Delegate365 v9.1 comes with many new features. This version immediately follows version 8.5 and this is a major version with many large and small updates. It includes new functions such as Teams improvements, SharePoint sites management, basic device management with Intune, Invite guests, notifications, the new smart sync option, license quotas, new reports and much more. See a description of the new features here.
- Run a setup: Since new permissions are required for the Delegate365 app, an administrator needs to run the Delegate365 setup after the upgrade process. We will propose an update date to every customer. After the update, an administrator needs to run the Delegate365 setup once. See the How-To at Delegate365-(Re)run the setup.
- Small design changes: You will notice that Delegate365 looks looks a bit tidier. Boxes were reduced.
All frames of the boxes are now reduced to a single line under the title. That gives more clarity.
- Why v9.1? This is a major release of Delegate365. The last version of Delegate365 has been v8.5 in last fall. We added more features and updated and optimized the technology behind Delegate365 to the modern Microsoft .NET Standard and .NET Core framework internally. From an end-user perspective, that means more performance. To represent that, we updated the next Delegate365 version from v8.5 to v9.0 since this is a major release. Since the .NET Core 3.1 LTR framework is now available on the Microsoft Azure platform, it makes sense to use the latest framework. So, we skipped the switch to .NET core 3.0 (and Delegate365 v9.0 was an internal test version only) and decided to go to .NET core 3.1 directly with this update. To make it short: Delegate365 v9.1 is the latest version, directly following v8.5.
- Invite users: To collaborate with external users, they can be invited to the company tenant. Now, Admins can do this in Delegate365 (if permitted, see below). In the Users module, there´s a new icon "invite guest user" on the right of the "create user" icon on top of the list. Click on that icon to do so.
Fill out the fields and click Invite.
The user gets an invitation per email to join the organization as a guest. Once the user accepts the invitation, he will be added as guest user to the Azure AD. Delegate365 already adds that user to the selected OU and will show that user in the users list.
BTW, admins can assign a license to a guest user as well. Note that the user (dependent on the account type) must sign-in to your tenant with the full UserPrincipalName to be identified as a guest in an Azure AD. In this sample this looks as here.
- Invite guest role: The permission policies now include the permission to invite a guest in the Users section. By default, this is set to No. Change it as needed.
- Teams channels management: With this version, Delegate365 allows the management of channels in a team. Select a team and see the features in the menu on the right. Click Channels to manage them.
In the channels list, you can modify the channels of the selected team. The list shows also the web URL to directly get access to the channel.
When clicking the Create "+" icon or Edit, you can modify the channel.
Note: To modify a channel description, you have to change the display name as well. Otherwise you get a message informing that you have to change the display name as well. For a new description, you currently need to change both fields and click Save.
- Teams channels and Tabs: In the Tabs menu, admins can see the defined Tabs with a direct web URL link to access that tab in Teams.
You can use the link to navigate to the page in the Teams client.
- Teams channels and Apps: The Apps menu shows a list of apps with their current version that are installed in the selected team. Return with the back icons on top and at the end of the list.
- SharePoint sites requirements: To use SPO functionality, Delegate365 requires an app. The SPO app must be created once and added to the configuration of Delegate365. Please see the steps at Delegate365 changelog 9.1-SharePoint Online.
- SharePoint sites assignments: Once the SPO app is configured in Delegate365, this version brings management of SharePoint (SPO) sites. Admins can assign SPO sites in the OU´s / Assign menu. There´s an additional section for SharePoint.
The sync gets all SPO sites if the tenant and allows to assign them to an OU here - as usual. The list shows all sites with their site type that are unassigned. Select the sites and assign them to the corresponding OU. Click the Assign button and confirm the popup message to do so.
You can use the OU´s / Unassign menu to remove SPO sites from OU´s.
Note: SPO sites don´t have a group membership and no properties in Azure AD. So, you can only assign sites manually to an OU as shown here. There´s no sync rule for automatic assignments available. Please see details at Delegate365 changelog 9.1-SharePoint Online.
- SharePoint site and permission management: The new module SharePoint allows a basic management of the assigned SPO sites. The permission to see the menu SharePoint is controlled in the permission policies. The list shows the site name, the URL, the site type and the OU as follows.
When you select a site and click Edit, you can modify specific site settings. The settings depend on the site type and show the most relevant site features.
Also, admins can manage the site permissions as here.
Please see details at Delegate365 changelog 9.1-SharePoint Online.
- SharePoint Provisioning: Admins can create a new SPO site with Delegate365 within an OU. To create a new Team, follow the link saying "To provision a new Team or a new Microsoft 365 group, click here." below the panel title. Otherwise, use this panel to create a new Communication site as here.
Please see details at Delegate365 changelog 9.1-SharePoint Online.
- Intune features: Admins can now benefit from the basic management of devices of their users. This includes a a new menu Devices in the users list and includes actions such as Wipe Device, Retire Device, Sync Device, and Delete Device. This will be covered in an extra article in the next days here.
- Smart sync: This is a new feature for improving the sync mechanism in Delegate365 if the Microsoft interface does not deliver complete data from the tenant. In short: Unless 80% of the data is sent from the Microsoft API, Delegate365 will not delete the existing data until the same data has been provided three times. Admins can configure and overwrite that behavior if needed.
