I am on the road again! Watch out!

One of the advantages of being your own boss is, that you can mostly decide yourself what to do with your time. Even better if it is also for the benefit of your company.

For those who know me personally probably know that I just love to speak! (and talk, but that is a different story ;))

So this first half year of 2015 I am stepping up my game!

As it would become quite boring on my blog if I announce every single one of my speaking engagements in a separate post, I am summarizing here where you will be able to hear and meet me in the next couple of months.

It started already this year with organizing and speaking at SharePoint Saturday Stockholm on 14th of February. If you like you can read my little recap here and take a look at some pictures on our Flickr account.

15933637123_fb2b79f14a_z On stage with fellow co-organizer Erwin van Hunen at SPS Stockholm 2015

Next up was basta.net in Darmstadt, Germany two weeks ago where I gave two sessions. Basta is a pure .NET developer conference with a single SharePoint track. It was very interesting to meet and talk to people who are usually not attending SharePoint-only events and aren’t so deep into it to hear about the challenges they are facing. For example the app model is still a fantasy from the far future for many as some of them still run SharePoint 2007… Not kidding! They also still run Office2003 and just started to upgrade Windows XP to Windows7. Amazing, isn’t it?

Today I am on my way to Erding (close to Munich, Germany), where I am having crazy three sessions in two days at the “SharePoint konferenz” before I will fly to Finland for the weekend to the inaugural SharePoint Saturday Helsinki.

April will be even more fun. I have the pleasure to hold the keynote at the Metalogix roadshow “SharePoint & Office365 Roadmap to the Cloud” in Cologne, Germany on April 16th directly followed by speaking at SharePoint Saturday Antwerp in Belgium on April 18th, before I head to London to probably the best SharePoint conference on the planet I know of: The SharePoint Evolution Conference happening from April 20th – 23nd! Unfortunately I am not speaking there, so this will be the only event so far, that I am just attending. But this will be also a lot of fun! :)

May is going to be a little bit more relaxed, again with speaking the keynote at the Metalogix roadshow on May 21st, this time in Copenhagen followed by the inaugural SharePoint Saturday Paris on 30th of May.

Less than two weeks after I am going to have a session at the ShareConf in Düsseldorf, Germany on June 8th – 11th.

That’s about it for now. We will see what else comes along.
If you happen to be around at one of those events then I am looking forward to meet you!

I want to thank all the event organizers who still not seem to be fed up by me and last but not least my wonderful and understanding family who let me go on such a tour!

See you around!

SharePoint Online Client Object Model and PowerShell: Three tips

PowerShellOver the years, SharePoint has evolved a lot and the powerful tool we know today has undergone some serious developments. SharePoint developers working on configuration of the platform for specific needs have seen solutions to their design needs improve too. However, it’s not always clear exactly which to use and when, so this post will look at some of the solutions out there and explore how they can be implemented.

A gradual evolution

Back in SharePoint 2003 the only way to change all SharePoint configuration options was using the command-line tool “stsadm”. It came with the inherent drawback that it did not support object oriented programming, the options were quite limited and it only worked when run from the SharePoint server itself.

The server side object model to configure the farm was introduced in SharePoint 2007, but PowerShell integration was quite limited. Furthermore, the server side object model still required the code to be run on the SharePoint servers.

This changed in SharePoint 2010 with the introduction of the client side object model. Using this new model it is possible to run code against the SharePoint object model straight from the client. Under water the code was transformed into web service calls, but from the developer’s point of view he could write code similar to server side code.

When SharePoint Online / Office 365 was released, only a small subset of the server side object model was available in the client object model (as Chris O’Brien described in his article 774 vs 30 Cmdlets). Over time Microsoft has fixed this and added a lot of new functions to the client API’s, and now it is a good replacement for the server side object model.

As useful as these updates are, it can be somewhat difficult to understand how they all work. To clear this up, we’ll be looking at three top tips for using the SharePoint Online client object model with PowerShell.

