Updates from: 01/20/2021 04:10:18
Service Microsoft Docs article Related commit history on GitHub Change details
SharePoint https://docs.microsoft.com/en-us/SharePoint/request-app-installation-permissions https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/live/SharePoint/SharePointOnline/request-app-installation-permissions.md
@@ -24,13 +24,15 @@ Apps are small, easy-to-use web applications that add functionality to SharePoin
Some apps are included with SharePoint, others might be developed by your organization, and still others are created by third-party developers and available for purchase from the SharePoint Store.
- Only those users who have the appropriate permission level can add apps to a site. Typically, Full Control permission (or membership in the Site Owners group) is the minimum requirement. But some apps require access to data sources or web services to read data required for the app. This kind of app has permissions associated with it. When the app requires organization-level permissions, the requestor will need approval from a Microsoft 365 admin to continue with the installation. The approval process includes a workflow, called the permission request flow, which ensures installation requests are directed to the right person.
+ Only those users who have the appropriate permission level can add apps to a site. Typically, Full Control permission (or membership in the Site Owners group) is the minimum requirement. But some apps require access to data sources or web services to read data required for the app. This kind of app has permissions associated with it.
+
+When the app requires organization-level permissions, the requestor will need approval from a Microsoft 365 admin to continue with the installation. The approval process includes a workflow, called the permission request flow, which ensures installation requests are directed to the right person.
This article is intended for global admins and SharePoint admins at the organization level who receive requests for app installation. ## How the permission request flow works
-When users encounter an app that requires admin permission to install, they'll see a **Request Approval** link on the app details page.
+When users find an app that requires admin permission to install, they'll see a **Request Approval** link on the app details page.
![Screen shot of the application details page with the Request Approval link highlighted](media/4b047f1e-0254-4bc6-82a5-b96e0c091d7f.jpg)
@@ -41,19 +43,19 @@ When users encounter an app that requires admin permission to install, they'll s
When they click **Request**, an automated email is sent to everyone who is a site collection admin for the app catalog. > [!NOTE]
-> Sometimes, depending on the Office Store settings, the **App Request** dialog will include a place for users to indicate the number of licenses required along with the justification. See [Configure settings for the SharePoint Store](configure-sharepoint-store-settings.md) for more information.
+> Sometimes, depending on the Office Store settings, the **App Request** dialog will include a place for users to indicate the number of licenses required along with the justification. For more information, see [Configure settings for the SharePoint Store](configure-sharepoint-store-settings.md).
**Approve or deny requests**
-1. In the auto-generated email that you receive for the request, click **You can now approve or reject the request here**.
+1. In the autogenerated email that you receive for the request, click **You can now approve or reject the request here**.
2. On the **Approve or Reject App Request** screen, in the **Comments** box, provide relevant information about your decision. 3. Either select:
- - **Approve** to approve the request and send an auto-generated email to the requester.
+ - **Approve** to approve the request and send an autogenerated email to the requester.
- - **Reject** to deny the request and send an auto-generated email to the requester.
+ - **Reject** to deny the request and send an autogenerated email to the requester.
![Screen shot showing the Approve or Reject App Request dialog](media/c5527b3f-6413-4591-9d91-5f89f2e253a3.png)
@@ -69,7 +71,7 @@ The app catalog is where you store and manage all apps for the organization. The
![Screen shot showing the App Request link](media/43dc9a1b-61da-4304-acd1-70e16e06907b.png)
-4. Click the title of each pending request to review it. Once the request is approved or denied, it is removed from the view. If you change your mind about allowing an app or apps to be added to you sites, you can revoke approval on the request. To revoke approval for a request, choose the request and click **Remove Approvals**.
+4. Click the title of each pending request to review it. Once the request is approved or denied, it's removed from the view. If you change your mind about allowing an app or apps to be added to your sites, you can revoke approval on the request. To revoke approval for a request, choose the request and click **Remove Approvals**.
