string, not an integer. To remedy this, add **ToString()** to the end of the expression. Also, notice that the **Outcome** property automatically created a variable named **outcome_0**. To see what is in this variable, add a **WriteToHistory** activity on the design surface and update the message to write out the result. - - - ### Update the workflow task list -The final step is to configure the workflow task list. By default, the task list that the app creates only accepts the content type **Workflow Task (SharePoint)**. This workflow uses a custom content type for the custom outcome. Open the `Elements.xml` file for the workflow task list and change the **\** element's **ContentTypeId** attribute to match the content type in the project, as shown in the code example following. - - - +The final step is to configure the workflow task list. By default, the task list that the app creates only accepts the content type **Workflow Task (SharePoint 2013)**. This workflow uses a custom content type for the custom outcome. Open the `Elements.xml` file for the workflow task list and change the **\** element's **ContentTypeId** attribute to match the content type in the project, as shown in the code example following. ```XML - ``` - ### Test the custom content task with a custom task outcome Now let's test the workflow. +1. In Visual Studio, press **F5** or select the **Start** button. If testing in an on-premises local install of SharePoint, Visual Studio will start the Workflow Manager Test Service Host utility and deploy the workflow to the developer site. After a moment, the developer site will open. +1. Navigate to the **Announcements** list and create a new item. After creating the item, start the custom workflow manually. +1. Next, return to the workflow instance's status page to find the task that was created by the workflow. +1. Select on the task and, using the **Edit** button in the ribbon, switch to edit mode. At the bottom of the form there should be four buttons. The first two buttons are the custom outcome buttons that, when pressed, will mark the task as complete. The second two buttons are the default **Save** and **Cancel** buttons that simply update the list item without completing the task, as shown in Figure 19. - - -1. In Visual Studio 2012, press **F5** or click the **Start** button. If testing in an on-premises local install of SharePoint, Visual Studio 2012 will start the Workflow Manager Test Service Host utility and deploy the workflow to the developer site. After a moment, the developer site will open. - - -2. Navigate to the **Announcements** list and create a new item. After creating the item, start the custom workflow manually. - - -3. Next, return to the workflow instance's status page to find the task that was created by the workflow. - - -4. Click on the task and, using the **Edit** button in the ribbon, switch to edit mode. At the bottom of the form there should be four buttons. The first two buttons are the custom outcome buttons that, when pressed, will mark the task as complete. The second two buttons are the default **Save** and **Cancel** buttons that simply update the list item without completing the task, as shown in Figure 19. - - **Figure 19. Custom outcome buttons** - - - - ![The screenshot shows that the second two buttons are the default Save and Cancel buttons that simply update the list item without completing the task.](../images/WorkingWithTasksSharePointWorkflowsFig.png) - - - - - + **Figure 19. Custom outcome buttons** + ![The screenshot shows that the second two buttons are the default Save and Cancel buttons that simply update the list item without completing the task.](../images/WorkingWithTasksSharePointWorkflowsFig.png) ## Conclusion -Microsoft introduced workflows into the SharePoint 2007 platform, and they remained mostly unchanged in SharePoint 2010 in architecture, implementation, or process. This was also true for tasks in SharePoint workflows. However, SharePoint has introduced many changes to workflows in architecture and implementation. - - - -This article discussed the changes related to workflow tasks that were driven from changes to the workflow story in SharePoint. It demonstrated how to create a simple workflow that leveraged tasks in SharePoint using Visual Studio 2012. These types of tasks are suitable for many developers, although at times custom tasks and custom outcomes are desired, which can be accomplished using Visual Studio 2012 as has been shown. - - +Microsoft introduced workflows into the SharePoint Server 2007 platform, and they remained mostly unchanged in SharePoint Server 2010 in architecture, implementation, or process. This was also true for tasks in SharePoint workflows. However, SharePoint Server 2013 has introduced many changes to workflows in architecture and implementation. (And these changes remain accessible in SharePoint Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition.) +This article discussed the changes related to workflow tasks that were driven from changes to the workflow story in SharePoint. It demonstrated how to create a simple workflow that applied tasks in SharePoint using Visual Studio. These types of tasks are suitable for many developers, although at times custom tasks and custom outcomes are desired, which can be accomplished using Visual Studio as has been shown. ## See also - - - -- [Workflows in SharePoint](https://msdn.microsoft.com/library/jj163986.aspx) - - -- [Authorization and authentication for apps in SharePoint](https://msdn.microsoft.com/library/office/fp142384.aspx) - -- [How To Customize a List View in Apps for SharePoint Using Client-Side Rendering](https://msdn.microsoft.com/library/jj220045.aspx) +- [Workflows in SharePoint](/sharepoint/dev/general-development/workflows-in-sharepoint) +- [Authorization and authentication for apps in SharePoint](/sharepoint/dev/sp-add-ins/authorization-and-authentication-of-sharepoint-add-ins) +- [How To Customize a List View in Apps for SharePoint Using Client-Side Rendering](/sharepoint/dev/sp-add-ins/customize-a-list-view-in-sharepoint-add-ins-using-client-side-rendering) diff --git a/docs/images/119-release-notes/chart-card-viva-connections.png b/docs/images/119-release-notes/chart-card-viva-connections.png new file mode 100644 index 000000000..f400665bd Binary files /dev/null and b/docs/images/119-release-notes/chart-card-viva-connections.png differ diff --git a/docs/images/120-release-notes/chart-cards-options.png b/docs/images/120-release-notes/chart-cards-options.png new file mode 100644 index 000000000..e35deb436 Binary files /dev/null and b/docs/images/120-release-notes/chart-cards-options.png differ diff --git a/docs/images/120-release-notes/html-quick-views.png b/docs/images/120-release-notes/html-quick-views.png new file mode 100644 index 000000000..25b355490 Binary files /dev/null and b/docs/images/120-release-notes/html-quick-views.png differ diff --git a/docs/images/121-release-notes/card-personalization.png b/docs/images/121-release-notes/card-personalization.png new file mode 100644 index 000000000..227a84abc Binary files /dev/null and b/docs/images/121-release-notes/card-personalization.png differ diff --git a/docs/images/121-release-notes/flex-layout.png b/docs/images/121-release-notes/flex-layout.png new file mode 100644 index 000000000..527d2c6c6 Binary files /dev/null and b/docs/images/121-release-notes/flex-layout.png differ diff --git a/docs/images/appregnewaspx.png b/docs/images/appregnewaspx.png new file mode 100644 index 000000000..ae371d078 Binary files /dev/null and b/docs/images/appregnewaspx.png differ diff --git a/docs/images/brand-center-spfx-01.png b/docs/images/brand-center-spfx-01.png new file mode 100644 index 000000000..de9de224c Binary files /dev/null and b/docs/images/brand-center-spfx-01.png differ diff --git a/docs/images/brand-center-spfx-02.png b/docs/images/brand-center-spfx-02.png new file mode 100644 index 000000000..4ee2380c6 Binary files /dev/null and b/docs/images/brand-center-spfx-02.png differ diff --git a/docs/images/brand-center-spfx-03.png b/docs/images/brand-center-spfx-03.png new file mode 100644 index 000000000..c951e8e2b Binary files /dev/null and b/docs/images/brand-center-spfx-03.png differ diff --git a/docs/images/brand-center-spfx-04.png b/docs/images/brand-center-spfx-04.png new file mode 100644 index 000000000..c648b76f2 Binary files /dev/null and b/docs/images/brand-center-spfx-04.png differ diff --git a/docs/images/brand-center-spfx-05.png b/docs/images/brand-center-spfx-05.png new file mode 100644 index 000000000..6640c1e2f Binary files /dev/null and b/docs/images/brand-center-spfx-05.png differ diff --git a/docs/images/content-securty-policy-trusted-script-sources/add-app-with-tss.png b/docs/images/content-securty-policy-trusted-script-sources/add-app-with-tss.png new file mode 100644 index 000000000..9c0aaafb8 Binary files /dev/null and b/docs/images/content-securty-policy-trusted-script-sources/add-app-with-tss.png differ diff --git a/docs/images/content-securty-policy-trusted-script-sources/add-script-source.png b/docs/images/content-securty-policy-trusted-script-sources/add-script-source.png new file mode 100644 index 000000000..bcfa4234b Binary files /dev/null and b/docs/images/content-securty-policy-trusted-script-sources/add-script-source.png differ diff --git a/docs/images/content-securty-policy-trusted-script-sources/browser-console.png b/docs/images/content-securty-policy-trusted-script-sources/browser-console.png new file mode 100644 index 000000000..a81043c0e Binary files /dev/null and b/docs/images/content-securty-policy-trusted-script-sources/browser-console.png differ diff --git a/docs/images/content-securty-policy-trusted-script-sources/purview-audit-record.png b/docs/images/content-securty-policy-trusted-script-sources/purview-audit-record.png new file mode 100644 index 000000000..247ab069f Binary files /dev/null and b/docs/images/content-securty-policy-trusted-script-sources/purview-audit-record.png differ diff --git a/docs/images/content-securty-policy-trusted-script-sources/purview-results.png b/docs/images/content-securty-policy-trusted-script-sources/purview-results.png new file mode 100644 index 000000000..491a23ee3 Binary files /dev/null and b/docs/images/content-securty-policy-trusted-script-sources/purview-results.png differ diff --git a/docs/images/content-securty-policy-trusted-script-sources/purview-search.png b/docs/images/content-securty-policy-trusted-script-sources/purview-search.png new file mode 100644 index 000000000..a61356271 Binary files /dev/null and b/docs/images/content-securty-policy-trusted-script-sources/purview-search.png differ diff --git a/docs/images/content-securty-policy-trusted-script-sources/spac-tss-nav.png b/docs/images/content-securty-policy-trusted-script-sources/spac-tss-nav.png new file mode 100644 index 000000000..2efbafa58 Binary files /dev/null and b/docs/images/content-securty-policy-trusted-script-sources/spac-tss-nav.png differ diff --git a/docs/images/content-securty-policy-trusted-script-sources/spac-tss-page.png b/docs/images/content-securty-policy-trusted-script-sources/spac-tss-page.png new file mode 100644 index 000000000..9c40b5537 Binary files /dev/null and b/docs/images/content-securty-policy-trusted-script-sources/spac-tss-page.png differ diff --git a/docs/images/discoverdomainisolatedwebpartusage.png b/docs/images/discoverdomainisolatedwebpartusage.png new file mode 100644 index 000000000..c23769db3 Binary files /dev/null and b/docs/images/discoverdomainisolatedwebpartusage.png differ diff --git a/docs/images/overview/spfx-across-apps.png b/docs/images/overview/spfx-across-apps.png new file mode 100644 index 000000000..a960e43cc Binary files /dev/null and b/docs/images/overview/spfx-across-apps.png differ diff --git a/docs/images/overview/viva-spfx-extensibility.png b/docs/images/overview/viva-spfx-extensibility.png new file mode 100644 index 000000000..d7b94d5dd Binary files /dev/null and b/docs/images/overview/viva-spfx-extensibility.png differ diff --git a/docs/images/react-cascading-dropdowns-item-dropdown-list-items.png b/docs/images/react-cascading-dropdowns-item-dropdown-list-items.png index 1b7c83b09..757f77180 100644 Binary files a/docs/images/react-cascading-dropdowns-item-dropdown-list-items.png and b/docs/images/react-cascading-dropdowns-item-dropdown-list-items.png differ diff --git a/docs/images/react-cascading-dropdowns-itemname-property-pane-dropdown.png b/docs/images/react-cascading-dropdowns-itemname-property-pane-dropdown.png index 189d09d25..16efa490d 100644 Binary files a/docs/images/react-cascading-dropdowns-itemname-property-pane-dropdown.png and b/docs/images/react-cascading-dropdowns-itemname-property-pane-dropdown.png differ diff --git a/docs/images/react-cascading-dropdowns-list-dropdown-available-lists.png b/docs/images/react-cascading-dropdowns-list-dropdown-available-lists.png index 5f1dfaa10..722ab3a02 100644 Binary files a/docs/images/react-cascading-dropdowns-list-dropdown-available-lists.png and b/docs/images/react-cascading-dropdowns-list-dropdown-available-lists.png differ diff --git a/docs/images/react-cascading-dropdowns-list-selected-item-disabled.png b/docs/images/react-cascading-dropdowns-list-selected-item-disabled.png index dd8f57ddc..f88e54c24 100644 Binary files a/docs/images/react-cascading-dropdowns-list-selected-item-disabled.png and b/docs/images/react-cascading-dropdowns-list-selected-item-disabled.png differ diff --git a/docs/images/react-cascading-dropdowns-listname-property-pane-dropdown.png b/docs/images/react-cascading-dropdowns-listname-property-pane-dropdown.png index b445decac..0c3c6275e 100644 Binary files a/docs/images/react-cascading-dropdowns-listname-property-pane-dropdown.png and b/docs/images/react-cascading-dropdowns-listname-property-pane-dropdown.png differ diff --git a/docs/images/react-cascading-dropdowns-loading-indicator-when-loading-items.png b/docs/images/react-cascading-dropdowns-loading-indicator-when-loading-items.png index bfa0614d0..22e60d00b 100644 Binary files a/docs/images/react-cascading-dropdowns-loading-indicator-when-loading-items.png and b/docs/images/react-cascading-dropdowns-loading-indicator-when-loading-items.png differ diff --git a/docs/images/react-cascading-dropdowns-loading-indicator-when-loading-list-info.png b/docs/images/react-cascading-dropdowns-loading-indicator-when-loading-list-info.png index e0e957a8e..cf666b5a9 100644 Binary files a/docs/images/react-cascading-dropdowns-loading-indicator-when-loading-list-info.png and b/docs/images/react-cascading-dropdowns-loading-indicator-when-loading-list-info.png differ diff --git a/docs/images/react-cascading-dropdowns-web-part-first-run.png b/docs/images/react-cascading-dropdowns-web-part-first-run.png index ad207fd7f..5223d61af 100644 Binary files a/docs/images/react-cascading-dropdowns-web-part-first-run.png and b/docs/images/react-cascading-dropdowns-web-part-first-run.png differ diff --git a/docs/images/viva-extensibility/ace-basic-html-quickview-01.png b/docs/images/viva-extensibility/ace-basic-html-quickview-01.png new file mode 100644 index 000000000..cdfe65cf0 Binary files /dev/null and b/docs/images/viva-extensibility/ace-basic-html-quickview-01.png differ diff --git a/docs/images/viva-extensibility/ace-basic-html-quickview-02.png b/docs/images/viva-extensibility/ace-basic-html-quickview-02.png new file mode 100644 index 000000000..2d153c24e Binary files /dev/null and b/docs/images/viva-extensibility/ace-basic-html-quickview-02.png differ diff --git a/docs/images/viva-extensibility/data-visualization/ace-dataviz-allup.png b/docs/images/viva-extensibility/data-visualization/ace-dataviz-allup.png new file mode 100644 index 000000000..f094aced0 Binary files /dev/null and b/docs/images/viva-extensibility/data-visualization/ace-dataviz-allup.png differ diff --git a/docs/images/viva-extensibility/data-visualization/ace-default.png b/docs/images/viva-extensibility/data-visualization/ace-default.png new file mode 100644 index 000000000..400fa0029 Binary files /dev/null and b/docs/images/viva-extensibility/data-visualization/ace-default.png differ diff --git a/docs/images/viva-extensibility/data-visualization/bar-chart.png b/docs/images/viva-extensibility/data-visualization/bar-chart.png new file mode 100644 index 000000000..fad7ddadb Binary files /dev/null and b/docs/images/viva-extensibility/data-visualization/bar-chart.png differ diff --git a/docs/images/viva-extensibility/data-visualization/chart-on-right-side.png b/docs/images/viva-extensibility/data-visualization/chart-on-right-side.png new file mode 100644 index 000000000..ebe45b330 Binary files /dev/null and b/docs/images/viva-extensibility/data-visualization/chart-on-right-side.png differ diff --git a/docs/images/viva-extensibility/data-visualization/chart-three-series.png b/docs/images/viva-extensibility/data-visualization/chart-three-series.png new file mode 100644 index 000000000..7bc3f4050 Binary files /dev/null and b/docs/images/viva-extensibility/data-visualization/chart-three-series.png differ diff --git a/docs/images/viva-extensibility/data-visualization/donut-chart.png b/docs/images/viva-extensibility/data-visualization/donut-chart.png new file mode 100644 index 000000000..ad6110b75 Binary files /dev/null and b/docs/images/viva-extensibility/data-visualization/donut-chart.png differ diff --git a/docs/images/viva-extensibility/data-visualization/pie-chart.png b/docs/images/viva-extensibility/data-visualization/pie-chart.png new file mode 100644 index 000000000..99ad323b8 Binary files /dev/null and b/docs/images/viva-extensibility/data-visualization/pie-chart.png differ diff --git a/docs/images/viva-extensibility/data-visualization/regular-chart.png b/docs/images/viva-extensibility/data-visualization/regular-chart.png new file mode 100644 index 000000000..f20005e09 Binary files /dev/null and b/docs/images/viva-extensibility/data-visualization/regular-chart.png differ diff --git a/docs/images/viva-extensibility/data-visualization/toolbox.png b/docs/images/viva-extensibility/data-visualization/toolbox.png new file mode 100644 index 000000000..745880918 Binary files /dev/null and b/docs/images/viva-extensibility/data-visualization/toolbox.png differ diff --git a/docs/index.yml b/docs/index.yml index 7114ea6ca..b2648b18f 100644 --- a/docs/index.yml +++ b/docs/index.yml @@ -40,24 +40,20 @@ landingContent: url: /sharepoint/dev/spfx/web-parts/get-started/using-microsoft-graph-apis # Card (optional) - - title: Contact us + - title: SharePoint Embedded linkLists: - - linkListType: video - links: - - text: Microsoft 365 Community - url: https://www.youtube.com/channel/UC_mKdhw-V6CeCM7gTo_Iy7w - linkListType: overview links: - - text: Developer Blog - url: https://devblogs.microsoft.com/microsoft365dev/ - - text: Community - url: https://pnp.github.io/ - - text: Submit a new idea - url: https://aka.ms/feedback/sharepoint - - text: Issues - url: https://github.com/SharePoint/sp-dev-docs/issues - - text: Forum - url: https://aka.ms/spdev-community + - text: Overview of SharePoint Embedded + url: /sharepoint/dev/embedded/overview + - text: Enable SharePoint Embedded + url: /sharepoint/dev/embedded/getting-started/enable-sharepoint-embedded + - linkListType: tutorial + links: + - text: SharePoint Embedded - Overview & Configuration + url: /training/modules/sharepoint-embedded-setup + - text: SharePoint Embedded - Building an App + url: /training/modules/sharepoint-embedded-create-app # Card (optional) - title: Samples @@ -185,3 +181,23 @@ landingContent: url: /sharepoint/dev/general-development/how-to-avoid-getting-throttled-or-blocked-in-sharepoint-online - text: Modernize your classic SharePoint sites url: /sharepoint/dev/transform/modernize-classic-sites + + # Card (optional) + - title: Contact us + linkLists: + - linkListType: video + links: + - text: Microsoft 365 Community + url: https://www.youtube.com/channel/UC_mKdhw-V6CeCM7gTo_Iy7w + - linkListType: overview + links: + - text: Developer Blog + url: https://devblogs.microsoft.com/microsoft365dev/ + - text: Community + url: https://pnp.github.io/ + - text: Submit a new idea + url: https://aka.ms/feedback/sharepoint + - text: Issues + url: https://github.com/SharePoint/sp-dev-docs/issues + - text: Forum + url: https://aka.ms/spdev-community diff --git a/docs/schema/currency-element-regional-settings.md b/docs/schema/currency-element-regional-settings.md index a4ee50c45..8587e197c 100644 --- a/docs/schema/currency-element-regional-settings.md +++ b/docs/schema/currency-element-regional-settings.md @@ -112,7 +112,7 @@ The following table lists the locale identifiers (LCID) and currency formats, or |1028
    |NT$125 (Taiwan)
    | |1054
    |฿125 (Thailand)
    | |7169
    |125 .ت.د (Tunisia)
    | -|1055
    |125 TL (Turkey)
    | +|1055
    |125 TL (Türkiye)
    | |14337
    |125 .إ.د (U.A.E)
    | |2057
    |£125 (United Kingdom)
    | |1033
    |$125 (United States)
    | diff --git a/docs/schema/default-custom-action-locations-and-ids.md b/docs/schema/default-custom-action-locations-and-ids.md index 70bada11f..b787d750b 100644 --- a/docs/schema/default-custom-action-locations-and-ids.md +++ b/docs/schema/default-custom-action-locations-and-ids.md @@ -122,25 +122,37 @@ You can create a Feature that implements the [HideCustomAction](hidecustomaction

    **Microsoft.SharePoint.ContentTypeSettings**

    **Fields**

    **AddField**

    **ReorderFields**

    -

    **Columns** section on site collection **Content Type** page.

    +

    **Columns** section on List **Content Type** page.

    **Microsoft.SharePoint.ContentTypeSettings**

    **General**

    **ChangeNameDescription**

    **ChangeOptionalSettings**

    **ChangeWorkflowSettings**

    **RemoveContentType**

    -

    **Settings** section on site collection **Content Type** page.

    +

    **Settings** section on List **Content Type** page.

    **Microsoft.SharePoint.ContentTypeTemplateSettings**

    **Fields**

    **AddField**

    **ReorderFields**

    -

    **Columns** section on List **Content Type** page.

    +

    **Columns** section on site collection **Content Type** page in SharePoint on premises and on Content Type Hub site collection **Content Type** page in SharePoint Online.

    **Microsoft.SharePoint.ContentTypeTemplateSettings**

    **General**

    **ChangeNameDescriptionGroup**

    **ChangeOptionalSettings**

    **ChangeWorkflowSettings**

    **RemoveContentType**

    -

    **Settings** section on List **Content Type** page.

    +

    **Settings** section on site collection **Content Type** page in SharePoint on premises and on Content Type Hub site collection **Content Type** page in SharePoint Online.

