blog.atwork.at

news and know-how about microsoft, technology, cloud and more.

Delegate365 changelog version 8.0-A new major release

Delegate365 version 8.0 is a major release with a bunch of new features and updates. This Delegate365 version brings support for a new partner login, improvements in the setup process after updates, integration of Azure Event Grid, new user profile features, new Group OU's, a new check email address module, some bugfixes, new security features and some more features. See the details here.

The last update of Delegate365 version 7.5 took place in April. We have been busy developing and testing Delegate365 since then. Now is the time to launch the new Delegate365 version 8 and the new features. Let's start with the new setup.

  • New setup without consent: In the last years, we continuously added more features to Delegate365 and performed version updates every few months. Some of them required to add more permissions to the Delegate365 app which then required to run a new Delegate365 setup asking for more permissions and requiring the consent of an Office 365 Global Admin after the sign-in process on behalf of all users. We sometimes experienced issues when the setup admin forgot to accept the new consent on behalf of all users. Then, no user could sign-in until the consent has been given by a Global Admin.
    So, we decided to simplify the update process for our customers as much as possible. Since it is still necessary to run a new setup if new app permissions are needed for new Delegate365 functionality, giving the Global Admin consent explicitly now is no longer necessary.
    The new setup creates a Delegate365 app with the runtime of two years and automatically confirms the consent during the setup process. The setup UI and the flow with the two steps is unchanged (see Delegate365-(Re)run the setup, but without consent). During the setup, the Delegate365 configuration password (you get that from atwork) and your Global Admin credentials must be filled into the fields. Then, click "Complete". The Delegate365 setup creates a new app with the required permissions, accepts the consent and will be finished after about one minute. Then, Delegate365 can be used by all users.
    image
    Now, there's no active consent of a Global Admin on behalf of all users necessary. This is done automatically during the setup to simplify the update-process.
  • Future Updates and Setup: Depending on eventually required app permissions in future Delegate365 releases, it will still be necessary to run a Delegate365 setup update. If no new app permissions are required, there is no need to run a setup after an update process. This works in the same way as before.
  • Update to Delegate365 version 8: We will contact our customers and arrange a time for the Delegate365 update. After your Delegate365 tenant has been updated to version 8, an Office 365 Global Admin needs to execute the Delegate365 setup.
  • Partner-Login - for partners and support cases: The new version enables organizations to add partner logins from another Office 365 tenant as Delegate365 Administrators as well. This is helpful for partners who want to manage multiple Delegate365 customers with their own Office 365 login. Also, this feature can be used for support cases. In case of an issue, a Portal Admin can add the vendor or partner with his own User Principal Name to the Delegate365 Administrators list. The support engineer can now work in Delegate365 with the defined permissions. When the support case is closed, the external partner login can be removed (or the Admin permissions can be removed).
  • Partner-Login - How to add external Administrators: Portal Admins can define the Delegate365 Administrators in the administration / manage administrators menu. Now, additionally to users of the own tenant, any other Office 365 email address can be used as Delegate365 Administrator. Simply type the external email address into the User Principal Name field, that's it. The people picker understands internal and external addresses. The following screenshot shows another work account (...@atwork-it.com) that is not existing in the own (...@M365x897613.onmicrosoft.com) Office 365 tenant and is added as Scope Administrator in Delegate365.
    image
    External Delegate365 Administrators work exactly in the same way as Administrators in the own Office 365 tenant: They can be Portal Admin or Scope Admin and have a custom set of permissions. We think the "Partner login" is a very helpful feature in real world scenarios.
  • New Group OU's: Speaking about Delegate365 Administrators, there's a brand new feature now available: Group OU's. A Group OU can be used by Scope Admins for using members of another OU they do not manage themselves in their own groups. To see a description of this feature in detail, pls. see the article "Delegate365 changelog version 8-Group OUs".
    image_thumb34
  • New Web API Key per Administrator: In each profile of a Delegate635 Administrator, now there is a new section "Web API key". You find this property at the end of the Administrator's pane when an Administrator is selected in the list and "Edit admin" is opened. This is the personal key for this user for executing Delegate365 PowerShell commands. This feature will be described in more detail in the next version 8.1 that is planned for end of summer. Anyway, showing and renewing "Generate" the Administrator's key is already integrated here.
    image