1. TechNet: Start here when you are looking for documentation

The most experienced SharePoint developers will remember the days when there was absolutely no official documentation on the SharePoint 2007 Object Model. Things are very different now: Microsoft has released a lot of documentation about their API’s, including a dedicated area on TechNet about Windows PowerShell for SharePoint Online. It is a great starting point to read about this topic, and it includes the entire list of available cmdlets.

Of course you can also just use the built in help and intellisense of the PowerShell ISE to explore all the available cmdlets after you have set up your environment.

Another great starting point to turn to when looking for documentation is the Office Dev Center. It provides links to tutorials, training videos, upcoming events, code samples and so on. The link to the Office 365 roadmap is also promoted on the front page – have a look there to see upcoming changes for Office 365. Microsoft is implementing new changes very rapidly, so don’t let these new changes come as a surprise!

2. Office 365 Developer Patterns and Practices

OfficepnpAlthough many open source libraries are available on the internet, there is only one that has the official blessing from Microsoft:The Office 365 Developer Patterns and Practices which I already talked about previously.

A popular example is branding. There is a lot of discussion about how to apply branding in Office 365, as custom master pages and page layouts are discouraged. The library contains many examples of how to apply custom branding without having to change master pages and/or page layouts.

A component worth a special mention: The OfficeDev PnP PowerShell Cmdlets authored by Erwin van Hunen. Erwin extended the existing SharePoint Online PowerShell cmdlets extensively to fill the gaps and ease the process of managing your SharePoint Online tenant through PowerShell with plenty of helper and provisioning cmdlets.

In general OfficeDev PnP helps to make sure that developers and administrators do the correct things and build reliable future proof solutions. On top, it also improves efficiency. Code examples enable developers to build solutions much faster without having to reinvent the wheel.

3. Blogs: A lot of people have solved problems you will encounter

Trust us, you will encounter problems when you start using the Client Object Model. You are not alone! For example, authentication with OAuth 2.0 can be quite complicated. Every implementation of OAuth 2.0 can be different as it has not quite been standardized yet. This blog post by Matthias Leibman gives a good overview of using OAuth 2.0 with the Office 365 API.

A lot of other blog posts have been written on common issues while using the Office 365 API. So let me give you a head start by pointing out some interesting reads: Soeren Nielsen, Chris O’Brien and Vadim Gremyachev are worth reading!

CSOM and PowerShell do not guarantee better Code Quality

Although all of this is great help, even with the greatest examples, libraries and advice things can go wrong. With the trend moving code of SharePoint and execute the tasks with CSOM the risk of bad code harming your SharePoint environment is not going away. It is just moving to a different place. Hence I am happy to share with you that SPCAF will soon also fully support the analysis of PowerShell client side object model code as well as .NET CSOM and JavaScript CSOM to assure your code quality no matter where you run your code.

Get Started Now

I hope all of this gives you enough confidence to start using PowerShell and the Client Object Model to write code against SharePoint Online. It can be a little intimidating at first, given the complexity of the work required. However, spare a thought for developers back in 2003 – in the beginning it was no fun at all with only a couple of cmdlets available. Nonetheless, we’ve seen things improve a lot since then and the tools available now really do make the work a lot easier. And, of course, the API is still evolving and new functionality is added regularly, so we expect that it will become better and better!

SPS Stockholm – Recap

Wow, what an experience!

SPSSTHLM_ValentinesBannerEvent if you ever had the chance to attend a SharePoint Saturday or a similar free community event,  you probably don’t know what it means to organize such an event for 300 people in your free time. So in this post I just want to give you a glimpse on what is involved if you ever play with the thought to do it yourself :)

SharePoint Saturday Stockholm 2015 on 14th of February in the Stockholm World Trade Center was the second run that Erwin van Hunen and I organized, and even though we thought we had done most of the required preparations already the first time and can just copy & paste the event, there was still a lot to prepare.