    + + +

    **Microsoft.SharePoint.ContentTypeSiteTemplateSettings**

    +

    **Fields**

    +

    **AddField**

    **ReorderFields**

    +

    **Columns** section on site collection **Content Type** page in SharePoint Online.

    + + +

    **Microsoft.SharePoint.ContentTypeSiteTemplateSettings**

    +

    **General**

    +

    **ChangeNameDescriptionGroup**

    **ChangeOptionalSettings**

    **ChangeWorkflowSettings**

    **RemoveContentType**

    +

    **Settings** section on site collection **Content Type** page in SharePoint Online.

    **Microsoft.SharePoint.Create**

    diff --git a/docs/schema/field-element-field.md b/docs/schema/field-element-field.md index f2b9631be..e3b466a1d 100644 --- a/docs/schema/field-element-field.md +++ b/docs/schema/field-element-field.md @@ -227,7 +227,7 @@ The following sections describe attributes, child elements, and parent elements. |**ShowInListSettings**|Optional **Boolean**. **TRUE** to display the column on the page for customizing list settings.| |**ShowInNewForm**|Optional **Boolean**. If **FALSE**, the field does not show up in a **Fields** enumeration when the display mode is set to **New**. Fields with this setting do not show up in the default New Item page for a given list. In particular, this is used to hide fields on the page for uploading documents to the document library.| |**ShowInVersionHistory**|Optional **Boolean**. **TRUE** to display the column on the page for viewing list item versions.| -|**ShowInViewForms**|Optional **Boolean**. **TRUE** to specify that the field is displayed in pages that are used to view list data.| +|**ShowInViewForms**|Optional **Boolean**. **TRUE** to specify that the field is displayed in pages that are used to view list data. This parameter does not apply to modern UI.| |**Sortable**|Optional **Boolean**. **TRUE** if values in the field can be sorted.| |**SourceID**|Optional **Text**. Contains the namespace that defines the field, such as `http://schemas.microsoft.com/sharepoint/v3` or the GUID of the list in which the custom field was created.| |**StaticName**|Optional **Text**. Contains an internal name of the field that might not be unique within a field collection. However, unlike the **Name** attribute, which might be amended to ensure its uniqueness, the value of the **StaticName** attribute is assigned to the field exactly as you have defined it. You can later use this value in code to get a reference to the field by calling the **TryGetFieldByStaticName** method.| diff --git a/docs/solution-guidance/Bulk-user-profile-update-api-for-sharepoint-online.md b/docs/solution-guidance/Bulk-user-profile-update-api-for-sharepoint-online.md index ece4c3b9f..01104b3e1 100644 --- a/docs/solution-guidance/Bulk-user-profile-update-api-for-sharepoint-online.md +++ b/docs/solution-guidance/Bulk-user-profile-update-api-for-sharepoint-online.md @@ -409,6 +409,8 @@ In order to use an app-only context with the SharePoint add-in model, you need t ``` +[!INCLUDE [azure-acs-retirement](../../includes/snippets/azure-acs-deprecation.md)] + In order to use app-only with an application registered in Azure Active Directory, you need to [register the application](/graph/auth-register-app-v2), [provide a X.509 certificate for authentication](/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-microsoft-identity-platform), which is a requirement for SharePoint Online app-only authentication within Azure Active Directory, and grant the following SharePoint Online permissions scopes for Application: Sites.FullControl.All and User.ReadWrite.All . ### This API is updating properties in the user profile service, but how would I create those properties in the tenant? diff --git a/docs/solution-guidance/Extending-SharePoint-Online-for-Germany-China-USGovernment-environments.md b/docs/solution-guidance/Extending-SharePoint-Online-for-Germany-China-USGovernment-environments.md index 00a22db5c..fd62ee39a 100644 --- a/docs/solution-guidance/Extending-SharePoint-Online-for-Germany-China-USGovernment-environments.md +++ b/docs/solution-guidance/Extending-SharePoint-Online-for-Germany-China-USGovernment-environments.md @@ -10,8 +10,7 @@ When your Office 365 tenant is hosted in an specific environment like the German _**Applies to:** Office 365 hosted in the Germany, China or US Government environments_ -> [!IMPORTANT] -> Azure Access Control (ACS), a service of Azure Active Directory (Azure AD), will be retired on November 7, 2018. This retirement does not impact the SharePoint Add-in model, which uses the `https://accounts.accesscontrol.windows.net` hostname (which is not impacted by this retirement). For more information, see [Impact of Azure Access Control retirement for SharePoint Add-ins](https://developer.microsoft.com/office/blogs/impact-of-azure-access-control-deprecation-for-sharepoint-add-ins). +[!INCLUDE [azure-acs-retirement](../../includes/snippets/azure-acs-deprecation.md)] ## Introduction diff --git a/docs/solution-guidance/app-only-elevated-privileges-sharepoint-add-in.md b/docs/solution-guidance/app-only-elevated-privileges-sharepoint-add-in.md index 85875c72b..5b67998b7 100644 --- a/docs/solution-guidance/app-only-elevated-privileges-sharepoint-add-in.md +++ b/docs/solution-guidance/app-only-elevated-privileges-sharepoint-add-in.md @@ -81,6 +81,8 @@ You have a couple of options to elevate permissions. - Service Account - Remotely hosted code (Example: Azure WebJob) +[!INCLUDE [azure-acs-retirement](../../includes/snippets/azure-acs-deprecation.md)] + ### OAuth (AllowAppOnlyPolicy) In this option the AllowAppOnlyPolicy is set to true in the AppPermissionRequests element and permissions are set in the SharePoint Add-in manifest. OAuth is used to return access tokens to allow the SharePoint Add-in to execute operations it has permissions to perform. diff --git a/docs/solution-guidance/applying-pnp-templates.md b/docs/solution-guidance/applying-pnp-templates.md new file mode 100644 index 000000000..522984e81 --- /dev/null +++ b/docs/solution-guidance/applying-pnp-templates.md @@ -0,0 +1,132 @@ +--- +title: Applying PnP Templates to SharePoint Sites +description: This article explains how to manually provision a look book PnP template using PnP PowerShell. +ms.date: 06/17/2024 +ms.localizationpriority: high +--- + +# Applying PnP Templates to SharePoint Sites + +In this page, you can find detailed information about how to manually provision a look book template on your tenant. + +You can also follow these steps by watching this video on the Microsoft 365 Platform Community (PnP) YouTube Channel: + +> [!Video https://www.youtube.com/embed/lK17E412uNg] + +## Software prerequisites + +In order to provision the look book templates, you need to have the following software tools installed on your machine: + +- [PowerShell](/powershell/scripting/install/installing-powershell) +- [PnP PowerShell](https://pnp.github.io/powershell/) + +Once the above tools are installed, you can proceed with the following sections. + +[!INCLUDE [pnp-provisioning-engine](../../includes/snippets/open-source/pnp-provisioning-engine.md)] + +## Available templates + +The look book templates are based on the PnP Provisioning engine. As such, every single template is a `.pnp` (pnp stands for Patterns & Practices) file, which is nothing more than an OpenXML file that includes all the needed content to deploy the template. +Here follows a table where you can find the list of all the look book templates, a link do download the corresponding `.pnp` template file, the configuration parameters, and the prerequisites. + +Category|Template|Site Type|Parameters|Prerequisites +--------|--------|---------|----------|------------- +|Organization|[Leadership Connection](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/tenant/leadershipconnection/leadershipconnection.pnp)|Communication Site|
    • SiteTitle
    • SiteUrl
    |SharePoint Online Admin +||[The Perspective](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/tenant/theperspective/theperspective.pnp)|Communication Site|
    • SiteTitle
    • SiteUrl
    |SharePoint Online Admin +||[Crisis Communications](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/tenant/crisis-mgmt/crisis-mgmt.pnp)|Communication Site|
    • SiteTitle
    • SiteUrl
    |SharePoint Online Admin +||[News site](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/tenant/contosonews/contosonews.pnp)|Communication Site|
    • SiteTitle
    • SiteUrl
    |SharePoint Online Admin +||[The Landing](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/tenant/thelanding/thelanding.pnp)|Communication Site|
    • SiteTitle
    • SiteUrl
    |SharePoint Online Admin +||[Benefits](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/tenant/benefits/benefits.pnp)|Communication Site|
    • SiteTitle
    • SiteUrl
    |SharePoint Online Admin +||[LGBTQ+ Employee Resource Group](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/tenant/pride/pride.pnp)|Communication Site|
    • SiteTitle
    • SiteUrl
    |SharePoint Online Admin +||[Hispanic Heritage Month Employee Resource Group](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/tenant/hispanicheritage/template.pnp)|Communication Site|
    • SiteTitle
    • SiteUrl
    |SharePoint Online Admin +|Department|[Retail Operations](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/tenant/retailoperations/retailoperations.pnp)|Communication Site|
    • SiteTitle
    • SiteUrl
    |SharePoint Online Admin +||[Fly Safe Conference](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/tenant/flysafeconference/flysafeconference.pnp)|Communication Site|
    • SiteTitle
    • SiteUrl
    |SharePoint Online Admin +||[Global sales hub](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/tenant/globalsales/globalsales.pnp)|Communication Site|
    • SiteTitle
    • SiteUrl
    • RetailOperationsSiteTitle
    • RetailOperationsSiteUrl
    • ConsumerRetailSiteTitle
    • ConsumerRetailSiteUrl
    |SharePoint Online Admin +||[Workshop training site](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/tenant/droneproducttraining/droneproducttraining.pnp)|Communication Site|
    • SiteTitle
    • SiteUrl
    |SharePoint Online Admin +||[Global marketing hub](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/tenant/globalmarketing/globalmarketing.pnp)|Communication Site|
    • SiteTitle
    • SiteUrl
    • CommunicationSiteTitle
    • CommunicationSiteUrl
    |SharePoint Online Admin +||[Human resources hub](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/tenant/contosoworks/contosoworks.pnp)|Communication Site|
    • SiteTitle
    • SiteUrl
    • BenefitsSiteTitle
    • BenefitsSiteUrl
    |SharePoint Online Admin +|Team|[Collaboration team site](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/tenant/ContosoTeamSite/ContosoTeamSite.pnp)|Modern Team Site|
    • SiteTitle
    • SiteAlias
    |SharePoint Online Admin +||[Team communication site](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/tenant/communications/communications.pnp)|Communication Site|
    • SiteTitle
    • SiteUrl
    |SharePoint Online Admin +||[Mark8 Project Team](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/tenant/mark8projectteam/mark8projectteam.pnp)|Communication Site|
    • SiteTitle
    • SiteUrl
    |SharePoint Online Admin +||[Product Support](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/tenant/productsupport/productsupport.pnp)|Communication Site|
    • SiteTitle
    • SiteUrl
    |SharePoint Online Admin +|Community|[Branding Site](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/tenant/contosobrand/contosobrand.pnp)|Communication Site|
    • SiteTitle
    • SiteUrl
    |SharePoint Online Admin +||[Charitable site](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/tenant/give/give.pnp)|Communication Site|
    • SiteTitle
    • SiteUrl
    |SharePoint Online Admin +|Solutions|[Microsoft 365 learning pathways](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/tenant/M365LearningPathways/M365LP.pnp)|Communication Site|
    • SiteUrl
    |SharePoint Online Admin, App Catalog +||[New employee departmental onboarding site](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/tenant/NEO-departmental/template.pnp)|Communication Site|
    • SiteTitle
    • SiteUrl
    |SharePoint Online Admin +||[Workplace Transformation site](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/tenant/HybridWork/HybridWork.pnp)|Communication Site|
    • SiteUrl
    |SharePoint Online Admin +||[New employee pre-onboarding site](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/tenant/NEO-preonboarding/template.pnp)|Communication Site|
    • SiteTitle
    • SiteUrl
    |SharePoint Online Admin +||[New employee corporate onboarding site](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/tenant/NEO-main/template.pnp)|Communication Site|
    • SiteTitle
    • SiteUrl
    |SharePoint Online Admin +||[Microsoft 365 freelance communications site](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/tenant/FreelanceToolkit/M365FreelanceCommsSite.pnp)|Communication Site|
    • SiteUrl
    |SharePoint Online Admin +||[SharePoint Success Site](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/tenant/SharePointSuccessSite/SharePointSuccessSite.pnp)|Communication Site|
    • SiteUrl
    |SharePoint Online Admin, App Catalog +|Schools|[School home page](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/site/eduportal/eduportal.pnp)|Communication Site|
    • SiteTitle
    • SiteUrl
    |Regular user +||[Staff home page](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/site/edustaff/edustaff.pnp)|Team Site|
    • SiteUrl
    |Regular user +||[Class home page](https://github.com/SharePoint/sp-dev-provisioning-templates/blob/master/site/educlass/educlass.pnp)|Team Site|
    • SiteUrl
    |Regular user + +Here follows a brief guidance about the parameters: + +- **SiteTitle**: is the title that is provisioned on the target site. +- **SiteUrl**: is the server-relative URL of the site provisioned by the template. It can be something like: _/sites/name-of-the-site_. +- **RetailOperationsSiteTitle**: is the title of the Communication Site provisioned on the target tenant for the Global Sales Hub template. +- **RetailOperationsSiteUrl**: is the server-relative URL of the Retail Operations Communication Site provisioned by the template Global Sales Hub. It can be something like: _/sites/name-of-the-site_. +- **ConsumerRetailSiteTitle**: is the title of the Retail Operations Communication Site provisioned on the target tenant for the Global Sales Hub template. +- **ConsumerRetailSiteUrl**: is the server-relative URL of the Consumer Retail Communication Site provisioned by the template Global Sales Hub. It can be something like: _/sites/name-of-the-site_. +- **CommunicationSiteTitle**: is the title of the Consumer Retail Communication Site provisioned on the target tenant for the Global Marketing Hub template. +- **CommunicationSiteUrl**: is the server-relative URL of the Communication Site provisioned by the template Global Marketing Hub. It can be something like: _/sites/name-of-the-site_. +- **BenefitsSiteTitle**: is the title of the Communication Site provisioned by the Human Resources Hub template. +- **BenefitsSiteUrl**: is the server-relative URL of the Communication Site provisioned by the Human Resources Hub template. It can be something like: _/sites/name-of-the-site_. + +Here follows a brief guidance about the meaning of the prerequisites: + +- SharePoint Online Admin: you need to execute the provisioning using a user who is member of the SharePoint Online Administrators group. +- App Catalog: you need to have a fully functional tenant-wide App Catalog in your target tenant, and you need to execute the provisioning using a user who has admin access to the App Catalog site. +- Regular user: you can execute the provisioning with a regular user of SharePoint Online. + +> Note: If you don't have the App Catalog configured in your tenant, and the template that you are willing to provision requires the App Catalog, you can follow the instructions provided in this [online document](/sharepoint/dev/spfx/set-up-your-developer-tenant#create-app-catalog-site). + +## Provisioning a template + +In order to execute the actual provisioning, you need to execute a PowerShell cmdlet provided by the PnP PowerShell extensions. + +### Provisioning templates that require a SharePoint Online Admin + +Download the `.PNP` template file that you want to provision, save it in a local folder, and run the following PowerShell command: + +```powershell +Connect-PnPOnline https://.sharepoint.com/sites/ -Interactive + +Invoke-PnPTenantTemplate -Path .\your-template-file.pnp -Parameters @{"SiteTitle"="";"SiteUrl"="/sites/"} +``` + +Replace \ with the actual name of your SharePoint Online tenant in Microsoft 365. +Remember to provide a value for all the parameters declared in the above table. + +> Important: The very first time that you will connect to your target environment using the `Connect-PnPOnline` command let, you will have to grant a set of permissions to the _PnP Management Shell_ application. + +### Provisioning templates that require a Regular User + +Download the `.PNP` template file that you want to provision, save it in a local folder, and run the following PowerShell command: + +```powershell +Connect-PnPOnline https://.sharepoint.com/sites/ -Interactive + +Invoke-PnPSiteTemplate -Path .\your-template-file.pnp -Parameters @{"SiteTitle"="";"SiteUrl"="/sites/"} +``` + +Replace \ with the actual name of your SharePoint Online tenant in Microsoft 365. +Remember to provide a value for all the parameters declared in the above table. + +#### Example script for applying Learning Pathways solution + +This is how the PowerShell script would look for applying the [Learning Pathways solution](/office365/customlearning/), which only has the `SiteUrl` parameter and the pnp file for the Learning Pathways is located in the *c:\temp* folder and you want to target to a previously created site with URL of */sites/M365LP*. + +```powershell +Connect-PnPOnline https://.sharepoint.com/sites/ + +Invoke-PnPSiteTemplate -Path c:\temp\M365LP.pnp -Parameters @{"SiteUrl"="/sites/M365LP"} +``` + +## Next Steps + +Now that the look book template is provisioned on your tenant, feel free to browse to the site URL that you selected and play with the new site. + +If there's any issue, don't hesitate to file an issue in the [PnP Provisioning Service repository on GitHub](https://github.com/SharePoint/sp-provisioning-service/issues). diff --git a/docs/solution-guidance/elevated-privileges-in-sharepoint-add-ins.md b/docs/solution-guidance/elevated-privileges-in-sharepoint-add-ins.md index 295a3b087..67ba8686a 100644 --- a/docs/solution-guidance/elevated-privileges-in-sharepoint-add-ins.md +++ b/docs/solution-guidance/elevated-privileges-in-sharepoint-add-ins.md @@ -57,8 +57,7 @@ app@sharepoint permission no longer works in the modern term store user interfac Your add-in can use low-trust authorization when using the Microsoft Azure Access Control Service (ACS) to establish trust between your provider-hosted add-in and either your Office 365 site or your on-premises SharePoint farm. You can learn more at [Three authorization systems for SharePoint Add-ins 2013](https://msdn.microsoft.com/library/office/dn790706.aspx). -> [!IMPORTANT] -> Azure Access Control (ACS), a service of Azure Active Directory (Azure AD), will be retired on November 7, 2018. This retirement does not impact the SharePoint Add-in model, which uses the `https://accounts.accesscontrol.windows.net` hostname (which is not impacted by this retirement). For more information, see [Impact of Azure Access Control retirement for SharePoint Add-ins](https://developer.microsoft.com/office/blogs/impact-of-azure-access-control-deprecation-for-sharepoint-add-ins). +[!INCLUDE [azure-acs-retirement](../../includes/snippets/azure-acs-deprecation.md)] To get a reference to the [ClientContext](https://msdn.microsoft.com/library/office/microsoft.sharepoint.client.clientcontext.aspx) object, your add-in should: diff --git a/docs/solution-guidance/how-to-provide-add-in-app-only-tenant-administrative-permissions-in-sharepoint-online.md b/docs/solution-guidance/how-to-provide-add-in-app-only-tenant-administrative-permissions-in-sharepoint-online.md index 3d90fe8af..80d226688 100644 --- a/docs/solution-guidance/how-to-provide-add-in-app-only-tenant-administrative-permissions-in-sharepoint-online.md +++ b/docs/solution-guidance/how-to-provide-add-in-app-only-tenant-administrative-permissions-in-sharepoint-online.md @@ -8,8 +8,7 @@ ms.localizationpriority: high When you are developing SharePoint add-ins and want to register them using the ACS model (**appregnew.aspx** and **appinv.aspx**), you will need to follow a special process, when an add-in is requesting tenant admin permissions and in app-only mode. -> [!IMPORTANT] -> Azure Access Control (ACS), a service of Azure Active Directory (Azure AD), will be retired on November 7, 2018. This retirement does not impact the SharePoint Add-in model, which uses the `https://accounts.accesscontrol.windows.net` hostname (which is not impacted by this retirement). For more information, see [Impact of Azure Access Control retirement for SharePoint Add-ins](https://developer.microsoft.com/office/blogs/impact-of-azure-access-control-deprecation-for-sharepoint-add-ins). +[!INCLUDE [azure-acs-retirement](../../includes/snippets/azure-acs-deprecation.md)] Steps to provide tenant admin permission for app only add-in: diff --git a/docs/solution-guidance/media/apponly/sharepointapponly1new.png b/docs/solution-guidance/media/apponly/sharepointapponly1new.png new file mode 100644 index 000000000..dbe38ffbf Binary files /dev/null and b/docs/solution-guidance/media/apponly/sharepointapponly1new.png differ diff --git a/docs/solution-guidance/modern-experience-customizations.md b/docs/solution-guidance/modern-experience-customizations.md index 9568fa814..4533aebd5 100644 --- a/docs/solution-guidance/modern-experience-customizations.md +++ b/docs/solution-guidance/modern-experience-customizations.md @@ -17,6 +17,7 @@ Numerous benefits in the "modern" experiences are called out in the referenced m ## What are the "modern" experiences in SharePoint Online? The "modern" experiences in SharePoint Online are: + - **Modern team sites** - **Modern list and library experiences** - **Modern site pages** @@ -26,28 +27,20 @@ The "modern" experiences in SharePoint Online are: If you have existing customizations that are business critical for your deployment, we recommend using the following process for adopting the "modern" experiences: 1. **Readiness**: Understand the "modern" experiences, know what features they offer, but equally important, understand which features are not (yet) available. - -2. **Assess**: Assess to what extent your current customizations can work within the "modern" experience. Also assess which of your sites have customizations or features that will not work within the "modern" experiences. These sites and their customizations should be updated or need to stay in "classic". However, other sites should work just fine using the "modern" experiences. The best way to assess your compatibility with the "modern" experiences is by using the [SharePoint Modernization scanner](https://aka.ms/sppnp-modernuiscanner). - -3. **Solution planning**: Plan the work required for both custom solutions and sites to prepare them to be used with the "modern" experiences. - -4. **Develop and test**: Apply the needed changes to your customizations and test them. - -5. **Deploy**: Roll out the updated changes to your SharePoint Online environment. +1. **Assess**: Assess to what extent your current customizations can work within the "modern" experience. Also assess which of your sites have customizations or features that will not work within the "modern" experiences. These sites and their customizations should be updated or need to stay in "classic". However, other sites should work just fine using the "modern" experiences. The best way to assess your compatibility with the "modern" experiences is by using the [SharePoint Modernization scanner](https://aka.ms/sppnp-modernuiscanner). +1. **Solution planning**: Plan the work required for both custom solutions and sites to prepare them to be used with the "modern" experiences. +1. **Develop and test**: Apply the needed changes to your customizations and test them. +1. **Deploy**: Roll out the updated changes to your SharePoint Online environment. Following are the key scenarios currently supported by the "modern" experiences. We will be updating the list of supported scenarios whenever new capabilities are introduced in SharePoint Online. -
    - -|Customization/Article|Description| -|:-----|:-----| -|[Provisioning "modern" team sites programmatically](modern-experience-customizations-provisioning-sites.md)| "Modern" team sites can be provisioned by an end user, but you can also create these sites programmatically. | -|[Customizing "modern" team sites](modern-experience-customizations-customize-sites.md) | "Modern" team sites are sites that bring a fresh, new responsive user experience to SharePoint Online,
    showing relevant information on the home page. Typically, these sites also have an associated Microsoft 365 group. | -|[Customizing "modern" lists and libraries](modern-experience-customizations-customize-lists-and-libraries.md) | "Modern" lists and document libraries bring a better user experience that is faster, more intuitive, and responsive.
    This article focuses on the extensibility options, such as user custom actions and branding, which are supported for the "modern" library and list experiences. | -|[Customizing "modern" site pages](modern-experience-customizations-customize-pages.md) | "Modern" team site pages are fast, easy to author, and support rich multimedia content. Additionally, these pages
    look great on any device, in a browser, or from within the SharePoint mobile app.
    This article focuses on the extensibility options available within the "modern" page experience. | -|[SharePoint "modern" sites classification](modern-experience-site-classification.md)|Configure out-of-the-box site classification for modern SharePoint sites. | - - +| Customization/Article | Description | +| :------------------------------------------------------------------------------------------------------------ | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [Provisioning "modern" team sites programmatically](modern-experience-customizations-provisioning-sites.md) | "Modern" team sites can be provisioned by an end user, but you can also create these sites programmatically. | +| [Customizing "modern" team sites](modern-experience-customizations-customize-sites.md) | "Modern" team sites are sites that bring a fresh, new responsive user experience to SharePoint Online, showing relevant information on the home page. Typically, these sites also have an associated Microsoft 365 group. | +| [Customizing "modern" lists and libraries](modern-experience-customizations-customize-lists-and-libraries.md) | "Modern" lists and document libraries bring a better user experience that is faster, more intuitive, and responsive. This article focuses on the extensibility options, such as user custom actions and branding, which are supported for the "modern" library and list experiences. | +| [Customizing "modern" site pages](modern-experience-customizations-customize-pages.md) | "Modern" team site pages are fast, easy to author, and support rich multimedia content. Additionally, these pages look great on any device, in a browser, or from within the SharePoint mobile app. This article focuses on the extensibility options available within the "modern" page experience. | +| [SharePoint "modern" sites classification](modern-experience-site-classification.md) | Configure out-of-the-box site classification for modern SharePoint sites. | ## Converting existing sites to "modern" team sites @@ -55,16 +48,14 @@ Existing collaboration sites cannot be converted to "modern" team sites with an "Modern" lists and library usage can be controlled at site, web, and list/library level. You can find more details about the available options in our ["modern" list and libraries](modern-experience-customizations-customize-lists-and-libraries.md) article. -By default, "classic" SharePoint sites use modern pages for any newly added page, and you have the option to change the welcome page to a modern page. Setting a new "modern" page for a "classic" SharePoint site can be done programatically by using CSOM or REST APIs. +By default, "classic" SharePoint sites use modern pages for any newly added page, and you have the option to change the welcome page to a modern page. Setting a new "modern" page for a "classic" SharePoint site can be done programmatically by using CSOM or REST APIs. ## Using modern experiences in the root site collection of a tenant -Root site collection of Office 365 tenant is always using classic team site template and it's not supported to recreate this site collection using user interface, PowerShell or APIs. You can however start utilizing modern experiences on this root site by creating content using modern pages. - -It is also supported and possible programmatically enable home page layout in the root site collection. This will provide flexibility for the welcome page designs for this site. +Since 2019, tenants have initially been provided a modern communication site as the root site. If your environment was set up before April 2019, consider swapping in a communication site or a modern team site that isn't connected to a group. If you'd rather stay with the classic site, you can use modern experiences in other ways, such as creating content using modern pages. For more information, see [Modernize your root site](/SharePoint/modern-root-site). > [!CAUTION] -> It is not supported to delete or replace existing site collection from the root URL of your tenant. You should not in any circumstances delete the root site collection. Technically this can be performed using APIs, but that can cause the tenant to move into inconsistent status. +> It is not supported to delete the existing site collection from the root URL of your tenant. You should not in any circumstances delete the root site collection. Technically this can be performed using APIs, but that can cause the tenant to move into an inconsistent status. ### Enable home layout in collaboration site @@ -83,20 +74,17 @@ Set-PnPListItem -List SitePages –Identity -Values @{"PageLayoutType"="Hom [!INCLUDE [pnp-powershell](../../includes/snippets/open-source/pnp-powershell.md)] - - ## SharePoint "modern" experiences support for on-premises The SharePoint "modern" experiences are supported in SharePoint 2019 in on-premises. Also as part of the SharePoint 2016 Feature Pack, "modern" experiences will be introduced within the OneDrive for Business experience, and you can take advantage of the SharePoint Framework client-side web parts in the classic page experience. - ## See also -- [Create connected SharePoint Online team sites in seconds](https://blogs.office.com/2016/11/08/create-connected-sharepoint-online-team-sites-in-seconds/) -- [New capabilities in SharePoint Online team sites including integration with Microsoft 365 groups](https://www.microsoft.com/microsoft-365/blog/2016/08/31/new-capabilities-in-sharepoint-online-team-sites-including-integration-with-office-365-groups) +- [Create connected SharePoint Online team sites in seconds](https://blogs.office.com/2016/11/08/create-connected-sharepoint-online-team-sites-in-seconds/) +- [Microsoft Teams, SharePoint, and Microsoft 365 Groups integration (IT Admins)](/microsoft-365/solutions/groups-sharepoint-teams-governance) - [Create a team site in SharePoint Online](https://support.office.com/article/Create-a-team-site-in-SharePoint-Online-ef10c1e7-15f3-42a3-98aa-b5972711777d) -- [Turn scripting capabilities on or off](https://support.office.com/article/Allow-or-prevent-custom-script-1f2c515f-5d7e-448a-9fd7-835da935584f) -- ["Modern" SharePoint lists are here - including integration with Microsoft Flow and PowerApps](https://blogs.office.com/2016/07/25/modern-sharepoint-lists-are-here-including-integration-with-microsoft-flow-and-powerapps/) -- [Update on "Modern" Document Libraries and Extensibility](https://developer.microsoft.com/office/blogs/update-on-modern-document-libraries-and-extensiblity) -- [Switch the default experience for lists or document libraries from "modern" or "classic"](https://support.office.com/article/Switch-the-default-experience-for-lists-or-document-libraries-from-new-or-classic-66dac24b-4177-4775-bf50-3d267318caa9) +- [Turn scripting capabilities on or off](https://support.office.com/article/Allow-or-prevent-custom-script-1f2c515f-5d7e-448a-9fd7-835da935584f) +- ["Modern" SharePoint lists are here - including integration with Microsoft Flow and PowerApps](https://blogs.office.com/2016/07/25/modern-sharepoint-lists-are-here-including-integration-with-microsoft-flow-and-powerapps/) +- [Update on "Modern" Document Libraries and Extensibility](https://developer.microsoft.com/office/blogs/update-on-modern-document-libraries-and-extensiblity) +- [Switch the default experience for lists or document libraries from "modern" or "classic"](https://support.office.com/article/Switch-the-default-experience-for-lists-or-document-libraries-from-new-or-classic-66dac24b-4177-4775-bf50-3d267318caa9) - [Office 365 development and SharePoint PnP solution guidance](office-365-development-patterns-and-practices-solution-guidance.md) diff --git a/docs/solution-guidance/multigeo-managedmetadata.md b/docs/solution-guidance/multigeo-managedmetadata.md index 49d6b1c9c..b11e8980e 100644 --- a/docs/solution-guidance/multigeo-managedmetadata.md +++ b/docs/solution-guidance/multigeo-managedmetadata.md @@ -1,7 +1,7 @@ --- title: Manage metadata in a Multi-Geo tenant description: Managed metadata that you define for the default geo location of a Multi-Geo tenant is automatically replicated to the tenant's satellite locations, and is only available to the sites hosted in that geo location. -ms.date: 06/13/2022 +ms.date: 07/02/2025 ms.localizationpriority: medium --- @@ -23,13 +23,14 @@ The following are important points to know about managed metadata in Multi-Geo t - Create term groups, term sets, and terms in the default geo location. This ensures that they are consistently available across all the geo-locations in your tenant. - When term groups, term sets, and terms are replicated across geo-locations, they retain their ID. This allows you to reference term groups, term sets, and terms based on ID, regardless of the geo-location your code is running in. - For term sets and terms to be replicated across geo-locations, they need to be set as Available for Tagging. -- The incremental replication process runs hourly. The full replication job runs every three days. +- The incremental replication process runs hourly. The full replication job runs every seven (7) days. - When you programmatically create a term set in the default geo location, that term set is automatically replicated. You don't have to make any changes to the APIs. - In some cases, you might want a term group, term set, or terms to be available only in a satellite location, for example, a term that relates to a confidential project that applies to a specific geolocation. In that case, you can choose to create the relevant terms in the applicable geo-location. - If you want the term group to be available only in the default location, use the `Set-SPOTenantTaxonomyReplicationParameters` PowerShell cmdlet to explicitly specify which term groups from the default location are replicated. This cmdlet is part of the [SharePoint Online Management Shell](https://www.microsoft.com/download/details.aspx?id=35588). > [!NOTE] > In a multi-geo scenario, there are protected or special term sets within the term store space that will not be replicated, nor will anything under them be replicated. Those groups are: + > - People > - Search Dictionaries > - System diff --git a/docs/solution-guidance/multigeo-sampleapplicationsetup.md b/docs/solution-guidance/multigeo-sampleapplicationsetup.md index f37ecd6b7..8217e1b30 100644 --- a/docs/solution-guidance/multigeo-sampleapplicationsetup.md +++ b/docs/solution-guidance/multigeo-sampleapplicationsetup.md @@ -132,8 +132,7 @@ The following instructions show you how to use appregnew.aspx and appinv.aspx to > [!NOTE] > Store the retrieved information (client ID and client secret) because you'll need these in the next step. -> [!IMPORTANT] -> Azure Access Control (ACS), a service of Azure Active Directory (Azure AD), will be retired on November 7, 2018. This retirement does not impact the SharePoint Add-in model, which uses the `https://accounts.accesscontrol.windows.net` hostname (which is not impacted by this retirement). For more information, see [Impact of Azure Access Control retirement for SharePoint Add-ins](https://developer.microsoft.com/office/blogs/impact-of-azure-access-control-deprecation-for-sharepoint-add-ins). +[!INCLUDE [azure-acs-retirement](../../includes/snippets/azure-acs-deprecation.md)] ### Grant permissions to the created principal diff --git a/docs/solution-guidance/pnp-provisioning-tenant-templates.md b/docs/solution-guidance/pnp-provisioning-tenant-templates.md index 2597a22fd..c6e192677 100644 --- a/docs/solution-guidance/pnp-provisioning-tenant-templates.md +++ b/docs/solution-guidance/pnp-provisioning-tenant-templates.md @@ -1,7 +1,7 @@ --- title: PnP Provisioning Tenant Templates description: Think of Tenant Templates as an extension on top of PnP Provisioning or Site Templates. Instead of just provisioning artifacts to a site, you can now create sites, create teams, provision Azure AD entries, provision taxonomy etc. -ms.date: 04/28/2022 +ms.date: 09/21/2023 ms.localizationpriority: high --- @@ -11,8 +11,8 @@ Think of Tenant Templates as an extension on top of PnP Provisioning or Site Tem [!INCLUDE [pnp-provisioning-engine](../../includes/snippets/open-source/pnp-provisioning-engine.md)] -> [!NOTE] -> A good resource for tenant templates is the [PnP Provisioning Templates Repository](https://github.com/sharepoint/sp-dev-provisioning-templates) which contains all the templates used in the lookbook service at https://lookbook.microsoft.com. You'll find a tenant folder, and in there several folders, each containing a template. In the subfolders you will find a source folder. In the source folder you'll find a template.xml file which is a tenant template. +> [!NOTE] +> A good resource for tenant templates is the [PnP Provisioning Templates Repository](https://github.com/sharepoint/sp-dev-provisioning-templates) which contains all the templates previously used in the lookbook service (no longer available). You'll find a tenant folder, and in there several folders, each containing a template. In the subfolders you will find a source folder. In the source folder you'll find a template.xml file which is a tenant template. ## The Sequence @@ -81,24 +81,23 @@ As the only way to create a team programmatically is by using the Microsoft Grap You can do this as follows: ``` -Connect-PnPOnline -Graph -LaunchBrowser +Register-PnPManagementShellAccess ``` -This will copy a so-called device code to your clipboard and it will step your through a wizard to provide consent. Notice that this is a one time action only. After you performed this consent step you can use the normal ways of connecting with PnP PowerShell as you are used to. +This is a one time action only. After you performed this consent step you can use the normal ways of connecting with PnP PowerShell as you are used to. The flow the provisioning engine uses is as follows: -1. You login using your credentials with `Connect-PnPOnline` -2. You apply the template with Apply-PnPTenantTemplate -Path yourtemplate.pnp +1. You login using your credentials with `Connect-PnPOnline .sharepoint.com -Interactive` +2. You apply the template with `Invoke-PnPTenantTemplate -Path yourtemplate.pnp` 3. The Provisioning Engine will start to provision any SharePoint artifact it finds in that template 4. The moment the engine encounters an artifact which requires an access token for the Microsoft Graph it will call back to PnP PowerShell to acquire such a token 5. PnP PowerShell will try, using the credentials you used in step 1 and the consent you provided earlier as written above, to acquire a token using the PnP Management Shell multi-tenant Azure application registration. The moment it successfully acquired the token it will return this token to the provisioning engine which will use that token to make the appropriate calls to the Microsoft Graph API. -If at a later state you want to remove this consent, login to your Azure Portal, and navigate to the Azure Active Directory. In the Enterprise Applications section you will find an entry called "PnP Management Shell". Remove this entry to clear the consent. - +If at a later state you want to remove this consent, login to your Azure Portal, and navigate to the Azure Active Directory. In the Enterprise Applications section you will find an entry called "PnP Management Shell" with client id 31359c7f-bd7e-475c-86db-fdb8c937548e. Remove this entry to clear the consent. ## See also - [Microsoft 365 Patterns and Practices](https://pnp.github.io/) - [SharePoint Developer Group at Microsoft Tech Community](https://techcommunity.microsoft.com/t5/SharePoint-Developer/bd-p/SharePointDev) -- [PnP remote provisioning](pnp-remote-provisioning.md) +- [PnP remote provisioning](pnp-remote-provisioning.md) \ No newline at end of file diff --git a/docs/solution-guidance/pnp-remote-provisioning.md b/docs/solution-guidance/pnp-remote-provisioning.md index ba9f0e577..75a808155 100644 --- a/docs/solution-guidance/pnp-remote-provisioning.md +++ b/docs/solution-guidance/pnp-remote-provisioning.md @@ -1,23 +1,23 @@ --- title: PnP remote provisioning description: Remote provisioning for your Office 365, SharePoint, and SharePoint Online site collections using features of the add-in model. -ms.date: 06/05/2020 +ms.date: 01/13/2025 ms.localizationpriority: high --- # PnP Remote Provisioning -The current recommendation when it comes to provisioning artifacts like sites, lists, content types, pages is to use something called "remote provisioning". In a nutshell, remote provisioning means that you utilize one of the available APIs (SharePoint REST, the SharePoint Client Side Object Model or the Microsoft Graph) to create those artifacts. Your code runs on your own machine or on a separate server. +The current recommendation for provisioning artifacts like sites, lists, content types, and pages is to use "remote provisioning." In a nutshell, remote provisioning means utilizing one of the available APIs (SharePoint REST, the SharePoint Client Side Object Model, or the Microsoft Graph) to create those artifacts. Your code runs on your own machine or on a separate server. [!INCLUDE [pnp-provisioning-engine](../../includes/snippets/open-source/pnp-provisioning-engine.md)] -In order for you to create a repeatable process, with known parameters, the [SharePoint Developer Community](../community/community.md) created an engine, called the PnP Provisioning Engine, which allows you to easily create templates and apply those templates to sites or your tenant. The PnP Provisioning Engine can be called from C# code or by using PnP PowerShell. +To create a repeatable process with known parameters, the [SharePoint Developer Community](../community/community.md) created an engine called the PnP Provisioning Engine. This engine allows you to easily create templates and apply them to sites or your tenant. The PnP Provisioning Engine can be called from C# code or by using PnP PowerShell. See the following resources for more information: ## PnP Remote Provisioning vs Site Designs and Site Scripts -The general recommendation is that if you can provision your artifacts with Site Scripts then you should go for Site Scripts. Keep in mind though that the PnP Provisioning Engine extends beyond the scope of just site collection artifacts and moves into the territory of provisioning Tenant scoped artifacts. +The general recommendation is that if you can provision your artifacts with Site Scripts. The PnP Provisioning Engine extends beyond the scope of site collection artifacts and moves into the territory of provisioning tenant-scoped artifacts. ## PnP remote provisioning resources @@ -26,12 +26,11 @@ The general recommendation is that if you can provision your artifacts with Site |[Introducing the PnP provisioning engine](introducing-the-pnp-provisioning-engine.md)| Introduces the PnP provisioning engine, which was released in April 2015 within the OfficeDev PnP project, and which is updated on a monthly basis in alignment with the release schedule of the Office Dev PnP Core Library.| |[Configuring the PnP provisioning engine](configuring-the-pnp-provisioning-engine.md)|Learn how to configure the engine by using a JSON configuration file. |[The PnP Office Open XML File Format](the-pnp-office-open-xml-file-format.md)|Learn about the .PnP file format, which is an Office Open XML file, and how it is built up. -|[PnP provisioning framework](pnp-provisioning-framework.md)| Get a high-level overview of remote provisioning features available for your Office 365 and SharePoint Online site collections as well as an understanding about why creating sandboxed and full-trust solutions is no longer recommended.| +|[PnP provisioning framework](pnp-provisioning-framework.md)| Get a high-level overview of remote provisioning features available for your Office 365 and SharePoint Online site collections as well as an understanding of why creating sandboxed and full-trust solutions is no longer recommended.| |[PnP provisioning engine and the Core library](pnp-provisioning-engine-and-the-core-library.md)| Take a high-level look at the remote provisioning process, including a closer look at the OfficeDevPnP.Core library.| |[PnP provisioning schema](pnp-provisioning-schema.md)| How to use the XML schema to serialize and save your provisioning templates.| |[Provisioning console application sample](provisioning-console-application-sample.md)| Learn the fundamentals of using the PnP provisioning engine to create and persist, and then apply provisioning templates to new SharePoint site collections.| |[OfficeDevPnP.Core ](https://github.com/SharePoint/PnP-Sites-Core/tree/master/Core)|The Office 365 Developer PnP Core Component is an extension that encapsulates commonly used remote CSOM/REST operations as reusable extension methods to support CSOM provisioning objects.| -|[Inside the PnP provisioning schema (video)](https://channel9.msdn.com/blogs/OfficeDevPnP/Deep-dive-to-PnP-provisioning-engine-schema)|A Microsoft Channel 9 audio/video introduction to the PnP provisioning schema delivered by Paolo Pialorsi.| ## See also diff --git a/docs/solution-guidance/security-apponly-azureacs.md b/docs/solution-guidance/security-apponly-azureacs.md index 0e9f9e38c..176a1901c 100644 --- a/docs/solution-guidance/security-apponly-azureacs.md +++ b/docs/solution-guidance/security-apponly-azureacs.md @@ -12,20 +12,21 @@ ms.localizationpriority: medium SharePoint App-Only is the older, but still very relevant, model of setting up app-principals. This model works for both SharePoint Online and SharePoint on-premises (2013/2016/2019/subscription edition) and is ideal to prepare your applications for migration from SharePoint on-premises to SharePoint Online. Below steps show how to setup an app principal with tenant full control permissions, but you could also grant just read permissions using this approach. -> [!IMPORTANT] -> Azure Access Control (ACS), a service of Azure Active Directory (Azure AD), has been retired on November 7, 2018. This retirement does not impact the SharePoint Add-in model, which uses the `https://accounts.accesscontrol.windows.net` hostname (which is not impacted by this retirement). For more information, see [Impact of Azure Access Control retirement for SharePoint Add-ins](https://devblogs.microsoft.com/microsoft365dev/impact-of-azure-access-control-deprecation-for-sharepoint-add-ins/). For new tenants, apps using an ACS app-only access token is disabled by default. We recommend using the Azure AD app-only model which is modern and more secure. But you can change the behavior by running 'set-spotenant -DisableCustomAppAuthentication $false' (needs the latest SharePoint admin PowerShell). +[!INCLUDE [azure-acs-retirement](../../includes/snippets/azure-acs-deprecation.md)] + +For new tenants, apps using an ACS app-only access token is disabled by default. We recommend using the Azure AD app-only model which is modern and more secure. But you can change the behavior by running 'set-spotenant -DisableCustomAppAuthentication $false' (needs the latest SharePoint admin PowerShell). ## Setting up an app-only principal with tenant permissions > [!NOTE] > Site collection admin is not able to register add-in with Azure ACS in AppRegNew.aspx by default unless explicitly allowed by the SharePoint tenant admin. For more information, see [Set-SPOTenant](/powershell/module/sharepoint-online/set-spotenant#-siteownermanagelegacyserviceprincipalenabled). -Navigate to a site in your tenant (e.g. https://contoso.sharepoint.com) and then call the appregnew.aspx page (e.g. https://contoso.sharepoint.com/_layouts/15/appregnew.aspx). In this page click on the Generate button to generate a client id and client secret and fill the remaining information like shown in the screen-shot below. +Navigate to a site in your tenant (e.g. https://contoso.sharepoint.com) and then call the appregnew.aspx page (e.g. https://contoso.sharepoint.com/_layouts/15/appregnew.aspx). In this page fill the remaining information like shown in the screen-shot below. -![Create a new Client ID & secret](media/apponly/sharepointapponly1.png) +![Create a new Client ID & secret](media/apponly/sharepointapponly1new.png) > [!IMPORTANT] -> Store the retrieved information (client id and client secret) since you'll need this in the next step! +> After pressing `Create` you'll be presented with a client id and client secret, store the retrieved information (client id and client secret) since you'll need this in the next step! Next step is granting permissions to the newly created principal. Since we're granting tenant scoped permissions this granting can only be done via the appinv.aspx page on the tenant administration site. You can reach this site via `https://contoso-admin.sharepoint.com/_layouts/15/appinv.aspx`. Once the page is loaded add your client id and look up the created principal: diff --git a/docs/solution-guidance/security-apponly-azuread.md b/docs/solution-guidance/security-apponly-azuread.md index 9587a27d3..e0beef196 100644 --- a/docs/solution-guidance/security-apponly-azuread.md +++ b/docs/solution-guidance/security-apponly-azuread.md @@ -11,8 +11,7 @@ ms.localizationpriority: medium When using SharePoint Online you can define applications in Azure AD and these applications can be granted permissions to SharePoint, but also to all the other services in Office 365. This model is the preferred model in case you're using SharePoint Online, if you're using SharePoint on-premises you have to use the SharePoint Only model via based Azure ACS as described in [here](security-apponly-azureacs.md). -> [!IMPORTANT] -> Azure Access Control (ACS), a service of Azure Active Directory (Azure AD), has been retired on November 7, 2018. This retirement does not impact the SharePoint Add-in model, which uses the `https://accounts.accesscontrol.windows.net` hostname (which is not impacted by this retirement). For more information, see [Impact of Azure Access Control retirement for SharePoint Add-ins](https://devblogs.microsoft.com/microsoft365dev/impact-of-azure-access-control-deprecation-for-sharepoint-add-ins/). +[!INCLUDE [azure-acs-retirement](../../includes/snippets/azure-acs-deprecation.md)] ## Setting up an Azure AD app for app-only access diff --git a/docs/solution-guidance/security-apponly.md b/docs/solution-guidance/security-apponly.md index 7efa13f70..b940b31cb 100644 --- a/docs/solution-guidance/security-apponly.md +++ b/docs/solution-guidance/security-apponly.md @@ -37,5 +37,4 @@ The recommendation is to use it only with an app+user context. > [!IMPORTANT] > If the above scenarios are critical for you it's recommended to define a service account, grant that one permissions and then use it in your application. See the [Governance.EnsurePolicy](https://github.com/SharePoint/PnP/tree/master/Solutions/Governance.EnsurePolicy) sample to learn more on how you can grant tenant wide permissions for a service account. Also the article explaining an [alternative model for web app policies in SharePoint Online](security-webapppolicies.md) does contain a lot of information on this topic. -> [!IMPORTANT] -> Azure Access Control (ACS), a service of Azure Active Directory (Azure AD), was retired on November 7, 2018. This retirement does not impact the SharePoint Add-in model, which uses the `https://accounts.accesscontrol.windows.net` hostname (which is not impacted by this retirement). For more information, see [Impact of Azure Access Control retirement for SharePoint Add-ins](https://developer.microsoft.com/office/blogs/impact-of-azure-access-control-deprecation-for-sharepoint-add-ins). +[!INCLUDE [azure-acs-retirement](../../includes/snippets/azure-acs-deprecation.md)] diff --git a/docs/sp-add-ins-modernize/from-csom-to-pnp-libraries.md b/docs/sp-add-ins-modernize/from-csom-to-pnp-libraries.md index b2d1c3b58..daa3218c7 100644 --- a/docs/sp-add-ins-modernize/from-csom-to-pnp-libraries.md +++ b/docs/sp-add-ins-modernize/from-csom-to-pnp-libraries.md @@ -155,7 +155,7 @@ The above code relies on interactive and web based login to access a target Shar The code sampleretrieves *Id* and *Title* of a library with title "Documents" and it retrieves the top 10 items in the library, in order to show *Id* and *Title* of those items. Syntax is really close to what you are used to using in CSOM. In fact, you get a *context* object, which is of type *Microsoft.SharePoint.Client.ClientContext* from CSOM, and you use it. However, for example you use the *ExecuteQueryRetryAsync* method, which is actually a .NET extension method provided by PnP Framework, or you use the *GetListByTitle* method, which is yet another extension method provided by PnP Framework. Moreover, in PnP Framework there are plenty of asynchronous methods that allow you to write modern asynchronous code. -In the PnP Framework library there are thousands of extensions methods for the CSOM types to improve code quality, readability, and efficiency. Furhtermore, in the PnP Framework there is also the implementation of the [PnP Provisioning Engine](https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/introducing-the-pnp-provisioning-engine), which is the engine used by many business and by Microsoft itself to automate the provisioning of sites and artifacts. For example, the PnP Provisioning Engine is behind the scenes of the [Microsoft Look Book site](http://lookbook.microsoft.com/), as well as behind the scenes of the provisioning of SPO demo content in Microsoft 365 developers’ tenant. +In the PnP Framework library there are thousands of extensions methods for the CSOM types to improve code quality, readability, and efficiency. Furhtermore, in the PnP Framework there is also the implementation of the [PnP Provisioning Engine](https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/introducing-the-pnp-provisioning-engine), which is the engine used by many business and by Microsoft itself to automate the provisioning of sites and artifacts. Last but not least, the PnP Framework is in the back-end of most of the cmdlets provided by the [PnP PowerShell](https://pnp.github.io/powershell/index.html) module, and provides the basic infrastructure for the [PnP Page Transformation](https://pnp.github.io/pnpcore/using-the-sdk/transformation-getting-started.html) engine of the PnP Modernization Framework. diff --git a/docs/sp-add-ins-modernize/from-remote-event-receivers-to-webhooks.md b/docs/sp-add-ins-modernize/from-remote-event-receivers-to-webhooks.md index eb74f6e00..e86590567 100644 --- a/docs/sp-add-ins-modernize/from-remote-event-receivers-to-webhooks.md +++ b/docs/sp-add-ins-modernize/from-remote-event-receivers-to-webhooks.md @@ -1,7 +1,7 @@ --- title: Transform SharePoint Add-in model Remote Event Receivers to SharePoint Online Webhooks description: Transform SharePoint Add-in model Remote Event Receivers to SharePoint Online Webhooks. -ms.date: 08/28/2023 +ms.date: 03/15/2024 ms.localizationpriority: high ms.service: sharepoint --- @@ -12,7 +12,10 @@ In the SharePoint Add-in model you can create Remote Event Receivers, which can The synchronous events allow a developer to intercept an event while it is happening and with custom logic the Remote Event Receiver can even cancel the currently running operation. -The asynchronous events allow a developer to be notified of an event after it already occured, as such you can only keep track of the event or react to the event, but you cannot cancel the already occurred event, unless you implement your own compensation logic. Due to their nature and logic, the synchronous events are often called *-ing* events (ItemAdding, ItemUpdating, ItemDeleting, etc.), while the asynchronous events are often called *-ed* events (ItemAdded, ItemUpdated, ItemDeleted, etc.). +The asynchronous events allow a developer to be notified of an event after it already occurred, as such you can only keep track of the event or react to the event, but you cannot cancel the already occurred event, unless you implement your own compensation logic. Due to their nature and logic, the synchronous events are often called *-ing* events (ItemAdding, ItemUpdating, ItemDeleting, etc.), while the asynchronous events are often called *-ed* events (ItemAdded, ItemUpdated, ItemDeleted, etc.). + +> [!Important] +> Remote Event Receivers can also be used without having a dependency on Azure ACS (which is retired), check the [Use remote event receivers without Azure ACS dependency](./use-remote-event-receivers-without-azure-acs-dependency.md) article to learn more. > [!IMPORTANT] > This article refers to so called PnP components, samples and/or tooling which are open-source assets backed by an active community providing support for them. There is no SLA for open-source tool support from official Microsoft support channels. These components or samples are however using Microsoft supported out of the box APIs and features which are supported by Microsoft. diff --git a/docs/sp-add-ins-modernize/publishing-modern-sharepoint-apps-on-appsource.md b/docs/sp-add-ins-modernize/publishing-modern-sharepoint-apps-on-appsource.md index d5a6bbbf9..d1ece85ee 100644 --- a/docs/sp-add-ins-modernize/publishing-modern-sharepoint-apps-on-appsource.md +++ b/docs/sp-add-ins-modernize/publishing-modern-sharepoint-apps-on-appsource.md @@ -1,54 +1,54 @@ --- title: Publishing modern SharePoint applications on Microsoft AppSource description: Publishing modern SharePoint applications on Microsoft AppSource -ms.date: 08/28/2023 +ms.date: 06/08/2024 ms.localizationpriority: high ms.service: sharepoint --- # Publishing modern SharePoint applications on Microsoft AppSource -In this article you will learn how to publish on the Microsoft 365 Store (via [Microsoft AppSource](https://appsource.microsoft.com/)) a modern solution built with SharePoint Framework. Your SharePoint Framework solution can target SharePoint Online only, or also Microsoft Teams. In the latter case, the application will show up in Microsoft Teams gallery through the SharePoint Online tenant App Catalog. +In this article, you will learn how to publish on the Microsoft 365 Store (via [Microsoft AppSource](https://appsource.microsoft.com/)) a modern solution built with SharePoint Framework. Your SharePoint Framework solution can target SharePoint Online only, or also Microsoft Teams. In the latter case, the application will show up in the Microsoft Teams gallery through the SharePoint Online tenant App Catalog. -If you prefer, you can watch the following video, instead of reading the whole article, which you can still consider as a much more detailed reference. +If you prefer, you can watch the following video, instead of reading the whole article, which you can still consider a much more detailed reference. -[![IMAGE_ALT](https://img.youtube.com/vi/_z-q787tGrQ/0.jpg)](https://youtu.be/_z-q787tGrQ) +> [!VIDEO https://youtu.be/_z-q787tGrQ] ## How to publish an application on the marketplace -First of all, you need to make sure that you are a member of the Microsoft Partner Network (MPN). If you are not a registerd member, you can enroll through the following link: [https://aka.ms/joinmarketplace](https://aka.ms/joinmarketplace). In order to being able to sell your products on the marketplace, you will also need to provide a payout profile, a tax profile, and to compile the billing profile. The process will require a review and approval phase on the Microsoft side. +First of all, you need to make sure that you are a member of the Microsoft Partner Network (MPN). If you are not a registered member, you can enroll through the following link: [https://aka.ms/joinmarketplace](https://aka.ms/joinmarketplace). To be able to sell your products on the marketplace, you will also need to provide a payout profile, and a tax profile, and to compile the billing profile. The process will require a review and approval phase on the Microsoft side. ![The initial step of the Partner enrollment program. You need to provide your email address and follow the registration steps.](../images/add-in-transform/publishing-modern-sharepoint-apps-on-appsource/publishing-modern-sharepoint-apps-on-appsource-partner-center-01.png) -Once you are a registered partner, you have to complete the onboarding process for the *"Office Store"* program. Click on the gear icon in the upper right corner of the *"Partner Center"* web site and select *"Account Settings"*. Choose *"Program"* in the menu on the right side of the page and then *"Other Programs"* to see the available programs to enroll. Select the program with name *"Office Store"* and start the enrollment process. +Once you are a registered partner, you have to complete the onboarding process for the *"Office Store"* program. Click on the gear icon in the upper right corner of the *"Partner Center"* website and select *"Account Settings"*. Choose *"Program"* in the menu on the right side of the page and then *"Other Programs"* to see the available programs to enroll. Select the program with the name *"Office Store"* and start the enrollment process. ![The *"Registered programs"* section of the Microsoft *"Partner Center"* with the *"Office Store"* program subscribed and active.](../images/add-in-transform/publishing-modern-sharepoint-apps-on-appsource/publishing-modern-sharepoint-apps-on-appsource-partner-center-02.png) -Once yoy will be enrolled in the *"Office Store"* programm (it can take up to 48 hours) you should be able to find the *"Office Store"* program in your Partner Center dashboard, under [*"Account settings"* -> *"Programs"* -> *"Registered programs"*](https://partner.microsoft.com/en-us/dashboard/account/v3/settings/programs). +Once you are enrolled in the *"Office Store"* program (it can take up to 48 hours) you should be able to find the *"Office Store"* program in your Partner Center dashboard, under [*"Account settings"* -> *"Programs"* -> *"Registered programs"*](https://partner.microsoft.com/dashboard/account/v3/settings/programs). -![The *"Registered programs"* section of the Microsoft *"Partner Center"* with the *"Office Store"* program subscribed and active.](../images/add-in-transform/publishing-modern-sharepoint-apps-on-appsource/publishing-modern-sharepoint-apps-on-appsource-partner-center-03.png) +![Microsoft Partner Center - Account Settings](../images/add-in-transform/publishing-modern-sharepoint-apps-on-appsource/publishing-modern-sharepoint-apps-on-appsource-partner-center-03.png) -You can now move to the [*"Marketplace"*](https://partner.microsoft.com/en-us/dashboard/marketplace-offers/overview) section of the *"Partner Center"*, which you can find under the *"Home"* page of the *"Partner Center"* web site, and from there you should choose to target the *"Office store"* and create a *"New offer"* of type *"SharePoint solution"*. +You can now move to the [*"Marketplace"*](https://partner.microsoft.com/dashboard/marketplace-offers/overview) section of the *"Partner Center"*, which you can find under the *"Home"* page of the *"Partner Center"* web site, and from there you should choose to target the *"Office store"* and create a *"New offer"* of type *"SharePoint solution"*. ![The *"Office Store"* marketplace. There is a *"+ New offer"* button with a list of types of offers that includes "Office add-in", "SharePoint solution", and "Teams app".](../images/add-in-transform/publishing-modern-sharepoint-apps-on-appsource/publishing-modern-sharepoint-apps-on-appsource-partner-center-04.png) -Provide a name for your application, check that the name is unique and available, associate the product with a publisher and save it. For the sake of making an example, imagine that you are going to publish a solution with name *"Orders App"*, like illustrated in the following screenshot. +Provide a name for your application, check that the name is unique and available, associate the product with a publisher, and save it. For the sake of making an example, imagine that you are going to publish a solution with the name *"Orders App"*, like illustrated in the following screenshot. ![The panel to configure the SharePoint sulution name.](../images/add-in-transform/publishing-modern-sharepoint-apps-on-appsource/Publishing-modern-SharePoint-apps-on-AppSource-Partner-Center-05.png) -Now, you are ready to go through the registration steps for your SharePoint solution. Specifically, you have to provide information about the *"Product setup"*. The information include a flag to specify if your product includes in-app purchases or associated services that require an additional purchase. You can also configure a connection to a CRM (Customer Relationship Management) system to send customer leads to. +Now, you are ready to go through the registration steps for your SharePoint solution. Specifically, you have to provide information about the *"Product setup"*. The information includes a flag to specify if your product includes in-app purchases or associated services that require an additional purchase. You can also configure a connection to a CRM (Customer Relationship Management) system to send customer leads to. ![The product configuration step about *"Product setup"*. You can configure in-app purchases and CRM connection.](../images/add-in-transform/publishing-modern-sharepoint-apps-on-appsource/publishing-modern-sharepoint-apps-on-appsource-partner-center-06.png) -Then, you can upload the actual packages of your solution, through a dedicate page called *"Packages"*. +Then, you can upload the actual packages of your solution, through a dedicated page called *"Packages"*. ![The product configuration step about *"Packages"*. You can use it to upload the packages of your product.](../images/add-in-transform/publishing-modern-sharepoint-apps-on-appsource/publishing-modern-sharepoint-apps-on-appsource-partner-center-07.png) -The next step is the one to define the *"Properties"* of the solution. This includes information about the product category, the target industries, the lagal information like the license contract, a link to the EULA (End User License Agreement), and the documentation link. +The next step is the one to define the *"Properties"* of the solution. This includes information about the product category, the target industries, the legal information like the license contract, a link to the EULA (End User License Agreement), and the documentation link. ![The product configuration step about *"Properties"* that includes product category, industries, legal information, documentation link.](../images/add-in-transform/publishing-modern-sharepoint-apps-on-appsource/publishing-modern-sharepoint-apps-on-appsource-partner-center-08.png) -You can now define the *"Marketplace listings"* for your solution. In this section you can define the supported languages. +You can now define the *"Marketplace listings"* for your solution. In this section, you can define the supported languages. ![The product configuration step about *"Marketplace listings"* that allows to define the supported languages.](../images/add-in-transform/publishing-modern-sharepoint-apps-on-appsource/publishing-modern-sharepoint-apps-on-appsource-partner-center-09.png) @@ -56,19 +56,19 @@ The next step is the *"Availability"* one, where you can configure the target ma ![The product configuration step about *"Availability"*, where you can define the target markets and the release date.](../images/add-in-transform/publishing-modern-sharepoint-apps-on-appsource/publishing-modern-sharepoint-apps-on-appsource-partner-center-10.png) -In case your solution relies on Azure Access Control Service (ACS), you can configure the Client IDs of those applications, including a *"Friendly name"*, an *"App domain"*, an *"App redirect URL"*, and you can eventually generate a *"Client Secret"* through the *"Client IDs"* section. Clearly, for a modern SharePoint Online solutions, you shouldn't rely on Azure ACS but on Azure Active Directory registered applications. +In case your solution relies on Azure Access Control Service (ACS), you can configure the Client IDs of those applications, including a *"Friendly name"*, an *"App domain"*, an *"App redirect URL"*, and you can eventually generate a *"Client Secret"* through the *"Client IDs"* section. Clearly, for modern SharePoint Online solutions, you shouldn't rely on Azure ACS but on Azure Active Directory registered applications. ![The product configuration step about *"Client IDs"*, where you can configure Azure AD applications required by the solution.](../images/add-in-transform/publishing-modern-sharepoint-apps-on-appsource/publishing-modern-sharepoint-apps-on-appsource-partner-center-11.png) -It is now time to provide *"Additional Certification Info"* useful to test your solution. Through this step you can provide information useful for testing, screenshot, additional PDF documentation. This information is not shown to customers but used for testing purposes only. +It is now time to provide *"Additional Certification Info"* useful to test your solution. Through this step, you can provide information useful for testing, screenshots, and additional PDF documentation. This information is not shown to customers but is used for testing purposes only. ![The product configuration step about *"Additional Certification Info"*, where you can provide additional technical information to test your solution.](../images/add-in-transform/publishing-modern-sharepoint-apps-on-appsource/publishing-modern-sharepoint-apps-on-appsource-partner-center-12.png) -You can now go through a *"Publisher Attestation"*, which is voluntary, that allows you to complete a self-assessment of your app's security, data handling, and compliance practices. +You can now go through a *"Publisher Attestation"*, which is voluntary, and allows you to complete a self-assessment of your app's security, data handling, and compliance practices. ![The product configuration step about *"App Compliance"*, where you can start a voluntary self-assessment of your application.](../images/add-in-transform/publishing-modern-sharepoint-apps-on-appsource/publishing-modern-sharepoint-apps-on-appsource-partner-center-13.png) -The last and optional step *"Manage product names"* allows you to reserve additional names for your solution, in case you want to use different names based on the target language, or to change your product's name in the future. +The last and optional step *"Manage product names"* allows you to reserve additional names for your solution, in case you want to use different names based on the target language or to change your product's name in the future. ![The product configuration step about *"Manage product names"*, through which you can reserve additional names for your solution.](../images/add-in-transform/publishing-modern-sharepoint-apps-on-appsource/publishing-modern-sharepoint-apps-on-appsource-partner-center-14.png) @@ -82,29 +82,29 @@ Once you will publish your solution, it will go through a certification process ## Solution Certification -Before submitting the solution through the certification process, it is highly suggested that you validate your application against the validation checklist, so that the app will pass the approval process. You can find the list of validation checks in the document [Prepare your SharePoint Framework application for publishing to the Marketplace](../spfx/publish-to-marketplace-checklist.md). +Before submitting the solution through the certification process, it is highly suggested that you validate your application against the validation checklist so that the app will pass the approval process. You can find the list of validation checks in the document [Prepare your SharePoint Framework application for publishing to the Marketplace](../spfx/publish-to-marketplace-checklist.md). In the checklist, just for the sake of making an example, you will find checks like: -- Use SharePoint Framework v1.11 or newer +- Use the SharePoint Framework v1.11 or newer - Test application in both root and non-root sites - Test application in the required browsers -- The application must only manipulate the DOM element provided through the domElement property -- Don't use names of other Microsoft's products in your solution's name +- The application must only manipulate the DOM element provided through the `domElement` property +- Don't use the names of other Microsoft products in your solution's name - Supporting end users to inject scripts is not allowed - Don't include malicious code - etc. -Your application will go through a certification process, and it is better and time saving for you to validate all the checks before submitting your application. You should also make sure you read, review, and comply with the [Microsoft 365 policies for SharePoint Framework solutions](https://learn.microsoft.com/en-us/legal/marketplace/certification-policies#1170-sharepoint-framework-solutions). +Your application will go through a certification process, and it is better and time-saving for you to validate all the checks before submitting your application. You should also make sure you read, review, and comply with the [Microsoft 365 policies for SharePoint Framework solutions](/legal/marketplace/certification-policies#1170-sharepoint-framework-solutions). Once you've gone through the offer registration process and your solution is certified and validated, your offering will become ready and available on the marketplace on the availability date that you configured. ## Recommended content -You can find additional information about this topic reading the following documents: +You can find additional information about this topic by reading the following documents: * [Prepare your SharePoint Framework application for publishing to the Marketplace](../spfx/publish-to-marketplace-checklist.md) -* [Microsoft 365 policies for SharePoint Framework solutions](https://learn.microsoft.com/en-us/legal/marketplace/certification-policies#1170-sharepoint-framework-solutions) +* [Microsoft 365 policies for SharePoint Framework solutions](/legal/marketplace/certification-policies#1170-sharepoint-framework-solutions) * [Join the Microsoft Marketplace](https://aka.ms/joinmarketplace) -* [Microsoft Business Applications Independent Software Vendor (ISV) Connect Program onboarding guide](https://learn.microsoft.com/en-us/azure/marketplace/business-applications-isv-program) -* [Store step-by-step submission guide](https://learn.microsoft.com/en-us/azure/marketplace/add-in-submission-guide) +* [Microsoft Business Applications Independent Software Vendor (ISV) Connect Program onboarding guide](/azure/marketplace/business-applications-isv-program) +* [Store step-by-step submission guide](/azure/marketplace/add-in-submission-guide) diff --git a/docs/sp-add-ins-modernize/sp-add-in-modernize.md b/docs/sp-add-ins-modernize/sp-add-in-modernize.md index 8221c2f7e..3e1a5f102 100644 --- a/docs/sp-add-ins-modernize/sp-add-in-modernize.md +++ b/docs/sp-add-ins-modernize/sp-add-in-modernize.md @@ -1,32 +1,42 @@ --- -title: Modernizing your SharePoint add-in model implementations in Microsoft 365 +title: Modernizing your SharePoint Add-In model implementations in Microsoft 365 description: -ms.date: 09/12/2023 -ms.prod: sharepoint +ms.date: 09/25/2023 +ms.service: sharepoint ms.localizationpriority: high --- -# Modernization guidance for existing SharePoint add-in model implementations in Microsoft 365 +# Modernization guidance for existing SharePoint Add-In model implementations in Microsoft 365 -SharePoint add-in model was introduced as part of the SharePoint 2013 timeframe and it was also provided as an extensibility option for SharePoint Online (Microsoft 365). While SharePoint add-in model is currently still supported in the SharePoint Online, model and patterns and outdated and are not recommended to be used. +The SharePoint Add-In model was introduced as part of the SharePoint 2013 timeframe and it was also provided as an extensibility option for SharePoint Online (Microsoft 365). -Microsoft is looking into officially deprecating SharePoint add-in model in autumn 2023 - spring 2024 timeframe with clear communications on the detailed end-of-life schedule for related features. +[!INCLUDE [sp-Add-In-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] -> [!IMPORTANT] -> Deprecation means official statement that the feature is no longer being invested, but it's stil supported. End-of-life means that the feature will be discontinued and is no longer available for use. +While SharePoint Add-In model is currently still supported in SharePoint Online, the model and patterns are outdated and aren't recommended to be used. -These upcoming changes will be impacting SharePoint add-in model and also authentication patterns using the classic [SharePoint Online hosted Microsoft Azure Access Control Service](https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins/authorization-code-oauth-flow-for-sharepoint-add-ins) (ACS) authentication patterns, used with the provided hosted add-ins and potentially with other unattended services connecting to SharePoint Online. +> [!NOTE] +> This upcoming deprecation announcement will impact SharePoint Online. There are no changes on the Add-In model supportability within the SharePoint on-premises versions. + +These upcoming changes are impacting SharePoint Add-In model and also authentication patterns using the classic [SharePoint Online hosted Microsoft Azure Access Control Service](https://learn.microsoft.com/sharepoint/dev/sp-Add-Ins/authorization-code-oauth-flow-for-sharepoint-Add-Ins) (ACS) authentication patterns, used with the provided hosted Add-Ins and potentially with other unattended services connecting to SharePoint Online. + +[!INCLUDE [azure-acs-retirement](../../includes/snippets/azure-acs-deprecation.md)] ## Transformation technologies -Here's a high level table of the feature mapping as the add-in model implementation is transformed to use other long term supported features: +Here's a high level table of the feature mapping as the Add-In model implementation is transformed to use other long term supported features: -## Transformation guidance for the add-in techniques +| Classic technology | New technology +|-------------------- |---------------- +| SharePoint Add-In | SharePoint Framework +| Provider hosted Add-In | Azure AD registered apps +| App registration using ACS | Azure AD registered apps +| JSOM | Graph JS SDK & PnPjs library +| SharePoint Workflow | Power Automate Flows -Here's a list of all articles for the transformation guidance when moving away on using SharePoint add-in model, grouped based on the covered topic: +## Transformation guidance for the Add-In techniques + +Here's a list of all articles for the transformation guidance when moving away on using SharePoint Add-In model, grouped based on the covered topic: -* Modern Provisioning - * [Modern provisioning of artifacts and Information Architecture](./Modern-Provisioning.md) * Modern Authentication and Authorization * [Understanding Azure Active Directory and OAuth 2.0 in the context of SharePoint Online modern development](./Understanding-AAD-and-OAuth-for-SPO-modern.md) * [From Access Control Service applications to Azure Active Directory applications](./From-ACS-to-AAD-apps.md) @@ -44,7 +54,9 @@ Here's a list of all articles for the transformation guidance when moving away o * [From Remote Event Receivers to SharePoint Online Webhooks and Microsoft Graph Webhooks](./From-Remote-Event-Receivers-to-Webhooks.md) * [From SharePoint-hosted apps to client-side applications](./From-SharePoint-Hosted-to-Client-Side.md) * [From provider-hosted apps to AAD applications](./From-Provider-Hosted-to-AAD-applications.md) - * [From SharePoint Add-in model Workflow Apps to Microsoft Power Automate](./From-Workflow-Apps-to-Power-Automate.md) + * [From SharePoint Add-In model Workflow Apps to Microsoft Power Automate](./From-Workflow-Apps-to-Power-Automate.md) * [Publishing modern SharePoint applications on Microsoft AppSource](./Publishing-modern-SharePoint-apps-on-AppSource.md) +* Modern Provisioning + * [Modern provisioning of artifacts and Information Architecture](./Modern-Provisioning.md) -If some essential guidance is not included, please open an issue at the SharePoint developer documentation and we will try to help you as fast as possible with your specific question. +If some essential guidance isn't included, open an issue at the [SharePoint developer documentation](https://aka.ms/spdev-issues) and we'll help you as fast as possible with your specific question. diff --git a/docs/sp-add-ins-modernize/understanding-aad-and-oauth-for-spo-modern.md b/docs/sp-add-ins-modernize/understanding-aad-and-oauth-for-spo-modern.md index d0f1e6045..0e0581c08 100644 --- a/docs/sp-add-ins-modernize/understanding-aad-and-oauth-for-spo-modern.md +++ b/docs/sp-add-ins-modernize/understanding-aad-and-oauth-for-spo-modern.md @@ -1,7 +1,7 @@ --- title: Understanding Azure Active Directory and OAuth 2.0 in the context of SharePoint Online modern development -description: Understanding Azure Active Directory and OAuth 2.0 in the context of SharePoint Online modern development. -ms.date: 08/28/2023 +description: Master Azure Active Directory and OAuth 2.0 for SharePoint Online modern development. Learn about authentication, authorization, and access tokens in this comprehensive guide. +ms.date: 12/05/2023 ms.localizationpriority: high ms.service: sharepoint --- @@ -24,10 +24,10 @@ If you prefer, you can watch the following video, instead of reading the whole a In Microsoft SharePoint Online, when developing SharePoint Framework (SPFx) solutions, you can consume Microsoft Graph, as well as any other third-party APIs relying on OAuth 2.0 and Azure Active Directory. Specifically, and by default, in SharePoint Framework any external API can be consumed either via _MSGraphClient_ or _AadHttpClient_ and leveraging a pre-defined Azure Active Directory application with name "SharePoint Online Client Extensibility Web Application Principal". > [!NOTE] -> For further details about consuming Microsoft Graph from within a SharePoint Framework solution you can read the article ["Use the MSGraphClientV3 to connect to Microsoft Graph"](../spfx/use-msgraph.md). For further details about consuming any other third-party APIs from within SharePoint Framework you can read the article ["Connect to Azure AD-secured APIs in SharePoint Framework solutions"](../spfx/use-aadhttpclient.md). +> For further details about consuming Microsoft Graph from within a SharePoint Framework solution you can read the article [Use the MSGraphClientV3 to connect to Microsoft Graph](../spfx/use-msgraph.md). For further details about consuming any other third-party APIs from within SharePoint Framework you can read the article [Connect to Azure AD-secured APIs in SharePoint Framework solutions](../spfx/use-aadhttpclient.md). > [!IMPORTANT] -> There are scenarios where you need to have a dedicated and isolated access to a target API. In such scenario, you can rely on the Domain Isolated configuration for your SharePoint Framework solution. You can find additional details about the Domain Isolated scenario reading the article ["Isolated web parts"](../web-parts/isolated-web-parts.md). +> There are scenarios where you need to have a dedicated and isolated access to a target API. In such scenario, you can rely on the Domain Isolated configuration for your SharePoint Framework solution. You can find additional details about the Domain Isolated scenario reading the article [Isolated web parts](../spfx/web-parts/isolated-web-parts.md). The "SharePoint Online Client Extensibility Web Application Principal" application is pre-registered by Microsoft SharePoint Online in any Microsoft 365 tenant and allows all the SharePoint Framework solutions to share a unique application to access both Microsoft Graph and any other third-party APIs. In this article, you will understand what the role of Azure Active Directory and OAuth 2.0 in the SharePoint Framework context is. @@ -36,12 +36,12 @@ The "SharePoint Online Client Extensibility Web Application Principal" applicati In order to consume any API registered in Azure Active Directory and secured with OAuth 2.0 you need to provide an Access Token, which by definition is an opaque string used to protect a resource. With Azure Active Directory, as well as with many other vendor-specific identity platforms, the Access Token is a JSON Web Token (JWT) that contains a set of claims. Claims are assertions about a subject described by the Access Token and where the assertions are guaranteed to be true because the token is digitally signed by the issuer (Azure Active Directory in this context) and the recipient of the token trusts the issuer. > [!NOTE] -> You can find additional information about the Open Authorization 2.0 protocol reading its specification ["The OAuth 2.0 Authorization Framework"](https://datatracker.ietf.org/doc/html/rfc6749). You can also find additional information about the JWT token format for Access Tokens reading the document ["JSON Web Token (JWT) profile for OAuth 2.0 Acccess Tokens"](https://www.rfc-editor.org/rfc/rfc9068). +> You can find additional information about the Open Authorization 2.0 protocol reading its specification [The OAuth 2.0 Authorization Framework](https://datatracker.ietf.org/doc/html/rfc6749). You can also find additional information about the JWT token format for Access Tokens reading the document [JSON Web Token (JWT) profile for OAuth 2.0 Acccess Tokens](https://www.rfc-editor.org/rfc/rfc9068). An Access Token is provided to the target API/service through a HTTP Authorization header and specifically, in the fields of Azure Active Directory, it is an Authorization token of type _Bearer_. > [!NOTE] -> In case you are wondering what "Bearer" means and why you need to specify the Bearer type before the actual Access Token value in the Authorization header, you can read the specification ["The OAuth 2.0 Authorization Framework: Bearer Token Usage"](https://www.rfc-editor.org/rfc/rfc6750). +> In case you are wondering what "Bearer" means and why you need to specify the Bearer type before the actual Access Token value in the Authorization header, you can read the specification [The