## Make the application available
@@ -79,7 +81,7 @@ At this point, site owners can check the **Your Requests** list to view the stat
## Delegate approval authority
-As a global admin or SharePoint admin in your organization, you can delegate app approval authority as a way of spreading the approval work around, or alleviating approval bottlenecks. Remember that apps are stored and managed in the app catalog, and the app catalog is a site collection. Therefore, to grant app approval permission to select users, you add them to the site collection administrator group on the app catalog.
+As a global admin or SharePoint admin in your organization, you can delegate app approval authority as a way of spreading the approval work-around, or alleviating approval bottlenecks. Remember that apps are stored and managed in the app catalog, and the app catalog is a site collection. Therefore, to grant app approval permission to select users, you add them to the site collection administrator group on the app catalog.
> [!CAUTION] > When you promote users to site collection administrators on the app catalog site collection, you are giving them the ability to approve the installation of apps that have organization-wide impact. Consider this decision carefully.
SharePoint https://docs.microsoft.com/en-us/SharePoint/security-considerations-of-allowing-custom-script https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/live/SharePoint/SharePointOnline/security-considerations-of-allowing-custom-script.md
@@ -22,7 +22,9 @@ description: "Learn about security factors to consider before you allow users to
# Security considerations of allowing custom script
-Allowing users to customize sites and pages in SharePoint by inserting script can give them the flexibility to address different needs in your organization. However, you should be aware of the security implications of custom script. When you allow users to run custom script, you can no longer enforce governance, scope the capabilities of inserted code, block specific parts of code, or block all custom code that has been deployed. Instead of allowing custom script, we recommend using the SharePoint Framework. For more info, see [An alternative to custom script](security-considerations-of-allowing-custom-script.md#spframework).
+Allowing users to customize sites and pages in SharePoint by inserting script can give them the flexibility to address different needs in your organization. However, you should be aware of the security implications of custom script.
+
+When you allow users to run custom script, you can no longer enforce governance, scope the capabilities of inserted code, block specific parts of code, or block all custom code that has been deployed. Instead of allowing custom script, we recommend using the SharePoint Framework. For more info, see [An alternative to custom script](security-considerations-of-allowing-custom-script.md#spframework).
## What custom script can do
@@ -42,16 +44,18 @@ As a global admin, security admin, or SharePoint admin, you can allow or block c
- Who inserted the code
-Any user who has "Add and Customize Pages" permission (part of the Design and Full Control permission levels) to any page or document library can insert code that can potentially have a powerful effect on all users and resources in the organization. The script has access to more than just the page or site - it can access content across all site collections and other Microsoft 365 services in the organization. There are no boundaries for executing script. For info about site activity you can audit, see [Configure audit settings for a site collection](https://support.office.com/article/a9920c97-38c0-44f2-8bcb-4cf1e2ae22d2).
+Any user who has "Add and Customize Pages" permission (part of the Design and Full Control permission levels) to any page or document library can insert code that can potentially have a powerful effect on all users and resources in the organization.
+
+The script has access to more than just the page or site - it can access content across all site collections and other Microsoft 365 services in the organization. There are no boundaries for executing script. For info about site activity you can audit, see [Configure audit settings for a site collection](https://support.office.com/article/a9920c97-38c0-44f2-8bcb-4cf1e2ae22d2).
## You can't block or remove inserted script
-If you've allowed custom script, you can change the setting to later prevent users from adding custom script, but you can't block the execution of script that has already been inserted. If dangerous or malicious script was inserted, the only way you can stop it is to delete the page that hosts it. This might result in data loss.
+If you've allowed custom script, you can change the setting to later prevent users from adding custom script, but you can't block the execution of script that has already been inserted. If dangerous or malicious script is inserted, the only way you can stop it is to delete the page that hosts it. This might result in data loss.
## An alternative to custom script <a name="spframework"> </a>
-The [SharePoint Framework](https://docs.microsoft.com/sharepoint/dev/spfx/sharepoint-framework-overview) is a page and web part model that provides a governed and fully supported way to build solutions using scripting technologies with support for open source tooling. Key features of the SharePoint Framework:
+The [SharePoint Framework](https://docs.microsoft.com/sharepoint/dev/spfx/sharepoint-framework-overview) is a page and web part model that provides a governed and fully supported way to build solutions using scripting technologies with support for open-source tooling. Key features of the SharePoint Framework:
- The framework runs in the context of the current user and connection in the browser. It doesn't use iFrames.
