Help me customize Access Package emails

SysAdmins find it a lot of work maintaining permissions to resources like Azure.

Both Devs and SysAdmins love Identity Governance and in particular Access packages as resources are now more secure and quicker for to grant access to.

❌ Access Package requests do not show the product or user in the email subject. If subjects contained the same details it would be easier to quickly see who is requesting lots of access on a regular basis.

Suggestion:

  • Email subject – At a minimum add the product name and the user to the subject. Give the ability to fully customize it.
  • Email body – Give the ability to edit text
Bad Example – See the red box – This subject should be customizable

Bug – Help me to open my Teams website tabs in the browser (Broken because URL’s are case-sensitive)

Update: Microsoft have fixed this bug in June 2024

When you are in Teams looking at a webpage often you want to open it in the browser. E.g, Loop pages. Recently it started giving: “The link has been removed.”

Figure: New bug – The link has been removed “The link has been removed”

After very careful inspection in Teams I realized that the URL was being changed when I clicked on the ‘open in browser’ button to all lowercase. This breaks any sharing links to things like SharePoint as they are case-sensitive.

Figure: Line 1 – The original sharing link – Line 2 The Sharing link after Teams saves it

Suggestion:

URL’s by nature are case-sensitive and should not be changed

Teams apps – Help me use the Teams bot with a compliance policy

We are nearly complete on an AI solution – it is being built on top of Microsoft Teams and Azure OpenAI APIs. We call it SSW YakShaver.

The product has a blocking issue. We are recording a Teams call (and screen) and we have hit something called a “compliance policy”.

The below is what we plan to do from here. I would have assumed we would have gone with Option 1 (using the Teams bot with a compliance policy) but it seems like we are going to use the Graph API (simpler).

Thoughts?

——————————————————————————————————————-

I got this email from the YakShaver team:

We have been trying to get the compliance policy working in MS Teams (Option1), but have pretty much given up.

We have decided to do Option 2 below followed by Option 2.1.

We are *not* doing Option 1.

Here are all the points we have learnt.

Then the user flow.

Then the pros and cons.

Option 1: Media Stream – Application hosted or compliance recording bot (Not recommended)

Using a Teams bot with a compliance policy to record the audio and video, it will record every participants sound individually, those who are not in the policy will not be recorded.

  • Complexity – on the backend
  • We need the compliance policy on everyone in the call for them to be recorded
  • User adds bot to the call or meeting, it will directly start to record, when the user kick out the bot it will stop.
  • The bot will send an api call to the endpoint /api/call
  • After this we need to connect with Microsoft Media Stream
    • From the Media Stream we can get the video stream.
  • We need to add in a way to store the videos so that Media Stream to do this
    • Suggestion: Use data blob (YakShaver Teams bot store video in datablob, and media stream pulls it)
      • We could send it directly to the api, but according to Uly we need to store the video somewhere so the final PBI can have a link to it.
      • When we’re using the compliancy policy it’s not recording as normally and the video will not be stored in Stream as it would normally would be

User flow

  1. User adds bot to the call or meeting.
  2. It will directly start to record, and the user can tell the task.
  3. When the user kicks out the bot, it will stop the recording and send of the task.

✅ Pros:

  1. No frontend needed, just an instruction page
  2. Easy on the user end, the user never needs to start recording and stop recording, instead the user can just add and remove the bot.

❌ Cons:

  1. Complexity of coding on the backend
  2. Saving Audio and video files is a problem
  3. Audio might be recorded separately among participants, and if so, it requires coding to re-join them together
  4. We need extra work to notify the user that they are being recorded
  5. Potential legal issue because we record it and we are responsible for it, we need some extra safety rules on the recorded audios
  6. We need to run the whole thing on the windows VM.

Info – Application Hosted Bot

https://learn.microsoft.com/en-us/microsoftteams/platform/bots/calls-and-meetings/calls-meetings-bots-overview

https://learn.microsoft.com/en-us/microsoftteams/platform/bots/calls-and-meetings/requirements-considerations-application-hosted-media-bots

Option 2: Use the Graph API (Recommended)

Using the Graph API to do the work, the user manually start and stop recording, and then the YakShaver will get the transcrips for the user manually.

  • Delegated auth flow, everyone can be recorded.
  • Access to transcript need a PAT (personal access token)
  • We can’t access the start and stop recording from the API so this has to be done manually.
  • User start recording, user end recording
  • Since the user is starting and stopping the recording – the recording is stored on their account and everyone in the meeting has access to it
    • That’s why we need their PAT to access the recording/transscript
    • Later: investigate how we can move the recording to another location where everyone have access

User flow (⚠️worse flow, but quicker to develop and cheaper $ Azure costs)

  1. User start recording
  2. User click on YakShaver tab button before or after recording
  3. User stop recording
  4. The YakShaver will do the task

✅ Pros:

  1. Less software complexity
  2. No need to save video stream and no need to merge transcripts.
  3. We have the UI so the YakShaver can track the issue being created and show it on the UI
  4. It’s already been proved to work in POC
  5. We can sell it to a client because it’s all using delegated permissions

❌ Cons:

  1. We need some front-end work, pop ups, SSOs to manage user credentials.
  2. More steps on the user end, manual recording is annoying and not natural.

User Flow – Options to skip the extra clicks (7 clicks in total):

Option 2 requires us to manually start and stop the recording in Teams. The following are 2 options to get around that.

Option 2.1: Azure Communication Service

Use communication service to automate the call record process – need a POC after Graph is done.

✅ Pros:

– It’s easy to use

– We can get rid of the compliance policy which is much much simpler!!!!!

– I can see the potential of making YakShaver into a commercial project.