OAuth 2.0 Authorization Framework: Bearer Token Usage](https://www.rfc-editor.org/rfc/rfc6750). ### Delegated vs Application permissions scopes @@ -56,21 +56,21 @@ When using Delegated permissions in Access Tokens, the permissions scopes associ In order for the tokens to be issued and fully effective, there must be either an explicit user's consent, for those permissions related to personal resources of the current user, or a tenant admin's consent, for those permissions related to tenant-wide resources. -When using Application permissions in Access Tokens, tipically the permissions granted require a tenant admin's consent because such an application will then gain access to target resources tenant-wide, and as such an admin approval is required. +When using Application permissions in Access Tokens, typically the permissions granted require a tenant admin's consent because such an application will then gain access to target resources tenant-wide, and as such an admin approval is required. In SharePoint Framework solutions, you will only get Access Tokens with Delegated permissions, meaning that you will only consume Microsoft Graph and any other API/services acting as the signed-in user. ### Understanding SharePoint Framework Access Tokens and Delegated permissions scopes -In order to better understand the role and the format of an Access Token you can play with the sample ["Consuming Microsoft Graph from SharePoint Framework"](https://github.com/pnp/addin-transformation-guidance/tree/main/samples/Understanding-AAD-OAuth-for-SPFx/Consuming-MSGraph-from-SPFx) related to this article. In the following screenshot you can see the user interface of the sample. +In order to better understand the role and the format of an Access Token you can play with the sample [Consuming Microsoft Graph from SharePoint Framework](https://github.com/pnp/addin-transformation-guidance/tree/main/samples/Understanding-AAD-OAuth-for-SPFx/Consuming-MSGraph-from-SPFx) related to this article. In the following screenshot you can see the user interface of the sample. ![The interface of the sample web part about consuming Microsoft Graph from SharePoint Framework. There is an header with the current user's User Principal Name and a button to press in order to inspect the content of the Microsoft Graph Access Token](../images/add-in-transform/understanding-aad-oauth-for-spfx/understanding-aad-oauth-for-spfx-msgraph-access-token-webpart-ui.png) -The sample Web Part relies on the ["jwt.ms"](https://jwt.ms) web site provided by Microsoft, where you can inspect the content of an Access Token. +The sample Web Part relies on the [jwt.ms](https://jwt.ms) web site provided by Microsoft, where you can inspect the content of an Access Token. Running the sample web part in the SharePoint Framework Workbench and pressing the "Look inside the Access Token for Microsoft Graph" button you will be brought to the jwt.ms web site where you can see the content of your Access Token. In the following screenshot you can see the output of the jwt.ms web site for a sample Access Token. -![The jwt.ms web site illustrating the content of a sample Access Token, including all the claims defined in the token and their values](../images/add-in-transform/add-in-transform/understanding-aad-oauth-for-spfx/understanding-aad-oauth-for-spfx-msgraph-access-token-claims.png) +![The jwt.ms web site illustrating the content of a sample Access Token, including all the claims defined in the token and their values](../images/add-in-transform/understanding-aad-oauth-for-spfx/understanding-aad-oauth-for-spfx-msgraph-access-token-claims.png) Inside every JWT Access Token there are claims, and here you can find a list of the most important ones for an Access Token issued to a SharePoint Framework client with Delegated permission scopes: @@ -89,18 +89,18 @@ If you are consuming the Microsoft Graph, like in the above sample, the _aud_ cl > [!NOTE] > For a Domain Isolated solution, the *app_displayname* claim will be the one of a dedicated application registered for you in Azure Active Directory by the SharePoint Online services. -On the client side, meaning in SharePoint Framework, you should never rely on the actual content of the Access Token. The provided sample is just for the sake of understanding how the security model works. However, in a common scenario, you can simply benefit of the out of the box capabilities of SharePoint Framework, which hides from you all the plumbing of consuming external APIs from within your code. +On the client side, meaning in SharePoint Framework, you should never rely on the actual content of the Access Token. The provided sample is just for the sake of understanding how the security model works. However, in a common scenario, you can simply take advantage of the out of the box capabilities of SharePoint Framework, which hides all the plumbing of consuming external APIs from your code. -On the service side, if you are consuming Microsoft Graph, it will be responsibility of Microsoft to evaluate the provided Access Token and to authorize (or deny) access to the requeste API endpoint. In case you are consuming a third-party API/service that you implemented, you can either rely on the configuration options of Microsoft Azure, if you are hosting the service on Microsoft Azure, or you can rely for example on the Microsoft Authentication Library (MSAL) and the Microsoft.Identity.Web library to validate and authorize the tokens. +On the service side, if you are consuming Microsoft Graph, it will be the responsibility of Microsoft to evaluate the provided Access Token and to authorize (or deny) access to the requeste API endpoint. In case you are consuming a third-party API/service that you implemented, you can either rely on the configuration options of Microsoft Azure, if you are hosting the service on Microsoft Azure, or you can rely, for example, on the Microsoft Authentication Library (MSAL) and the Microsoft.Identity.Web library to validate and authorize the tokens. > [!NOTE] -> You can find additional information about the Microsoft Authentication Library reading ["Overview of the Microsoft Authentication Library (MSAL)"](https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-overview). You can find further details about the Microsoft.Identity.Web library reading the article ["Microsoft Identity Web authentication library"](https://learn.microsoft.com/en-us/azure/active-directory/develop/microsoft-identity-web). +> You can find additional information about the Microsoft Authentication Library by reading [Overview of the Microsoft Authentication Library (MSAL)](/entra/identity-platform/msal-overview). You can find further details about the Microsoft.Identity.Web library by reading the article [Microsoft Identity Web authentication library](/entra/msal/dotnet/microsoft-identity-web). ## Recommended content You can find additional information about this topic reading the following documents: -* ["Connect to Azure AD-secured APIs in SharePoint Framework solutions"](../spfx/use-aadhttpclient.md) -* ["Isolated web parts"](../spfx/web-parts/isolated-web-parts.md) -* ["Overview of the Microsoft Authentication Library (MSAL)"](https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-overview) -* ["Microsoft Identity Web authentication library"](https://learn.microsoft.com/en-us/azure/active-directory/develop/microsoft-identity-web) \ No newline at end of file +* [Connect to Azure AD-secured APIs in SharePoint Framework solutions](../spfx/use-aadhttpclient.md) +* [Isolated web parts](../spfx/web-parts/isolated-web-parts.md) +* [Overview of the Microsoft Authentication Library (MSAL)](/entra/identity-platform/msal-overview) +* [Microsoft Identity Web authentication library](/entra/msal/dotnet/microsoft-identity-web) diff --git a/docs/sp-add-ins-modernize/understanding-rsc-for-msgraph-and-sharepoint-online.md b/docs/sp-add-ins-modernize/understanding-rsc-for-msgraph-and-sharepoint-online.md index 7ac712718..41b27ebe8 100644 --- a/docs/sp-add-ins-modernize/understanding-rsc-for-msgraph-and-sharepoint-online.md +++ b/docs/sp-add-ins-modernize/understanding-rsc-for-msgraph-and-sharepoint-online.md @@ -1,50 +1,50 @@ --- title: Understanding Resource Specific Consent for Microsoft Graph and SharePoint Online description: Understanding Resource Specific Consent for Microsoft Graph and SharePoint Online. -ms.date: 08/28/2023 +ms.date: 02/21/2024 ms.localizationpriority: high ms.service: sharepoint --- # Understanding Resource Specific Consent for Microsoft Graph and SharePoint Online -Historically in Microsoft SharePoint, both on-premises and online, there has been the capability to register applications in Azure Access Control Services (ACS) with granular permissions targeting specific site collections only. Through this technique, you were able to authorize a custom application to read, write, manage, or have full control on specific site collections with application only permissions. +Historically in Microsoft SharePoint, both on-premises and online, there has been the capability to register applications in Azure Access Control Services (ACS) with granular permissions targeting specific site collections only. Through this technique, you were able to authorize a custom application to read, write, manage, or have full control on specific site collections with application-only permissions. -ACS is not however anymore the best option to manage applications registration and security for SharePoint. You should rely on Azure Active Directory (AAD) applications registration and OAuth. By default, when you register an application in AAD and you can configure Microsoft Graph application permissions like *Sites.Read.All*, *Sites.ReadWrite.All*, *Sites.Manage.All*, or *Sites.FullControl.All*, which are permission that target all the site collections in the target tenant, as the *All* word implies in the name of the permission scopes. +ACS isn't however anymore the best option to manage application registration and security for SharePoint. You should rely on Microsoft Entra (formerly Azure Active Directory) application registration and OAuth. By default, when you register an application in Microsoft Entra, and you can configure Microsoft Graph application permissions like *Sites.Read.All*, *Sites.ReadWrite.All*, *Sites.Manage.All*, or *Sites.FullControl.All*, which are permission that targets all the site collections in the target tenant, as the *All* word implies in the name of the permission scopes. -The *All* target is not always welcomed by customers, in particular by enterprise customers with thousands of site collections, willing to have more granular permissions, being able to select the target site collections where the application should have read, write, manager, or full control permissions. +The *All* target isn't always welcomed by customers, in particular by enterprise customers with thousands of site collections, willing to have more granular permissions, being able to select the target site collections where the application should have read, write, manage, or full control permissions. > [!IMPORTANT] -> This article refers to so called PnP components, samples and/or tooling which are open-source assets backed by an active community providing support for them. There is no SLA for open-source tool support from official Microsoft support channels. These components or samples are however using Microsoft supported out of the box APIs and features which are supported by Microsoft. +> This article refers to so called PnP components, samples and/or tooling which are open-source assets backed by an active community providing support for them. There is no SLA for open-source tool support from official Microsoft support channels. These components or samples are however using Microsoft-supported out-of-the-box APIs and features that are supported by Microsoft. If you prefer, you can watch the following video, instead of reading the whole article, which you can still consider as a much more detailed reference. [![IMAGE_ALT](https://img.youtube.com/vi/94eJAsAm1Kg/0.jpg)](https://youtu.be/94eJAsAm1Kg) > [!NOTE] -> You can learn more about registering applications in Azure Active Directory instead of relying on Azure ACS by reading the article [Upgrading SharePoint applications from Azure Access Control Service to Azure Active Directory](./From-ACS-to-AAD-apps.md). +> You can learn more about registering applications in Microsoft Entra instead of relying on Azure ACS by reading the article [Upgrading SharePoint applications from Azure Access Control Service to Microsoft Entra](./From-ACS-to-AAD-apps.md). -With Resource Specific Consent (RSC) you can register applications in AAD and grant them application only permissions that can target specific site collections only, like you used to do with ACS. In this article, you are going to learn how to benefit of this capability. +With Resource Specific Consent (RSC) you can register applications in Microsoft Entra and grant them application-only permissions that can target specific site collections only, like you used to do with ACS. In this article, you're going to learn how to benefit of this capability. ## Registering an application with Resource Specific Consent permissions -In order to register an AAD application with RSC permission, you simply need to register a regular application in AAD. However, when you configure the API permissions of the application, instead of selecting any of the *Sites.<something>.All* application permissions for Microsoft Graph, you need to choose the *Sites.Selected* application permission, like illustrated in the following screenshot. +To register a Microsoft Entra application with RSC permission, you simply need to register a regular application in Microsoft Entra. However, when you configure the API permissions of the application, instead of selecting any of the *Sites.<something>.All* application permissions for Microsoft Graph, you need to choose the *Sites.Selected* application permission, as illustrated in the following screenshot. -![The UI of Azure Active Directory when configuring the *Sites.Selected* application permission for an application via Microsoft Graph.](../images/add-in-transform/understanding-rsc-for-msgraph-and-sharepoint-online/understanding-rsc-for-msgraph-and-sharepoint-online-sites.selected-graph.png) +![The UI of Microsoft Entra when configuring the *Sites.Selected* application permission for an application via Microsoft Graph.](../images/add-in-transform/understanding-rsc-for-msgraph-and-sharepoint-online/understanding-rsc-for-msgraph-and-sharepoint-online-sites.selected-graph.png) Then, a tenant admin, which can eventually still be you, will have to grant the *Sites.Selected* application permission to the application. -There is also a *Sites.Selected* application permission for SharePoint Online, in case you want to consume SharePoint Online via REST APIs, instead of consuming SharePoint Online via Microsoft Graph. In the following screenshot you can see how the *Sites.Selected* permission for SharePoint Online looks like in Azure AD. +There's also a *Sites.Selected* application permission for SharePoint Online, in case you want to consume SharePoint Online via REST APIs, instead of consuming SharePoint Online via Microsoft Graph. In the following screenshot, you can see how the *Sites.Selected* permission for SharePoint Online looks like in Microsoft Entra. -![The UI of Azure Active Directory when configuring the *Sites.Selected* application permission for an application via SharePoint Online.](./assets/understanding-rsc-for-msgraph-and-sharepoint-online/understanding-rsc-for-msgraph-and-sharepoint-online-sites.selected-spo.png) +![The UI of Microsoft Entra when configuring the *Sites.Selected* application permission for an application via SharePoint Online.](../images/add-in-transform/understanding-rsc-for-msgraph-and-sharepoint-online/understanding-rsc-for-msgraph-and-sharepoint-online-sites.selected-spo.png) ## Granting permissions to a specific Site Collection -Once the *Sites.Selected* application permission is assigned and granted, the application still cannot access any target site collection. In fact, in order to being able to access any target site, you will need a tenant global admin or an application with *Sites.FullControl.All* application permission to grant explicit permissions for the selected target sites. +Once the *Sites.Selected* application permission is assigned and granted, the application still can't access any target site collection. In order to be able to access any target site, you'll need a tenant global admin or an application with *Sites.FullControl.All* application permission to grant explicit permissions for the selected target sites. ### Granting permissions via Microsoft Graph -To grant permissions to the selected target sites you can use a Microsoft Graph API POST request, targeting the following URL: +To grant permissions to the selected target sites, you can use a Microsoft Graph API POST request, targeting the following URL: ```TEXT https://graph.microsoft.com/v1.0/sites/{siteId}/permissions @@ -77,47 +77,47 @@ Where {role} can be any of the following values, or an array of any of the follo * manage: provides the ability to read and modify the metadata and contents of the item and to manage the site. * fullcontrol: provides full control on the site and its content. -The {client-id} attribute is the actual client ID of the AAD application, and {application-name} is a description for the application. +The {client-id} attribute is the actual client ID of the Microsoft Entra application, and {application-name} is a description for the application. -The response that you will get back from Microsoft Graph will look like the following JSON file. +The response that you'll get back from Microsoft Graph will look like the following JSON file. ```JSON { - "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#sites('contoso.sharepoint.com,5a58bb09-1fba-41c1-8125-69da264370a0,9f2ec1da-0be4-4a74-9254-973f0add78fd')/permissions/$entity", - "id": "aTowaS50fG1zLnNwLmV4dHxlMDBiNWUzZi0yMzI1LTQ3MWQtOTljZi1iOGM5ZDlmNDU2N2FANmM5NDA3NWEtZGEwYS00YzZhLTg0MTEtYmFkZjY1MmU4YjUz", - "roles": [ - "write" - ], - "grantedToIdentitiesV2": [ - { - "application": { - "displayName": "AddInGuidanceRSC", - "id": "e00b5e3f-2325-471d-99cf-b8c9d9f4567a" - } - } - ], - "grantedToIdentities": [ - { - "application": { - "displayName": "AddInGuidanceRSC", - "id": "e00b5e3f-2325-471d-99cf-b8c9d9f4567a" - } - } - ] + "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#sites('contoso.sharepoint.com,5a58bb09-1fba-41c1-8125-69da264370a0,9f2ec1da-0be4-4a74-9254-973f0add78fd')/permissions/$entity", + "id": "aTowaS50fG1zLnNwLmV4dHxlMDBiNWUzZi0yMzI1LTQ3MWQtOTljZi1iOGM5ZDlmNDU2N2FANmM5NDA3NWEtZGEwYS00YzZhLTg0MTEtYmFkZjY1MmU4YjUz", + "roles": [ + "write" + ], + "grantedToIdentitiesV2": [ + { + "application": { + "displayName": "AddInGuidanceRSC", + "id": "e00b5e3f-2325-471d-99cf-b8c9d9f4567a" + } + } + ], + "grantedToIdentities": [ + { + "application": { + "displayName": "AddInGuidanceRSC", + "id": "e00b5e3f-2325-471d-99cf-b8c9d9f4567a" + } + } + ] } ``` -Notice that the *id* property in the response represents the unique ID to identify the custom assigned permission. Using that ID, you can also manage already assigned selected permissions using REST and making GET, PATCH, or DELETE requests targeting the *permissions/{permission-id}* endpoint of the target site collection, where {permission-id} represents the unique ID of the permission. +Notice that the *id* property in the response represents the unique ID to identify the custom-assigned permission. Using that ID, you can also manage already assigned selected permissions using REST and making GET, PATCH, or DELETE requests targeting the *permissions/{permission-id}* endpoint of the target site collection, where {permission-id} represents the unique ID of the permission. -Clearly, you can also choose to use the Microsoft Graph SDK to manage the permissions, instead of relying on low level HTTP requests. +Clearly, you can also choose to use the Microsoft Graph SDK to manage the permissions, instead of relying on low-level HTTP requests. ### Granting permissions via PnP PowerShell -To grant and manage permissions to the selected target sites you can also use a set of PnP PowerShell cmdlets: +To grant and manage permissions to the selected target sites, you can also use a set of PnP PowerShell cmdlets: -* *[Grant-PnPAzureAdAppSitePermission](https://pnp.github.io/powershell/cmdlets/Grant-PnPAzureADAppSitePermission.html)*: adds permissions for a given Azure Active Directory application registration. -* *[Get-PnPAzureAdAppSitePermission](https://pnp.github.io/powershell/cmdlets/Get-PnPAzureADAppSitePermission.html)*: returns Azure AD App permissions for a site. -* *[Set-PnPAzureAdAppSitePermission](https://pnp.github.io/powershell/cmdlets/Set-PnPAzureADAppSitePermission.html)*: updates permissions for a given Azure Active Directory application registration. +* *[Grant-PnPAzureAdAppSitePermission](https://pnp.github.io/powershell/cmdlets/Grant-PnPAzureADAppSitePermission.html)*: adds permissions for a given Microsoft Entra application registration. +* *[Get-PnPAzureAdAppSitePermission](https://pnp.github.io/powershell/cmdlets/Get-PnPAzureADAppSitePermission.html)*: returns Microsoft Entra App permissions for a site. +* *[Set-PnPAzureAdAppSitePermission](https://pnp.github.io/powershell/cmdlets/Set-PnPAzureADAppSitePermission.html)*: updates permissions for a given Microsoft Entra application registration. * *[Revoke-PnPAzureAdAppSitePermission](https://pnp.github.io/powershell/cmdlets/Revoke-PnPAzureADAppSitePermission.html)*: revokes permissions for a given app. For example, if you want to grant *write* permission to a target application for a selected site, you can use the following PowerShell syntax: @@ -126,14 +126,14 @@ For example, if you want to grant *write* permission to a target application for Grant-PnPAzureADAppSitePermission -AppId {client-id} -DisplayName {display-name} -Permissions -Site {site-object} ``` -As like as it was with the Microsoft Graph endpoint, the {client-id} argument is the client ID of the AAD application, and {display-name} is a description for the application. The *Permissions* argument can be one or more of the following values: +As it was with the Microsoft Graph endpoint, the {client-id} argument is the client ID of the Microsoft Entra application, and {display-name} is a description for the application. The *Permissions* argument can be one or more of the following values: * Read: provides the ability to read the metadata and contents of the item. * Write: provides the ability to read and modify the metadata and contents of the item. * Manage: provides the ability to read and modify the metadata and contents of the item and to manage the site. * FullControl: provides full control on the site and its content. -The {site-object} value can be a site object retrieved using the *Get-PnPSite* cmdlet, or can be omitted to target as the selected site the one to which you are connected with *Connect-PnPOnline* cmdlet. +The {site-object} value can be a site object retrieved using the *Get-PnPSite* cmdlet, or can be omitted to target as the selected site the one to which you're connected with *Connect-PnPOnline* cmdlet. The output of such a command will look like the following one, in the PowerShell console. @@ -144,9 +144,9 @@ Roles : {fullcontrol} Apps : {AddInGuidanceRSC, e00b5e3f-2325-471d-99cf-b8c9d9f4567a} ``` -Notice that the cmdlet returns the just granted permission and the unique *Id* of the permission object. +Notice that the cmdlet returns the granted permission and the unique *Id* of the permission object. -In case you want to update a permission assignement for a selected site, you can use a PowerShell syntax like the following one: +In case you want to update a permission assignment for a selected site, you can use a PowerShell syntax like the following one: ```PowerShell Set-PnPAzureADAppSitePermission -PermissionId {permission-id} -Permissions @@ -161,24 +161,23 @@ Revoke-PnPAzureADAppSitePermission -PermissionId {permission-id} ``` > [!NOTE] -> In the samples folder associate with this article, you can find a [sample PowerShell script](https://github.com/pnp/addin-transformation-guidance/blob/main/samples/Understanding-RSC-for-MSGraph-and-SharePoint-Online/SitesSelectedDemo/GenerateAzureCertificate.ps1) that illustrates how to use the PnP PowerShell cmdlets for RSC. +> In the samples folder associated with this article, you can find a [sample PowerShell script](https://github.com/pnp/addin-transformation-guidance/blob/main/samples/Understanding-RSC-for-MSGraph-and-SharePoint-Online/SitesSelectedDemo/GenerateAzureCertificate.ps1) that illustrates how to use the PnP PowerShell cmdlets for RSC. ## Consuming the target Site Collection -Once you have registered an AAD application with *Sites.Selected* application permission, either with Microsoft Graph, or with SharePoint Online, or with both you can then start consuming the selected site collections accordingly to the granted permissions. - -You need to request an application only access token from Azure AD and start consuming the selected site collections. If you will target a site, for which your application has been granted permissions, you will sucessfully make it happen. If you will target any other site collection, for which your application has not been granted permissions, your code will fail and you will see an "Access denied" exception. +Once you have registered a Microsoft Entra application with *Sites.Selected* application permission, either with Microsoft Graph, or with SharePoint Online, or with both you can then start consuming the selected site collections according to the granted permissions. -If you want to learn more about how to consume SharePoint Online via SharePoint REST API or via Microsoft Graph using an application only token, you can read the section [Consuming SharePoint Online in app-only mode via an Azure AD registered application](./from-acs-to-aad-apps.md#consuming-sharepoint-online-in-app-only-mode-via-an-azure-ad-registered-application) of the article [Upgrading SharePoint applications from Azure Access Control Service to Azure Active Directory](./From-ACS-to-AAD-apps.md). +You need to request an application-only access token from Microsoft Entra and start consuming the selected site collections. If you'll target a site, for which your application has been granted permissions, you'll successfully make it happen. If you'll target any other site collection, for which your application hasn't been granted permissions, your code will fail and you'll see an "Access denied" exception. +If you want to learn more about how to consume SharePoint Online via SharePoint REST API or via Microsoft Graph using an application-only token, you can read the section [Consuming SharePoint Online in app-only mode via an Azure AD registered application](./from-acs-to-aad-apps.md#consuming-sharepoint-online-in-app-only-mode-via-an-azure-ad-registered-application) of the article [Upgrading SharePoint applications from Azure Access Control Service to Microsoft Entra](./From-ACS-to-AAD-apps.md). > [!NOTE] -> In the samples folder associate with this article, you can find a [sample .NET 6 console application](https://github.com/pnp/addin-transformation-guidance/tree/main/samples/Understanding-RSC-for-MSGraph-and-SharePoint-Online/SitesSelectedDemo/SitesSelected.ConsumerApp) that illustrates how to consume SharePoint Online sites leveraging the RSC model. +> In the samples folder associated with this article, you can find a [sample .NET 6 console application](https://github.com/pnp/addin-transformation-guidance/tree/main/samples/Understanding-RSC-for-MSGraph-and-SharePoint-Online/SitesSelectedDemo/SitesSelected.ConsumerApp) that illustrates how to consume SharePoint Online sites leveraging the RSC model. ## Recommended content -You can find additional information about this topic reading the following documents: +You can find additional information about this article by reading the following documents: -* [Upgrading SharePoint applications from Azure Access Control Service to Azure Active Directory](./From-ACS-to-AAD-apps.md) -* [Permission resource type](https://learn.microsoft.com/en-us/graph/api/resources/permission?view=graph-rest-1.0) -* [Controlling app access on a specific SharePoint site collections is now available in Microsoft Graph](https://devblogs.microsoft.com/microsoft365dev/controlling-app-access-on-specific-sharepoint-site-collections/) \ No newline at end of file +* [Upgrading SharePoint applications from Azure Access Control Service to Microsoft Entra](./From-ACS-to-AAD-apps.md) +* [Permission resource type](/graph/api/resources/permission) +* [Controlling app access on a specific SharePoint site collections is now available in Microsoft Graph](https://devblogs.microsoft.com/microsoft365dev/controlling-app-access-on-specific-sharepoint-site-collections/) diff --git a/docs/sp-add-ins-modernize/use-remote-event-receivers-without-azure-acs-dependency.md b/docs/sp-add-ins-modernize/use-remote-event-receivers-without-azure-acs-dependency.md new file mode 100644 index 000000000..54b6eb129 --- /dev/null +++ b/docs/sp-add-ins-modernize/use-remote-event-receivers-without-azure-acs-dependency.md @@ -0,0 +1,153 @@ +--- +title: Registering and using Remote Event Receivers without having a dependency on Azure ACS +description: Explains how Remote Event Receivers can be registered using an Entra application (Azure AD) and as such are not dependent on Azure ACS. +ms.date: 03/14/2024 +ms.localizationpriority: high +ms.service: sharepoint +--- + +# Registering and using Remote Event Receivers without having a dependency on Azure ACS + +The classical usage of Remote Event Receivers, which we'll name RERs in the remainder of this page, is strongly tied to Azure ACS. Key RER use cases are being part of a provider hosted SharePoint Add-Ins or being used outside of SharePoint Add-Ins by registering them using an Azure ACS principal as authentication means. With the announced [retirement of Azure ACS](https://aka.ms/retirement/acs/support) and the [retirement of SharePoint Add-Ins](https://aka.ms/retirement/addins/support), RERs depending on Azure ACS will stop working as they'll follow the outlined Azure ACS retirement path. + +However, there's an option to use RERs via an Entra application, so without having a dependency on Azure ACS. In the coming chapters you'll learn how to configure the Entra app for registering the RERs and you'll learn more about the differences between a RER registered using Azure ACS versus one registered using an Entra app. + +> [!Important] +> Although these RERs do not depend on Azure ACS they still will retire, the main difference is that they'll keep working until July 1, 2027 and that they'll also work for new tenants onboarding after November 1, 2024. RERs depending on Azure ACS will follow the Azure ACS retirement path, so they'll stop working on April 2, 2026 and for new tenants onboarding after November 1, 2024 they'll not work anymore. Check out [this blog post](https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/remote-event-receivers-retirement-update-in-sharepoint-online/ba-p/4068938) to learn more. + +## Step 1: Configure your Entra application for registering a RER + +It's required for the Entra application that's used to register the RERs to be configured with the `sites.selected` permission role. Follow this [blog post](https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/develop-applications-that-use-sites-selected-permissions-for-spo/ba-p/3790476) to learn more on how to configure your Entra app. In our case, since the registration of RERs requires SharePoint REST/CSOM APIs it's important to also add the SharePoint `sites.selected` role and to configure the application with a certificate as the `sites.selected` role only is there when application permissions are used. Calling the SharePoint REST/CSOM APIs using application permissions requires the use of a certificate. + +## Step 2: Register a RER using your Entra application + +Once the Entra application is ready use it to authenticate to SharePoint using application permissions followed by using the SharePoint REST/CSOM APIs to register the RERs you need. You can for example do a POST to `_api/Web/EventReceivers` or use the equivalent CSOM `EventReceivers` collection of a `Web` and add a new one. If you prefer to use PnP PowerShell then below snippet can be used: + +```PowerShell +# Connect via the created Entra app using application permissions +Connect-PnPOnline https://contoso.sharepoint.com/sites/testsite -ClientId 3b9ad858-dbbb-489b-b63d-1905426222f8 -Tenant contoso.onmicrosoft.com -CertificatePath ".\RERApp.pfx" + +# Add a RER for synchronous firing on item add. This RER is calling a ngrok URL to proxy back to an Azure function running on localhost +Add-PnPEventReceiver -List "MyList" -Name "RER-HelloWorld-ItemAdding" -Url "https://0051-84-195-208-70.ngrok-free.app/api/Service1" -SequenceNumber 10000 -EventReceiverType ItemAdding -Synchronization Synchronous + +# List all added RERs +Get-PnPEventReceiver -List "MyList" + +# Delete a RER +Remove-PnPEventReceiver -List "MyList" -Identity " + + + + + + 25c1f6a0-e0d9-7000-ce2b-c721e30ad4bd + 2067 + + GetContextTokenError + The endpoint address 'https://0f68-84-195-208-70.ngrok-free.app/api/Service1' does not match the app's endpoint 'www.contoso.com'. + ItemAdded + + + + TimesInUTC + TRUE + + + ContentType + Item + + + Title + demo1 + + + FileSystemObjectType + File + + + + + + 6 + + false + 1814779c-276b-4380-adaa-42794f7d08c3 + 2 + RER + Joe Doe + i:0#.f|membership|joe.doe@contoso.onmicrosoft.com + false + https://contoso.sharepoint.com/sites/testsite + + + + 1033 + + + + + +``` + +## Step 4: Code sample to help you understand how to use RERs + +RERs can be implemented as modern .NET solutions using Azure Functions, below snippet shows a RER implementation that rejects an item add as part of a synchronous ItemAdding event. + +```csharp +using System; +using System.IO; +using System.Threading.Tasks; +using Microsoft.AspNetCore.Mvc; +using Microsoft.Azure.WebJobs; +using Microsoft.Azure.WebJobs.Extensions.Http; +using Microsoft.AspNetCore.Http; +using Microsoft.Extensions.Logging; +using Newtonsoft.Json; +using System.Net; + +namespace AzureFunctionRER +{ + public static class Service1 + { + + private static string cancelResponse = "You shall not pass!CancelWithError"; + + [FunctionName("Service1")] + public static async Task Run( + [HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)] HttpRequest req, + ILogger log) + { + string requestBody = await new StreamReader(req.Body).ReadToEndAsync(); + + // For cancelling a sync event + return new ContentResult + { + Content = cancelResponse, + ContentType = "text/xml", + StatusCode = (int)HttpStatusCode.InternalServerError + }; + + // For accepting the sync event + //string responseMessage = string.IsNullOrEmpty(name) + // ? "This HTTP triggered function executed successfully. Pass a name in the query string or in the request body for a personalized response." + // : $"Hello, {name}. This HTTP triggered function executed successfully."; + + //return new OkObjectResult(responseMessage); + } + } +} +``` diff --git a/docs/sp-add-ins/access-sharepoint-data-from-add-ins-using-the-cross-domain-library.md b/docs/sp-add-ins/access-sharepoint-data-from-add-ins-using-the-cross-domain-library.md index 3ce583d51..e98c19523 100644 --- a/docs/sp-add-ins/access-sharepoint-data-from-add-ins-using-the-cross-domain-library.md +++ b/docs/sp-add-ins/access-sharepoint-data-from-add-ins-using-the-cross-domain-library.md @@ -1,13 +1,15 @@ --- title: Access SharePoint data from add-ins using the cross-domain library description: Access data in a SharePoint website from your add-in by using the cross domain library in SharePoint. -ms.date: 03/08/2023 +ms.date: 09/26/2023 ms.localizationpriority: high --- # Access SharePoint data from add-ins using the cross-domain library +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + When you build SharePoint Add-ins, you usually have to incorporate data from various sources. But for [security reasons](https://msdn.microsoft.com/library/cc709423.aspx), blocking mechanisms prevent communication with more than one domain at a time. These security mechanisms are implemented in most browsers, making it difficult or impossible to accomplish client-side calls across domains. When a user requests a page from your add-in domain, the client-side communication is bound only to that domain. Your add-in can issue client-side calls from the page only to other resources in the same domain. However, add-ins usually require resources from other domains, such as the SharePoint domain, to fulfill their scenarios. In the code on your page, you may try to issue a request to the SharePoint domain, which is blocked by the browser. You usually see an **Access is denied** error. The error doesn't imply that you don't have permissions to the requested resources but, most likely, you can't even issue a request to the mentioned resources. diff --git a/docs/sp-add-ins/add-a-custom-content-type-to-a-sharepoint-hosted-sharepoint-add-in.md b/docs/sp-add-ins/add-a-custom-content-type-to-a-sharepoint-hosted-sharepoint-add-in.md index 961a439c4..ac408762d 100644 --- a/docs/sp-add-ins/add-a-custom-content-type-to-a-sharepoint-hosted-sharepoint-add-in.md +++ b/docs/sp-add-ins/add-a-custom-content-type-to-a-sharepoint-hosted-sharepoint-add-in.md @@ -1,12 +1,14 @@ --- title: Add a custom content type to a SharePoint-hosted SharePoint Add-in description: Create a custom content type, run the add-in, and test it. -ms.date: 11/22/2022 +ms.date: 09/26/2023 ms.localizationpriority: high --- # Add a custom content type to a SharePoint-hosted SharePoint Add-in +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + This is the fourth in a series of articles about the basics of developing SharePoint-hosted SharePoint Add-ins. You should first be familiar with [SharePoint Add-ins](sharepoint-add-ins.md) and the previous articles in this series, which you can find at [Get started creating SharePoint-hosted SharePoint Add-ins | Next steps](get-started-creating-sharepoint-hosted-sharepoint-add-ins.md#next-steps). > [!NOTE] diff --git a/docs/sp-add-ins/add-a-custom-page-and-style-to-a-sharepoint-hosted-sharepoint-add-in.md b/docs/sp-add-ins/add-a-custom-page-and-style-to-a-sharepoint-hosted-sharepoint-add-in.md index e249e3d54..324838f86 100644 --- a/docs/sp-add-ins/add-a-custom-page-and-style-to-a-sharepoint-hosted-sharepoint-add-in.md +++ b/docs/sp-add-ins/add-a-custom-page-and-style-to-a-sharepoint-hosted-sharepoint-add-in.md @@ -1,12 +1,14 @@ --- title: Add a custom page and style to a SharePoint-hosted SharePoint Add-in description: Add a custom page, add a style class to a stylesheet, and run and test the add-in. -ms.date: 12/04/2017 +ms.date: 09/26/2023 ms.localizationpriority: high --- # Add a custom page and style to a SharePoint-hosted SharePoint Add-in +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + This is the seventh in a series of articles about the basics of developing SharePoint-hosted SharePoint Add-ins. You should first be familiar with [SharePoint Add-ins](sharepoint-add-ins.md) and the previous articles in this series, which you can find at [Get started creating SharePoint-hosted SharePoint Add-ins | Next steps](get-started-creating-sharepoint-hosted-sharepoint-add-ins.md#next-steps). > [!NOTE] diff --git a/docs/sp-add-ins/add-a-web-part-to-a-page-in-a-sharepoint-hosted-sharepoint-add-in.md b/docs/sp-add-ins/add-a-web-part-to-a-page-in-a-sharepoint-hosted-sharepoint-add-in.md index f169e53f1..e1369eb26 100644 --- a/docs/sp-add-ins/add-a-web-part-to-a-page-in-a-sharepoint-hosted-sharepoint-add-in.md +++ b/docs/sp-add-ins/add-a-web-part-to-a-page-in-a-sharepoint-hosted-sharepoint-add-in.md @@ -1,12 +1,14 @@ --- title: Add a web part to a page in a SharePoint-hosted SharePoint Add-in description: Add a web part to a page, and run and test the add-in. -ms.date: 07/25/2022 +ms.date: 09/26/2023 ms.localizationpriority: high --- # Add a web part to a page in a SharePoint-hosted SharePoint Add-in +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + This is the fifth in a series of articles about the basics of developing SharePoint-hosted SharePoint Add-ins. You should first be familiar with [SharePoint Add-ins](sharepoint-add-ins.md) and the previous articles in this series, which you can find at [Get started creating SharePoint-hosted SharePoint Add-ins | Next steps](get-started-creating-sharepoint-hosted-sharepoint-add-ins.md#next-steps). > [!NOTE] diff --git a/docs/sp-add-ins/add-a-workflow-to-a-sharepoint-hosted-sharepoint-add-in.md b/docs/sp-add-ins/add-a-workflow-to-a-sharepoint-hosted-sharepoint-add-in.md index ce0bc4a6f..f98b51be3 100644 --- a/docs/sp-add-ins/add-a-workflow-to-a-sharepoint-hosted-sharepoint-add-in.md +++ b/docs/sp-add-ins/add-a-workflow-to-a-sharepoint-hosted-sharepoint-add-in.md @@ -1,11 +1,13 @@ --- title: Add a workflow to a SharePoint-hosted SharePoint Add-in description: Add a workflow to an add-in, design the workflow, and run and test the add-in. -ms.date: 10/21/2019 +ms.date: 09/26/2023 ms.localizationpriority: high --- # Add a workflow to a SharePoint-hosted SharePoint Add-in +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + This is the sixth in a series of articles about the basics of developing SharePoint-hosted SharePoint Add-ins. You should first be familiar with [SharePoint Add-ins](sharepoint-add-ins.md) and the previous articles in this series, which you can find at [Get started creating SharePoint-hosted SharePoint Add-ins | Next steps](get-started-creating-sharepoint-hosted-sharepoint-add-ins.md#next-steps). > [!NOTE] diff --git a/docs/sp-add-ins/add-custom-client-side-rendering-to-a-sharepoint-hosted-sharepoint-add-in.md b/docs/sp-add-ins/add-custom-client-side-rendering-to-a-sharepoint-hosted-sharepoint-add-in.md index 57d721e5e..136ff768f 100644 --- a/docs/sp-add-ins/add-custom-client-side-rendering-to-a-sharepoint-hosted-sharepoint-add-in.md +++ b/docs/sp-add-ins/add-custom-client-side-rendering-to-a-sharepoint-hosted-sharepoint-add-in.md @@ -1,12 +1,14 @@ --- title: Add custom client-side rendering to a SharePoint-hosted SharePoint Add-in description: Customize the rendering and validation of controls in add-in pages, create and register the JavaScript, and run and test the add-in. -ms.date: 12/04/2017 +ms.date: 09/26/2023 ms.localizationpriority: high --- # Add custom client-side rendering to a SharePoint-hosted SharePoint Add-in +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + This is the eighth in a series of articles about the basics of developing SharePoint-hosted SharePoint Add-ins. You should first be familiar with [SharePoint Add-ins](sharepoint-add-ins.md) and the previous articles in this series, which you can find at [Get started creating SharePoint-hosted SharePoint Add-ins | Next steps](get-started-creating-sharepoint-hosted-sharepoint-add-ins.md#next-steps). > [!NOTE] diff --git a/docs/sp-add-ins/add-custom-columns-to-a-sharepoint-hosted-sharepoint-add-in.md b/docs/sp-add-ins/add-custom-columns-to-a-sharepoint-hosted-sharepoint-add-in.md index b650a16f7..ef5edf561 100644 --- a/docs/sp-add-ins/add-custom-columns-to-a-sharepoint-hosted-sharepoint-add-in.md +++ b/docs/sp-add-ins/add-custom-columns-to-a-sharepoint-hosted-sharepoint-add-in.md @@ -1,12 +1,14 @@ --- title: Add custom columns to a SharePoint-hosted SharePoint Add-in description: Create custom column types, run the add-in, and test the columns. -ms.date: 01/06/2021 +ms.date: 09/26/2023 ms.localizationpriority: high --- # Add custom columns to a SharePoint-hosted SharePoint Add-in +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + This is the third in a series of articles about the basics of developing SharePoint-hosted SharePoint Add-ins. You should first be familiar with [SharePoint Add-ins](sharepoint-add-ins.md) and the previous articles in this series, which you can find at [Get started creating SharePoint-hosted SharePoint Add-ins | Next steps](get-started-creating-sharepoint-hosted-sharepoint-add-ins.md#next-steps). > [!NOTE] diff --git a/docs/sp-add-ins/add-first-run-logic-to-the-provider-hosted-add-in.md b/docs/sp-add-ins/add-first-run-logic-to-the-provider-hosted-add-in.md index 9b691cf5e..bcda4dce3 100644 --- a/docs/sp-add-ins/add-first-run-logic-to-the-provider-hosted-add-in.md +++ b/docs/sp-add-ins/add-first-run-logic-to-the-provider-hosted-add-in.md @@ -1,14 +1,15 @@ --- title: Add first-run logic to the provider-hosted add-in -description: Include "first run" code in a provider-hosted SharePoint Add-in by creating the basic class for deploying components, adding the basic startup logic, and programmatically deploying a SharePoint list. -ms.date: 04/02/2021 +description: Include "first run" code in a provider-hosted SharePoint Add-in by creating the basic class for deploying components, adding the basic startup logic, and programmatically deploying a SharePoint list. +ms.date: 09/26/2023 ms.localizationpriority: medium --- - - # Add first-run logic to the provider-hosted add-in -This is the eighth in a series of articles about the basics of developing provider-hosted SharePoint Add-ins. You should first be familiar with [SharePoint Add-ins](sharepoint-add-ins.md) and the previous articles in this series, which you can find at [Get started creating provider-hosted SharePoint Add-ins](get-started-creating-provider-hosted-sharepoint-add-ins.md#SP15createprovider_nextsteps). +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + +This is the eighth in a series of articles about the basics of developing provider-hosted SharePoint Add-ins. You should first be familiar with [SharePoint Add-ins](sharepoint-add-ins.md) and the previous articles in this series, which you can find at [Get started creating provider-hosted SharePoint Add-ins](get-started-creating-provider-hosted-sharepoint-add-ins.md#next-steps). +[Next steps](get-started-creating-provider-hosted-sharepoint-add-ins.md#next-steps) > [!NOTE] > If you have been working through this series about provider-hosted add-ins, you have a Visual Studio solution that you can use to continue with this topic. You can also download the repository at [SharePoint_Provider-hosted_Add-Ins_Tutorials](https://github.com/OfficeDev/SharePoint_Provider-hosted_Add-ins_Tutorials) and open the BeforeFirstRunLogic.sln file. @@ -18,20 +19,17 @@ In this article, you add code to the start page of the Chain Store SharePoint Ad ## Create the basic class for deploying SharePoint components > [!NOTE] -> The settings for Startup Projects in Visual Studio tend to revert to defaults whenever the solution is reopened. Always take these steps immediately after reopening the sample solution in this series of articles: -> 1. Right-click the solution node at the top of **Solution Explorer**, and then select **Set startup projects**. -> 2. Ensure that all three projects are set to **Start** in the **Action** column. +> The settings for Startup Projects in Visual Studio tend to revert to defaults whenever the solution is reopened. Always take these steps immediately after reopening the sample solution in this series of articles: +> +> 1. Right-click the solution node at the top of **Solution Explorer**, and then select **Set startup projects**. +> 1. Ensure that all three projects are set to **Start** in the **Action** column. 1. In the **ChainStoreWeb** project in **Solution Explorer**, right-click the **Utilities** folder, and then select **Add** > **Existing Item**. - -2. In **File Explorer**, go to the solution folder, the **ChainStoreWeb** folder, and then open the **Utilities** folder. - -3. Select SharePointComponentDeployer.cs, and then select **Add**. - -4. Open the file SharePointComponentDeployer.cs. It has a static class and two static methods that get and set the add-in's version in the **Tenants** table of the corporate database. We won't discuss these methods because this series of articles is not intended to teach ASP.NET or SQL Server/Azure programming. +1. In **File Explorer**, go to the solution folder, the **ChainStoreWeb** folder, and then open the **Utilities** folder. +1. Select SharePointComponentDeployer.cs, and then select **Add**. +1. Open the file SharePointComponentDeployer.cs. It has a static class and two static methods that get and set the add-in's version in the **Tenants** table of the corporate database. We won't discuss these methods because this series of articles is not intended to teach ASP.NET or SQL Server/Azure programming. +1. Add the following **using** statements to the top of the file. -5. Add the following **using** statements to the top of the file. - ```csharp using System.Web; using System.Linq; @@ -39,7 +37,7 @@ In this article, you add code to the start page of the Chain Store SharePoint Ad using Microsoft.SharePoint.Client; ``` -6. At the top of the `SharePointComponentDeployer` class, add the following two static fields. Both of these are initialized in the **Page_Load** method of the add-in's start page (you add that code in a later step). +1. At the top of the `SharePointComponentDeployer` class, add the following two static fields. Both of these are initialized in the **Page_Load** method of the add-in's start page (you add that code in a later step). ```csharp internal static SharePointContext sPContext; @@ -47,15 +45,14 @@ In this article, you add code to the start page of the Chain Store SharePoint Ad ``` Note the following about this code: - - - The first field holds the `SharePointContext` object that is needed to make CRUD operations on SharePoint. - + + - The first field holds the `SharePointContext` object that is needed to make CRUD operations on SharePoint. - The second field holds the version number of the add-in that is installed on the host web. This value is initially different from the default value (**0000.0000.0000.0000**) that is recorded in the corporate **Tenants** table when the installation handler registers the tenant. For example, the first version of the add-in will be **1.0.0.0**. -7. Create the following static property to hold the version of the add-in that is currently recorded in the corporate **Tenants** table. It uses the two methods that were already in the file to get and set this value. - +1. Create the following static property to hold the version of the add-in that is currently recorded in the corporate **Tenants** table. It uses the two methods that were already in the file to get and set this value. + ```csharp - internal static Version RemoteTenantVersion + internal static Version RemoteTenantVersion { get { @@ -68,17 +65,17 @@ In this article, you add code to the start page of the Chain Store SharePoint Ad } ``` -8. Now create the following `IsDeployed` property. +1. Now create the following `IsDeployed` property. ```csharp - public static bool IsDeployed + public static bool IsDeployed { get { if (RemoteTenantVersion < localVersion) - return false; + return false; else - return true; + return true; } } ``` @@ -86,13 +83,12 @@ In this article, you add code to the start page of the Chain Store SharePoint Ad Note the following about this code: - The **Page_Load** method of the add-in's start page uses the value of this property to determine whether the add-in is running for the first time. A **false** value signals that the add-in has not run before on the current host web, so its components need to be deployed. - - The criterion is whether the version number registered in the **Tenants** table is lower than the version actually installed. The first time the add-in runs, it is lower. Code that you write in a later step sets the version in the **Tenants** table to the same version as is actually installed, so when the add-in runs again, `IsDeployed` returns **true** and the deployment logic does not execute again. - -9. Add the following method to the `SharePointComponentDeployer` class. Note that the last thing the method does is update the registered tenant version in the corporate database (**0000.0000.0000.0000**) to match the actual version of the add-in on the host web (**1.0.0.0**). You will complete this method in a later step. - + +1. Add the following method to the `SharePointComponentDeployer` class. Note that the last thing the method does is update the registered tenant version in the corporate database (**0000.0000.0000.0000**) to match the actual version of the add-in on the host web (**1.0.0.0**). You will complete this method in a later step. + ```csharp - internal static void DeployChainStoreComponentsToHostWeb(HttpRequest request) + internal static void DeployChainStoreComponentsToHostWeb(HttpRequest request) { // TODO4: Deployment code goes here. @@ -101,17 +97,17 @@ In this article, you add code to the start page of the Chain Store SharePoint Ad ``` > [!NOTE] -> You may wonder now why the add-in uses version numbers and a "less than" test to determine the answer to a simple yes/no question: "Is the add-in running for the first time?" We could just as well have a simple string field in the **Tenants** table that is set to *not-yet-run* in the installation handler, and then changed to *already-run-once* by the first-run logic after the SharePoint components are deployed. +> You may wonder now why the add-in uses version numbers and a "less than" test to determine the answer to a simple yes/no question: "Is the add-in running for the first time?" We could just as well have a simple string field in the **Tenants** table that is set to *not-yet-run* in the installation handler, and then changed to *already-run-once* by the first-run logic after the SharePoint components are deployed. > -> For the Chain Store add-in, a simple test would work. However, it is generally a good practice to use version numbers because a production add-in is likely to be updated-in-place in the future; that is, updated after it is already installed. When that time comes, your add-in logic needs to be sensitive to more than the two possibilities *not-yet-run* and *already-run-once*. +> For the Chain Store add-in, a simple test would work. However, it is generally a good practice to use version numbers because a production add-in is likely to be updated-in-place in the future; that is, updated after it is already installed. When that time comes, your add-in logic needs to be sensitive to more than the two possibilities *not-yet-run* and *already-run-once*. > > Suppose, for example, that you want to add an additional list to the host web in the upgrade from version 1.0.0.0 to 2.0.0.0. You could do this in an update event handler, or in first-run-after-update logic. Either way, your deployment logic needs to deploy new components, but it also needs to avoid trying to redeploy components that were deployed in a previous version of the add-in. A version number of 1.0.0.0 signals that the components of version 1.0.0.0 have been deployed, but that the first-run-after-update logic has not yet run. ## Add the basic startup logic -The SharePoint host web needs to tell the remote web application what version of the add-in it has installed. We use a query parameter to do this. +The SharePoint host web needs to tell the remote web application what version of the add-in it has installed. We use a query parameter to do this. -1. Open the AppManifest.xml file in the **ChainStore** project. In the designer, you see the placeholder *{StandardTokens}* as the value of the **Query string** box. Add the string `"&SPAddInVersion=1.0.0.0"` to the end. +1. Open the AppManifest.xml file in the **ChainStore** project. In the designer, you see the placeholder *{StandardTokens}* as the value of the **Query string** box. Add the string `"&SPAddInVersion=1.0.0.0"` to the end. The manifest designer should look similar to the following. *Notice that the version number you pass in the query string has to match the value in the __Version__ box of the designer.* If you ever update the add-in, one of your tasks is to raise these two values and keep them the same. @@ -119,7 +115,7 @@ The SharePoint host web needs to tell the remote web application what version of ![The General tab of the manifest designer. The Version box has the value one zero zero zero. The Query string box says "{StandardTokens}&SPAddInVersion=1.0.0.0"](../images/db71c411-10c5-43d8-bb5e-3388d2f6f7bc.PNG) -2. Open the CorporateDataViewer.aspx.cs file and add the following code to the **Page_Load** method, just under the line that initializes the `spContext` object. +1. Open the CorporateDataViewer.aspx.cs file and add the following code to the **Page_Load** method, just under the line that initializes the `spContext` object. ```csharp SharePointComponentDeployer.sPContext = spContext; @@ -133,22 +129,21 @@ The SharePoint host web needs to tell the remote web application what version of Note the following about this code: - - It begins by setting the two static fields in the static `SharePointComponentDeployer` class. It passes the **SharePointContext** object because the code in the `SharePointComponentDeployer` calls into SharePoint, and it uses the query parameter that you added to set the `localVersion` property. - + - It begins by setting the two static fields in the static `SharePointComponentDeployer` class. It passes the **SharePointContext** object because the code in the `SharePointComponentDeployer` calls into SharePoint, and it uses the query parameter that you added to set the `localVersion` property. - It does nothing if `IsDeployed` is true; that is, if the first-run logic has already run. Otherwise, it calls the deployment method and passes the ASP.NET **Request** object. ## Programmatically deploy a SharePoint list 1. In the SharePointComponentDeployer.cs file, replace the `TODO4` with the following line (you create this method in the next step). - + ```csharp - CreateLocalEmployeesList(); + CreateLocalEmployeesList(); ``` -2. Add the following method to the `SharePointComponentDeployer` class. +1. Add the following method to the `SharePointComponentDeployer` class. ```csharp - private static void CreateLocalEmployeesList() + private static void CreateLocalEmployeesList() { using (var clientContext = sPContext.CreateUserClientContextForSPHost()) { @@ -160,11 +155,11 @@ The SharePoint host web needs to tell the remote web application what version of if (matchingLists.Count() == 0) { - // TODO5: Create the list + // TODO5: Create the list - // TODO6: Rename the Title field on the list + // TODO6: Rename the Title field on the list - // TODO7: Add "Added to Corporate DB" field to the list + // TODO7: Add "Added to Corporate DB" field to the list clientContext.ExecuteQuery(); } @@ -175,103 +170,96 @@ The SharePoint host web needs to tell the remote web application what version of Note the following about this code: - It has two calls of **ExecuteQuery**. The first is needed to determine if the list already exists. The second does the work of creating the list. - - The **ClientContext.LoadQuery** method is similar to the **ClientContext.Load** method except that instead of bringing an entity such as a list down to the client, it brings down the enumerable results of a query. -3. Replace `TODO5` with the following code. +1. Replace `TODO5` with the following code. ```csharp - ListCreationInformation listInfo = new ListCreationInformation(); - listInfo.Title = "Local Employees"; - listInfo.TemplateType = (int)ListTemplateType.GenericList; - listInfo.Url = "Lists/Local Employees"; - List localEmployeesList = clientContext.Web.Lists.Add(listInfo); + ListCreationInformation listInfo = new ListCreationInformation(); + listInfo.Title = "Local Employees"; + listInfo.TemplateType = (int)ListTemplateType.GenericList; + listInfo.Url = "Lists/Local Employees"; + List localEmployeesList = clientContext.Web.Lists.Add(listInfo); ``` Note the following about this code: - The **ListCreationInformation** class is similar to the **ListItemCreationInformation** class that you saw in an earlier article in this series. It is a lightweight class more suitable for sending information from the web application to SharePoint than the full **List** class. - - There are many types of list templates, such as the Tasks type for a "to do" list and the Events type for a calendar. The **Local Employees** list is based on the simplest: the Generic type. - - The **ListCreationInformation.Url** property holds the URL of the list *relative* to the host web. By specifying `"Lists/LocalEmployees"`, the code is setting the full URL of the list to `https://{SharePointDomain}/hongkong/_layouts/15/start.aspx#/Lists/Local%20Employees`. -4. Replace `TODO6` with the following code, which changes the public name of the "Title" field (column) from "Title" to "Name." This is what you did on the **List Settings** page when you created the list manually. - +1. Replace `TODO6` with the following code, which changes the public name of the "Title" field (column) from "Title" to "Name." This is what you did on the **List Settings** page when you created the list manually. + ```csharp - Field field = localEmployeesList.Fields.GetByInternalNameOrTitle("Title"); - field.Title = "Name"; - field.Update(); + Field field = localEmployeesList.Fields.GetByInternalNameOrTitle("Title"); + field.Title = "Name"; + field.Update(); ``` -5. You also manually created a field named **Added to Corporate DB**. To do that programmatically, add the following code in place of `TODO7`. +1. You also manually created a field named **Added to Corporate DB**. To do that programmatically, add the following code in place of `TODO7`. ```csharp - localEmployeesList.Fields.AddFieldAsXml("" - + "FALSE", - true, - AddFieldOptions.DefaultValue); + localEmployeesList.Fields.AddFieldAsXml("" + + "FALSE", + true, + AddFieldOptions.DefaultValue); ``` Note the following about this code: - The key properties of the field are specified with an XML blob. This is a legacy of SharePoint's architecture, where websites, lists, fields, content types, and most other kinds of SharePoint components are defined as XML. In this case, we specify the display name, data type, and default value of the field. - - - The second parameter determines whether the field is visible in the default view of the list. We set it to **true**. - + - The second parameter determines whether the field is visible in the default view of the list. We set it to **true**. - The third parameter determines what content types the field is added to. Passing **DefaultValue** means that it is only added to the list's default content type. +1. Recall that the **Added to Corporate DB** is **No** (that is, false) by default, but the custom ribbon button in the add-in sets it to **Yes** after it adds the employee to the corporate database. This system works best only if users cannot manually change the value of the field. To ensure that they don't, make the field invisible in the forms for creating and editing items on the **Local Employees** list. We do this by adding two more attributes to the first parameter, as shown in the following code. -6. Recall that the **Added to Corporate DB** is **No** (that is, false) by default, but the custom ribbon button in the add-in sets it to **Yes** after it adds the employee to the corporate database. This system works best only if users cannot manually change the value of the field. To ensure that they don't, make the field invisible in the forms for creating and editing items on the **Local Employees** list. We do this by adding two more attributes to the first parameter, as shown in the following code. - ```csharp - localEmployeesList.Fields.AddFieldAsXml("" - + "FALSE", - true, - AddFieldOptions.DefaultValue); + localEmployeesList.Fields.AddFieldAsXml("" + + "FALSE", + true, + AddFieldOptions.DefaultValue); ``` - - -7. The entire `CreateLocalEmployeesList` should now look like the following. + +1. The entire `CreateLocalEmployeesList` should now look like the following. ```csharp - private static void CreateLocalEmployeesList() - { - using (var clientContext = sPContext.CreateUserClientContextForSPHost()) - { - var query = from list in clientContext.Web.Lists - where list.Title == "Local Employees" - select list; - IEnumerable matchingLists = clientContext.LoadQuery(query); - clientContext.ExecuteQuery(); - - if (matchingLists.Count() == 0) - { - ListCreationInformation listInfo = new ListCreationInformation(); - listInfo.Title = "Local Employees"; - listInfo.TemplateType = (int)ListTemplateType.GenericList; - listInfo.Url = "LocalEmployees"; - List localEmployeesList = clientContext.Web.Lists.Add(listInfo); - - Field field = localEmployeesList.Fields.GetByInternalNameOrTitle("Title"); - field.Title = "Name"; - field.Update(); - - localEmployeesList.Fields.AddFieldAsXml("" - + "FALSE", - true, - AddFieldOptions.DefaultValue); - clientContext.ExecuteQuery(); - } - } - } + private static void CreateLocalEmployeesList() + { + using (var clientContext = sPContext.CreateUserClientContextForSPHost()) + { + var query = from list in clientContext.Web.Lists + where list.Title == "Local Employees" + select list; + IEnumerable matchingLists = clientContext.LoadQuery(query); + clientContext.ExecuteQuery(); + + if (matchingLists.Count() == 0) + { + ListCreationInformation listInfo = new ListCreationInformation(); + listInfo.Title = "Local Employees"; + listInfo.TemplateType = (int)ListTemplateType.GenericList; + listInfo.Url = "LocalEmployees"; + List localEmployeesList = clientContext.Web.Lists.Add(listInfo); + + Field field = localEmployeesList.Fields.GetByInternalNameOrTitle("Title"); + field.Title = "Name"; + field.Update(); + + localEmployeesList.Fields.AddFieldAsXml("" + + "FALSE", + true, + AddFieldOptions.DefaultValue); + clientContext.ExecuteQuery(); + } + } + } ``` ## Temporarily remove the custom button from the project @@ -285,49 +273,36 @@ For technical reasons that we'll discuss in the next article, the custom button Because the add-in now adds a list to the host web, not just items to an existing list, we need to escalate the permissions that the add-in requests from Write to Manage: 1. In **Solution Explorer**, open the AppManifest.xml file in the **ChainStore** project. - -2. On the **Permissions** tab, leave the **Scope** value at Web, but in the **Permission** field, select **Manage** from the drop-down. - -3. Save the file. +1. On the **Permissions** tab, leave the **Scope** value at Web, but in the **Permission** field, select **Manage** from the drop-down. +1. Save the file. ## Run the add-in and test the first-run logic -1. Open the **Site Contents** page of the Hong Kong SAR store's website, and then remove the **Local Employees** list. - -2. Use the F5 key to deploy and run your add-in. Visual Studio hosts the remote web application in IIS Express and hosts the SQL database in SQL Express. It also makes a temporary installation of the add-in on your test SharePoint site and immediately runs the add-in. You are prompted to grant permissions to the add-in before its start page opens. - -3. When the add-in's start page opens, select the **Back to Site** link on the chrome control at the top. +1. Open the **Site Contents** page of the Hong Kong SAR store's website, and then remove the **Local Employees** list. +1. Use the F5 key to deploy and run your add-in. Visual Studio hosts the remote web application in IIS Express and hosts the SQL database in SQL Express. It also makes a temporary installation of the add-in on your test SharePoint site and immediately runs the add-in. You are prompted to grant permissions to the add-in before its start page opens. +1. When the add-in's start page opens, select the **Back to Site** link on the chrome control at the top. +1. Go to the **Site Contents** page. The **Local Employees** list is present because your first-run logic added it. -4. Go to the **Site Contents** page. The **Local Employees** list is present because your first-run logic added it. - > [!NOTE] > If the list is not there or you have other indications that the first-run code is not executing, it may be that the **Tenants** table is not being reverted to an empty state when you select F5. The most common cause of this is that the **ChainCorporateDB** project is no longer set as a startup project in Visual Studio. See the [note near the top of this article](#create-the-basic-class-for-deploying-sharepoint-components) for how to fix this. Also be sure that you've configured the database to be rebuilt as described in [Configure Visual Studio to rebuild the corporate database with each debugging session](give-your-provider-hosted-add-in-the-sharepoint-look-and-feel.md#Rebuild). -5. Open the list and add an item. Note that on the new item form, the **Added to Corporate DB** field is no longer present, so it cannot be manually set. This is true of the edit item form as well. - +1. Open the list and add an item. Note that on the new item form, the **Added to Corporate DB** field is no longer present, so it cannot be manually set. This is true of the edit item form as well. + *Figure 2. New item form for the Local Employees list* ![The new item form for the Local Employees list. The "Added to Corporate DB" field is no longer on the form, only the name field and buttons for OK and Cancel.](../images/3fdc6752-4184-4928-9423-0bc7c0206c62.PNG) -6. Use the browser's back button to go back to the add-in's start page. - -7. Select the gear icon on the chrome control at the top, and then select **Account settings**. +1. Use the browser's back button to go back to the add-in's start page. +1. Select the gear icon on the chrome control at the top, and then select **Account settings**. +1. On the **Account settings** page, select the **Show Add-in Version** button. The version shows as **1.0.0.0** because the first-run logic changed it. -8. On the **Account settings** page, select the **Show Add-in Version** button. The version shows as **1.0.0.0** because the first-run logic changed it. - *Figure 3. Account settings page* ![The Account settings page with the version number of 1.0.0.0.](../images/4c6d82a7-7c40-4190-b7e3-1337275e1e60.PNG) -9. To end the debugging session, close the browser window or stop debugging in Visual Studio. Each time you select F5, Visual Studio retracts the previous version of the add-in and installs the latest one. - -10. You will work with this add-in and Visual Studio solution in other articles, and it's a good practice to retract the add-in one last time when you are done working with it for a while. Right-click the project in **Solution Explorer** and select **Retract**. +1. To end the debugging session, close the browser window or stop debugging in Visual Studio. Each time you select F5, Visual Studio retracts the previous version of the add-in and installs the latest one. +1. You will work with this add-in and Visual Studio solution in other articles, and it's a good practice to retract the add-in one last time when you are done working with it for a while. Right-click the project in **Solution Explorer** and select **Retract**. ## Next steps - In the next article, you'll see how to get the custom button for the **Local Employee** ribbon back into the add-in now that the list is being deployed programmatically: [Programmatically deploy a custom button in the provider-hosted add-in](programmatically-deploy-a-custom-button-in-the-provider-hosted-add-in.md). - - - - diff --git a/docs/sp-add-ins/add-in-authorization-policy-types-in-sharepoint.md b/docs/sp-add-ins/add-in-authorization-policy-types-in-sharepoint.md index 9ec098544..1ba06a779 100644 --- a/docs/sp-add-ins/add-in-authorization-policy-types-in-sharepoint.md +++ b/docs/sp-add-ins/add-in-authorization-policy-types-in-sharepoint.md @@ -1,13 +1,13 @@ --- title: Add-in authorization policy types in SharePoint description: Overview of add-in-only policy, user-only policy, and user+add-in policy, and guidelines for using the add-in-only policy. -ms.date: 12/26/2017 +ms.date: 09/26/2023 ms.localizationpriority: high --- - - # Add-in authorization policy types in SharePoint +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + Before reading this article, you should first be familiar with the articles [Add-in permissions in SharePoint](add-in-permissions-in-sharepoint.md) and [Context Token OAuth flow for SharePoint Add-ins](context-token-oauth-flow-for-sharepoint-add-ins.md). diff --git a/docs/sp-add-ins/add-in-permissions-in-sharepoint.md b/docs/sp-add-ins/add-in-permissions-in-sharepoint.md index 987b78051..1ee083d98 100644 --- a/docs/sp-add-ins/add-in-permissions-in-sharepoint.md +++ b/docs/sp-add-ins/add-in-permissions-in-sharepoint.md @@ -1,12 +1,14 @@ --- title: Add-in permissions in SharePoint description: Types of add-in permissions, permission request scopes, and managing permissions, and the differences in add-in permission rights, user rights, and Office Store app rights. -ms.date: 08/31/2023 +ms.date: 09/26/2023 ms.localizationpriority: high --- # Add-in permissions in SharePoint +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + Before you read this article, you should first be familiar with the topic [Authorization and authentication of SharePoint Add-ins](authorization-and-authentication-of-sharepoint-add-ins.md). A SharePoint Add-in requests the permissions that it needs during installation from the user who is installing it. The developer of an add-in must request, through the add-in manifest file, the permissions that the particular add-in needs to be able to run. (Device and web apps that access SharePoint, but are not installed to SharePoint websites, must be granted permissions at runtime by the user who is executing the add-in. For more information, see [Authorization Code OAuth flow for SharePoint Add-ins](authorization-code-oauth-flow-for-sharepoint-add-ins.md).) @@ -15,8 +17,7 @@ Users can grant only the permissions that they have. The user must grant all the The permissions that the add-in has been granted are also stored in the content database of the SharePoint farm or SharePoint Online tenancy. They are not stored with a secure token service, such as Microsoft Azure Access Control Service (ACS). When a user first grants an add-in permissions, SharePoint obtains information about the add-in from ACS. SharePoint then stores the basic information about the add-in in the add-in management service and the content database along with the add-in's permissions. For more information about ACS, see [Creating SharePoint Add-ins that use low-trust authorization](creating-sharepoint-add-ins-that-use-low-trust-authorization.md). -> [!IMPORTANT] -> Azure Access Control (ACS), a service of Azure Active Directory (Azure AD), will be retired on November 7, 2018. This retirement does not impact the SharePoint Add-in model, which uses the `https://accounts.accesscontrol.windows.net` hostname (which is not impacted by this retirement). For more information, see [Impact of Azure Access Control retirement for SharePoint Add-ins](https://developer.microsoft.com/office/blogs/impact-of-azure-access-control-deprecation-for-sharepoint-add-ins). +[!INCLUDE [azure-acs-retirement](../../includes/snippets/azure-acs-deprecation.md)] If an object to which an add-in was granted permission is deleted, the corresponding grants are also deleted. When an object to which an add-in was granted permission is recycled, SharePoint does not modify the corresponding grant. This is so that if the object is restored from the Recycle Bin, the grant is still intact. diff --git a/docs/sp-add-ins/add-ins-and-azure-acs-retirements-faq.md b/docs/sp-add-ins/add-ins-and-azure-acs-retirements-faq.md new file mode 100644 index 000000000..376b97027 --- /dev/null +++ b/docs/sp-add-ins/add-ins-and-azure-acs-retirements-faq.md @@ -0,0 +1,95 @@ +--- +title: SharePoint Add-Ins and Azure ACS retirement FAQ +description: Answers frequently asked questions related to the retirements of SharePoint Add-In and Azure ACS in Microsoft 365. +ms.date: 04/15/2025 +ms.localizationpriority: high +ms.service: sharepoint +--- + +# FAQ - SharePoint Add-In and Azure ACS retirement in Microsoft 365 + +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + +[!INCLUDE [azure-acs-retirement](../../includes/snippets/azure-acs-deprecation.md)] + +## Is SharePoint Framework (SPFx) impacted by these retirements? + +No, SharePoint Framework (SPFx) is the recommended development model for SharePoint extensibility and is not impacted by these retirements. These retirements only affect SharePoint Add-Ins (a legacy development model) and Azure ACS (a legacy auth model). + +## Will App Catalogs stay? + +Absolutely, both tenant and site collection app catalogs are an essential part of the SharePoint developer ecosystem. They're used for both Add-Ins (retired) and SharePoint Framework (SPFx) based solutions (not retired). Using the app catalogs for SharePoint Framework solution deployment will continue to be fully supported; no changes! What will change is the support for SharePoint Add-Ins in the app catalog. When SharePoint Add-Ins in Microsoft 365 reach end-of-life in April 2026, you'll no longer be able to install and deploy SharePoint Add-Ins via the app catalog. + +## Will the SharePoint Store/public marketplace stay? + +Absolutely. The SharePoint Store and public marketplace are also used to offer SharePoint Framework (SPFx) based solutions, and that will not change. You can still acquire SPFx solutions from the store, now and after Add-Ins have retired. Acquiring SharePoint Add-Ins via the store will not be possible anymore from July 1st, 2024. + +> [!Note] +> If you've acquired an Add-In from the store before July 1st, 2024, and that Add-In was installed by a SharePoint Admin (Add-In was added to the tenant app catalog), then after July 1st this Add-In can still be installed on other sites in that tenant. Installing an Add-In that was never installed before will not be possible anymore, this includes installing all Add-Ins as regular user (non SharePoint Admin). + +## My Add-In uses an app web; what about the data in that web? + +If your SharePoint Hosted Add-In is storing data in its app web, then that's something you need to take into account when you're rewriting your Add-In using the SharePoint Framework (SPFx). A common use case is that Add-Ins store list items in a list in the app web. When using a SharePoint Framework (SPFx) solution you can still use a (hidden) list, but now the list will live in the site where you've installed the SharePoint Framework (SPFx) solution. If you want to automatically retain the data, you'll need to use SharePoint APIs to copy the needed data from the app web, and recreate it in the new location using a format that works for your updated application. + +> [!Important] +> It's important you retrieve the data **before** you uninstall the SharePoint Add-In, because the app web is deleted when you uninstall the Add-In. In case you've accidentally deleted the Add-In, you can restore it from the recycle bin, which will also restore the Add-In's app web. + +## Can SharePoint Online users still acquire my Add-In from the public marketplace after July 1st? + +Users will still be able to browse your Add-In in the public marketplace (https://appsource.microsoft.com/), but when using the "Get it now" button the SharePoint Online user will see a message stating that Add-Ins are retired with a button that redirects the user to the Add-In vendor's site. Installing an Add-In via the public marketplace will not be possible anymore as of July 1st 2024. + +## Can I still use my Add-In on SharePoint on-premises? + +SharePoint Add-Ins in SharePoint on-premises are not retired and will continue to work after April 2026 when deployed using a SharePoint on-premises app catalog. But acquiring them from the SharePoint Store/public marketplace will not be possible after April 2026. + +## Can I, as Add-In vendor, still update my Add-In? + +Yes, as Add-In vendor you can still submit updated versions of your Add-In via Partner Center as you might need to patch an issue. + +## My Add-In is used for both SharePoint Online and SharePoint on-premises; what do you advise? + +SharePoint Online is continuously being updated and getting new and updated features, whereas SharePoint on-premises follows a much slower release cadence. This means that on-premises SharePoint doesn't support the latest SharePoint Framework version, or the latest features. If you want to continue to maintain a single codebase, you'll need to use an SPFx version that's also supported for your target SharePoint on-premises environment, which will limit the options for your SharePoint Online solution. An alternative approach is to build and maintain two versions of your SPFx application, one for SharePoint Online and one for SharePoint on-premises, and use shared code where possible to maximize code reuse. + +## Can I still perform user profile updates? + +Yes, you can still read and update user profiles without Azure ACS. When you configure your Microsoft Entra (formerly Azure AD) application using the SharePoint `User.ReadWrite.All` permission, your app can update user profiles for all users. Note that if you want to update a user profile property that's using an underlying term set, you also need to grant the SharePoint `TermStore.ReadWrite.All` permission. See [Error when using app to update user profile properties in SharePoint Online](/sharepoint/troubleshoot/sharing-and-permissions/app-permission-error-update-user-profile-property) to learn more. + +## Will remote event receivers also be retired? + +Yes, remote event receivers are part of this retirement. Remote event receivers have a dependency on Azure ACS, and will stop working when Azure ACS is turned off. Although remote event receivers can still be programmatically added once Azure ACS has fully retired in April 2026, the events won't fire anymore. The recommended path forward is to use [SharePoint Online Webhooks](../apis/webhooks/overview-sharepoint-webhooks.md). More information on how to replace remote event receivers with webhooks can be found in the [Transform SharePoint Add-in model Remote Event Receivers to SharePoint Online Webhooks](../sp-add-ins-modernize/from-remote-event-receivers-to-webhooks.md) article. The article shows how to use the SharePoint REST API to add the webhooks, but you may prefer to use Microsoft Graph [change notifications](/graph/webhooks) to add a [subscription for a SharePoint List](/graph/api/resources/subscription). + +As webhooks are asynchronous by definition, synchronous events that allow an app to block or cancel a SharePoint action are no longer possible. If event blocking is being used to prevent accidental data updates/deletes by unauthorized users, then possible workarounds are securing the protected files/folders so they cannot be updated/deleted anymore, or by moving this type of data to a hidden library. In general, moving from synchronous to asynchronous events will require updating your application logic. + +> [!Important] +> We strongly recommend to switch to webhooks over remote event receivers, but we do also support remote event receivers registered using an Entra application. These remote event receivers will follow a slightly different retirement path: they'll stay working until July 1, 2027 whereas the remote event receivers registered using Azure ACS will stop working on April 2, 2026. Furthermore, these event receivers will still work for new tenants onboarding after November 1, 2024 whereas remote event receivers registered using Azure ACS will not work anymore. Check the [Use remote event receivers without Azure ACS dependency](../sp-add-ins-modernize/use-remote-event-receivers-without-azure-acs-dependency.md) article and [related blog post](https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/remote-event-receivers-retirement-update-in-sharepoint-online/ba-p/4068938) to learn more. + +## Can I still perform taxonomy updates? + +Yes, you can still update taxonomy (termsets, terms, etc) without Azure ACS. Configure your Microsoft Entra application with the SharePoint `TermStore.ReadWrite.All` permission (delegated or application) if you want to use the CSOM taxonomy APIs. Moving forward, the recommended approach is to use the Microsoft Graph taxonomy API. This will require the Microsoft Graph `TermStore.ReadWrite.All` permission (delegated or application). See the [Microsoft Graph documentation](/graph/api/resources/termstore-set) for more details. + +## Can I still add OOB apps when I'm using the "classic" site contents page? + +When you're using the classic "Site Contents" page (`_layouts/15/viewlsts.aspx`), and you click on "add an app", the list of apps you can add will be a mix of OOB (out-of-the-box) apps (e.g. Document Library, Custom List, Form Library) and any installed SharePoint Add-Ins. When SharePoint Add-Ins retire, this page will continue to list the OOB apps, which can still be added to the site. + +## Are SharePoint CSOM or SharePoint JSOM part of this retirement? + +No, both CSOM (client-side object model) and JSOM (JavaScript object model) will continue working after Add-Ins and Azure ACS have been fully retired. However, for new applications, and updates to existing applications, we recommend using the Microsoft Graph and SharePoint REST APIs for client-side code. For server-side code the recommendation is to use Microsoft Graph as a first choice. If the functionality you need is not yet available in the Microsoft Graph, then SharePoint REST or SharePoint CSOM can be used. + +## When I use appregnew.aspx the created ACS principals show up in Entra + +As of December 2024 we've streamlined the app creation flow and as a result ACS principals created using appregnew.aspx now show are created as "regular" Entra app principal versus previously service principals with `legacyServicePrincipal` property set to `Legacy`. These app principals are detected by the [Microsoft 365 Assessment tool](https://aka.ms/microsoft365assessmenttool), however you need version 1.10.0 to ensure the principal validity is correctly reported. Note, if you want to renew the secret of these principals ensure you're using the right approach as described in [Replace an expiring client secret in a SharePoint Add-in](replace-an-expiring-client-secret-in-a-sharepoint-add-in.md). + +## Do I need to delete Azure ACS principals that are not needed anymore? + +Azure ACS principals will automatically expire (default lifetime is 2 years) so no action is needed; you can just let the principals expire. If you want to delete the principals after remediation, then follow this guidance: + +- For principals that have Site, Web or List permissions, navigate to the site collection holding the principal and append `_layouts/15/appprincipals.aspx` to the url to load the **Site Collection App Permissions** page. On this page, delete the unwanted principals by clicking on the **X** icon. +- For principals that have tenant permissions, copy the principal app id from the report and navigate to the [Microsoft Entra Enterprise Applications view](https://entra.microsoft.com/#view/Microsoft_AAD_IAM/EnterpriseApplicationListBladeV2), paste the app id in the search box and press **enter**. Click on the displayed enterprise app to load it, click on **Properties**, then click **Delete**. + +For principals that have Site, Web or List permissions **and** Tenant permissions, you'll need to follow both procedures described above. + +A good practice is for admins to turn off Azure ACS app-only access for the entire tenant, having first ensured there is no remaining business relevant Azure ACS usage, as mentioned in the [Azure ACS retirement announcement](https://aka.ms/retirement/acs/support). Doing this will automatically prevent any remaining un-expired principals from working. + +## Can I rely on unpublished offers in Partner Center for managing a multi-tenant Client ID for customers? + +No, offers setup in Partner Center must be published on Microsoft stores before using the client IDs in production. diff --git a/docs/sp-add-ins/add-sharepoint-write-operations-to-the-provider-hosted-add-in.md b/docs/sp-add-ins/add-sharepoint-write-operations-to-the-provider-hosted-add-in.md index 1dfef82d1..66d8feec5 100644 --- a/docs/sp-add-ins/add-sharepoint-write-operations-to-the-provider-hosted-add-in.md +++ b/docs/sp-add-ins/add-sharepoint-write-operations-to-the-provider-hosted-add-in.md @@ -1,12 +1,14 @@ --- title: Add SharePoint write operations to the provider-hosted add-in description: Write data to SharePoint in a provider-hosted SharePoint Add-in - change a column value on a list item, request Write permission, create a new custom list and insert an item into the list, and check for deleted components. -ms.date: 10/21/2019 +ms.date: 09/26/2023 ms.localizationpriority: medium --- # Add SharePoint write operations to the provider-hosted add-in -This is the fifth in a series of articles about the basics of developing provider-hosted SharePoint Add-ins. You should first be familiar with [SharePoint Add-ins](sharepoint-add-ins.md) and the previous articles in this series, which you can find at [Get started creating provider-hosted SharePoint Add-ins](get-started-creating-provider-hosted-sharepoint-add-ins.md#SP15createprovider_nextsteps). +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + +This is the fifth in a series of articles about the basics of developing provider-hosted SharePoint Add-ins. You should first be familiar with [SharePoint Add-ins](sharepoint-add-ins.md) and the previous articles in this series, which you can find at [Get started creating provider-hosted SharePoint Add-ins](get-started-creating-provider-hosted-sharepoint-add-ins.md#next-steps). > [!NOTE] > If you have been working through this series about provider-hosted add-ins, you have a Visual Studio solution that you can use to continue with this topic. You can also download the repository at [SharePoint_Provider-hosted_Add-Ins_Tutorials](https://github.com/OfficeDev/SharePoint_Provider-hosted_Add-ins_Tutorials) and open the BeforeSharePointWriteOps.sln file. @@ -20,8 +22,8 @@ Our add-in has a custom ribbon button that adds an employee from the Hong Kong S > [!NOTE] > The settings for Startup Projects in Visual Studio tend to revert to defaults whenever the solution is reopened. Always take these steps immediately after reopening the sample solution in this series of articles: > -> 1. Right-click the solution node at the top of **Solution Explorer**, and then select **Set startup projects**. -> 2. Ensure that all three projects are set to **Start** in the **Action** column. +> 1. Right-click the solution node at the top of **Solution Explorer**, and then select **Set startup projects**. +> 1. Ensure that all three projects are set to **Start** in the **Action** column. 