SPS Stockholm – Recap

Wow, what an experience!

SPSSTHLM_ValentinesBannerEvent if you ever had the chance to attend a SharePoint Saturday or a similar free community event,  you probably don’t know what it means to organize such an event for 300 people in your free time. So in this post I just want to give you a glimpse on what is involved if you ever play with the thought to do it yourself :)

SharePoint Saturday Stockholm 2015 on 14th of February in the Stockholm World Trade Center was the second run that Erwin van Hunen and I organized, and even though we thought we had done most of the required preparations already the first time and can just copy & paste the event, there was still a lot to prepare.

Sponsors, Speakers, Attendees

Organizing this event started about 8 months before and the first step (after fixing the date and venue) is always to find and convince the sponsors to fund the event. Luckily this was much easier this time due to the success of SPSSTHLM2014 and we got the first 5 sponsors signed up within the first week after we announced the event. Still, you have to chase up all your contacts regularly, come up with ideas that might make the event or a special sponsorship level more attractive and finally hope that you will get enough to sign up in order to make your budget. In my personal opinion, finding sponsors is probably the most nerve wrecking task in the entire organization process. You can make that easier if you find someone who provides their premises for the event e.g. Microsoft, but that often comes with the downside that you have to take care of the catering, insurance, security and cleanup yourself and that the location is maybe harder to reach for the attendees (which may result in more no-shows).

Next up is calling for and selecting the speakers and sessions. There are so many great, well-known speakers out there who are eager to come at their own expenses to the event (!), that getting sessions was no problem at all. Although unfortunately the Swedes seem not like to speak that much which meant at the end that we only had Wictor Wilén as the only real Swede speaking at the event. The tough part (and I didn’t envy Erwin for that) was to select the sessions for the 21 slots out of the 120 submissions. Erwin made a great job selecting mostly technical session because much like in 2014 about 65% of the attendees were developers, 20% IT-Pros and only 15% interested mainly in business topics.

When you have the sponsors, speakers and sessions in place then it is time to make some noise and get attendees. Last year our tickets were sold out in 2 hours and we heard from many people that they learned about the event the first time after all seats were already gone. Hence we decided this time to release the tickets in two batches to give the word some time to spread around in between. To be honest I am not entirely sure if this made any difference. Both batches were gone again each within 2 hours and we had still over 100 people on the waiting list on the event day.

What else needs to be done?

Here is an incomplete list: plan the catering, speakers dinner, agenda, sponsor perks, exhibition area layout, room equipment, attendee bags, SharePint, attendee registration, volunteer allocation, design signage, badges, raffle tickets, slide decks, communicate with sponsors, speakers, attendees, venue and much much more.

All of the time you always have to think of the budget, how many attendees you can allow, amount of no-shows to plan with (sadly this year we had about 17,5% with over 100 people on the waiting list), if you can have better/more/different food, coffee breaks, nicer speaker presents and so on.

Because of all these variables and the lack of experience, our first event in 2014 went unfortunately about 10% over budget. Our goal this time was to do better and cover for last years loss. I am glad to say that this mission was accomplished and thanks to our generous sponsors we were still able to make the event bigger this year (300 instead of 250 participants, 5 instead of 4 tracks, 25 instead of 20 speakers).

The Reward

Both Erwin and I knew very well what challenge we were up to and even though it requires a lot of work, it is also lot of fun. When you finally see what was accomplished and feel the appreciation from all the people who participated it is just a awesome.

So rest assured, we will do it again! (just don’t tell our wives :).

To stay informed, please signup on one of our 3 mailing lists for attendees, speakers and sponsors and follow us on twitter.

Thank you!

To finish of, I want to shout a big thank you to everyone involved:

  • The sponsors, for making all of this financially possible, providing awesome raffle prizes and being on-site to give the whole event a professional feeling :)
  • The speakers, for coming on their own expenses to Stockholm to share knowledge and expertise with the local community,
  • The volunteers, for helping to prepare the event the day before, registering the attendees and supporting speakers and attendees in the session rooms,
  • The venue staff, for being a big help, flexible and professional,
  • The attendees, for coming  to this great community event, on a Saturday!, on Valentine’s! and mingle with all others to share their experiences with SharePoint and the surrounding technologies and
  • Erwin, for holding out until the end with the annoying, perfectionist German that I am ;)

Last but not least, I just want to say: Hats off to anyone who takes up the challenge organizing a free community event!
If you need help, then just let me know and I share whatever I can.


