Do you agree that products always have room for improvement?
"Every day there are little things in software that we find annoying. Some write books about it, like Annoyances.org, but I thought this site would be more constructive.
BetterSoftwareSuggestions.com is proudly maintained by myself and the developers at SSW."
- Adam Cogan 
I am very interested in how people are accessing our services. I especially like how I can see that our users are accessing Dynamics 365 on their mobile app.
OIDC is the recommendation method to login to Azure from GitHub pipelines now as it provides better security and doesn’t rely on storing a secret.
Currently OIDC login tokens expire in just 5 minutes🔥, causing long running scripts to fail.
Related GitHub Issue: https://github.com/Azure/login/issues/180.
Your Azure credentials have not been set up or have expired,
1955 | please run Connect-AzAccount to set up your Azure credentials.
1956 | ClientAssertionCredential authentication failed: A
1957 | configuration issue is preventing authentication - check the
1958 | error message from the server for details. You can modify the
1959 | configuration in the application registration portal. See
1960 | https://aka.ms/msal-net-invalid-client for details. Original
1961 | exception: AADSTS700024: Client assertion is not within its
1962 | valid time range. Current time: 2022-10-20T07:47:12.7446078Z,
1963 | assertion valid from 2022-10-20T07:37:08.0000000Z, expiry time
1964 | of assertion 2022-10-20T07:42:08.0000000Z. Review the
1965 | documentation at
❌ Bad example – Error on deployment – assertion valid from 2022-10-20 07:37 to 2022-10-20 07:42 🔥(5 minutes)
- uses: azure/login@v1
with:
client-id: ${{ env.CLIENT_ID }}
tenant-id: ${{ env.TENANT_ID }}
subscription-id: ${{ env.SUBSCRIPTION_ID }}
enable-AzPSSession: true
❌ Bad example – Needs 1 more parameter – (e.g. token-expiry: 30M)
- uses: azure/login@v1
with:
client-id: ${{ env.CLIENT_ID }}
tenant-id: ${{ env.TENANT_ID }}
subscription-id: ${{ env.SUBSCRIPTION_ID }}
enable-AzPSSession: true
token-expiry: 30M
✅ Good example – Allow the token expiry to be set to a more reasonable time
Being able to sign in using Azure to almost everything has been around for a few years now. Why is this still not available to use in 1Password? This means that staff just require a single password to login to almost all the services that they use. They can make that a nice long password or even be password-less and sign into everything.
If SSO with Azure was enabled then we would also be able to use Conditional Access Policies. We already have Conditional Access policies that not only check where a user is signing in from (which can also be done in 1Password) but we are also able to restrict which devices can login and for users of Azure AD Premium P2 we can use Microsoft’s AI and stop ‘Risky Users’ from signing into our 1Password. This would also allow us to use our existing MFA solution (instead of needing a new one for 1Password).
1Password has decided to use a solution to sort passwords using free text tags. This works well in small teams but in large teams this won’t work. Can you imagine how many possible spellings there are for Service-Account? The only other solution is to have multiple vaults, but that isn’t ideal either as then we would need a vault for SysAdmin-SVC-Accounts, Designer-SVC-Accounts and Dev-SVC-Accounts. This presents problems because then we would need to set permissions on each of those. There is also a possibility that we might need to put the same login in more than 1 of those vaults. This would not be a problem if we had folders and subfolders.
It would even work better if Tags could be specified by Admin users and passwords could be set to require at least 1 tag. But as it stands, if we want our users to add and update details then they are able to create free text tags or even worse not put a tag at all.
See the below text from our document on how to set up the security ourselves
Whenever you create a Site Collection, two O365 groups get created (xxx-Owners and xxx-Members). For retro-compatibility, these O365 groups are automatically added to the SharePoint groups at creation time.
(Note for SharePoint gurus: O365-xxx-Members is mapped to SharePoint-xxx-members, but O365-xxx-Owners is mapped to… Site Collection Administrators! Crazy.)
SharePoint membership grants access to SharePoint resources, while access to Teams features (Channels, tabs, apps) is controlled directly via O365 groups.
The problem with this model is we cannot add AD (Active Directory) groups (or even O365 groups) within O365 groups (no nesting allowed). So, if we want to give access to two different sites to the same people (say SSWDevelopers), we must add ALL MEMBERS manually on EACH generated O365 group. That is ridiculous, and hard to maintain long term.
See the below screenshot – this is the default on the lists app. It shows all lists that I have permissions for and have added as a favourite list. Although it says ‘Home’ it shows not only lists in the ‘Home’ site but also any other lists that I have access to. These lists are not in the ‘Home’ site but are in other sites.
If I don’t know what the name of the list is that I am looking for how do I find it?
It would be better if I could see the hub-site navigation from the normal SharePoint site. That way I could just navigate to the SysAdmins site and see the lists in that site, or the Designers and see those lists. That would give more context.
In Teams when in video chat with only 1 other person and click Share Content | (there is no Whiteboard app)
When I add someone else to the call I can see the whiteboard app.
This is weird and wastes a lot of time debugging why this feature comes and goes. The button should always be there and if Microsoft don’t want to enable it for 2 people for some reason pop a message that says “Whiteboard is for 3 or more users”.
In SharePoint it shows the file history fine. But the history doesn’t completely appear in the Desktop/Web versions of Office.
We find ourselves looking at version history when debugging SharePoint stuff for clients, and it is useful.
Until now we had never gone to Word to view the history – so to find out it does not work is concerning 🔥
In SharePoint we see:
In Web version of Word we see:
In Desktop versions of Word we see (Note we see more file history in the desktop version too):
When creating a new document directly in Microsoft Teams, Teams always opens the web version of the Office app that you are asking for (e.g. Word).
Please add a checkbox for Teams for open in Desktop App instead.
Note: It even ignores the setting in Teams to always open in the Desktop app:
This is the history from Microsoft:
Some background on the tech stack and roadmap:
That transition is complex because we need to build up capabilities on the web app to the level of the Windows client (and beyond), while transitioning the back end, and while also supporting cross-device collaboration sessions across different app versions (e.g. Windows and web) and back-ends.