1. In **Solution Explorer**, open the EmployeeAdder.aspx.cs file. 1. Add the following line to the **Page_Load** method between the call of `AddLocalEmployeeToCorpDB` and the call of `Response.Redirect`. In the next step, you create the **SetLocalEmployeeSyncStatus** method. @@ -34,7 +36,7 @@ Our add-in has a custom ribbon button that adds an employee from the Hong Kong S 1. Add the following new method to the `EmployeeAdder` class. ```csharp - private void SetLocalEmployeeSyncStatus() + private void SetLocalEmployeeSyncStatus() { using (var clientContext = spContext.CreateUserClientContextForSPHost()) { @@ -47,11 +49,11 @@ Our add-in has a custom ribbon button that adds an employee from the Hong Kong S } ``` - Note the following about this code: - - - The internal name for the **Added to Corporate DB** field is odd-looking. Internal field names cannot contain spaces, so when a user creates a field with spaces in its display name, SharePoint substitutes the string "_x0020_" for each space when it sets the internal name. This turns "Added to Employee DB" into "Added_x0020_to_x0020_Corporate_x0020_DB". Internal names cannot be more than 32 characters, so the name is truncated to just "Added_x0020_to_x0020_Corporate_x". - - Although the **Added to Corporate DB** column is called a **Yes/No** field in the SharePoint UI, it is really a boolean, so its value is set to **true**, not **Yes**. - - The **Update** method of the **ListItem** class must be called to commit the changes to SharePoint's content database. It is a general, but not quite universal, rule that when you change a property value of an object that is stored in the SharePoint databases, you must call the object's **Update** method. + > NOTE: + > + > - The internal name for the **Added to Corporate DB** field is odd-looking. Internal field names cannot contain spaces, so when a user creates a field with spaces in its display name, SharePoint substitutes the string "_x0020_" for each space when it sets the internal name. This turns "Added to Employee DB" into "Added_x0020_to_x0020_Corporate_x0020_DB". Internal names cannot be more than 32 characters, so the name is truncated to just "Added_x0020_to_x0020_Corporate_x". + > - Although the **Added to Corporate DB** column is called a **Yes/No** field in the SharePoint UI, it is really a boolean, so its value is set to **true**, not **Yes**. + > - The **Update** method of the **ListItem** class must be called to commit the changes to SharePoint's content database. It is a general, but not quite universal, rule that when you change a property value of an object that is stored in the SharePoint databases, you must call the object's **Update** method. ## Request permission to write to the host web list @@ -63,7 +65,7 @@ Because the add-in is now writing to the list as well as reading it, we need to ## Run the add-in and test the button -1. Use the F5 key to deploy and run your add-in. Visual Studio hosts the remote web application in IIS Express and hosts the SQL database in SQL Express. It also makes a temporary installation of the add-in on your test SharePoint site and immediately runs the add-in. You are prompted to grant permissions to the add-in before its start page opens. +1. Use the F5 key to deploy and run your add-in. Visual Studio hosts the remote web application in IIS Express and hosts the SQL database in SQL Express. It also makes a temporary installation of the add-in on your test SharePoint site and immediately runs the add-in. You are prompted to grant permissions to the add-in before its start page opens. 1. On the permission form, select **Local Employees** from the list, and then select **Trust it**. 1. When the add-in's start page opens, click **Back to Site** on the chrome control at the top. 1. From the website's home page, go to **Site Contents** > **Local Employees**. The list view page opens. @@ -73,8 +75,8 @@ Because the add-in is now writing to the list as well as reading it, we need to 1. Select the **Add to Corporate DB** button. (You must select an item first.) 1. The page seems to reload because the **Page_Load** method of the EmployeeAdder page redirects back to it. The value of the **Added to Corporate DB** field for the employee changes to **Yes**. - > [!NOTE] - > What prevents a user from manually changing the value **Added to Corporate DB** in a way that makes the list and the corporate database inconsistent? Nothing does at the moment. You'll get the solution to this problem in a later article of this series. + > [!NOTE] + > What prevents a user from manually changing the value **Added to Corporate DB** in a way that makes the list and the corporate database inconsistent? Nothing does at the moment. You'll get the solution to this problem in a later article of this series. 1.To end the debugging session, close the browser window or stop debugging in Visual Studio. Each time you select F5, Visual Studio retracts the previous version of the add-in and installs the latest one. 1.Right-click the project in **Solution Explorer** and select **Retract**. @@ -140,44 +142,46 @@ Now you add a function to the add-in that creates an item in the **Expected Ship ``` Note the following about this code: - - A **ListItem** object is not created with a constructor. This is for performance reasons. A **ListItem** object has many properties (with default values). If a constructor is used, the entire object would be included in the XML message that the **ExecuteQuery** method sends to the server. + - A **ListItem** object is not created with a constructor. This is for performance reasons. A **ListItem** object has many properties (with default values). If a constructor is used, the entire object would be included in the XML message that the **ExecuteQuery** method sends to the server. - The **ListItemCreationInformation** object is a lightweight object that only contains the minimal non-default values that the server needs to create a **ListItem** object. It may appear that there is a line that creates a **ListItem** object, but recall that this line only adds some XML markup to a message that is sent to the server. The **ListItem** object is created there on the server. - There is no need to bring the **ListItem** object back down to the client, so there is no call to the **ClientContext.Load** method. - The code does not need to explicitly set the **Arrived** or **Added to Inventory** fields because they have default values of **No**, which is what we want. ## Check for deleted components -Anyone with list owner privileges for a SharePoint list can delete the list. And if the list is deployed to the host web by an add-in, the website owner of the host web can delete it. That may happen if the owner decides to do without the functionality provided by the list. (It can be restored from the SharePoint Recycle Bin if the owner changes his mind.) +Anyone with list owner privileges for a SharePoint list can delete the list. And if the list is deployed to the host web by an add-in, the website owner of the host web can delete it. That may happen if the owner decides to do without the functionality provided by the list. (It can be restored from the SharePoint Recycle Bin if the owner changes his mind.) The **CreateExpectedShipment** method depends on the existence of the **Expected Shipments** list. Suppose a website owner decided to delete the list. Later, when an order is added with the add-in's **Order Form**, the **CreateExpectedShipment** method is called and throws an exception whose message says that there's no **Expected Shipments** list on the SharePoint website. You might want the method to check the `expectedShipmentsList` for nullity before it does anything with it. When you are working with CSOM, you can *not* make this check with a simple structure like this: -`if (expectedShipmentsList != null) { ... }` +``` +if (expectedShipmentsList != null) { ... } +``` -Instead, you need to use a special CSOM class called **ConditionalScope**. The reasons for this are connected to CSOM's batching system, which was mentioned in the previous article in this series (see [Client-side runtime and batching](get-a-quick-overview-of-the-sharepoint-object-model.md#CSOMBatching)). **ConditionalScope** and the batching system are advanced topics that are outside the scope of this getting started series, but you should see MSDN's documentation about them after you have completed this series of tutorials. +Instead, you need to use a special CSOM class called **ConditionalScope**. The reasons for this are connected to CSOM's batching system, which was mentioned in the previous article in this series (see [Client-side runtime and batching](get-a-quick-overview-of-the-sharepoint-object-model.md#client-side-runtime-and-batching)). **ConditionalScope** and the batching system are advanced topics that are outside the scope of this getting started series, but you should see MSDN's documentation about them after you have completed this series of tutorials. An alternative way to check for the existence of a list is as follows: instead of using the **GetByTitle** method to get a reference to the list, you can check to see if a list with the specified name is in the website's "list of lists" with code like the following. ```csharp -var query = from list in clientContext.Web.Lists - where list.Title == "Expected Shipments" - select list; -IEnumerable matchingLists = clientContext.LoadQuery(query); -clientContext.ExecuteQuery(); -if (matchingLists.Count() != 0) -{ - List expectedShipmentsList = matchingLists.Single(); - // Do something with the list. +var query = from list in clientContext.Web.Lists + where list.Title == "Expected Shipments" + select list; +IEnumerable matchingLists = clientContext.LoadQuery(query); +clientContext.ExecuteQuery(); +if (matchingLists.Count() != 0) +{ + List expectedShipmentsList = matchingLists.Single(); + // Do something with the list. } -clientContext.ExecuteQuery(); +clientContext.ExecuteQuery(); ``` -The preceding code has the advantage of allowing you to avoid the complications of the **ConditionalScope** class, and we use exactly this code elsewhere in this series of articles. But there is a disadvantage too: this code requires an extra call of **ExecuteQuery** solely to get the value you want to check in the **if** statement. +The preceding code has the advantage of allowing you to avoid the complications of the **ConditionalScope** class, and we use exactly this code elsewhere in this series of articles. But there is a disadvantage too: this code requires an extra call of **ExecuteQuery** solely to get the value you want to check in the **if** statement. If we use this technique in the **CreateExpectedShipment** method to check for the existence of the list, that method will have two calls of **ExecuteQuery**, each of which makes an HTTP request from the remote web server to SharePoint. These requests are the most time-consuming part of any CSOM method, so it is generally a good practice to minimize them. -We will leave the **CreateExpectedShipment** method as is, but in a production add-in, you need to think about how your code is going to work if a component that it references is deleted. Programmatically restoring the list from the Recycle Bin is one option, but that would annoy users who intentionally decided to delete the list. +We will leave the **CreateExpectedShipment** method as is, but in a production add-in, you need to think about how your code is going to work if a component that it references is deleted. Programmatically restoring the list from the Recycle Bin is one option, but that would annoy users who intentionally decided to delete the list. You should also consider that doing nothing at all to prevent the exception might be the best choice. An exception from SharePoint would alert users that the deletion of the list has broken part of the add-in, which is something the person who deleted it might not have realized. A user can then decide whether to restore the list from the Recycle Bin or do without the part of the add-in functionality that no longer works. @@ -192,12 +196,12 @@ Recall that when an add-in requests Read or Write permission with the scope of L ## Run the add-in and test the item creation -1. Use the F5 key to deploy and run your add-in. Visual Studio hosts the remote web application in IIS Express and hosts the SQL database in SQL Express. It also makes a temporary installation of the add-in on your test SharePoint site and immediately runs the add-in. You are prompted to grant permissions to the add-in before its start page opens. +1. Use the F5 key to deploy and run your add-in. Visual Studio hosts the remote web application in IIS Express and hosts the SQL database in SQL Express. It also makes a temporary installation of the add-in on your test SharePoint site and immediately runs the add-in. You are prompted to grant permissions to the add-in before its start page opens. 1. When the add-in's start page opens, select the **Order Form** link at the bottom of the page. 1. Enter some values in the form, and then select **Place Order**. 1. Use the browser's back button to go back to the start page, and then select **Back to Site** on the chrome control at the top. 1. From the home page of the Hong Kong SAR store, go to **Site Contents** and open the **Expected Shipments** list. There is now an item on the list corresponding to the order. The following screenshot is an example. - + *Figure 2. Expected Shipments list with a single item* ![The Expected Shipments list with a single item. The Product and Supplier fields have names. The Quantity field has a number. The two Yes/No fields are both set to "No."](../images/e4285084-d31e-4e79-a469-ddebbc7dfb18.PNG) @@ -206,6 +210,5 @@ Recall that when an add-in requests Read or Write permission with the scope of L 1. Right-click the project in **Solution Explorer** and select **Retract**. ## Next steps - In the next article, you'll learn how to surface the remote Order Form as a web part on a SharePoint page: [Include an add-in part in the provider-hosted add-in](include-an-add-in-part-in-the-provider-hosted-add-in.md). diff --git a/docs/sp-add-ins/authorization-and-authentication-of-sharepoint-add-ins.md b/docs/sp-add-ins/authorization-and-authentication-of-sharepoint-add-ins.md index 7c43db448..0d3ffe905 100644 --- a/docs/sp-add-ins/authorization-and-authentication-of-sharepoint-add-ins.md +++ b/docs/sp-add-ins/authorization-and-authentication-of-sharepoint-add-ins.md @@ -1,13 +1,17 @@ --- title: Authorization and authentication of SharePoint Add-ins description: Authentication and authorization in SharePoint is used to authorize requests by a SharePoint Add-in to access SharePoint resources. -ms.date: 12/26/2017 +ms.date: 09/26/2023 ms.localizationpriority: high --- # Authorization and authentication of SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + +[!INCLUDE [azure-acs-retirement](../../includes/snippets/azure-acs-deprecation.md)] + When a *user* signs in to SharePoint, the user's security token is validated. The token is issued by an identity provider. SharePoint supports several kinds of user authentication. For more information, see [Authentication, authorization, and security in SharePoint](../general-development/authentication-authorization-and-security-in-sharepoint.md). SharePoint Add-ins are also security principals that need to be authenticated and authorized. Add-ins can be authenticated and authorized in several different ways. For more information, see [Three authorization systems for SharePoint Add-ins](three-authorization-systems-for-sharepoint-add-ins.md). diff --git a/docs/sp-add-ins/authorization-code-oauth-flow-for-sharepoint-add-ins.md b/docs/sp-add-ins/authorization-code-oauth-flow-for-sharepoint-add-ins.md index 3d745b08a..68af84323 100644 --- a/docs/sp-add-ins/authorization-code-oauth-flow-for-sharepoint-add-ins.md +++ b/docs/sp-add-ins/authorization-code-oauth-flow-for-sharepoint-add-ins.md @@ -1,16 +1,17 @@ --- title: Authorization Code OAuth flow for SharePoint Add-ins description: The OAuth flow for add-ins that request permission to access SharePoint resources on the fly, and how to use the **OAuthAuthorize.aspx** page and the SharePoint redirect URI. -ms.date: 06/13/2022 +ms.date: 09/26/2023 ms.localizationpriority: high --- # Authorization Code OAuth flow for SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + > [!NOTE] > This article assumes that you're familiar with [Creating SharePoint Add-ins that use low-trust authorization](creating-sharepoint-add-ins-that-use-low-trust-authorization.md) and with the concepts and principles behind OAuth. For more information about OAuth, see [OAuth.net](http://oauth.net/) and [Web Authorization Protocol (oauth)](http://datatracker.ietf.org/doc/active/#oauth). -> [!IMPORTANT] -> Azure Access Control (ACS), a service of Azure Active Directory (Azure AD), will be retired on November 7, 2018. This retirement doesn't impact the SharePoint Add-in model, which uses the **https://accounts.accesscontrol.windows.net** hostname (which isn't impacted by this retirement). For more information, see [Impact of Azure Access Control retirement for SharePoint Add-ins](https://developer.microsoft.com/office/blogs/impact-of-azure-access-control-deprecation-for-sharepoint-add-ins). +[!INCLUDE [azure-acs-retirement](../../includes/snippets/azure-acs-deprecation.md)] In some scenarios, an add-in can request permission to access SharePoint resources on the fly; that is, an add-in can request permission to access SharePoint resources dynamically at runtime, instead of at add-in installation time. This type of add-in doesn't have to be launched from, or even installed on, SharePoint. For example, it could be a native device add-in, an add-in that is launched from any website, or an Office Add-in launched from an Office application that wants to access resources on SharePoint on the fly. diff --git a/docs/sp-add-ins/choose-patterns-for-developing-and-hosting-your-sharepoint-add-in.md b/docs/sp-add-ins/choose-patterns-for-developing-and-hosting-your-sharepoint-add-in.md index 59bb99bcf..4d31542c2 100644 --- a/docs/sp-add-ins/choose-patterns-for-developing-and-hosting-your-sharepoint-add-in.md +++ b/docs/sp-add-ins/choose-patterns-for-developing-and-hosting-your-sharepoint-add-in.md @@ -1,12 +1,14 @@ --- title: Choose patterns for developing and hosting your SharePoint Add-in description: Match your hosting pattern to development goals, choose a pattern for provider-hosted add-ins, combine provider hosting and SharePoint hosting, and use add-ins in Azure Web Roles. -ms.date: 02/05/2021 +ms.date: 09/26/2023 ms.localizationpriority: high --- # Choose patterns for developing and hosting your SharePoint Add-in +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + The SharePoint Add-in model introduces a wide range of hosting and development patterns. Some of these patterns can be used in combination with each other. For example, your add-ins can mix SharePoint-hosted and remotely hosted components. The most useful way to determine which patterns you'll want to use is to start with your own requirements, technologies, and goals and match them with the options and possibilities that are enabled by SharePoint Add-ins. ## What to think about when choosing your development pattern diff --git a/docs/sp-add-ins/complete-basic-operations-using-javascript-library-code-in-sharepoint.md b/docs/sp-add-ins/complete-basic-operations-using-javascript-library-code-in-sharepoint.md index 6b9d08c5d..25538899c 100644 --- a/docs/sp-add-ins/complete-basic-operations-using-javascript-library-code-in-sharepoint.md +++ b/docs/sp-add-ins/complete-basic-operations-using-javascript-library-code-in-sharepoint.md @@ -1,12 +1,14 @@ --- title: Complete basic operations using JavaScript library code in SharePoint description: Write code to perform basic operations using the JavaScript client object model in SharePoint. -ms.date: 5/6/2019 +ms.date: 09/26/2023 ms.localizationpriority: high --- # Complete basic operations using JavaScript library code in SharePoint +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + > [!WARNING] > This information is only valid when you use classic SharePoint experiences in SharePoint Online or in on-premises. Usage of classic SharePoint JavaScript Client Object Model is not supported with the modern experiences or with SharePoint Framework. diff --git a/docs/sp-add-ins/complete-basic-operations-using-sharepoint-client-library-code.md b/docs/sp-add-ins/complete-basic-operations-using-sharepoint-client-library-code.md index 53a803fa7..2bb55290e 100644 --- a/docs/sp-add-ins/complete-basic-operations-using-sharepoint-client-library-code.md +++ b/docs/sp-add-ins/complete-basic-operations-using-sharepoint-client-library-code.md @@ -1,13 +1,15 @@ --- title: Complete basic operations using SharePoint client library code description: Write code to perform basic operations with the SharePoint .NET Framework client object model (CSOM). -ms.date: 6/16/2022 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- # Complete basic operations using SharePoint client library code +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + You can use the SharePoint client object model (CSOM) to retrieve, update, and manage data in SharePoint. SharePoint makes the CSOM available in several forms: - .NET Framework redistributable assemblies diff --git a/docs/sp-add-ins/context-token-oauth-flow-for-sharepoint-add-ins.md b/docs/sp-add-ins/context-token-oauth-flow-for-sharepoint-add-ins.md index 6cacaf61b..03a8475d9 100644 --- a/docs/sp-add-ins/context-token-oauth-flow-for-sharepoint-add-ins.md +++ b/docs/sp-add-ins/context-token-oauth-flow-for-sharepoint-add-ins.md @@ -1,17 +1,18 @@ --- title: Context Token OAuth flow for SharePoint Add-ins description: The OAuth authentication and authorization flow for low-trust, provider-hosted add-ins in SharePoint. -ms.date: 03/23/2021 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- # Context Token OAuth flow for SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + In SharePoint, the OAuth authentication and authorization flow for a provider-hosted, low-trust, add-in involves a series of interactions among your add-in, SharePoint, the authorization server, and the browser at runtime. The authorization server in this scenario is Microsoft Azure Access Control Service (ACS). -> [!IMPORTANT] -> Azure Access Control (ACS), a service of Azure Active Directory (Azure AD), will be retired on November 7, 2018. This retirement does not impact the SharePoint Add-in model, which uses the `https://accounts.accesscontrol.windows.net` hostname (which is not impacted by this retirement). For more information, see [Impact of Azure Access Control retirement for SharePoint Add-ins](https://developer.microsoft.com/office/blogs/impact-of-azure-access-control-deprecation-for-sharepoint-add-ins). +[!INCLUDE [azure-acs-retirement](../../includes/snippets/azure-acs-deprecation.md)] With a provider-hosted add-in, you have a remote web application or service that is separate from SharePoint, and not part of the SharePoint farm or SharePoint Online tenancy. It can be hosted in the cloud or on an on-premises server. In this article, the remote component is called Contoso.com. diff --git a/docs/sp-add-ins/convert-an-autohosted-sharepoint-add-in-to-a-provider-hosted-add-in.md b/docs/sp-add-ins/convert-an-autohosted-sharepoint-add-in-to-a-provider-hosted-add-in.md index eb9285995..e716bb8bc 100644 --- a/docs/sp-add-ins/convert-an-autohosted-sharepoint-add-in-to-a-provider-hosted-add-in.md +++ b/docs/sp-add-ins/convert-an-autohosted-sharepoint-add-in-to-a-provider-hosted-add-in.md @@ -1,13 +1,15 @@ --- title: Convert an autohosted SharePoint Add-in to a provider-hosted add-in description: Steps to convert an autohosted SharePoint Add-in to a provider-hosted add-in, including deploying to Azure SQL, creating an Azure website, and registering the add-in. -ms.date: 06/13/2022 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- # Convert an autohosted SharePoint Add-in to a provider-hosted add-in +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + Microsoft SharePoint introduced a new approach to extending SharePoint sites in addition to the previous approach of using solution-based customizations. This new extensibility model for SharePoint, called the add-in model, enables developers to create custom implementations that can be deployed to SharePoint environments regardless of whether they are running in an on-premises, SharePoint Online, or hybrid deployment. Developers can build two different types of SharePoint Add-ins. The first type, a SharePoint-hosted add-in, primarily runs in the browser, and all the assets that support it such as HTML, CSS, images, and JavaScript are stored and served by SharePoint. The other types of add-ins fall into the Cloud Add-in model (CAM) and primarily run external to SharePoint on another server and communicate with SharePoint by using the client-side object model (CSOM) and REST API. They establish an identity using the popular OAuth 2.0 protocol supported by SharePoint. diff --git a/docs/sp-add-ins/create-a-custom-proxy-page-for-the-cross-domain-library-in-sharepoint.md b/docs/sp-add-ins/create-a-custom-proxy-page-for-the-cross-domain-library-in-sharepoint.md index fd6c89d9b..ca9d09c5a 100644 --- a/docs/sp-add-ins/create-a-custom-proxy-page-for-the-cross-domain-library-in-sharepoint.md +++ b/docs/sp-add-ins/create-a-custom-proxy-page-for-the-cross-domain-library-in-sharepoint.md @@ -1,7 +1,7 @@ --- title: Create a custom proxy page for the cross-domain library in SharePoint description: Create a custom proxy page to access data in a remote service from a SharePoint webpage by using the cross domain library in SharePoint. -ms.date: 12/22/2017 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- @@ -9,6 +9,8 @@ ms.service: sharepoint # Create a custom proxy page for the cross-domain library in SharePoint +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + When you are building SharePoint Add-ins, you usually have to incorporate data from various sources. However, for security reasons, there are blocking mechanisms that prevent communication with more than one domain at a time. You can use the cross-domain library to access data in your remote add-in if you provide a custom proxy page that is hosted in the remote add-in infrastructure. As the developer, you are responsible for implementing the custom proxy page, and have to deal with custom logic, such as the authentication mechanism to the remote add-in. Use the cross-domain library with a custom proxy page if you want the communication to occur at the client level. diff --git a/docs/sp-add-ins/create-a-custom-ribbon-button-in-the-host-web-of-a-sharepoint-add-in.md b/docs/sp-add-ins/create-a-custom-ribbon-button-in-the-host-web-of-a-sharepoint-add-in.md index 1c6d156e4..7a9c2db63 100644 --- a/docs/sp-add-ins/create-a-custom-ribbon-button-in-the-host-web-of-a-sharepoint-add-in.md +++ b/docs/sp-add-ins/create-a-custom-ribbon-button-in-the-host-web-of-a-sharepoint-add-in.md @@ -1,7 +1,7 @@ --- title: Create a custom ribbon button in the host web of a SharePoint Add-in description: Prepare the host web, add a ribbon custom action, inspect the add-in web feature, and run and test the add-in. -ms.date: 12/04/2017 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- @@ -9,6 +9,8 @@ ms.service: sharepoint # Create a custom ribbon button in the host web of a SharePoint Add-in +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + This is the ninth in a series of articles about the basics of developing SharePoint-hosted SharePoint Add-ins. You should first be familiar with [SharePoint Add-ins](sharepoint-add-ins.md) and the previous articles in this series, which you can find at [Get started creating SharePoint-hosted SharePoint Add-ins | Next steps](get-started-creating-sharepoint-hosted-sharepoint-add-ins.md#next-steps). > [!NOTE] diff --git a/docs/sp-add-ins/create-a-developer-site-on-an-existing-office-365-subscription.md b/docs/sp-add-ins/create-a-developer-site-on-an-existing-office-365-subscription.md index 3172d8a61..86add37f6 100644 --- a/docs/sp-add-ins/create-a-developer-site-on-an-existing-office-365-subscription.md +++ b/docs/sp-add-ins/create-a-developer-site-on-an-existing-office-365-subscription.md @@ -1,12 +1,14 @@ --- title: Create a developer site on an existing Office 365 subscription description: Set up an Office 365 developer site for SharePoint Add-ins. -ms.date: 08/24/2020 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- # Create a developer site on an existing Office 365 subscription +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + An Office 365 developer site makes it easier to get set up and start creating, testing, and deploying your Office and SharePoint Add-ins more quickly. Many Office 365 Business, Enterprise, Education, and Government subscriptions include a site template that you can use to create a developer site. ### Before you start diff --git a/docs/sp-add-ins/create-a-handler-for-the-update-event-in-sharepoint-add-ins.md b/docs/sp-add-ins/create-a-handler-for-the-update-event-in-sharepoint-add-ins.md index 722b5aa0c..d2eafb809 100644 --- a/docs/sp-add-ins/create-a-handler-for-the-update-event-in-sharepoint-add-ins.md +++ b/docs/sp-add-ins/create-a-handler-for-the-update-event-in-sharepoint-add-ins.md @@ -1,13 +1,15 @@ --- title: Create a handler for the update event in SharePoint Add-ins description: Create and use a handler and apply rollback logic for the update event of a SharePoint Add-in. -ms.date: 11/02/2017 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- # Create a handler for the update event in SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + Before you begin, be thoroughly familiar with both [Handling add-in events](handle-events-in-sharepoint-add-ins.md#HandlingAppEvents) and [Update SharePoint Add-ins](update-sharepoint-add-ins.md) and the prerequisites and core concepts listed in them. > [!NOTE] diff --git a/docs/sp-add-ins/create-a-provider-hosted-add-in-that-includes-a-custom-sharepoint-list-and-conte.md b/docs/sp-add-ins/create-a-provider-hosted-add-in-that-includes-a-custom-sharepoint-list-and-conte.md index 7b3c2715d..f58739f4d 100644 --- a/docs/sp-add-ins/create-a-provider-hosted-add-in-that-includes-a-custom-sharepoint-list-and-conte.md +++ b/docs/sp-add-ins/create-a-provider-hosted-add-in-that-includes-a-custom-sharepoint-list-and-conte.md @@ -1,7 +1,7 @@ --- title: Create a provider-hosted add-in that includes a custom SharePoint list and content type description: Create a SharePoint Add-in that combines a cloud-hosted web application with custom SharePoint-hosted list templates, list instances, and custom content types by using the Office Developer Tools for Visual Studio. -ms.date: 06/13/2022 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- @@ -9,6 +9,8 @@ ms.service: sharepoint # Create a provider-hosted add-in that includes a custom SharePoint list and content type +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + Create a SharePoint Add-in that combines a cloud-hosted web application with custom SharePoint-hosted list templates, list instances, and custom content types by using the Office Developer Tools for Visual Studio. Learn how to interact with SharePoint add-in webs by using the REST/OData web service, and how to implement OAuth in a SharePoint Add-in. Most classic SharePoint components, such as custom content types, custom list definitions, and workflows, can be included in a cloud-hosted SharePoint Add-in. The simple example in this article contains the following: diff --git a/docs/sp-add-ins/create-a-remote-event-receiver-in-sharepoint-add-ins.md b/docs/sp-add-ins/create-a-remote-event-receiver-in-sharepoint-add-ins.md index b2375ec1e..e8303ccd6 100644 --- a/docs/sp-add-ins/create-a-remote-event-receiver-in-sharepoint-add-ins.md +++ b/docs/sp-add-ins/create-a-remote-event-receiver-in-sharepoint-add-ins.md @@ -1,7 +1,7 @@ --- title: Create a remote event receiver in SharePoint Add-ins description: Create a remote event receiver (RER) that handles list and list item events in a SharePoint Add-in. -ms.date: 12/22/2017 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- @@ -9,6 +9,8 @@ ms.service: sharepoint # Create a remote event receiver in SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + It is helpful if you first have an understanding of provider-hosted SharePoint Add-ins, and for you to have developed a few that go at least a little beyond the "Hello World" level. See [Get started creating provider-hosted SharePoint Add-ins](get-started-creating-provider-hosted-sharepoint-add-ins.md). Also, you should be familiar with [Handle events in SharePoint Add-ins](handle-events-in-sharepoint-add-ins.md). diff --git a/docs/sp-add-ins/create-add-in-parts-to-install-with-your-sharepoint-add-in.md b/docs/sp-add-ins/create-add-in-parts-to-install-with-your-sharepoint-add-in.md index c610cc366..749248add 100644 --- a/docs/sp-add-ins/create-add-in-parts-to-install-with-your-sharepoint-add-in.md +++ b/docs/sp-add-ins/create-add-in-parts-to-install-with-your-sharepoint-add-in.md @@ -1,13 +1,15 @@ --- title: Create add-in parts to install with your SharePoint Add-in description: Create an add-in part in SharePoint that is available in the Web Part Gallery of the host web when you install your SharePoint Add-in. -ms.date: 12/14/2020 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- # Create add-in parts to install with your SharePoint Add-in +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + With add-in parts, you can show your add-in user experience right in the SharePoint website pages. An add-in part displays the webpage (which is typically an interactive form or a dynamic display of data) that you specify by using an **IFrame** (also referred to as a frame) in a page in the [host web](host-webs-add-in-webs-and-sharepoint-components-in-sharepoint.md). For more background about add-in parts, see the following articles: diff --git a/docs/sp-add-ins/create-an-add-in-event-receiver-in-sharepoint-add-ins.md b/docs/sp-add-ins/create-an-add-in-event-receiver-in-sharepoint-add-ins.md index b6de616b5..b2f22dd53 100644 --- a/docs/sp-add-ins/create-an-add-in-event-receiver-in-sharepoint-add-ins.md +++ b/docs/sp-add-ins/create-an-add-in-event-receiver-in-sharepoint-add-ins.md @@ -1,7 +1,7 @@ --- title: Create an add-in event receiver in SharePoint Add-ins description: Create handlers for the SharePoint Add-in install and uninstall events in SharePoint Add-ins. -ms.date: 12/22/2017 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- @@ -9,6 +9,8 @@ ms.service: sharepoint # Create an add-in event receiver in SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + It is helpful if you first have an understanding of provider-hosted SharePoint Add-ins, and for you to have developed a few that go at least a little beyond the "Hello World" level. See [Get started creating provider-hosted SharePoint Add-ins](get-started-creating-provider-hosted-sharepoint-add-ins.md). Also, you should be familiar with [Handle events in SharePoint Add-ins](handle-events-in-sharepoint-add-ins.md). diff --git a/docs/sp-add-ins/create-and-use-access-tokens-in-provider-hosted-high-trust-sharepoint-add-ins.md b/docs/sp-add-ins/create-and-use-access-tokens-in-provider-hosted-high-trust-sharepoint-add-ins.md index 77194674b..d7fa8a4a2 100644 --- a/docs/sp-add-ins/create-and-use-access-tokens-in-provider-hosted-high-trust-sharepoint-add-ins.md +++ b/docs/sp-add-ins/create-and-use-access-tokens-in-provider-hosted-high-trust-sharepoint-add-ins.md @@ -1,13 +1,15 @@ --- title: Create and use access tokens in provider-hosted high-trust SharePoint Add-ins description: The role of access tokens in high-trust SharePoint Add-ins and how your code creates and passes the access token. -ms.date: 12/29/2017 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- # Create and use access tokens in provider-hosted high-trust SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + > [!IMPORTANT] > This article is entirely about the use of access tokens in the high-trust authorization system, not the ACS system. For information about the user of security tokens in the ACS system, see [Handle security tokens in provider-hosted low-trust SharePoint Add-ins](handle-security-tokens-in-provider-hosted-low-trust-sharepoint-add-ins.md). diff --git a/docs/sp-add-ins/create-custom-actions-to-deploy-with-sharepoint-add-ins.md b/docs/sp-add-ins/create-custom-actions-to-deploy-with-sharepoint-add-ins.md index b3a8e5e1b..00b7771c6 100644 --- a/docs/sp-add-ins/create-custom-actions-to-deploy-with-sharepoint-add-ins.md +++ b/docs/sp-add-ins/create-custom-actions-to-deploy-with-sharepoint-add-ins.md @@ -1,13 +1,15 @@ --- title: Create custom actions to deploy with SharePoint Add-ins description: Create a custom action in SharePoint that deploys to the host web when you deploy a SharePoint Add-in. -ms.date: 12/20/2017 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- # Create custom actions to deploy with SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + When you are creating a SharePoint Add-in, custom actions let you interact with the lists and the ribbon in the host web. A custom action deploys to the host web when end users install your add-in. Custom actions can open a remote webpage and pass information through the query string. Two types of custom actions are available for add-ins: **Ribbon** and **Menu Item**. diff --git a/docs/sp-add-ins/create-high-trust-sharepoint-add-ins.md b/docs/sp-add-ins/create-high-trust-sharepoint-add-ins.md index c4ba2a9a1..499230144 100644 --- a/docs/sp-add-ins/create-high-trust-sharepoint-add-ins.md +++ b/docs/sp-add-ins/create-high-trust-sharepoint-add-ins.md @@ -1,7 +1,7 @@ --- title: Create high-trust SharePoint Add-ins description: Use a high-trust add-in to establish a trust between the remote web application and SharePoint. Primarily intended for use with an on-premises, rather than cloud-based, web application. -ms.date: 12/29/2017 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- @@ -9,6 +9,8 @@ ms.service: sharepoint # Create high-trust SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + A high-trust add-in is a provider-hosted SharePoint Add-in that uses digital certificates to establish trust between the remote web application and SharePoint. "High-trust" is not the same as "full trust". A high-trust add-in must still request [add-in permissions](add-in-permissions-in-sharepoint.md). The add-in is considered "high-trust" because it is trusted to use any user identity that the add-in needs, because the add-in is responsible for creating the user portion of the access token that it passes to SharePoint. A high-trust SharePoint Add-in is primarily intended for use in an on-premises environment. The high-trust add-in cannot be installed to Microsoft SharePoint Online, and the remote components are typically installed on-premises, too, within the corporate firewall. Thus, the instances of the SharePoint Add-in are specific to each individual company. diff --git a/docs/sp-add-ins/create-provider-hosted-sharepoint-add-ins-to-access-sap-data-by-using-the-sap-ga.md b/docs/sp-add-ins/create-provider-hosted-sharepoint-add-ins-to-access-sap-data-by-using-the-sap-ga.md index 5ab3bc06f..16804f239 100644 --- a/docs/sp-add-ins/create-provider-hosted-sharepoint-add-ins-to-access-sap-data-by-using-the-sap-ga.md +++ b/docs/sp-add-ins/create-provider-hosted-sharepoint-add-ins-to-access-sap-data-by-using-the-sap-ga.md @@ -1,13 +1,15 @@ --- title: Create provider-hosted SharePoint Add-ins to access SAP data description: Design a SharePoint Add-in to get authorized access to SAP by using the SAP Gateway for Microsoft. -ms.date: 11/03/2022 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- # Create provider-hosted SharePoint Add-ins to access SAP data by using the SAP Gateway for Microsoft +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + You can create a SharePoint Add-in that reads and writes SAP data, and optionally reads and writes SharePoint data, by using the SAP Gateway for Microsoft and the Azure Active Directory Authentication Library for .NET. This article provides the procedures for how you can design the SharePoint Add-in to get authorized access to SAP. ## Prerequisites @@ -38,8 +40,7 @@ The process involves an OAuth "flow" in which the application, which can be a Sh > [!TIP] > If your SharePoint Add-in accesses SharePoint in addition to accessing SAP Gateway for Microsoft, it needs to use *both* systems: Azure AD to get an access token to SAP Gateway for Microsoft, and the ACS authorization system to get an access token to SharePoint. The tokens from the two sources are not interchangeable. For more information, see [Add SharePoint access to the ASP.NET application (optional)](#add-sharepoint-access-to-the-aspnet-application-optional). -> [!IMPORTANT] -> Azure Access Control (ACS), a service of Azure Active Directory (Azure AD), will be retired on November 7, 2018. This retirement does not impact the SharePoint Add-in model, which uses the `https://accounts.accesscontrol.windows.net` hostname (which is not impacted by this retirement). For more information, see [Impact of Azure Access Control retirement for SharePoint Add-ins](https://developer.microsoft.com/office/blogs/impact-of-azure-access-control-deprecation-for-sharepoint-add-ins). +[!INCLUDE [azure-acs-retirement](../../includes/snippets/azure-acs-deprecation.md)] For a detailed description and diagram of the OAuth flow used by OAuth 2.0 in Azure AD, see [Authorize access to web applications using OAuth 2.0 and Azure Active Directory](/azure/active-directory/develop/active-directory-protocols-oauth-code). diff --git a/docs/sp-add-ins/create-sharepoint-add-ins-in-visual-studio.md b/docs/sp-add-ins/create-sharepoint-add-ins-in-visual-studio.md index 0ed08dd51..8c0e9f7c5 100644 --- a/docs/sp-add-ins/create-sharepoint-add-ins-in-visual-studio.md +++ b/docs/sp-add-ins/create-sharepoint-add-ins-in-visual-studio.md @@ -1,13 +1,15 @@ --- title: Create SharePoint Add-ins in Visual Studio description: Develop SharePoint Add-ins using templates for projects and project items in Visual Studio. -ms.date: 11/03/2017 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- # Create SharePoint Add-ins in Visual Studio +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + You can develop SharePoint Add-ins by using new templates for projects and project items in **vsnv**. diff --git a/docs/sp-add-ins/create-ux-components-in-sharepoint.md b/docs/sp-add-ins/create-ux-components-in-sharepoint.md index 9c4286bcf..e95f4ea54 100644 --- a/docs/sp-add-ins/create-ux-components-in-sharepoint.md +++ b/docs/sp-add-ins/create-ux-components-in-sharepoint.md @@ -1,13 +1,15 @@ --- title: Create UX components in SharePoint description: Create UX components for your add-ins in SharePoint. -ms.date: 12/14/2017 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- # Create UX components in SharePoint +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + The model for SharePoint Add-ins offers many UX components and mechanisms that help you build a great user experience in SharePoint Add-ins. The user experience in the add-in model is also flexible enough to let you use the techniques and platforms that best adapt to the needs of end users. The following table lists resources to help you learn about creating and using UX components in add-ins. diff --git a/docs/sp-add-ins/creating-sharepoint-add-ins-that-use-high-trust-authorization.md b/docs/sp-add-ins/creating-sharepoint-add-ins-that-use-high-trust-authorization.md index 9c5994526..504f310c0 100644 --- a/docs/sp-add-ins/creating-sharepoint-add-ins-that-use-high-trust-authorization.md +++ b/docs/sp-add-ins/creating-sharepoint-add-ins-that-use-high-trust-authorization.md @@ -1,7 +1,7 @@ --- title: Creating SharePoint Add-ins that use high-trust authorization description: A provider-hosted add-in can establish trust with SharePoint by using digital certificates to establish trust between SharePoint and the on-premises remote components that access SharePoint. -ms.date: 12/27/2017 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- @@ -9,6 +9,8 @@ ms.service: sharepoint # Creating SharePoint Add-ins that use high-trust authorization +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + A high-trust add-in is a provider-hosted SharePoint Add-in that is installed to an on-premises SharePoint farm. It cannot be installed to Microsoft SharePoint Online or marketed through the Office Store. A high-trust add-in uses a certificate instead of a context token to establish trust. > [!NOTE] diff --git a/docs/sp-add-ins/creating-sharepoint-add-ins-that-use-low-trust-authorization.md b/docs/sp-add-ins/creating-sharepoint-add-ins-that-use-low-trust-authorization.md index 2637f2d01..4b7b40a2d 100644 --- a/docs/sp-add-ins/creating-sharepoint-add-ins-that-use-low-trust-authorization.md +++ b/docs/sp-add-ins/creating-sharepoint-add-ins-that-use-low-trust-authorization.md @@ -1,17 +1,18 @@ --- title: Creating SharePoint Add-ins that use low-trust authorization description: A provider-hosted SharePoint Add-in can get access to resources in the SharePoint tenancy or farm on which the add-in is installed. Primarily intended for add-ins whose remote components are hosted in the cloud. -ms.date: 06/13/2022 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- # Creating SharePoint Add-ins that use low-trust authorization +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + Remote components in a SharePoint Add-in (or external application) can gain authorization to SharePoint resources by passing an access token to SharePoint with each HTTP request. The remote components obtain the access token from a Microsoft Azure Access Control Service (ACS) account that is associated with the customer's Office 365 tenancy. Azure ACS acts as the authorization server in an [OAuth 2.0](http://oauth.net/) transaction, called a flow, with SharePoint as the resource server and the remote components as the client. For related protocol specifications, see [Web Authorization Protocol (oauth)](http://datatracker.ietf.org/doc/active/#oauth). -> [!IMPORTANT] -> Azure Access Control (ACS), a service of Azure Active Directory (Azure AD), will be retired on November 7, 2018. This retirement does not impact the SharePoint Add-in model, which uses the `https://accounts.accesscontrol.windows.net` hostname (which is not impacted by this retirement). For more information, see [Impact of Azure Access Control retirement for SharePoint Add-ins](https://developer.microsoft.com/office/blogs/impact-of-azure-access-control-deprecation-for-sharepoint-add-ins/). +[!INCLUDE [azure-acs-retirement](../../includes/snippets/azure-acs-deprecation.md)] Provider-hosted SharePoint Add-ins that use the low-trust authorization system can be sold in the Office Store and installed on either Microsoft SharePoint Online or an on-premises SharePoint farm that has been configured to use the customer's Office 365 tenancy to establish trust with Azure ACS. The customer must have an Office 365 tenancy to install SharePoint Add-ins that use the low-trust system. However, it is not necessary for the customer to use the tenancy for any other purpose. For instructions about linking an on-premises farm to an Office 365 tenancy, see [Use an Office 365 SharePoint site to authorize provider-hosted add-ins on an on-premises SharePoint site](use-an-office-365-sharepoint-site-to-authorize-provider-hosted-add-ins-on-an-on.md). diff --git a/docs/sp-add-ins/creating-sharepoint-add-ins-that-use-the-cross-domain-library.md b/docs/sp-add-ins/creating-sharepoint-add-ins-that-use-the-cross-domain-library.md index 847c4ff90..ea0b574ca 100644 --- a/docs/sp-add-ins/creating-sharepoint-add-ins-that-use-the-cross-domain-library.md +++ b/docs/sp-add-ins/creating-sharepoint-add-ins-that-use-the-cross-domain-library.md @@ -1,13 +1,15 @@ --- title: Creating SharePoint Add-ins that use the cross-domain library description: Intended for scenarios where the add-in has cloud-hosted components, but the customer's corporate firewall makes it difficult to use the low-trust system. The user's browser blocks scripts from other domains, but the JavaScript library encapsulates a secure system for working around this restriction. -ms.date: 03/08/2023 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- # Creating SharePoint Add-ins that use the cross-domain library +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + There are some scenarios in which neither the low-trust nor the high-trust authorization systems can be used by a SharePoint Add-in, or they are not a good choice as the only means for the add-in to gain authorization to SharePoint resources. Examples: diff --git a/docs/sp-add-ins/customize-a-list-view-in-sharepoint-add-ins-using-client-side-rendering.md b/docs/sp-add-ins/customize-a-list-view-in-sharepoint-add-ins-using-client-side-rendering.md index 9ffa3fd8c..0a8c25081 100644 --- a/docs/sp-add-ins/customize-a-list-view-in-sharepoint-add-ins-using-client-side-rendering.md +++ b/docs/sp-add-ins/customize-a-list-view-in-sharepoint-add-ins-using-client-side-rendering.md @@ -1,7 +1,7 @@ --- title: Customize a list view in SharePoint Add-ins using client-side rendering description: Customize a list view in a SharePoint-hosted add-in by using the client-side rendering technology in SharePoint. -ms.date: 12/20/2017 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- @@ -9,6 +9,8 @@ ms.service: sharepoint # Customize a list view in SharePoint Add-ins using client-side rendering +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + In SharePoint, client-side rendering provides a way for you to produce your own output for a set of controls that are hosted on a SharePoint page. It enables you to use well-known technologies, such as HTML and JavaScript, to define the rendering logic of SharePoint list views. With client-side rendering, you can specify your own JavaScript resources and host them in the data storage options that are available to your add-ins, such as in a document library. A SharePoint-hosted add-in includes only SharePoint components. A SharePoint-hosted add-in has its resources in an isolated subsite of the host web, called the add-in web. diff --git a/docs/sp-add-ins/debug-and-troubleshoot-a-remote-event-receiver-in-a-sharepoint-add-in.md b/docs/sp-add-ins/debug-and-troubleshoot-a-remote-event-receiver-in-a-sharepoint-add-in.md index 1d8751e96..654b85d3b 100644 --- a/docs/sp-add-ins/debug-and-troubleshoot-a-remote-event-receiver-in-a-sharepoint-add-in.md +++ b/docs/sp-add-ins/debug-and-troubleshoot-a-remote-event-receiver-in-a-sharepoint-add-in.md @@ -1,7 +1,7 @@ --- title: Debug and troubleshoot a remote event receiver in a SharePoint Add-in description: Set up your development environment to debug remote events by using Visual Studio. -ms.date: 12/22/2017 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- @@ -9,6 +9,8 @@ ms.service: sharepoint # Debug and troubleshoot a remote event receiver in a SharePoint Add-in +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + ## Configure debugging for a remote SharePoint test site > [!NOTE] diff --git a/docs/sp-add-ins/deploy-and-install-a-sharepoint-hosted-sharepoint-add-in.md b/docs/sp-add-ins/deploy-and-install-a-sharepoint-hosted-sharepoint-add-in.md index 7df762dc4..b8ac3a8a2 100644 --- a/docs/sp-add-ins/deploy-and-install-a-sharepoint-hosted-sharepoint-add-in.md +++ b/docs/sp-add-ins/deploy-and-install-a-sharepoint-hosted-sharepoint-add-in.md @@ -1,19 +1,21 @@ --- title: Deploy and install a SharePoint-hosted SharePoint Add-in description: Create an add-in catalog, package and upload the add-in to the catalog, install and remove the add-in. -ms.date: 12/04/2017 +ms.date: 03/05/2024 ms.localizationpriority: high ms.service: sharepoint --- # Deploy and install a SharePoint-hosted SharePoint Add-in +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + This is the second in a series of articles about the basics of developing SharePoint-hosted SharePoint Add-ins. You should first be familiar with the topic [SharePoint Add-ins](sharepoint-add-ins.md) and the overview article in this series: - [Get started creating SharePoint-hosted SharePoint Add-ins](get-started-creating-sharepoint-hosted-sharepoint-add-ins.md) > [!NOTE] -> If you have been working through this series about SharePoint-hosted add-ins, you have a Visual Studio solution that you can use to continue with this topic. You can also download the repository at [SharePoint_SP-hosted_Add-Ins_Tutorials](https://github.com/OfficeDev/SharePoint_SP-hosted_Add-Ins_Tutorials) and open the BeforeColumns.sln file. +> If you have been working through this series about SharePoint-hosted add-ins, you have a Visual Studio solution that you can use to continue with this topic. You can also download the repository at [SharePoint_SP-hosted_Add-Ins_Tutorials](https://github.com/OfficeDev/SharePoint_SP-hosted_Add-Ins_Tutorials) and open the **BeforeColumns.sln** file. You'll find it a lot easier to develop SharePoint-hosted SharePoint Add-ins if you are familiar with how users deploy and install your add-ins. So, in this article, we'll take a brief break from coding to create and use an add-in catalog, and then install the add-in you've been working on. @@ -25,55 +27,56 @@ You'll find it a lot easier to develop SharePoint-hosted SharePoint Add-ins if y ![Office 365 App Launcher](../images/ec60797c-d329-4922-a811-70c64598f4d5.PNG) -2. In the **Admin Center**, expand the **Admin centers** node in the task pane, and then select **SharePoint**. - -3. In the **SharePoint Admin Center**, select **apps** in the task pane. - -4. On the **apps** page, select **App Catalog**. (If there is already an add-in catalog site collection in the subscription, it opens and you are finished. You cannot create more than one add-in catalog in a subscription.) - -5. On the **App Catalog Site** page, select **OK** to accept the default option and create a new app catalog site. - -6. In the **Create App Catalog Site Collection** dialog, specify the title and website address of your app catalog site. We recommend that you include "catalog" in the title and URL to make it memorable and distinguishable in the **SharePoint Admin Center**. - -7. Specify a **Time Zone** and set yourself as the **Administrator**. - -8. Set the **Storage Quota** to the lowest possible value (currently 110, but that can change), because the packages you upload to this site collection are very small. - -9. Set the **Server Resource Quota** to 0 (zero), and then select **OK**. (The server resource quota is related to throttling poorly performing sandboxed solutions, but you won't be installing any sandboxed solutions on your add-in catalog site.) +1. In the **Admin Center**, expand the **Admin centers** node in the task pane, and then select **SharePoint**. +1. In the **SharePoint Admin Center**, select **apps** in the task pane. +1. On the **apps** page, select **App Catalog**. (If there is already an add-in catalog site collection in the subscription, it opens and you are finished. You cannot create more than one add-in catalog in a subscription.) +1. On the **App Catalog Site** page, select **OK** to accept the default option and create a new app catalog site. +1. In the **Create App Catalog Site Collection** dialog, specify the title and website address of your app catalog site. We recommend that you include "catalog" in the title and URL to make it memorable and distinguishable in the **SharePoint Admin Center**. +1. Specify a **Time Zone** and set yourself as the **Administrator**. +1. Set the **Storage Quota** to the lowest possible value (currently 110, but that can change), because the packages you upload to this site collection are very small. +1. Set the **Server Resource Quota** to 0 (zero), and then select **OK**. (The server resource quota is related to throttling poorly performing sandboxed solutions, but you won't be installing any sandboxed solutions on your add-in catalog site.) As the site collection is being created, SharePoint takes you back to the **SharePoint Admin Center**. After a few minutes, you'll see that the collection has been created. ## Package the add-in and upload it to the catalog -1. Open the Visual Studio solution, right-click the project node in **Solution Explorer**, and then select **Publish**. - -2. In the **Publish** pane, select **Package the add-in**. The add-in is packaged and saved as an `*.app` file in the solution's \bin\debug\web.publish\1.0.0.0 folder. - -3. Open your add-in catalog site in a browser, and then select **SharePoint Add-ins** in the navigation bar. - -4. The **SharePoint Add-ins** catalog is a standard SharePoint asset library. Upload the add-in package to it using any of the methods of uploading files to SharePoint libraries. +1. Open the Visual Studio solution, right-click the project node in **Solution Explorer**, and then select **Publish**. +1. In the **Publish** pane, select **Package the add-in**. The add-in is packaged and saved as an `*.app` file in the solution's \bin\debug\web.publish\1.0.0.0 folder. +1. Open your add-in catalog site in a browser, and then select **SharePoint Add-ins** in the navigation bar. +1. The **SharePoint Add-ins** catalog is a standard SharePoint asset library. Upload the add-in package to it using any of the methods of uploading files to SharePoint libraries. ## Install the add-in as end users do 1. Navigate to any website in the SharePoint Online subscription and open the **Site Contents** page. - -2. Select **add an add-in** to open the **Your Add-ins** page. - -3. Find the **Employee Orientation** add-in in the **Add-ins you can add** section, and select its tile. - -4. Select **Trust It** in the consent dialog. The **Site Contents** page automatically opens and the add-in appears with a notation that it is installing. After it installs, users can select the tile to run the add-in. +1. Select **add an add-in** to open the **Your Add-ins** page. +1. Find the **Employee Orientation** add-in in the **Add-ins you can add** section, and select its tile. +1. Select **Trust It** in the consent dialog. The **Site Contents** page automatically opens and the add-in appears with a notation that it is installing. After it installs, users can select the tile to run the add-in. + +> [!Important] +> It might take up to 24 hours for add-ins to be available for consumption once installed. During that time, users can receive a "The redirect URI specified in the request does not match the redirect URIs configured for the application" AADSTS50011 error. If you need to shortcut that time and you have administrative permissions in your tenant, you can add that URL to the Application mentioned in the error ('00000003-0000-0ff1-ce00-000000000000') +using [Microsoft Graph Powershell](/powershell/microsoftgraph/overview). +> +> For example: let's assume you get the "AADSTS50011 The redirect URI `https://contoso-79d42f062409ae.sharepoint.com/_forms/default.aspx` specified in the request does not match the redirect URIs configured for the application '00000003-0000-0ff1-ce00-000000000000'." when accessing the add-in. +> +> Top make the add-in immediately available, an user with admin rights can run the following script in PowerShell: +> +> ```powershell +> Connect-MgGraph -Scopes Application.ReadWrite.All +> $sharepointPrincipal = Get-MgServiceprincipal -Filter "AppId eq '00000003-0000-0ff1-ce00-000000000000'" +> $sharepointPrincipal | fl +> $replyUrls = $sharepointPrincipal.ReplyUrls +> $replyUrls += "https://contoso-79d42f062409ae.sharepoint.com/_forms/default.aspx" +> Update-MgServiceprincipal -ServicePrincipalId $sharepointPrincipal.Id -ReplyUrls $replyUrls +> ``` ## Remove the add-in To continue enhancing the same SharePoint Add-in in Visual Studio (see [Next steps](#Nextsteps)), remove the add-in with these steps: 1. In the **Site Contents** page, move the cursor over the add-in so that the callout button **...** appears. - -2. Select the callout button, and then select **REMOVE** on the callout. - -3. Navigate back to your add-in catalog site and select **SharePoint Add-ins** in the navigation bar. - -4. Highlight the add-in and select **manage** on the task bar just above the list, and then select **Delete** on the manage menu. +1. Select the callout button, and then select **REMOVE** on the callout. +1. Navigate back to your add-in catalog site and select **SharePoint Add-ins** in the navigation bar. +1. Highlight the add-in and select **manage** on the task bar just above the list, and then select **Delete** on the manage menu. ## Next steps diff --git a/docs/sp-add-ins/deploying-and-installing-sharepoint-add-ins-methods-and-options.md b/docs/sp-add-ins/deploying-and-installing-sharepoint-add-ins-methods-and-options.md index 7bc12d5fa..9d6f74b65 100644 --- a/docs/sp-add-ins/deploying-and-installing-sharepoint-add-ins-methods-and-options.md +++ b/docs/sp-add-ins/deploying-and-installing-sharepoint-add-ins-methods-and-options.md @@ -1,13 +1,15 @@ --- title: Deploying and installing SharePoint Add-ins - methods and options description: Publish, install, and uninstall a SharePoint Add-in. -ms.date: 11/02/2017 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- # Deploying and installing SharePoint Add-ins: methods and options +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + In this article, you'll learn more about the options for publishing your SharePoint Add-in, as well as how to install and uninstall it. diff --git a/docs/sp-add-ins/design-sharepoint-add-ins.md b/docs/sp-add-ins/design-sharepoint-add-ins.md index d7c58375e..9aec69b46 100644 --- a/docs/sp-add-ins/design-sharepoint-add-ins.md +++ b/docs/sp-add-ins/design-sharepoint-add-ins.md @@ -1,13 +1,15 @@ --- title: Design SharePoint Add-ins description: An overview of the design and architecture options available in SharePoint Add-ins, and how to make the right decisions to ease your add-in's development. -ms.date: 06/13/2022 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- # Design SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + Let's say you have a killer idea for an add-in. In this section, we'll guide you through the design decisions you need to make and offer best practices to build your add-in. For example, what makes a good user interface? What are the add-in "shapes" available? When should I use one instead of another? What options do I have for data access? diff --git a/docs/sp-add-ins/determine-sharepoint-rest-service-endpoint-uris.md b/docs/sp-add-ins/determine-sharepoint-rest-service-endpoint-uris.md index 6aa3f2db4..04ffd9135 100644 --- a/docs/sp-add-ins/determine-sharepoint-rest-service-endpoint-uris.md +++ b/docs/sp-add-ins/determine-sharepoint-rest-service-endpoint-uris.md @@ -1,7 +1,7 @@ --- title: Determine SharePoint REST service endpoint URIs description: Guidelines for determining SharePoint REST endpoint URIs from the signature of the corresponding client object model APIs. -ms.date: 1/14/2020 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- @@ -11,8 +11,8 @@ ms.service: sharepoint > [!TIP] > Before you start, review the following resources: > -> [Get to know the SharePoint REST service](get-to-know-the-sharepoint-rest-service.md) -> [Navigate the SharePoint data structure represented in the REST service](navigate-the-sharepoint-data-structure-represented-in-the-rest-service.md) +> - [Get to know the SharePoint REST service](get-to-know-the-sharepoint-rest-service.md) +> - [Navigate the SharePoint data structure represented in the REST service](navigate-the-sharepoint-data-structure-represented-in-the-rest-service.md) > - [Use OData query operations in SharePoint REST requests](use-odata-query-operations-in-sharepoint-rest-requests.md) ## SharePoint REST endpoint URI structure diff --git a/docs/sp-add-ins/develop-sharepoint-add-ins.md b/docs/sp-add-ins/develop-sharepoint-add-ins.md index 8a936f5a6..495250b7d 100644 --- a/docs/sp-add-ins/develop-sharepoint-add-ins.md +++ b/docs/sp-add-ins/develop-sharepoint-add-ins.md @@ -1,7 +1,7 @@ --- title: Develop SharePoint Add-ins description: In-depth articles and resources to help you build advanced capabilities into your SharePoint Add-ins. -ms.date: 12/13/2017 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- @@ -9,6 +9,8 @@ ms.service: sharepoint # Develop SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + Find in-depth articles and resources to help you build advanced capabilities into your SharePoint Add-ins. diff --git a/docs/sp-add-ins/explore-the-app-manifest-structure-and-the-package-of-a-sharepoint-add-in.md b/docs/sp-add-ins/explore-the-app-manifest-structure-and-the-package-of-a-sharepoint-add-in.md index 62557c2db..9e57b4b93 100644 --- a/docs/sp-add-ins/explore-the-app-manifest-structure-and-the-package-of-a-sharepoint-add-in.md +++ b/docs/sp-add-ins/explore-the-app-manifest-structure-and-the-package-of-a-sharepoint-add-in.md @@ -1,7 +1,7 @@ --- title: Explore the app manifest structure and the package of a SharePoint Add-in description: Learn about the add-in package structure and the manifest file for a SharePoint Add-in. -ms.date: 12/13/2017 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- @@ -9,6 +9,8 @@ ms.service: sharepoint # Explore the app manifest structure and the package of a SharePoint Add-in +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + ## Add-in for SharePoint package structure diff --git a/docs/sp-add-ins/get-a-quick-overview-of-the-sharepoint-object-model.md b/docs/sp-add-ins/get-a-quick-overview-of-the-sharepoint-object-model.md index ec2cc77b1..0252330bc 100644 --- a/docs/sp-add-ins/get-a-quick-overview-of-the-sharepoint-object-model.md +++ b/docs/sp-add-ins/get-a-quick-overview-of-the-sharepoint-object-model.md @@ -1,65 +1,61 @@ --- title: Get a quick overview of the SharePoint object model -description: Get introduced to the content hierarchy, and client-side runtime and batching. -ms.date: 12/04/2017 +description: Get introduced to the content hierarchy, and client-side runtime and batching. +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- +# Get a quick overview of the SharePoint object model +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] -# Get a quick overview of the SharePoint object model +This is the fourth in a series of articles about the basics of developing provider-hosted SharePoint Add-ins. You should first be familiar with [SharePoint Add-ins](sharepoint-add-ins.md) and the previous articles in this series, which you can find at [Get started creating provider-hosted SharePoint Add-ins](get-started-creating-provider-hosted-sharepoint-add-ins.md#next-steps). -This is the fourth in a series of articles about the basics of developing provider-hosted SharePoint Add-ins. You should first be familiar with [SharePoint Add-ins](sharepoint-add-ins.md) and the previous articles in this series, which you can find at [Get started creating provider-hosted SharePoint Add-ins](get-started-creating-provider-hosted-sharepoint-add-ins.md#SP15createprovider_nextsteps). - > [!NOTE] > If you have been working through this series about provider-hosted add-ins, you have a Visual Studio solution that you can use to continue with this topic. You can also download the repository at [SharePoint_Provider-hosted_Add-Ins_Tutorials](https://github.com/OfficeDev/SharePoint_Provider-hosted_Add-ins_Tutorials) and open the BeforeSharePointWriteOps.sln file. -In this article you'll take a brief break from coding to get a quick overview of the SharePoint Client-side Object Model (CSOM). This model is large and well-documented in MSDN with reference topics, "how-to's", and code samples. In this article, we can only provide the tip of the tip of the tip of the iceberg. But even a very short introduction will make much of the code you see in this series a lot less mysterious. +In this article you'll take a brief break from coding to get a quick overview of the SharePoint Client-side Object Model (CSOM). This model is large and well-documented in MSDN with reference topics, "how-to's", and code samples. In this article, we can only provide the tip of the tip of the tip of the iceberg. But even a very short introduction will make much of the code you see in this series a lot less mysterious. ## Content hierarchy The following table shows the hierarchy of content in SharePoint and the CSOM classes that represent them. Each of these entities has children of the type just under it. - -|**Entity**|**Class**|**Remarks**| -|:-----|:-----|:-----| -|SharePoint on-premises farm or SharePoint Online subscription (also called a tenant)||There is only limited programmatic access to this level in CSOM. There is no Farm or Subscription or Tenant class, for example. (SharePoint's server-side object model, which cannot be used in add-ins, enables programmatic access to these entities.)| -|site collection|**Site**|A collection of websites that are grouped together for mainly administrative reasons and to house SharePoint components, such as branded master pages or custom security groups, that can be applied to all the child websites. All websites belong to some site collection.| -|website|**Web**|A set of pages and SharePoint components. Can have subwebsites.| -|list|**List**|Document libraries and other kinds of file libraries are also at this level. A document library is a special kind of list in which each row includes an attached document, and the other columns are data about the document, such as its author, when it was last edited, and who has it checked out. | -|list item|**ListItem**|A row in a list—that is, a list item—with particular values in the fields of the row. Also has a type. See next row. | -|list item|**Content Type**|The type of a list item. These are represented by the **ContentType** class. Each is basically a set of columns and metadata. The simplest is the built-in **Item** content type. All other content types are derived from **Item**. SharePoint includes many built-in content types, such as Event and Announcement. | -|column|**Field**|A **Field** object includes not only information about the underlying data type, but also information about how the data is formatted and rendered on forms, such as the forms for creating, displaying, and editing specific list items.| +| **Entity** | **Class** | **Remarks** | +| :----------------------------------------------------------------------------------- | :--------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| SharePoint on-premises farm or SharePoint Online subscription (also called a tenant) | | There is only limited programmatic access to this level in CSOM. There is no Farm or Subscription or Tenant class, for example. (SharePoint's server-side object model, which cannot be used in add-ins, enables programmatic access to these entities.) | +| site collection | **Site** | A collection of websites that are grouped together for mainly administrative reasons and to house SharePoint components, such as branded master pages or custom security groups, that can be applied to all the child websites. All websites belong to some site collection. | +| website | **Web** | A set of pages and SharePoint components. Can have subwebsites. | +| list | **List** | Document libraries and other kinds of file libraries are also at this level. A document library is a special kind of list in which each row includes an attached document, and the other columns are data about the document, such as its author, when it was last edited, and who has it checked out. | +| list item | **ListItem** | A row in a list—that is, a list item—with particular values in the fields of the row. Also has a type. See next row. | +| list item | **Content Type** | The type of a list item. These are represented by the **ContentType** class. Each is basically a set of columns and metadata. The simplest is the built-in **Item** content type. All other content types are derived from **Item**. SharePoint includes many built-in content types, such as Event and Announcement. | +| column | **Field** | A **Field** object includes not only information about the underlying data type, but also information about how the data is formatted and rendered on forms, such as the forms for creating, displaying, and editing specific list items. | -You can programmatically create custom lists, content types, column types, and list items. +You can programmatically create custom lists, content types, column types, and list items. In addition to content, the CSOM gives you access to users, groups, roles and permissions, taxonomy, search, and more. - ## Client-side runtime and batching -CSOM uses a batching system. Chunks of managed code are converted into XML and sent to the server in a single HTTP request. For every command, a corresponding server object model call is made, and the server returns a response to the client in JavaScript Object Notation (JSON) format. +CSOM uses a batching system. Chunks of managed code are converted into XML and sent to the server in a single HTTP request. For every command, a corresponding server object model call is made, and the server returns a response to the client in JavaScript Object Notation (JSON) format. -SharePoint code on a client begins by retrieving a client context object that represents the current request context, including the identity of the SharePoint website (and its parent site collection), and through this context you can obtain access to CSOM objects. The following is the basic structure that you will see again and again. +SharePoint code on a client begins by retrieving a client context object that represents the current request context, including the identity of the SharePoint website (and its parent site collection), and through this context you can obtain access to CSOM objects. The following is the basic structure that you will see again and again. ```csharp - using (var clientContext = spContext.CreateUserClientContextForSPHost()) - { - // CRUD operation or query code goes here. +using (var clientContext = spContext.CreateUserClientContextForSPHost()) +{ + // CRUD operation or query code goes here. - clientContext.ExecuteQuery(); - } + clientContext.ExecuteQuery(); +} ``` Note the following about this code: - The `spContext` object is of the type **SharePointContext** and is defined in the SharePointContext.cs (or .vb) file that is generated by the Office Developer Tools for Visual Studio. This file can be modified, but it is not often that you need to do so. For most SharePoint Add-in projects, this file and the TokenHelper.cs (or .vb) file, which is also generated by the tools, effectively function as extensions of CSOM itself. - - The `clientContext` object is the CSOM type **ClientContext**. - - The **ExecuteQuery** method bundles up the CRUD operation code in an XML message that it sends to the SharePoint server. There it is translated into equivalent server-side object model code and executed. -There was an example of this pattern in the previous article of this series, in the `GetLocalEmployeeName` method shown here. +There was an example of this pattern in the previous article of this series, in the `GetLocalEmployeeName` method shown here. ```csharp private string GetLocalEmployeeName() @@ -80,14 +76,8 @@ private string GetLocalEmployeeName() Note the following about this method: - The first two lines in the **using** block appear to get references to the list and the list item object. But actually when these lines execute in the SharePoint client-side runtime, they are simply translated into an XML format. The **ExecuteQuery** method sends that XML to the server. +- The **Load** method adds something extra to the message: it tells the server to send the specified object down to the client. The **ExecuteQuery** method receives this object (as JSON) and uses it to initialize the client-side `localEmployee` variable. Subsequent client-side code then references that **ListItem** object and its members. As you can see, the next line references the value of the item's `"Title"` field. This line would have thrown an exception if the **Load** method had not been called because the object doesn't really exist on the client-side until it is loaded. -- The **Load** method adds something extra to the message: it tells the server to send the specified object down to the client. The **ExecuteQuery** method receives this object (as JSON) and uses it to initialize the client-side `localEmployee` variable. Subsequent client-side code then references that **ListItem** object and its members. As you can see, the next line references the value of the item's `"Title"` field. This line would have thrown an exception if the **Load** method had not been called because the object doesn't really exist on the client-side until it is loaded. - ## Next steps - In the next article, we get back to coding and learn how to [add SharePoint write operations to the provider-hosted add-in](add-sharepoint-write-operations-to-the-provider-hosted-add-in.md). - - - - diff --git a/docs/sp-add-ins/get-started-creating-provider-hosted-sharepoint-add-ins.md b/docs/sp-add-ins/get-started-creating-provider-hosted-sharepoint-add-ins.md index 84153ee6d..3184719aa 100644 --- a/docs/sp-add-ins/get-started-creating-provider-hosted-sharepoint-add-ins.md +++ b/docs/sp-add-ins/get-started-creating-provider-hosted-sharepoint-add-ins.md @@ -1,19 +1,19 @@ --- title: Get started creating provider-hosted SharePoint Add-ins description: Set up a development environment and create your first provider-hosted SharePoint Add-in. -ms.date: 03/14/2018 +ms.date: 02/10/2025 ms.localizationpriority: high ms.service: sharepoint --- - - # Get started creating provider-hosted SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + Provider-hosted add-ins are one of the two major types of SharePoint Add-ins. For an overview of SharePoint Add-ins and the two different types, see [SharePoint Add-ins](sharepoint-add-ins.md). Here's a summary of provider-hosted add-ins: -- They include a web application, service, or database that is hosted externally from the SharePoint farm or SharePoint Online subscription. They may also include SharePoint components. You can host the external components on any web-hosting stack, including the LAMP (Linux, Apache, MySQL, and PHP) stack. +- They include a web application, service, or database hosted externally from the SharePoint farm or SharePoint Online subscription. They may also include SharePoint components. You can host the external components on any web-hosting stack, including the LAMP (Linux, Apache, MySQL, and PHP) stack. - The custom business logic in the add-in has to run on either the external components or in JavaScript on custom SharePoint pages. In this article, you'll complete the following steps: @@ -22,8 +22,6 @@ In this article, you'll complete the following steps: - Create the add-in project - Code your add-in - - ## Set up your dev environment There are many ways to set up a development environment for SharePoint Add-ins. This section explains the simplest way. For alternatives, such as setting up an "all on-premises" environment, see [Tools](tools-and-environments-for-developing-sharepoint-add-ins.md). @@ -31,13 +29,10 @@ There are many ways to set up a development environment for SharePoint Add-ins. ### Get the tools - If you don't already have **Visual Studio** 2013 or later installed, install it by using the instructions at [Install Visual Studio](/visualstudio/install/install-visual-studio). We recommend using the [latest version from the Microsoft Download Center](https://www.visualstudio.com/downloads/download-visual-studio-vs). - - Visual Studio includes the **Microsoft Office Developer Tools for Visual Studio**. Sometimes a version of the tools is released between updates of Visual Studio. To be sure that you have the latest version of the tools, run the [installer for Office Developer Tools for Visual Studio 2013](https://aka.ms/OfficeDevToolsForVS2013), or the [installer for Office Developer Tools for Visual Studio 2015](https://aka.ms/OfficeDevToolsForVS2015). Reference [earlier versions of Visual Studio](https://msdn.microsoft.com/library/da049020-cfda-40d7-8ff4-7492772b620f.aspx) or other [Visual Studio documentation](/visualstudio/). - - ### Sign up for an Office 365 developer subscription > [!NOTE] @@ -47,8 +42,7 @@ Reference [earlier versions of Visual Studio](https://msdn.microsoft.com/library To get an Office 365 plan: -- [Sign up for an Office 365 developer subscription through the Office 365 Developer Program](https://developer.microsoft.com/office/dev-program). - +- [Sign up for an Office 365 developer subscription through the Office 365 Developer Program](https://developer.microsoft.com/office/dev-program).\ - See the [Office 365 Developer Program documentation](/office/developer-program/office-365-developer-program) for step-by-step instructions about how to join the Office 365 Developer Program and sign up and configure your subscription. ### Open your developer site @@ -62,164 +56,158 @@ Select the **Build Add-ins** link in the upper-left corner of the page to open y ![Screenshot that shows the developer site homepage.](../images/SP15_DeveloperSiteHome_border.png) - - ## Create the add-in project 1. Start Visual Studio by using the **Run as administrator** option. - -2. In Visual Studio, select **File** > **New** > **New Project**. - -3. In the **New Project** dialog box, expand the **Visual C#** node, expand the **Office/SharePoint** node, and then select **Add-ins** > **SharePoint Add-in**. - -4. Name the project **SampleAddIn**, and then select **OK**. - -5. In the **Specify the SharePoint Add-in Settings** dialog box, do the following: +1. In Visual Studio, select **File** > **New** > **New Project**. +1. In the **New Project** dialog box, expand the **Visual C#** node, expand the **Office/SharePoint** node, and then select **Add-ins** > **SharePoint Add-in**. +1. Name the project **SampleAddIn**, and then select **OK**. +1. In the **Specify the SharePoint Add-in Settings** dialog box, do the following: - Provide the full URL of the SharePoint site that you want to use to debug your add-in. This is the URL of the developer site. Use HTTPS, not HTTP in the URL. At some point during this procedure, or shortly after it completes, you will be prompted to sign in to this site. The timing of the prompt varies. Use the administrator credentials (in the \*.onmicrosoft.com domain) that you created when you signed up for your developer site; for example MyName@contoso.onmicrosoft.com. - - Under **How do you want to host your SharePoint Add-in**, select **Provider-hosted**. - - Select **Next**. -6. On the **Specify the target SharePoint version** page, select **SharePoint Online**, and then select **Next**. - -7. Under **Which type of web application project do you want to create?**, select **ASP.NET Web Forms Application**, and then select **Next**. +1. On the **Specify the target SharePoint version** page, select **SharePoint Online**, and then select **Next**. +1. Under **Which type of web application project do you want to create?**, select **ASP.NET Web Forms Application**, and then select **Next**. +1. Under **How do you want your add-in to authenticate?**, select **Use Windows Azure Access Control Service**. +1. In the wizard, select **Finish**. + +Much of the configuration is done when the solution opens. Two projects are created in the Visual Studio solution: one for the SharePoint Add-in and the other for the ASP.NET web application. -8. Under **How do you want your add-in to authenticate?**, select **Use Windows Azure Access Control Service**. +## Register and apply ACS app -9. In the wizard, select **Finish**. - - Much of the configuration is done when the solution opens. Two projects are created in the Visual Studio solution: one for the SharePoint Add-in and the other for the ASP.NET web application. +1. Register app, see [To register by using AppRegNew.aspx](register-sharepoint-add-ins.md#to-register-by-using-appregnewaspx) +1. Open the addin project, right-click the **AppManifest.xml** file, and select **View Code** to see the file. +1. Update the `ClientId` field to the one generated in step 1. +1. Open the **web.config** file, replace the `ClientId` and `ClientSecret` fields with the one generated from step 1. - ## Code your add-in 1. Open the AppManifest.xml file. On the **Permissions** tab, specify the **Site Collection** scope and the **Read** permission level. - -2. Delete any markup inside the `` tag of the Pages/Default.aspx file of your web application, and then add the following HTML and ASP.NET controls inside the ``. This sample uses the [UpdatePanel](https://msdn2.microsoft.com/library/bb359258) control to enable partial page rendering. +1. Delete any markup inside the `` tag of the **Pages/Default.aspx** file of your web application, and then add the following HTML and ASP.NET controls inside the ``. This sample uses the [UpdatePanel](https://msdn2.microsoft.com/library/bb359258) control to enable partial page rendering. ```HTML -
    -
    - - - - - - - -
    - -