All pictures of the event can be found on our Flickr account



Mastering Office 365 Development Patterns and Practices

The Microsoft of even just a few years ago was a very different beast. Few would have imagined Word on an Android tablet, or the open sourcing of the .NET framework. Yet the end of Steve Ballmer’s reign, and the incoming Satya Nadella, has seemingly given the company a real boost and a host of fresh ideas.

.NET Core is a great example of these changes, and something we have watched with real interest. By publishing the stack as an open source repository, a much wider audience can contribute to the software and help to improve it. The .NET Framework has grown and improved over the years a great deal, but closed source software is only maintained by a team of internal developers. .NET Core is now a community project, and will ultimately be all the better for it.

Another great development by Microsoft was the release of the Office App Model and Samples on Codeplex sometime around the SharePoint Conference 2014. The project was initially a rogue initiative without funding by a team of very bright people within the Office 365 customer adoption team (namely Vesa Juvonen and Steve Walker) who wanted to create a repository of re-usable code, pattern and practices to help SharePoint developers with the transition to the App model.

OfficepnpWe’ve seen this resource grow and improve, and whilst it did contain a host of useful code examples, there was room for improvement. Microsoft have listened to feedback and have transformed it into the Office 365 Developer Pattern and Practices (Office 365 DevPnP). Further, with the move from CodePlex to GitHub the doors were opened to find new enthusiastic contributors and the project has now grown to the most active on the OfficeDev GitHub account. Very active contributors like just recently my fellow swedish MVP and SPS Stockholm co-organizer Erwin van Hunen can even join the “Core Team” helping to shape this project in the future.

In case you worry that too many cooks spoil the broth then read this statement from Microsoft themselves:

You can rest assured that if there is a sample here, it has the blessing of the Office Developer Platform team as a supportable approach for your solutions”.

I recommend any serious SharePoint and Office365 developer to join the PnP team on the monthly community call. I guarantee you that listening to the call and learning about all the samples discussed will save you many times from reinventing a probably inferior wheel.

In the rest of this post I will briefly look on a few examples what Office DevPnP offers for developers.

Following best practice with ease

There have been a lot of changes over the last few years, and even months, when it comes to Office 365 development. For example, full trust solutions introduced in SharePoint 2007 are not longer supported in SharePoint Online. Also sandboxed solutions introduced in SharePoint 2010 have been deprecated – developers can still use them, but they are no longer recommended. Styling options have changed as well, with support being phased out for customizing master pages.

As a result it can be confusing for developers looking to create customizations for Office 365. That is where the Office 365 DevPnP comes into play. It contains examples for many common use cases, with each and everyone following current Microsoft best practices and guidelines. Faced with a challenge or problem, developers can look to the site for a solution or pattern – safe in the knowledge it is future proof.

A new way of branding

A good example of the new way of doing things in Office 365 is in the area of branding. During TechEd 2014 Steve and Vesa gave a presentation regarding development best practices in Office 365 and advised against custom master pages.

A custom master page is (or was) a highly customizable route that allowed for a range of styling options. In SharePoint 2007 and 2010 it was by far one of the most popular ways of changing the look and feel of SharePoint. So this announcement had quite a big impact, people were initially confused about how they should go about branding Office 365. This is where the Office 365 DevPnP comes in, containing as it does several examples of how to apply branding according to Microsoft’s best practices (Hint: use alternate CSS and logo or a custom theme and DO NOT customize the suite bar).

Provisioning Site Collections?

Provisioning Site Collections was another common task in previous versions of SharePoint, and was made more ‘difficult’ in Office 365. Many developers where confused. Without support for farm solutions, it was not clear how to do this easily with apps in Office 365. Again the Office 365 DevPnP comes to the rescue. The Office 365 DevPnP contains several examples on how Site Collections can be provisioned (Hint: use a provider hosted app or with remote event receivers).