@@ -59,11 +63,11 @@ The [SharePoint Framework](https://docs.microsoft.com/sharepoint/dev/spfx/sharep
- The controls are responsive and accessible. -- Developers can access the lifecycle. In addition to render, they can access load, serialize and deserialize, configuration changes, and more.
+- Developers can access the lifecycle. Also to render, they can access load, serialize and deserialize, configuration changes, and more.
- You can use any browser framework you like: React, Handlebars, Knockout, AngularJS, and more. -- The toolchain is based on common open source client development tools like npm, TypeScript, Yeoman, webpack, and gulp.
+- The toolchain is based on common open source client development tools like npm, TypeScript, Yeoman, web pack, and gulp.
- Admins have governance tools to immediately disable solutions regardless of the number of instances that have been used and the number of pages or sites across which they've been used.
SharePoint https://docs.microsoft.com/en-us/SharePoint/what-s-new-in-sharing-in-targeted-release https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/live/SharePoint/SharePointOnline/what-s-new-in-sharing-in-targeted-release.md
@@ -3,7 +3,7 @@ title: "Secure external sharing in SharePoint"
ms.reviewer: srice ms.author: mikeplum author: MikePlumleyMSFT
-manager: pamgreen
+manager: serdars
audience: Admin f1.keywords: NOCSH ms.topic: article
@@ -21,15 +21,15 @@ description: "In SharePoint, if you share with a user who is not in the director
# Secure external sharing recipient experience
-In SharePoint, if you share with a user who is not in the directory, they are sent a one-time code that they can use to verify their identity.
+In SharePoint, if you share with a person who is not in the directory, they're sent a one-time code that they can use to verify their identity.
-This article describes the current default one-time-passcode experience. However, we recommend that you enable [SharePoint and OneDrive integration with Azure AD B2B](sharepoint-azureb2b-integration-preview.md) which will ultimately replace this experience.
+This article describes the current default one-time-passcode experience. However, we recommend that you enable [SharePoint and OneDrive integration with Azure AD B2B](sharepoint-azureb2b-integration-preview.md), which will replace this experience.
Recipients of secure external sharing who also use Microsoft 365 in their organization can sign in using their work or school account to access the document. After they have entered the one-time passcode for verification the first time, they will authenticate with their work or school account and have a guest account created in the host's organization. IT admins can manage them like any other guest account in their directory.
-Guest accounts are used for sharing sites, and you can always add guest users to your directory if you need to give them access to more than just a file or folder.
+Guest accounts are used for sharing sites, and you can always add guests to your directory if you need to give them access to more than just a file or folder.
-The following table shows the differences between sharing with external users with guest accounts and with ad hoc external recipients.
+The following table shows the differences between sharing with people who have guest accounts and with ad hoc external recipients.
||**Guest account**|**Ad hoc external recipient**| |:-----|:-----|:-----|
@@ -41,20 +41,20 @@ The following table shows the differences between sharing with external users wi
|Can edit in Word, Excel, PowerPoint, or other Microsoft 365 apps <br/> |Yes <br/> |No <br/> | |Access controlled by AAD conditional access policies <br/> |Yes <br/> |No <br/> |
- When using the share dialog to share with "specific people" and the recipients are all external users then a secure link will be created and the specified email addresses will be secured, or added, to the link. This appears in audit logs in the following ways:
+ When you use the Share dialog box to share with "specific people" and the recipients are all outside the organization, then a secure link will be created and the specified email addresses will be secured, or added, to the link. This appears in audit logs in the following ways.
> [!NOTE] > If the UserType property of a User object is "guest", the user is outside of your organization but may be an ad hoc external recipient that does not have a guest account. > [!NOTE]
-> Auditing operations related to sharing invitations can still appear in situations when SharePoint items other than files and folders are shared with external users (for example, when sharing a SharePoint site with external users).