  • User profile picture: Delegate365 now enables to see and to change a user's profile picture in the "Edit" function. This is done via the Microsoft Graph that requires that the user has a license for Exchange Online assigned. So, all users with an Exchange mailbox can have a user profile picture and Delegate365 Administrators are able to see and to modify that if needed. When clicking "Change", a new profile picture can be uploaded into the mailbox. The new picture will be available within the next minutes in the Office 365 services.
    image
    Note: If a user has no Exchange mailbox assigned, the loading progress takes a little bit longer and a dummy picture with the user's initials is generated. Administrators then cannot remove or change the user profile picture since it is virtually. So, this feature depends on the Exchange Online license of the user.
    image
  • User Manager: Now Administrators can see and modify a user's manager directly in Delegate365 as well. The Manager property can be modified if the user is a cloud user. The people picker allows to select an existing user quickly, as in this sample. There can be only one manager assigned.
    image
    The Manager field has been added in the user's property pane in the "additional details" box.
  • Check email address: In the "More" menu, there is a new module named "check email address". This is a requested feature, since it can happen that a Delegate365 Administrator wants to use an email address that is already taken, but not visible in the Delegate365 portal, since the Admin cannot manage that object. But, an email address might be already existing somewhere in the Office 365 tenant, as alias email address of a user, a shared mailbox or resource, as email address of a Distribution Group or of an Office 365 group or similar. In here, Administrators can ask Delegate365 if any email address is already taken or available.
    image
    If an email address is already used, Delegate635 informs what type of object is using that email address, or if the email address is available, e.g.
    alexw@M365x897613.onmicrosoft.com - Recipient exists, Type: UserMailbox
    sales@M365x897613.onmicrosoft.com - Recipient exists, Type: MailUniversalDistributionGroup
    support@M365x897613.onmicrosoft.com - This email address is not existing in the Office 365 tenant. Feel free to use it.
    So, this small module helps to check for existing email addresses anytime, anywhere in the Office 365 tenant.
  • New Extensibility: Sometimes organizations using Delegate365 have the requirement to run additional tasks when users have been created or other objects have been changed in Office 365. Since every company has it's own processes and tasks, we decided to support custom functions out of Delegate365 to keep this very flexible: We added integration for Azure Event Grid to Delegate365. This feature can act like a Swiss Army Knife and trigger external functions if needed.
    Delegate365 extensibility works with an HTTP endpoint and delivers events that happen during the periodically happening Delegate365 sync operation. This allows organizations to run their custom tasks externally, e.g. in Azure functions with PowerShell or any other supported programing language.
    Portal Admins find this module in administration / configuration / extensibility. In here, the topic and the AccessKey of the Azure Event Grid must be specified. Below, the whole trigger system can be set to Active Yes or No - to configure it and set it active or inactive easily when needed. The switches trigger sending an event to the Azure Event Grid when the Delegate365 sync operation runs. Currently, these events are supported: Create user, Delete user, Update user, Sync Start and Sync End.
    Note that trigger must already exist when saving this configuration.
    image
    To see a description of this feature in detail, pls. see the article "Delegate365 changelog version 8-Extensibility" (the article and link will be available soon).
  • Small Bugfixes: Some minor bugfixes have been performed in this version: An Office 365 Group did not always show all members, field validators have been improved, better descriptions have been used, etc. These small issues have been fixed.
  • Internal security improvements: The Delegate365 portal works as an easy to use tool for accomplishing the most common tasks in an Office 365 environment. Users using Delegate365 first must sign-in with their Office 365 account and they must be assigned as Administrator in Delegate365. Once a user has signed-in and both checks were successfully, he can use the Delegate365 portal. To avoid that such a signed-in user can manipulate any data sent to the Delegate365 services, we have added more security-features within the service. On the client-side, input fields in Delegate365 forbid to enter any Javascript code before sending the data back to the service. On the server-side, the Delegate365 services check the data and if the signed-in user is allowed to perform the action with the data sent by checking all permissions again before they are executed. With these activities, Delegate365 avoids any security breaches of a Delegate365 administrator after he is signed-in and if he tries to manipulate data sent back to the service.

Delegate365 version 8.0 provides brand new features and improvements. The update time will be planned accordingly with our customers starting end of July. New Delegate365 tenants will get this version automatically.

We hope, you like the new features of Delegate365!

Loading