    SharePoint Site

    - - -

    Current User:

    - - -

    Site Users

    - - - -
    -     -     - -

    Site Lists

    - - - -
    -     -     -
    -     -     -
    -
    +
    +
    + + + + + + + +
    + +

    SharePoint Site

    + + +

    Current User:

    + + +

    Site Users

    + + + +
    +     +     + +

    Site Lists

    + + + +
    +     +     +
    +     +     +
    +
    ``` -3. Add the following declarations to the Default.aspx.cs file of your web application. +1. Add the following declarations to the **Default.aspx.cs** file of your web application. ```csharp - using Microsoft.SharePoint.Client; - using Microsoft.IdentityModel.S2S.Tokens; - using System.Net; - using System.IO; - using System.Xml; + using Microsoft.SharePoint.Client; + using Microsoft.IdentityModel.S2S.Tokens; + using System.Net; + using System.IO; + using System.Xml; ``` -4. In the Default.aspx.cs file of your web application, add these variables inside the [Page](https://msdn2.microsoft.com/library/dfbt9et1) class. +1. In the **Default.aspx.cs** file of your web application, add these variables inside the [Page](https://msdn2.microsoft.com/library/dfbt9et1) class. ```csharp - SharePointContextToken contextToken; - string accessToken; - Uri sharepointUrl; - string siteName; - string currentUser; - List listOfUsers = new List(); - List listOfLists = new List(); + SharePointContextToken contextToken; + string accessToken; + Uri sharepointUrl; + string siteName; + string currentUser; + List listOfUsers = new List(); + List listOfLists = new List(); ``` -5. Add the `RetrieveWithCSOM` method inside the [Page](https://msdn2.microsoft.com/library/dfbt9et1) class. This method uses the SharePoint CSOM to retrieve information about your site and display it on the page. +1. Add the `RetrieveWithCSOM` method inside the [Page](https://msdn2.microsoft.com/library/dfbt9et1) class. This method uses the SharePoint CSOM to retrieve information about your site and display it on the page. ```csharp - // This method retrieves information about the host web by using the CSOM. - private void RetrieveWithCSOM(string accessToken) - { - - if (IsPostBack) - { - sharepointUrl = new Uri(Request.QueryString["SPHostUrl"]); - } - - ClientContext clientContext = - TokenHelper.GetClientContextWithAccessToken( - sharepointUrl.ToString(), accessToken); - - // Load the properties for the web object. - Web web = clientContext.Web; - clientContext.Load(web); - clientContext.ExecuteQuery(); - - // Get the site name. - siteName = web.Title; - - // Get the current user. - clientContext.Load(web.CurrentUser); - clientContext.ExecuteQuery(); - currentUser = clientContext.Web.CurrentUser.LoginName; - - // Load the lists from the Web object. - ListCollection lists = web.Lists; - clientContext.Load(lists); - clientContext.ExecuteQuery(); - - // Load the current users from the Web object. - UserCollection users = web.SiteUsers; - clientContext.Load(users); - clientContext.ExecuteQuery(); - - foreach (User siteUser in users) - { - listOfUsers.Add(siteUser.LoginName); - } - - foreach (List list in lists) - { - listOfLists.Add(list.Title); - } - } + // This method retrieves information about the host web by using the CSOM. + private void RetrieveWithCSOM(string accessToken) + { + + if (IsPostBack) + { + sharepointUrl = new Uri(Request.QueryString["SPHostUrl"]); + } + + ClientContext clientContext = + TokenHelper.GetClientContextWithAccessToken( + sharepointUrl.ToString(), accessToken); + + // Load the properties for the web object. + Web web = clientContext.Web; + clientContext.Load(web); + clientContext.ExecuteQuery(); + + // Get the site name. + siteName = web.Title; + + // Get the current user. + clientContext.Load(web.CurrentUser); + clientContext.ExecuteQuery(); + currentUser = clientContext.Web.CurrentUser.LoginName; + + // Load the lists from the Web object. + ListCollection lists = web.Lists; + clientContext.Load(lists); + clientContext.ExecuteQuery(); + + // Load the current users from the Web object. + UserCollection users = web.SiteUsers; + clientContext.Load(users); + clientContext.ExecuteQuery(); + + foreach (User siteUser in users) + { + listOfUsers.Add(siteUser.LoginName); + } + + foreach (List list in lists) + { + listOfLists.Add(list.Title); + } + } ``` -6. Add the `CSOM_Click` method inside the [Page](https://msdn2.microsoft.com/library/dfbt9et1) class. This method triggers the event that occurs when the user clicks the **Populate Data** link. +1. Add the `CSOM_Click` method inside the [Page](https://msdn2.microsoft.com/library/dfbt9et1) class. This method triggers the event that occurs when the user clicks the **Populate Data** link. ```csharp - protected void CSOM_Click(object sender, EventArgs e) + protected void CSOM_Click(object sender, EventArgs e) { string commandAccessToken = ((LinkButton)sender).CommandArgument; RetrieveWithCSOM(commandAccessToken); @@ -232,14 +220,14 @@ Select the **Build Add-ins** link in the upper-left corner of the page to open y } ``` -7. Replace the existing `Page_Load` method with this one. The `Page_Load` method uses methods in the TokenHelper.cs file to retrieve the context from the `Request` object and get an access token from Microsoft Azure Access Control Service (ACS). +1. Replace the existing `Page_Load` method with this one. The `Page_Load` method uses methods in the TokenHelper.cs file to retrieve the context from the `Request` object and get an access token from Microsoft Azure Access Control Service (ACS). ```csharp - // The Page_load method fetches the context token and the access token. + // The Page_load method fetches the context token and the access token. // The access token is used by all of the data retrieval methods. protected void Page_Load(object sender, EventArgs e) { - string contextTokenString = TokenHelper.GetContextTokenFromRequest(Request); + string contextTokenString = TokenHelper.GetContextTokenFromRequest(Request); if (contextTokenString != null) { @@ -263,159 +251,151 @@ Select the **Build Add-ins** link in the upper-left corner of the page to open y } ``` -8. The Default.aspx.cs file should look like this when you're finished. +1. The **Default.aspx.cs** file should look like this when you're finished. ```csharp - using System; - using System.Collections.Generic; - using System.Linq; - using System.Web; - using System.Web.UI; - using System.Web.UI.WebControls; - - using Microsoft.SharePoint.Client; - using Microsoft.IdentityModel.S2S.Tokens; - using System.Net; - using System.IO; - using System.Xml; - - namespace SampleAddInWeb - { - public partial class Default : System.Web.UI.Page - { - SharePointContextToken contextToken; - string accessToken; - Uri sharepointUrl; - string siteName; - string currentUser; - List listOfUsers = new List(); - List listOfLists = new List(); - - protected void Page_PreInit(object sender, EventArgs e) - { - Uri redirectUrl; - switch (SharePointContextProvider.CheckRedirectionStatus(Context, out redirectUrl)) - { - case RedirectionStatus.Ok: - return; - case RedirectionStatus.ShouldRedirect: - Response.Redirect(redirectUrl.AbsoluteUri, endResponse: true); - break; - case RedirectionStatus.CanNotRedirect: - Response.Write("An error occurred while processing your request."); - Response.End(); - break; - } - } - - protected void CSOM_Click(object sender, EventArgs e) - { - string commandAccessToken = ((LinkButton)sender).CommandArgument; - RetrieveWithCSOM(commandAccessToken); - WebTitleLabel.Text = siteName; - CurrentUserLabel.Text = currentUser; - UserList.DataSource = listOfUsers; - UserList.DataBind(); - ListList.DataSource = listOfLists; - ListList.DataBind(); - } - - // This method retrieves information about the host web by using the CSOM. - private void RetrieveWithCSOM(string accessToken) - { - - if (IsPostBack) - { - sharepointUrl = new Uri(Request.QueryString["SPHostUrl"]); - } - - ClientContext clientContext = - TokenHelper.GetClientContextWithAccessToken( - sharepointUrl.ToString(), accessToken); - - // Load the properties for the web object. - Web web = clientContext.Web; - clientContext.Load(web); - clientContext.ExecuteQuery(); - - // Get the site name. - siteName = web.Title; - - // Get the current user. - clientContext.Load(web.CurrentUser); - clientContext.ExecuteQuery(); - currentUser = clientContext.Web.CurrentUser.LoginName; - - // Load the lists from the Web object. - ListCollection lists = web.Lists; - clientContext.Load(lists); - clientContext.ExecuteQuery(); - - // Load the current users from the Web object. - UserCollection users = web.SiteUsers; - clientContext.Load(users); - clientContext.ExecuteQuery(); - - foreach (User siteUser in users) - { - listOfUsers.Add(siteUser.LoginName); - } - - foreach (List list in lists) - { - listOfLists.Add(list.Title); - } - } - - protected void Page_Load(object sender, EventArgs e) - { - string contextTokenString = - TokenHelper.GetContextTokenFromRequest(Request); - - if (contextTokenString != null) - { - contextToken = - TokenHelper.ReadAndValidateContextToken(contextTokenString, Request.Url.Authority); - - sharepointUrl = new Uri(Request.QueryString["SPHostUrl"]); - accessToken = - TokenHelper.GetAccessToken(contextToken, sharepointUrl.Authority) - .AccessToken; - CSOM.CommandArgument = accessToken; - } - else if (!IsPostBack) - { - Response.Write("Could not find a context token."); - return; - } - } - } - } - + using System; + using System.Collections.Generic; + using System.Linq; + using System.Web; + using System.Web.UI; + using System.Web.UI.WebControls; + + using Microsoft.SharePoint.Client; + using Microsoft.IdentityModel.S2S.Tokens; + using System.Net; + using System.IO; + using System.Xml; + + namespace SampleAddInWeb + { + public partial class Default : System.Web.UI.Page + { + SharePointContextToken contextToken; + string accessToken; + Uri sharepointUrl; + string siteName; + string currentUser; + List listOfUsers = new List(); + List listOfLists = new List(); + + protected void Page_PreInit(object sender, EventArgs e) + { + Uri redirectUrl; + switch (SharePointContextProvider.CheckRedirectionStatus(Context, out redirectUrl)) + { + case RedirectionStatus.Ok: + return; + case RedirectionStatus.ShouldRedirect: + Response.Redirect(redirectUrl.AbsoluteUri, endResponse: true); + break; + case RedirectionStatus.CanNotRedirect: + Response.Write("An error occurred while processing your request."); + Response.End(); + break; + } + } + + protected void CSOM_Click(object sender, EventArgs e) + { + string commandAccessToken = ((LinkButton)sender).CommandArgument; + RetrieveWithCSOM(commandAccessToken); + WebTitleLabel.Text = siteName; + CurrentUserLabel.Text = currentUser; + UserList.DataSource = listOfUsers; + UserList.DataBind(); + ListList.DataSource = listOfLists; + ListList.DataBind(); + } + + // This method retrieves information about the host web by using the CSOM. + private void RetrieveWithCSOM(string accessToken) + { + + if (IsPostBack) + { + sharepointUrl = new Uri(Request.QueryString["SPHostUrl"]); + } + + ClientContext clientContext = + TokenHelper.GetClientContextWithAccessToken( + sharepointUrl.ToString(), accessToken); + + // Load the properties for the web object. + Web web = clientContext.Web; + clientContext.Load(web); + clientContext.ExecuteQuery(); + + // Get the site name. + siteName = web.Title; + + // Get the current user. + clientContext.Load(web.CurrentUser); + clientContext.ExecuteQuery(); + currentUser = clientContext.Web.CurrentUser.LoginName; + + // Load the lists from the Web object. + ListCollection lists = web.Lists; + clientContext.Load(lists); + clientContext.ExecuteQuery(); + + // Load the current users from the Web object. + UserCollection users = web.SiteUsers; + clientContext.Load(users); + clientContext.ExecuteQuery(); + + foreach (User siteUser in users) + { + listOfUsers.Add(siteUser.LoginName); + } + + foreach (List list in lists) + { + listOfLists.Add(list.Title); + } + } + + protected void Page_Load(object sender, EventArgs e) + { + string contextTokenString = + TokenHelper.GetContextTokenFromRequest(Request); + + if (contextTokenString != null) + { + contextToken = + TokenHelper.ReadAndValidateContextToken(contextTokenString, Request.Url.Authority); + + sharepointUrl = new Uri(Request.QueryString["SPHostUrl"]); + accessToken = + TokenHelper.GetAccessToken(contextToken, sharepointUrl.Authority) + .AccessToken; + CSOM.CommandArgument = accessToken; + } + else if (!IsPostBack) + { + Response.Write("Could not find a context token."); + return; + } + } + } + } ``` -9. Use the F5 key to deploy and run your add-in. If you see a **Security Alert** window that asks you to trust the self-signed Localhost certificate, select **Yes**. - -10. Select **Trust It** on the consent page to grant permissions to the add-in. Visual Studio will install the web application to IIS Express and then install the add-in to your test SharePoint site and launch it. You'll see a page that has the table shown in the following screen shot. To see summary information about your SharePoint site, select **Populate Data**. +1. Use the F5 key to deploy and run your add-in. If you see a **Security Alert** window that asks you to trust the self-signed Localhost certificate, select **Yes**. +1. Select **Trust It** on the consent page to grant permissions to the add-in. Visual Studio will install the web application to IIS Express and then install the add-in to your test SharePoint site and launch it. You'll see a page that has the table shown in the following screenshot. To see summary information about your SharePoint site, select **Populate Data**. - ![Basic self-hosted app launch page](../images/SP15_basicself-hostedapp.gif) - + ![Basic self-hosted app launch page](../images/SP15_basicself-hostedapp.gif) - ## Next steps To create your add-ins, walk through the following steps in this order: 1. [Give your provider-hosted add-in the SharePoint look-and-feel](give-your-provider-hosted-add-in-the-sharepoint-look-and-feel.md) -2. [Include a custom button in the provider-hosted add-in](include-a-custom-button-in-the-provider-hosted-add-in.md) -3. [Get a quick overview of the SharePoint object model](get-a-quick-overview-of-the-sharepoint-object-model.md) -4. [Add SharePoint write operations to the provider-hosted add-in](add-sharepoint-write-operations-to-the-provider-hosted-add-in.md) -5. [Include an add-in part in the provider-hosted add-in](include-an-add-in-part-in-the-provider-hosted-add-in.md) -6. [Handle add-in events in the provider-hosted add-in](handle-add-in-events-in-the-provider-hosted-add-in.md) -7. [Add first-run logic to the provider-hosted add-in](add-first-run-logic-to-the-provider-hosted-add-in.md) -8. [Programmatically deploy a custom button in the provider-hosted add-in](programmatically-deploy-a-custom-button-in-the-provider-hosted-add-in.md) -9. [Handle list item events in the provider-hosted add-in](handle-list-item-events-in-the-provider-hosted-add-in.md) - - - - +1. [Include a custom button in the provider-hosted add-in](include-a-custom-button-in-the-provider-hosted-add-in.md) +1. [Get a quick overview of the SharePoint object model](get-a-quick-overview-of-the-sharepoint-object-model.md) +1. [Add SharePoint write operations to the provider-hosted add-in](add-sharepoint-write-operations-to-the-provider-hosted-add-in.md) +1. [Include an add-in part in the provider-hosted add-in](include-an-add-in-part-in-the-provider-hosted-add-in.md) +1. [Handle add-in events in the provider-hosted add-in](handle-add-in-events-in-the-provider-hosted-add-in.md) +1. [Add first-run logic to the provider-hosted add-in](add-first-run-logic-to-the-provider-hosted-add-in.md) +1. [Programmatically deploy a custom button in the provider-hosted add-in](programmatically-deploy-a-custom-button-in-the-provider-hosted-add-in.md) +1. [Handle list item events in the provider-hosted add-in](handle-list-item-events-in-the-provider-hosted-add-in.md) diff --git a/docs/sp-add-ins/get-started-creating-sharepoint-hosted-sharepoint-add-ins.md b/docs/sp-add-ins/get-started-creating-sharepoint-hosted-sharepoint-add-ins.md index 82fa5666d..909426596 100644 --- a/docs/sp-add-ins/get-started-creating-sharepoint-hosted-sharepoint-add-ins.md +++ b/docs/sp-add-ins/get-started-creating-sharepoint-hosted-sharepoint-add-ins.md @@ -1,13 +1,15 @@ --- title: Get started creating SharePoint-hosted SharePoint Add-ins description: Set up a development environment and create your first SharePoint-hosted SharePoint Add-in. -ms.date: 03/14/2018 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- # Get started creating SharePoint-hosted SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + SharePoint-hosted add-ins are one of the two major types of SharePoint Add-ins. For an overview of SharePoint Add-ins and the two different types, see [SharePoint Add-ins](sharepoint-add-ins.md). Here's a summary of SharePoint-hosted add-ins: - They contain SharePoint lists, web parts, workflows, custom pages, and other components, all of which are installed on a subweb, called the add-in web, of the SharePoint website where the add-in is installed. diff --git a/docs/sp-add-ins/get-to-know-the-sharepoint-rest-service.md b/docs/sp-add-ins/get-to-know-the-sharepoint-rest-service.md index 7d587b5cc..a311b58f4 100644 --- a/docs/sp-add-ins/get-to-know-the-sharepoint-rest-service.md +++ b/docs/sp-add-ins/get-to-know-the-sharepoint-rest-service.md @@ -1,7 +1,7 @@ --- title: Get to know the SharePoint REST service description: Basics of using the SharePoint REST service to access and update SharePoint data, using the REST and OData web protocol standards. -ms.date: 03/03/2021 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- @@ -122,7 +122,7 @@ The following table contains typical REST endpoint URL examples to get you start ```json { "__metadata": { - "type": "SP.Data.listname.ListItem" + "type": "SP.Data.listnameListItem" }, "Title": "MyItem" } @@ -130,6 +130,17 @@ The following table contains typical REST endpoint URL examples to get you start In the above JSON, replace listname with the name of your SharePoint list by omitting the spaces. +For example, if your SharePoint list name is "My Awesome List" the resulting json should be: + +```json +{ + "__metadata": { + "type": "SP.Data.MyAwesomeListListItem" + }, + "Title": "MyItem" +} +``` + ## Batch job support The SharePoint Online (and on-premises SharePoint 2016 or later) REST service supports combining multiple requests into a single call to the service by using the OData `$batch` query option. For details and links to code samples, see [Make batch requests with the REST APIs](make-batch-requests-with-the-rest-apis.md). diff --git a/docs/sp-add-ins/get-user-identity-and-properties-in-sharepoint.md b/docs/sp-add-ins/get-user-identity-and-properties-in-sharepoint.md index f0f8b99f3..2a1666637 100644 --- a/docs/sp-add-ins/get-user-identity-and-properties-in-sharepoint.md +++ b/docs/sp-add-ins/get-user-identity-and-properties-in-sharepoint.md @@ -1,7 +1,7 @@ --- title: Get user identity and properties in SharePoint description: Retrieve website user identity by using the Web object, the ResolvePrincipal method, and the OAuth token and social features APIs. -ms.date: 12/26/2017 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- @@ -9,6 +9,8 @@ ms.service: sharepoint # Get user identity and properties in SharePoint +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + There are different ways to retrieve user identity and information, depending on what information you want to retrieve. This article shows you some of the ways you can accomplish that. diff --git a/docs/sp-add-ins/give-your-provider-hosted-add-in-the-sharepoint-look-and-feel.md b/docs/sp-add-ins/give-your-provider-hosted-add-in-the-sharepoint-look-and-feel.md index c9e03a4d0..d9956d58d 100644 --- a/docs/sp-add-ins/give-your-provider-hosted-add-in-the-sharepoint-look-and-feel.md +++ b/docs/sp-add-ins/give-your-provider-hosted-add-in-the-sharepoint-look-and-feel.md @@ -1,7 +1,7 @@ --- title: Give your provider-hosted add-in the SharePoint look-and-feel description: Get to know the base add-in, configure Visual Studio to rebuild the corporate database, add SharePoint chrome and top bar to the start page, run the add-in, and test the new UI. -ms.date: 12/04/2017 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- @@ -9,6 +9,8 @@ ms.service: sharepoint # Give your provider-hosted add-in the SharePoint look-and-feel +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + This is the second in a series of articles about the basics of developing provider-hosted SharePoint Add-ins. You should first be familiar with the topic [SharePoint Add-ins](sharepoint-add-ins.md) and the overview article in this series: - [Get started creating provider-hosted SharePoint Add-ins](get-started-creating-provider-hosted-sharepoint-add-ins.md) diff --git a/docs/sp-add-ins/handle-add-in-events-in-the-provider-hosted-add-in.md b/docs/sp-add-ins/handle-add-in-events-in-the-provider-hosted-add-in.md index 8714ba962..6a6df0c3a 100644 --- a/docs/sp-add-ins/handle-add-in-events-in-the-provider-hosted-add-in.md +++ b/docs/sp-add-ins/handle-add-in-events-in-the-provider-hosted-add-in.md @@ -1,14 +1,15 @@ --- title: Handle add-in events in the provider-hosted add-in description: Customize the installation of a provider-hosted SharePoint Add-in by configuring the solution for event receiver debugging, creating the installation and uninstallation handlers, running the add-in, and testing the handlers. -ms.date: 12/04/2017 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- - # Handle add-in events in the provider-hosted add-in -This is the seventh in a series of articles about the basics of developing provider-hosted SharePoint Add-ins. You should first be familiar with [SharePoint Add-ins](sharepoint-add-ins.md) and the previous articles in this series, which you can find at [Get started creating provider-hosted SharePoint Add-ins](get-started-creating-provider-hosted-sharepoint-add-ins.md#SP15createprovider_nextsteps). +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + +This is the seventh in a series of articles about the basics of developing provider-hosted SharePoint Add-ins. You should first be familiar with [SharePoint Add-ins](sharepoint-add-ins.md) and the previous articles in this series, which you can find at [Get started creating provider-hosted SharePoint Add-ins](get-started-creating-provider-hosted-sharepoint-add-ins.md#next-steps). > [!NOTE] > If you have been working through this series about provider-hosted add-ins, you have a Visual Studio solution that you can use to continue with this topic. You can also download the repository at [SharePoint_Provider-hosted_Add-Ins_Tutorials](https://github.com/OfficeDev/SharePoint_Provider-hosted_Add-ins_Tutorials) and open the BeforeAdd-inEventHandlers.sln file. @@ -25,64 +26,60 @@ We want our Chain Store add-in to create and deploy the **Local Employees** and Deciding which is best for a given add-in is an advanced topic. In this article, we can only mention a few points of comparison: - A custom installation handler has to complete in 30 seconds. There is no limit to how long first-run logic can take. - -- If anything goes wrong during an add-in installation, SharePoint rolls back everything it has done as part of the installation. A custom installation handler runs *after* SharePoint has done everything it's going to do to install the add-in, so a custom handler can participate in this system. +- If anything goes wrong during an add-in installation, SharePoint rolls back everything it has done as part of the installation. A custom installation handler runs *after* SharePoint has done everything it's going to do to install the add-in, so a custom handler can participate in this system. For example, if your custom logic throws an exception, you can tell SharePoint to roll back the entire add-in installation. If something goes wrong in custom first-run logic, however, the add-in remains installed and presumably won't work properly. -- SharePoint doesn't give up if it has to roll back an add-in installation. It immediately tries the installation again. It makes up to four attempts (the 30-second time limit applies on each attempt). Each time it retries, the custom installation handler runs again *from the beginning*. If the handler managed to install, say, a list, before the rollback, it tries to install the same list again on the retry. +- SharePoint doesn't give up if it has to roll back an add-in installation. It immediately tries the installation again. It makes up to four attempts (the 30-second time limit applies on each attempt). Each time it retries, the custom installation handler runs again *from the beginning*. If the handler managed to install, say, a list, before the rollback, it tries to install the same list again on the retry. To prevent this from happening, code in an installation handler has to be written so that it won't take any action (such as deploy a component) unless it first checks to see if that action has already been done. This makes the logic of an installation handler more complex than first-run logic because first-run logic won't retry (unless you specifically code it to do so). Also, checking to see if a component has already been deployed usually requires a time-consuming call over the Internet from the remote handler to SharePoint. A second call is also needed to actually deploy the component (if it has not already been deployed). -For the Chain Store add-in, we combine these strategies. In this article, you create an installation handler that registers the host web as a tenant in the corporate database and then sets a signal that specifies whether the add-in has been run yet on the host web. +For the Chain Store add-in, we combine these strategies. In this article, you create an installation handler that registers the host web as a tenant in the corporate database and then sets a signal that specifies whether the add-in has been run yet on the host web. In a later article in this series, you'll put first-run logic in the **Page_Load** method of the add-ins start page. This logic deploys the two custom lists and does some other things, too. - ## Configure the solution for event receiver debugging -Debugging of event receivers requires the use of the Azure Service Bus. Follow the instructions at [Debug and troubleshoot a remote event receiver in a SharePoint Add-in](debug-and-troubleshoot-a-remote-event-receiver-in-a-sharepoint-add-in.md). Because you are using a SharePoint Online website as your test site, ensure that you carry out the instructions for a remote test site. The remainder of this series assumes you have configured debugging successfully. +Debugging of event receivers requires the use of the Azure Service Bus. Follow the instructions at [Debug and troubleshoot a remote event receiver in a SharePoint Add-in](debug-and-troubleshoot-a-remote-event-receiver-in-a-sharepoint-add-in.md). Because you are using a SharePoint Online website as your test site, ensure that you carry out the instructions for a remote test site. The remainder of this series assumes you have configured debugging successfully. ## Create the installation handler > [!NOTE] -> The settings for Startup Projects in Visual Studio tend to revert to defaults whenever the solution is reopened. Always take these steps immediately after reopening the sample solution in this series of articles: -> 1. Right-click the solution node at the top of **Solution Explorer**, and then select **Set startup projects**. -> 2. Ensure that all three projects are set to **Start** in the **Action** column. +> The settings for Startup Projects in Visual Studio tend to revert to defaults whenever the solution is reopened. Always take these steps immediately after reopening the sample solution in this series of articles: +> +> 1. Right-click the solution node at the top of **Solution Explorer**, and then select **Set startup projects**. +> 1. Ensure that all three projects are set to **Start** in the **Action** column. 1. In **Solution Explorer**, select the **ChainStore** project so that its properties appear in the **Properties** pane of Visual Studio. +1. Set the value of **Handle Add-in Installed** to **True** (it may still be called **Handle App Installed**). This does two things: -2. Set the value of **Handle Add-in Installed** to **True** (it may still be called **Handle App Installed**). This does two things: - - A folder called **Services** is created in the **ChainStoreWeb** project (not the **ChainStore** project), and two files are added to it: an AppEventReceiver.svc file and its code-behind AppEventReceiver.svc.cs file (the file names begin with the string "App" because add-ins used to be called "apps"; *don't rename these files* because the Office Developer Tools for Visual Studio assumes that the files will keep these names). + - The handler URL is registered in the add-in manifest. This part of the manifest is not visible in the manifest designer. To see it, right-click the AppManifest.xml file and select **View Code**. A new child of the **Properties** element looks like the following. - - The handler URL is registered in the add-in manifest. This part of the manifest is not visible in the manifest designer. To see it, right-click the AppManifest.xml file and select **View Code**. A new child of the **Properties** element looks like the following. - ```XML ~remoteAppUrl/Services/AppEventReceiver.svc - ``` - + ``` + This markup tells SharePoint to call the **ProcessEvent** method of this service when it has finished doing all of its own work related to installing the add-in. The custom handler is the last thing that runs as part of the installation. The string `~remoteAppUrl` is a placeholder that the Office Developer Tools for Visual Studio replaces with the service host URL. When you are debugging, it is an Azure Service Bus URL. When you create the package for deployment to production, it is the production URL. -3. Open the AppEventReceiver.svc.cs file. - -4. You see that the Office Developer Tools for Visual Studio has created a sample implementation of the **ProcessEvent** method. All implementations of this method begin by initializing an **SPRemoteEventResult** object, and they all end by returning that object to SharePoint. Among other things, this object tells SharePoint whether or not it should roll back the event because the custom handling logic has failed. +1. Open the AppEventReceiver.svc.cs file. +1. You see that the Office Developer Tools for Visual Studio has created a sample implementation of the **ProcessEvent** method. All implementations of this method begin by initializing an **SPRemoteEventResult** object, and they all end by returning that object to SharePoint. Among other things, this object tells SharePoint whether or not it should roll back the event because the custom handling logic has failed. The tools may also have included a **using** block in this method that creates a **ClientContext** object. The custom handler in the Chain Store add-in isn't going to call back into SharePoint, so delete this block. The method should now look like the following. - + ```csharp - public SPRemoteEventResult ProcessEvent(SPRemoteEventProperties properties) - { - SPRemoteEventResult result = new SPRemoteEventResult(); + public SPRemoteEventResult ProcessEvent(SPRemoteEventProperties properties) + { + SPRemoteEventResult result = new SPRemoteEventResult(); - return result; - } + return result; + } ``` -5. The event receiver could be called by any of three possible add-in events, so add the following **switch** structure to the **ProcessEvent** method in between the lines that create and return the `result` object (the event names have the string "App" in them because add-ins used to be called "apps"). - +1. The event receiver could be called by any of three possible add-in events, so add the following **switch** structure to the **ProcessEvent** method in between the lines that create and return the `result` object (the event names have the string "App" in them because add-ins used to be called "apps"). + ```csharp - switch (properties.EventType) + switch (properties.EventType) { case SPRemoteEventType.AppInstalled: @@ -94,61 +91,60 @@ Debugging of event receivers requires the use of the Azure Service Bus. Follow t break; case SPRemoteEventType.AppUninstalling: - // TODO3: Custom uninstallation logic goes here. + // TODO3: Custom uninstallation logic goes here. break; } ``` -6. Our installation logic is going to call an SQL stored procedure to register the Hong Kong SAR store as a tenant in the remote web application. It is very important that, if this process fails, the handler signals SharePoint to roll back the installation of the add-in, so add the following **try/catch** blocks in place of `TODO2`. +1. Our installation logic is going to call an SQL stored procedure to register the Hong Kong SAR store as a tenant in the remote web application. It is very important that, if this process fails, the handler signals SharePoint to roll back the installation of the add-in, so add the following **try/catch** blocks in place of `TODO2`. ```csharp - try + try { CreateTenant(tenantName); - } + } catch (Exception e) { - // Tell SharePoint to cancel and roll back the event. + // Tell SharePoint to cancel and roll back the event. result.ErrorMessage = e.Message; result.Status = SPRemoteEventServiceStatus.CancelWithError; } ``` - Note the following about this code: + > NOTE: + > - You create the `tenantName` object and `CreateTenant` method in a later step. + > - The **Status** property of the **SPRemoteEventResult** object can have three possible values: **Continue** (the default), **CancelNoError**, and **CancelWithError**. Either of the latter two tell SharePoint to roll back the event. - - You create the `tenantName` object and `CreateTenant` method in a later step. - - The **Status** property of the **SPRemoteEventResult** object can have three possible values: **Continue** (the default), **CancelNoError**, and **CancelWithError**. Either of the latter two tell SharePoint to roll back the event. +1. The host web URL, which is the sample's tenant discriminator, is part of the information that SharePoint passes to the receiver in the **SPRemoteEventProperties** parameter. Add the following line to the **ProcessEvent** method on the line that is just under the initialization of the **SPRemoteEventResult** object. -7. The host web URL, which is the sample's tenant discriminator, is part of the information that SharePoint passes to the receiver in the **SPRemoteEventProperties** parameter. Add the following line to the **ProcessEvent** method on the line that is just under the initialization of the **SPRemoteEventResult** object. - ```csharp - string tenantName = properties.AppEventProperties.HostWebFullUrl.ToString(); + string tenantName = properties.AppEventProperties.HostWebFullUrl.ToString(); ``` -8. Now our code has to deal with a little quirk of the **AppEventProperties.HostWebFullUrl** property. In most other contexts, SharePoint includes a closing `"/"` character at the end of the host web URL, so the logic of our sample code assumes that this character is present. But SharePoint adds this character at the end of the **HostWebFullUrl** value if, and only if, the host web is the root web of a site collection. Because our Hong Kong SAR website is a subweb in the site collection, we need to add this character to ensure that the same tenant name string is used throughout the sample. +1. Now our code has to deal with a little quirk of the **AppEventProperties.HostWebFullUrl** property. In most other contexts, SharePoint includes a closing `"/"` character at the end of the host web URL, so the logic of our sample code assumes that this character is present. But SharePoint adds this character at the end of the **HostWebFullUrl** value if, and only if, the host web is the root web of a site collection. Because our Hong Kong SAR website is a subweb in the site collection, we need to add this character to ensure that the same tenant name string is used throughout the sample. Add the following code under the initialization of the `tenantName` object. - + ```csharp - if (!tenantName.EndsWith("/")) + if (!tenantName.EndsWith("/")) { tenantName += "/"; } ``` -9. Add the following **using** statements to the top of the file. - +1. Add the following **using** statements to the top of the file. + ```csharp - using System.Data.SqlClient; - using System.Data; - using ChainStoreWeb.Utilities; + using System.Data.SqlClient; + using System.Data; + using ChainStoreWeb.Utilities; ``` -10. Add the following method to the `AppEventReceiver` class. We don't discuss this in detail because the purpose of this series of articles is to teach SharePoint Add-in programming, not SQL Server/Azure programming. +1. Add the following method to the `AppEventReceiver` class. We don't discuss this in detail because the purpose of this series of articles is to teach SharePoint Add-in programming, not SQL Server/Azure programming. ```csharp - private void CreateTenant(string tenantName) + private void CreateTenant(string tenantName) { // Do not catch exceptions. Allow them to bubble up and trigger roll back // of installation. @@ -167,22 +163,21 @@ Debugging of event receivers requires the use of the Azure Service Bus. Follow t ``` This method creates a row in a database table called **Tenants**. In addition to the **Name** column, the table also has a **Version** column with a default value set to 0000.0000.0000.0000. In a later article in this series, you will create first-run logic that looks at this value to determine whether the add-in has already been installed on the host web. If the version is 0000.0000.0000.0000, your code deploys the **Local Employees** and **Expected Shipments** lists, and then raises the version number. - + ## Create the uninstallation handler -It is usually a good practice to handle the uninstalling event whenever you are handling the installed event. The basic idea is that the uninstalling handler deletes or recycles things that the installed handler deployed. There are, however, many exceptions, so you really need to understand the use cases of your add-in. For example, a list that is deployed with an add-in and populated with the add-in might still have value even after the add-in itself is uninstalled, in which case you wouldn't want to uninstall the list in the uninstalling event handler. +It is usually a good practice to handle the uninstalling event whenever you are handling the installed event. The basic idea is that the uninstalling handler deletes or recycles things that the installed handler deployed. There are, however, many exceptions, so you really need to understand the use cases of your add-in. For example, a list that is deployed with an add-in and populated with the add-in might still have value even after the add-in itself is uninstalled, in which case you wouldn't want to uninstall the list in the uninstalling event handler. The uninstallation event does not run, as you might expect, when a user removes the add-in from the **Site Contents** page. Doing so only moves the add-in to the website's Recycle Bin. A user could restore it, but restoring does not rerun the installed event handler, so you'd want anything that was deployed with the installed event handler to still exist if the add-in is restored. SharePoint components can be moved from the Recycle Bin to the second-stage Recycle Bin. It is only when an add-in is deleted from the second-stage that the uninstalling event happens; when a user does that, the add-in is unrestorable anyway, so we want the Hong Kong SAR store's tenancy to be removed from the corporate database at that point. -1. Set the value of **Handle Add-in Uninstalling** to **True** (it may still be called **Handle App Uninstalling**). This registers the handler in the AppManifest.xml file just as you earlier registered the installation handler. If you look at the file, you see that they have exactly the same URL. The Office Developer Tools for Visual Studio assumes that you are using the same \*.svc file. We are doing that in this sample, and it is a standard practice. - -2. Add the following code in place of `TODO3` in the AppEventReceiver.svc.cs file. +1. Set the value of **Handle Add-in Uninstalling** to **True** (it may still be called **Handle App Uninstalling**). This registers the handler in the AppManifest.xml file just as you earlier registered the installation handler. If you look at the file, you see that they have exactly the same URL. The Office Developer Tools for Visual Studio assumes that you are using the same \*.svc file. We are doing that in this sample, and it is a standard practice. +1. Add the following code in place of `TODO3` in the AppEventReceiver.svc.cs file. ```csharp - try + try { DeleteTenant(tenantName); - } + } catch (Exception e) { // Tell SharePoint to cancel and roll back the event. @@ -191,15 +186,14 @@ The uninstallation event does not run, as you might expect, when a user removes } ``` - Note the following about this code: + > NOTE: + > - The `DeleteTenant` method is added in the next step. + > - Rolling back the uninstallation of the add-in leaves it in the second-stage Recycle Bin, from which it could still be restored. - - The `DeleteTenant` method is added in the next step. - - Rolling back the uninstallation of the add-in leaves it in the second-stage Recycle Bin, from which it could still be restored. +1. Add the following method to the `AppEventReceiver` class. -3. Add the following method to the `AppEventReceiver` class. - ```csharp - private void DeleteTenant(string tenantName) + private void DeleteTenant(string tenantName) { // Do not catch exceptions. Allow them to bubble up and trigger roll back // of un-installation (removal from 2nd level Recycle Bin). @@ -212,7 +206,7 @@ The uninstallation event does not run, as you might expect, when a user removes cmd.CommandType = CommandType.StoredProcedure; SqlParameter name = cmd.Parameters.Add("@Name", SqlDbType.NVarChar); name.Value = tenantName; - cmd.ExecuteNonQuery(); + cmd.ExecuteNonQuery(); }//dispose conn and cmd } ``` @@ -222,25 +216,17 @@ The uninstallation event does not run, as you might expect, when a user removes ## Run the add-in and test the installation handler -1. Use the F5 key to deploy and run your add-in. Visual Studio hosts the remote web application in IIS Express and hosts the SQL database in SQL Express. It also makes a temporary installation of the add-in on your test SharePoint site, runs the installation event handler, and immediately runs the add-in. You are prompted to grant permissions to the add-in before its start page opens. - -2. When the add-in's start page opens, select the gear icon on the chrome control at the top, and then select **Account settings**. +1. Use the F5 key to deploy and run your add-in. Visual Studio hosts the remote web application in IIS Express and hosts the SQL database in SQL Express. It also makes a temporary installation of the add-in on your test SharePoint site, runs the installation event handler, and immediately runs the add-in. You are prompted to grant permissions to the add-in before its start page opens. +1. When the add-in's start page opens, select the gear icon on the chrome control at the top, and then select **Account settings**. +1. On the **Accounts settings** page, select the **Show Add-in Version** button. The version shows as 0000.0000.0000.0000. -3. On the **Accounts settings** page, select the **Show Add-in Version** button. The version shows as 0000.0000.0000.0000. - *Figure 1. Account settings page* ![The Account settings page with the heading "Account settings", a button named "Show Add-in Version", and under this, a line of text reading "Registered version: zero zero zero zero dot zero zero zero zero dot zero zero zero zero dot zero zero zero zero".](../images/2a905b7d-89c7-456a-8456-21a9b7e9efc5.PNG) -4. To end the debugging session, close the browser window or stop debugging in Visual Studio. Each time that you select F5, Visual Studio retracts the previous version of the add-in and installs the latest one. - -5. You will work with this add-in and Visual Studio solution in other articles, and it's a good practice to retract the add-in one last time when you are done working with it for a while. Right-click the project in **Solution Explorer** and select **Retract**. +1. To end the debugging session, close the browser window or stop debugging in Visual Studio. Each time that you select F5, Visual Studio retracts the previous version of the add-in and installs the latest one. +1. You will work with this add-in and Visual Studio solution in other articles, and it's a good practice to retract the add-in one last time when you are done working with it for a while. Right-click the project in **Solution Explorer** and select **Retract**. ## Next steps - In the next article of the series, you will add first-run logic to the add-in that programmatically deploys the **Local Employees** list and the custom ribbon button: [Add first-run logic to the provider-hosted add-in](add-first-run-logic-to-the-provider-hosted-add-in.md). - - - - diff --git a/docs/sp-add-ins/handle-events-in-sharepoint-add-ins.md b/docs/sp-add-ins/handle-events-in-sharepoint-add-ins.md index dd3babd49..b31f254be 100644 --- a/docs/sp-add-ins/handle-events-in-sharepoint-add-ins.md +++ b/docs/sp-add-ins/handle-events-in-sharepoint-add-ins.md @@ -1,7 +1,7 @@ --- title: Handle events in SharePoint Add-ins description: Handle list events, list item events, and add-in events in provider-hosted SharePoint add-ins. -ms.date: 06/13/2022 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- @@ -9,6 +9,8 @@ ms.service: sharepoint # Handle events in SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + Your custom code can handle three categories of events in provider-hosted add-ins: - **List events**, such as the adding or deleting of a list on a website. diff --git a/docs/sp-add-ins/handle-list-item-events-in-the-provider-hosted-add-in.md b/docs/sp-add-ins/handle-list-item-events-in-the-provider-hosted-add-in.md index 3b7394357..aa09faad8 100644 --- a/docs/sp-add-ins/handle-list-item-events-in-the-provider-hosted-add-in.md +++ b/docs/sp-add-ins/handle-list-item-events-in-the-provider-hosted-add-in.md @@ -1,612 +1,575 @@ --- title: Handle list item events in the provider-hosted add-in description: Programmatically deploy a list, create and register the list item event receiver, and run the provider-hosted SharePoint Add-in and test the receiver. -ms.date: 12/04/2017 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- # Handle list item events in the provider-hosted add-in -This is the tenth in a series of articles about the basics of developing provider-hosted SharePoint Add-ins. You should first be familiar with [SharePoint Add-ins](sharepoint-add-ins.md) and the previous articles in this series, which you can find at [Get started creating provider-hosted SharePoint Add-ins](get-started-creating-provider-hosted-sharepoint-add-ins.md#SP15createprovider_nextsteps). +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + +This is the tenth in a series of articles about the basics of developing provider-hosted SharePoint Add-ins. You should first be familiar with [SharePoint Add-ins](sharepoint-add-ins.md) and the previous articles in this series, which you can find at [Get started creating provider-hosted SharePoint Add-ins](get-started-creating-provider-hosted-sharepoint-add-ins.md#next-steps). > [!NOTE] > If you have been working through this series about provider-hosted add-ins, you have a Visual Studio solution that you can use to continue with this topic. You can also download the repository at [SharePoint_Provider-hosted_Add-Ins_Tutorials](https://github.com/OfficeDev/SharePoint_Provider-hosted_Add-ins_Tutorials) and open the BeforeRER.sln file. -You saw in an earlier article in this series that when an order is placed, it is added to the **Orders** table in the corporate database, and an item for it is automatically added to the **Expected Shipments** list. When it arrives at the local store, a user sets the **Arrived** column to **Yes**. Changing a field value for an item creates an item updated event for which you can add a custom handler. +You saw in an earlier article in this series that when an order is placed, it is added to the **Orders** table in the corporate database, and an item for it is automatically added to the **Expected Shipments** list. When it arrives at the local store, a user sets the **Arrived** column to **Yes**. Changing a field value for an item creates an item updated event for which you can add a custom handler. In this article, you create a handler for this list item event and then programmatically deploy it in the first-run logic of the SharePoint Add-in. Your handler adds the item into the **Inventory** table in the corporate database. It then sets the **Added to Inventory** column of the **Expected Shipments** list to **Yes**. You also learn how to prevent this second item updated event from setting off an infinite series of item updated events. ## Programmatically deploy the Expected Shipments list > [!NOTE] -> The settings for Startup Projects in Visual Studio tend to revert to defaults whenever the solution is reopened. Always take these steps immediately after reopening the sample solution in this series of articles: -> 1. Right-click the solution node at the top of **Solution Explorer**, and then select **Set startup projects**. -> 2. Ensure that all three projects are set to **Start** in the **Action** column. +> The settings for Startup Projects in Visual Studio tend to revert to defaults whenever the solution is reopened. Always take these steps immediately after reopening the sample solution in this series of articles: +> +> 1. Right-click the solution node at the top of **Solution Explorer**, and then select **Set startup projects**. +> 1. Ensure that all three projects are set to **Start** in the **Action** column. -1. In **Solution Explorer**, open the Utilities\SharePointComponentDeployer.cs file in the **ChainStoreWeb** project. Add the following method to the `SharePointComponentDeployer` class. +1. In **Solution Explorer**, open the Utilities\SharePointComponentDeployer.cs file in the **ChainStoreWeb** project. Add the following method to the `SharePointComponentDeployer` class. - ```csharp - private static void CreateExpectedShipmentsList() - { - using (var clientContext = sPContext.CreateUserClientContextForSPHost()) - { - var query = from list in clientContext.Web.Lists - where list.Title == "Expected Shipments" - select list; - IEnumerable matchingLists = clientContext.LoadQuery(query); - clientContext.ExecuteQuery(); - - if (matchingLists.Count() == 0) - { - ListCreationInformation listInfo = new ListCreationInformation(); - listInfo.Title = "Expected Shipments"; - listInfo.TemplateType = (int)ListTemplateType.GenericList; - listInfo.Url = "Lists/ExpectedShipments"; - List expectedShipmentsList = clientContext.Web.Lists.Add(listInfo); - - Field field = expectedShipmentsList.Fields.GetByInternalNameOrTitle("Title"); - field.Title = "Product"; - field.Update(); - - expectedShipmentsList.Fields.AddFieldAsXml("", - true, - AddFieldOptions.DefaultValue); - expectedShipmentsList.Fields.AddFieldAsXml("" - + "1", - true, - AddFieldOptions.DefaultValue); - expectedShipmentsList.Fields.AddFieldAsXml("" - + "FALSE", - true, - AddFieldOptions.DefaultValue); - expectedShipmentsList.Fields.AddFieldAsXml("" - + "FALSE", - true, - AddFieldOptions.DefaultValue); - - clientContext.ExecuteQuery(); - } - } - } - ``` + ```csharp + private static void CreateExpectedShipmentsList() + { + using (var clientContext = sPContext.CreateUserClientContextForSPHost()) + { + var query = from list in clientContext.Web.Lists + where list.Title == "Expected Shipments" + select list; + IEnumerable matchingLists = clientContext.LoadQuery(query); + clientContext.ExecuteQuery(); + + if (matchingLists.Count() == 0) + { + ListCreationInformation listInfo = new ListCreationInformation(); + listInfo.Title = "Expected Shipments"; + listInfo.TemplateType = (int)ListTemplateType.GenericList; + listInfo.Url = "Lists/ExpectedShipments"; + List expectedShipmentsList = clientContext.Web.Lists.Add(listInfo); + + Field field = expectedShipmentsList.Fields.GetByInternalNameOrTitle("Title"); + field.Title = "Product"; + field.Update(); + + expectedShipmentsList.Fields.AddFieldAsXml("", + true, + AddFieldOptions.DefaultValue); + expectedShipmentsList.Fields.AddFieldAsXml("" + + "1", + true, + AddFieldOptions.DefaultValue); + expectedShipmentsList.Fields.AddFieldAsXml("" + + "FALSE", + true, + AddFieldOptions.DefaultValue); + expectedShipmentsList.Fields.AddFieldAsXml("" + + "FALSE", + true, + AddFieldOptions.DefaultValue); + + clientContext.ExecuteQuery(); + } + } + } + ``` This code doesn't introduce any functionality that you haven't already seen in a previous article of this series, but note the following: - + - It sets the **Required** attribute of the **Quantity** field to **TRUE** so the field must always have a value. It then sets the default value to 1. - - The **Arrived** and **Added to Inventory** fields are hidden on the New Item form. - - Ideally, the **Added to Inventory** field would also be hidden on the Edit Item form because it should only be changed to **Yes** when the item updated event handler has first added the item to the corporate **Inventory** table. For technical reasons that we'll explain in a later step, a field has to be visible in the Edit Item form if we want to programmatically write to it in an item updated event handler. +1. In the **DeployChainStoreComponentsToHostWeb** method, add the following line, just above the line `RemoteTenantVersion = localTenantVersion`. -2. In the **DeployChainStoreComponentsToHostWeb** method, add the following line, just above the line `RemoteTenantVersion = localTenantVersion`. - ```csharp - CreateExpectedShipmentsList(); + CreateExpectedShipmentsList(); ``` ## Create the list item event receiver > [!NOTE] -> If you have been working through this series of articles, you have already configured your development environment for debugging remote event receivers. If you have not done that, see [Configure the solution for event receiver debugging](handle-add-in-events-in-the-provider-hosted-add-in.md#RERDebug) before you go any further in this topic. +> If you have been working through this series of articles, you have already configured your development environment for debugging remote event receivers. If you have not done that, see [Configure the solution for event receiver debugging](handle-add-in-events-in-the-provider-hosted-add-in.md#configure-the-solution-for-event-receiver-debugging) before you go any further in this topic. The Office Developer Tools for Visual Studio includes a **Remote Event Receiver** item that can be added to a SharePoint Add-in solution. However, at the time this article was written, this project item assumes that the list (with which the receiver will be registered) is on the add-in web, and consequently the tools create an add-in web and some SharePoint artifacts in it. But the receiver for the Chain Store add-in is going to be registered (in a later step) with the **Expected Shipments** list on the host web, so the add-in does not need an add-in web. (For a reminder of the distinction between add-in webs and host webs, see [SharePoint Add-ins](sharepoint-add-ins.md).) - + > [!NOTE] > List and list item event receivers are called remote event receivers (RER) because their code is remote from SharePoint, either in the cloud or in an on-premises server outside the SharePoint farm. However, the events that trigger them are in SharePoint. 1. In **Solution Explorer**, right-click the **Services** folder in the **ChainStoreWeb** project, and select **Add** > **WCF Service**. +1. When prompted, name the service **RemoteEventReceiver1**, and then select **OK**. +1. The tools create an interface file, an \*.svc file, and a code-behind file. We don't need the interface file IRemoteEventReceiver1.cs, so delete it. (The tools may have opened it automatically; if so, close and delete it.) -2. When prompted, name the service **RemoteEventReceiver1**, and then select **OK**. - -3. The tools create an interface file, an \*.svc file, and a code-behind file. We don't need the interface file IRemoteEventReceiver1.cs, so delete it. (The tools may have opened it automatically; if so, close and delete it.) - > [!NOTE] > When you created the add-in event receivers for the installed and uninstalling events in an earlier article in this series, the Office Developer Tools for Visual Studio added their URLs to the app manifest file. List and list item event receivers are not registered in the app manifest. Instead, they are registered (in a provider-hosted add-in) programmatically. You'll do that in a later step. -4. Open the code-behind file RemoteEventReceiver1.svc.cs. Replace its entire contents with the following code. +1. Open the code-behind file RemoteEventReceiver1.svc.cs. Replace its entire contents with the following code. ```csharp - using System; - using System.Collections.Generic; - using Microsoft.SharePoint.Client; - using Microsoft.SharePoint.Client.EventReceivers; - using System.Data.SqlClient; - using System.Data; - using ChainStoreWeb.Utilities; - - namespace ChainStoreWeb.Services - { - public class RemoteEventReceiver1 : IRemoteEventService - { - /// - /// Handles events that occur before an action occurs, - /// such as when a user is adding or deleting a list item. - /// - /// Holds information about the remote event. - /// Holds information returned from the remote event. - public SPRemoteEventResult ProcessEvent(SPRemoteEventProperties properties) - { - throw new NotImplementedException(); - } - - /// - /// Handles events that occur after an action occurs, - /// such as after a user adds an item to a list or deletes an item from a list. - /// - /// Holds information about the remote event. - public void ProcessOneWayEvent(SPRemoteEventProperties properties) - { - - } - } - } + using System; + using System.Collections.Generic; + using Microsoft.SharePoint.Client; + using Microsoft.SharePoint.Client.EventReceivers; + using System.Data.SqlClient; + using System.Data; + using ChainStoreWeb.Utilities; + + namespace ChainStoreWeb.Services + { + public class RemoteEventReceiver1 : IRemoteEventService + { + /// + /// Handles events that occur before an action occurs, + /// such as when a user is adding or deleting a list item. + /// + /// Holds information about the remote event. + /// Holds information returned from the remote event. + public SPRemoteEventResult ProcessEvent(SPRemoteEventProperties properties) + { + throw new NotImplementedException(); + } + + /// + /// Handles events that occur after an action occurs, + /// such as after a user adds an item to a list or deletes an item from a list. + /// + /// Holds information about the remote event. + public void ProcessOneWayEvent(SPRemoteEventProperties properties) + { + } + } + } ``` Note the following about this code: - + - The interface `IRemoteEventService` is defined in the **Microsoft.SharePoint.Client.EventReceivers** namespace. - - There won't be any "before" events handled in the Chain Store add-in, but the **ProcessEvent** method is required by the `IRemoteEventService` interface. -5. Add the following code to the **ProcessOneWayEvent** method. Note that the **ItemUpdated** event is the only one that this sample will handle, so we could have used a simple **if** structure instead of a **switch**. But event receivers typically handle multiple events, so we want you to see the pattern you'll most commonly be using in your event handlers as a SharePoint add-in developer. - +1. Add the following code to the **ProcessOneWayEvent** method. Note that the **ItemUpdated** event is the only one that this sample will handle, so we could have used a simple **if** structure instead of a **switch**. But event receivers typically handle multiple events, so we want you to see the pattern you'll most commonly be using in your event handlers as a SharePoint add-in developer. + ```csharp - switch (properties.EventType) - { - case SPRemoteEventType.ItemUpdated: + switch (properties.EventType) + { + case SPRemoteEventType.ItemUpdated: - // TODO12: Handle the item updated event. + // TODO12: Handle the item updated event. - break; - } + break; + } ``` -6. Replace `TODO12` with the following code. Again, here, we are using a **switch** structure when a simple **if** structure would do because we want you to see the common pattern in SharePoint event receivers. - +1. Replace `TODO12` with the following code. Again, here, we are using a **switch** structure when a simple **if** structure would do because we want you to see the common pattern in SharePoint event receivers. + ```csharp - switch (properties.ItemEventProperties.ListTitle) - { - case "Expected Shipments": + switch (properties.ItemEventProperties.ListTitle) + { + case "Expected Shipments": - // TODO13: Handle the arrival of a shipment. + // TODO13: Handle the arrival of a shipment. - break; - } + break; + } ``` -7. The code that responds to the arrival of a shipment should do two things: - +1. The code that responds to the arrival of a shipment should do two things: + - Add the item that has arrived at the store into the corporate inventory. - - Set the **Added to Inventory** field on the **Expected Shipments** list to **Yes**. But this should only happen if the item was successfully added to the inventory. - + Add the following code in place of `TODO13`. The two methods, `TryUpdateInventory` and `RecordInventoryUpdateLocally` are created in later steps. ```csharp - bool updateComplete = TryUpdateInventory(properties); - if (updateComplete) - { - RecordInventoryUpdateLocally(properties); - } + bool updateComplete = TryUpdateInventory(properties); + if (updateComplete) + { + RecordInventoryUpdateLocally(properties); + } ``` - -8. The **ProcessOneWayEvent** method should now look like the following: +1. The **ProcessOneWayEvent** method should now look like the following: ```csharp - public void ProcessOneWayEvent(SPRemoteEventProperties properties) - { - switch (properties.EventType) - { - case SPRemoteEventType.ItemUpdated: - - switch (properties.ItemEventProperties.ListTitle) - { - case "Expected Shipments": - bool updateComplete = UpdateInventory(properties); - if (updateComplete) - { - RecordInventoryUpdateLocally(properties); - } - break; - } - break; - } - } + public void ProcessOneWayEvent(SPRemoteEventProperties properties) + { + switch (properties.EventType) + { + case SPRemoteEventType.ItemUpdated: + + switch (properties.ItemEventProperties.ListTitle) + { + case "Expected Shipments": + bool updateComplete = UpdateInventory(properties); + if (updateComplete) + { + RecordInventoryUpdateLocally(properties); + } + break; + } + break; + } + } ``` -9. Add the following method to the `RemoteEventReceiver1` class. - +1. Add the following method to the `RemoteEventReceiver1` class. + ```csharp - private bool TryUpdateInventory(SPRemoteEventProperties properties) - { - bool successFlag = false; + private bool TryUpdateInventory(SPRemoteEventProperties properties) + { + bool successFlag = false; - // TODO14: Test whether the list item is changing because the product has arrived - // or for some other reason. If the former, add it to the inventory and set the success flag - // to true. + // TODO14: Test whether the list item is changing because the product has arrived + // or for some other reason. If the former, add it to the inventory and set the success flag + // to true. - return successFlag; - } + return successFlag; + } ``` -10. There are five columns on the **Expected Shipments** list, but we don't want the handler to react to most kinds of updates to an item. For example, if a user corrects the spelling of a supplier's name, the item updated event is triggered, but our handler should do nothing. The handler should only act when the **Arrived** field has just been set to **Yes**. - - There's another condition that needs to be tested. Suppose **Arrived** is set to **Yes** and the product in the item is added to inventory (and **Added to Inventory** is set to **Yes**). But later a user mistakenly changes the **Arrived** field of a shipment back to **No** and then fixes his mistake by setting it again to **Yes**. Both the mistake and the fix trigger the item updated event. The handler won't react to the mistake because it only acts when **Arrived** is **Yes**, but it would react to the fix that sets **Arrived** back to **Yes**, so the same product and quantity would get added into the inventory a second time. For this reason, the handler should only act when the **Added to Inventory** value is **No**. - +1. There are five columns on the **Expected Shipments** list, but we don't want the handler to react to most kinds of updates to an item. For example, if a user corrects the spelling of a supplier's name, the item updated event is triggered, but our handler should do nothing. The handler should only act when the **Arrived** field has just been set to **Yes**. + + There's another condition that needs to be tested. Suppose **Arrived** is set to **Yes** and the product in the item is added to inventory (and **Added to Inventory** is set to **Yes**). But later a user mistakenly changes the **Arrived** field of a shipment back to **No** and then fixes his mistake by setting it again to **Yes**. Both the mistake and the fix trigger the item updated event. The handler won't react to the mistake because it only acts when **Arrived** is **Yes**, but it would react to the fix that sets **Arrived** back to **Yes**, so the same product and quantity would get added into the inventory a second time. For this reason, the handler should only act when the **Added to Inventory** value is **No**. + Therefore, the handler needs to know what the values of these fields are just after the user updates the item. The **SPRemoteEventProperties** object has an **ItemEventProperties** property. And, in turn, it has an indexed **AfterProperties** property that holds the values of the fields in the updated item. The following code uses these properties to test whether the handler should react. Put this in place of `TODO14`. - ```csharp - var arrived = Convert.ToBoolean(properties.ItemEventProperties.AfterProperties["Arrived"]); - var addedToInventory = Convert.ToBoolean(properties.ItemEventProperties.AfterProperties["Added_x0020_to_x0020_Inventory"]); + ```csharp + var arrived = Convert.ToBoolean(properties.ItemEventProperties.AfterProperties["Arrived"]); + var addedToInventory = Convert.ToBoolean(properties.ItemEventProperties.AfterProperties["Added_x0020_to_x0020_Inventory"]); - if (arrived && !addedToInventory) - { + if (arrived && !addedToInventory) + { - // TODO15: Add the item to inventory + // TODO15: Add the item to inventory - successFlag = true; - } - ``` + successFlag = true; + } + ``` -11. Replace `TODO15` with the following code. +1. Replace `TODO15` with the following code. - ```csharp - using (SqlConnection conn = SQLAzureUtilities.GetActiveSqlConnection()) - using (SqlCommand cmd = conn.CreateCommand()) - { - conn.Open(); - cmd.CommandText = "UpdateInventory"; - cmd.CommandType = CommandType.StoredProcedure; - SqlParameter tenant = cmd.Parameters.Add("@Tenant", SqlDbType.NVarChar); - tenant.Value = properties.ItemEventProperties.WebUrl + "/"; - SqlParameter product = cmd.Parameters.Add("@ItemName", SqlDbType.NVarChar, 50); - product.Value = properties.ItemEventProperties.AfterProperties["Title"]; // not "Product" - SqlParameter quantity = cmd.Parameters.Add("@Quantity", SqlDbType.SmallInt); - quantity.Value = Convert.ToUInt16(properties.ItemEventProperties.AfterProperties["Quantity"]); - cmd.ExecuteNonQuery(); - } - ``` + ```csharp + using (SqlConnection conn = SQLAzureUtilities.GetActiveSqlConnection()) + using (SqlCommand cmd = conn.CreateCommand()) + { + conn.Open(); + cmd.CommandText = "UpdateInventory"; + cmd.CommandType = CommandType.StoredProcedure; + SqlParameter tenant = cmd.Parameters.Add("@Tenant", SqlDbType.NVarChar); + tenant.Value = properties.ItemEventProperties.WebUrl + "/"; + SqlParameter product = cmd.Parameters.Add("@ItemName", SqlDbType.NVarChar, 50); + product.Value = properties.ItemEventProperties.AfterProperties["Title"]; // not "Product" + SqlParameter quantity = cmd.Parameters.Add("@Quantity", SqlDbType.SmallInt); + quantity.Value = Convert.ToUInt16(properties.ItemEventProperties.AfterProperties["Quantity"]); + cmd.ExecuteNonQuery(); + } + ``` This is mainly SQL and ASP.NET programming, so we don't discuss it in detail, but note: - - - We use the **ItemEventProperties.WebUrl** property to get the tenant name, which is the host web URL. + - We use the **ItemEventProperties.WebUrl** property to get the tenant name, which is the host web URL. - We use the **AfterProperties** again to get the values of the product name and quantity. - - We refer to the product name field as "Title", even though the display name was changed to "Product" (in the **CreateExpectedShipmentsList** method) because fields are always referred to by their internal names. - -12. We are not finished with the **TryUpdateInventory** method yet, but at this point it should look like the following. - - ```csharp - private bool TryUpdateInventory(SPRemoteEventProperties properties) - { - bool successFlag = false; - - var arrived = Convert.ToBoolean(properties.ItemEventProperties.AfterProperties["Arrived"]); - var addedToInventory = Convert.ToBoolean(properties.ItemEventProperties.AfterProperties["Added_x0020_to_x0020_Inventory"]); - - if (arrived && !addedToInventory) - { - using (SqlConnection conn = SQLAzureUtilities.GetActiveSqlConnection()) - using (SqlCommand cmd = conn.CreateCommand()) - { - conn.Open(); - cmd.CommandText = "UpdateInventory"; - cmd.CommandType = CommandType.StoredProcedure; - SqlParameter tenant = cmd.Parameters.Add("@Tenant", SqlDbType.NVarChar); - tenant.Value = properties.ItemEventProperties.WebUrl + "/"; - SqlParameter product = cmd.Parameters.Add("@ItemName", SqlDbType.NVarChar, 50); - product.Value = properties.ItemEventProperties.AfterProperties["Title"]; // not "Product" - SqlParameter quantity = cmd.Parameters.Add("@Quantity", SqlDbType.SmallInt); - quantity.Value = Convert.ToUInt16(properties.ItemEventProperties.AfterProperties["Quantity"]); - cmd.ExecuteNonQuery(); - } - successFlag = true; - } - return successFlag; - } - ``` +1. We are not finished with the **TryUpdateInventory** method yet, but at this point it should look like the following. + + ```csharp + private bool TryUpdateInventory(SPRemoteEventProperties properties) + { + bool successFlag = false; + + var arrived = Convert.ToBoolean(properties.ItemEventProperties.AfterProperties["Arrived"]); + var addedToInventory = Convert.ToBoolean(properties.ItemEventProperties.AfterProperties["Added_x0020_to_x0020_Inventory"]); + + if (arrived && !addedToInventory) + { + using (SqlConnection conn = SQLAzureUtilities.GetActiveSqlConnection()) + using (SqlCommand cmd = conn.CreateCommand()) + { + conn.Open(); + cmd.CommandText = "UpdateInventory"; + cmd.CommandType = CommandType.StoredProcedure; + SqlParameter tenant = cmd.Parameters.Add("@Tenant", SqlDbType.NVarChar); + tenant.Value = properties.ItemEventProperties.WebUrl + "/"; + SqlParameter product = cmd.Parameters.Add("@ItemName", SqlDbType.NVarChar, 50); + product.Value = properties.ItemEventProperties.AfterProperties["Title"]; // not "Product" + SqlParameter quantity = cmd.Parameters.Add("@Quantity", SqlDbType.SmallInt); + quantity.Value = Convert.ToUInt16(properties.ItemEventProperties.AfterProperties["Quantity"]); + cmd.ExecuteNonQuery(); + } + successFlag = true; + } + return successFlag; + } + ``` + +1. When the **TryUpdateInventory** method returns **true**, our handler calls a method (not yet written) that updates the same item in the **Expected Shipments** list by setting the **Added to Inventory** field to **Yes**. This is itself an item update event, so the handler is called again. (The fact that the **Added to Inventory** field is now **Yes** prevents the handler from adding the same shipment to inventory a second time, but the handler is still called.) + + SharePoint behaves a little differently when the item updated event is triggered by a programmatic update: *it only includes in the __AfterProperties__ the fields that changed in the update.* So the **Arrived** field won't be present because only the **Added to Inventory** field changed. -13. When the **TryUpdateInventory** method returns **true**, our handler calls a method (not yet written) that updates the same item in the **Expected Shipments** list by setting the **Added to Inventory** field to **Yes**. This is itself an item update event, so the handler is called again. (The fact that the **Added to Inventory** field is now **Yes** prevents the handler from adding the same shipment to inventory a second time, but the handler is still called.) - - SharePoint behaves a little differently when the item updated event is triggered by a programmatic update: *it only includes in the __AfterProperties__ the fields that changed in the update.* So the **Arrived** field won't be present because only the **Added to Inventory** field changed. - The line... - + `var arrived = Convert.ToBoolean(properties.ItemEventProperties.AfterProperties["Arrived"]);` - - ...throws a **KeyNotFoundException**. - + + ...throws a **KeyNotFoundException**. + There is more than one way to resolve this problem. In this sample we are going to catch the exception and use the **catch** block to ensure that the `successFlag` is set to **false**. Doing this ensures that the item isn't updated a third time. - + Put everything in the method that is between the first line `bool successFlag = false;` and the last line `return successFlag;` in a **try** block. - -14. Add the following **catch** block just under the **try** block. - - ```csharp - catch (KeyNotFoundException) - { - successFlag = false; - } - ``` + +1. Add the following **catch** block just under the **try** block. + + ```csharp + catch (KeyNotFoundException) + { + successFlag = false; + } + ``` > [!NOTE] > The **KeyNotFoundException** is also the reason why we have to leave the **Added to Inventory** field visible on the Edit Item form. SharePoint does not include fields that are hidden on the Edit Item form in **AfterProperties**. -15. The entire method should now look like the following. +1. The entire method should now look like the following. - ```csharp - private bool TryUpdateInventory(SPRemoteEventProperties properties) - { - bool successFlag = false; - - try - { - var arrived = Convert.ToBoolean(properties.ItemEventProperties.AfterProperties["Arrived"]); - var addedToInventory = Convert.ToBoolean(properties.ItemEventProperties.AfterProperties["Added_x0020_to_x0020_Inventory"]); - - if (arrived && !addedToInventory) - { - using (SqlConnection conn = SQLAzureUtilities.GetActiveSqlConnection()) - using (SqlCommand cmd = conn.CreateCommand()) - { - conn.Open(); - cmd.CommandText = "UpdateInventory"; - cmd.CommandType = CommandType.StoredProcedure; - SqlParameter tenant = cmd.Parameters.Add("@Tenant", SqlDbType.NVarChar); - tenant.Value = properties.ItemEventProperties.WebUrl + "/"; - SqlParameter product = cmd.Parameters.Add("@ItemName", SqlDbType.NVarChar, 50); - product.Value = properties.ItemEventProperties.AfterProperties["Title"]; // not "Product" - SqlParameter quantity = cmd.Parameters.Add("@Quantity", SqlDbType.SmallInt); - quantity.Value = Convert.ToUInt16(properties.ItemEventProperties.AfterProperties["Quantity"]); - cmd.ExecuteNonQuery(); - } - successFlag = true; - } - } - catch (KeyNotFoundException) - { - successFlag = false; - } - return successFlag; - } - ``` + ```csharp + private bool TryUpdateInventory(SPRemoteEventProperties properties) + { + bool successFlag = false; + + try + { + var arrived = Convert.ToBoolean(properties.ItemEventProperties.AfterProperties["Arrived"]); + var addedToInventory = Convert.ToBoolean(properties.ItemEventProperties.AfterProperties["Added_x0020_to_x0020_Inventory"]); + + if (arrived && !addedToInventory) + { + using (SqlConnection conn = SQLAzureUtilities.GetActiveSqlConnection()) + using (SqlCommand cmd = conn.CreateCommand()) + { + conn.Open(); + cmd.CommandText = "UpdateInventory"; + cmd.CommandType = CommandType.StoredProcedure; + SqlParameter tenant = cmd.Parameters.Add("@Tenant", SqlDbType.NVarChar); + tenant.Value = properties.ItemEventProperties.WebUrl + "/"; + SqlParameter product = cmd.Parameters.Add("@ItemName", SqlDbType.NVarChar, 50); + product.Value = properties.ItemEventProperties.AfterProperties["Title"]; // not "Product" + SqlParameter quantity = cmd.Parameters.Add("@Quantity", SqlDbType.SmallInt); + quantity.Value = Convert.ToUInt16(properties.ItemEventProperties.AfterProperties["Quantity"]); + cmd.ExecuteNonQuery(); + } + successFlag = true; + } + } + catch (KeyNotFoundException) + { + successFlag = false; + } + return successFlag; + } + ``` -16. Add the following method to the `RemoteEventReceiver1` class. +1. Add the following method to the `RemoteEventReceiver1` class. ```csharp - private void RecordInventoryUpdateLocally(SPRemoteEventProperties properties) - { - using (ClientContext clientContext = TokenHelper.CreateRemoteEventReceiverClientContext(properties)) - { - List expectedShipmentslist = clientContext.Web.Lists.GetByTitle(properties.ItemEventProperties.ListTitle); - ListItem arrivedItem = expectedShipmentslist.GetItemById(properties.ItemEventProperties.ListItemId); - arrivedItem["Added_x0020_to_x0020_Inventory"] = true; - arrivedItem.Update(); - clientContext.ExecuteQuery(); - } - } + private void RecordInventoryUpdateLocally(SPRemoteEventProperties properties) + { + using (ClientContext clientContext = TokenHelper.CreateRemoteEventReceiverClientContext(properties)) + { + List expectedShipmentslist = clientContext.Web.Lists.GetByTitle(properties.ItemEventProperties.ListTitle); + ListItem arrivedItem = expectedShipmentslist.GetItemById(properties.ItemEventProperties.ListItemId); + arrivedItem["Added_x0020_to_x0020_Inventory"] = true; + arrivedItem.Update(); + clientContext.ExecuteQuery(); + } + } ``` By now this pattern of code is familiar from earlier articles in this series. But note one difference: - - - The code gets the **ClientContext** object by calling **TokenHelper.CreateRemoteEventReceiverClientContext** method instead of the **SharePointContext.CreateUserClientContextForSPHost** method as we used in code that called into SharePoint from pages, such as the EmployeeAdder page. - + + - The code gets the **ClientContext** object by calling **TokenHelper.CreateRemoteEventReceiverClientContext** method instead of the **SharePointContext.CreateUserClientContextForSPHost** method as we used in code that called into SharePoint from pages, such as the EmployeeAdder page. - The primary reason for having different methods to get a **ClientContext** object is that SharePoint passes the information needed to create such objects differently to event receivers from how it passes it to pages. For event receivers, it passes an **SPRemoteEventProperties** object, but for pages it passes a special field, called a context token, in the body of the request that launches the add-in page. -17. Save and close the receiver code file. - +1. Save and close the receiver code file. + ## Register the receiver The final task is to tell SharePoint that we have a custom receiver that we want SharePoint to call whenever an item on the **Expected Shipments** list is updated. 1. Open the SharePointContentDeployer.cs file and add the following line to the **DeployChainStoreComponentsToHostWeb** method, just under the line that creates the **Expected Shipments** list (we'll add this method in the next step). Note that we are passing to the method the **HttpRequest** object that the add-in's start page passed to the **DeployChainStoreComponentsToHostWeb** method. - + ```csharp - RegisterExpectedShipmentsEventHandler(request); + RegisterExpectedShipmentsEventHandler(request); ``` -2. Add the following method to the `SharePointComponentDeployer` class. - +1. Add the following method to the `SharePointComponentDeployer` class. + ```csharp - private static void RegisterExpectedShipmentsEventHandler(HttpRequest request) - { - using (var clientContext = sPContext.CreateUserClientContextForSPHost()) - { - var query = from list in clientContext.Web.Lists - where list.Title == "Expected Shipments" - select list; - IEnumerable matchingLists = clientContext.LoadQuery(query); - clientContext.ExecuteQuery(); - - List expectedShipmentsList = matchingLists.Single(); - - // TODO16: Add the event receiver to the list's collection of event receivers. - - clientContext.ExecuteQuery(); - } - } + private static void RegisterExpectedShipmentsEventHandler(HttpRequest request) + { + using (var clientContext = sPContext.CreateUserClientContextForSPHost()) + { + var query = from list in clientContext.Web.Lists + where list.Title == "Expected Shipments" + select list; + IEnumerable matchingLists = clientContext.LoadQuery(query); + clientContext.ExecuteQuery(); + + List expectedShipmentsList = matchingLists.Single(); + + // TODO16: Add the event receiver to the list's collection of event receivers. + + clientContext.ExecuteQuery(); + } + } ``` -3. Replace `TODO16` with the following lines. Note that there is a lightweight **CreationInformation** class for event receivers just as there is for lists and list items. - - ```csharp - EventReceiverDefinitionCreationInformation receiver = new EventReceiverDefinitionCreationInformation(); - receiver.ReceiverName = "ExpectedShipmentsItemUpdated"; - receiver.EventType = EventReceiverType.ItemUpdated; +1. Replace `TODO16` with the following lines. Note that there is a lightweight **CreationInformation** class for event receivers just as there is for lists and list items. - // TODO17: Set the URL of the receiver. + ```csharp + EventReceiverDefinitionCreationInformation receiver = new EventReceiverDefinitionCreationInformation(); + receiver.ReceiverName = "ExpectedShipmentsItemUpdated"; + receiver.EventType = EventReceiverType.ItemUpdated; - expectedShipmentsList.EventReceivers.Add(receiver); + // TODO17: Set the URL of the receiver. + expectedShipmentsList.EventReceivers.Add(receiver); ``` -4. Now you need to tell SharePoint the URL of the event receiver. In production, it's going to be at the same domain as the remote pages, with the path of /Services/RemoteEventReceiver1.svc. Because the handler is being registered in first-run logic from the add-in's start page, the domain is in the host header of the **HttpRequest** object for the request that called the page. Our code has passed that object from the page to the **DeployChainStoreComponentsToHostWeb** method, which itself passed it to the **RegisterExpectedShipmentsEventHandler** method. So we can set the receiver's URL with the following code. - +1. Now you need to tell SharePoint the URL of the event receiver. In production, it's going to be at the same domain as the remote pages, with the path of /Services/RemoteEventReceiver1.svc. Because the handler is being registered in first-run logic from the add-in's start page, the domain is in the host header of the **HttpRequest** object for the request that called the page. Our code has passed that object from the page to the **DeployChainStoreComponentsToHostWeb** method, which itself passed it to the **RegisterExpectedShipmentsEventHandler** method. So we can set the receiver's URL with the following code. + `receiver.ReceiverUrl = "https://" + request.Headers["Host"] + "/Services/RemoteEventReceiver1.svc";` - - Unfortunately, this won't work when you are debugging the add-in from Visual Studio. When you are debugging, the receiver is hosted in the Azure Service Bus, not in the localhost URL where the remote pages are hosted. We need to set distinct URLs for the receiver depending on whether we are debugging or not, so replace `TODO17` with the following structure that uses C# compiler directives. Note that in debug mode the receiver's URL is read from a web.config setting (you will create this setting in a later step). - ```csharp - #if DEBUG - receiver.ReceiverUrl = WebConfigurationManager.AppSettings["RERdebuggingServiceBusUrl"].ToString(); - #else - receiver.ReceiverUrl = "https://" + request.Headers["Host"] + "/Services/RemoteEventReceiver1.svc"; - #endif + Unfortunately, this won't work when you are debugging the add-in from Visual Studio. When you are debugging, the receiver is hosted in the Azure Service Bus, not in the localhost URL where the remote pages are hosted. We need to set distinct URLs for the receiver depending on whether we are debugging or not, so replace `TODO17` with the following structure that uses C# compiler directives. Note that in debug mode the receiver's URL is read from a web.config setting (you will create this setting in a later step). + ```csharp + #if DEBUG + receiver.ReceiverUrl = WebConfigurationManager.AppSettings["RERdebuggingServiceBusUrl"].ToString(); + #else + receiver.ReceiverUrl = "https://" + request.Headers["Host"] + "/Services/RemoteEventReceiver1.svc"; + #endif ``` +1. The entire **RegisterExpectedShipmentsEventHandler** method should now look like the following. -5. The entire **RegisterExpectedShipmentsEventHandler** method should now look like the following. - ```csharp - private static void RegisterExpectedShipmentsEventHandler(HttpRequest request) - { - using (var clientContext = sPContext.CreateUserClientContextForSPHost()) - { - var query = from list in clientContext.Web.Lists - where list.Title == "Expected Shipments" - select list; - IEnumerable matchingLists = clientContext.LoadQuery(query); - clientContext.ExecuteQuery(); - - List expectedShipmentsList = matchingLists.Single(); - - EventReceiverDefinitionCreationInformation receiver = new EventReceiverDefinitionCreationInformation(); - receiver.ReceiverName = "ExpectedShipmentsItemUpdated"; - receiver.EventType = EventReceiverType.ItemUpdated; - - #if DEBUG - receiver.ReceiverUrl = WebConfigurationManager.AppSettings["RERdebuggingServiceBusUrl"].ToString(); - #else - receiver.ReceiverUrl = "https://" + request.Headers["Host"] + "/Services/RemoteEventReceiver1.svc"; - #endif - expectedShipmentsList.EventReceivers.Add(receiver); - clientContext.ExecuteQuery(); - } - } + private static void RegisterExpectedShipmentsEventHandler(HttpRequest request) + { + using (var clientContext = sPContext.CreateUserClientContextForSPHost()) + { + var query = from list in clientContext.Web.Lists + where list.Title == "Expected Shipments" + select list; + IEnumerable matchingLists = clientContext.LoadQuery(query); + clientContext.ExecuteQuery(); + + List expectedShipmentsList = matchingLists.Single(); + + EventReceiverDefinitionCreationInformation receiver = new EventReceiverDefinitionCreationInformation(); + receiver.ReceiverName = "ExpectedShipmentsItemUpdated"; + receiver.EventType = EventReceiverType.ItemUpdated; + + #if DEBUG + receiver.ReceiverUrl = WebConfigurationManager.AppSettings["RERdebuggingServiceBusUrl"].ToString(); + #else + receiver.ReceiverUrl = "https://" + request.Headers["Host"] + "/Services/RemoteEventReceiver1.svc"; + #endif + + expectedShipmentsList.EventReceivers.Add(receiver); + clientContext.ExecuteQuery(); + } + } ``` -6. Add the following **using** statement to the top of the file. - +1. Add the following **using** statement to the top of the file. + ```csharp - using System.Web.Configuration; + using System.Web.Configuration; ``` -7. To ensure that `DEBUG` is true if and only if the add-in is being debugged, carry out the following subprocedure: - +1. To ensure that `DEBUG` is true if and only if the add-in is being debugged, carry out the following subprocedure: + 1. In **Solution Explorer**, right-click the **ChainStoreWeb** project and select **Properties**. - - 2. Open the **Build** tab of the **Properties**, and then select **Debug** from the **Configuration** drop-down at the top. - - 3. Ensure that the **Define DEBUG constant** check box is selected (it usually is by default). The following screen shot shows the proper setting. + 1. Open the **Build** tab of the **Properties**, and then select **Debug** from the **Configuration** drop-down at the top. + 1. Ensure that the **Define DEBUG constant** check box is selected (it usually is by default). The following screen shot shows the proper setting. *Figure 1. Build sub-tab of the Properties tab in Visual Studio* ![The Build sub-tab of the Properties tab in Visual Studio. The Configuration drop-down is set to Debug. The check box for "Define DEBUG constant" is selected.](../images/4f81174f-d875-4a9e-bff4-adea0f176f00.PNG) - 4. Change the **Configuration** drop-down to **Release**, and then ensure that the **Define DEBUG constant** check box is *not* selected (it usually is not by default). The following screenshot shows the proper setting. - + 1. Change the **Configuration** drop-down to **Release**, and then ensure that the **Define DEBUG constant** check box is *not* selected (it usually is not by default). The following screenshot shows the proper setting. + *Figure 2. Build sub-tab of the Properties tab with check box cleared* ![The Build sub-tab of the Properties tab. The Configuration drop down says Release. The check box for "Define DEBUG constant" is not checked.](../images/7fd942de-a324-4f70-a750-f5304c993832.PNG) - 5. If you made any changes, save and then close the **Properties** tab. - - -8. Open the web.config file, and add the following markup as a child of the **appSettings** element (we get the value of the setting in the next section). - + 1. If you made any changes, save and then close the **Properties** tab. + +1. Open the web.config file, and add the following markup as a child of the **appSettings** element (we get the value of the setting in the next section). + ```XML - + ``` ## Get the receiver URL for debugging -The add-in event and list item event receivers are Windows Communication Service (WCF) services, and every WCF service knows its own endpoint and stores it in multiple places, including the **System.ServiceModel.OperationContext.Current.Channel.LocalAddress.Uri** object. +The add-in event and list item event receivers are Windows Communication Service (WCF) services, and every WCF service knows its own endpoint and stores it in multiple places, including the **System.ServiceModel.OperationContext.Current.Channel.LocalAddress.Uri** object. When you are debugging, the add-in receiver is hosted at an Azure Service Bus endpoint that is almost the same as the endpoint for the list item receiver. The difference is that the URL of the add-in endpoint ends with "AppEventReceiver.svc", but the list item receiver's URL ends with "RemoteEventReceiver1.svc." So we can get the URL of the endpoint in the add-in receiver, make a small change to the end of it, and then use it as the value of our web.config **RERdebuggingServiceBusUrl** setting. 