A new look Microsoft

When Satya Nadella became the new CEO of Microsoft, a new era started. Microsoft moved their focus from closed software and a “Microsoft only” vision to releasing their software as open source and collaborating much more with other companies. The .NET framework, including the compiler, going open source is a great example of this. The Office 365 DevPnP is another.

Using this new and updated resource, developers for Office 365 can rely on an extensive set of examples showing how to develop their customizations. Along with other resources, like the Office Dev Center (featuring our own SPCAF), Microsoft is really on top of helping and guiding developers now and for that I congratulate them.

Join me in the coming weeks for my blog post series ‘Transforming SharePoint Customizations to the SharePoint App Model’. In it I will be looking at a range of guidance and advice, including tips from Microsoft and ways in which you can put SPCAF to work.

Custom Code: The Missing Piece of the SharePoint Governance Puzzle

Lots of companies have been running SharePoint systems for many years. Some have built up a lot of expertise, some even have dedicated support professionals and teams in place. Yet even for these very mature organizations, ‘governance’ can still be a bit of a mystery.

Any company running SharePoint needs to think governance, and what it means to them. According to Microsoft the definition of governance is:

“Governance is the set of policies, roles, responsibilities, and processes that control how an organization’s business divisions and IT teams work together to achieve its goals. “

Failing to think about these things means a SharePoint portal can become disorganized, users can get confused, people don’t know where to go with questions, and there is no clear plan around the future direction of the system.

Whilst many companies struggle with governance, the SharePoint community is particularly good at trying to help. Besides a lot of good articles on Microsoft TechNet, many posts have been written about governance in SharePoint projects for example

Codeplex even hosts a SharePoint Governance tool by Bill Baer, Senior Technical Product Manager at Microsoft, to make the process easier (please note it is currently in alpha status).

However, all these articles are usually focussing only on IT Management and Information Management Governance. One topic that is nearly always missed in any governance conversation is that of Application Management & Governance of the custom code.

Microsoft explains the application management for custom solutions in it’s governance poster (PDF) and TechNet article for SharePoint 2013.


But what are the controls and processes in place around customizations?
Let us look into this area in a bit more detail.

No, I don’t know who wrote that code, but it seems to be working!

Without proper governance in this area, it can become unclear who wrote customizations, what exactly each one is doing, and what the dependencies are to keep them working. People come and go, requirements change, and without proper governance it can become impossible to understand the status or impact on your farm. If something goes wrong it could feasibly cost the company time and money, so something needs to be done.

As we have discussed previously substandard customizations can have a negative impact on a SharePoint environment, both on-premises or cloud hosted:

  • Performance:
    Farm solutions can have a negative performance impact on the entire SharePoint farm, so not only on the web application they were deployed to. E.g. a malfunctioning timer job can block other timer jobs.
    In the brave new app world bad performance is usually exposed on the users side and often caused by unnecessary requests to the servers and inefficient JavaScript code (I highly recommend to read the SharePoint JavaScript Context Development blog series of my colleague Hugh Wood to learn more about coding JavaScript the right way for SharePoint). As you can imagine bad performance can not only cause problems in the infrastructure but also a lot of frustration for the end-users and eventually it slows down or prevents the adoption of SharePoint as a business platform.
  • Security:
    As the name “Full trust farm solutions” suggests, they have almost unlimited access to the SharePoint farm. Code can run under the web application pool account and timer job code runs under the timer service account (in most scenarios the farm account). Therefore it’s really important to check every full trust farm solution before trusting it, especially with 3rd party add-ins.
    But also the new app model poses an entirely new security risk, now that a lot of code is running on the client side in a maybe uncontrolled environment. The risks of XSS (cross site scripting), SQL injections or other security vulnerabilities have been there before of course. But now when running more and more code in a shared environment hosted in the cloud like in SharePoint Online/Office365, suddenly these security gaps are exposed to the public making it easier for perpetrators to gain access or even modify your data.
  • Dependencies and stability:
    Farm solutions and apps depend on many other components, which may have an impact on stability (e.g. 3rd party assemblies or JavaScript libraries, resources etc.). The dependencies may not be clear from the documentation and are often only visible by trial and error.