+> Auditing operations related to sharing invitations can still appear in situations when SharePoint items other than files and folders are shared with guests (for example, when you share a SharePoint site with guests).
|**Operation**|**Description**| |:-----|:-----|
-|SecureLinkCreated <br/> |A link that only works for specific people was created. It is usually followed by a series of AddedToSecureLink operations which signify the users who were secured to the link. The value in the **Detail** column for this activity identifies the UniqueSharingId for this link which can be used to match against future AddedToSecureLink and RemovedFromSecureLink operations. <br/> |
-|SecureLinkDeleted <br/> |A link that only works for specific people was deleted. It is usually preceded by a series of RemovedFromSecureLink operations which signify the users who used to be secured to the link. The value in the **Detail** column for this activity identifies the UniqueSharingId for this link which can be used to match against future AddedToSecureLink and RemovedFromSecureLink operations. <br/> |
-|AddedToSecureLink <br/> |A link that only works for specific people was secured to a user. The value in the **Detail** column for this activity identifies the name or email of the user the link was secured to and whether this user is an external user. The value also has a UniqueSharingId column that identifies the link they were secured to. <br/> |
-|RemovedFromSecureLink <br/> |A user was removed from a link that only works for specific people. The value in the **Detail** column for this activity identifies the name or email of the user the link was previously secured to and whether this user is an external user. The value also has a UniqueSharingId column that identifies the link they were secured to. <br/> |
+|SecureLinkCreated <br/> |A link that only works for specific people was created. It's usually followed by a series of AddedToSecureLink operations, which signify the users who were secured to the link. The value in the **Detail** column for this activity identifies the UniqueSharingId for this link, which can be used to match against future AddedToSecureLink and RemovedFromSecureLink operations. <br/> |
+|SecureLinkDeleted <br/> |A link that only works for specific people was deleted. It's usually preceded by a series of RemovedFromSecureLink operations, which signify the users who used to be secured to the link. The value in the **Detail** column for this activity identifies the UniqueSharingId for this link, which can be used to match against future AddedToSecureLink and RemovedFromSecureLink operations. <br/> |
+|AddedToSecureLink <br/> |A link that only works for specific people was secured to a user. The value in the **Detail** column for this activity identifies the name or email of the user the link was secured to and whether this user is a guest. The value also has a UniqueSharingId column that identifies the link they were secured to. <br/> |
+|RemovedFromSecureLink <br/> |A user was removed from a link that only works for specific people. The value in the **Detail** column for this activity identifies the name or email of the user the link was previously secured to and whether this user is a guest. The value also has a UniqueSharingId column that identifies the link they were secured to. <br/> |
## See also
SharePoint https://docs.microsoft.com/en-us/SharePoint/SharePointServer/administration/variations-overview https://github.com/MicrosoftDocs/OfficeDocs-SharePoint/commits/live/SharePoint/SharePointServer/administration/variations-overview.md
@@ -24,8 +24,9 @@ The variations feature in SharePoint Server and SharePoint in Microsoft 365 make
This article contains an overview of the variations feature. It describes the elements of the variations feature; provides an overview of site, list, and page creation for variation sites; lists some limitations of variations; and describes scenarios for using variations in SharePoint Server. This article does not describe the tasks that are involved in planning a solution that uses variations. For info about how to plan to use variations in your solution, see [Plan for variations in SharePoint Server](plan-for-variations.md). This article also does not describe how to create variation labels and hierarchies. For info about how to create a variation site, see [Create a multi-language website](https://go.microsoft.com/fwlink/p/?LinkId=279696).
- > [!IMPORTANT]
- > The variations will remain supported but deprecated for the SharePoint Server 2019 release. For more info, see [What's deprecated or removed from SharePoint Server 2019](https://docs.microsoft.com/sharepoint/what-s-new/what-s-deprecated-or-removed-from-sharepoint-server-2019#variations).
+ > [!IMPORTANT]
+ > The variations will remain supported but deprecated for the SharePoint Server 2019 release. For more info, see [What's deprecated or removed from SharePoint Server 2019](https://docs.microsoft.com/sharepoint/what-s-new/what-s-deprecated-or-removed-from-sharepoint-server-2019#variations).
+
## Use and benefits of variations <a name="use"> </a>