Sponsors, Speakers, Attendees

Organizing this event started about 8 months before and the first step (after fixing the date and venue) is always to find and convince the sponsors to fund the event. Luckily this was much easier this time due to the success of SPSSTHLM2014 and we got the first 5 sponsors signed up within the first week after we announced the event. Still, you have to chase up all your contacts regularly, come up with ideas that might make the event or a special sponsorship level more attractive and finally hope that you will get enough to sign up in order to make your budget. In my personal opinion, finding sponsors is probably the most nerve wrecking task in the entire organization process. You can make that easier if you find someone who provides their premises for the event e.g. Microsoft, but that often comes with the downside that you have to take care of the catering, insurance, security and cleanup yourself and that the location is maybe harder to reach for the attendees (which may result in more no-shows).

Next up is calling for and selecting the speakers and sessions. There are so many great, well-known speakers out there who are eager to come at their own expenses to the event (!), that getting sessions was no problem at all. Although unfortunately the Swedes seem not like to speak that much which meant at the end that we only had Wictor Wilén as the only real Swede speaking at the event. The tough part (and I didn’t envy Erwin for that) was to select the sessions for the 21 slots out of the 120 submissions. Erwin made a great job selecting mostly technical session because much like in 2014 about 65% of the attendees were developers, 20% IT-Pros and only 15% interested mainly in business topics.

When you have the sponsors, speakers and sessions in place then it is time to make some noise and get attendees. Last year our tickets were sold out in 2 hours and we heard from many people that they learned about the event the first time after all seats were already gone. Hence we decided this time to release the tickets in two batches to give the word some time to spread around in between. To be honest I am not entirely sure if this made any difference. Both batches were gone again each within 2 hours and we had still over 100 people on the waiting list on the event day.

What else needs to be done?

Here is an incomplete list: plan the catering, speakers dinner, agenda, sponsor perks, exhibition area layout, room equipment, attendee bags, SharePint, attendee registration, volunteer allocation, design signage, badges, raffle tickets, slide decks, communicate with sponsors, speakers, attendees, venue and much much more.

All of the time you always have to think of the budget, how many attendees you can allow, amount of no-shows to plan with (sadly this year we had about 17,5% with over 100 people on the waiting list), if you can have better/more/different food, coffee breaks, nicer speaker presents and so on.

Because of all these variables and the lack of experience, our first event in 2014 went unfortunately about 10% over budget. Our goal this time was to do better and cover for last years loss. I am glad to say that this mission was accomplished and thanks to our generous sponsors we were still able to make the event bigger this year (300 instead of 250 participants, 5 instead of 4 tracks, 25 instead of 20 speakers).

The Reward

Both Erwin and I knew very well what challenge we were up to and even though it requires a lot of work, it is also lot of fun. When you finally see what was accomplished and feel the appreciation from all the people who participated it is just a awesome.

So rest assured, we will do it again! (just don’t tell our wives :).

To stay informed, please signup on one of our 3 mailing lists for attendees, speakers and sponsors and follow us on twitter.

Thank you!

To finish of, I want to shout a big thank you to everyone involved:

  • The sponsors, for making all of this financially possible, providing awesome raffle prizes and being on-site to give the whole event a professional feeling :)
  • The speakers, for coming on their own expenses to Stockholm to share knowledge and expertise with the local community,
  • The volunteers, for helping to prepare the event the day before, registering the attendees and supporting speakers and attendees in the session rooms,
  • The venue staff, for being a big help, flexible and professional,
  • The attendees, for coming  to this great community event, on a Saturday!, on Valentine’s! and mingle with all others to share their experiences with SharePoint and the surrounding technologies and
  • Erwin, for holding out until the end with the annoying, perfectionist German that I am ;)

Last but not least, I just want to say: Hats off to anyone who takes up the challenge organizing a free community event!
If you need help, then just let me know and I share whatever I can.


All pictures of the event can be found on our Flickr account



Mastering Office 365 Development Patterns and Practices

The Microsoft of even just a few years ago was a very different beast. Few would have imagined Word on an Android tablet, or the open sourcing of the .NET framework. Yet the end of Steve Ballmer’s reign, and the incoming Satya Nadella, has seemingly given the company a real boost and a host of fresh ideas.