So an important part of any governance strategy is to understand what customizations you have, what they do, and exactly how they have been implemented.

How can we write good SharePoint code?

Quite a while ago (in 2009) Microsoft has published 10 best practices for SharePoint farm solutions. Even though the blog focuses on SharePoint 2007, many of it is still valid for farm solutions in SharePoint 2010 and 2013.

The problem with such and similar guidance on blogs is that a lot of it became obsolete with the shift to SharePoint Online but also the requirement to prepare your code already now for future updates and migration if you are still developing for SharePoint on-premises. Even worse, the thousands of SharePoint developer focused blogs and forums on the internet are full of false or at least questionable guidance and code solutions. Sadly many developers tend to just copy & paste code snippets of a solution without even giving it a thought or thorough investigation if this piece of code should be really used. This might minimize the costs and time to finish their projects, but in the end the customer will pay the bill when realizing that poor code caused high maintenance and operational costs, or needs to be re-implement entirely when upgrading to a new SharePoint version.

Here are a three examples that might make you reconsider your current practices and show pretty clear how hard it is to get the right up-to-date guidance what to do and what to avoid:

  1. Use WebTemplates instead of Site Templates when creating custom templates.
    While this is per se true for full trust code, the recommendation nowadays is to avoid as much declarative code as possible, including List definitions, Content Type definitions, Site Column definitions, List Instance definitions. These are only partly available in SP Online (e.g. through Sandboxed Solutions) and cause major maintenance problems when changes need to be applied. To see how to code these types of SharePoint artifacts with CSOM instead, I highly recommend you to take a look at the Microsoft Office Developer Patterns & Practices open source project on Github, which comes with plenty of samples and common usage scenarios.
  2. Never increase the throttling settings above recommended settings, even if it seems to cause no obvious issues
    This advice is more relevant than ever! Not only should you not do increase the throttling on-premises, you just can’t do this in the cloud. So it is wise to just plan your application architecture accordingly so that you don’t run into the risk of hitting the limit. This could mean for example using a custom database in a provider hosted app instead of SharePoint lists.
  3. Run SPDisposeCheck regularly to check for memory leaks
    Checking for memory leaks in full-trust SharePoint code is very important to avoid unexpected behavior of the solution or crashes of IIS. Unfortunately the guidance to use SPDisposeCheck is extremely misleading! SPDisposeCheck had its last release for SharePoint 2010 in 2010. At this time SharePoint was still running on the .NET Framework 2.0 and hence SPDisposeCheck was build on the same framework. But with SharePoint 2013 the framework version got update and suddenly SPDisposeCheck cannot analyze the assemblies anymore! Even worse, it is not warning the user, but rather give you a false sense of security by not reporting any issue at all! That is why Microsoft finally removed the download of SPDisposeCheck, but there are of course many places on the web to get it anyway.

Just these examples show you already how hard and complicated it is to make sure your SharePoint Code is of high quality, secure, performant, upgradeable/future-proof and follows best practices. Even harder is to govern this code when it is running and used in your production environment or needs to be migrated to a new SharePoint version.

For this reason we have created the SharePoint Code Analysis Framework (SPCAF) that helps you to analyze all the server side (SSOM), client side (CSOM), JavaScript (JSOM) and all declarative (XML, HTML, CSS, ASPX) code of SharePoint solutions (.wsp), apps (.app), executables (.exe) and assemblies (.dll). It allows you to choose between pre-configured or your customized rulesets for different target SharePoint versions and development models, detects code issues, memory leaks, security risks etc. and generates reports on dependencies, calculates metrics, documents the application and analyzes the ability to upgrade a farm solution to the app model.

Don’t forget custom code in your governance strategy

Governance is essential for a successful SharePoint implementation. While most governance strategies focus on business processes, rules, audits, and strategies, custom code is nearly always forgotten. By following the best practices above, and using automatic tooling, custom code can be made part of the governance strategy.