1. Open the AppEventReceiver.svc.cs file in the **Services** folder of the **ChainStoreWeb** project. +1. Add the following as the very first line in the **ProcessEvent** method. -2. Add the following as the very first line in the **ProcessEvent** method. - ```csharp - string debugEndpoint = System.ServiceModel.OperationContext.Current.Channel.LocalAddress.Uri.ToString(); + string debugEndpoint = System.ServiceModel.OperationContext.Current.Channel.LocalAddress.Uri.ToString(); ``` -3. Add a breakpoint to the very next line of the method. - -4. Select F5 to debug the add-in. Because web.config is open and Office Developer Tools for Visual Studio changes a setting in it every time you select F5, you are prompted to reload it. Select **Yes**. - -5. When the breakpoint is hit, hover the cursor over the `debugEndpoint` variable. When the Visual Studio Data Tip appears, select the down arrow, and then select **Text Visualizer**. - - *Figure 3. Visual Studio text visualizer with an Azure Service Bus URL* +1. Add a breakpoint to the very next line of the method. +1. Select F5 to debug the add-in. Because web.config is open and Office Developer Tools for Visual Studio changes a setting in it every time you select F5, you are prompted to reload it. Select **Yes**. +1. When the breakpoint is hit, hover the cursor over the `debugEndpoint` variable. When the Visual Studio Data Tip appears, select the down arrow, and then select **Text Visualizer**. - ![A Visual Studio text visualizer with an Azure Service Bus URL in it.](../images/494cf01e-3e17-4092-b239-9312ac4ab258.PNG) + *Figure 3. Visual Studio text visualizer with an Azure Service Bus URL* -6. Copy the string value from the visualizer and paste it somewhere. + ![A Visual Studio text visualizer with an Azure Service Bus URL in it.](../images/494cf01e-3e17-4092-b239-9312ac4ab258.PNG) -7. Close the visualizer, and then stop debugging in Visual Studio. - -8. Delete or comment out the line you added in the second step of this procedure, and then delete the breakpoint as well. - -9. In the string you copied, replace the "AppEventReceiver.svc" at the end with "RemoteEventReceiver1.svc". - -10. Copy and paste the modified URL as the value of the **RERdebuggingServiceBusUrl** key in the web.config file. +1. Copy the string value from the visualizer and paste it somewhere. +1. Close the visualizer, and then stop debugging in Visual Studio. +1. Delete or comment out the line you added in the second step of this procedure, and then delete the breakpoint as well. +1. In the string you copied, replace the "AppEventReceiver.svc" at the end with "RemoteEventReceiver1.svc". +1. Copy and paste the modified URL as the value of the **RERdebuggingServiceBusUrl** key in the web.config file. > [!NOTE] -> Manually copying the service bus URL and pasting (a modified version of) it into the web.config is not the only way of dealing with the need for a different URL when debugging a remote event receiver when it is running in production. We could programmatically store the value of **System.ServiceModel.OperationContext.Current.Channel.LocalAddress.Uri** somewhere in SharePoint or the remote database, and then have our first-run code read it and assign it to the `receiver.ReceiverUrl` property. We could register the list item event receiver as part of the add-in installed event handler. We could then programmatically read **System.ServiceModel.OperationContext.Current.Channel.LocalAddress.Uri**, modify it, and assign it to `receiver.ReceiverUrl` without having to store it anywhere. +> Manually copying the service bus URL and pasting (a modified version of) it into the web.config is not the only way of dealing with the need for a different URL when debugging a remote event receiver when it is running in production. We could programmatically store the value of **System.ServiceModel.OperationContext.Current.Channel.LocalAddress.Uri** somewhere in SharePoint or the remote database, and then have our first-run code read it and assign it to the `receiver.ReceiverUrl` property. We could register the list item event receiver as part of the add-in installed event handler. We could then programmatically read **System.ServiceModel.OperationContext.Current.Channel.LocalAddress.Uri**, modify it, and assign it to `receiver.ReceiverUrl` without having to store it anywhere. > -> This strategy requires that the **Expected Shipments** list also be created in the add-in installed event handler because it would have to exist before the handler could be registered with it. +> This strategy requires that the **Expected Shipments** list also be created in the add-in installed event handler because it would have to exist before the handler could be registered with it. > > Note also that we could combine our add-in event receiver and list item event receiver into a single receiver (that is, the same .svc and .svc.cs files). In that case, no modification of the URL is necessary before using it as the value of `receiver.ReceiverUrl`. ## Run the add-in and test the list item receiver -1. Open the **Site Contents** page of the Hong Kong SAR store's website, and remove the **Expected Shipments** list if there is one. - -2. Use the F5 key to deploy and run your add-in. Visual Studio hosts the remote web application in IIS Express and hosts the SQL database in SQL Express. It also makes a temporary installation of the add-in on your test SharePoint site and immediately runs the add-in. You are prompted to grant permissions to the add-in before its start page opens. - -3. When the add-in's start page opens, select the **Back to Site** button on the chrome control at the top. - -4. From the home page of the Hong Kong SAR store, go to the **Site Contents** page and open the **Expected Shipments** list. - -5. Create an item, and on the new item form, notice that the **Arrived** and **Added to Inventory** fields do not appear. - -6. After the item is created, reopen it for editing. Select the **Arrived** check box and save the item. This triggers the item updated event. The item is added to inventory and the value of the **Added to Inventory** field changes to **Yes** (you may have to refresh the page to see the change to **Added to Inventory**). - -7. Use the browser's back button until you are back at the start page for the Chain Store add-in, and then select the **Show Inventory** button. The item you marked as **Arrived** is now listed. - -8. Go back to the **Expected Shipments** list and add another item *with exactly the same product name and supplier name*, but a different quantity. - -9. After the item is created, reopen it for editing. Change the value of **Arrived** to **Yes** and save the item. - -10. Use the browser's back button until you are back at the start page for the Chain Store add-in, and then select the **Show Inventory** button. There is still just one item for the product name and supplier, but the quantity is now the total of the two items on the **Expected Shipments** list. - -11. To end the debugging session, close the browser window or stop debugging in Visual Studio. Each time you select F5, Visual Studio retracts the previous version of the add-in and installs the latest one. - -12. You will work with this add-in and Visual Studio solution in other articles, and it's a good practice to retract the add-in one last time when you are done working with it for a while. Right-click the project in **Solution Explorer** and select **Retract**. +1. Open the **Site Contents** page of the Hong Kong SAR store's website, and remove the **Expected Shipments** list if there is one. +1. Use the F5 key to deploy and run your add-in. Visual Studio hosts the remote web application in IIS Express and hosts the SQL database in SQL Express. It also makes a temporary installation of the add-in on your test SharePoint site and immediately runs the add-in. You are prompted to grant permissions to the add-in before its start page opens. +1. When the add-in's start page opens, select the **Back to Site** button on the chrome control at the top. +1. From the home page of the Hong Kong SAR store, go to the **Site Contents** page and open the **Expected Shipments** list. +1. Create an item, and on the new item form, notice that the **Arrived** and **Added to Inventory** fields do not appear. +1. After the item is created, reopen it for editing. Select the **Arrived** check box and save the item. This triggers the item updated event. The item is added to inventory and the value of the **Added to Inventory** field changes to **Yes** (you may have to refresh the page to see the change to **Added to Inventory**). +1. Use the browser's back button until you are back at the start page for the Chain Store add-in, and then select the **Show Inventory** button. The item you marked as **Arrived** is now listed. +1. Go back to the **Expected Shipments** list and add another item *with exactly the same product name and supplier name*, but a different quantity. +1. After the item is created, reopen it for editing. Change the value of **Arrived** to **Yes** and save the item. +1. Use the browser's back button until you are back at the start page for the Chain Store add-in, and then select the **Show Inventory** button. There is still just one item for the product name and supplier, but the quantity is now the total of the two items on the **Expected Shipments** list. +1. To end the debugging session, close the browser window or stop debugging in Visual Studio. Each time you select F5, Visual Studio retracts the previous version of the add-in and installs the latest one. +1. You will work with this add-in and Visual Studio solution in other articles, and it's a good practice to retract the add-in one last time when you are done working with it for a while. Right-click the project in **Solution Explorer** and select **Retract**. ## Next steps - To learn how to publish your add-in to a SharePoint site, see [Deploying and installing SharePoint Add-ins: methods and options](deploying-and-installing-sharepoint-add-ins-methods-and-options.md). You can also pursue advanced work in SharePoint add-in development on the following pages: -- [Design SharePoint Add-ins](design-sharepoint-add-ins.md) -- [Develop SharePoint Add-ins](develop-sharepoint-add-ins.md) -- [Publish SharePoint Add-ins](publish-sharepoint-add-ins.md) -- [Tools and environments for developing SharePoint Add-ins](tools-and-environments-for-developing-sharepoint-add-ins.md) - - - +- [Design SharePoint Add-ins](design-sharepoint-add-ins.md) +- [Develop SharePoint Add-ins](develop-sharepoint-add-ins.md) +- [Publish SharePoint Add-ins](publish-sharepoint-add-ins.md) +- [Tools and environments for developing SharePoint Add-ins](tools-and-environments-for-developing-sharepoint-add-ins.md) diff --git a/docs/sp-add-ins/handle-security-tokens-in-provider-hosted-low-trust-sharepoint-add-ins.md b/docs/sp-add-ins/handle-security-tokens-in-provider-hosted-low-trust-sharepoint-add-ins.md index 400cc04d3..49516ef0d 100644 --- a/docs/sp-add-ins/handle-security-tokens-in-provider-hosted-low-trust-sharepoint-add-ins.md +++ b/docs/sp-add-ins/handle-security-tokens-in-provider-hosted-low-trust-sharepoint-add-ins.md @@ -1,20 +1,21 @@ --- title: Handle security tokens in provider-hosted low-trust SharePoint Add-ins description: The context, access, and refresh tokens that are used for authorization by low-trust, provider-hosted SharePoint Add-ins, and how to work with them in your code. -ms.date: 05/01/2020 +ms.date: 05/01/2025 ms.localizationpriority: high ms.service: sharepoint --- # Handle security tokens in provider-hosted low-trust SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + > [!IMPORTANT] > This article is entirely about the use of security tokens in the low-trust authorization system, not the high-trust system. For information about the use of tokens in the high-trust system, see [Create and use access tokens in provider-hosted high-trust SharePoint Add-ins](create-and-use-access-tokens-in-provider-hosted-high-trust-sharepoint-add-ins.md). SharePoint Add-ins that use the [low-trust authorization system](creating-sharepoint-add-ins-that-use-low-trust-authorization.md) to gain access to SharePoint data participate in an OAuthflow that involves the passing of security tokens (in [JSON Web Token](https://datatracker.ietf.org/doc/rfc7519/) format) among SharePoint, Microsoft Azure Access Control Service (ACS), the remote components of the SharePoint Add-in, and, in some cases, the user's browser. -> [!IMPORTANT] -> Azure Access Control (ACS), a service of Azure Active Directory (Azure AD), will be retired on November 7, 2018. This retirement does not impact the SharePoint Add-in model, which uses the **https://accounts.accesscontrol.windows.net** hostname (which isn't impacted by this retirement). For more information, see [Impact of Azure Access Control retirement for SharePoint Add-ins](https://developer.microsoft.com/office/blogs/impact-of-azure-access-control-deprecation-for-sharepoint-add-ins). +[!INCLUDE [azure-acs-retirement](../../includes/snippets/azure-acs-deprecation.md)] There are different flows depending on the design of the add-in, but all of them involve at least the following two types of tokens: @@ -23,7 +24,7 @@ There are different flows depending on the design of the add-in, but all of them Depending on which OAuth flow the add-in is using, one or the other of the following is also part of the process: -- **Context token**. Used, in the Context Token flow, to provide the remote component with a refresh token and with information that it needs to request an access token from Azure ACS. +- **Context token**. Used in the Context Token flow, to provide the remote component with a refresh token and with information that it needs to request an access token from Azure ACS. - **Authorization code**. Not a token, but an authorization code, unique to each pair of user and application. It's used in the Authorization Code flow to obtain a first access token and a refresh token. ## Access tokens @@ -44,12 +45,12 @@ Depending on your SharePoint Add-in's architecture and the hosting platform, the - In session state - In application state - In [Windows Server AppFabric Caching](/previous-versions/appfabric/ff383731(v=azure.10)) or its equivalent in a non-Microsoft operating system -- In the [Microsoft Azure Caching Service](/azure/redis-cache/cache-faq) or its equivalent in a non-Microsoft cloud service +- In the [Microsoft Azure Caching Service](/azure/redis/faq) or its equivalent in a non-Microsoft cloud service - In a database - In a [memcached](http://www.memcached.org/) system > [!NOTE] -> In most scenarios, you won't be able to use terms as simple as "AccessToken" as the caching key because your add-in must keep the tokens for different users and SharePoint farms/tenancies distinct. If your add-in uses the [Context Token flow](context-token-oauth-flow-for-sharepoint-add-ins.md), there's special **CacheKey** provided by SharePoint that can be used to distinguish cached tokens. This section explains what the issues are and what to do when your application isn't using the Context Token flow. +> In most scenarios, you won't be able to use terms as simple as "AccessToken" as the caching key because your add-in must keep the tokens for different users and SharePoint farms/tenancies distinct. If your add-in uses the [Context Token flow](context-token-oauth-flow-for-sharepoint-add-ins.md), there's a special **CacheKey** provided by SharePoint that can be used to distinguish cached tokens. This section explains what the issues are and what to do when your application isn't using the Context Token flow. Caching the access token in **session state** is fine for most scenarios. If the remote web application is accessing other services that use OAuth (in addition to SharePoint) and its caching the various access tokens in session state, be sure to use distinct cache keys for the tokens; for example, instead of "AccessToken", use "SharePoint\_AccessToken", "Facebook\_AccessToken", "SAP\_Gateway\_AccessToken", and so on. (If you're not using session state or some other caching that automatically separates each user's cache, you need to relativize your keys for users.) diff --git a/docs/sp-add-ins/high-trust-configuration-scripts-for-sharepoint.md b/docs/sp-add-ins/high-trust-configuration-scripts-for-sharepoint.md index b6a68739d..4b5fb326a 100644 --- a/docs/sp-add-ins/high-trust-configuration-scripts-for-sharepoint.md +++ b/docs/sp-add-ins/high-trust-configuration-scripts-for-sharepoint.md @@ -1,7 +1,7 @@ --- title: High-trust configuration scripts for SharePoint description: Get customizable Windows PowerShell scripts that configure a SharePoint farm to use a high-trust SharePoint Add-in. -ms.date: 03/25/2020 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- @@ -9,6 +9,8 @@ ms.service: sharepoint # High-trust configuration scripts for SharePoint +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + The following scripts are used to designate one or more X.509 digital certificates as trusted issuers of access tokens in a staging or production Microsoft SharePoint farm. For a script that is more appropriate for a SharePoint Add-ins development environment, see [Create high-trust SharePoint Add-ins](create-high-trust-sharepoint-add-ins.md). No single set of scripts can work for every SharePoint farm because there are too many different ways that the certificates can be acquired and stored. For that reason, please note the following: - The scripts are meant to be run in a SharePoint Management Shell on any SharePoint server in the farm. diff --git a/docs/sp-add-ins/highlight-content-and-enhance-the-functionality-of-sharepoint-hosted-sharepoint.md b/docs/sp-add-ins/highlight-content-and-enhance-the-functionality-of-sharepoint-hosted-sharepoint.md index 573910a17..bafbbc748 100644 --- a/docs/sp-add-ins/highlight-content-and-enhance-the-functionality-of-sharepoint-hosted-sharepoint.md +++ b/docs/sp-add-ins/highlight-content-and-enhance-the-functionality-of-sharepoint-hosted-sharepoint.md @@ -1,13 +1,15 @@ --- title: Highlight content and enhance the functionality of SharePoint-hosted SharePoint Add-ins with the callout control description: Construct the SharePoint callout control, add it to your page, and customize its appearance and behavior to provide a flexible way to engage your user and showcase your add-in's functionality. -ms.date: 12/20/2017 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- # Highlight content and enhance the functionality of SharePoint-hosted SharePoint Add-ins with the callout control +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + The SharePoint callout control provides a flexible way to engage your user and showcase your SharePoint-hosted add-in's functionality. You can configure it in a variety of ways to suit your add-in's UI. You can construct this control, add it to your page, and customize its appearance and behavior. When you do searches in a SharePoint site, you'll see examples of the callout control in action because it appears whenever you hover over a search result. diff --git a/docs/sp-add-ins/host-webs-add-in-webs-and-sharepoint-components-in-sharepoint.md b/docs/sp-add-ins/host-webs-add-in-webs-and-sharepoint-components-in-sharepoint.md index 8d9b7b11e..b15115a9e 100644 --- a/docs/sp-add-ins/host-webs-add-in-webs-and-sharepoint-components-in-sharepoint.md +++ b/docs/sp-add-ins/host-webs-add-in-webs-and-sharepoint-components-in-sharepoint.md @@ -1,12 +1,14 @@ --- title: Host webs, add-in webs, and SharePoint components in SharePoint description: Which SharePoint components can be included in a SharePoint Add-in, which are deployed to the host web or the add-in web, and how the add-in web is deployed in an isolated domain. -ms.date: 01/06/2021 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- # Host webs, add-in webs, and SharePoint components in SharePoint +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + When an add-in that includes SharePoint components is installed on a website, it is listed on the **Site Contents** page from which it can be launched. That listing, which is the launch point of the add-in, is the only required addition to the website, although certain other things can optionally be added, such as a custom action or an add-in part. For information about these options, see [Accessing the add-in from the UI](important-aspects-of-the-sharepoint-add-in-architecture-and-development-landscap.md#AccessingApp). ## Host webs, add-in webs, and the isolated domain diff --git a/docs/sp-add-ins/important-aspects-of-the-sharepoint-add-in-architecture-and-development-landscap.md b/docs/sp-add-ins/important-aspects-of-the-sharepoint-add-in-architecture-and-development-landscap.md index 8f64509ab..2eb8332ad 100644 --- a/docs/sp-add-ins/important-aspects-of-the-sharepoint-add-in-architecture-and-development-landscap.md +++ b/docs/sp-add-ins/important-aspects-of-the-sharepoint-add-in-architecture-and-development-landscap.md @@ -1,13 +1,14 @@ --- title: Important aspects of the SharePoint Add-in architecture and development landscape description: The architecture of and the model for SharePoint Add-ins, including add-in hosting and user interface options, deployment system, security system, and lifecycle. -ms.date: 03/08/2023 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- # Important aspects of the SharePoint Add-in architecture and development landscape +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] This article supplements the information in the article [SharePoint Add-ins](sharepoint-add-ins.md). diff --git a/docs/sp-add-ins/include-a-custom-button-in-the-provider-hosted-add-in.md b/docs/sp-add-ins/include-a-custom-button-in-the-provider-hosted-add-in.md index 2fc15c8a9..1839bed8e 100644 --- a/docs/sp-add-ins/include-a-custom-button-in-the-provider-hosted-add-in.md +++ b/docs/sp-add-ins/include-a-custom-button-in-the-provider-hosted-add-in.md @@ -1,15 +1,15 @@ --- title: Include a custom button in the provider-hosted add-in description: Create a custom list on the host website, add a custom button, request Read permissions, run the add-in, and test the button. -ms.date: 10/21/2019 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- - - # Include a custom button in the provider-hosted add-in -This is the third in a series of articles about the basics of developing provider-hosted SharePoint Add-ins. You should first be familiar with [SharePoint Add-ins](sharepoint-add-ins.md) and the previous articles in this series, which you can find at [Get started creating provider-hosted SharePoint Add-ins](get-started-creating-provider-hosted-sharepoint-add-ins.md#SP15createprovider_nextsteps). +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + +This is the third in a series of articles about the basics of developing provider-hosted SharePoint Add-ins. You should first be familiar with [SharePoint Add-ins](sharepoint-add-ins.md) and the previous articles in this series, which you can find at [Get started creating provider-hosted SharePoint Add-ins](get-started-creating-provider-hosted-sharepoint-add-ins.md#next-steps). > [!NOTE] > If you have been working through this series about provider-hosted add-ins, you have a Visual Studio solution that you can use to continue with this topic. You can also download the repository at [SharePoint_Provider-hosted_Add-Ins_Tutorials](https://github.com/OfficeDev/SharePoint_Provider-hosted_Add-ins_Tutorials) and open the BeforeRibbonButton.sln file. @@ -20,8 +20,8 @@ A SharePoint Add-in can include custom actions, which is the SharePoint term for The custom button is going to be on the ribbon of a specific list that records the employees of the local store. In a later article in this series, you'll learn how to programmatically add a custom list to a host website, but for now you'll add one manually. -1. From the home page of the Fabrikam Hong Kong SAR Store, go to **Site Contents** > **Add an add-in** > **Custom List**. -1. In the **Adding Custom List** dialog, specify **Local Employees** as the name, and then select **Create**. +1. From the home page of the Fabrikam Hong Kong SAR Store, go to **Site Contents** > **Add an add-in** > **Custom List**. +1. In the **Adding Custom List** dialog, specify **Local Employees** as the name, and then select **Create**. 1. On the **Site Contents** page, open the **Local Employees** list. 1. On the **List** tab on the ribbon, select **List Settings**. 1. In the **Columns** section of the **List Settings** page, select the **Title** column. @@ -48,12 +48,12 @@ In this section, you include markup in the add-in that deploys a button to the l 1. If Visual Studio is open, you have to close it and reopen the Chain Store solution so that Visual Studio can discover your new list (run Visual Studio as an administrator). > [!NOTE] - > The settings for Startup Projects in Visual Studio tend to revert to defaults whenever the solution is reopened. Always take these steps immediately after reopening the sample solution in this series of articles: + > The settings for Startup Projects in Visual Studio tend to revert to defaults whenever the solution is reopened. Always take these steps immediately after reopening the sample solution in this series of articles: > - > 1. Right-click the solution node at the top of **Solution Explorer**, and then select **Set startup projects**. + > 1. Right-click the solution node at the top of **Solution Explorer**, and then select **Set startup projects**. > 1. Ensure that all three projects are set to **Start** in the **Action** column. -1. Right-click the **ChainStore** project in **Solution Explorer**, and then select **Add** > **New Item**. +1. Right-click the **ChainStore** project in **Solution Explorer**, and then select **Add** > **New Item**. 1. In the **Add New Item** dialog, select **Ribbon Custom Action**, name it **AddEmployeeToCorpDB**, and then select **Add**. 1. The dialog that opens asks three questions. Give the following answers: @@ -79,7 +79,7 @@ In this section, you include markup in the add-in that deploys a button to the l - The **CommandAction** attribute of the **CommandUIHandler** element begins with the placeholder `~remoteAppUrl`. This will be replaced with the URL of the remote web application when the button is deployed. - A few query parameters have been added to the **CommandAction** value with placeholder values in braces "{ }". These placeholders are resolved at runtime. Note that one of them is the ID of the list item that is selected by the user before she selects the custom button on the ribbon. -1. In the **ChainStoreWeb** project, open the **Pages/EmployeeAdder.aspx** file. Notice that it doesn't have any UI. The add-in is going to use this page as a kind of web service. This is possible because the ASP.NET **System.Web.UI.Page** class implements **System.Web.IHttpHandler** and because the **Page\_Load** event runs automatically when the page is requested. +1. In the **ChainStoreWeb** project, open the **Pages/EmployeeAdder.aspx** file. Notice that it doesn't have any UI. The add-in is going to use this page as a kind of web service. This is possible because the ASP.NET **System.Web.UI.Page** class implements **System.Web.IHttpHandler** and because the **Page\_Load** event runs automatically when the page is requested. 1. Open the code-behind file **Pages/EmployeeAdder.aspx.cs**. The method that adds the employee to the remote database, `AddLocalEmployeeToCorpDB`, is already present. It uses the **SharePointContext** object to get the host web's URL, which the add-in uses as its tenant discriminator. The first thing the **Page_Load** method needs to do is initialize this object. The object is created and cached in the Session when the add-in's start page loads, so add the following code to the **Page_Load** method. (The **SharePointContext** object is defined in the SharePointContext.cs file that the Office Developer Tools for Visual Studio generates when the add-in solution is created.) @@ -90,14 +90,14 @@ In this section, you include markup in the add-in that deploys a button to the l 1. The `AddLocalEmployeeToCorpDB` method takes the employee's name as a parameter, so add the following line to the **Page_Load** method. You'll create the `GetLocalEmployeeName` method in a later step. ```csharp - // Read from SharePoint + // Read from SharePoint string employeeName = GetLocalEmployeeName(); ``` 1. Under this line, add the call to the `AddLocalEmployeeToCorpDB` method. ```csharp - // Write to remote database + // Write to remote database AddLocalEmployeeToCorpDB(employeeName); ``` @@ -109,7 +109,7 @@ In this section, you include markup in the add-in that deploys a button to the l { ListItem localEmployee; - // TODO1: Initialize the localEmployee object by getting + // TODO1: Initialize the localEmployee object by getting // the item from SharePoint. return localEmployee["Title"].ToString(); @@ -158,7 +158,7 @@ In this section, you include markup in the add-in that deploys a button to the l private string GetLocalEmployeeName() { ListItem localEmployee; - + using (var clientContext = spContext.CreateUserClientContextForSPHost()) { List localEmployeesList = clientContext.Web.Lists.GetByTitle("Local Employees"); @@ -211,29 +211,29 @@ As you have seen, SharePoint prompts you to grant the add-in permissions to the ## Run the add-in and test the button -1. Use the F5 key to deploy and run your add-in. Visual Studio hosts the remote web application in IIS Express and hosts the SQL database in SQL Express. It also makes a temporary installation of the add-in on your test SharePoint site and immediately runs the add-in. You are prompted to grant permissions to the add-in before its start page opens. This time the prompt has a drop-down where you select the list that the app needs to read as seen in the following screenshot. - +1. Use the F5 key to deploy and run your add-in. Visual Studio hosts the remote web application in IIS Express and hosts the SQL database in SQL Express. It also makes a temporary installation of the add-in on your test SharePoint site and immediately runs the add-in. You are prompted to grant permissions to the add-in before its start page opens. This time the prompt has a drop-down where you select the list that the app needs to read as seen in the following screenshot. + *Figure 3. SharePoint add-in permission prompt* - + ![The SharePoint add-in permission prompt with the list named Local Employees selected in a drop-down that is labeled "Let it read items in the list"](../images/84e8b42c-4800-4947-acbd-21c6f096f4ea.PNG) 1. Select **Local Employees** from the list, and then select **Trust it**. 1. When the add-in's start page opens, select **Back to Site** on the chrome control at the top. 1. From the website's home page, go to **Site Contents** > **Local Employees**. The list view page opens. -1. Add a few employees to the list. *Do not select the __Added to Corporate DB__ check box.* +1. Add a few employees to the list. *Do not select the __Added to Corporate DB__ check box.* 1. On the ribbon, open the **Items** tab. In the **Actions** section of the tab is the custom button **Add to Corporate DB**. 1. Select an item in the list. The page and ribbon should look similar to the following. - *Figure 4. Local Employees list* + *Figure 4. Local Employees list* ![The Local Employees list. One item is highlighted. Above it is the ribbon, and a button named "Add To Corporate DB" is in the Actions section.](../images/797a5ceb-7291-4b62-8075-2bb6a1b8e8a1.PNG) 1. After selecting an item in the list, select **Add to Corporate DB**. 1. The page seems to reload because the **Page_Load** method of the EmployeeAdder page redirects back to it. -1. Use the browser's back button twice to go back to the add-in's start page. +1. Use the browser's back button twice to go back to the add-in's start page. 1. Select **Show Employees**, and the list of employees will be populated with the employee that you added. It should look similar to the following: - *Figure 5. Corporate employees list on the add-in start page* + *Figure 5. Corporate employees list on the add-in start page* ![The corporate employees list on the add-in start page showing the same employee that was selected in the earlier step.](../images/4a300a4e-f479-4f63-b536-6315c5d9ba4d.PNG) @@ -241,6 +241,5 @@ As you have seen, SharePoint prompts you to grant the add-in permissions to the 1. You will work with this add-in and Visual Studio solution in other articles, and it's a good practice to retract the add-in one last time when you are done working with it for a while. Right-click the project in **Solution Explorer** and select **Retract**. ## Next steps - In the next article, we'll take a brief break from coding to [get a quick overview of the SharePoint client-side object model](get-a-quick-overview-of-the-sharepoint-object-model.md). diff --git a/docs/sp-add-ins/include-a-web-part-in-a-webpage-on-the-add-in-web.md b/docs/sp-add-ins/include-a-web-part-in-a-webpage-on-the-add-in-web.md index 2291b878a..b7264ed4a 100644 --- a/docs/sp-add-ins/include-a-web-part-in-a-webpage-on-the-add-in-web.md +++ b/docs/sp-add-ins/include-a-web-part-in-a-webpage-on-the-add-in-web.md @@ -1,12 +1,14 @@ --- title: Include a web part on a webpage in the add-in web description: Include an out-of-the-box web part on a page in the add-in web of a SharePoint Add-in. -ms.date: 06/13/2022 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- # Include a web part on a webpage in the add-in web +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + You can include an out-of-the-box web part on a page in the add-in web of a SharePoint Add-in, but it is important that you do this in a way that won't cause problems if you ever need to update the add-in. For a code sample that illustrates the guidance of this topic, see [OfficeDev/Core.WebPartOnAppWebPage](https://github.com/SharePoint/PnP/tree/master/Samples/Core.WebPartOnAppWebPage). diff --git a/docs/sp-add-ins/include-an-add-in-part-in-the-provider-hosted-add-in.md b/docs/sp-add-ins/include-an-add-in-part-in-the-provider-hosted-add-in.md index 3b4c2ca86..68cb08815 100644 --- a/docs/sp-add-ins/include-an-add-in-part-in-the-provider-hosted-add-in.md +++ b/docs/sp-add-ins/include-an-add-in-part-in-the-provider-hosted-add-in.md @@ -1,16 +1,16 @@ --- title: Include an add-in part in the provider-hosted add-in description: Surface a remote web form in a SharePoint page in a provider-hosted SharePoint Add-in. -ms.date: 12/04/2017 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- +# Include an add-in part in the provider-hosted add-in +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] -# Include an add-in part in the provider-hosted add-in +This is the sixth in a series of articles about the basics of developing provider-hosted SharePoint Add-ins. You should first be familiar with [SharePoint Add-ins](sharepoint-add-ins.md) and the previous articles in this series, which you can find at [Get started creating provider-hosted SharePoint Add-ins](get-started-creating-provider-hosted-sharepoint-add-ins.md#next-steps). -This is the sixth in a series of articles about the basics of developing provider-hosted SharePoint Add-ins. You should first be familiar with [SharePoint Add-ins](sharepoint-add-ins.md) and the previous articles in this series, which you can find at [Get started creating provider-hosted SharePoint Add-ins](get-started-creating-provider-hosted-sharepoint-add-ins.md#SP15createprovider_nextsteps). - > [!NOTE] > If you have been working through this series about provider-hosted add-ins, you have a Visual Studio solution that you can use to continue with this topic. You can also download the repository at [SharePoint_Provider-hosted_Add-Ins_Tutorials](https://github.com/OfficeDev/SharePoint_Provider-hosted_Add-ins_Tutorials) and open the BeforeAdd-inPart.sln file. @@ -19,68 +19,57 @@ In this article, you add a special kind of web part called an add-in part to the ## Create the add-in part > [!NOTE] -> The settings for Startup Projects in Visual Studio tend to revert to defaults whenever the solution is reopened. Always take these steps immediately after reopening the sample solution in this series of articles: -> 1. Right-click the solution node at the top of **Solution Explorer**, and then select **Set startup projects**. -> 2. Ensure that all three projects are set to **Start** in the **Action** column. +> The settings for Startup Projects in Visual Studio tend to revert to defaults whenever the solution is reopened. Always take these steps immediately after reopening the sample solution in this series of articles: +> +> 1. Right-click the solution node at the top of **Solution Explorer**, and then select **Set startup projects**. +> 1. Ensure that all three projects are set to **Start** in the **Action** column. 1. In **Solution Explorer**, right-click the **ChainStore** project, and then select **Add** > **New Item**. - -2. Select **Client web part (Host Web)**, give it the name **Place Order**, and then select **Add**. ("Client web part" is another name for "add-in part".) - -3. On the next page of the wizard, select the second option: **Select or enter the URL of an existing webpage for the client web part content**. +1. Select **Client web part (Host Web)**, give it the name **Place Order**, and then select **Add**. ("Client web part" is another name for "add-in part".) +1. On the next page of the wizard, select the second option: **Select or enter the URL of an existing webpage for the client web part content**. +1. In the drop-down list, select the URL for the **OrderForm.aspx** page, and then select **Finish**. -4. In the drop-down list, select the URL for the **OrderForm.aspx** page, and then select **Finish**. - An elements.xml file that defines the add-in part is added to the project and opened. - -5. In the **ClientWebPart** element, change the following attributes to these values: - - |**Attribute**|**Value**| - |:-----|:-----| - |Title|Place Order| - |Description|Form to place an order| - |DefaultHeight|320| + +1. In the **ClientWebPart** element, change the following attributes to these values: + + | **Attribute** | **Value** | + | :------------ | :--------------------- | + | Title | Place Order | + | Description | Form to place an order | + | DefaultHeight | 320 | Leave all the other attributes with their defaults and save the file. - + ## Run the add-in and test the add-in part 1. Use the F5 key to deploy and run your add-in. Visual Studio hosts the remote web application in IIS Express and hosts the SQL database in SQL Express. It also makes a temporary installation of the add-in on your test SharePoint site and immediately runs the add-in. You are prompted to grant permissions to the add-in before its start page opens. +1. When the add-in's start page opens, the add-in has been deployed, and the **Place Order** add-in part is available for users to add to any web part area on any SharePoint page on the Hong Kong SAR store's website. Follow these steps to add it to the home page: -2. When the add-in's start page opens, the add-in has been deployed, and the **Place Order** add-in part is available for users to add to any web part area on any SharePoint page on the Hong Kong SAR store's website. Follow these steps to add it to the home page: - 1. Select **Back to Site** on the chrome control at the top of the start page to open the home page of the Hong Kong SAR store. - 2. On the ribbon, open the **Page** tab and select **Edit**. - 3. After the page is in edit mode, open the **Insert** tab on the ribbon, and then select **Add-in Part** (the button may still be called **App Part**). - 4. On the web part insertion control that opens, select the **Place Order** add-in part. The control looks similar to the following. + 1. On the ribbon, open the **Page** tab and select **Edit**. + 1. After the page is in edit mode, open the **Insert** tab on the ribbon, and then select **Add-in Part** (the button may still be called **App Part**). + 1. On the web part insertion control that opens, select the **Place Order** add-in part. The control looks similar to the following. *Figure 1. SharePoint's web part insertion control* ![SharePoint's web part insertion control. The part called "Place Order" is highlighted. Its name and description appears in a box at the right.](../images/aae61f89-2e9e-4808-8b0c-2439dad7c701.PNG) - 5. Select somewhere in one of the web part zones of the form to set the location where the add-in part will go. - 6. Select **Add** on the web part insertion control. The **Place Order** add-in part is added to the web part zone. - 7. On the ribbon, select **Save**. - -3. The order form now appears on the page, and it has the look-and-feel of the rest of the page. It should look like the following. - - *Figure 2. Place Order add-in part* - - ![The Place Order add-in part on the page with text boxes for Product, Supplier, and Quantity. There is also a "Place Order" button.](../images/beae2e3c-c1f4-4334-8ab8-0c42252cb2a2.PNG) + 1. Select somewhere in one of the web part zones of the form to set the location where the add-in part will go. + 1. Select **Add** on the web part insertion control. The **Place Order** add-in part is added to the web part zone. + 1. On the ribbon, select **Save**. -4. Enter values for **Supplier**, **Product**, and **Quantity**, and then select **Place Order**. Nothing appears to happen, but an order is entered in the corporate database. Optionally, you can empty the fields of the add-in part by refreshing the page. +1. The order form now appears on the page, and it has the look-and-feel of the rest of the page. It should look like the following. -5. Use the browser's back button until you are back at the Chain Store add-in's start page, and then select **Show Orders**. Your new order is listed. + *Figure 2. Place Order add-in part* -6. To end the debugging session, close the browser window or stop debugging in Visual Studio. Each time you select F5, Visual Studio retracts the previous version of the add-in and installs the latest one. + ![The Place Order add-in part on the page with text boxes for Product, Supplier, and Quantity. There is also a "Place Order" button.](../images/beae2e3c-c1f4-4334-8ab8-0c42252cb2a2.PNG) -7. You will work with this add-in and Visual Studio solution in other articles, and it's a good practice to retract the add-in one last time when you are done working with it for a while. Right-click the project in **Solution Explorer** and select **Retract**. +1. Enter values for **Supplier**, **Product**, and **Quantity**, and then select **Place Order**. Nothing appears to happen, but an order is entered in the corporate database. Optionally, you can empty the fields of the add-in part by refreshing the page. +1. Use the browser's back button until you are back at the Chain Store add-in's start page, and then select **Show Orders**. Your new order is listed. +1. To end the debugging session, close the browser window or stop debugging in Visual Studio. Each time you select F5, Visual Studio retracts the previous version of the add-in and installs the latest one. +1. You will work with this add-in and Visual Studio solution in other articles, and it's a good practice to retract the add-in one last time when you are done working with it for a while. Right-click the project in **Solution Explorer** and select **Retract**. ## Next steps - The add-in depends on two lists that you created manually; you don't want your users to have to do that. In the next article, you begin the process of automatically creating these lists. The first major step is to create custom handlers for the event of installing an add-in: [Handle add-in events in the provider-hosted add-in](handle-add-in-events-in-the-provider-hosted-add-in.md). - - - - diff --git a/docs/sp-add-ins/localize-sharepoint-add-ins.md b/docs/sp-add-ins/localize-sharepoint-add-ins.md index fde9c629b..49a50aca9 100644 --- a/docs/sp-add-ins/localize-sharepoint-add-ins.md +++ b/docs/sp-add-ins/localize-sharepoint-add-ins.md @@ -1,13 +1,15 @@ --- title: Localize SharePoint Add-ins description: Localize a SharePoint Add-in by using resource files, JavaScript resource files, and other techniques. -ms.date: 06/13/2022 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- # Localize SharePoint Add-ins + +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] > [!NOTE] > This topic assumes that you are familiar with the basic creation of SharePoint Add-ins, and with SharePoint features, the distinction between add-in webs and host webs, [the kind of SharePoint components that can be in an add-in](host-webs-add-in-webs-and-sharepoint-components-in-sharepoint.md#types-of-sharepoint-components-that-can-be-in-a-sharepoint-add-in), and the basics of localization with .resx files. diff --git a/docs/sp-add-ins/make-batch-requests-with-the-rest-apis.md b/docs/sp-add-ins/make-batch-requests-with-the-rest-apis.md index 6d39d70f3..62a4d76e0 100644 --- a/docs/sp-add-ins/make-batch-requests-with-the-rest-apis.md +++ b/docs/sp-add-ins/make-batch-requests-with-the-rest-apis.md @@ -12,7 +12,7 @@ This article describes how you can batch queries and operations against the REST ## Executive summary of the $batch option -SharePoint Online (and on-premises SharePoint 2016 and later) and the Office 365 APIs implement the OData `$batch` query option, so you can rely on [the official documentation](https://www.odata.org/documentation/odata-version-3-0/batch-processing) for details about how to use it. (Another option is to see Andrew Connell's blog posts on the subject beginning at [Part 1 - SharePoint REST API Batching](https://www.andrewconnell.com/blog/part-1-sharepoint-rest-api-batching-understanding-batching-requests).) +SharePoint Online (and on-premises SharePoint 2016 and later) and the Office 365 APIs implement the OData `$batch` query option, so you can rely on [the official documentation](https://www.odata.org/documentation/odata-version-3-0/batch-processing) for details about how to use it. (Another option is to see Andrew Connell's blog posts on the subject beginning at [Part 1 - SharePoint REST API Batching](https://www.voitanos.io/blog/part-1-sharepoint-rest-api-batching-understanding-batching-requests).) The following is a reminder of the major points: diff --git a/docs/sp-add-ins/navigate-the-sharepoint-data-structure-represented-in-the-rest-service.md b/docs/sp-add-ins/navigate-the-sharepoint-data-structure-represented-in-the-rest-service.md index 301ae288a..a02282ff4 100644 --- a/docs/sp-add-ins/navigate-the-sharepoint-data-structure-represented-in-the-rest-service.md +++ b/docs/sp-add-ins/navigate-the-sharepoint-data-structure-represented-in-the-rest-service.md @@ -1,7 +1,7 @@ --- title: Navigate the SharePoint data structure represented in the REST service description: Start from a REST endpoint for a given SharePoint item, and navigate to and access-related items, such as parent sites or the library structure where that item resides. -ms.date: 1/14/2020 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- diff --git a/docs/sp-add-ins/office-web-widgetsexperimental-overview.md b/docs/sp-add-ins/office-web-widgetsexperimental-overview.md index 85fec06d7..06d38f6ce 100644 --- a/docs/sp-add-ins/office-web-widgetsexperimental-overview.md +++ b/docs/sp-add-ins/office-web-widgetsexperimental-overview.md @@ -1,13 +1,15 @@ --- title: Office Web Widgets - Experimental overview description: Experimental widgets that you can use in Office Add-ins, SharePoint Add-ins, and websites. -ms.date: 06/13/2022 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- # Office Web Widgets - Experimental overview +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + > [!WARNING] > The Office Web Widgets - Experimental are only provided for research and feedback purposes. Do not use in production scenarios. The Office Web Widgets behavior may change significantly in future releases. Read and review the [Office Web Widgets - Experimental License Terms](office-web-widgetsexperimental-license-terms.md). diff --git a/docs/sp-add-ins/package-and-publish-high-trust-sharepoint-add-ins.md b/docs/sp-add-ins/package-and-publish-high-trust-sharepoint-add-ins.md index 22b8c3e7b..3b3cd87c2 100644 --- a/docs/sp-add-ins/package-and-publish-high-trust-sharepoint-add-ins.md +++ b/docs/sp-add-ins/package-and-publish-high-trust-sharepoint-add-ins.md @@ -1,13 +1,15 @@ --- title: Package and publish high-trust SharePoint Add-ins description: Package and publish a high-trust SharePoint Add-in for on-premises use. -ms.date: 06/13/2022 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- # Package and publish high-trust SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + ## Prerequisites diff --git a/docs/sp-add-ins/programmatically-deploy-a-custom-button-in-the-provider-hosted-add-in.md b/docs/sp-add-ins/programmatically-deploy-a-custom-button-in-the-provider-hosted-add-in.md index 8f537b11a..84c9972e9 100644 --- a/docs/sp-add-ins/programmatically-deploy-a-custom-button-in-the-provider-hosted-add-in.md +++ b/docs/sp-add-ins/programmatically-deploy-a-custom-button-in-the-provider-hosted-add-in.md @@ -1,15 +1,15 @@ --- title: Programmatically deploy a custom button in the provider-hosted add-in description: Register a custom ribbon button with a custom list in the same provider-hosted SharePoint Add-in. -ms.date: 11/22/2022 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- - - # Programmatically deploy a custom button in the provider-hosted add-in -This is the ninth in a series of articles about the basics of developing provider-hosted SharePoint Add-ins. You should first be familiar with [SharePoint Add-ins](sharepoint-add-ins.md) and the previous articles in this series, which you can find at [Get started creating provider-hosted SharePoint Add-ins](get-started-creating-provider-hosted-sharepoint-add-ins.md#SP15createprovider_nextsteps). +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + +This is the ninth in a series of articles about the basics of developing provider-hosted SharePoint Add-ins. You should first be familiar with [SharePoint Add-ins](sharepoint-add-ins.md) and the previous articles in this series, which you can find at [Get started creating provider-hosted SharePoint Add-ins](get-started-creating-provider-hosted-sharepoint-add-ins.md#next-steps). > [!NOTE] > If you have been working through this series about provider-hosted add-ins, you have a Visual Studio solution that you can use to continue with this topic. You can also download the repository at [SharePoint_Provider-hosted_Add-Ins_Tutorials](https://github.com/OfficeDev/SharePoint_Provider-hosted_Add-ins_Tutorials) and open the BeforeProgrammaticButton.sln file. @@ -19,9 +19,10 @@ In this article, you learn how to include a custom ribbon button in a SharePoint ## Re-add the custom button to the project > [!NOTE] -> The settings for Startup Projects in Visual Studio tend to revert to defaults whenever the solution is reopened. Always take these steps immediately after reopening the sample solution in this series of articles: -> 1. Right-click the solution node at the top of **Solution Explorer**, and then select **Set startup projects**. -> 2. Ensure that all three projects are set to **Start** in the **Action** column. +> The settings for Startup Projects in Visual Studio tend to revert to defaults whenever the solution is reopened. Always take these steps immediately after reopening the sample solution in this series of articles: +> +> 1. Right-click the solution node at the top of **Solution Explorer**, and then select **Set startup projects**. +> 1. Ensure that all three projects are set to **Start** in the **Action** column. In the previous article, you removed the custom **AddEmployeeToCorpDB** ribbon button from the project. Add it back in with the following steps. @@ -31,11 +32,9 @@ In the previous article, you removed the custom **AddEmployeeToCorpDB** ribbon b ![The Solution Explorer toolbar with a box drawn around the "Show All Files" button.](../images/f6b035f5-1aa7-452a-8f59-9dd44b062d06.PNG) -2. In the **ChainStore** project, right-click **AddEmployeeToCorpDB**, and then select **Include in Project**. - -3. Select the **Show All Files** button again. - -4. In the **ChainStore** project, expand **AddEmployeeToCorpDB**, and then open the elements.xml file. +1. In the **ChainStore** project, right-click **AddEmployeeToCorpDB**, and then select **Include in Project**. +1. Select the **Show All Files** button again. +1. In the **ChainStore** project, expand **AddEmployeeToCorpDB**, and then open the elements.xml file. ## Understand a dilemma and its solution @@ -43,205 +42,182 @@ In the elements.xml file, the **RegistrationId** attribute of the **CustomAction Deploying the list in the installation event handler, instead of first-run logic, won't solve the dilemma because SharePoint deploys custom descriptively-defined components, such as the custom button (and the **Place Order** add-in part), *before* it runs the custom handler, so the list won't exist when SharePoint tries to deploy the button. -Creating a custom button entirely programmatically is not practical for reasons that are too advanced to discuss here. Fortunately, it is not necessary. There is a relatively painless way to semi-programmatically create a custom button and assign it to a custom list. +Creating a custom button entirely programmatically is not practical for reasons that are too advanced to discuss here. Fortunately, it is not necessary. There is a relatively painless way to semi-programmatically create a custom button and assign it to a custom list. The following are the basic steps: -1. Keep the descriptively defined button in the project, but assign it to the ribbon of something that always exists on SharePoint sites, instead of to a list that's programmatically deployed with the same add-in. - -2. In the first-run logic, after the list is programmatically created, programmatically add an undefined button to the ribbon of the list. - -3. Initialize the properties of the new button with the values of the original button. At this point there are two identical buttons. The second is assigned to the ribbon of the **Local Employees** list. - -4. Programmatically delete the original button. +1. Keep the descriptively defined button in the project, but assign it to the ribbon of something that always exists on SharePoint sites, instead of to a list that's programmatically deployed with the same add-in. +1. In the first-run logic, after the list is programmatically created, programmatically add an undefined button to the ribbon of the list. +1. Initialize the properties of the new button with the values of the original button. At this point there are two identical buttons. The second is assigned to the ribbon of the **Local Employees** list. +1. Programmatically delete the original button. ## Programmatically register the custom button The following procedure shows how to implement this strategy. 1. In the **ChainStore** project, expand **AddEmployeeToCorpDB**, open the elements.xml file, and then change the value of the **RegistrationId** attribute of the **CustomAction** element to "100". This is the ID of a type of list. Even if there are no instances of lists of this type on the website, the list *type* is on every SharePoint website. The attribute should now look like the following. - + ```XML - RegistrationId="100" + RegistrationId="100" ``` -2. In the file SharePointComponentDeployer.cs, add the following line to the **DeployChainStoreComponentsToHostWeb** method, just under the line that calls `CreateLocalEmployeesList` (you create this method in the next step). - +1. In the file SharePointComponentDeployer.cs, add the following line to the **DeployChainStoreComponentsToHostWeb** method, just under the line that calls `CreateLocalEmployeesList` (you create this method in the next step). + ```csharp - ChangeCustomActionRegistration(); + ChangeCustomActionRegistration(); ``` -3. Add the following method to the `SharePointComponentDeployer` class. +1. Add the following method to the `SharePointComponentDeployer` class. ```csharp - private static void ChangeCustomActionRegistration() - { - using (var clientContext = sPContext.CreateUserClientContextForSPHost()) - { - var query = from action in clientContext.Web.UserCustomActions - where action.Name == "{button_GUID} .AddEmployeeToCorpDB" - select action; - IEnumerable matchingActions = clientContext.LoadQuery(query); - clientContext.ExecuteQuery(); + private static void ChangeCustomActionRegistration() + { + using (var clientContext = sPContext.CreateUserClientContextForSPHost()) + { + var query = from action in clientContext.Web.UserCustomActions + where action.Name == "{button_GUID} .AddEmployeeToCorpDB" + select action; + IEnumerable matchingActions = clientContext.LoadQuery(query); + clientContext.ExecuteQuery(); - UserCustomAction webScopedEmployeeAction = matchingActions.Single(); + UserCustomAction webScopedEmployeeAction = matchingActions.Single(); - // TODO8: Get a reference to the (empty) collection of custom actions - // that are registered with the custom list. + // TODO8: Get a reference to the (empty) collection of custom actions + // that are registered with the custom list. - // TODO9: Add a blank custom action to the list's collection. + // TODO9: Add a blank custom action to the list's collection. - // TODO10: Copy property values from the descriptively deployed - // custom action to the new custom action + // TODO10: Copy property values from the descriptively deployed + // custom action to the new custom action - // TODO11: Delete the original custom action. + // TODO11: Delete the original custom action. - clientContext.ExecuteQuery(); - } - } + clientContext.ExecuteQuery(); + } + } ``` - Note the following about this code: - - - Because the custom action, that is, the custom button, was registered with the ribbon of a list *type*, it is scoped to the entire website and is in the website's collection of custom actions. So the code retrieves it from that collection. - - - The value of the `action.Name` comes from the **ID** attribute of the **CustomAction** element in the elements.xml file in **AddEmployeeToCorpDB**. - + > NOTE: + > - Because the custom action, that is, the custom button, was registered with the ribbon of a list *type*, it is scoped to the entire website and is in the website's collection of custom actions. So the code retrieves it from that collection. + > - The value of the `action.Name` comes from the **ID** attribute of the **CustomAction** element in the elements.xml file in **AddEmployeeToCorpDB**. + > [!IMPORTANT] - > **You must change the `action.Name` value in the code to match the value in your elements.xml file.** The GUID part of the name will be different. Note that there is a `"."` character between the GUID and the rest of the name. The following is an example of the line: - > + > **You must change the `action.Name` value in the code to match the value in your elements.xml file.** The GUID part of the name will be different. Note that there is a `"."` character between the GUID and the rest of the name. The following is an example of the line: + > > `where action.Name == "4a926a42-3577-4e02-9d06-fef78586b1bc.AddEmployeeToCorpDB"` -4. Replace `TODO8` with the following code. Note that when you retract an add-in, components created by the add-in are not removed. After your first-run logic executes, there will be a custom action in the list's **UserCustomActions** collection, and it will not be retracted the next time you select F5. To avoid confusion, the last line in this code `listActions.Clear();` empties the collection. +1. Replace `TODO8` with the following code. Note that when you retract an add-in, components created by the add-in are not removed. After your first-run logic executes, there will be a custom action in the list's **UserCustomActions** collection, and it will not be retracted the next time you select F5. To avoid confusion, the last line in this code `listActions.Clear();` empties the collection. ```csharp - var queryForList = from list in clientContext.Web.Lists - where list.Title == "Local Employees" - select list; - IEnumerable matchingLists = clientContext.LoadQuery(queryForList); - clientContext.ExecuteQuery(); - - List employeeList = matchingLists.First(); - var listActions = employeeList.UserCustomActions; - clientContext.Load(listActions); - listActions.Clear(); + var queryForList = from list in clientContext.Web.Lists + where list.Title == "Local Employees" + select list; + IEnumerable matchingLists = clientContext.LoadQuery(queryForList); + clientContext.ExecuteQuery(); + + List employeeList = matchingLists.First(); + var listActions = employeeList.UserCustomActions; + clientContext.Load(listActions); + listActions.Clear(); ``` -5. Replace `TODO9` with the following line, which adds an undefined custom action to the **Local Employees** list. - +1. Replace `TODO9` with the following line, which adds an undefined custom action to the **Local Employees** list. + ```csharp - var listScopedEmployeeAction = listActions.Add(); + var listScopedEmployeeAction = listActions.Add(); ``` -6. Replace `TODO10` with the following code. +1. Replace `TODO10` with the following code. ```csharp - listScopedEmployeeAction.Title = webScopedEmployeeAction.Title; - listScopedEmployeeAction.Location = webScopedEmployeeAction.Location; - listScopedEmployeeAction.Sequence = webScopedEmployeeAction.Sequence; - listScopedEmployeeAction.CommandUIExtension = webScopedEmployeeAction.CommandUIExtension; - listScopedEmployeeAction.Update(); + listScopedEmployeeAction.Title = webScopedEmployeeAction.Title; + listScopedEmployeeAction.Location = webScopedEmployeeAction.Location; + listScopedEmployeeAction.Sequence = webScopedEmployeeAction.Sequence; + listScopedEmployeeAction.CommandUIExtension = webScopedEmployeeAction.CommandUIExtension; + listScopedEmployeeAction.Update(); ``` - Note the following about this code: - - - It assigns the property values of the web-scoped button (that was deployed with descriptive markup) to the corresponding properties of the list-scoped button, so the two buttons are identical except in scope. - - - The **Sequence** property specifies the relative order that the button will appear in its area of the ribbon. In this case, the button is on the **Actions** section of the **Items** tab of the ribbon. In the descriptive markup, this value was set to 10001, which is high enough to ensure that it will appear after (that is, to the right of) any in-the-box buttons that SharePoint itself puts in the **Actions** section of the ribbon. + > NOTE: + > - It assigns the property values of the web-scoped button (that was deployed with descriptive markup) to the corresponding properties of the list-scoped button, so the two buttons are identical except in scope. + > - The **Sequence** property specifies the relative order that the button will appear in its area of the ribbon. In this case, the button is on the **Actions** section of the **Items** tab of the ribbon. In the descriptive markup, this value was set to 10001, which is high enough to ensure that it will appear after (that is, to the right of) any in-the-box buttons that SharePoint itself puts in the **Actions** section of the ribbon. + +1. Replace `TODO11` with the following line, which deletes the original descriptively-defined button. If we did not have this line, every list on the website that uses list template "100" would have the custom button on it. Because the button's functionality is closely tied to the **Local Employees** list, it would make no sense to have the button on any other list. Also, without this line, the button would appear *twice* on the **Local Employees** list, because that list uses template "100". -7. Replace `TODO11` with the following line, which deletes the original descriptively-defined button. If we did not have this line, every list on the website that uses list template "100" would have the custom button on it. Because the button's functionality is closely tied to the **Local Employees** list, it would make no sense to have the button on any other list. Also, without this line, the button would appear *twice* on the **Local Employees** list, because that list uses template "100". - ```csharp - webScopedEmployeeAction.DeleteObject(); + webScopedEmployeeAction.DeleteObject(); ``` - -8. The entire method should now look like the following (except there should be a GUID in place of the placeholder). - + +1. The entire method should now look like the following (except there should be a GUID in place of the placeholder). + ```csharp - private static void ChangeCustomActionRegistration() - { - using (var clientContext = SPContext.CreateUserClientContextForSPHost()) - { - var query = from action in clientContext.Web.UserCustomActions - where action.Name == "{button_GUID} .AddEmployeeToCorpDB" - select action; - IEnumerable matchingActions = clientContext.LoadQuery(query); - clientContext.ExecuteQuery(); - - UserCustomAction webScopedEmployeeAction = matchingActions.Single(); - - var queryForList = from list in clientContext.Web.Lists - where list.Title == "Local Employees" - select list; - IEnumerable matchingLists = clientContext.LoadQuery(queryForList); - clientContext.ExecuteQuery(); - - List employeeList = matchingLists.First(); - var listActions = employeeList.UserCustomActions; - clientContext.Load(listActions); - listActions.Clear(); - - var listScopedEmployeeAction = listActions.Add(); - - listScopedEmployeeAction.Title = webScopedEmployeeAction.Title; - listScopedEmployeeAction.Location = webScopedEmployeeAction.Location; - listScopedEmployeeAction.Sequence = webScopedEmployeeAction.Sequence; - listScopedEmployeeAction.CommandUIExtension = webScopedEmployeeAction.CommandUIExtension; - listScopedEmployeeAction.Update(); - - webScopedEmployeeAction.DeleteObject(); - - clientContext.ExecuteQuery(); - } - } + private static void ChangeCustomActionRegistration() + { + using (var clientContext = SPContext.CreateUserClientContextForSPHost()) + { + var query = from action in clientContext.Web.UserCustomActions + where action.Name == "{button_GUID} .AddEmployeeToCorpDB" + select action; + IEnumerable matchingActions = clientContext.LoadQuery(query); + clientContext.ExecuteQuery(); + + UserCustomAction webScopedEmployeeAction = matchingActions.Single(); + + var queryForList = from list in clientContext.Web.Lists + where list.Title == "Local Employees" + select list; + IEnumerable matchingLists = clientContext.LoadQuery(queryForList); + clientContext.ExecuteQuery(); + + List employeeList = matchingLists.First(); + var listActions = employeeList.UserCustomActions; + clientContext.Load(listActions); + listActions.Clear(); + + var listScopedEmployeeAction = listActions.Add(); + + listScopedEmployeeAction.Title = webScopedEmployeeAction.Title; + listScopedEmployeeAction.Location = webScopedEmployeeAction.Location; + listScopedEmployeeAction.Sequence = webScopedEmployeeAction.Sequence; + listScopedEmployeeAction.CommandUIExtension = webScopedEmployeeAction.CommandUIExtension; + listScopedEmployeeAction.Update(); + + webScopedEmployeeAction.DeleteObject(); + + clientContext.ExecuteQuery(); + } + } ``` - ## Request full control of the host web Because the add-in now adds and deletes web-scoped custom actions, we need to escalate the permissions that the add-in requests from Manage to Full Control: 1. In **Solution Explorer**, open the AppManifest.xml file in the **ChainStore** project. - -2. Open the **Permissions** tab. Leave the **Scope** value at **Web**, but in the **Permission** field, select **Full Control** from the drop-down. - -3. Save the file. +1. Open the **Permissions** tab. Leave the **Scope** value at **Web**, but in the **Permission** field, select **Full Control** from the drop-down. +1. Save the file. ## Run the add-in and test the button deployment -1. Open the **Site Contents** page of the Hong Kong SAR store's website and remove the **Local Employees** list. - +1. Open the **Site Contents** page of the Hong Kong SAR store's website and remove the **Local Employees** list. + > [!NOTE] > Retracting an add-in in Visual Studio does not remove lists that are created by the add-in, so you need to manually delete it any time you are testing code that creates it. -2. Use the F5 key to deploy and run your add-in. Visual Studio hosts the remote web application in IIS Express and hosts the SQL database in SQL Express. It also makes a temporary installation of the add-in on your test SharePoint site and immediately runs the add-in. You are prompted to grant permissions to the add-in before its start page opens. - -3. When the add-in's start page opens, select the **Back to Site** link on the chrome control at the top. +1. Use the F5 key to deploy and run your add-in. Visual Studio hosts the remote web application in IIS Express and hosts the SQL database in SQL Express. It also makes a temporary installation of the add-in on your test SharePoint site and immediately runs the add-in. You are prompted to grant permissions to the add-in before its start page opens. +1. When the add-in's start page opens, select the **Back to Site** link on the chrome control at the top. +1. Go to the **Site Contents** page. The **Local Employees** list is present because your first-run logic added it. -4. Go to the **Site Contents** page. The **Local Employees** list is present because your first-run logic added it. - > [!NOTE] > If the list is not there or you have other indications that the first-run code is not executing, it may be that the **Tenants** table is not being reverted to an empty state when you select F5. The most common cause of this is that the **ChainCorporateDB** project is no longer set as a startup project in Visual Studio. See the [note near the top of this article](#re-add-the-custom-button-to-the-project) for how to fix this. Also be sure that you've configured the database to be rebuilt as described in [Configure Visual Studio to rebuild the corporate database with each debugging session](give-your-provider-hosted-add-in-the-sharepoint-look-and-feel.md#Rebuild). -5. Open the list and add an item. - -6. In the list view, select the item, and then open the **Item** tab on the ribbon. - -7. On the **Item** tab, select the **Add to Corporate DB** button. The employee is added to the corporate database, and the **Added to Corporate DB** field is changed to **Yes**. - -8. Go back to the **Site Contents** page and select **Add an add-in**. - -9. Add a new **Custom List**. By default it will be "Generic" type (Generic is list type 100). After the list is created, open the **Item** tab on the ribbon. Notice that the **Add to Corporate DB** button is *not* on the ribbon. This is because your code deleted the web-scoped button. - -10. To end the debugging session, close the browser window or stop debugging in Visual Studio. Each time that you select F5, Visual Studio retracts the previous version of the add-in and installs the latest one. - -11. You will work with this add-in and Visual Studio solution in other articles, and it's a good practice to retract the add-in one last time when you are done working with it for a while. Right-click the project in **Solution Explorer** and select **Retract**. +1. Open the list and add an item. +1. In the list view, select the item, and then open the **Item** tab on the ribbon. +1. On the **Item** tab, select the **Add to Corporate DB** button. The employee is added to the corporate database, and the **Added to Corporate DB** field is changed to **Yes**. +1. Go back to the **Site Contents** page and select **Add an add-in**. +1. Add a new **Custom List**. By default it will be "Generic" type (Generic is list type 100). After the list is created, open the **Item** tab on the ribbon. Notice that the **Add to Corporate DB** button is *not* on the ribbon. This is because your code deleted the web-scoped button. +1. To end the debugging session, close the browser window or stop debugging in Visual Studio. Each time that you select F5, Visual Studio retracts the previous version of the add-in and installs the latest one. +1. You will work with this add-in and Visual Studio solution in other articles, and it's a good practice to retract the add-in one last time when you are done working with it for a while. Right-click the project in **Solution Explorer** and select **Retract**. ## Next steps - Events on lists and list items can also have custom handlers in SharePoint. You will learn how to create one and deploy it in your first-run logic in [Handle list item events in the provider-hosted add-in](handle-list-item-events-in-the-provider-hosted-add-in.md). - - - - diff --git a/docs/sp-add-ins/publish-sharepoint-add-ins-by-using-visual-studio.md b/docs/sp-add-ins/publish-sharepoint-add-ins-by-using-visual-studio.md index ade9432dc..f9a35e5c0 100644 --- a/docs/sp-add-ins/publish-sharepoint-add-ins-by-using-visual-studio.md +++ b/docs/sp-add-ins/publish-sharepoint-add-ins-by-using-visual-studio.md @@ -1,13 +1,15 @@ --- title: Publish SharePoint Add-ins by using Visual Studio description: Learn how to publish your SharePoint Add-in by using Microsoft Visual Studio 2013 or Visual Studio 2012. If the add-in has an associated web application, you deploy it first. -ms.date: 12/14/2020 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- # Publish SharePoint Add-ins by using Visual Studio +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + Learn how to publish your SharePoint Add-in by using Microsoft Visual Studio 2013 or Visual Studio 2012. If the add-in has an associated web application, you deploy it first. Then, as for all SharePoint Add-ins, you package the SharePoint Add-in and then publish it. You can also optionally choose to submit your add-in for inclusion on the Office Store. diff --git a/docs/sp-add-ins/publish-sharepoint-add-ins.md b/docs/sp-add-ins/publish-sharepoint-add-ins.md index e7ae0cc4a..266f10d90 100644 --- a/docs/sp-add-ins/publish-sharepoint-add-ins.md +++ b/docs/sp-add-ins/publish-sharepoint-add-ins.md @@ -1,12 +1,14 @@ --- title: Publish SharePoint Add-ins description: Decide where to publish your SharePoint Add-ins. -ms.date: 12/09/2019 +ms.date: 10/05/2024 ms.localizationpriority: high ms.service: sharepoint --- # Publish SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + You've finished developing your SharePoint Add-in—the final step is to make it available to your users. You can do this by publishing the add-in to one of the following: - **AppSource** - Publish your add-in to AppSource to make it publically available, so that it can be acquired by users of any SharePoint deployment. @@ -16,10 +18,16 @@ For information about how to package your add-in for publication by using Visual ## Publishing to AppSource +> [!Important] +> As of March 1, 2024 net new Add-Ins are not accepted anymore for submission to AppSource. Check out the [full SharePoint Add-In retirement](https://aka.ms/retirement/addins/support) to learn more. + To publish an add-in to AppSource, you must first [open a developer account](/office/dev/store/open-a-developer-account). When you upload an add-in to AppSource for publication, Microsoft performs a validation check. For example, it checks that the add-in is free of viruses and that the add-in manifest markup is valid and complete, and verifies that any SharePoint solution packages (.wsp files) that you included in the add-in do not contain elements that aren't allowed, or SharePoint features with a scope that is broader than web. The package is also inspected for objectionable content. If the add-in package passes validation, it's wrapped into a file and signed by Microsoft. +> [!Important] +> Add-ins are registered in Partner Center and from there published to AppSource. As part of the Partner Center registration there's also an option to setup a client id and secret for your add-ins. The use of this client id and secret is only supported when the add-in is **also published**. Leaving add-ins as unpublished in partner center, but relying on the created client id is an unsupported scenario. + > [!NOTE] > Pricing model management is not supported for Office marketplace products. Existing paid products that migrated from Seller Dashboard will need to move to a SaaS model or be made free by July 2020. For details, see [Moving from paid to free add-ins](/office/dev/store/moving-from-paid-to-free-addins). You can monetize your add-in through the Microsoft Commercial Marketplace; for details, see [Monetize your add-in](/office/dev/store/monetize-addins-through-microsoft-commercial-marketplace). diff --git a/docs/sp-add-ins/query-a-remote-service-using-the-web-proxy-in-sharepoint.md b/docs/sp-add-ins/query-a-remote-service-using-the-web-proxy-in-sharepoint.md index 1e4be46b4..9ee6fb99a 100644 --- a/docs/sp-add-ins/query-a-remote-service-using-the-web-proxy-in-sharepoint.md +++ b/docs/sp-add-ins/query-a-remote-service-using-the-web-proxy-in-sharepoint.md @@ -1,13 +1,15 @@ --- title: Query a remote service using the web proxy in SharePoint description: Access data in a remote domain from a page that is hosted in SharePoint by using the web proxy. -ms.date: 12/22/2017 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- # Query a remote service using the web proxy in SharePoint +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + When you are building SharePoint Add-ins, you usually have to incorporate data from various sources. For security reasons, there are blocking mechanisms that prevent cross-domain communication. When you use the web proxy, the webpages in your add-in can access data in your remote domain and the SharePoint domain. As a developer, you can use the web proxy exposed in client APIs, such as the JavaScript and .NET client object models. When you use the web proxy, you issue the initial request to SharePoint. In turn, SharePoint requests the data to the specified endpoint and forwards the response back to your page. diff --git a/docs/sp-add-ins/register-sharepoint-add-ins.md b/docs/sp-add-ins/register-sharepoint-add-ins.md index 146b61efc..dcc77e5f6 100644 --- a/docs/sp-add-ins/register-sharepoint-add-ins.md +++ b/docs/sp-add-ins/register-sharepoint-add-ins.md @@ -1,16 +1,17 @@ --- title: Register SharePoint Add-ins description: Register your SharePoint Add-ins in Azure ACS by using Visual Studio, the Seller Dashboard, or an AppRegNew.aspx page, and retrieve registration information. -ms.date: 08/31/2023 +ms.date: 10/17/2024 ms.localizationpriority: high ms.service: sharepoint --- # Register SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + Register your SharePoint Add-ins in Azure ACS by using Visual Studio, the Seller Dashboard, or an AppRegNew.aspx page, and retrieve registration information. -> [!IMPORTANT] -> Azure Access Control (ACS), a service of Azure Active Directory (Azure AD), will be retired on November 7, 2018. This retirement does not impact the SharePoint Add-in model, which uses the `https://accounts.accesscontrol.windows.net` hostname (which is not impacted by this retirement). For more information, see [Impact of Azure Access Control retirement for SharePoint Add-ins](https://developer.microsoft.com/office/blogs/impact-of-azure-access-control-deprecation-for-sharepoint-add-ins). +[!INCLUDE [azure-acs-retirement](../../includes/snippets/azure-acs-deprecation.md)] For the remote components of a provider-hosted SharePoint Add-in to interact with SharePoint using OAuth, the add-in must first register with the [Azure ACS](https://msdn.microsoft.com/library/azure/gg429788.aspx) cloud-based service and the SharePoint App Management Service of the tenancy or farm. (It is called "App Management Service" because SharePoint Add-ins were originally called "apps for SharePoint.") @@ -19,8 +20,6 @@ For the remote components of a provider-hosted SharePoint Add-in to interact wit To register your add-in with Azure ACS, you specify the following information: -- A GUID for the add-in, called a client ID. -- A password for the add-in, called a client secret. - A display name of the add-in that is used on the consent page where the user is prompted to trust the add-in. - A URL for the domain where the remote add-in is hosted. - A redirect URL. @@ -39,7 +38,7 @@ You can register your add-in in one of three ways, depending on where you are in |**Registration method**|**Details**| |:-----|:-----| |Use Visual Studio and Microsoft Office Developer Tools for Visual Studio to create a temporary add-in identity. |The Office Developer Tools for Visual Studio Wizard creates a temporary registration for your add-in with ACS and the App Management Service of your SharePoint test website.