.NET Core is a great example of these changes, and something we have watched with real interest. By publishing the stack as an open source repository, a much wider audience can contribute to the software and help to improve it. The .NET Framework has grown and improved over the years a great deal, but closed source software is only maintained by a team of internal developers. .NET Core is now a community project, and will ultimately be all the better for it.

Another great development by Microsoft was the release of the Office App Model and Samples on Codeplex sometime around the SharePoint Conference 2014. The project was initially a rogue initiative without funding by a team of very bright people within the Office 365 customer adoption team (namely Vesa Juvonen and Steve Walker) who wanted to create a repository of re-usable code, pattern and practices to help SharePoint developers with the transition to the App model.

OfficepnpWe’ve seen this resource grow and improve, and whilst it did contain a host of useful code examples, there was room for improvement. Microsoft have listened to feedback and have transformed it into the Office 365 Developer Pattern and Practices (Office 365 DevPnP). Further, with the move from CodePlex to GitHub the doors were opened to find new enthusiastic contributors and the project has now grown to the most active on the OfficeDev GitHub account. Very active contributors like just recently my fellow swedish MVP and SPS Stockholm co-organizer Erwin van Hunen can even join the “Core Team” helping to shape this project in the future.

In case you worry that too many cooks spoil the broth then read this statement from Microsoft themselves:

You can rest assured that if there is a sample here, it has the blessing of the Office Developer Platform team as a supportable approach for your solutions”.

I recommend any serious SharePoint and Office365 developer to join the PnP team on the monthly community call. I guarantee you that listening to the call and learning about all the samples discussed will save you many times from reinventing a probably inferior wheel.

In the rest of this post I will briefly look on a few examples what Office DevPnP offers for developers.

Following best practice with ease

There have been a lot of changes over the last few years, and even months, when it comes to Office 365 development. For example, full trust solutions introduced in SharePoint 2007 are not longer supported in SharePoint Online. Also sandboxed solutions introduced in SharePoint 2010 have been deprecated – developers can still use them, but they are no longer recommended. Styling options have changed as well, with support being phased out for customizing master pages.

As a result it can be confusing for developers looking to create customizations for Office 365. That is where the Office 365 DevPnP comes into play. It contains examples for many common use cases, with each and everyone following current Microsoft best practices and guidelines. Faced with a challenge or problem, developers can look to the site for a solution or pattern – safe in the knowledge it is future proof.

A new way of branding

A good example of the new way of doing things in Office 365 is in the area of branding. During TechEd 2014 Steve and Vesa gave a presentation regarding development best practices in Office 365 and advised against custom master pages.

A custom master page is (or was) a highly customizable route that allowed for a range of styling options. In SharePoint 2007 and 2010 it was by far one of the most popular ways of changing the look and feel of SharePoint. So this announcement had quite a big impact, people were initially confused about how they should go about branding Office 365. This is where the Office 365 DevPnP comes in, containing as it does several examples of how to apply branding according to Microsoft’s best practices (Hint: use alternate CSS and logo or a custom theme and DO NOT customize the suite bar).

Provisioning Site Collections?

Provisioning Site Collections was another common task in previous versions of SharePoint, and was made more ‘difficult’ in Office 365. Many developers where confused. Without support for farm solutions, it was not clear how to do this easily with apps in Office 365. Again the Office 365 DevPnP comes to the rescue. The Office 365 DevPnP contains several examples on how Site Collections can be provisioned (Hint: use a provider hosted app or with remote event receivers).

A new look Microsoft

When Satya Nadella became the new CEO of Microsoft, a new era started. Microsoft moved their focus from closed software and a “Microsoft only” vision to releasing their software as open source and collaborating much more with other companies. The .NET framework, including the compiler, going open source is a great example of this. The Office 365 DevPnP is another.

Using this new and updated resource, developers for Office 365 can rely on an extensive set of examples showing how to develop their customizations. Along with other resources, like the Office Dev Center (featuring our own SPCAF), Microsoft is really on top of helping and guiding developers now and for that I congratulate them.