Companies can go even further and record individual features and customizations, the business requirements behind them, a version history of changes, and even the author’s names as part of formal SharePoint governance documentation.

Governance, around custom code or more business-focused areas of SharePoint, can be hard to implement at first and difficult to keep going in the long term. But you will certainly be glad you put the effort in when the day comes to update or rework the system.

Find about more about how SharePoint Code Analysis Framework (SPCAF) can help as part of your governance plan.

IT Pro fear no more! Introducing the SPCAF PowerShell CmdLet

Attention IT Pros!

This time we have something for you!

PowerShellWe are happy to announce the availability of the new SPCAF PowerShell CmdLet enabling you to analyze the code quality of your SharePoint solutions (.wsp) and apps (.apps) in your solution deployment scripts, your farm health checks or anywhere else you are using PowerShell to automate SharePoint management tasks including migration and governance solutions like AvePoint’s DocAve, Metalogix Content Matrix or Sharegate’s Sharegate :)

SPCAF PowerShell includes the same five analysis components as the the full client for Code Quality Analysis, Metrics, Dependency Analysis, Inventory and Migration Assessment.

With the PowerShell provided scripts you can download all WSP solutions and apps and check them against over 600 code quality rules. The generated reports show you if the solutions are well developed or contain issues which may harm the performance, supportability and stability of your farm.

Get a free Code Quality Summary Report

If you don’t own a license SPCAF creates a free summary report (HTML) that highlights the found issues and their categories and summarizes the code metrics.


SPCAF Summary Report

Integrate the Analysis into your Solution Deployment Process

SPSDIf you already use PowerShell to deploy solutions and apps to SharePoint, for example with the help of our free SharePoint Solution Deployer (SPSD) script, then you can easily integrate the SPCAF analysis into your deployment process:

Run the analysis right before the customizations are deployed to SharePoint and stop the deployment if critical issues have been identified. This ensures a better code quality of your deployed solutions and apps and improves stability, performance and security of your SharePoint environment.

How to use SPCAF PowerShell

Using SPCAF PowerShell is very straight forward. After importing the SPCAF.PowerShell.dll module you can invoke an analysis for a single solution or app or for a complete folder.
You can pass your custom ruleset configuration to adjust which rules are checked as well as define the output formats and the report location and name.


To make your life easier the download already includes two sample scripts to show you how to

1. AnalyzeSolutionsLocally.ps1

 2. LoadAndAnalyzeSolutionsFromSharePoint.ps1

If you like to download additionally apps and sandboxed solutions from your farm for the analysis, then check out my blog on how to extract all customizations from your farm in which you will find the required PowerShell script.

Command Line Parameters

SPCAF PowerShell comes with a range of parameters that allow you to configure the analysis to your needs.

Parameter   Value   Mandatory   Description  
InputFiles String Array Yes List of input files or directory for the analysis. Support formats: .wsp, .app, .dll, .exe, .zip.
LicenseFiles String Array No Optional path to SPCAF license files. If no license file is given only the free feature are activated.
SettingsFile String No Optional name or path to the settings files (.spruleset) which defines the analyzers for the analysis.
Reports String Array No List of report formats which should be generated during the analysis. Possible values: HTML, PDF, DOCX, XML, CSV, DGML.
OutputFile String No Optional path the output file. The reports will be written to the same location as the output file in the various formats.
Verbosity String No Optional level for verbosity to limit the detail level for log messages. Valid values are: quiet, minimal, normal, Default
TempDirectory String No Optional path to the temp folder.
SkipProjectCreation Boolean No Optional Boolean. Default FALSE. If TRUE no project (.spcaf) file is created as output of the analysis.
TimeOut Integer No Optional seconds after the analysis should be cancelled automatically.


Apart from generating the detailled reports, SPCAF PowerShell outputs the number of issues to the console and provides the gathered information to the PowerShell pipe for further processing eg. to cancel the deployment.

Note: The number of issues is also available when running SPCAF PowerShell without a license making it easy to integrate in in every deployment process.

Sample Output:

Try it now!