This incomplete data scenario did occur in the past some times. So, Smart Sync prevents unwanted changes. Smart sync makes it possible to run a full synchronization only if the Microsoft 365 interface supplies complete data. Administrators can define a threshold from which data is considered complete. If less data is supplied by the Microsoft 365 interface, Smart Sync blocks the deletion of large amounts of data. In this case, no deletions are made in Delegate365 and the following two sync operations are observed. The actual deletion in Delegate365 takes place only when the data is supplied in the same way for the third sync operation. This mechanism enables incomplete data to be automatically repaired in Delegate365. By default, starting with this Delegate365 version, Smart sync is enabled and it is recommended that you leave this setting enabled.
If Smart sync is set to Yes, the other switches in the section become active. The switches allow to override the sync behavior if needed. If set to Yes, the next sync will synchronize objects of that type, even if Smart Sync is activated. This also resets the counter for the next smart sync operations. The small "i" icons inform about the switches. Also, warnings are generated to the admins if if the threshold is exceeded. The Smart sync behavior is new, but the warnings exist since previous versions of Delegate365. See notification samples at Delegate365 v8.4-New Sync warning for deleted objects.
- Notifications: Admins can control if they want to receive notification emails from Delegate365. Again, the small "i" icons inform about the switches. This can be done on behalf of an admin in Administration / Administrators as here...
...or every admin can do this on his own in the Properties in the top right corner menu.
- Revoke sign in sessions: This new feature allows to sign-out users instantly, for example if the user has a lost or stolen device. Revoke sign in session prevents access to the organization's data through applications on the device by requiring the user to sign in again to all applications that they have previously consented to, independent of device. Select the user and click on the Revoke sign in session menu on the right side.
The admin has to confirm the operation by clicking on the Revoke button.
A toast notification informs that the Revoke sign in session was executed. The user needs to login again on his or /her machines to use the Microsoft 365 services. This is a security feature that allows admins to react quickly if a user identity becomes compromised.
- New license quotas features: When working with a lot of licenses and license quotas, there are now some helpful features available: In menu OU´s / Manage OU´s, one or more OU can be selected and default license quotas can be added with the new Create default license quotas menu as shown here. Confirm the message to create quotas for the selected OU´s.
In menu Licenses / license quotas, you can now filter for OU and for licenses to find your quota to find it faster, as follows. The list also shows the used licenses within the OU.
The default quotas set the quota to 0 licenses and Enforce is set to No. If quotas are already existing for the OU and for the license, they do not get overwritten by default quotas - they remain as configured. Missing licenses will be a added then. So, this is a convenient method to create license quotas and then start configuring them as needed.
- License order notification: In the Licenses / license orders, admins can start a request for more licenses. In the following sample, Adele requested 10 E5 licenses for her OU New York.
She gets a notification email, as well as the license admins. This email will be sent to the requester as confirmation with the subject "Delegate365: License order" as follows.
If this request turned out to be wrong, Adele can delete the request herself, before it has been processed by a license admin.
If Adele deletes the request, the license orders list is cleared. The same happens for the license admins. To track that deletion process, Delegate365 now informs the licenses admin about the delete-operation, also with subject "Delegate365: License order". This looks as here.
This this completes the information chain so that admins get informed about a cancelled request.
- Sync messages for Scope Admins in the notification center: All operations are logged in Delegate365. If errors occur, these are logged in the storage and in the notification center. In the past, Portal admins saw all error messages, and scope admins saw errors they produced in the UI. With this version, admins now see error messages from from all objects of their OU´s. So, if for example there are license quotas defined for an OU, and there is a sync rule in place that assigns licenses to users and there´s a conflict during the sync, the OU admins will now see the corresponding messages. Here, we see such a scenario in the screenshot. Licenses could not automatically be assigned because a license quota prevents that.
So, OU admins now see messages concerning their managed objects.
- Notification emails: If the notification warnings are enabled for an admin, he or she will receive emails for warnings, such as here. The admin here got a notification that the sync could not assign a license because the license quota was exceeded. The email subject in this particular case is "D365: License quota reached".
- Notification center automatic messages cleanup: Messages that popup in the notification center will now automatically be deleted if they are older than 30 days. This prevents the notification center to slow down if there are (ten)thousands of messages in the list. It deletes messages that are no longer relevant automatically from now on. The messages remain in the Delegate365 Audit log in the error table.
- Reports: New reports have been added, such as Directory role users, Managed devices, and List Directory audits. The Directory roles users report generates a list of the users that are assigned to an directory role. Managed devices generate a list of properties and relationships of the managed device objects. The List directory audits report shows the audit logs generated by Azure Active Directory. See the current list and samples of all reports at Delegate365 Manual for Reports.
- OU invoice data: In OU´s / Manage OU´s, now additional data for the address can be added, e.g. for billing purposes. Select an OU and click on Invoice data.
Then, fill out the fields as needed and click Save.
Note: Currently this data is not used in reports, but it can be used for future features.
- Sync Rules extended attributes removed: In previous versions, automatic user OU-assignment was available for extended user attributes in Azure AD. No customers used that and this has been removed since it used an old Microsoft API that was deprecated. So, the Administration / Sync rules and the User section now looks as here: It allows to sync with security group (see more here) or to select the predefined user properties to automatically assign users to an OU in Delegate365.
- Sync history: The history table now shows the number of total users, assigned users, total groups, and assigned groups. This gives an overview at a glance about changes in the Office 365 tenant.
Also, the details contains more detailed information about the sync operation, showing numbers of synced objects before and after the sync.
- Fixes: We added more description, and updated labels and added info symbols here and there to make features more accessible. Also, the sync has been optimized and minor fixes have been made.
We have added many new features from our customers´ feedback and we hope you like the new and improved features of Delegate365!
Delegate365 version 9.1 will be available starting this March. atwork will propose an update date to every productive tenant. New versions get the latest Delegate365 version automatically.