Join me in the coming weeks for my blog post series ‘Transforming SharePoint Customizations to the SharePoint App Model’. In it I will be looking at a range of guidance and advice, including tips from Microsoft and ways in which you can put SPCAF to work.

Custom Code: The Missing Piece of the SharePoint Governance Puzzle

Lots of companies have been running SharePoint systems for many years. Some have built up a lot of expertise, some even have dedicated support professionals and teams in place. Yet even for these very mature organizations, ‘governance’ can still be a bit of a mystery.

Any company running SharePoint needs to think governance, and what it means to them. According to Microsoft the definition of governance is:

“Governance is the set of policies, roles, responsibilities, and processes that control how an organization’s business divisions and IT teams work together to achieve its goals. “

Failing to think about these things means a SharePoint portal can become disorganized, users can get confused, people don’t know where to go with questions, and there is no clear plan around the future direction of the system.

Whilst many companies struggle with governance, the SharePoint community is particularly good at trying to help. Besides a lot of good articles on Microsoft TechNet, many posts have been written about governance in SharePoint projects for example

Codeplex even hosts a SharePoint Governance tool by Bill Baer, Senior Technical Product Manager at Microsoft, to make the process easier (please note it is currently in alpha status).

However, all these articles are usually focussing only on IT Management and Information Management Governance. One topic that is nearly always missed in any governance conversation is that of Application Management & Governance of the custom code.

Microsoft explains the application management for custom solutions in it’s governance poster (PDF) and TechNet article for SharePoint 2013.


But what are the controls and processes in place around customizations?
Let us look into this area in a bit more detail.

No, I don’t know who wrote that code, but it seems to be working!

Without proper governance in this area, it can become unclear who wrote customizations, what exactly each one is doing, and what the dependencies are to keep them working. People come and go, requirements change, and without proper governance it can become impossible to understand the status or impact on your farm. If something goes wrong it could feasibly cost the company time and money, so something needs to be done.

As we have discussed previously substandard customizations can have a negative impact on a SharePoint environment, both on-premises or cloud hosted:

  • Performance:
    Farm solutions can have a negative performance impact on the entire SharePoint farm, so not only on the web application they were deployed to. E.g. a malfunctioning timer job can block other timer jobs.
    In the brave new app world bad performance is usually exposed on the users side and often caused by unnecessary requests to the servers and inefficient JavaScript code (I highly recommend to read the SharePoint JavaScript Context Development blog series of my colleague Hugh Wood to learn more about coding JavaScript the right way for SharePoint). As you can imagine bad performance can not only cause problems in the infrastructure but also a lot of frustration for the end-users and eventually it slows down or prevents the adoption of SharePoint as a business platform.
  • Security:
    As the name “Full trust farm solutions” suggests, they have almost unlimited access to the SharePoint farm. Code can run under the web application pool account and timer job code runs under the timer service account (in most scenarios the farm account). Therefore it’s really important to check every full trust farm solution before trusting it, especially with 3rd party add-ins.
    But also the new app model poses an entirely new security risk, now that a lot of code is running on the client side in a maybe uncontrolled environment. The risks of XSS (cross site scripting), SQL injections or other security vulnerabilities have been there before of course. But now when running more and more code in a shared environment hosted in the cloud like in SharePoint Online/Office365, suddenly these security gaps are exposed to the public making it easier for perpetrators to gain access or even modify your data.
  • Dependencies and stability:
    Farm solutions and apps depend on many other components, which may have an impact on stability (e.g. 3rd party assemblies or JavaScript libraries, resources etc.). The dependencies may not be clear from the documentation and are often only visible by trial and error.

So an important part of any governance strategy is to understand what customizations you have, what they do, and exactly how they have been implemented.

How can we write good SharePoint code?

Quite a while ago (in 2009) Microsoft has published 10 best practices for SharePoint farm solutions. Even though the blog focuses on SharePoint 2007, many of it is still valid for farm solutions in SharePoint 2010 and 2013.