You can download the SPCAF PowerShell CmdLet from the TechNet Galleries

Download the SPCAF PowerShell CmdLet


We would be very happy to hear your feedback about how you are using SPCAF PowerShell, so please tell us your experiences and feature requests either in the comments below or by mailing us to feedback@spcaf.com.

Thank you!

5 things to remember when migrating to Office 365

office365Many companies are thinking about moving to the Cloud, and this includes SharePoint clients. Microsoft is pushing the advantages of Office 365 to its customers, and many are finding its wealth of features offer a good argument to either move away from existing ‘On Premises’ solutions entirely or set up a hybrid environment which leverages both the benefits from the cloud and on-prem.

There are several advantages in using Cloud systems – including flexibility of functionality, lower start up and ongoing costs, and ease of maintenance. Yet migrating to the Cloud is not always easy, especially when it comes to SharePoint. Many companies still have legacy SharePoint systems which include customizations and lots of content. Not all of these customizations will work in the Cloud, and content migration requires a good deal of proper planning and thought.

Moving to the Cloud can be complex

Migration projects are inherently difficult, and they shouldn’t be undertaken lightly. To test if your organisation or company is ready here are five questions that you should be able to answer positively before attempting an Office 365 migration.

1. Have you audited the current system?

An audit of your current implementation consists of two things:

  • Audit your content: Which content is still valid and which needs to be migrated? Take this chance to delete or archive content that is no longer required in the new system.
  • Audit functionality: Which custom functionality in the existing SharePoint system needs to be migrated? Look at all the options – like farm solutions, custom site templates built using the browser, custom workflows in SharePoint Designer, etc. Office 365 offers new functionality that can often replace custom functionality altogether. Your system will be all the better for using Office 365 native functions as much as it can.

2. Have you audited custom code?

Over the years, it is likely that a lot of custom code has been deployed to your SharePoint farm. If your system has been running for a while you might not even be aware of which customizations are running and even who built them.

It is important to realise that not all customizations can be migrated to Office 365. For example, full trust farm solutions are not supported. Even more you might realize that some of your customizations might not be required anymore or the underlying business need has changed. Thus a re-design might be necessary anyway.

Analysing your customizations manually is extremely time-consuming. Try our our free SPCAF Migration Assessment tool. It generates detailed report about customizations in your farm in a couple of seconds, helps you to understand what they currently do and guides you to migrate them to the app model!

3. Have you thought properly about content migration?

When you know which content you want to migrate, you have to answer the question: How are you going to migrate that content?

Office 365 offers the Explorer View, which allows you to open a SharePoint library in Windows Explorer. This is suitable for small migrations, but lacks certain key functionality like migrating metadata and incremental migrations.

3rd party options like Sharegate and a number of other products help you to migrate your content to Office 365 much easier.

4. Have you thought about long term maintenance of the new solution?

The implementation of the new solution in Office 365 is a good moment to not only think about the migration, but also about the future:

  • How is content going to be maintained? Will there be a dedicated Intranet Manager or team in place to manage things?
  • How are customizations to be maintained? Even though in Office 365 there is no longer a farm to maintain, customizations need to be monitored and maintained. SPCAF can analyze custom apps and sandboxed solutions deployed to your Office 365 and provide detailed reports about maintainability, code quality, and dependencies.

5. Have you talked to your users?

The most important people in a migration project are the users of the SharePoint system.

By organising workshops with key users, their thoughts about the current and the new solution can be fully understood. Current functionality and content can be discussed and the advantages of new functionality in Office 365 can be demonstrated.

This way users will feel engaged, which helps to increase the popularity of the new implementation. It is generally a good idea to keep everyone in your organisation in the loop as much as possible. Not only by sending emails, but also by organising presentations, demos, workshops, etc. People are key to a good migration.

Preparation is key

A migration project can be complex and requires proper preparation. When a migration is not prepared well, it will most likely fail. Analyze your content and customizations thoroughly, inform and discuss the migration with your users, and develop a migration strategy. Don’t forget to update your users regularly. People in general don’t like changes, so by informing them in advance of change they feel more engaged.

Our own SPCAF can be used to understand and analyze any customizations in the ‘On Premises’ SharePoint environment, as well as migrate and maintain them in Office 365.