    When you run the add-in from Visual Studio (F5), this identity is used. The tools also insert the client ID and secret in the web.config and AppManifest.xml files.

    When you're ready to publish your add-in, you can use the Visual Studio publish wizard to go to the Seller Dashboard to register it. If you are not marketing your SharePoint Add-in in the Office Store, use AppRegNew.aspx to register it. (Exact steps are in the next section.)

    **Note**: If your add-in requests permission to access SharePoint resources dynamically at run time, instead of on add-in installation, you cannot use Visual Studio to create add-in identities. | -|Register the add-in through the Seller Dashboard. |If you're going to use your add-in in more than one SharePoint tenant or farm, use the Seller Dashboard to register your add-in, regardless of whether you market it in the Office Store or make it available via the add-in catalog.

    When you register in the Seller Dashboard, you can design your add-in with a multitenant architecture without requiring tenant or farm administrators to register it separately.

    Also, if you plan to publish your add-in in the Office Store, you have to use the Seller Dashboard to register your add-in. You don't have to use the store to publish an add-in that is registered with the Seller Dashboard. For more information, see [Create or update client IDs and secrets in the Seller Dashboard](/office/dev/store/create-or-update-client-ids-and-secrets).| +|Register the add-in through the Seller Dashboard. |If you're going to use your add-in in more than one SharePoint tenant or farm, use the Seller Dashboard to register your add-in, regardless of whether you market it in the Office Store or make it available via the add-in catalog.

    When you register in the Seller Dashboard, you can design your add-in with a multi-tenant architecture without requiring tenant or farm administrators to register it separately.

    Also, if you plan to publish your add-in in the Office Store, you have to use the Seller Dashboard to register your add-in. You don't have to use the store to publish an add-in that is registered with the Seller Dashboard. For more information, see [Create or update client IDs and secrets in the Seller Dashboard](/office/dev/store/create-or-update-client-ids-and-secrets).| |Use the AppRegNew.aspx page. |Use the AppRegNew form to register your SharePoint Add-in if you are using the add-in only in one tenant or farm.

    For example, if you're creating add-ins for a single organization and you're going to distribute them via the organization add-in catalog, you can use the AppRegNew.aspx page of any website in a tenancy or farm to register the add-in.