– We can define our own compliance rule rather than rely on Azure to set up the compliance policy

❌ Cons:

– Calls have to be initialized from communication services

– It’s our responsibility to notify recording – very important

– We have to do compliance recording policy ourselves if we make it commercial later – might need a lawyer

How Azure Communication Services endpoints work with the Graph API?

Things we are sure of from the documentation:

  1. Azure Communication services can initialize a call, if the call is from Azure communication services, we can record it anytime
  2. Azure Communication services might be able record teams call but it might not.
  3. The call might not be on Teams.

When the users are calling the other user from YakShaver

  1. Can call another user from YakShaver and click record on YakShaver
  2. Users being invited to another call
  3. Inside that call, everything will be recorded

When 2 users are on a call and all of a sudden they decide to use YakShaver

  1. YakShaver will call them
  2. All users will be muted on teams
  3. All users will be invited to another call
  4. The newly created group call will be recorded

What happens if it’s a scheduled meeting

  1. We don’t need Azure communication service, the delegated flow should just be working….

Option 2.2: Click script

  • Could use this if Option 2.1 fails
  • What user interaction with computer can’t be done with an old-school click script?

Microsoft Graph API – Help me access former employees’ email messages

We have built a cool reporting tool www.sswEagleEye.com that uses the Microsoft Graph API to produce insights into employees’ email data.

However, when an employee leaves the company, we are no longer able to access that former employee’s email messages. This makes sense normally, but not in our scenario.

We need former employees’ email data or we have incomplete and potentially misleading reports.

Suggestion:
Microsoft Graph API should provide a method to access former employees’ email data, either through a dedicated endpoint or by incorporating a flag or parameter in the existing API requests.

Microsoft Loop – Help me store my Loop pages with my Teams

At SSW we really love using Microsoft Loop to collaborate with each other.  We think it would make a great replacement for OneNote in Teams for project Wikis and other important collaboration documents.

⚠️ However, the loop files are stored inconsistently (some are in your workspace and some are in OneDrive and some end up in the Microsoft Team if you create it in the chat), so I worry about data loss.

Figure: A Loop Tab (Like the Notes Tab) would be awesome

Loop pages created in Microsoft Loop can have their link copied to a Team but can’t be shared to a Team.  The storage for these loop files then stays with the creator’s workspace.  When a creator leaves the company, the link is broken.

Figure: Loop component created in a workspace in Loop

You can add a Loop component to a Teams post and that creates a .loop file in the Teams storage, which is great, but you can only add 1 component per post.  You then must pin the post to the top so that other Team members can find it.

Figure: Create a Loop component | Add it to a Post (1 Component Per Post) | Then Pin it

Figure: Good example – Loop component stored in Team file library

As a workaround, you can add a Teams OneNote, then add the loop components inside OneNote. However that doesn’t work as then strangely the files are stored under the creator’s OneDrive not in the Teams storage. 

Figure: Multiple Loop components added to Notes in Teams

Figure: Bad example – Loop files are saved to the creator’s OneDrive – not in Teams

This storage behaviour is not consistent, and it is not ready for enterprises (as they will lose data in Loops).

Microsoft Teams – Help me create a Team without a sensitivity label

Update – Microsoft has fixed this issue in the latest version of Teams v2 (24152.405.2925.6762)

The new Microsoft Teams app is a huge improvement over the older version. However, there is currently one serious fault.

A new Team should not automatically apply a ‘Sensitivity label’ unless a “Compliance policy” sets it as the default.

In the new Teams app only, when creating a Team, it cannot be created without a “Sensitivity label”.

Figure: See the red box – New team defaults to “Private – Sensitive-Accounting Documents” | Click to change

Figure: Choose 'None' Sensitivity | Click Public
Figure: In the Sensitivity Label dropdown | Choose ‘None’ | Click Public to close this window

Figure: See the red box - Team will be created with a Sensitivity label
Figure: Blocked – See the red box – Team will be created as Public with a sensitivity label that only a few people can read

Microsoft Outlook – Help me understand when emails are from other mailboxes

A cool feature of Outlook is when somebody is on holidays, you can access their mailboxes. An uncool feature is in the UX, it combines all emails when you are using the view of “Show as Conversations”.

For example, in the UX, a thread groups all emails from different mailboxes, regardless of who the email was sent to. This causes confusion as you assume the email was sent to you.

Suggestion: Microsoft Outlook should change its logic and not include the emails from other mailboxes in the Conversation view.

Bad Example – Outlook groups an email from Stephan’s mailbox into Jimmy’s conversation

Help me kindly know I am not connected to the internet

I wish all Microsoft applications behaved the same when offline. 

Ideally, they would all have a black bar (or reverse when in dark mode), when they had reduced functionality.

I am on a plane with no wifi…

⚠️This new green message when you are offline, is pretty unfriendly:

Figure: Bad example – Don’t say “server error” when I didn’t do anything wrong
Figure: Good example – Tell me I have no internet connection

Dynamics 365 – Help me delete appointments from Outlook

The Microsoft Dynamics 365 App for Outlook is a really useful tool for integrating Dynamics 365 and Outlook, especially for tracking appointments. However, it could be improved to make it even better!

Cancelling an appointment in Outlook should delete the appointment in Dynamics 365

If an appointment is tracked to Dynamics 365, there are 2 steps required to remove it:
– Untrack and delete from the Dynamics 365 App
– Cancel the appointment

There should be a way to delete the appointment in Dynamics 365 when it is cancelled – either as a popup each time you cancel in Outlook, or as a global setting in Dynamics 365.

This would potentially solve another issue – currently, it is not possible to track/untrack single occurrences of a series of appointments. If cancelling an appointment in Outlook also deleted it from Dynamics 365, then a single occurrence could also be deleted that way.

Figure: Outlook | Dynamics 365 App | “Recurring appointment occurrence cannot be tracked”