The problem with such and similar guidance on blogs is that a lot of it became obsolete with the shift to SharePoint Online but also the requirement to prepare your code already now for future updates and migration if you are still developing for SharePoint on-premises. Even worse, the thousands of SharePoint developer focused blogs and forums on the internet are full of false or at least questionable guidance and code solutions. Sadly many developers tend to just copy & paste code snippets of a solution without even giving it a thought or thorough investigation if this piece of code should be really used. This might minimize the costs and time to finish their projects, but in the end the customer will pay the bill when realizing that poor code caused high maintenance and operational costs, or needs to be re-implement entirely when upgrading to a new SharePoint version.

Here are a three examples that might make you reconsider your current practices and show pretty clear how hard it is to get the right up-to-date guidance what to do and what to avoid:

  1. Use WebTemplates instead of Site Templates when creating custom templates.
    While this is per se true for full trust code, the recommendation nowadays is to avoid as much declarative code as possible, including List definitions, Content Type definitions, Site Column definitions, List Instance definitions. These are only partly available in SP Online (e.g. through Sandboxed Solutions) and cause major maintenance problems when changes need to be applied. To see how to code these types of SharePoint artifacts with CSOM instead, I highly recommend you to take a look at the Microsoft Office Developer Patterns & Practices open source project on Github, which comes with plenty of samples and common usage scenarios.
  2. Never increase the throttling settings above recommended settings, even if it seems to cause no obvious issues
    This advice is more relevant than ever! Not only should you not do increase the throttling on-premises, you just can’t do this in the cloud. So it is wise to just plan your application architecture accordingly so that you don’t run into the risk of hitting the limit. This could mean for example using a custom database in a provider hosted app instead of SharePoint lists.
  3. Run SPDisposeCheck regularly to check for memory leaks
    Checking for memory leaks in full-trust SharePoint code is very important to avoid unexpected behavior of the solution or crashes of IIS. Unfortunately the guidance to use SPDisposeCheck is extremely misleading! SPDisposeCheck had its last release for SharePoint 2010 in 2010. At this time SharePoint was still running on the .NET Framework 2.0 and hence SPDisposeCheck was build on the same framework. But with SharePoint 2013 the framework version got update and suddenly SPDisposeCheck cannot analyze the assemblies anymore! Even worse, it is not warning the user, but rather give you a false sense of security by not reporting any issue at all! That is why Microsoft finally removed the download of SPDisposeCheck, but there are of course many places on the web to get it anyway.

Just these examples show you already how hard and complicated it is to make sure your SharePoint Code is of high quality, secure, performant, upgradeable/future-proof and follows best practices. Even harder is to govern this code when it is running and used in your production environment or needs to be migrated to a new SharePoint version.

For this reason we have created the SharePoint Code Analysis Framework (SPCAF) that helps you to analyze all the server side (SSOM), client side (CSOM), JavaScript (JSOM) and all declarative (XML, HTML, CSS, ASPX) code of SharePoint solutions (.wsp), apps (.app), executables (.exe) and assemblies (.dll). It allows you to choose between pre-configured or your customized rulesets for different target SharePoint versions and development models, detects code issues, memory leaks, security risks etc. and generates reports on dependencies, calculates metrics, documents the application and analyzes the ability to upgrade a farm solution to the app model.

Don’t forget custom code in your governance strategy

Governance is essential for a successful SharePoint implementation. While most governance strategies focus on business processes, rules, audits, and strategies, custom code is nearly always forgotten. By following the best practices above, and using automatic tooling, custom code can be made part of the governance strategy.

Companies can go even further and record individual features and customizations, the business requirements behind them, a version history of changes, and even the author’s names as part of formal SharePoint governance documentation.

Governance, around custom code or more business-focused areas of SharePoint, can be hard to implement at first and difficult to keep going in the long term. But you will certainly be glad you put the effort in when the day comes to update or rework the system.

Find about more about how SharePoint Code Analysis Framework (SPCAF) can help as part of your governance plan.