    You cannot publish an add-in that is registered with AppRegNew.aspx to the Office Store. For add-ins that are published to the Office Store, you must get an identity from the Seller Dashboard.| ### To register by using AppRegNew.aspx @@ -47,20 +46,17 @@ You can register your add-in in one of three ways, depending on where you are in > [!NOTE] > Site collection admin is not able to register add-in with Azure ACS in AppRegNew.aspx by default unless explicitly allowed by the SharePoint tenant admin. For more information, see [Set-SPOTenant](/powershell/module/sharepoint-online/set-spotenant#-siteownermanagelegacyserviceprincipalenabled). +> [!IMPORTANT] +> Add-in secrets expire. If you register the add-in on the Seller Dashboard, you can set the expiration for up to three years. In the dashboard, you can also add new secrets when the old ones reach their expiration date. The new secret will be enabled in all instances of the add-in. If you register the add-in with AppRegNew.aspx, the secret expires in one year. For details, see [Replace an expiring client secret in a SharePoint Add-in](replace-an-expiring-client-secret-in-a-sharepoint-add-in.md). + 1. Go to `/_layouts/15/AppRegNew.aspx` by using a web browser. **AppRegNew page form** - ![The form on the App Reg New page with boxes for client ID, client secret, title, app domain, and redirect URL. Buttons named "generate" are beside the first two. In the corner are Create and Cancel buttons.](../images/9a38d876-2189-418c-9314-ae493a4cab61.PNG) + ![The form on the App Reg New page with boxes for client ID, client secret, title, app domain, and redirect URL. Buttons named "generate" are beside the first two. In the corner are Create and Cancel buttons.](../images/appregnewaspx.PNG) 1. Enter values for the follow form fields: - - **Add-in ID**. Also known as client ID; a GUID that can be generated (when you select **Generate**) or pasted into AppRegNew.aspx. The value must be unique for each add-in, and *must be lowercase*. - - **Add-in Secret**. Also known as the client secret, an opaque string. It is generated on the AppRegNew.aspx page by using the **Generate** button. The following is an example of an add-in secret: `xvVpG0AgVIJfch6ldu4dLUlcZyysmGqBRbpFDu6AfJw=`. - - > [!IMPORTANT] - > Add-in secrets expire. If you register the add-in on the Seller Dashboard, you can set the expiration for up to three years. In the dashboard, you can also add new secrets when the old ones reach their expiration date. The new secret will be enabled in all instances of the add-in. If you register the add-in with AppRegNew.aspx, the secret expires in one year. For details, see [Replace an expiring client secret in a SharePoint Add-in](replace-an-expiring-client-secret-in-a-sharepoint-add-in.md). - - **Title**. A user-friendly title; for example, **Contoso photo printing add-in**. Users are prompted to grant or deny the add-in the permissions that the add-in is requesting. This title appears as the name of the add-in on the consent prompt. - **Add-in Domain**. The host name of the remote component of the SharePoint Add-in. If the remote application isn't using port 443, the add-in domain must also include the port number. The add-in domain must match the URL bindings you use for your web application. Do not include protocol ("https:") or "/" characters in this value. If your web application host is using a DNS CNAME alias, use the alias. Some examples: @@ -80,7 +76,7 @@ You can register your add-in in one of three ways, depending on where you are in - https://www.northwindtraders.com/home/index - https://adventureworks.com/ -1. Select **Create** on the form. The page reloads and shows a confirmation of the values that you entered. Make a record of these values in a form that is easy to copy and paste. You need to enter the values in web.config and AppManifest.xml files or in the Visual Studio Publish wizard. +1. Select **Create** on the form. The page reloads and shows you the created Client Id and Client Secret. Make a record of these values in a form that is easy to copy and paste. You need to enter the values in web.config and AppManifest.xml files or in the Visual Studio Publish wizard. Regardless of how you register your SharePoint Add-in, when you are ready to deploy the add-in to staging or production, you need to [Enter the registration values into the web.config and AppManifest.xml files](#EditConfigFiles). If you are using Visual Studio, the Microsoft Office Developer Tools for Visual Studio do this configuration for you. diff --git a/docs/sp-add-ins/replace-an-expiring-client-secret-in-a-sharepoint-add-in.md b/docs/sp-add-ins/replace-an-expiring-client-secret-in-a-sharepoint-add-in.md index 98b0521e1..97d666d95 100644 --- a/docs/sp-add-ins/replace-an-expiring-client-secret-in-a-sharepoint-add-in.md +++ b/docs/sp-add-ins/replace-an-expiring-client-secret-in-a-sharepoint-add-in.md @@ -1,13 +1,15 @@ --- title: Replace an expiring client secret in a SharePoint Add-in description: Add a new client secret for a SharePoint Add-in that is registered with AppRegNew.aspx. -ms.date: 09/13/2023 +ms.date: 04/16/2025 ms.localizationpriority: high ms.service: sharepoint --- # Replace an expiring client secret in a SharePoint Add-in +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + Client secrets for SharePoint Add-ins that are registered by using the **AppRegNew.aspx** page expire after one year. This article explains how to add a new secret for the add-in, and how to create a new client secret that is valid for a customized date. > [!NOTE] @@ -15,7 +17,7 @@ Client secrets for SharePoint Add-ins that are registered by using the **AppRegN ## Recommended maintenance schedule -We recommend creating new secrets a minimum of 30 days before they expire. This gives you a month of time before the old credentials expire. +We recommend creating new secrets a minimum of 30 days before they expire. This gives you a month before the old credentials expire. We recommend only removing secrets a minimum of 7 days after expiration, provided you have removed them from the application configuration. @@ -25,10 +27,20 @@ Removing an expired secret from ACS before you remove it from the application co Ensure the following before you begin: -- You have installed Azure Active Directory PowerShell 2.0: [Install Azure Active Directory PowerShell for Graph](/powershell/azure/active-directory/install-adv2) -- You're a tenant administrator for the Microsoft 365 tenant where the add-in was registered with the **AppRegNew.aspx** page. +- You have installed Microsoft Graph Powershell SDK: [Install the Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/installation) +- You're a tenant administrator (or having **Application.ReadWrite.All** permission) for the Microsoft 365 tenant where the add-in was registered with the **AppRegNew.aspx** page. + +> [!Important] +> Microsoft Graph PowerShell versions 2.26 and up resulted in issues, if you've problems please downgrade to version 2.25 or lower. + +## Understand the type of your ACS principal before renewing the secret -## Generate a new secret +Historically ACS principals were created as Microsoft Entra service principals having the `servicePrincipalType` set to `Legacy`. As of December 2024 the Microsoft Entra principal creation has been streamlined and ACS principals are now created as application principals in Microsoft Entra. If you browse the Microsoft Entra applications you'll now be able to see the ACS principal you've created as of December 2024. ACS principal creation typically is done using `appregnew.aspx`. + +> [!Important] +> Due to this alternate creation the renewal of ACS principals also differs, below two chapters show both approaches, for the ACS service principals and for the ACS application principals. Ensure you use the correct approach. + +## Generate a new secret - for ACS service principals, created before December 2024 1. Create a client ID variable with the following line, using the client ID of the SharePoint Add-in as the parameter: @@ -36,41 +48,111 @@ Ensure the following before you begin: $clientId = 'client id of the add-in' ``` -1. Connect to AzureAD PowerShell. +1. Connect to Microsoft Graph with **Application.ReadWrite.All**, **Directory.ReadWrite.All** scope. ```powershell - $AzureAdCred = Get-Credential - Connect-AzureAD -Credential $AzureAdCred # Login to AzureAD + Connect-MgGraph -Scopes "Application.ReadWrite.All,Directory.ReadWrite.All" # Login with corresponding scope. Should the tenant admin or anyone else have the permission. ``` 1. Generate a new client secret with the following lines: ```powershell - $endDate = (Get-Date).AddYears(1) - $app = Get-AzureADServicePrincipal -Filter "AppId eq '$clientId'" - $objectId = $app.ObjectId - - $base64secret = New-AzureADServicePrincipalPasswordCredential -ObjectId $objectId -EndDate $endDate - New-AzureADServicePrincipalKeyCredential -ObjectId $objectId -EndDate $endDate -Type Symmetric -Usage Verify -Value $base64secret.Value - New-AzureADServicePrincipalKeyCredential -ObjectId $objectId -EndDate $endDate -Type Symmetric -Usage Sign -Value $base64secret.Value - - [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($base64secret.Value)) - $base64secret.EndDate # Print the end date. + $appPrincipal = Get-MgServicePrincipal -Filter "AppId eq '$clientId'" # Get principal id by AppId + $params = @{ + PasswordCredential = @{ + DisplayName = "NewSecret" # Replace with a friendly name. + } + } + $result = Add-MgServicePrincipalPassword -ServicePrincipalId $appPrincipal.Id -BodyParameter $params # Update the secret + $base64Secret = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($result.SecretText)) # Convert to base64 string. + $app = Get-MgServicePrincipal -ServicePrincipalId $appPrincipal.Id # get existing app information + $existingKeyCredentials = $app.KeyCredentials # read existing credentials + $dtStart = [System.DateTime]::Now # Start date + $dtEnd = $dtStart.AddYears(2) # End date (equals to secret end date) + $keyCredentials = @( # construct keys + @{ + Type = "Symmetric" + Usage = "Verify" + Key = [System.Text.Encoding]::ASCII.GetBytes($result.SecretText) + StartDateTime = $dtStart + EndDateTIme = $dtEnd + }, + @{ + type = "Symmetric" + usage = "Sign" + key = [System.Text.Encoding]::ASCII.GetBytes($result.SecretText) + StartDateTime = $dtStart + EndDateTIme = $dtEnd + } + ) + $existingKeyCredentials # combine with existing + Update-MgServicePrincipal -ServicePrincipalId $appPrincipal.Id -KeyCredentials $keyCredentials # Update keys + $base64Secret # Print base64 secret + $result.EndDateTime # Print the end date. ``` 1. The new client secret appears on the Windows PowerShell console. Copy it to a text file. You use it in the next procedure. > [!TIP] - > By default, the secret lasts one year. You can customize by leveraging the example below to specify the EndDateTime. + > By default, the secret lasts two years if you didn't specify the EndDateTime. You can customize by using the example below to specify the EndDateTime. > - > ``` powershell - > $endDate = (Get-Date).AddYears(2) # 2 year. + > ```powershell + > $params = @{ + > PasswordCredential = @{ + > DisplayName = "NewSecret" # Replace with a firendly name. + > EndDateTime = "2025-01-01T00:00:00Z" # Optional. Specify the end date you want. Using ISO 8601 format. + > } + > } > ``` +> [!IMPORTANT] +> Wait at least 24 hours for the propagation of the new ClientSecret to SharePoint. + +## Generate a new secret - for ACS application principals, created from December 2024 onwards + +```PowerShell +Connect-Graph -Scopes "Application.ReadWrite.All,Directory.ReadWrite.All" +$applicationId = '' # replace with your app id +$appPrincipal = Get-MgApplication -Filter "AppId eq '$applicationId'" +$params = @{ + PasswordCredential = @{ + DisplayName = "NewSecret" # Replace with a friendly name. + } +} +$result = Add-MgApplicationPassword -ApplicationId $appPrincipal.Id -BodyParameter $params +$base64Secret = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($result.SecretText)) +$dtStart = $result.StartDateTime +$dtEnd = $result.EndDateTime +$keyCredentials = @( + @{ + Type = "Symmetric" + Usage = "Verify" + Key = [System.Text.Encoding]::UTF8.GetBytes($result.SecretText) + StartDateTime = $dtStart + EndDateTime = $dtEnd + }, + @{ + Type = "Symmetric" + Usage = "Sign" + Key = [System.Text.Encoding]::UTF8.GetBytes($result.SecretText) + StartDateTime = $dtStart + EndDateTime = $dtEnd + } +) +# Add existing valid key credentials to the $keyCredentials +$appPrincipal.KeyCredentials |%{if ($_.EndDateTime -gt [DateTime]::UtcNow) {$keyCredentials += @($_)}} +Update-MgApplication -ApplicationId $appPrincipal.Id -KeyCredentials $keyCredentials # Update keys +$result.SecretText # Print secret text +$base64Secret # Print base64 secret +$result.EndDateTime # Print the end date. +``` + +> [!IMPORTANT] +> Wait at least 24 hours for the propagation of the new ClientSecret to SharePoint. + ## Update the remote web application in Visual Studio to use the new secret > [!IMPORTANT] -> If your add-in was originally created with a pre-release version of the Microsoft Office Developer Tools for Visual Studio, it may contain an out-of-date version of the **TokenHelper.[cs|vb]** file. If the file does not contain the string `secondaryClientSecret`, it is out of date and must be replaced before you can update the web application with a new secret. To obtain a copy of a release version of the file, you need Visual Studio 2012 or later. Create a new SharePoint Add-in project in Visual Studio. Copy the **TokenHelper.[cs|vb]** file from it to the web application project of your SharePoint Add-in. +> If your add-in was created with a pre-release version of the Microsoft Office Developer Tools for Visual Studio, it may contain an out-of-date version of the **TokenHelper.[cs|vb]** file. If the file does not contain the string `secondaryClientSecret`, it is out of date and must be replaced before you can update the web application with a new secret. To obtain a copy of a release version of the file, you need Visual Studio 2012 or later. Create a new SharePoint Add-in project in Visual Studio. Copy the **TokenHelper.[cs|vb]** file from it to the web application project of your SharePoint Add-in. 1. Open the SharePoint Add-in project in Visual Studio, and open the **web.config** file for the web application project. In the `appSettings` section, there are keys for the client ID and client secret. The following is an example: diff --git a/docs/sp-add-ins/retirement-announcement-for-add-ins.md b/docs/sp-add-ins/retirement-announcement-for-add-ins.md new file mode 100644 index 000000000..67f95b842 --- /dev/null +++ b/docs/sp-add-ins/retirement-announcement-for-add-ins.md @@ -0,0 +1,86 @@ +--- +title: SharePoint Add-In retirement in Microsoft 365 +description: Describes the details around the retirement of SharePoint Add-In in Microsoft 365. +ms.date: 11/13/2023 +ms.localizationpriority: high +ms.service: sharepoint +--- + +# SharePoint Add-In retirement in Microsoft 365 + +Microsoft strives to deliver utmost value to our customers through modern, optimized, secure solutions in this newly evolved world focused on digital transformation. As part of this evolution of Microsoft 365 solutions we will be retiring the SharePoint Add-In extensibility model and believe Microsoft 365 customers will be better served by modern SharePoint extensibility models. + +> [!IMPORTANT] +> The SharePoint add-in model deprecation in SharePoint Online does not impact [SharePoint Framework (SPFx)](https://aka.ms/spfx), which is the primary replacement technology for SharePoint add-ins. SPFx is the most widely used extensibility model in Microsoft 365 and continues to be supported also in future. + +SharePoint Add-Ins will stop working for new tenants as of November 1st, 2024 and they will stop working for existing tenants and will be fully retired as of April 2nd, 2026. This applies to all environments including Government Clouds and Department of Defense. + +In parallel with the SharePoint Add-In retirement, adding, updating and acquiring SharePoint Add-Ins via the public marketplace (a.k.a. store) will also be retiring. As of March 1st, 2024 Microsoft will not accept new SharePoint Add-Ins for listing in the public marketplace, from July 1st, 2024 SharePoint Add-Ins cannot be acquired anymore from the public marketplace. Using a tenant app catalog will stay supported and enables 3rd parties to offer their SharePoint Add-Ins until April 2nd, 2026. + +If you are using custom developed SharePoint Add-Ins, we recommend migrating them to SharePoint Framework based solutions. If you’ve acquired SharePoint Add-Ins from the public marketplace or from a 3rd party then you should inquire for an updated version that does not depend on the SharePoint Add-In extensibility model. There will not be an option to extend SharePoint Add-Ins beyond April 2nd, 2026. + +To learn more about how to migrate SharePoint Add-Ins to alternative solutions check out these [articles](https://aka.ms/retirement/addins/guidance) and accompanying [videos](https://aka.ms/sp/add-in/modernize/videos). + +## Overview + +### SharePoint Add-Ins + +SharePoint Add-Ins come in two flavors: SharePoint hosted Add-Ins and provider hosted Add-Ins, both of which are effected by this retirement. + +[SharePoint hosted Add-Ins primarily bring UX elements](sharepoint-add-ins.md#sharepoint-hosted-sharepoint-add-ins) to the site the Add-In was installed into and the app web that was created for the Add-In. A common use case is showing SharePoint Add-In web parts on pages of the host web, using [SharePoint Framework](https://aka.ms/spfx) based web parts is the recommended alternative here. These applications use JavaScript for writing business logic using the logged in user context to authenticate. + +[Provider hosted SharePoint Add-Ins](sharepoint-add-ins.md#provider-hosted-sharepoint-add-ins) run outside of SharePoint and typically have their own UX. They use Azure ACS (Access Control Services) as auth layer to enable calling back into the host web where the SharePoint Add-In was installed. SharePoint provider hosted Add-Ins can be rewritten in various ways as software as a service application hosted externally (e.g. Microsoft Azure) and optionally also offered as Teams application. The auth model for these will be based on Microsoft Entra ID. If there are requirements to integrate in the SharePoint UX then [SharePoint Framework](https://aka.ms/spfx) can be used as calling into external application APIs can be done from SharePoint Framework solutions. + +### SharePoint Server support for SharePoint Add-Ins + +Users of SharePoint Server running on-premises can, if configured by the farm admins, install SharePoint Add-Ins from the public marketplace or from the app catalog. The option to acquire and use SharePoint Add-Ins via the app catalog will not be impacted by this retirement, acquiring SharePoint Add-Ins from the public marketplace will stop working from April 2nd, 2026. + +### Project Online support for SharePoint Add-Ins + +Project Online is an extension on top of SharePoint Online and SharePoint Add-Ins could also have been used to extend Project Online. The retirement of SharePoint Add-Ins applies to Project Online as well, any SharePoint Add-In used in Project Online will follow the same retirement path as SharePoint Add-Ins used in SharePoint Online. + +## Call to Action Guidance + +### Microsoft 365 Assessment tool + +To understand if your organization is using SharePoint Add-Ins or begin planning migration to SharePoint Framework based solutions or alternatives, we recommend that customers run the [Microsoft 365 Assessment tool](https://aka.ms/assessment/addinsacs) to scan their tenants for SharePoint Add-In usage. Using the Power BI [SharePoint Add-In Report](https://aka.ms/assessment/addinsacsreport) generated by the scanner tool, you can: + +- Identify all SharePoint Add-Ins in the tenant and per site +- Evaluate the SharePoint Add-In source (marketplace, app catalog) and who installed the Add-In +- For provider hosted Add-Ins get details for the used Azure ACS principal, including it’s validity and requested permission scopes + +Using the [SharePoint Add-In Report](https://aka.ms/assessment/addinsacsreport) along with site information, tenant administrators together with developers can plan the migration of SharePoint Add-Ins with minimal impact to the users. + +### Migrate business relevant SharePoint Add-Ins by using newer SharePoint development models + +SharePoint hosted Add-Ins can be replaced by [SharePoint Framework](https://aka.ms/spfx) web parts, for the provider hosted Add-Ins any software as a service application platform (e.g. Microsoft Azure) in combination with [Microsoft Entra ID](https://learn.microsoft.com/azure/active-directory/develop/) for auth can be used as alternative development model. + +To learn more about how to migrate SharePoint Add-Ins to alternative solutions check out these [articles](https://aka.ms/retirement/addins/guidance) and accompanying [videos](https://aka.ms/sp/add-in/modernize/videos). + +### Disable Add-In usage for your tenant + +Admins can disable SharePoint Add-Ins with the [Set-SPOTenant SharePoint Management Shell PowerShell command](https://learn.microsoft.com/powershell/module/sharepoint-online/set-spotenant?view=sharepoint-ps). + +```PowerShell +Connect-SPOService -Url https://-admin.sharepoint.com +Set-SPOTenant -IsSharePointAddInsDisabled $true +``` + +After SharePoint Add-Ins are disabled, users will not be able to add SharePoint Add-Ins to their sites, and admins cannot add new SharePoint Add-Ins to the tenant and site collection app catalogs. SharePoint Add-Ins already added to sites will stay available and can still be used by the site's users. + +## How do I get help? + +You can use the following services and partner programs to help with your migration from SharePoint Add-Ins: + +- [Microsoft Solution Provider](https://www.microsoft.com/en-us/solution-providers/home) +- Help on SharePoint Assessment tool: Open a support ticket + +## More information + +- Friendly link to the blog post: https://aka.ms/retirement/addins/update +- Friendly link to this article: https://aka.ms/retirement/addins/support +- Friendly link to the Frequently Asked Questions: https://aka.ms/retirement/addins/faq +- Friendly link to the Azure ACS retirement article: https://aka.ms/retirement/acs/support +- Friendly link to Migration Guidance: https://aka.ms/retirement/addins/guidance + +A Message Center post in the Microsoft 365 admin center is being sent to all tenants, and the post will be updated periodically with timelines. diff --git a/docs/sp-add-ins/retirement-announcement-for-azure-acs.md b/docs/sp-add-ins/retirement-announcement-for-azure-acs.md new file mode 100644 index 000000000..8e9147e2d --- /dev/null +++ b/docs/sp-add-ins/retirement-announcement-for-azure-acs.md @@ -0,0 +1,72 @@ +--- +title: Azure ACS retirement in Microsoft 365 +description: Describes the details around the retirement of Azure ACS (Access Control Services) for SharePoint Online in Microsoft 365. +ms.date: 11/13/2023 +ms.localizationpriority: high +ms.service: sharepoint +--- + +# Azure ACS retirement in Microsoft 365 + +Microsoft strives to deliver utmost value to our customers through modern, optimized, secure solutions in this newly evolved world focused on digital transformation. As part of this evolution of Microsoft 365 solutions we will be retiring the use of Azure ACS (Access Control Services) for SharePoint Online auth needs and believe Microsoft 365 customers will be better served by modern auth offered via [Microsoft Entra ID](https://learn.microsoft.com/azure/active-directory/develop/). + +Azure ACS will stop working for new tenants as of November 1st, 2024 and it will stop working for existing tenants and will be fully retired as of April 2nd, 2026. This applies to all environments including Government Clouds and Department of Defense. + +If you are using custom developed applications or are using SharePoint provider hosted Add-Ins, we recommend switching those applications to use Microsoft Entra ID for authorization and authentication needs. Aligned with the Azure ACS retirement also SharePoint Add-Ins are retired, check out this [support article](https://aka.ms/retirement/addins/support) for more information. There will not be an option to extend using Azure ACS with SharePoint Online beyond April 2nd, 2026. + +To learn more about how to migrate Azure ACS usage for SharePoint Online and how to migrate SharePoint Add-Ins to alternative solutions check out these [articles](https://aka.ms/retirement/addins/guidance) and accompanying [videos](https://aka.ms/sp/add-in/modernize/videos). + +## Overview + +### Azure ACS usage in SharePoint Online + +Azure ACS is used in SharePoint Online for providing auth for provider hosted SharePoint Add-Ins plus it’s used to grant applications access to SharePoint Online, optionally using application permissions and granular scopes. + +To learn more about the provider hosted Add-In use case please check out the respective retirement articles, granting applications access to SharePoint Online will need to be transitioned to [Microsoft Entra ID](https://learn.microsoft.com/azure/active-directory/develop/). + +### Azure ACS usage by SharePoint Server + +SharePoint Server running on-premises can, if configured by the farm admins, depend on Azure ACS for hybrid scenarios (e.g. hybrid search) and low trust auth for custom applications. The retirement of Azure ACS however is not impacting any of the SharePoint on-premises use cases and no action is required from SharePoint on-premises farm admins. + +### Azure ACS usage by Project Online + +Project Online is an extension on top of SharePoint Online and Project Online custom developments could also have used Azure ACS. The retirement of Azure ACS applies to Project Online as well, any Azure ACS usage in Project Online will follow the same retirement path as Azure ACS usage in SharePoint Online. + +## Call to Action Guidance + +### Microsoft 365 Assessment tool + +To understand if your organization is using Azure ACS or begin planning transition to Microsoft Entra ID, we recommend that customers run the [Microsoft 365 Assessment tool](https://aka.ms/assessment/addinsacs) to scan their tenants for Azure ACS usage. Using the Power BI [Azure ACS Report](https://aka.ms/assessment/addinsacsreport) generated by the scanner tool, you can: + +- Identify all used Azure ACS application principals with their key properties such as permission scopes and whether app-only was allowed or not +- For each identified Azure ACS application principal see a list of all sites that can be accessed via the Azure ACS application principal + +Using the Azure ACS Report along with site information, tenant administrators together with developers can plan the transition of Azure ACS to Microsoft Entra ID as authentication model. + +### Turn off the use of Azure ACS on your tenant + +We recommend tenant admins to turn off the usage of Azure ACS app-only access once they’ve ensured there is no business relevant Azure ACS usage anymore. The assessment tool should give administrators the usage information to understand where and when Azure ACS principals are being used. + +```PowerShell +Connect-SPOService -Url https://-admin.sharepoint.com +Set-SPOTenant -DisableCustomAppAuthentication $true +``` + +This setting will not impact the Azure ACS usage by SharePoint provider hosted Add-Ins. You can use the same command to re-enable the usage Azure ACS app-only access if required. + +## How do I get help? + +You can use the following services and partner programs to help with your migration from SharePoint Azure ACS: + +- [Microsoft Solution Provider](https://www.microsoft.com/en-us/solution-providers/home) +- Help on SharePoint Assessment tool: Open a support ticket + +## More information + +- Friendly link to the blog post: https://aka.ms/retirement/acs/update +- Friendly link to this article: https://aka.ms/retirement/acs/support +- Friendly link to the Frequently Asked Questions: https://aka.ms/retirement/acs/faq +- Friendly link to the SharePoint Add-In retirement article: https://aka.ms/retirement/addins/support +- Friendly link to Migration Guidance: https://aka.ms/retirement/acs/guidance + +A Message Center post in the Microsoft 365 admin center is being sent to all tenants, and the post will be updated periodically with timelines. diff --git a/docs/sp-add-ins/retrieve-tenant-app-catalog-url-rest.md b/docs/sp-add-ins/retrieve-tenant-app-catalog-url-rest.md index c2020a318..9ce999d44 100644 --- a/docs/sp-add-ins/retrieve-tenant-app-catalog-url-rest.md +++ b/docs/sp-add-ins/retrieve-tenant-app-catalog-url-rest.md @@ -8,6 +8,8 @@ ms.service: sharepoint # Retrieve the URL of the tenant app catalog +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + To get the URL of the tenant app catalog, execute the following web request: ```http diff --git a/docs/sp-add-ins/secure-data-access-and-client-object-models-for-sharepoint-add-ins.md b/docs/sp-add-ins/secure-data-access-and-client-object-models-for-sharepoint-add-ins.md index c5ac2e47c..cf077b79e 100644 --- a/docs/sp-add-ins/secure-data-access-and-client-object-models-for-sharepoint-add-ins.md +++ b/docs/sp-add-ins/secure-data-access-and-client-object-models-for-sharepoint-add-ins.md @@ -1,13 +1,15 @@ --- title: Secure data access and client object models for SharePoint Add-ins description: Connectivity options for accessing data on SharePoint and on external systems, and available APIs for accessing data from your add-in. -ms.date: 11/02/2017 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- # Secure data access and client object models for SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + In evaluating your data access options for SharePoint Add-ins, you have to assess your add-in environment and consider several factors, such as communication between the client and server, and the permission level that is required for your add-in to perform the required tasks. You also have to evaluate the APIs that are available in the model for SharePoint Add-ins. ## High-level overview of data in SharePoint Add-ins diff --git a/docs/sp-add-ins/set-up-a-development-environment-for-sharepoint-add-ins-on-office-365.md b/docs/sp-add-ins/set-up-a-development-environment-for-sharepoint-add-ins-on-office-365.md index 94177fdd2..22a6e60b2 100644 --- a/docs/sp-add-ins/set-up-a-development-environment-for-sharepoint-add-ins-on-office-365.md +++ b/docs/sp-add-ins/set-up-a-development-environment-for-sharepoint-add-ins-on-office-365.md @@ -1,7 +1,7 @@ --- title: Set up a development environment for SharePoint Add-ins on Microsoft 365 description: Install Visual Studio and sign up for a Microsoft 365 developer subscription. -ms.date: 02/04/2022 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- @@ -9,6 +9,8 @@ ms.service: sharepoint # Set up a development environment for SharePoint Add-ins on Microsoft 365 +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + To get an understanding of your options before you carry out any procedures in this article, see [Tools and environments for developing SharePoint Add-ins](tools-and-environments-for-developing-sharepoint-add-ins.md). If you are not sure what kinds of SharePoint Add-ins you want to create, see [SharePoint Add-ins](sharepoint-add-ins.md). diff --git a/docs/sp-add-ins/set-up-an-on-premises-development-environment-for-sharepoint-add-ins.md b/docs/sp-add-ins/set-up-an-on-premises-development-environment-for-sharepoint-add-ins.md index 517efdae4..e8f15d29b 100644 --- a/docs/sp-add-ins/set-up-an-on-premises-development-environment-for-sharepoint-add-ins.md +++ b/docs/sp-add-ins/set-up-an-on-premises-development-environment-for-sharepoint-add-ins.md @@ -1,7 +1,7 @@ --- title: Set up an on-premises development environment for SharePoint Add-ins description: Install an operating system and prerequisites, and configure services and an isolated add-in domain. -ms.date: 06/13/2022 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- @@ -9,6 +9,8 @@ ms.service: sharepoint # Set up an on-premises development environment for SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + The requirements for a development environment are less stringent and costly than the requirements for a production environment, and the guidelines described here do not support a production environment installation. For the instructions to set up a production environment installation of SharePoint, see: diff --git a/docs/sp-add-ins/sharepoint-add-ins-update-process.md b/docs/sp-add-ins/sharepoint-add-ins-update-process.md index e7dcacfea..60e9b831d 100644 --- a/docs/sp-add-ins/sharepoint-add-ins-update-process.md +++ b/docs/sp-add-ins/sharepoint-add-ins-update-process.md @@ -1,7 +1,7 @@ --- title: SharePoint Add-ins update process description: Update and migrate SharePoint Add-ins. -ms.date: 11/02/2017 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- @@ -9,6 +9,8 @@ ms.service: sharepoint # SharePoint Add-ins update process +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + You have to update a SharePoint Add-in if you add functionality, fix a bug, or make a security update. An update to an add-in is deployed in a SharePoint Add-in package in the same way that the first version of the add-in is deployed. The SharePoint Add-in update process ensures that the add-in's data is preserved if the update fails for any reason. > [!IMPORTANT] diff --git a/docs/sp-add-ins/sharepoint-add-ins-ux-design-guidelines.md b/docs/sp-add-ins/sharepoint-add-ins-ux-design-guidelines.md index 4d2a19a41..31471c36f 100644 --- a/docs/sp-add-ins/sharepoint-add-ins-ux-design-guidelines.md +++ b/docs/sp-add-ins/sharepoint-add-ins-ux-design-guidelines.md @@ -1,13 +1,15 @@ --- title: SharePoint Add-ins UX design guidelines description: User experience (UX) design guidelines for add-ins in SharePoint, including choosing the chrome, using CSS, managing user licenses, and other design tasks. -ms.date: 03/08/2023 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- # SharePoint Add-ins UX design guidelines +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + Add-ins are a new concept for SharePoint, empowering end users to add new functionality to their sites while still ensuring reliability for the SharePoint site itself. Creating a good add-in requires not only making great functionality (although that's obviously important), but also ensuring that the add-in looks right and fits seamlessly into the site where it's installed. ## Choosing the chrome for your add-in diff --git a/docs/sp-add-ins/sharepoint-add-ins.md b/docs/sp-add-ins/sharepoint-add-ins.md index a883e9536..530d9e2fc 100644 --- a/docs/sp-add-ins/sharepoint-add-ins.md +++ b/docs/sp-add-ins/sharepoint-add-ins.md @@ -10,6 +10,8 @@ ms.service: sharepoint There are two basic kinds of SharePoint Add-ins: SharePoint-hosted and provider-hosted. To make the best decision about the right kind to develop for your scenario, start by learning what both types of SharePoint Add-ins have in common. +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + > [!NOTE] > A device app, such as mobile app, isn't really a "SharePoint Add-in" even when it accesses SharePoint. The same is true of a web application that is launched from outside of SharePoint. If you want to develop any of these kinds of apps, see [Access SharePoint from mobile and native device apps](https://msdn.microsoft.com/library/42014171-5ee5-421d-9cde-413efc3aecef%28Office.15%29.aspx). diff --git a/docs/sp-add-ins/sharepoint-admin-apis-authentication-and-authorization.md b/docs/sp-add-ins/sharepoint-admin-apis-authentication-and-authorization.md new file mode 100644 index 000000000..0fa393cde --- /dev/null +++ b/docs/sp-add-ins/sharepoint-admin-apis-authentication-and-authorization.md @@ -0,0 +1,56 @@ +--- +title: SharePoint admin APIs authentication and authorization +description: This article describes the authentication and authorization model for SharePoint admin APIs. +author: samkabue +ms.author: samkabue +ms.date: 06/28/2024 +ms.localizationpriority: high +ms.service: sharepoint +--- + +# SharePoint admin APIs authentication and authorization + +SharePoint admin APIs are accessible via [SharePoint client object model (CSOM)](./complete-basic-operations-using-sharepoint-client-library-code.md), [SharePoint REST service](./get-to-know-the-sharepoint-rest-service.md), and [Microsoft Graph](../apis/sharepoint-rest-graph.md). + +## Overview + +Here are some key principles about SharePoint admin APIs authentication and authorization: + +- Each admin API defines the least-permissive permission a caller should have to call the API. +- We use role-based access control to assert a caller can call a particular admin API. If the caller has not been granted the required permission, they'll get an unauthorized access error. + +## Pre-Requisites + +- Caller is a registered Microsoft Entra application with the right application permissions. + +## Authorization + +SharePoint admin APIs can be called by applications registered in Microsoft Entra configured with [access on behalf of a user](/graph/auth-v2-user) or [access without a user](/graph/auth-v2-service). + +### Application access on behalf of a user + +Admin API operations [on behalf of a user](/graph/auth-v2-user) require applications to receive consent for SharePoint `AllSites.FullControl` application permission. This permission requires admin consent on the consuming tenant before any user from the tenant can consent to it. + +### Application access without a user + +Admin API operations [without a user](/graph/auth-v2-service) require applications to receive consent for `Sites.FullControl.All` application permission on the SharePoint resource. This permission requires admin consent on the consuming tenant. + +> [!IMPORTANT] +> Using application access on behalf of a user is the recommended approach. This type of access enhances the security of your tenant and improves auditability of actions performed by the application. For all applications, an administrator on the consuming tenant must consent to your application's request for permission. Learn more [here](/entra/identity/enterprise-apps/grant-admin-consent?pivots=portal). + +> [!NOTE] +> We are currently working on providing more granular, less-permissive scopes for applications to use based on what admin APIs the applications want to have access to. We'll share more information in due course when this is ready for adoption. + +## What's next + +Here are some actions you can take next to use applications for admin API calls: + +1. Configure your [application manifest](/entra/identity-platform/reference-app-manifest#requiredresourceaccess-attribute) to request the required permissions for Office 365 SharePoint Online (resourceAppId: `00000003-0000-0ff1-ce00-000000000000`). +1. [Grant admin consent](/entra/identity/enterprise-apps/grant-admin-consent?pivots=portal) to your application on the target tenant. + + | Access type | Permission name | `resourceAccess` id | `resourceAccess` type | + | :------------------ | :---------------------- | :------------------------------------- | :-------------------- | + | On behalf of a user | `AllSites.FullControl` | `56680e0d-d2a3-4ae1-80d8-3c4f2100e3d0` | Scope | + | Without a user | `Sites.FullControl.All` | `a82116e5-55eb-4c41-a434-62fe8a61c773` | Role | + +1. Use your application to [invoke admin APIs](./get-to-know-the-sharepoint-rest-service.md). diff --git a/docs/sp-add-ins/sharepoint-net-server-csom-jsom-and-rest-api-index.md b/docs/sp-add-ins/sharepoint-net-server-csom-jsom-and-rest-api-index.md index 259004ee8..b69d81a49 100644 --- a/docs/sp-add-ins/sharepoint-net-server-csom-jsom-and-rest-api-index.md +++ b/docs/sp-add-ins/sharepoint-net-server-csom-jsom-and-rest-api-index.md @@ -1,13 +1,15 @@ --- title: SharePoint .NET Server, CSOM, JSOM, and REST API index description: The most frequently used types and objects that are implemented in the .NET server object model and at least one client programming model. -ms.date: 06/13/2022 +ms.date: 06/16/2024 ms.localizationpriority: high ms.service: sharepoint --- # SharePoint .NET Server, CSOM, JSOM, and REST API index +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + Use the API index to look up many of the most frequently used types and objects that are implemented in the .NET server object model and at least one client programming model: .NET client-side object model (CSOM), JavaScript object model (JSOM), and/or REST. This table lists the most frequently used core APIs, which are in most cases based on types from the .NET server implementation. In some cases, types are native to SharePoint client programming, and there is no equivalent .NET server type. In other cases, some but not all possible client programming model implementations of a specific type exist. @@ -21,7 +23,7 @@ This table lists the most frequently used core APIs, which are in most cases bas | API | SP.Object/Enumeration (sp.js) | REST Endpoint | | :------------- | :--------------------- | :-------------- | | **AttachmentCollection** **SPAttachmentCollection** | [SP.AttachmentCollection](https://msdn.microsoft.com/library/28247ba7-eeaf-e1fc-0609-fb4c39b5d53c%28Office.15%29.aspx) | `…/_api/web/lists('')/items()/attachmentfiles` | -| **BasePermissions** **SPBasePermissions** | [SP.BasePermissions object](https://msdn.microsoft.com/library/40349d51-1068-08c6-8ba4-b23ee58396c4%28Office.15%29.aspx) | N/A | +| **BasePermissions** **SPBasePermissions** | [SP.BasePermissions object](https://msdn.microsoft.com/library/40349d51-1068-08c6-8ba4-b23ee58396c4%28Office.15%29.aspx) | [..._api/web/getusereffectivepermissions(@user)?@user='\'](https://msdn.microsoft.com/library/dn531433#getusereffectivepermissions-method) | | **CalendarType** **SPCalendarType** | [SP.CalendarType enumeration](https://msdn.microsoft.com/library/33242ef7-1300-b534-6e8e-c5df1a3df85b%28Office.15%29.aspx) | N/A | | **ChangeCollection** **SPChangeCollection** | [SP.ChangeCollection object](https://msdn.microsoft.com/library/528b8776-f295-77ff-5403-a3556b4f3081%28Office.15%29.aspx) | `…/_api/web/getchanges(changequery)` | | **ChangeSite** **SPChangeSite** | [SP.ChangeSite enumeration](https://msdn.microsoft.com/library/fab86803-f106-97d0-6e97-696c91f210cd%28Office.15%29.aspx) | N/A | @@ -43,13 +45,13 @@ This table lists the most frequently used core APIs, which are in most cases bas | **FieldComputed** **SPFieldComputed** | [SP.FieldComputed object](https://msdn.microsoft.com/library/c00fcb21-1aab-6aff-cc9c-a7b1c9cd70f6%28Office.15%29.aspx) | […/_api/web/fields('\')](https://msdn.microsoft.com/library/dn600182.aspx#FieldComputed%20resource) | | **FieldCurrency** **SPFieldCurrency** | [SP.FieldCurrency object](https://msdn.microsoft.com/library/aef1c982-fb34-3c5c-a6dc-659fd16b32e7%28Office.15%29.aspx) | […/_api/web/fields('\')](https://msdn.microsoft.com/library/dn600182.aspx#FieldNumber%20and%20FieldCurrency%20resources) | | **FieldLink** **SPFieldLink** | [SP.FieldLink object](https://msdn.microsoft.com/library/5dc71a19-3260-20fa-73ed-3de3cde37825%28Office.15%29.aspx) | `…/_api/web/contenttypes('')/fieldlinks('')` | -| **FieldLookupValue** **SPFieldLookupValue** | [SP.FieldLookup object](https://msdn.microsoft.com/library/275b256e-1192-75f5-b604-ec002448be02%28Office.15%29.aspx) | N/A | +| **FieldLookupValue** **SPFieldLookupValue** | [SP.FieldLookup object](https://msdn.microsoft.com/library/275b256e-1192-75f5-b604-ec002448be02%28Office.15%29.aspx) | […/_api/web/fields('\')](https://msdn.microsoft.com/library/dn600182?#fieldlookup-and-fielduser-resources) | | **FieldMultiChoice** **SPFieldMultiChoice** | [SP.FieldMultiChoice object](https://msdn.microsoft.com/library/a9546014-715a-ed57-993f-bbe237f92880%28Office.15%29.aspx) | […/_api/web/fields('\')](https://msdn.microsoft.com/library/dn600182.aspx#FieldMultiChoice,%20FieldChoice,%20and%20FieldRatingScale%20resources) | | **FieldMultiLineText** **SPFieldMultiLineText** | [SP.FieldMultiLineText object](https://msdn.microsoft.com/library/52d130f2-6858-3aa1-88ce-d5b73eccd150%28Office.15%29.aspx) | […/_api/web/fields('\')](https://msdn.microsoft.com/library/dn600182.aspx#FieldMultiLineText%20resource) | | **FieldNumber** **SPFieldNumber** | [SP.FieldNumber object](https://msdn.microsoft.com/library/1c3d179f-21a7-66cc-ea16-3341ea50f395%28Office.15%29.aspx) | […/_api/web/fields('\')](https://msdn.microsoft.com/library/dn600182.aspx#FieldNumber%20and%20FieldCurrency%20resources) | | **FieldText** **SPFieldText** | [SP.FieldText object](https://msdn.microsoft.com/library/ba9a623c-b387-862d-eb1b-eb9d7fd9e04e%28Office.15%29.aspx) | […/_api/web/fields('\')](https://msdn.microsoft.com/library/dn600182.aspx#FieldText%20resource) | | **FieldUrl** **SPFieldUrl** | [SP.FieldUrl object](https://msdn.microsoft.com/library/4eeff596-fa18-d21e-8cc0-fd8463fb5351%28Office.15%29.aspx) | […/_api/web/fields('\')](https://msdn.microsoft.com/library/dn600182.aspx#FieldUrl%20resource) | -| **FieldUrlValue** **SPFieldUrlValue** | [SP.FieldUrlValue object](https://msdn.microsoft.com/library/3866f4a6-8fda-586a-ecdc-0c7e7d7ad44b%28Office.15%29.aspx) | N/A | +| **FieldUrlValue** **SPFieldUrlValue** | [SP.FieldUrlValue object](https://msdn.microsoft.com/library/3866f4a6-8fda-586a-ecdc-0c7e7d7ad44b%28Office.15%29.aspx) | […/_api/web/fields('\')](https://msdn.microsoft.com/library/dn600182?#fieldurl-resource) | | **FieldUser** **SPFieldUser** | [SP.FieldUser object](https://msdn.microsoft.com/library/9058425f-b35a-b8a3-d5d1-b2abdbf08576%28Office.15%29.aspx) | […/_api/web/fields('\')](https://msdn.microsoft.com/library/dn600182.aspx#FieldLookup%20and%20FieldUser%20resources) | | **File** **SPFile** | [SP.File object](https://msdn.microsoft.com/library/860609d0-d317-41ca-9164-159e522d07cb%28Office.15%29.aspx) | […/_api/web/getfilebyserverrelativeurl('\/\')](https://msdn.microsoft.com/library/dn450841.aspx#File%20resource) | | **FileCollection** **SPFileCollection** | [SP.FieldCollection object](https://msdn.microsoft.com/library/db532e07-a4e8-d2f8-4ac8-c14de4adc761%28Office.15%29.aspx) | […/_api/web/getfolderbyserverrelativeurl('/\')/files](https://msdn.microsoft.com/library/dn450841.aspx#FileCollection%20resource) | @@ -63,7 +65,7 @@ This table lists the most frequently used core APIs, which are in most cases bas | **ListDataSource** **SPListDataSource** | [SP.ListDataSource object](https://msdn.microsoft.com/library/099059ae-2261-e3f5-d8f2-7dbcbadeff21%28Office.15%29.aspx) | N/A | | **ListItem** **SPListItem** | [SP.ListItem object](https://msdn.microsoft.com/library/3ea127c9-6cba-fe11-2193-ff2dc5c02fbf%28Office.15%29.aspx) | […/_api/web/lists(guid'\')/items(\)](https://msdn.microsoft.com/library/dn531433.aspx#ListItem%20resource) | | **ListItemCollection** **SPListItemCollection** | [SP.ListItemCollection object](https://msdn.microsoft.com/library/05107bcd-32d5-b2a5-05d2-12152441c1fc%28Office.15%29.aspx) | […/_api/web/lists(guid'\')/items](https://msdn.microsoft.com/library/dn531433.aspx#ListItemCollection%20resource) | -| **ListTemplateType** **SPListTemplateType** | [SP.ListTemplateType enumeration](https://msdn.microsoft.com/library/1ccbd999-9415-8449-6b38-aadb9549f384%28Office.15%29.aspx) | N/A | +| **ListTemplateType** **SPListTemplateType** | [SP.ListTemplateType enumeration](https://msdn.microsoft.com/library/1ccbd999-9415-8449-6b38-aadb9549f384%28Office.15%29.aspx) | […/_api/web/lists(guid'\')/BaseTemplate](https://msdn.microsoft.com/library/dn531433#list-properties) | | **Navigation** **SPNavigation** | [SP.Navigation object](https://msdn.microsoft.com/library/22777706-0bf1-ae70-0d99-529e643a2f31%28Office.15%29.aspx) | `…/_api/web/navigation` | | **NavigationNode** **SPNavigationNode** | [SP.NavigationNode object](https://msdn.microsoft.com/library/ec8a4fe0-6996-dba3-f565-4333c5046311%28Office.15%29.aspx) | N/A | | **Principal** **SPPrincipal** | [SP.Principal object](https://msdn.microsoft.com/library/2d89b994-f692-7b2c-0cd0-be586586d70a%28Office.15%29.aspx) | N/A | @@ -83,6 +85,7 @@ This table lists the most frequently used core APIs, which are in most cases bas | **User** **SPUser** | [SP.User object](https://msdn.microsoft.com/library/d36be210-3c1d-c589-e703-1ad66156dc18%28Office.15%29.aspx) | […/_api/web/siteusers(@v)?@v='\'](https://msdn.microsoft.com/library/dn531432.aspx#User%20resource) | | **UserCollection** **SPUserCollection** | [SP.UserCollection object](https://msdn.microsoft.com/library/1bb7bd28-4f19-a8a7-762f-3887c2b8ef7d%28Office.15%29.aspx) | […/_api/web/sitegroups(\)/users](https://msdn.microsoft.com/library/dn531432.aspx#UserCollection%20resource) | | **Utility** **SPUtility** | [SP.Utilities.Utility object (sp.js)](https://msdn.microsoft.com/library/57148667-64ff-7fed-8665-03226e70a96b%28Office.15%29.aspx) | N/A | +| **UsageInfo** **SPUsageInfo** | [SP.UsageInfo.storage property (sp.js)](https://msdn.microsoft.com/library/jj245691) | `…/_api/site/usage` | | **View** **SPView** | [SP.View object (sp.js)](https://msdn.microsoft.com/library/7b97ecb8-47cc-5c76-231f-81fa4ccae30a%28Office.15%29.aspx) | […/_api/web/lists(guid'\')/views('\')](https://msdn.microsoft.com/library/dn531433.aspx#bk_View) | | **ViewCollection** **SPViewCollection** | [SP.ViewCollection object](https://msdn.microsoft.com/library/3b0214c7-17b3-152c-78fa-a7a01e8b679a%28Office.15%29.aspx) | […/_api/web/lists(guid'\')/views](https://msdn.microsoft.com/library/dn531433.aspx#ViewCollection%20resource) | | **ViewFieldCollection** **SPViewFieldCollection** | [SP.ViewFieldCollection object](https://msdn.microsoft.com/library/05cab807-0609-5881-4119-bea2623eb01d%28Office.15%29.aspx) | […/_api/web/lists(guid'\')/views('\')/fields](https://msdn.microsoft.com/library/dn531433.aspx#ViewFieldCollection%20resource) | diff --git a/docs/sp-add-ins/synchronize-sharepoint-items-using-the-rest-service.md b/docs/sp-add-ins/synchronize-sharepoint-items-using-the-rest-service.md index ea627c11f..19e057a89 100644 --- a/docs/sp-add-ins/synchronize-sharepoint-items-using-the-rest-service.md +++ b/docs/sp-add-ins/synchronize-sharepoint-items-using-the-rest-service.md @@ -1,7 +1,7 @@ --- title: Synchronize SharePoint items using the REST service description: Synchronize items between SharePoint and your add-ins or services by using the GetListItemChangesSinceToken resource, part of the SharePoint REST service. -ms.date: 1/15/2020 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- diff --git a/docs/sp-add-ins/tenancies-and-deployment-scopes-for-sharepoint-add-ins.md b/docs/sp-add-ins/tenancies-and-deployment-scopes-for-sharepoint-add-ins.md index 77a93d825..76aeb6a81 100644 --- a/docs/sp-add-ins/tenancies-and-deployment-scopes-for-sharepoint-add-ins.md +++ b/docs/sp-add-ins/tenancies-and-deployment-scopes-for-sharepoint-add-ins.md @@ -1,13 +1,15 @@ --- title: Tenancies and deployment scopes for SharePoint Add-ins description: Deploy SharePoint Add-ins to tenant scope and web scope SharePoint tenants. -ms.date: 11/02/2017 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- # Tenancies and deployment scopes for SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + A SharePoint **tenancy** is a set of site collections in either a SharePoint farm or in SharePoint Online. In SharePoint Online, the site collections belong to a single customer account. In a SharePoint farm, the site collections can be all the site collections in a SharePoint web application or a subset of them, or it can be a set of site collections from across multiple web applications in the farm. A tenancy can have a SharePoint add-in catalog just as a SharePoint web application can. diff --git a/docs/sp-add-ins/three-authorization-systems-for-sharepoint-add-ins.md b/docs/sp-add-ins/three-authorization-systems-for-sharepoint-add-ins.md index 918966c78..5635017ca 100644 --- a/docs/sp-add-ins/three-authorization-systems-for-sharepoint-add-ins.md +++ b/docs/sp-add-ins/three-authorization-systems-for-sharepoint-add-ins.md @@ -1,7 +1,7 @@ --- title: Three authorization systems for SharePoint Add-ins description: SharePoint Add-ins can use low-trust or high-trust systems or the cross-domain library to get authorization to SharePoint resources. -ms.date: 05/01/2020 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- @@ -9,6 +9,8 @@ ms.service: sharepoint # Three authorization systems for SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + In SharePoint, a SharePoint Add-in is an identity principal just like a user, and it must be authenticated and authorized to use SharePoint resources. There are three authorization systems that an add-in can use. They are not mutually exclusive. @@ -19,8 +21,7 @@ In SharePoint, a SharePoint Add-in is an identity principal just like a user, an A provider-hosted SharePoint Add-in can register with Microsoft Azure Access Control Service (ACS), which issues an access token to the add-in that allows the add-in access to the resources in the SharePoint tenancy or farm on which the add-in is installed. Azure ACS is the trusted token issuer in an OAuth 2.0 Framework "flow" that includes SharePoint and the remote components of the add-in. Add-ins that use this system can be sold in the Office Store. The low-trust system is primarily intended for add-ins whose remote components are hosted in the cloud. -> [!IMPORTANT] -> Azure Access Control (ACS), a service of Azure Active Directory (Azure AD), will be retired on November 7, 2018. This retirement does not impact the SharePoint Add-in model, which uses the `https://accounts.accesscontrol.windows.net` hostname (which is not impacted by this retirement). For more information, see [Impact of Azure Access Control retirement for SharePoint Add-ins](https://developer.microsoft.com/office/blogs/impact-of-azure-access-control-deprecation-for-sharepoint-add-ins). +[!INCLUDE [azure-acs-retirement](../../includes/snippets/azure-acs-deprecation.md)] For more information about creating a SharePoint Add-in that uses the low-trust system, see [Creating SharePoint Add-ins that use low-trust authorization](creating-sharepoint-add-ins-that-use-low-trust-authorization.md). diff --git a/docs/sp-add-ins/three-ways-to-think-about-design-options-for-sharepoint-add-ins.md b/docs/sp-add-ins/three-ways-to-think-about-design-options-for-sharepoint-add-ins.md index e4c0015c4..50edf9721 100644 --- a/docs/sp-add-ins/three-ways-to-think-about-design-options-for-sharepoint-add-ins.md +++ b/docs/sp-add-ins/three-ways-to-think-about-design-options-for-sharepoint-add-ins.md @@ -1,13 +1,15 @@ --- title: Three ways to think about design options for SharePoint Add-ins description: Overview of the design and architecture options available with SharePoint Add-ins. -ms.date: 06/13/2022 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- # Three ways to think about design options for SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + Prerequisite: You should first be familiar with the article [SharePoint Add-ins](sharepoint-add-ins.md). This article looks at the architectural choices for SharePoint Add-ins in three different ways. First, you learn about the most important categories of design choices; second, you view add-in architecture in terms of application tiers; and, third, you see a set of factors you need to consider when making your design choices. diff --git a/docs/sp-add-ins/tools-and-environments-for-developing-sharepoint-add-ins.md b/docs/sp-add-ins/tools-and-environments-for-developing-sharepoint-add-ins.md index 117b1cb41..5e66d76fd 100644 --- a/docs/sp-add-ins/tools-and-environments-for-developing-sharepoint-add-ins.md +++ b/docs/sp-add-ins/tools-and-environments-for-developing-sharepoint-add-ins.md @@ -1,13 +1,15 @@ --- title: Tools and environments for developing SharePoint Add-ins description: Create a development environment for SharePoint Add-ins on a SharePoint Online site or an on-premises farm. -ms.date: 11/03/2017 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- # Tools and environments for developing SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + There are two basic patterns for development environments for SharePoint Add-ins. The test and debugging SharePoint website can be on: - **A SharePoint Online website in an Office 365 subscription.** Typically, Visual Studio is installed to a local computer, but a cloud-based Visual Studio is also an option. diff --git a/docs/sp-add-ins/troubleshooting-high-trust-sharepoint-add-ins.md b/docs/sp-add-ins/troubleshooting-high-trust-sharepoint-add-ins.md index eb2c4c48b..ec45e0d46 100644 --- a/docs/sp-add-ins/troubleshooting-high-trust-sharepoint-add-ins.md +++ b/docs/sp-add-ins/troubleshooting-high-trust-sharepoint-add-ins.md @@ -1,7 +1,7 @@ --- title: Troubleshooting high-trust SharePoint Add-ins description: Use the Fiddler tool and other guidance for resolving high-trust issues. -ms.date: 12/29/2017 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- @@ -9,6 +9,8 @@ ms.service: sharepoint # Troubleshooting high-trust SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + ## Use the Fiddler tool The free [Fiddler tool](http://www.telerik.com/fiddler) can be used to capture the HTTP Requests sent by the remote component of your add-in to SharePoint. diff --git a/docs/sp-add-ins/update-add-in-web-components-in-sharepoint.md b/docs/sp-add-ins/update-add-in-web-components-in-sharepoint.md index 3d5625335..409fb306a 100644 --- a/docs/sp-add-ins/update-add-in-web-components-in-sharepoint.md +++ b/docs/sp-add-ins/update-add-in-web-components-in-sharepoint.md @@ -1,13 +1,15 @@ --- title: Update add-in web components in SharePoint description: Update pages, lists, content types, and other web components in a SharePoint Add-in. -ms.date: 11/02/2017 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- # Update add-in web components in SharePoint +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + Prerequisites for updating the add-in web components: - Be familiar with [Update SharePoint Add-ins](update-sharepoint-add-ins.md) and the prerequisites and core concepts included in it. diff --git a/docs/sp-add-ins/update-host-web-components-in-sharepoint.md b/docs/sp-add-ins/update-host-web-components-in-sharepoint.md index 391b03153..2edf1c57e 100644 --- a/docs/sp-add-ins/update-host-web-components-in-sharepoint.md +++ b/docs/sp-add-ins/update-host-web-components-in-sharepoint.md @@ -1,13 +1,15 @@ --- title: Update host web components in SharePoint description: Update custom actions and add-in parts in the host web of a SharePoint Add-in. -ms.date: 11/02/2017 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- # Update host web components in SharePoint +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + Before you begin, be familiar with [Update SharePoint Add-ins](update-sharepoint-add-ins.md) and the prerequisites and core concepts listed in it. Your add-in can install two kinds of components on a host web with descriptive markup in the SharePoint Add-in: **custom actions** and **add-in parts**. Updating these components is easier in the host web than in the add-in web. You don't need any update semantics. Just add/change the custom actions and add-in parts. When the SharePoint Add-in is updated, SharePoint always applies any new element manifest files and reapplies any changed element manifest files with the most recent version. No harm is done in reapplying; for example, a ribbon button for a custom action will not be added multiple times to the ribbon. diff --git a/docs/sp-add-ins/update-remote-components-in-sharepoint-add-ins.md b/docs/sp-add-ins/update-remote-components-in-sharepoint-add-ins.md index edddcaf57..2426bdb3f 100644 --- a/docs/sp-add-ins/update-remote-components-in-sharepoint-add-ins.md +++ b/docs/sp-add-ins/update-remote-components-in-sharepoint-add-ins.md @@ -1,13 +1,15 @@ --- title: Update remote components in SharePoint Add-ins description: Update the remote web applications and databases in a SharePoint Add-in. -ms.date: 11/02/2017 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- # Update remote components in SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + Before you begin, be familiar with [Update SharePoint Add-ins](update-sharepoint-add-ins.md) and the prerequisites and core concepts listed in it. For the most part, only very general advice can be provided for updating the remote components because of the wide differences in platforms and tenancy systems. The following section provides some guidance. diff --git a/docs/sp-add-ins/update-sharepoint-add-ins.md b/docs/sp-add-ins/update-sharepoint-add-ins.md index 36f1f38e3..5def70b2b 100644 --- a/docs/sp-add-ins/update-sharepoint-add-ins.md +++ b/docs/sp-add-ins/update-sharepoint-add-ins.md @@ -1,13 +1,15 @@ --- title: Update SharePoint Add-ins description: Create and deploy an update for a SharePoint Add-in. -ms.date: 11/02/2017 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- # Update SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + You can update your SharePoint Add-in by using the updating support built into SharePoint. Within 24 hours after you upload an updated version of the add-in to the organization's add-in catalog, or the add-in is accepted at the Office Store, a notification that an update is available appears next to the add-in on the **Site Contents** page of every website where it is installed. As you can see in Figure 1, a link is provided for users to immediately install the update. *Figure 1. Add-in for SharePoint update process* diff --git a/docs/sp-add-ins/url-strings-and-tokens-in-sharepoint-add-ins.md b/docs/sp-add-ins/url-strings-and-tokens-in-sharepoint-add-ins.md index 626fbfd11..5aff54170 100644 --- a/docs/sp-add-ins/url-strings-and-tokens-in-sharepoint-add-ins.md +++ b/docs/sp-add-ins/url-strings-and-tokens-in-sharepoint-add-ins.md @@ -1,7 +1,7 @@ --- title: URL strings and tokens in SharePoint Add-ins description: The URL tokens that can be used at the beginning of a URL and inside a URL in a SharePoint Add-in. -ms.date: 12/13/2017 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- @@ -9,6 +9,8 @@ ms.service: sharepoint # URL strings and tokens in SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + > [!IMPORTANT] > For general information about constructing URLs in SharePoint and the use of tokens in those URLs, see [URLs and tokens in SharePoint](../general-development/urls-and-tokens-in-sharepoint.md). This topic describes the tokens that are available in SharePoint Add-ins. diff --git a/docs/sp-add-ins/use-a-sharepoint-website-s-style-sheet-in-sharepoint-add-ins.md b/docs/sp-add-ins/use-a-sharepoint-website-s-style-sheet-in-sharepoint-add-ins.md index bce6985e1..c06d9fa69 100644 --- a/docs/sp-add-ins/use-a-sharepoint-website-s-style-sheet-in-sharepoint-add-ins.md +++ b/docs/sp-add-ins/use-a-sharepoint-website-s-style-sheet-in-sharepoint-add-ins.md @@ -1,7 +1,7 @@ --- title: Use a SharePoint website's style sheet in SharePoint Add-ins description: Reference a style sheet of a SharePoint website in your SharePoint Add-in and use it to style your webpages. -ms.date: 12/14/2017 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- @@ -9,6 +9,8 @@ ms.service: sharepoint # Use a SharePoint website's style sheet in SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + You can reference the style sheet of a SharePoint website in your SharePoint Add-in and use it to style your webpages by using the style sheet in SharePoint. In addition, if someone changes the SharePoint website's style sheet or theme, you can adopt the new set of styles in your add-in without modifying the style sheet reference in your add-in. > [!IMPORTANT] diff --git a/docs/sp-add-ins/use-an-office-365-sharepoint-site-to-authorize-provider-hosted-add-ins-on-an-on.md b/docs/sp-add-ins/use-an-office-365-sharepoint-site-to-authorize-provider-hosted-add-ins-on-an-on.md index b9a705c0c..c629bbcc4 100644 --- a/docs/sp-add-ins/use-an-office-365-sharepoint-site-to-authorize-provider-hosted-add-ins-on-an-on.md +++ b/docs/sp-add-ins/use-an-office-365-sharepoint-site-to-authorize-provider-hosted-add-ins-on-an-on.md @@ -1,7 +1,7 @@ --- title: Use ACS to authorize low-trust provider-hosted add-ins on an on-premises SharePoint site description: Create an environment where you can use ACS to establish trust between a low-trust provider-hosted add-in and an on-premises SharePoint farm, just as you would if you were developing add-ins for an Office 365 SharePoint site. -ms.date: 06/13/2022 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- @@ -9,6 +9,8 @@ ms.service: sharepoint # Use ACS to authorize low-trust provider-hosted add-ins on an on-premises SharePoint site +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + ## Prerequisites diff --git a/docs/sp-add-ins/use-odata-query-operations-in-sharepoint-rest-requests.md b/docs/sp-add-ins/use-odata-query-operations-in-sharepoint-rest-requests.md index 50fc6ad66..c8f89157a 100644 --- a/docs/sp-add-ins/use-odata-query-operations-in-sharepoint-rest-requests.md +++ b/docs/sp-add-ins/use-odata-query-operations-in-sharepoint-rest-requests.md @@ -1,7 +1,7 @@ --- title: Use OData query operations in SharePoint REST requests description: Use a wide range of OData query string operators to select, filter, and order the data you request from the SharePoint REST service. -ms.date: 08/05/2021 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- diff --git a/docs/sp-add-ins/use-the-client-chrome-control-in-sharepoint-add-ins.md b/docs/sp-add-ins/use-the-client-chrome-control-in-sharepoint-add-ins.md index d19cce8d5..ae5dc3dd8 100644 --- a/docs/sp-add-ins/use-the-client-chrome-control-in-sharepoint-add-ins.md +++ b/docs/sp-add-ins/use-the-client-chrome-control-in-sharepoint-add-ins.md @@ -1,11 +1,12 @@ --- title: Use the client chrome control in SharePoint Add-ins description: Use the chrome control in SharePoint to use the header styling of a specific SharePoint site in your add-in without needing to register a server library or use a specific technology or tool. -ms.date: 12/14/2017 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] # Use the client chrome control in SharePoint Add-ins diff --git a/docs/sp-add-ins/use-the-client-side-people-picker-control-in-sharepoint-hosted-sharepoint-add-in.md b/docs/sp-add-ins/use-the-client-side-people-picker-control-in-sharepoint-hosted-sharepoint-add-in.md index 6d5201b22..69a83782b 100644 --- a/docs/sp-add-ins/use-the-client-side-people-picker-control-in-sharepoint-hosted-sharepoint-add-in.md +++ b/docs/sp-add-ins/use-the-client-side-people-picker-control-in-sharepoint-hosted-sharepoint-add-in.md @@ -1,13 +1,15 @@ --- title: Use the client-side People Picker control in SharePoint-hosted SharePoint Add-ins description: Use the client-side People Picker control to quickly search for and select valid user accounts for people, groups, and claims in your organization. -ms.date: 03/28/2023 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- # Use the client-side People Picker control in SharePoint-hosted SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + > [!IMPORTANT] > This topic assumes that you know how to create a SharePoint-hosted SharePoint Add-in. To learn how to create one, see [Get started creating SharePoint-hosted SharePoint Add-ins](get-started-creating-sharepoint-hosted-sharepoint-add-ins.md). diff --git a/docs/sp-add-ins/use-the-experimental-desktop-list-view-widget-in-sharepoint-add-ins.md b/docs/sp-add-ins/use-the-experimental-desktop-list-view-widget-in-sharepoint-add-ins.md index 7100a39ac..d45fa81f7 100644 --- a/docs/sp-add-ins/use-the-experimental-desktop-list-view-widget-in-sharepoint-add-ins.md +++ b/docs/sp-add-ins/use-the-experimental-desktop-list-view-widget-in-sharepoint-add-ins.md @@ -1,13 +1,15 @@ --- title: Use the experimental Desktop List View widget in SharePoint Add-ins description: Use the Desktop List View widget in your add-ins to display data in lists that are hosted on a SharePoint site. -ms.date: 06/13/2022 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- # Use the experimental Desktop List View widget in SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + You can use the Desktop List View widget on any webpage, even if the page is not hosted in SharePoint. Use the List View widget in your add-ins to display data in lists that are hosted on a SharePoint site. > [!WARNING] diff --git a/docs/sp-add-ins/use-the-experimental-people-picker-widget-in-sharepoint-add-ins.md b/docs/sp-add-ins/use-the-experimental-people-picker-widget-in-sharepoint-add-ins.md index 2712a235a..5aa94bb7e 100644 --- a/docs/sp-add-ins/use-the-experimental-people-picker-widget-in-sharepoint-add-ins.md +++ b/docs/sp-add-ins/use-the-experimental-people-picker-widget-in-sharepoint-add-ins.md @@ -1,13 +1,15 @@ --- title: Use the experimental People Picker widget in SharePoint Add-ins description: Use the People Picker widget in your add-ins to help users find and select people and groups. -ms.date: 06/13/2022 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- # Use the experimental People Picker widget in SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + You can use the People Picker widget on any webpage, even if the page is not hosted in SharePoint. Use the People Picker widget in your add-ins to help users find and select people and groups. > [!WARNING] diff --git a/docs/sp-add-ins/use-the-sharepoint-javascript-apis-to-work-with-sharepoint-data.md b/docs/sp-add-ins/use-the-sharepoint-javascript-apis-to-work-with-sharepoint-data.md index db200b82e..acce8248a 100644 --- a/docs/sp-add-ins/use-the-sharepoint-javascript-apis-to-work-with-sharepoint-data.md +++ b/docs/sp-add-ins/use-the-sharepoint-javascript-apis-to-work-with-sharepoint-data.md @@ -1,13 +1,15 @@ --- title: Use the SharePoint JavaScript APIs to work with SharePoint data description: Create JavaScript and a button to invoke it, and run and test the add-in. -ms.date: 1/18/2020 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- # Use the SharePoint JavaScript APIs to work with SharePoint data +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + This is the tenth in a series of articles about the basics of developing SharePoint-hosted SharePoint Add-ins. You should first be familiar with [SharePoint Add-ins](sharepoint-add-ins.md) and the previous articles in this series, which you can find at [Get started creating SharePoint-hosted SharePoint Add-ins | Next steps](get-started-creating-sharepoint-hosted-sharepoint-add-ins.md#next-steps). > [!NOTE] diff --git a/docs/sp-add-ins/using-csom-for-dotnet-standard.md b/docs/sp-add-ins/using-csom-for-dotnet-standard.md index 4945ca52f..6e044c975 100644 --- a/docs/sp-add-ins/using-csom-for-dotnet-standard.md +++ b/docs/sp-add-ins/using-csom-for-dotnet-standard.md @@ -1,13 +1,15 @@ --- title: Using CSOM for .NET Standard instead of CSOM for .NET Framework description: Explains the differences between using CSOM for .NET Standard versus CSOM for .NET Framework -ms.date: 05/07/2021 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- # Using CSOM for .NET Standard instead of CSOM for .NET Framework +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + You can use the SharePoint client object model (CSOM) to retrieve, update, and manage data in SharePoint. SharePoint makes the CSOM available in several forms: - .NET Framework redistributable assemblies diff --git a/docs/sp-add-ins/ux-design-for-sharepoint-add-ins.md b/docs/sp-add-ins/ux-design-for-sharepoint-add-ins.md index 83e5afe61..6b5d702dc 100644 --- a/docs/sp-add-ins/ux-design-for-sharepoint-add-ins.md +++ b/docs/sp-add-ins/ux-design-for-sharepoint-add-ins.md @@ -1,13 +1,15 @@ --- title: UX design for SharePoint Add-ins description: User experience (UX) options when you build add-ins in SharePoint, including UX scenarios in cloud-hosted add-ins and SharePoint-hosted add-ins. -ms.date: 11/02/2017 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- # UX design for SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + As a developer, you should always give high priority to the user experience (UX) when you are creating add-ins. The model for SharePoint Add-ins offers many UX components and mechanisms that help you build a great user experience. The user experience in the add-in model is also flexible enough to let you use the techniques and platforms that best adapt to the needs of end users. diff --git a/docs/sp-add-ins/what-s-new-in-office-developer-tools-for-visual-studio.md b/docs/sp-add-ins/what-s-new-in-office-developer-tools-for-visual-studio.md index f2ff2b60b..171bba576 100644 --- a/docs/sp-add-ins/what-s-new-in-office-developer-tools-for-visual-studio.md +++ b/docs/sp-add-ins/what-s-new-in-office-developer-tools-for-visual-studio.md @@ -1,7 +1,7 @@ --- title: What's new in Office Developer Tools for Visual Studio 2013 description: August 2015 update. -ms.date: 11/03/2017 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- @@ -9,12 +9,11 @@ ms.service: sharepoint # What's new in Office Developer Tools for Visual Studio 2013 +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + **August 2015 Update**:The Mail Add-in manifest designer now respects the **Mailbox requirement set** value. ## See also - [Tools and environments for developing SharePoint Add-ins](tools-and-environments-for-developing-sharepoint-add-ins.md) - - - diff --git a/docs/sp-add-ins/work-with-external-data-in-sharepoint.md b/docs/sp-add-ins/work-with-external-data-in-sharepoint.md index ef3f6c674..0c822eaea 100644 --- a/docs/sp-add-ins/work-with-external-data-in-sharepoint.md +++ b/docs/sp-add-ins/work-with-external-data-in-sharepoint.md @@ -1,7 +1,7 @@ --- title: Work with external data in SharePoint description: Resources and guidance for accessing and manipulating external data with JavaScript on pages in SharePoint Add-ins. -ms.date: 12/22/2017 +ms.date: 09/26/2023 ms.localizationpriority: medium ms.service: sharepoint --- @@ -9,6 +9,8 @@ ms.service: sharepoint # Work with external data in SharePoint +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + In your SharePoint Add-ins, you frequently have to retrieve and manipulate data that is exposed by a remote web application or service from within a SharePoint page or component. Because custom code is not allowed on the SharePoint servers, your add-in must use JavaScript for this purpose. The model for SharePoint Add-ins provides multiple options for accessing the remote data and services. ## Use the SharePoint cross-domain JavaScript library to access external data diff --git a/docs/sp-add-ins/work-with-host-web-data-from-javascript-in-the-add-in-web.md b/docs/sp-add-ins/work-with-host-web-data-from-javascript-in-the-add-in-web.md index 9acd5c66d..bb592504e 100644 --- a/docs/sp-add-ins/work-with-host-web-data-from-javascript-in-the-add-in-web.md +++ b/docs/sp-add-ins/work-with-host-web-data-from-javascript-in-the-add-in-web.md @@ -1,13 +1,15 @@ --- title: Work with host web data from JavaScript in the add-in web description: Prepare the host web calendar, create JavaScript and a button to invoke it, specify the permissions the add-in needs, and run and test the add-in. -ms.date: 01/06/2020 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- # Work with host web data from JavaScript in the add-in web +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + This is the eleventh in a series of articles about the basics of developing SharePoint-hosted SharePoint Add-ins. You should first be familiar with [SharePoint Add-ins](sharepoint-add-ins.md) and the previous articles in this series, which you can find at [Get started creating SharePoint-hosted SharePoint Add-ins | Next steps](get-started-creating-sharepoint-hosted-sharepoint-add-ins.md#next-steps). > [!NOTE] diff --git a/docs/sp-add-ins/work-with-the-cross-domain-library-across-different-internet-explorer-security-z.md b/docs/sp-add-ins/work-with-the-cross-domain-library-across-different-internet-explorer-security-z.md index cf0788b9c..5ba3641bc 100644 --- a/docs/sp-add-ins/work-with-the-cross-domain-library-across-different-internet-explorer-security-z.md +++ b/docs/sp-add-ins/work-with-the-cross-domain-library-across-different-internet-explorer-security-z.md @@ -1,7 +1,7 @@ --- title: Work with the cross-domain library across different Internet Explorer security zones in SharePoint Add-ins description: Use the cross-domain library in SharePoint when the host web and add-in pages are in different security zones in Internet Explorer. -ms.date: 12/29/2017 +ms.date: 09/26/2023 ms.localizationpriority: high ms.service: sharepoint --- @@ -9,6 +9,8 @@ ms.service: sharepoint # Work with the cross-domain library across different Internet Explorer security zones in SharePoint Add-ins +[!INCLUDE [sp-add-in-deprecation](../../includes/snippets/sp-add-in-deprecation.md)] + If you are using the SharePoint cross-domain library for your add-ins, you should be aware of how security zones work in Internet Explorer. Your add-in may encounter some communication issues if the SharePoint website and the add-in are in different zones. This article explains what happens when you use the cross-domain library in different Internet Explorer security zones. diff --git a/docs/sp-add-ins/working-with-folders-and-files-with-rest.md b/docs/sp-add-ins/working-with-folders-and-files-with-rest.md index b5aa9eae4..cf4666d49 100644 --- a/docs/sp-add-ins/working-with-folders-and-files-with-rest.md +++ b/docs/sp-add-ins/working-with-folders-and-files-with-rest.md @@ -19,7 +19,7 @@ ms.service: sharepoint You can retrieve a folder inside a document library when you know its URL. For example, you can **retrieve the root folder of your Shared Documents library** by using the endpoint in the following example. ```http -GET https://{site_url}/_api/web/GetFolderByServerRelativeUrl('/Shared Documents') +GET https://{site_url}/_api/web/GetFolderByServerRelativeUrl('Shared Documents') Authorization: "Bearer " + accessToken Accept: "application/json;odata=verbose" ``` @@ -60,7 +60,7 @@ The following example shows how to **rename a folder by using the MERGE method** First, obtain the folder's OData type with a GET request. ```http -GET https://{site_url}/_api/web/GetFolderByServerRelativeUrl('/Folder Name')/ListItemAllFields +GET https://{site_url}/_api/web/GetFolderByServerRelativeUrl('Folder Name')/ListItemAllFields Authorization: "Bearer " + accessToken Accept: "application/json;odata=verbose" ``` @@ -68,7 +68,7 @@ Accept: "application/json;odata=verbose" From the result, obtain the `odata.type` value, such as `SP.Data.Shared_x0020_DocumentsItem` (the value may be different depending on your library configuration). Then submit a MERGE request: ```http -POST https://{site_url}/_api/web/GetFolderByServerRelativeUrl('/Folder Name')/ListItemAllFields +POST https://{site_url}/_api/web/GetFolderByServerRelativeUrl('Folder Name')/ListItemAllFields Authorization: "Bearer " + accessToken Accept: "application/json;odata=verbose" Content-Type: "application/json" @@ -89,7 +89,7 @@ X-RequestDigest: "{form_digest_value}" The following example shows how to **delete a folder**. ```http -POST https://{site_url}/_api/web/GetFolderByServerRelativeUrl('/Folder Name') +POST https://{site_url}/_api/web/GetFolderByServerRelativeUrl('Folder Name') Authorization: "Bearer " + accessToken If-Match: "{etag or *}" X-HTTP-Method: "DELETE" @@ -101,7 +101,7 @@ X-RequestDigest: "{form_digest_value}" The following example shows how to **retrieve all of the files in a folder**. ```http -GET https://{site_url}/_api/web/GetFolderByServerRelativeUrl('/Folder Name')/Files +GET https://{site_url}/_api/web/GetFolderByServerRelativeUrl('Folder Name')/Files method: GET Authorization: "Bearer " + accessToken Accept: "application/json;odata=verbose" @@ -110,7 +110,7 @@ Accept: "application/json;odata=verbose" The following example shows how to **retrieve a specific file**. ```http -GET https://{site_url}/_api/web/GetFolderByServerRelativeUrl('/Folder Name')/Files('{file_name}')/$value +GET https://{site_url}/_api/web/GetFolderByServerRelativeUrl('Folder Name')/Files('{file_name}')/$value Authorization: "Bearer " + accessToken ``` @@ -187,7 +187,7 @@ static void Main(string[] args) The following example shows how to **create a file and add it to a folder**. ```http -POST https://{site_url}/_api/web/GetFolderByServerRelativeUrl('/Folder Name')/Files/add(url='a.txt',overwrite=true) +POST https://{site_url}/_api/web/GetFolderByServerRelativeUrl('Folder Name')/Files/add(url='a.txt',overwrite=true) Authorization: "Bearer " + accessToken Content-Length: {length of request body as integer} X-RequestDigest: "{form_digest_value}" @@ -250,7 +250,7 @@ The following example shows how to **create a large binary file**. > This approach works only with Internet Explorer 10 and the latest versions of other browsers. ```http -POST https://{site_url}/_api/web/GetFolderByServerRelativeUrl('/Folder Name')/Files/Add(url='{file_name}', overwrite=true) +POST https://{site_url}/_api/web/GetFolderByServerRelativeUrl('Folder Name')/Files/Add(url='{file_name}', overwrite=true) Authorization: "Bearer " + accessToken Content-Length: {length of request body as integer} X-RequestDigest: "{form_digest_value}" diff --git a/docs/spfx/build-for-teams-me-experience.md b/docs/spfx/build-for-teams-me-experience.md index cde59eb8f..067573ef9 100644 --- a/docs/spfx/build-for-teams-me-experience.md +++ b/docs/spfx/build-for-teams-me-experience.md @@ -1,7 +1,7 @@ --- title: Build a Me-experience in Microsoft Teams description: Extend Microsoft Teams using SharePoint Framework to offer your colleagues a Me-experience. -ms.date: 06/13/2022 +ms.date: 08/21/2024 ms.localizationpriority: medium --- @@ -15,11 +15,11 @@ This article presents a sample scenario of how to extend Microsoft Teams using S ![Sample Me-experience in Microsoft Teams](../images/me-experience/me-experience-preview.png) -In the following sections, we present a few ways of how you could implement a Me-experience in Microsoft Teams using SharePoint Framework, and for each one we mention its benefits and considerations for you to consider. +In the following sections, we present a few ways of how you could implement a Me-experience in Microsoft Teams using SharePoint Framework, and for each one, we mention its benefits and considerations for you to consider. ## Embed a modern SharePoint page -Recently SharePoint Online introduced the ability to [embed modern SharePoint pages in Microsoft Teams](/sharepoint/dev/features/embed-pages-to-teams?WT.mc_id=m365-9762-wmastyka). Using this capability, you can create a modern SharePoint page with several SharePoint Framework web parts that show personalized information for the current user such as recent documents or upcoming meetings. +Recently SharePoint Online introduced the ability to [embed modern SharePoint pages in Microsoft Teams](/sharepoint/dev/features/embed-pages-to-teams). Using this capability, you can create a modern SharePoint page with several SharePoint Framework web parts that show personalized information for the current user such as recent documents or upcoming meetings. ![Modern SharePoint page with several SharePoint Framework web parts showing personalized information for the current user](../images/me-experience/me-experience-sharepoint-page.png) @@ -28,7 +28,7 @@ Once the page is ready, in Microsoft Teams, you would create a personal app poin ![Building personal Teams app using App Studio](../images/me-experience/me-experience-app-studio.png) > [!CAUTION] -> When embedding a modern SharePoint page in Teams, you shouldn't use the URL of the page as it won't work in the desktop Teams app. Instead, use a special [URL pointing to the `teamslogon.aspx` page](/sharepoint/dev/features/embed-pages-to-teams?WT.mc_id=m365-9762-wmastyka#embed-sharepoint-modern-sites--pages-into-microsoft-teams-with-app-studio). +> When embedding a modern SharePoint page in Teams, you shouldn't use the URL of the page as it won't work in the desktop Teams app. Instead, use a special [URL pointing to the `teamslogon.aspx` page](/sharepoint/dev/features/embed-pages-to-teams#embed-sharepoint-modern-sites--pages-into-microsoft-teams-with-app-studio). To improve the experience, you would enable showing the page in full screen, which will remove the header and navigation allowing users to focus on the content. @@ -46,13 +46,13 @@ While creating the dashboard SharePoint page, you can make use of all page capab #### Combine information from different sources -By using a mix of web parts, you can combine truly personal information, such as emails, meetings, or the documents the person recently worked on, with other information coming from the organization, but nevertheless relevant to the person based on their role or region. +By using a mix of web parts, you can combine truly personal information, such as emails, meetings, or the documents the person recently worked on, with other information coming from the organization, but relevant to the person based on their role or region. It also doesn't matter if the web parts you put on the page are provided by Microsoft or built by your organization and whether they're deployed in a single or multiple solutions. -#### Package and distribute application in your organization without code +#### Package and distribute applications in your organization without code -To offer the Me-experience built this way to your users, you would package it as a personal Teams app. Using [App Studio](/microsoftteams/platform/concepts/build-and-test/app-studio-overview?WT.mc_id=m365-9762-wmastyka), you can create the personal app and publish it to your organizational catalog for everyone else to use. +To offer the Me-experience built this way to your users, you would package it as a personal Teams app. Using [App Studio](/microsoftteams/platform/concepts/build-and-test/app-studio-overview), you can create the personal app and publish it to your organizational catalog for everyone else to use. ### Considerations for embedding SharePoint pages as tabs @@ -72,13 +72,16 @@ This approach is ideal for organizations that want to offer their users a Me-exp ## Build a multi-tab personal Teams app +> [!IMPORTANT] +> When you are planning to embed SharePoint sites in Microsoft Teams, please use the [Viva Connections model](/sharepoint/guide-to-setting-up-viva-connections) for the supported experience. + Another approach to offer your users a Me-experience in Microsoft Teams using SharePoint Framework is by building a multi-tab [personal Teams app](/microsoftteams/platform/concepts/design/personal-apps?WT.mc_id=m365-9762-wmastyka). ![Multi-tab personal Teams app built using SharePoint Framework](../images/me-experience/me-experience-multitab-personal-app.png) -Personal Teams apps can consist of one or more tabs. Each tab points to a different URL. When [building personal Teams app using SharePoint Framework](/sharepoint/dev/spfx/integrate-with-teams-introduction?WT.mc_id=m365-9762-wmastyka), you can make each tab point to a SharePoint Framework web part. By combining relevant web parts in a single personal Teams app, you can offer users a single place to access relevant information. +Personal Teams apps can consist of one or more tabs. Each tab points to a different URL. When [building personal Teams app using SharePoint Framework](/sharepoint/dev/spfx/integrate-with-teams-introduction), you can make each tab point to a SharePoint Framework web part. By combining relevant web parts in a single personal Teams app, you can offer users a single place to access relevant information. -In this approach, you would start by putting all web parts that you want to expose in a SharePoint Framework project. +In this approach, you would start by putting all the web parts that you want to expose in a SharePoint Framework project. ![SharePoint Framework project with the different web parts that make up the Me-experience](../images/me-experience/me-experience-spfx-project.png) @@ -158,7 +161,7 @@ To let users configure web parts exposed on the different tabs, you could build ### Advantages of building multi-tab personal Teams apps -Building the Me-experience as a multi-tab personal Teams app requires some development work. In return, it offers more benefits related to personalization and distribution of the solution. +Building the Me-experience as a multi-tab personal Teams app requires some development work. In return, it offers more benefits related to the personalization and distribution of the solution. #### User-specific configuration @@ -178,7 +181,7 @@ In comparison to building a dashboard using a modern SharePoint page and exposin #### Limited to custom web parts -When building multi-tab personal Teams apps, you can point only to custom web parts. Referencing standard web part provided by Microsoft is not supported. +When building multi-tab personal Teams apps, you can point only to custom web parts. Referencing the standard web part provided by Microsoft is not supported. #### All web parts should be in the same project @@ -186,7 +189,7 @@ While not necessary, having all web parts in the same project will help you simp #### Custom web part required for exposing settings -Personal Teams apps don't have a standard UI for configuring settings. Instead, the recommended pattern is to [expose settings on a separate tab](/microsoftteams/platform/concepts/design/personal-apps?WT.mc_id=m365-9762-wmastyka#help-and-settings). The developer is in control of the user experience of that tab and can adjust it to match the specific application requirements. +Personal Teams apps don't have a standard UI for configuring settings. Instead, the recommended pattern is to [expose settings on a separate tab](/microsoftteams/platform/concepts/design/personal-apps#help-and-settings). The developer is in control of the user experience of that tab and can adjust it to match the specific application requirements. Translating this to SharePoint Framework, it means that you would need to build a separate web part that allows users to configure the application. The settings tab can expose configuration for all the other tabs so that users can configure the whole application from one place. @@ -194,7 +197,7 @@ Translating this to SharePoint Framework, it means that you would need to build Personal Teams apps don't offer any infrastructure for persisting their configuration. Each application must decide for itself how and where it persists user's preferences. -While SharePoint Framework web parts have a standard way of persisting settings when used on SharePoint pages or in Microsoft Teams tabs, when exposed as personal Teams apps, they can't use this infrastructure. Instead, you need to [choose a way to store user's preferences](/sharepoint/dev/spfx/build-for-teams-configure-in-teams?WT.mc_id=m365-9762-wmastyka). Additionally, you need to ensure that your web parts can retrieve their configuration from this location. +While SharePoint Framework web parts have a standard way of persisting settings when used on SharePoint pages or in Microsoft Teams tabs, when exposed as personal Teams apps, they can't use this infrastructure. Instead, you need to [choose a way to store user's preferences](/sharepoint/dev/spfx/build-for-teams-configure-in-teams). Additionally, you need to ensure that your web parts can retrieve their configuration from this location. #### Each web part is a separate tab @@ -263,7 +266,7 @@ export default class Planning extends React.Component { } ``` -Such container web part allows you to reuse your existing code without duplicating it. Additionally, you will improve the user experience by combining related information and decrease the number of different tabs exposed. +Such a container web part allows you to reuse your existing code without duplicating it. Additionally, you will improve the user experience by combining related information and decrease the number of different tabs exposed. ### Advantages of combining multiple web parts in a single tab @@ -271,13 +274,13 @@ Combining information from multiple web parts in a single tab allows you to simp #### Group related information together -The ability to rearrange how information is presented in when exposed in a personal Teams app allows you to improve the user-experience. By putting related or similar information on a single tab, you help users to quickly glance over what's relevant to them. +The ability to rearrange how information is presented in when exposed in a personal Teams app allows you to improve the user experience. By putting related or similar information on a single tab, you help users quickly glance over what's relevant to them. Grouping related information together also lowers the number of different tabs displayed in the personal app, making it easier for users to navigate between the different sections. #### Control the user experience -When grouping related information together, you will build new React component and reference existing components from within. While doing this, you have the full control of how the information is presented and can consider different aspects such as importance of the displayed information, its relevance to the user, device, screen size, etc. +When grouping related information together, you will build a new React component and reference existing components from within. While doing this, you have full control of how the information is presented and can consider different aspects such as importance of the displayed information, its relevance to the user, device, screen size, etc. #### Reuse existing code @@ -285,7 +288,7 @@ When you build SharePoint Framework web parts using React, the main functionalit ### Considerations for grouping multiple web parts in a single tab -Combining multiple web parts in a single tab allows you to make a better use of the available screen estate and provide the user with a comprehensive view of the relevant information. There are however some specific considerations that you should take into account before you choose this approach. +Combining multiple web parts in a single tab allows you to make better use of the available screen estate and provides the user with a comprehensive view of the relevant information. There are however some specific considerations that you should take into account before you choose this approach. #### Combining web parts requires development effort diff --git a/docs/spfx/build-for-teams-meeting-app.md b/docs/spfx/build-for-teams-meeting-app.md index 57f5acac4..399da0e37 100644 --- a/docs/spfx/build-for-teams-meeting-app.md +++ b/docs/spfx/build-for-teams-meeting-app.md @@ -1,7 +1,7 @@ --- title: "Tutorial: Build meeting apps for Microsoft Teams with SPFx" description: Build meeting apps for Microsoft Teams with the SharePoint Framework. -ms.date: 04/28/2021 +ms.date: 12/30/2023 ms.localizationpriority: medium --- @@ -130,7 +130,7 @@ Add the following JSON to the file: "manifestVersion": "1.8", "packageName": "{{SPFX_PACKAGE_NAME}}", "id": "{{SPFX_COMPONENT_ID}}", - "version": "1.0", + "version": "1.0.0", "developer": { .. }, "name": { "short": "{{SPFX_COMPONENT_NAME}}" diff --git a/docs/spfx/compatibility.md b/docs/spfx/compatibility.md index c85e7071f..55dc39aae 100644 --- a/docs/spfx/compatibility.md +++ b/docs/spfx/compatibility.md @@ -1,70 +1,76 @@ --- title: SharePoint Framework development tools and libraries compatibility -description: Find which versions of the SharePoint Framework are compatible with each version of SharePoint, development tools and libraries. -ms.date: 06/26/2023 +description: Find which versions of the SharePoint Framework are compatible with each version of SharePoint, development tools, and libraries. +ms.date: 05/15/2025 ms.localizationpriority: high --- # SharePoint Framework development tools and libraries compatibility -As the SharePoint Framework (SPFx) evolves, so do the various development tools and libraries that it uses. +As the SharePoint Framework (SPFx) evolves, so do the various development tools and libraries it uses. ## SharePoint Framework version compatibility -Because SharePoint Online and the on-premises versions of SharePoint Server have different release cycles for new capabilities, they also have support different SharePoint Framework capabilities. +Because SharePoint Online and the on-premises versions of SharePoint Server have different release cycles for new capabilities, they also support different SharePoint Framework capabilities. SharePoint Online always uses the latest version of the SharePoint Framework, but SharePoint 2016 and SharePoint 2019 only support the versions that match the server-side dependencies of the deployed packages. | SharePoint version | Supported SPFx version | Supported features | | ---------------------------------------| ---------------------- | --------------------------------------------------------------------------------------- | | SharePoint Online | All versions | All features | -| SharePoint Server Subscription Edition | v1.5 or lower | SPFx client-side web parts in classic and modern pages, and extensions in modern pages. | +| SharePoint Server Subscription Edition | v1.5 or lower | SPFx client-side web parts in classic and modern pages, and extensions in modern pages. | | SharePoint Server 2019 | v1.4.1 or lower | SPFx client-side web parts in classic and modern pages, and extensions in modern pages. | | SharePoint 2016 Feature Pack 2 | v1.1 | SPFx client-side web parts hosted in classic SharePoint pages. | For more information about SharePoint Framework development with SharePoint 2016 Feature Pack 2 and SharePoint 2019, see: - [SharePoint Framework development with SharePoint 2016 Feature Pack 2](sharepoint-2016-support.md) -- [SharePoint Framework development with SharePoint Server 2019 and Subscription Edition](sharepoint-2019-and-subscription-edition-support.md) - this guidance applies also for SharePoint Server Subscription Edition +- [SharePoint Framework development with SharePoint Server 2019 and Subscription Edition](sharepoint-2019-and-subscription-edition-support.md) - this guidance also applies to SharePoint Server Subscription Edition ## SPFx development environment compatibility -As each new version of the SharePoint Framework is released, support for newer versions libraries is constantly added to ensure that the toolset remains up to date. +As each new version of the SharePoint Framework is released, support for newer library versions is constantly added to ensure the toolset remains current. The following table lists SharePoint Framework and compatible versions of common tools and libraries: -| SPFx | Node.js (LTS) | NPM | TypeScript | React | -| ------------------------------- | --------------- | ----------------------------------------- | -------------- | ----------- | -| [1.18](release-1.18.md) | v16, v18 | v5, v6, v7, v8, v9 | v4.5, v4.7 | v17.0.1 | -| [1.17.4](release-1.17.4.md) | v16.13+ | v5, v6, v7, v8 | v4.5 | v17.0.1 | -| [1.17.3](release-1.17.3.md) | v16.13+ | v5, v6, v7, v8 | v4.5 | v17.0.1 | -| [1.17.2](release-1.17.2.md) | v16.13+ | v5, v6, v7, v8 | v4.5 | v17.0.1 | -| [1.17.1](release-1.17.1.md) | v16.13+ | v5, v6, v7, v8 | v4.5 | v17.0.1 | -| [1.17.0](release-1.17.md) | v16.13+ | v5, v6, v7, v8 | v4.5 | v17.0.1 | -| [1.16.1](release-1.16.1.md) | v16.13+ | v5, v6, v7, v8 | v4.5 | v17.0.1 | -| [1.16.0](release-1.16.md) | v16.13+ | v5, v6, v7, v8 | v4.5 | v17.0.1 | -| [1.15.2](release-1.15.2.md) | v12, v14, v16 | v5, v6, v7, v8 | v4.5 | v16.13.1 | -| [1.15.0](release-1.15.md) | v12, v14, v16 | v5, v6, v7, v8 | v4.5 | v16.13.1 | -| [1.14.0](release-1.14.md) | v12, v14 | v5, v6 | v3.9 | v16.13.1 | -| [1.13.1](release-1.13.1.md) | v12, v14 | v5, v6 | v3.9 | v16.13.1 | -| [1.13.0](release-1.13.md) | v12, v14 | v5, v6 | v3.9 | v16.13.1 | -| [1.12.1](release-1.12.1.md) | v10, v12, v14 | v5, v6 | v3.7 | v16.9.0 | -| ~~[1.12.0](release-1.12.0.md)~~ | ~~v12, v10~~ | ~~v5, v6~~ | ~~v3.7~~ | ~~v16.9.0~~ | -| [1.11.0](release-1.11.0.md) | v10 | v5, v6 | v3.3 | v16.8.5 | -| [1.10.0](release-1.10.0.md) | v8, v10 | v5, v6 | v3.3 | v16.8.5 | -| [1.9.1](release-1.9.1.md) | v8, v10 | v5, v6 | v2.9 | v16.8.5 | -| [1.8.2](release-1.8.2.md) | v8, v10 | v5, v6 | v2.9 | v16.7.0 | -| [1.8.1](release-1.8.1.md) | v8 | v5, v6 | v2.7, v2.9, v3 | v16.7.0 | -| [1.8.0](release-1.8.0.md) | v8 | v5, v6 | v2.7, v2.9, v3 | v16.7.0 | -| [1.7.1](release-1.7.1.md) | v8 | v5, v6 | v2.4 | v16.3.2 | -| [1.7.0](release-1.7.md) | v8 | v5, v6 | v2.4 | v16.3.2 | -| [1.6.0](release-1.6.md) | v6, v8 | v3 (w/ Node.js 6),
    v5 (w/ Node.js 8) | v2.4 | v15 | -| [1.5.1](release-1.5.1.md) | v6, v8 | v3 (w/ Node.js 6),
    v5 (w/ Node.js 8) | v2.4 | v15 | -| [1.5.0](release-1.5.md) | v6, v8 | v3 (w/ Node.js 6),
    v5 (w/ Node.js 8) | v2.4 | v15 | -| [1.4.1](release-1.4.1.md) | v6, v8 | v3, v4 | v2.4 | v15 | -| [1.4.0](release-1.4.md) | v6 | v3, v4 | v2.4 | v15 | -| [1.3.0](release-1.3.md) | v6 | v3, v4 | v2.4 | v15 | -| [1.1.0](release-1.1.md) | v6 | v3, v4 | v2.4 | v15 | -| [1.0.0](release-1.0.0.md) | v6 | v3 | v2.4 | v15 | +| SPFx | Node.js (LTS) | TypeScript | React | +| ------------------------------- | --------------- | -------------- | ----------- | +| [1.21.1](release-1.21.1.md) | v22 | v5.3 | v17.0.1 | +| [1.21.0](release-1.21.md) | v22 | v5.3 | v17.0.1 | +| [1.20.0](release-1.20.md) | v18 | v4.5, v4.7 | v17.0.1 | +| [1.19.0](release-1.19.md) | v18 | v4.5, v4.7 | v17.0.1 | +| [1.18.2](release-1.18.2.md) | v16, v18 | v4.5, v4.7 | v17.0.1 | +| [1.18.1](release-1.18.1.md) | v16, v18 | v4.5, v4.7 | v17.0.1 | +| [1.18](release-1.18.md) | v16, v18 | v4.5, v4.7 | v17.0.1 | +| [1.17.4](release-1.17.4.md) | v16.13+ | v4.5 | v17.0.1 | +| [1.17.3](release-1.17.3.md) | v16.13+ | v4.5 | v17.0.1 | +| [1.17.2](release-1.17.2.md) | v16.13+ | v4.5 | v17.0.1 | +| [1.17.1](release-1.17.1.md) | v16.13+ | v4.5 | v17.0.1 | +| [1.17.0](release-1.17.md) | v16.13+ | v4.5 | v17.0.1 | +| [1.16.1](release-1.16.1.md) | v16.13+ | v4.5 | v17.0.1 | +| [1.16.0](release-1.16.md) | v16.13+ | v4.5 | v17.0.1 | +| [1.15.2](release-1.15.2.md) | v12, v14, v16 | v4.5 | v16.13.1 | +| [1.15.0](release-1.15.md) | v12, v14, v16 | v4.5 | v16.13.1 | +| [1.14.0](release-1.14.md) | v12, v14 | v3.9 | v16.13.1 | +| [1.13.1](release-1.13.1.md) | v12, v14 | v3.9 | v16.13.1 | +| [1.13.0](release-1.13.md) | v12, v14 | v3.9 | v16.13.1 | +| [1.12.1](release-1.12.1.md) | v10, v12, v14 | v3.7 | v16.9.0 | +| ~~[1.12.0](release-1.12.0.md)~~ | ~~v12, v10~~ | ~~v3.7~~ | ~~v16.9.0~~ | +| [1.11.0](release-1.11.0.md) | v10 | v3.3 | v16.8.5 | +| [1.10.0](release-1.10.0.md) | v8, v10 | v3.3 | v16.8.5 | +| [1.9.1](release-1.9.1.md) | v8, v10 | v2.9 | v16.8.5 | +| [1.8.2](release-1.8.2.md) | v8, v10 | v2.9 | v16.7.0 | +| [1.8.1](release-1.8.1.md) | v8 | v2.7, v2.9, v3 | v16.7.0 | +| [1.8.0](release-1.8.0.md) | v8 | v2.7, v2.9, v3 | v16.7.0 | +| [1.7.1](release-1.7.1.md) | v8 | v2.4 | v16.3.2 | +| [1.7.0](release-1.7.md) | v8 | v2.4 | v16.3.2 | +| [1.6.0](release-1.6.md) | v6, v8 | v2.4 | v15 | +| [1.5.1](release-1.5.1.md) | v6, v8 | v2.4 | v15 | +| [1.5.0](release-1.5.md) | v6, v8 | v2.4 | v15 | +| [1.4.1](release-1.4.1.md) | v6, v8 | v2.4 | v15 | +| [1.4.0](release-1.4.md) | v6 | v2.4 | v15 | +| [1.3.0](release-1.3.md) | v6 | v2.4 | v15 | +| [1.1.0](release-1.1.md) | v6 | v2.4 | v15 | +| [1.0.0](release-1.0.0.md) | v6 | v2.4 | v15 | ## See also diff --git a/docs/spfx/content-securty-policy-trusted-script-sources.md b/docs/spfx/content-securty-policy-trusted-script-sources.md new file mode 100644 index 000000000..da35369a5 --- /dev/null +++ b/docs/spfx/content-securty-policy-trusted-script-sources.md @@ -0,0 +1,175 @@ +--- +title: Support for Content Security Policy (CSP) in SharePoint Online +description: Learn how SharePoint Online implements Content Security Policy to protect against various attack vectors, and how you can ensure your SharePoint Framework components are valid. +ms.date: 05/02/2025 +author: andrewconnell-msft2 +ms.author: v-jconnell +--- +# Support for Content Security Policy (CSP) in SharePoint Online + +In web development, Content Security Policy (CSP) is a security feature that help prevent against various attack vectors including [cross-site scripting](https://developer.mozilla.org/docs/Glossary/Cross-site_scripting) (XSS), [clickjacking](https://developer.mozilla.org/docs/Web/Security/Attacks/Clickjacking), and other code injection attacks. + +CSP enables a site to control which resources a page is allowed to load. It works though a series of instructions to the browser from the website that instruct the browser what the page is allowed to load. + +Learn more about CSP on MDN: [Content Security Policy (CSP)](https://developer.mozilla.org/docs/Web/HTTP/Guides/CSP). + +In this article, you'll learn how CSP works with custom SharePoint Framework (SPFx) solutions, how to identify and find CSP violations, and how to configure trusted sources in SharePoint Online. + +> [!IMPORTANT] +> Content Security Policy (CSP) is currently rolling out in SharePoint Online, however **no scripts are currently being blocked. CSP violations are only being logged at this time.** + +## How Content Security Policy Works in SharePoint Online + +When a browser requests a script, if CSP is enabled on the site, the browser checks the script location against the CSP rules. If the CSP restrictions allow the location of the script to be loaded by the browser, the browser proceeds with the request. However if CSP rules to not allow the location, the browser doesn't load the script and logs the error in the browser's Console. + +## Content Security Policy and SPFx Solutions + +By default, SharePoint Online is configured to allow the browser to load scripts used to implement SharePoint Online. This includes scripts from custom SPFx solutions that include scripts in the **\*.sppkg** deployment packages. + +The default setting for new SPFx solutions is to include the JavaScript bundles that implement SPFx components in the package. When an SPFx app is installed, the assets included in the package are deployed to the site's **ClientSideAssets** folder. + +SPFx developers have multiple options they can implement to load scripts in their solutions for various scenarios. These include: + +### Option 1: Deploy SPFx Scripts to an External CDN + +SPFx developers can optionally configure their SPFx solutions to not include the JavaScript bundles in the package and instead, deploy these scripts to their own locations. For instance, a vendor might elect to deploy their scripts to their own managed Content Delivery Network (CDN). + +When implementing this scenario, the SPFx package is configured to load scripts from a remote domain. The developer then must deploy the scripts to that location in addition to deploying the SPFx package (**\*.sppkg**) to the SharePoint Online App Catalog. + +This is done by setting the `cdnBasePath` property in the **./config/write-manifests.json** file. + +> [!NOTE] +> Learn more how to configure SPFx solutions so the JavaScript bundles and other scripts are deployed to a location other than SharePoint Online in the following articles: +> +> - [Deploy your SharePoint client-side web part to Azure CDN](web-parts/get-started/deploy-web-part-to-cdn.md) +> - [Host your client-side web part from Microsoft 365 CDN (Hello World part 4)](web-parts/get-started/hosting-webpart-from-office-365-cdn.md) +> - [Host an SPFx extension from the Microsoft 365 CDN (Hello World part 4)](extensions/get-started/hosting-extension-from-office365-cdn.md) + +### Option 2: Pull Script Dependencies from a CDN + +Another common scenario is when a SPFx solution takes a dependency on a popular library, but instead of including it in the SPFx component's JavaScript bundle, they configure the solution to exclude it from the bundle and instead instruct the SPFx runtime to pull the library from the remote CDN. + +This is done by adding the external script reference to the `externals` property in the **./config/config.json** file. + +> [!NOTE] +> Learn more how to configure the SPFx bundling process to exclude the library from the bundle and instruct the SPFx runtime to load the library from the remote CDN prior to loading the SPFx component's bundle in the following article: +> +> - [Add an external library to your SharePoint client-side web part](web-parts/basics/add-an-external-library.md) + +### Option 3: Dynamically Load a Script with the SPComponent Loader + +Another option SPFx developers can implement is to conditionally load a script through code. This is done using the [SPComponentLoader](/javascript/api/sp-loader/spcomponentloader). + +```ts +async SPComponentLoader.loadScript('https://some-external-site/script.js'); +``` + +## Content Security Policy Impact on SPFx Solutions + +As stated above, the CSP settings in SharePoint Online are configured to load scripts hosted in SharePoint Online. This means that if you include the resources in your SPFx package, *the default configuration for new SPFx solutions*, the CSP settings in SharePoint Online will have no impact on your custom solution. + +However, if your solution implements any of the three (3) options previously listed, or another option such as dynamically adding a `