Your Azure credentials have not been set up or have expired,
1955 | please run Connect-AzAccount to set up your Azure credentials.
1956 | ClientAssertionCredential authentication failed: A
1957 | configuration issue is preventing authentication - check the
1958 | error message from the server for details. You can modify the
1959 | configuration in the application registration portal. See
1960 | https://aka.ms/msal-net-invalid-client for details. Original
1961 | exception: AADSTS700024: Client assertion is not within its
1962 | valid time range. Current time: 2022-10-20T07:47:12.7446078Z,
1963 | assertion valid from 2022-10-20T07:37:08.0000000Z, expiry time
1964 | of assertion 2022-10-20T07:42:08.0000000Z. Review the
1965 | documentation at
❌ Bad example – Error on deployment – assertion valid from 2022-10-20 07:37 to 2022-10-20 07:42 🔥(5 minutes)
Being able to sign in using Azure to almost everything has been around for a few years now. Why is this still not available to use in 1Password? This means that staff just require a single password to login to almost all the services that they use. They can make that a nice long password or even be password-less and sign into everything.
If SSO with Azure was enabled then we would also be able to use Conditional Access Policies. We already have Conditional Access policies that not only check where a user is signing in from (which can also be done in 1Password) but we are also able to restrict which devices can login and for users of Azure AD Premium P2 we can use Microsoft’s AI and stop ‘Risky Users’ from signing into our 1Password. This would also allow us to use our existing MFA solution (instead of needing a new one for 1Password).
1Password has decided to use a solution to sort passwords using free text tags. This works well in small teams but in large teams this won’t work. Can you imagine how many possible spellings there are for Service-Account? The only other solution is to have multiple vaults, but that isn’t ideal either as then we would need a vault for SysAdmin-SVC-Accounts, Designer-SVC-Accounts and Dev-SVC-Accounts. This presents problems because then we would need to set permissions on each of those. There is also a possibility that we might need to put the same login in more than 1 of those vaults. This would not be a problem if we had folders and subfolders.
It would even work better if Tags could be specified by Admin users and passwords could be set to require at least 1 tag. But as it stands, if we want our users to add and update details then they are able to create free text tags or even worse not put a tag at all.
See the below text from our document on how to set up the security ourselves
Whenever you create a Site Collection, two O365 groups get created (xxx-Owners and xxx-Members). For retro-compatibility, these O365 groups are automatically added to the SharePoint groups at creation time.
(Note for SharePoint gurus: O365-xxx-Members is mapped to SharePoint-xxx-members, but O365-xxx-Owners is mapped to… Site Collection Administrators! Crazy.)
SharePoint membership grants access to SharePoint resources, while access to Teams features (Channels, tabs, apps) is controlled directly via O365 groups.
The problem with this model is we cannot add AD (Active Directory) groups (or even O365 groups) within O365 groups (no nesting allowed). So, if we want to give access to two different sites to the same people (say SSWDevelopers), we must add ALL MEMBERS manually on EACH generated O365 group. That is ridiculous, and hard to maintain long term.
See the below screenshot – this is the default on the lists app. It shows all lists that I have permissions for and have added as a favourite list. Although it says ‘Home’ it shows not only lists in the ‘Home’ site but also any other lists that I have access to. These lists are not in the ‘Home’ site but are in other sites.
If I don’t know what the name of the list is that I am looking for how do I find it?
It would be better if I could see the hub-site navigation from the normal SharePoint site. That way I could just navigate to the SysAdmins site and see the lists in that site, or the Designers and see those lists. That would give more context.
In Teams when in video chat with only 1 other person and click Share Content | (there is no Whiteboard app)
When I add someone else to the call I can see the whiteboard app.
This is weird and wastes a lot of time debugging why this feature comes and goes. The button should always be there and if Microsoft don’t want to enable it for 2 people for some reason pop a message that says “Whiteboard is for 3 or more users”.
In SharePoint it shows the file history fine. But the history doesn’t completely appear in the Desktop/Web versions of Office.
We find ourselves looking at version history when debugging SharePoint stuff for clients, and it is useful. Until now we had never gone to Word to view the history – so to find out it does not work is concerning 🔥
In SharePoint we see:
In Web version of Word we see:
In Desktop versions of Word we see (Note we see more file history in the desktop version too):
The first Whiteboard app we released was a Windows (UWP) app on an Azure back end. This is still the form factor with the richest feature set.
We later added the web app (Web + Teams) which we are gradually evolving. The web canvas will eventually be the single canvas that powers all apps.
In parallel, we are moving the back end to ODSP (OneDrive/SharePoint). This is the right platform to handle the required scale, compliance, and sharing capabilities.
At the end of this transition period all clients (Teams, Web, Windows, iOS, Android, Surface Hub) will run on a single version of the web canvas to support collab scenarios across all devices.
That transition is complex because we need to build up capabilities on the web app to the level of the Windows client (and beyond), while transitioning the back end, and while also supporting cross-device collaboration sessions across different app versions (e.g. Windows and web) and back-ends.